. Update the Copyright year (only) when changing content.
. /////////////////////////////////////////////////////////////////////////////
. Update the Copyright year (only) when changing content.
. /////////////////////////////////////////////////////////////////////////////
.section "Exim documentation" "SECID1"
. Keep this example change bar when updating the documentation!
.section "Exim documentation" "SECID1"
. Keep this example change bar when updating the documentation!
.cindex "documentation"
This edition of the Exim specification applies to version &version() of Exim.
Substantive changes from the &previousversion; edition are marked in some
renditions of this document; this paragraph is so marked if the rendition is
capable of showing a change indicator.
.cindex "documentation"
This edition of the Exim specification applies to version &version() of Exim.
Substantive changes from the &previousversion; edition are marked in some
renditions of this document; this paragraph is so marked if the rendition is
capable of showing a change indicator.
This document is very much a reference manual; it is not a tutorial. The reader
is expected to have some familiarity with the SMTP mail transfer protocol and
This document is very much a reference manual; it is not a tutorial. The reader
is expected to have some familiarity with the SMTP mail transfer protocol and
.cindex debugging "UTF-8 in"
.cindex UTF-8 "in debug output"
The &`noutf8`& selector disables the use of
UTF-8 line-drawing characters to group related information.
When disabled. ascii-art is used instead.
Using the &`+all`& option does not set this modifier,
.cindex debugging "UTF-8 in"
.cindex UTF-8 "in debug output"
The &`noutf8`& selector disables the use of
UTF-8 line-drawing characters to group related information.
When disabled. ascii-art is used instead.
Using the &`+all`& option does not set this modifier,
If the &%debug_print%& option is set in any driver, it produces output whenever
any debugging is selected, or if &%-v%& is used.
If the &%debug_print%& option is set in any driver, it produces output whenever
any debugging is selected, or if &%-v%& is used.
.endd
This transport is used for delivering messages over SMTP connections.
The list of remote hosts comes from the router.
.endd
This transport is used for delivering messages over SMTP connections.
The list of remote hosts comes from the router.
to try to use DNSSEC for all queries and to use DANE for delivery;
see section &<<SECDANE>>& for more details.
to try to use DNSSEC for all queries and to use DANE for delivery;
see section &<<SECDANE>>& for more details.
+The &%hosts_try_prdr%& option enables an efficiency SMTP option. It is
+negotiated between client and server and not expected to cause problems
+but can be disabled if needed. The built-in macro _HAVE_PRDR guards the
+use of the &%hosts_try_prdr%& configuration option.
+
The other remote transport is used when delivering to a specific smarthost
with whom there must be some kind of existing relationship, instead of the
usual federated system.
The other remote transport is used when delivering to a specific smarthost
with whom there must be some kind of existing relationship, instead of the
usual federated system.
.endd
After the same &%message_size_limit%& hack, we then specify that this Transport
can handle messages to multiple domains in one run. The assumption here is
.endd
After the same &%message_size_limit%& hack, we then specify that this Transport
can handle messages to multiple domains in one run. The assumption here is
You want to specify the hostname which you'll expect to validate for, and that
should not be subject to insecure tampering via DNS results.
You want to specify the hostname which you'll expect to validate for, and that
should not be subject to insecure tampering via DNS results.
This forces an expansion failure (see section &<<SECTforexpfai>>&);
{<&'string2'&>} must be present for &"fail"& to be recognized.
This forces an expansion failure (see section &<<SECTforexpfai>>&);
{<&'string2'&>} must be present for &"fail"& to be recognized.
