.set ACL "access control lists (ACLs)"
.set I " "
+.set drivernamemax "64"
+
.macro copyyear
2020
.endmacro
<secondary>failure report</secondary>
<see><emphasis>bounce message</emphasis></see>
</indexterm>
+<indexterm role="concept">
+ <primary>de-tainting</primary>
+ <see><emphasis>tainting, de-tainting</emphasis></see>
+</indexterm>
+<indexterm role="concept">
+ <primary>detainting</primary>
+ <see><emphasis>tainting, de-tainting</emphasis></see>
+</indexterm>
<indexterm role="concept">
<primary>dialup</primary>
<see><emphasis>intermittently connected hosts</emphasis></see>
.cindex "Solaris" "&'mail'& command"
.cindex "dot" "in incoming non-SMTP message"
This option, which has the same effect as &%-oi%&, specifies that a dot on a
-line by itself should not terminate an incoming, non-SMTP message. I can find
-no documentation for this option in Solaris 2.4 Sendmail, but the &'mailx'&
-command in Solaris 2.4 uses it. See also &%-ti%&.
+line by itself should not terminate an incoming, non-SMTP message.
+Solaris 2.4 (SunOS 5.4) Sendmail has a similar &%-i%& processing option
+&url(https://docs.oracle.com/cd/E19457-01/801-6680-1M/801-6680-1M.pdf),
+p. 1M-529), and therefore a &%-oi%& command line option, which both are used
+by its &'mailx'& command.
.vitem &%-L%&&~<&'tag'&>
.oindex "&%-L%&"
.vitem &%-m%&
.oindex "&%-m%&"
-This is apparently a synonym for &%-om%& that is accepted by Sendmail, so Exim
-treats it that way too.
+This is a synonym for &%-om%& that is accepted by Sendmail
+(&url(https://docs.oracle.com/cd/E19457-01/801-6680-1M/801-6680-1M.pdf)
+p. 1M-258), so Exim treats it that way too.
.vitem &%-N%&
.oindex "&%-N%&"
imposes a security risk (e.g. PATH). There are two lists:
&%keep_environment%& for the variables to import as they are, and
&%add_environment%& for variables we want to set to a fixed value.
-Note that TZ is handled separately, by the $%timezone%$ runtime
+Note that TZ is handled separately, by the &%timezone%& runtime
option and by the TIMEZONE_DEFAULT buildtime option.
.code
# keep_environment = ^LDAP
.vitem domains
.new
A &%domains%& router option or &%domains%& ACL condition
-will store a result in the &$domain_data$& variable
+will store a result in the &$domain_data$& variable.
.wen
.vitem senders
A &%senders%& router option or &%senders%& ACL condition
of either kind (single-key or query-style) it may be
followed by a comma and options,
The options are lookup-type specific and consist of a comma-separated list.
-Each item starts with a tag and and equals "=".
+Each item starts with a tag and and equals "=" sign.
.next
.cindex "domain list" "matching literal domain name"
.endd
.next
.cindex "CIDR notation"
-If the pattern is an IP address followed by a slash and a mask length (for
-example 10.11.42.0/24), it is matched against the IP address of the subject
-host under the given mask. This allows, an entire network of hosts to be
+If the pattern is an IP address followed by a slash and a mask length, for
+example
+.code
+10.11.42.0/24
+.endd
+, it is matched against the IP address of the subject
+host under the given mask. This allows an entire network of hosts to be
included (or excluded) by a single item. The mask uses CIDR notation; it
specifies the number of address bits that must match, starting from the most
significant end of the address.
and expansion of data deriving from the sender (&"tainted data"&)
.new
is not permitted (including acessing a file using a tainted name).
+The main config option &%allow_insecure_tainted_data%& can be used as
+mitigation during uprades to more secure configurations.
.wen
.new
Header lines that are added in a RCPT ACL (for example)
are saved until the message's incoming header lines are available, at which
point they are added.
-When any of the above ACLs ar
+When any of the above ACLs are
running, however, header lines added by earlier ACLs are visible.
Upper case and lower case letters are synonymous in header names. If the
name of the subroutine, is nine.
The return value of the subroutine is inserted into the expanded string, unless
-the return value is &%undef%&. In that case, the expansion fails in the same
-way as an explicit &"fail"& on a lookup item. The return value is a scalar.
-Whatever you return is evaluated in a scalar context. For example, if you
-return the name of a Perl vector, the return value is the size of the vector,
+the return value is &%undef%&. In that case, the entire expansion is
+forced to fail, in the same way as an explicit &"fail"& on a lookup item
+does (see section &<<SECTforexpfai>>&). Whatever you return is evaluated
+in a scalar context, thus the return value is a scalar. For example, if you
+return a Perl vector, the return value is the size of the vector,
not its contents.
