-. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.83 2010/06/07 07:09:10 pdp Exp $
+. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.88 2010/06/14 18:51:09 pdp Exp $
.
. /////////////////////////////////////////////////////////////////////////////
. This is the primary source of the Exim Manual. It is an xfpt document that is
.section "Use of tcpwrappers" "SECID27"
.cindex "tcpwrappers, building Exim to support"
.cindex "USE_TCP_WRAPPERS"
+.cindex "TCP_WRAPPERS_DAEMON_NAME"
+.cindex "tcp_wrappers_daemon_name"
Exim can be linked with the &'tcpwrappers'& library in order to check incoming
SMTP calls using the &'tcpwrappers'& control files. This may be a convenient
alternative to Exim's own checking facilities for installations that are
CFLAGS=-O -I/usr/local/include
EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
.endd
-in &_Local/Makefile_&. The name to use in the &'tcpwrappers'& control files is
-&"exim"&. For example, the line
+in &_Local/Makefile_&. The daemon name to use in the &'tcpwrappers'& control
+files is &"exim"&. For example, the line
.code
exim : LOCAL 192.168.1. .friendly.domain.example
.endd
in your &_/etc/hosts.allow_& file allows connections from the local host, from
the subnet 192.168.1.0/24, and from all hosts in &'friendly.domain.example'&.
-All other connections are denied. Consult the &'tcpwrappers'& documentation for
+All other connections are denied. The daemon name used by &'tcpwrappers'&
+can be changed at build time by setting TCP_WRAPPERS_DAEMON_NAME in
+in &_Local/Makefile_&, or by setting tcp_wrappers_daemon_name in the
+configure file. Consult the &'tcpwrappers'& documentation for
further details.
.cindex "testing", "malware"
.cindex "malware scan test"
This debugging option causes Exim to scan the given file,
-using the malware scanning framework. The option of av_scanner influences
-this option, so if av_scanner's value is dependent upon an expansion then
-the expansion should have defaults which apply to this invocation. Exim will
-have changed working directory before resolving the filename, so using fully
-qualified pathnames is advisable. This option requires admin privileges.
+using the malware scanning framework. The option of &%av_scanner%& influences
+this option, so if &%av_scanner%&'s value is dependent upon an expansion then
+the expansion should have defaults which apply to this invocation. ACLs are
+not invoked, so if &%av_scanner%& references an ACL variable then that variable
+will never be populated and &%-bmalware%& will fail.
+
+Exim will have changed working directory before resolving the filename, so
+using fully qualified pathnames is advisable. Exim will be running as the Exim
+user when it tries to open the file, rather than as the invoking user.
+This option requires admin privileges.
+
+The &%-bmalware%& option will not be extended to be more generally useful,
+there are better tools for file-scanning. This option exists to help
+administrators verify their Exim and AV scanner configuration.
.vitem &%-bt%&
.oindex "&%-bt%&"
This condition turns a string holding a true or false representation into
a boolean state. It parses &"true"&, &"false"&, &"yes"& and &"no"&
(case-insensitively); also positive integer numbers map to true if non-zero,
-false if zero. Leading whitespace is ignored.
+false if zero. Leading and trailing whitespace is ignored.
All other string values will result in expansion failure.
When combined with ACL variables, this expansion condition will let you
${if bool{$acl_m_privileged_sender} ...
.endd
+.vitem &*bool_lax&~{*&<&'string'&>&*}*&
+.cindex "expansion" "boolean parsing"
+.cindex "&%bool_lax%& expansion condition"
+Like &%bool%&, this condition turns a string into a boolean state. But
+where &%bool%& accepts a strict set of strings, &%bool_lax%& uses the same
+loose definition that the Router &%condition%& option uses. The empty string
+and the values &"false"&, &"no"& and &"0"& map to false, all others map to
+true. Leading and trailing whitespace is ignored.
+
+Note that where &"bool{00}"& is false, &"bool_lax{00}"& is true.
+
.vitem &*crypteq&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*&
.cindex "expansion" "encrypted comparison"
.cindex "encrypted strings, comparing"
precondition to be evaluated, all the other preconditions must be true).
This option is unique in that multiple &%condition%& options may be present.
-In this case, the previous statement does not quite apply: the result of each
-&%condition%& option must be a string recognised by the &%bool%& expansion
-operator, or failure will be forced. The effect is to "and" the conditions
-together, as each must pass.
+All &%condition%& options must succeed.
The &%condition%& option provides a means of applying custom conditions to the
running of routers. Note that in the case of a simple conditional expansion,
.code
condition = ${if >{$message_age}{600}{true}{}}
.endd
-A multiple condition example:
+A multiple condition example, which succeeds:
.code
condition = ${if >{$message_age}{600}}
condition = ${if !eq{${lc:$local_part}}{postmaster}}
+condition = foobar
.endd
If the expansion fails (other than forced failure) delivery is deferred. Some
of the other precondition options are common special cases that could in fact