-. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.64 2009/10/27 14:42:57 nm4 Exp $
+. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.69 2009/11/16 19:15:36 nm4 Exp $
.
. /////////////////////////////////////////////////////////////////////////////
. This is the primary source of the Exim Manual. It is an xfpt document that is
. /////////////////////////////////////////////////////////////////////////////
.set previousversion "4.69"
-.set version "4.70"
+.set version "4.71"
.set ACL "access control lists (ACLs)"
.set I " "
<bookinfo>
<title>Specification of the Exim Mail Transfer Agent</title>
<titleabbrev>The Exim MTA</titleabbrev>
-<date>27 October 2009</date>
-<author><firstname>Philip</firstname><surname>Hazel</surname></author>
-<authorinitials>PH</authorinitials>
-<affiliation><orgname>University of Cambridge Computing Service</orgname></affiliation>
-<address>New Museums Site, Pembroke Street, Cambridge CB2 3QH, England</address>
+<date>5 November 2009</date>
+<author><firstname>Exim</firstname><surname>Maintainers</surname></author>
+<authorinitials>EM</authorinitials>
<revhistory><revision>
- <revnumber>4.70</revnumber>
- <date>27 October 2009</date>
- <authorinitials>PH</authorinitials>
+ <revnumber>4.71</revnumber>
+ <date>5 November 2009</date>
+ <authorinitials>EM</authorinitials>
</revision></revhistory>
<copyright><year>2009</year><holder>University of Cambridge</holder></copyright>
</bookinfo>
yields an unchanged string.
+.vitem &*${randint:*&<&'n'&>&*}*&
+.cindex "random number"
+This operator returns a somewhat random number which is less than the
+supplied number and is at least 0. The quality of this randomness depends
+on how Exim was built; the values are not suitable for keying material.
+If Exim is linked against OpenSSL then RAND_pseudo_bytes() is used.
+Otherwise, the implementation may be arc4random(), random() seeded by
+srandomdev() or srandom(), or a custom implementation even weaker than
+random().
+
+
.vitem &*${rfc2047:*&<&'string'&>&*}*&
.cindex "expansion" "RFC 2047"
.cindex "RFC 2047" "expansion operator"
condition &`verify = helo`& is provided to make this possible.
Formerly, it was necessary also to set this option (&%helo_try_verify_hosts%&)
to force the check to occur. From release 4.53 onwards, this is no longer
-necessary. If the check has not been done before &`verify`& &`=`& &`helo`& is
+necessary. If the check has not been done before &`verify = helo`& is
encountered, it is done at that time. Consequently, this option is obsolete.
Its specification is retained here for backwards compatibility.
However, the EHLO or HELO command is not rejected if any of the checks
fail. Processing continues, but the result of the check is remembered, and can
-be detected later in an ACL by the &`verify`& &`=`& &`helo`& condition.
+be detected later in an ACL by the &`verify = helo`& condition.
.option helo_verify_hosts main "host list&!!" unset
.cindex "HELO verifying" "mandatory"
.vindex "&$sender_host_name$&"
After any kind of failure, the host name (in &$sender_host_name$&) remains
unset, and &$host_lookup_failed$& is set to the string &"1"&. See also
-&%dns_again_means_nonexist%&, &%helo_lookup_domains%&, and &`verify`& &`=`&
-&`reverse_host_lookup`& in ACLs.
+&%dns_again_means_nonexist%&, &%helo_lookup_domains%&, and
+&`verify = reverse_host_lookup`& in ACLs.
.option host_lookup_order main "string list" &`bydns:byaddr`&
instead of using the DNS. Of course, that function may in fact use the DNS, but
it may also consult other sources of information such as &_/etc/hosts_&.
-.option gnutls_require_kx main string unset
+.option gnutls_require_kx smtp string unset
This option controls the key exchange mechanisms when GnuTLS is used in an Exim
client. For details, see section &<<SECTreqciphgnu>>&.
-.option gnutls_require_mac main string unset
+.option gnutls_require_mac smtp string unset
This option controls the MAC algorithms when GnuTLS is used in an Exim
client. For details, see section &<<SECTreqciphgnu>>&.
-.option gnutls_require_protocols main string unset
+.option gnutls_require_protocols smtp string unset
This option controls the protocols when GnuTLS is used in an Exim
client. For details, see section &<<SECTreqciphgnu>>&.
.new
-.option gnutls_compat_mode main boolean unset
+.option gnutls_compat_mode smtp boolean unset
This option controls whether GnuTLS is used in compatibility mode in an Exim
server. This reduces security slightly, but improves interworking with older
implementations of TLS.
latter is the one defined by &%acl_smtp_predata%&). Setting it tells Exim that
the current message is a submission from a local MUA. In this case, Exim
operates in &"submission mode"&, and applies certain fixups to the message if
-necessary. For example, it add a &'Date:'& header line if one is not present.
+necessary. For example, it adds a &'Date:'& header line if one is not present.
This control is not permitted in the &%acl_smtp_data%& ACL, because that is too
late (the message has already been created).
.vitem &*control&~=&~suppress_local_fixups*&
.cindex "submission fixups, suppressing"
This control applies to locally submitted (non TCP/IP) messages, and is the
-complement of &`control`& &`=`& &`submission`&. It disables the fixups that are
+complement of &`control = submission`&. It disables the fixups that are
normally applied to locally-submitted messages. Specifically:
.ilist
.ilist
Locally submitted, fixups applied: the default.
.next
-Locally submitted, no fixups applied: use &`control`& &`=`&
-&`suppress_local_fixups`&.
+Locally submitted, no fixups applied: use
+&`control = suppress_local_fixups`&.
.next
Remotely submitted, no fixups applied: the default.
.next
-Remotely submitted, fixups applied: use &`control`& &`=`& &`submission`&.
+Remotely submitted, fixups applied: use &`control = submission`&.
.endlist