Mailing List Archive

Exim grammar help needed
To the maintainers:

Help needed with a small grammar explanation.

At the moment I am interested in (at long last) making my exim.conf
somewhat aware of SPF/DKIM/DMARC in some regard, which has led me to
perusal of Chapter 58 of the exim 4.94 spec.

Coming from a world of Context-Free Grammars in general, and Backus_Naur
in particular, I frequently find myself bewildered by exim's---shall we
say---"interesting" configuration grammar. Nevertheless, I usually
manage after an exhaustive search of the latest version of the exim spec
to make sense of any constructs I come across in examples.

However, the DMARC example of 58.5 contains a construct that has me
totally stumped:

warn !domains = +screwed_up_dmarc_records

In an exhaustive search of the PDF version of the spec, I found exactly
98 occurrences of the symbol "!". Exactly one of those 98 instances (the
line quoted above) contains "!domains". None of the other 97 instances
appear to satisfactorily explain how to interpret the construct in
question.

Presumably the left side of the "=" is negated in some manner, but that
is about as much as I think I understand. The right side looks
sufficiently close (linguistically speaking) to "foobar" that I think I
have some glimmer of understanding of that. But, maybe not.

A pointer to the specific section of the spec that explains the concept
I am missing would be sufficient.

Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim grammar help needed [ In reply to ]
On 2020-07-16, Phillip Carroll via Exim-users <exim-users@exim.org> wrote:
> However, the DMARC example of 58.5 contains a construct that has me
> totally stumped:
>
> warn !domains = +screwed_up_dmarc_records
>
> In an exhaustive search of the PDF version of the spec, I found exactly
> 98 occurrences of the symbol "!". Exactly one of those 98 instances (the
> line quoted above) contains "!domains". None of the other 97 instances
> appear to satisfactorily explain how to interpret the construct in
> question.
>
> Presumably the left side of the "=" is negated in some manner, but that
> is about as much as I think I understand. The right side looks
> sufficiently close (linguistically speaking) to "foobar" that I think I
> have some glimmer of understanding of that. But, maybe not.

It means warn !( domains = +screwed_up_dmarc_records)

The meaning of ! is explained in the first line of section 44.20 of
the spec.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim grammar help needed [ In reply to ]
I think this construct is explained/mentioned in several places in the
documentation. Section 20 of chapter 44 is one of them: "An exclamation
mark preceding a condition negates its result."

https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#SECTcondmodproc

You should read it as !(...)
(despite the counter-intuitive spacing)


And please allow me to bring to your attention this message I sent a
couple of days ago:
https://lists.exim.org/lurker/message/20200711.202132.cfd68318.en.html

It contains the configurations for SPF/DKIM/DMARC that I created for
Exim on CentOS 8.


On 7/16/20 2:25 AM, Phillip Carroll via Exim-users wrote:
> To the maintainers:
>
> Help needed with a small grammar explanation.
>
> At the moment I am interested in (at long last) making my exim.conf
> somewhat aware of SPF/DKIM/DMARC in some regard, which has led me to
> perusal of Chapter 58 of the exim 4.94 spec.
>
> Coming from a world of Context-Free Grammars in general, and Backus_Naur
> in particular, I frequently find myself bewildered by exim's---shall we
> say---"interesting" configuration grammar.  Nevertheless, I usually
> manage after an exhaustive search of the latest version of the exim spec
> to make sense of any constructs I come across in examples.
>
> However, the DMARC example of 58.5 contains a construct that has me
> totally stumped:
>
>    warn !domains = +screwed_up_dmarc_records
>
> In an exhaustive search of the PDF version of the spec, I found exactly
> 98 occurrences of the symbol "!". Exactly one of those 98 instances (the
> line quoted above) contains "!domains". None of the other 97 instances
> appear to satisfactorily explain how to interpret the construct in
> question.
>
> Presumably the left side of the "=" is negated in some manner, but that
> is about as much as I think I understand. The right side looks
> sufficiently close (linguistically speaking) to "foobar" that I think I
> have some glimmer of understanding of that.  But, maybe not.
>
> A pointer to the specific section of the spec that explains the concept
> I am missing would be sufficient.
>
> Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim grammar help needed [ In reply to ]
On 7/16/2020 12:05 AM, Julian Bradfield via Exim-users wrote:
>> However, the DMARC example of 58.5 contains a construct that has me
>> totally stumped:
>>
>> warn !domains = +screwed_up_dmarc_records
>>
>> ...
>> Presumably the left side of the "=" is negated in some manner, but that
>> is about as much as I think I understand. The right side looks
>> sufficiently close (linguistically speaking) to "foobar" that I think I
>> have some glimmer of understanding of that. But, maybe not.
> It means warn !( domains = +screwed_up_dmarc_records)
>
> The meaning of ! is explained in the first line of section 44.20 of
> the spec.