If the subroutine exits by calling Perl's &%die%& function, the expansion fails
.cindex "expansion" "inserting an entire file"
.cindex "file" "inserting into expansion"
.cindex "&%readfile%& expansion item"
-The filename and end-of-line string are first expanded separately. The file is
+The filename and end-of-line (eol) string are first expanded separately. The file is
then read, and its contents replace the entire item. All newline characters in
the file are replaced by the end-of-line string if it is present. Otherwise,
newlines are left in the string.
Only a single host name may be given, but if looking it up yields more than
one IP address, they are each tried in turn until a connection is made. For
both kinds of socket, Exim makes a connection, writes the request string
-unless it is an empty string; and no terminating NUL is ever sent)
+(unless it is an empty string; no terminating NUL is ever sent)
and reads from the socket until an end-of-file
is read. A timeout of 5 seconds is applied. Additional, optional arguments
extend what can be done. Firstly, you can vary the timeout. For example:
.vitem &*${escape8bit:*&<&'string'&>&*}*&
.cindex "expansion" "escaping 8-bit characters"
.cindex "&%escape8bit%& expansion item"
-If the string contains and characters with the most significant bit set,
+If the string contains any characters with the most significant bit set,
they are converted to escape sequences starting with a backslash.
Backslashes and DEL characters are also converted.
.cindex "expansion" "string length"
.cindex "string" "length in expansion"
.cindex "&%strlen%& expansion item"
-The item is replace by the length of the expanded string, expressed as a
+The item is replaced by the length of the expanded string, expressed as a
decimal number. &*Note*&: Do not confuse &%strlen%& with &%length%&.
All measurement is done in bytes and is not UTF-8 aware.
.section "Miscellaneous" "SECID96"
.table2
.row &%add_environment%& "environment variables"
+.row &%allow_insecure_tainted_data%& "turn taint errors into warnings"
.row &%bi_command%& "to run for &%-bi%& command line option"
.row &%debug_store%& "do extra internal checks"
.row &%disable_ipv6%& "do no IPv6 processing"
.row &%notifier_socket%& "override compiled-in value"
.row &%pid_file_path%& "override compiled-in value"
.row &%queue_run_max%& "maximum simultaneous queue runners"
+.row &%smtp_backlog_monitor%& "level to log listen backlog"
.endtable
configuration). This &"magic string"& matches the domain literal form of all
the local host's IP addresses.
+.new
+.option allow_insecure_tainted_data main boolean false
+.cindex "de-tainting"
+.oindex "allow_insecure_tainted_data"
+The handling of tainted data may break older (pre 4.94) configurations.
+Setting this option to "true" turns taint errors (which result in a temporary
+message rejection) into warnings. This option is meant as mitigation only
+and deprecated already today. Future releases of Exim may ignore it.
+The &%taint%& log selector can be used to suppress even the warnings.
+.wen
+
+
.option allow_mx_to_ip main boolean false
.cindex "MX record" "pointing to IP address"
option was not set.
-.option recipients_max main integer 0
+.option recipients_max main integer 50000
.cindex "limit" "number of recipients"
.cindex "recipient" "maximum number"
If this option is set greater than zero, it specifies the maximum number of
verification if there is no remote transport from which to obtain a
&%helo_data%& value.
+.option smtp_backlog_monitor main integer 0
+.cindex "connection backlog" monitoring
+If this option is set to greater than zero, and the backlog of available
+TCP connections on a socket listening for SMTP is larger than it, a line
+is logged giving the value and the socket address and port.
+The value is retrived jsut before an accept call.
+This facility is only available on Linux.
+
.option smtp_banner main string&!! "see below"
.cindex "SMTP" "welcome banner"
.cindex "banner for SMTP"
.option smtp_connect_backlog main integer 20
-.cindex "connection backlog"
+.cindex "connection backlog" "set maximum"
.cindex "SMTP" "connection backlog"
.cindex "backlog of connections"
This option specifies a maximum number of waiting SMTP connections. Exim passes
is not required the &%tls_advertise_hosts%& option should be set empty.
-.option tls_certificate main string list&!! unset
+.option tls_certificate main "string list&!!" unset
.cindex "TLS" "server certificate; location of"
.cindex "certificate" "server, location of"
The value of this option is expanded, and must then be a list of absolute paths to
-.option tls_privatekey main string list&!! unset
+.option tls_privatekey main "string list&!!" unset
.cindex "TLS" "server private key; location of"
The value of this option is expanded, and must then be a list of absolute paths to
files which contains the server's private keys.
provide data for a transport is: &%errors_to%&, &%headers_add%&,
&%headers_remove%&, &%transport%&.
+.new
+The name of a router is limited to be &drivernamemax; ASCII characters long;
+prior to Exim 4.95 names would be silently truncated at this length, but now
+it is enforced.