.vitem "&*${extract json{*&<&'key'&>&*}{*&<&'string1'&>&*}{*&<&'string2'&>&*}&&&
{*&<&'string3'&>&*}}*&"
.cindex "expansion" "extracting from JSON object"
.vitem "&*${extract json{*&<&'key'&>&*}{*&<&'string1'&>&*}{*&<&'string2'&>&*}&&&
{*&<&'string3'&>&*}}*&"
.cindex "expansion" "extracting from JSON object"
.vitem "&*${extract json{*&<&'number'&>&*}}&&&
{*&<&'string1'&>&*}{*&<&'string2'&>&*}{*&<&'string3'&>&*}}*&"
.cindex "expansion" "extracting from JSON array"
.vitem "&*${extract json{*&<&'number'&>&*}}&&&
{*&<&'string1'&>&*}{*&<&'string2'&>&*}{*&<&'string3'&>&*}}*&"
.cindex "expansion" "extracting from JSON array"
.cindex "expansion" "selecting from list by condition"
.vindex "&$item$&"
After expansion, <&'string'&> is interpreted as a list, colon-separated by
.cindex "expansion" "selecting from list by condition"
.vindex "&$item$&"
After expansion, <&'string'&> is interpreted as a list, colon-separated by
in this list, its value is place in &$item$&, and then the condition is
evaluated. If the condition is true, &$item$& is added to the output as an
item in a new list; if the condition is false, the item is discarded. The
in this list, its value is place in &$item$&, and then the condition is
evaluated. If the condition is true, &$item$& is added to the output as an
item in a new list; if the condition is false, the item is discarded. The
and leading and trailing white space (which is ignored).
After expansion, <&'string1'&> is interpreted as a list, colon-separated by
and leading and trailing white space (which is ignored).
After expansion, <&'string1'&> is interpreted as a list, colon-separated by
The first field of the list is numbered one.
If the number is negative, the fields are
The first field of the list is numbered one.
If the number is negative, the fields are
.cindex "expansion" "list creation"
.vindex "&$item$&"
After expansion, <&'string1'&> is interpreted as a list, colon-separated by
.cindex "expansion" "list creation"
.vindex "&$item$&"
After expansion, <&'string1'&> is interpreted as a list, colon-separated by
in this list, its value is place in &$item$&, and then <&'string2'&> is
expanded and added to the output as an item in a new list. The separator used
for the output list is the same as the one used for the input, but a separator
in this list, its value is place in &$item$&, and then <&'string2'&> is
expanded and added to the output as an item in a new list. The separator used
for the output list is the same as the one used for the input, but a separator
The second, tls, controls the use of TLS on the connection. Example:
.code
${readsocket{/socket/name}{request string}{3s:tls=yes}}
.endd
The default is to not use TLS.
If it is enabled, a shutdown as descripbed above is never done.
The second, tls, controls the use of TLS on the connection. Example:
.code
${readsocket{/socket/name}{request string}{3s:tls=yes}}
.endd
The default is to not use TLS.
If it is enabled, a shutdown as descripbed above is never done.
A fourth argument allows you to change any newlines that are in the data
that is read, in the same way as for &%readfile%& (see above). This example
A fourth argument allows you to change any newlines that are in the data
that is read, in the same way as for &%readfile%& (see above). This example
.vindex "&$item$&"
This operation reduces a list to a single, scalar string. After expansion,
<&'string1'&> is interpreted as a list, colon-separated by default, but the
.vindex "&$item$&"
This operation reduces a list to a single, scalar string. After expansion,
<&'string1'&> is interpreted as a list, colon-separated by default, but the
assigned to the &$value$& variable. After this, each item in the <&'string1'&>
list is assigned to &$item$&, in turn, and <&'string3'&> is expanded for each of
them. The result of that expansion is assigned to &$value$& before the next
assigned to the &$value$& variable. After this, each item in the <&'string1'&>
list is assigned to &$item$&, in turn, and <&'string3'&> is expanded for each of
them. The result of that expansion is assigned to &$value$& before the next
.cindex list sorting
.cindex expansion "list sorting"
After expansion, <&'string'&> is interpreted as a list, colon-separated by
.cindex list sorting
.cindex expansion "list sorting"
After expansion, <&'string'&> is interpreted as a list, colon-separated by
The <&'comparator'&> argument is interpreted as the operator
of a two-argument expansion condition.
The numeric operators plus ge, gt, le, lt (and ~i variants) are supported.
The <&'comparator'&> argument is interpreted as the operator
of a two-argument expansion condition.
The numeric operators plus ge, gt, le, lt (and ~i variants) are supported.
.cindex "expansion" "utf-8 forcing"
.cindex "&%utf8clean%& expansion item"
This replaces any invalid utf-8 sequence in the string by the character &`?`&.
