The word &"set"& at the start of a line, followed by a single space,
is recognised specially as defining a value for a variable.
+.new
+.cindex "tainted data" "expansion testing"
+If the sequence &",t"& is inserted before the space,
+the value is marked as tainted.
+.wen
The syntax is otherwise the same as the ACL modifier &"set ="&.
.cmdopt -bem <&'filename'&>
lookup types support only literal keys.
&*Warning 2*&: In a host list, you must always use &(net-iplsearch)& so that
-the implicit key is the host's IP address rather than its name (see section
-&<<SECThoslispatsikey>>&).
+the implicit key is the host's IP address rather than its name
+(see section &<<SECThoslispatsikey>>&).
&*Warning 3*&: Do not use an IPv4-mapped IPv6 address for a key; use the
IPv4, in dotted-quad form. (Exim converts IPv4-mapped IPv6 addresses to this
&*Reminder*&: With this kind of pattern, you must have host &'names'& as
keys in the file, not IP addresses. If you want to do lookups based on IP
-addresses, you must precede the search type with &"net-"& (see section
-&<<SECThoslispatsikey>>&). There is, however, no reason why you could not use
+addresses, you must precede the search type with &"net-"&
+(see section &<<SECThoslispatsikey>>&).
+There is, however, no reason why you could not use
two items in the same list, one doing an address lookup and one doing a name
lookup, both using the same file.
.next
The item @[] matches any of the local host's interface addresses.
.next
-Single-key lookups are assumed to be like &"net-"& style lookups in host lists,
+Single-key lookups are assumed to be like &"net-"& style lookups in host lists
+(see section &<<SECThoslispatsikey>>&),
even if &`net-`& is not specified. There is never any attempt to turn the IP
address into a host name. The most common type of linear search for
&*match_ip*& is likely to be &*iplsearch*&, in which the file can contain CIDR
.section "Format of an ACL" "SECID199"
.cindex "&ACL;" "format of"
.cindex "&ACL;" "verbs, definition of"
-An individual ACL consists of a number of statements. Each statement starts
+An individual ACL definition consists of a number of statements.
+Each statement starts
with a verb, optionally followed by a number of conditions and &"modifiers"&.
Modifiers can change the way the verb operates, define error and log messages,
set variables, insert delays, and vary the processing of accepted messages.
all the conditions make sense at every testing point. For example, you cannot
test a sender address in the ACL that is run for a VRFY command.
+The definition of an ACL ends where another starts,
+or a different configuration section starts.
+
.section "ACL verbs" "SECID200"
The ACL verbs are as follows:
.olist
Signing outgoing messages: This function is implemented in the SMTP transport.
It can co-exist with all other Exim features
-(including transport filters)
-except cutthrough delivery.
+(including transport filters) except cutthrough delivery.
+.new
+However, signing options may not depend on headers modified by
+routers, the transport or a transport filter.
+.wen
.next
Verifying signatures in incoming messages: This is implemented by an additional
ACL (acl_smtp_dkim), which can be called several times per message, with
git://git.exim.org / exim.git / blobdiff