+.wen
.option address_data routers string&!! unset
the text is included in the error message that Exim generates.
.cindex "SMTP" "error codes"
-By default, Exim sends a 451 SMTP code for a &':defer:'&, and 550 for
+By default for verify, Exim sends a 451 SMTP code for a &':defer:'&, and 550 for
&':fail:'&. However, if the message starts with three digits followed by a
space, optionally followed by an extended code of the form &'n.n.n'&, also
followed by a space, and the very first digit is the same as the default error
.scindex IIDgenoptra1 "generic options" "transport"
.scindex IIDgenoptra2 "options" "generic; for transports"
.scindex IIDgenoptra3 "transport" "generic options for"
+.new
+The name of a transport is limited to be &drivernamemax; ASCII characters long;
+prior to Exim 4.95 names would be silently truncated at this length, but now
+it is enforced.
+.wen
+
The following generic options apply to all transports:
.option dkim_canon smtp string&!! unset
DKIM signing option. For details see section &<<SECDKIMSIGN>>&.
-.option dkim_domain smtp string list&!! unset
+.option dkim_domain smtp "string list&!!" unset
DKIM signing option. For details see section &<<SECDKIMSIGN>>&.
.option dkim_hash smtp string&!! sha256
DKIM signing option. For details see section &<<SECDKIMSIGN>>&.
See the &%dnssec_request_domains%& router and transport options.
See section &<<SECDANE>>&.
+.option hosts_require_helo smtp "host list&!!" *
+.cindex "HELO/EHLO" requiring
+Exim will require an accepted HELO or EHLO command from a host matching
+this list, before accepting a MAIL command.
+
.option hosts_require_ocsp smtp "host list&!!" unset
.cindex "TLS" "requiring for certain servers"
Exim will request, and check for a valid Certificate Status being given, on a
transfer of mail between servers that have no managerial connection with each
other.
+.new
+The name of an authenticator is limited to be &drivernamemax; ASCII characters long;
+prior to Exim 4.95 names would be silently truncated at this length, but now
+it is enforced.
+.wen
+
.cindex "AUTH" "description of"
.cindex "ESMTP extensions" AUTH
Very briefly, the way SMTP authentication works is as follows:
When Exim encounters an empty item in the list, it searches the list defined by
LOG_FILE_PATH, and uses the first item it finds that is neither empty nor
&"syslog"&. This means that an empty item in &%log_file_path%& can be used to
-mean &"use the path specified at build time"&. It no such item exists, log
+mean &"use the path specified at build time"&. If no such item exists, log
files are written in the &_log_& subdirectory of the spool directory. This is
equivalent to the setting:
.code
&` smtp_protocol_error `& SMTP protocol errors
&` smtp_syntax_error `& SMTP syntax errors
&` subject `& contents of &'Subject:'& on <= lines
+&`*taint `& taint errors or warnings
&`*tls_certificate_verified `& certificate verification status
&`*tls_cipher `& TLS cipher suite on <= and => lines
&` tls_peerdn `& TLS peer DN on <= and => lines
.cindex "log" "frozen messages; skipped"
.cindex "frozen messages" "logging skipping"
&%skip_delivery%&: A log line is written whenever a message is skipped during a
-queue run because it is frozen or because another process is already delivering
-it.
+queue run because it another process is already delivering it or because
+it is frozen.
.cindex "&""spool file is locked""&"
-The message that is written is &"spool file is locked"&.
+.cindex "&""message is frozen""&"
+The message that is written is either &"spool file is locked"& or
+&"message is frozen"&.
.next
.cindex "log" "smtp confirmation"
.cindex "SMTP" "logging confirmation"
&`CV=dane`& if using a DNS trust anchor,
and &`CV=no`& if not.
.next
+.cindex "log" "Taint warnings"
+&%taint%&: Log warnings about tainted data. This selector can't be
+turned of if &%allow_insecure_tainted_data%& is false (which is the
+default).
+.next
.cindex "log" "TLS cipher"
.cindex "TLS" "logging cipher"
&%tls_cipher%&: When a message is sent or received over an encrypted
.vitem &%temperror%&
This indicates a temporary error during all processing, including Exim's
SPF processing. You may defer messages when this occurs.
+
+.vitem &%invalid%&
+There was an error during processing of the SPF lookup
.endlist
You can prefix each string with an exclamation mark to invert
.vitem &$spf_result$&
.vindex &$spf_result$&
This contains the outcome of the SPF check in string form,
- one of pass, fail, softfail, none, neutral, permerror or
- temperror.
+ currently one of pass, fail, softfail, none, neutral, permerror,
+ temperror, or &"(invalid)"&.
.vitem &$spf_result_guessed$&
.vindex &$spf_result_guessed$&
git://git.exim.org / exim.git / blobdiff