X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/2f615d84ed88d0ce0265fba4ad545fb0517f36f6..726712425e693e7e15360769456536cfb87dd485:/docbook/4.72/spec.xml diff --git a/docbook/4.72/spec.xml b/docbook/4.72/spec.xml index ae5af4e..c77b228 100644 --- a/docbook/4.72/spec.xml +++ b/docbook/4.72/spec.xml @@ -2565,12 +2565,6 @@ given in chapter . USE_TCP_WRAPPERS - -TCP_WRAPPERS_DAEMON_NAME - - -tcp_wrappers_daemon_name - Exim can be linked with the tcpwrappers library in order to check incoming SMTP calls using the tcpwrappers control files. This may be a convenient alternative to Exim’s own checking facilities for installations that are @@ -2587,8 +2581,8 @@ CFLAGS=-O -I/usr/local/include EXTRALIBS_EXIM=-L/usr/local/lib -lwrap -in Local/Makefile. The daemon name to use in the tcpwrappers control -files is exim. For example, the line +in Local/Makefile. The name to use in the tcpwrappers control files is +exim. For example, the line exim : LOCAL 192.168.1. .friendly.domain.example @@ -2596,10 +2590,7 @@ exim : LOCAL 192.168.1. .friendly.domain.example in your /etc/hosts.allow file allows connections from the local host, from the subnet 192.168.1.0/24, and from all hosts in friendly.domain.example. -All other connections are denied. The daemon name used by tcpwrappers -can be changed at build time by setting TCP_WRAPPERS_DAEMON_NAME in -in Local/Makefile, or by setting tcp_wrappers_daemon_name in the -configure file. Consult the tcpwrappers documentation for +All other connections are denied. Consult the tcpwrappers documentation for further details. @@ -3554,17 +3545,6 @@ no arguments. - - - - - - -This option is an alias for and causes version information to be -displayed. - - - <type> @@ -4551,39 +4531,6 @@ the listening daemon. - <filename> - - - - - - -testing -, - - -malware scan test - -This debugging option causes Exim to scan the given file, -using the malware scanning framework. The option of influences -this option, so if ’s value is dependent upon an expansion then -the expansion should have defaults which apply to this invocation. ACLs are -not invoked, so if references an ACL variable then that variable -will never be populated and will fail. - - -Exim will have changed working directory before resolving the filename, so -using fully qualified pathnames is advisable. Exim will be running as the Exim -user when it tries to open the file, rather than as the invoking user. -This option requires admin privileges. - - -The option will not be extended to be more generally useful, -there are better tools for file-scanning. This option exists to help -administrators verify their Exim and AV scanner configuration. - - - @@ -5583,7 +5530,7 @@ written to the standard output. This option can be used only by an admin user. listing -message in RFC 2822 format +message in RFC 2922 format This option causes a copy of the complete message (header lines plus body) to be written to the standard output in RFC 2822 format. This option can be used @@ -14487,29 +14434,6 @@ random(). -${reverse_ip:<ipaddr>} - - - -expansion -IP address - -This operator reverses an IP address; for IPv4 addresses, the result is in -dotted-quad decimal form, while for IPv6 addreses the result is in -dotted-nibble hexadecimal form. In both cases, this is the "natural" form -for DNS. For example, - - -${reverse_ip:192.0.2.4} and ${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.3} - - -returns - - -4.2.0.192 and 3.0.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2 - - - ${rfc2047:<string>} @@ -14834,40 +14758,19 @@ zero. This condition turns a string holding a true or false representation into a boolean state. It parses true, false, yes and no (case-insensitively); also positive integer numbers map to true if non-zero, -false if zero. Leading and trailing whitespace is ignored. +false if zero. Leading whitespace is ignored. All other string values will result in expansion failure. When combined with ACL variables, this expansion condition will let you make decisions in one place and act on those decisions in another place. -For example: +For example, ${if bool{$acl_m_privileged_sender} ... -bool_lax {<string>} - - - -expansion -boolean parsing - - - expansion condition - -Like , this condition turns a string into a boolean state. But -where accepts a strict set of strings, uses the same -loose definition that the Router option uses. The empty string -and the values false, no and 0 map to false, all others map to -true. Leading and trailing whitespace is ignored. - - -Note that where bool{00} is false, bool_lax{00} is true. - - - crypteq {<string1>}{<string2>} @@ -19397,10 +19300,6 @@ listed in more than one group. ACL for DATA - -ACL for DKIM verification - - ACL for ETRN @@ -19583,10 +19482,6 @@ listed in more than one group. use GnuTLS compatibility mode - -adjust OpenSSL compatibility options - - advertise TLS to these hosts @@ -21014,7 +20909,7 @@ It specifies which anti-virus scanner to use. The default value is: sophie:/var/run/sophie -If the value of starts with a dollar character, it is expanded +If the value of starts with dollar character, it is expanded before use. See section for further details. @@ -24432,15 +24327,6 @@ the generic transport option , which limits t message that an individual transport can process. -If you use a virus-scanner