.cindex "expansion" "utf-8 forcing"
.cindex "&%utf8clean%& expansion item"
This replaces any invalid utf-8 sequence in the string by the character &`?`&.
In versions of Exim before 4.92, this did not correctly do so for a truncated
final codepoint's encoding, and the character would be silently dropped.
If you must handle detection of this scenario across both sets of Exim behavior,
In versions of Exim before 4.92, this did not correctly do so for a truncated
final codepoint's encoding, and the character would be silently dropped.
If you must handle detection of this scenario across both sets of Exim behavior,
.vitem "&*${utf8_domain_to_alabel:*&<&'string'&>&*}*&" &&&
"&*${utf8_domain_from_alabel:*&<&'string'&>&*}*&" &&&
.vitem "&*${utf8_domain_to_alabel:*&<&'string'&>&*}*&" &&&
"&*${utf8_domain_from_alabel:*&<&'string'&>&*}*&" &&&
.vindex "&$item$&"
These conditions iterate over a list. The first argument is expanded to form
the list. By default, the list separator is a colon, but it can be changed by
.vindex "&$item$&"
These conditions iterate over a list. The first argument is expanded to form
the list. By default, the list separator is a colon, but it can be changed by
be applied to each item in the list in turn. During the interpretation of the
condition, the current list item is placed in a variable called &$item$&.
.ilist
be applied to each item in the list in turn. During the interpretation of the
condition, the current list item is placed in a variable called &$item$&.
.ilist
contain dots or colons (that is, are not IP addresses), the value of
&%daemon_smtp_ports%& is replaced by the list of those items. If there are any
items that do contain dots or colons, the value of &%local_interfaces%& is
contain dots or colons (that is, are not IP addresses), the value of
&%daemon_smtp_ports%& is replaced by the list of those items. If there are any
items that do contain dots or colons, the value of &%local_interfaces%& is
reversed and looked up in the reverse DNS, as described in more detail in
section &<<SECTverifyCSA>>&.
reversed and looked up in the reverse DNS, as described in more detail in
section &<<SECTverifyCSA>>&.
.option dns_cname_loops main integer 1
.cindex DNS "CNAME following"
This option controls the following of CNAME chains, needed if the resolver does
.option dns_cname_loops main integer 1
.cindex DNS "CNAME following"
This option controls the following of CNAME chains, needed if the resolver does
The default value of one CNAME-follow is needed
thanks to the observed return for an MX request,
given no MX presence but a CNAME to an A, of the CNAME.
The default value of one CNAME-follow is needed
thanks to the observed return for an MX request,
given no MX presence but a CNAME to an A, of the CNAME.
option in the relevant &(smtp)& transport.
&*Note*&: If you use filenames based on IP addresses, change the list
option in the relevant &(smtp)& transport.
&*Note*&: If you use filenames based on IP addresses, change the list
&*Note*&: Under versions of OpenSSL preceding 1.1.1,
when a list of more than one
&*Note*&: Under versions of OpenSSL preceding 1.1.1,
when a list of more than one
.cindex "fallback" "hosts specified on router"
String expansion is not applied to this option. The argument must be a
colon-separated list of host names or IP addresses. The list separator can be
.cindex "fallback" "hosts specified on router"
String expansion is not applied to this option. The argument must be a
colon-separated list of host names or IP addresses. The list separator can be
each name or address. In fact, the format of each item is exactly the same as
defined for the list of hosts in a &(manualroute)& router (see section
&<<SECTformatonehostitem>>&).
each name or address. In fact, the format of each item is exactly the same as
defined for the list of hosts in a &(manualroute)& router (see section
&<<SECTformatonehostitem>>&).
.cindex "header lines" "adding"
.cindex "router" "adding header lines"
This option specifies a list of text headers,
.cindex "header lines" "adding"
.cindex "router" "adding header lines"
This option specifies a list of text headers,
that is associated with any addresses that are accepted by the router.
Each item is separately expanded, at routing time. However, this
option has no effect when an address is just being verified. The way in which
that is associated with any addresses that are accepted by the router.
