domains = lsearch;/some/file
.endd
The first uses a string expansion, the result of which must be a domain list.
+.new
+The key for an expansion-style lookup must be given explicitly.
+.wen
No strings have been specified for a successful or a failing lookup; the
defaults in this case are the looked-up data and an empty string, respectively.
The expansion takes place before the string is processed as a list, and the
Any data that follows the keys is not relevant when checking that the domain
matches the list item.
+.new
+The key for a list-style lookup is implicit, from the lookup context, if
+the lookup is a single-key type (see below).
+For query-style lookup types the key must be given explicitly.
+.wen
+
It is possible, though no doubt confusing, to use both kinds of lookup at once.
Consider a file containing lines like this:
.code
and a single key to search for. The key must be a non-empty string for the
lookup to succeed. The lookup type determines how the file is searched.
.cindex "tainted data" "single-key lookups"
-The file string may not be tainted
+The file string may not be tainted.
.cindex "tainted data" "de-tainting"
All single-key lookups support the option &"ret=key"&.
&*tls*&
Controls the use of TLS on the connection.
Values are &"yes"& or &"no"& (the default).
-If it is enabled, a shutdown as descripbed above is never done.
+If it is enabled, a shutdown as described above is never done.
.endlist
.cindex "ESMTP extensions" DSN
DSN extensions (RFC3461) will be advertised in the EHLO message to,
and accepted from, these hosts.
-Hosts may use the NOTIFY and ENVID options on RCPT TO commands,
-and RET and ORCPT options on MAIL FROM commands.
+Hosts may use the NOTIFY and ORCPT options on RCPT TO commands,
+and RET and ENVID options on MAIL FROM commands.
A NOTIFY=SUCCESS option requests success-DSN messages.
A NOTIFY= option with no argument requests that no delay or failure DSNs
are sent.
(the "ffdhe" identifiers).
At this point, all of the "ike" values should be considered obsolete;
-they're still in Exim to avoid breaking unusual configurations, but are
+they are still in Exim to avoid breaking unusual configurations, but are
candidates for removal the next time we have backwards-incompatible changes.
+.new
+Two of them in particular (&`ike1`& and &`ike22`&) are called out by RFC 8247
+as MUST NOT use for IPSEC, and two more (&`ike23`& and &`ike24`&) as
+SHOULD NOT.
+Because of this, Exim regards them as deprecated; if either of the first pair
+are used, warnings will be logged in the paniclog, and if any are used then
+warnings will be logged in the mainlog.
+All four will be removed in a future Exim release.
+.wen
The TLS protocol does not negotiate an acceptable size for this; clients tend
to hard-drop connections if what is offered by the server is unacceptable,
the message override the banner message that is otherwise specified by the
&%smtp_banner%& option.
+.new
+For tls-on-connect connections, the ACL is run after the TLS connection
+is accepted (however, &%host_reject_connection%& is tested before).
+.wen
+
.section "The EHLO/HELO ACL" "SECID192"
.cindex "EHLO" "ACL for"
may access any variables already defined. The logging may be adjusted with
the &'opts'& option, which takes the same values as the &`-d`& command-line
option.
-Logging started this way may be stopped, and the file removed,
-with the &'kill'& option.
+.new
+Logging started this way may be stopped by using the &'stop'& option.
+The &'kill'& option additionally removes the debug file.
+.wen
Some examples (which depend on variables that don't exist in all
contexts):
.code
The name is placed in the variable &$event_name$& and the event action
expansion must check this, as it will be called for every possible event type.
+.new
The current list of events is:
.display
&`dane:fail after transport `& per connection
&`tcp:connect before transport `& per connection
&`tcp:close after transport `& per connection
&`tls:cert before both `& per certificate in verification chain
+&`tls:fail:connect after main `& per connection
&`smtp:connect after transport `& per connection
&`smtp:ehlo after transport `& per connection
.endd
+.wen
New event types may be added in future.
The event name is a colon-separated list, defining the type of
&`msg:rcpt:host:defer `& error string
&`msg:rcpt:defer `& error string
&`tls:cert `& verification chain depth
+&`tls:fail:connect `& error string
&`smtp:connect `& smtp banner
&`smtp:ehlo `& smtp ehlo response
.endd