.code
${readsocket{/socket/name}{request string}{3s}}
.endd
+
The third argument is a list of options, of which the first element is the timeout
and must be present if the argument is given.
Further elements are options of form &'name=value'&.
-One option type is currently recognised, defining whether (the default)
+Two option types is currently recognised: shutdown and tls.
+The first defines whether (the default)
or not a shutdown is done on the connection after sending the request.
Example, to not do so (preferred, eg. by some webservers):
.code
${readsocket{/socket/name}{request string}{3s:shutdown=no}}
.endd
+.new
+The second, tls, controls the use of TLS on the connection. Example:
+.code
+${readsocket{/socket/name}{request string}{3s:tls=yes}}
+.endd
+The default is to not use TLS.
+If it is enabled, a shutdown as descripbed above is never done.
+.wen
+
A fourth argument allows you to change any newlines that are in the data
that is read, in the same way as for &%readfile%& (see above). This example
turns them into spaces:
.oindex "&%tls_require_ciphers%&" "OpenSSL"
There is a function in the OpenSSL library that can be passed a list of cipher
suites before the cipher negotiation takes place. This specifies which ciphers
-are acceptable. The list is colon separated and may contain names like
+.new
+are acceptable for TLS versions prior to 1.3.
+.wen
+The list is colon separated and may contain names like
DES-CBC3-SHA. Exim passes the expanded value of &%tls_require_ciphers%&
directly to this function call.
Many systems will install the OpenSSL manual-pages, so you may have
tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
.endd
+.new
+For TLS version 1.3 the control available is less fine-grained
+and Exim does not provide access to it at present.
+The value of the &%tls_require_ciphers%& option is ignored when
+TLS version 1.3 is negotiated.
+
+As of writing the library default cipher suite list for TLSv1.3 is
+.code
+TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+.endd
+.wen
+
.section "Requiring specific ciphers or other parameters in GnuTLS" &&&
"SECTreqciphgnu"
.endd
-.section "Scanning with SpamAssassin and Rspamd" "SECTscanspamass"
+.section "Scanning with SpamAssassin" "SECTscanspamass"
.cindex "content scanning" "for spam"
.cindex "spam scanning"
.cindex "SpamAssassin"
-.cindex "Rspamd"
The &%spam%& ACL condition calls SpamAssassin's &%spamd%& daemon to get a spam
-score and a report for the message.
-Support is also provided for Rspamd.
-
-For more information about installation and configuration of SpamAssassin or
-Rspamd refer to their respective websites at
-&url(http://spamassassin.apache.org) and &url(http://www.rspamd.com)
-
-SpamAssassin can be installed with CPAN by running:
+score and a report for the message. You can get SpamAssassin at
+&url(http://www.spamassassin.org), or, if you have a working Perl
+installation, you can use CPAN by running:
.code
perl -MCPAN -e 'install Mail::SpamAssassin'
.endd
connection tracking may consider your half-closed connection as dead too
soon.
-
-To use Rspamd (which by default listens on all local addresses
-on TCP port 11333)
-you should add &%variant=rspamd%& after the address/port pair, for example:
-.code
-spamd_address = 127.0.0.1 11333 variant=rspamd
-.endd
-
As of version 2.60, &%SpamAssassin%& also supports communication over UNIX
sockets. If you want to us these, supply &%spamd_address%& with an absolute
file name instead of an address/port pair:
relevant if you have set up multiple SpamAssassin profiles. If you do not want
to scan using a specific profile, but rather use the SpamAssassin system-wide
default profile, you can scan for an unknown name, or simply use &"nobody"&.
-Rspamd does not use this setting. However, you must put something on the
-right-hand side.
+However, you must put something on the right-hand side.
The name allows you to use per-domain or per-user antispam profiles in
principle, but this is not straightforward in practice, because a message may
unencoded in headers.
.vitem &$spam_action$&
-For SpamAssassin either 'reject' or 'no action' depending on the
+Either 'reject' or 'no action' depending on the
spam score versus threshold.
-For Rspamd, the recommended action.
-
.endlist
The &%spam%& condition caches its results unless expansion in
git://git.exim.org / exim.git / blobdiff