Daniel L. Miller wrote:
> Timo Sirainen wrote:
>> On Mon, 2009-08-10 at 12:09 -0700, Daniel L. Miller wrote:
>>> If at all possible, I would much rather see an error thrown than
>>> choosing which one to accept.  To me, having Dovecot tolerate broken
>>> configurations is less desirable than giving clear feedback for the
>>> user to fix it.  Anything from:
>>> "foo" is defined more than once
>>> overlapping ip declarations
>>> "remote_ip" declaration in protocol "imap" conflicts with "remote_ip"
>>> declaration in protocol "all"
>> It's not necessarily a broken configuration. For example you could have:
>> disable_plaintext_auth = yes # default also
>> remote_ip {
>>   # allow plaintext auth from intranet
>>   disable_plaintext_auth = no
>> }
>> That's an ok configuration, right? But then again, maybe one of those
>> IPs is a proxy to outside world and you don't want plaintext auth from
>> there:
>> remote_ip {
>>   disable_plaintext_auth = yes
>> }
>> But I guess if there truly are some conflicts it could warn about
>> them .. although that might be more work than it's worth. :)
> Well - if those are not broken configs, then I guess I misunderstood the
> question.  I would expect the most restrictive test to govern, so:
> remote_ip {
>  # allow plaintext auth from intranet
>  disable_plaintext_auth = no
> }
> remote_ip {
>  # allow plaintext auth from intranet
>  disable_plaintext_auth = yes
> }
> remote_ip {
>  # allow plaintext auth from intranet
>  disable_plaintext_auth = no
> }
> connecting from should result in disable_plaintext_auth = no.

I agree - however, it makes the config harder to read, and you pretty
much need something like "dovecotctl -acl -dump" or an equivalent to
netstat -r or iptables -L to display them in the correct order if the
ruleset becomes complex. By using a first-match wins syntax, you make
the actual config file much simpler to read, as it maps to the running

kind regards,


Felix Schüren
Head of Network

Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller

(*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend

Reply via email to