Each item is separately expanded, at routing time. However, this
option has no effect when an address is just being verified. The way in which
.cindex "header lines" "removing"
.cindex "router" "removing header lines"
This option specifies a list of text headers,
.cindex "header lines" "removing"
.cindex "router" "removing header lines"
This option specifies a list of text headers,
that is associated with any addresses that are accepted by the router.
Each item is separately expanded, at routing time. However, this
option has no effect when an address is just being verified. The way in which
that is associated with any addresses that are accepted by the router.
Each item is separately expanded, at routing time. However, this
option has no effect when an address is just being verified. The way in which
through the &%require_files%& list, expanding each item separately.
Because the list is split before expansion, any colons in expansion items must
through the &%require_files%& list, expanding each item separately.
Because the list is split before expansion, any colons in expansion items must
If any expansion is forced to fail, the item is ignored. Other expansion
failures cause routing of the address to be deferred.
If any expansion is forced to fail, the item is ignored. Other expansion
failures cause routing of the address to be deferred.
If the list is written with spaces, it must be protected with quotes.
The format of each item
in the list is described in the next section. The list separator can be changed
If the list is written with spaces, it must be protected with quotes.
The format of each item
in the list is described in the next section. The list separator can be changed
If the list of hosts was obtained from a &%route_list%& item, the following
variables are set during its expansion:
If the list of hosts was obtained from a &%route_list%& item, the following
variables are set during its expansion:
.cindex "header lines" "adding in transport"
.cindex "transport" "header lines; adding"
This option specifies a list of text headers,
.cindex "header lines" "adding in transport"
.cindex "transport" "header lines; adding"
This option specifies a list of text headers,
which are (separately) expanded and added to the header
portion of a message as it is transported, as described in section
&<<SECTheadersaddrem>>&. Additional header lines can also be specified by
which are (separately) expanded and added to the header
portion of a message as it is transported, as described in section
&<<SECTheadersaddrem>>&. Additional header lines can also be specified by
.cindex "header lines" "removing"
.cindex "transport" "header lines; removing"
This option specifies a list of header names,
.cindex "header lines" "removing"
.cindex "transport" "header lines; removing"
This option specifies a list of header names,
these headers are omitted from the message as it is transported, as described
in section &<<SECTheadersaddrem>>&. Header removal can also be specified by
routers.
these headers are omitted from the message as it is transported, as described
in section &<<SECTheadersaddrem>>&. Header removal can also be specified by
routers.
.cindex "filter" "transport filter"
.vindex "&$pipe_addresses$&"
Special handling takes place when an argument consists of precisely the text
.cindex "filter" "transport filter"
.vindex "&$pipe_addresses$&"
Special handling takes place when an argument consists of precisely the text
place this string is recognized is when it appears as an argument for a pipe or
transport filter command. It causes each address that is being handled to be
inserted in the argument list at that point &'as a separate argument'&. This
place this string is recognized is when it appears as an argument for a pipe or
transport filter command. It causes each address that is being handled to be
inserted in the argument list at that point &'as a separate argument'&. This
during the expansion of the string. Forced expansion failure, or an empty
string result causes the option to be ignored. Otherwise, after expansion, the
string must be a list of IP addresses, colon-separated by default, but the
during the expansion of the string. Forced expansion failure, or an empty
string result causes the option to be ignored. Otherwise, after expansion, the
string must be a list of IP addresses, colon-separated by default, but the
Note that at least one Linux distribution has been seen failing
to put &"smtps"& in its &"/etc/services"& file, resulting is such deferrals.
Note that at least one Linux distribution has been seen failing
to put &"smtps"& in its &"/etc/services"& file, resulting is such deferrals.
If this option is set to &"smtps"&, the default value for the &%port%& option
changes to &"smtps"&, and the transport initiates TLS immediately after
connecting, as an outbound SSL-on-connect, instead of using STARTTLS to upgrade.
If this option is set to &"smtps"&, the default value for the &%port%& option
changes to &"smtps"&, and the transport initiates TLS immediately after
connecting, as an outbound SSL-on-connect, instead of using STARTTLS to upgrade.
The Internet standards bodies used to strongly discourage use of this mode,
but as of RFC 8314 it is perferred over STARTTLS for message submission
(as distinct from MTA-MTA communication).