and set this option to to a value larger than the -maximum size that your virus-scanner is configured to support, you may get -failures triggered by large mails. The right size to configure for the -virus-scanner depends upon what data is passed and the options in use but it’s -probably safest to just set it to a little larger than this value. Eg, with a -default Exim message size of 50M and a default ClamAV StreamMaxLength of 10M, -some problems may result. - - @@ -24584,63 +24470,6 @@ transport driver. - - - - - - - - - - - - -Use: main -Type: string list -Default: +dont_insert_empty_fragments - - - - - - -OpenSSL -compatibility - -This option allows an administrator to adjust the SSL options applied -by OpenSSL to connections. It is given as a space-separated list of items, -each one to be +added or -subtracted from the current value. The default -value is one option which happens to have been set historically. You can -remove all options with: - - -openssl_options = -all - - -This option is only available if Exim is built against OpenSSL. The values -available for this option vary according to the age of your OpenSSL install. -The all value controls a subset of flags which are available, typically -the bug workaround options. The SSL_CTX_set_options man page will -list the values known on your system and Exim should support all the -bug workaround options and many of the modifying options. The Exim -names lose the leading SSL_OP_ and are lower-cased. - - -Note that adjusting the options can have severe impact upon the security of -SSL as used by Exim. It is possible to disable safety checks and shoot -yourself in the foot in various unpleasant ways. This option should not be -adjusted lightly. An unrecognised item will be detected at by invoking Exim -with the flag. - - -An example: - - -openssl_options = -all +microsoft_big_sslv3_buffer - - - @@ -29083,10 +28912,6 @@ If the result is any other value, the router is run (as this is the last precondition to be evaluated, all the other preconditions must be true). -This option is unique in that multiple options may be present. -All options must succeed. - - The option provides a means of applying custom conditions to the running of routers. Note that in the case of a simple conditional expansion, the default expansion values are exactly what is wanted. For example: @@ -29101,14 +28926,6 @@ Because of the default behaviour of the string expansion, this is equivalent to condition = ${if >{$message_age}{600}{true}{}} -A multiple condition example, which succeeds: - - -condition = ${if >{$message_age}{600}} -condition = ${if !eq{${lc:$local_part}}{postmaster}} -condition = foobar - - If the expansion fails (other than forced failure) delivery is deferred. Some of the other precondition options are common special cases that could in fact be specified using . @@ -40970,37 +40787,6 @@ apply to a command specified as a transport filter. - - - - - - - - - - - - -Use: pipe -Type: boolean -Default: false - - - - - -Normally Exim inhibits core-dumps during delivery. If you have a need to get -a core-dump of a pipe command, enable this command. This enables core-dumps -during delivery and affects both the Exim binary and the pipe command run. -It is recommended that this option remain off unless and until you have a need -for it and that this only be enabled when needed, as the risk of excessive -resource consumption can be quite high. Note also that Exim is typically -installed as a setuid binary and most operating systems will inhibit coredumps -of these by default, so further OS-specific action may be required. - - - @@ -49133,33 +48919,6 @@ is what is wanted for subsequent tests. -control = debug/<options> - - - -access control lists (ACLs) -enabling debug logging - - -debugging -enabling from an ACL - -This control turns on debug logging, almost as though Exim had been invoked -with -d, with the output going to a new logfile, by default called -debuglog. The filename can be adjusted with the tag option, which -may access any variables already defined. The logging may be adjusted with -the opts option, which takes the same values as the -d command-line -option. Some examples (which depend on variables that don’t exist in all -contexts): - - - control = debug - control = debug/tag=.$sender_host_address - control = debug/opts=+expand+acl - control = debug/tag=.$message_exim_id/opts=+expand - - - control = enforce_sync control = no_enforce_sync @@ -52341,7 +52100,7 @@ If you do not set , it defaults to av_scanner = sophie:/var/run/sophie -If the value of starts with a dollar character, it is expanded +If the value of starts with dollar character, it is expanded before use. The following scanner types are supported in this release: @@ -52379,17 +52138,9 @@ number, and a port, separated by space, as in the second of these examples: av_scanner = clamd:/opt/clamd/socket -av_scanner = clamd:192.0.2.3 1234 -av_scanner = clamd:192.0.2.3 1234:local +av_scanner = clamd:192.168.2.100 1234 -If the value of av_scanner points to a UNIX socket file or contains the local -keyword, then the ClamAV interface will pass a filename containing the data -to be scanned, which will should normally result in less I/O happening and be -more efficient. Normally in the TCP case, the data is streamed to ClamAV as -Exim does