44.20 first line:
> An exclamation mark preceding a condition negates its result.

The remainder of 44.20 seems to me an obfuscatory masterpiece of
explanation of an ambiguous spec.

In any event, to understand the negation of "x" one must first
understand "X".

But, actually, my focus on "!domains = +some_meaningless_list" appears
to be an example of chasing a wild goose. My focus should have been on
the preceding "warn" verb.

As explained in 44.18:

> If log_message is not present, a warn verb just checks its conditions and obeys any “immediate”
> modi?ers (such as control, set, logwrite, add_header, and remove_header) that appear before
> the ?rst failing condition.

Therefore, per the spec:
> warn !domains = +screwed_up_dmarc_records
> control = dmarc_enable_forensic

Does precisely nothing because the control modifier appears AFTER the
failing "domains" condition. Which leaves one to wonder the intent of
the author.

Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim grammar help needed [ In reply to ]
Am 16.07.20 um 20:00 schrieb Phillip Carroll via Exim-users:
>
>
> 44.20 first line:
>> An exclamation mark preceding a condition negates its result.
>
> The remainder of 44.20 seems to me an obfuscatory masterpiece of
> explanation of an ambiguous spec.
>
> In any event, to understand the negation of "x" one must first
> understand "X".
>

the syntax of using ! as "invert" or a logical "not" is so common, i
don't have doubts that most people will get that
without reading the specs.

best regards,
Marius

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim grammar help needed [ In reply to ]
On 16/07/2020 19:00, Phillip Carroll via Exim-users wrote:
>>  warn !domains = +screwed_up_dmarc_records
>>  control = dmarc_enable_forensic
>
> Does precisely nothing because the control modifier appears AFTER the
> failing "domains" condition. Which leaves one to wonder the intent of
> the author.

It is a common idiom; it enables the forensic stuff only for
domains that are not listed in screwed_up_dmarc_records.

--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim grammar help needed [ In reply to ]
On 7/16/2020 11:56 AM, Jeremy Harris via Exim-users wrote:
> On 16/07/2020 19:00, Phillip Carroll via Exim-users wrote:
>>>  warn !domains = +screwed_up_dmarc_records
>>>  control = dmarc_enable_forensic
>>
>> Does precisely nothing because the control modifier appears AFTER the
>> failing "domains" condition. Which leaves one to wonder the intent of
>> the author.
>
> It is a common idiom; it enables the forensic stuff only for
> domains that are not listed in screwed_up_dmarc_records.
>

Thanks, Jeremy.

From your reply, I infer that "!domains = +x" means all domains NOT in
x. I couldn't find that definition.

So, if I wish to enable the forensic stuff for domains with screwed up
dmarc, I must populate "screwed_up_dmarc_records" (in this example) with
all domains that are NOT screwed up?

It would seem the most practical right side of the condition for that
control would be either the empty list or +local_domains. Or do I still
not understand?

Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim grammar help needed [ In reply to ]
On 16/07/2020 21:19, Phillip Carroll via Exim-users wrote:
>> It is a common idiom; it enables the forensic stuff only for
>> domains that are not listed in screwed_up_dmarc_records.

> From your reply, I infer that "!domains = +x" means all domains NOT in
> x.  I couldn't find that definition.
>

ACL chapter, section 20:
"An exclamation mark preceding a condition negates its result".

The "condition" referred to for this case is "domains = +x",
which compares the recipient domain with a list - in this case
a named list called "x". It is defined in section 26 of that
chapter:

domains = <domain list>
This condition is relevant only after a RCPT command. It checks that
the domain of the recipient address is in the domain list.


By inference, this check is returning a truth value which controls
the operation of the ACL verb. In this case you are using a "warn";
it only acts if all its conditions are true. Conditions and
modifiers on the verb are tested and acted-on in the order written,
and *NOTE* conditions are early-out. Therefore, in this case,
the condition controls whether the modifier (the control=) gets
performed.



Lists in general are described in chapter 10, named-lists in section
6 of it and domain lists in section 9.



> So, if I wish to enable the forensic stuff for domains with screwed up
> dmarc, I must populate "screwed_up_dmarc_records" (in this example) with
> all domains that are NOT screwed up?

The intent of the example is to avoid the screwed up domains. Because
they are screwed up. When you know one is borked, you sigh and manually
add it to the list.

If you don't have such a list and don't care to build one, just miss
the condition off the verb, assuming you want this forensics stuff at
all.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/