waiting for it by the time it recovers, and sending them in a single SMTP
connection is clearly beneficial. Whenever a delivery to a remote host is
deferred,
-
.cindex "hints database"
Exim makes a note in its hints database, and whenever a successful
SMTP delivery has happened, it looks to see if any other messages are waiting
+.section "Dynamically loaded lookup module support" "SECTdynamicmodules"
+.cindex "lookup modules"
+.cindex "dynamic modules"
+.cindex ".so building"
+On some platforms, Exim supports not compiling all lookup types directly into
+the main binary, instead putting some into external modules which can be loaded
+on demand.
+This permits packagers to build Exim with support for lookups with extensive
+library dependencies without requiring all users to install all of those
+dependencies.
+Most, but not all, lookup types can be built this way.
+
+Set &`LOOKUP_MODULE_DIR`& to the directory into which the modules will be
+installed; Exim will only load modules from that directory, as a security
+measure. You will need to set &`CFLAGS_DYNAMIC`& if not already defined
+for your OS; see &_OS/Makefile-Linux_& for an example.
+Some other requirements for adjusting &`EXTRALIBS`& may also be necessary,
+see &_src/EDITME_& for details.
+
+Then, for each module to be loaded dynamically, define the relevant
+&`LOOKUP_`&<&'lookup_type'&> flags to have the value "2" instead of "yes".
+For example, this will build in lsearch but load sqlite and mysql support
+on demand:
+.code
+LOOKUP_LSEARCH=yes
+LOOKUP_SQLITE=2
+LOOKUP_MYSQL=2
+.endd
+
+
.section "The building process" "SECID29"
.cindex "build directory"
Once &_Local/Makefile_& (and &_Local/eximon.conf_&, if required) have been
directory containing certificate files. This does not work with GnuTLS; the
option must be set to the name of a single file if you are using GnuTLS.
+These certificates should be for the certificate authorities trusted, rather
+than the public cert of individual clients. With both OpenSSL and GnuTLS, if
+the value is a file then the certificates are sent by Exim as a server to
+connecting clients, defining the list of accepted certificate authorities.
+Thus the values defined should be considered public data. To avoid this,
+use OpenSSL with a directory.
+
.option tls_verify_hosts main "host list&!!" unset
.cindex "TLS" "client certificate verification"
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
- server_condition = ${if and{{
+ server_condition = ${if and{{ \
!eq{}{$auth1} }{ \
ldapauth{user="cn=${quote_ldap_dn:$auth1},ou=people,o=example.org" \
pass=${quote:$auth2} \
your resources.
+.new
+.section "The SMTP DKIM ACL" "SECTDKIMACL"
+The &%acl_smtp_dkim%& ACL is available only when Exim is compiled with DKIM support
+enabled (which is the default).
+
+The ACL test specified by &%acl_smtp_dkim%& happens after a message has been
+received, and is executed for each DKIM signature found in a message. If not
+otherwise specified, the default action is to accept.
+
+For details on the operation of DKIM, see chapter &<<CHID12>>&.
+.wen
+
+
.section "The SMTP MIME ACL" "SECID194"
The &%acl_smtp_mime%& option is available only when Exim is compiled with the
content-scanning extension. For details, see chapter &<<CHAPexiscan>>&.
and EHLO act as RSET; VRFY, EXPN, ETRN and HELP, act
as NOOP; QUIT quits.
-No policy checking is done for BSMTP input. That is, no ACL is run at anytime.
-In this respect it is like non-SMTP local input.
+Minimal policy checking is done for BSMTP input. Only the non-SMTP
+ACL is run in the same way as for non-SMTP local input.
If an error is detected while reading a message, including a missing &"."& at
the end, Exim gives up immediately. It writes details of the error to the
+.section "Dynamic module directory" "SECTdynmoddir"
+Any dynamically loadable modules must be installed into the directory
+defined in &`LOOKUP_MODULE_DIR`& in &_Local/Makefile_& for Exim to permit
+loading it.
+
+
+
.section "Use of sprintf()" "SECID279"
.cindex "&[sprintf()]&"
A large number of occurrences of &"sprintf"& in the code are actually calls to