not assume that there is a common filesystem with the remote host. -There is an option WITH_OLD_CLAMAV_STREAM in src/EDITME available, should -you be running a version of ClamAV prior to 0.95. If the option is unset, the default is /tmp/clamd. Thanks to David Saez for contributing the code for this scanner. @@ -52611,10 +52362,6 @@ use the condition (see section @@ -52777,8 +52524,9 @@ it always return true by appending :true to th returned variables When the condition is run, it sets up a number of expansion -variables. These variables are saved with the received message, thus they are -available for use at delivery time. +variables. With the exception of $spam_score_int, these are usable only +within ACLs; their values are not retained with the message and so cannot be +used at delivery time. @@ -52796,7 +52544,11 @@ for inclusion in log or reject messages. The spam score of the message, multiplied by ten, as an integer value. For example 34 or 305. It may appear to disagree with $spam_score because $spam_score is rounded and $spam_score_int is truncated. -The integer value is useful for numeric comparisons in conditions. +The integer value is useful for numeric comparisons in +conditions. This variable is special; its value is saved with the message, and +written to Exim’s spool file. This means that it can be used during the whole +life of the message on your Exim system, in particular, in routers or +transports during the later delivery phase. @@ -61915,7 +61667,7 @@ It can co-exist with all other Exim features, including transport filters. Verify signatures in incoming messages: This is implemented by an additional ACL (acl_smtp_dkim), which can be called several times per message, with -different signature contexts. +different signature context. @@ -61974,7 +61726,7 @@ These options take (expandable) strings as arguments. -MANDATORY: +MANDATORY The domain you want to sign with. The result of this expanded option is put into the expansion variable. @@ -62000,7 +61752,7 @@ option is put into the expansion variable. -MANDATORY: +MANDATORY This sets the key selector string. You can use the expansion variable to look up a matching selector. The result is put in the expansion variable which should be used in the @@ -62028,7 +61780,7 @@ option along with . -MANDATORY: +MANDATORY This sets the private key to use. You can use the and expansion variables to determine the private key to use. The result can either @@ -62075,7 +61827,7 @@ is set. -OPTIONAL: +OPTIONAL This option sets the canonicalization method used when signing a message. The DKIM RFC currently supports two methods: "simple" and "relaxed". The option defaults to "relaxed" when unset. Note: the current implementation @@ -62103,7 +61855,7 @@ only supports using the same canonicalization method for both headers and body. -OPTIONAL: +OPTIONAL This option defines how Exim behaves when signing a message that should be signed fails for some reason. When the expansion evaluates to either "1" or "true", Exim will defer. Otherwise Exim will send the message @@ -62132,7 +61884,7 @@ variables here. -OPTIONAL: +OPTIONAL When set, this option must expand to (or be specified as) a colon-separated list of header names. Headers with these names will be included in the message signature. When unspecified, the header names recommended in RFC4871 will be @@ -62167,8 +61919,8 @@ more advanced policies. For that reason, the global option The global option can be set to a colon-separated list of DKIM domains or identities for which the ACL is called. It is expanded when the message has been received. At this point, -the expansion variable already contains a colon-separated -list of signer domains and identities for the message. When +the expansion variable already contains a colon- +separated list of signer domains and identities for the message. When is not specified in the main configuration, it defaults as: @@ -62186,7 +61938,7 @@ dkim_verify_signers = paypal.com:ebay.com:$dkim_signers This would result in always being called for "paypal.com" and "ebay.com", plus all domains and identities that have signatures in the message. -You can also be more creative in constructing your policy. For example: +You can also be more creative in constructing your policy. Example: dkim_verify_signers = $sender_address_domain:$dkim_signers @@ -62204,7 +61956,7 @@ available (from most to least important): -The signer that is being evaluated in this ACL run. This can be a domain or +The signer that is being evaluated in this ACL run. This can be domain or an identity. This is one of the list items from the expanded main option (see above). @@ -62300,7 +62052,7 @@ identity (as reflected by ). -The key record selector string. +The key record selector string @@ -62400,7 +62152,7 @@ in the key record. -Notes from the key record (tag n=). +Notes from the key record (tag n=) @@ -62415,7 +62167,7 @@ In addition, two ACL conditions are provided: ACL condition that checks a colon-separated list of domains or identities for a match against the domain or identity that the ACL is currently verifying (reflected by ). This is typically used to restrict an ACL -verb to a group of domains or identities. For example: +verb to a group of domains or identities, like: # Warn when message apparently from GMail has no signature at all