The Internet standards bodies used to strongly discourage use of this mode,
but as of RFC 8314 it is perferred over STARTTLS for message submission
(as distinct from MTA-MTA communication).
If both this option and &%tls_try_verify_hosts%& are unset
operation is as if this option selected all hosts.
If both this option and &%tls_try_verify_hosts%& are unset
operation is as if this option selected all hosts.
.option utf8_downconvert smtp integer!! unset
.cindex utf8 "address downconversion"
.cindex i18n "utf8 address downconversion"
.option utf8_downconvert smtp integer!! unset
.cindex utf8 "address downconversion"
.cindex i18n "utf8 address downconversion"
this option controls conversion of UTF-8 in message addresses
to a-label form.
For details see section &<<SECTi18nMTA>>&.
this option controls conversion of UTF-8 in message addresses
to a-label form.
For details see section &<<SECTi18nMTA>>&.
.oindex "&%tls_require_ciphers%&" "OpenSSL"
There is a function in the OpenSSL library that can be passed a list of cipher
suites before the cipher negotiation takes place. This specifies which ciphers
.oindex "&%tls_require_ciphers%&" "OpenSSL"
There is a function in the OpenSSL library that can be passed a list of cipher
suites before the cipher negotiation takes place. This specifies which ciphers
The list is colon separated and may contain names like
DES-CBC3-SHA. Exim passes the expanded value of &%tls_require_ciphers%&
directly to this function call.
The list is colon separated and may contain names like
DES-CBC3-SHA. Exim passes the expanded value of &%tls_require_ciphers%&
directly to this function call.
For TLS version 1.3 the control available is less fine-grained
and Exim does not provide access to it at present.
The value of the &%tls_require_ciphers%& option is ignored when
For TLS version 1.3 the control available is less fine-grained
and Exim does not provide access to it at present.
The value of the &%tls_require_ciphers%& option is ignored when
Our recommendation is to use DANE with a certificate from a public CA,
because this enables a variety of strategies for remote clients to verify
your certificate.
Our recommendation is to use DANE with a certificate from a public CA,
because this enables a variety of strategies for remote clients to verify
your certificate.
If you're not already using a private CA, or it doesn't meet these
requirements, then we encourage you to avoid all these issues and use a public
CA such as &url(https://letsencrypt.org/,Let's Encrypt) instead.
If you're not already using a private CA, or it doesn't meet these
requirements, then we encourage you to avoid all these issues and use a public
CA such as &url(https://letsencrypt.org/,Let's Encrypt) instead.
The Certificate issued by the CA published in the DANE-TA model should be
issued using a strong hash algorithm.
Exim, and importantly various other MTAs sending to you, will not
The Certificate issued by the CA published in the DANE-TA model should be
issued using a strong hash algorithm.
Exim, and importantly various other MTAs sending to you, will not
libraries.
This means no MD5 and no SHA-1. SHA2-256 is the minimum for reliable
interoperability (and probably the maximum too, in 2018).
libraries.
This means no MD5 and no SHA-1. SHA2-256 is the minimum for reliable
interoperability (and probably the maximum too, in 2018).
The use of OCSP-stapling should be considered, allowing for fast revocation of certificates (which would otherwise
be limited by the DNS TTL on the TLSA records). However, this is likely to only be usable with DANE-TA. NOTE: the
The use of OCSP-stapling should be considered, allowing for fast revocation of certificates (which would otherwise
be limited by the DNS TTL on the TLSA records). However, this is likely to only be usable with DANE-TA. NOTE: the
The &%leaky%& (default) option means that the client's recorded rate is not
updated if it is above the limit. The effect of this is that Exim measures the
client's average rate of successfully sent email,
The &%leaky%& (default) option means that the client's recorded rate is not
updated if it is above the limit. The effect of this is that Exim measures the
client's average rate of successfully sent email,
up to the given limit.
This is appropriate if the countermeasure when the condition is true
consists of refusing the message, and
is generally the better choice if you have clients that retry automatically.
If the action when true is anything more complex then this option is
likely not what is wanted.
up to the given limit.
This is appropriate if the countermeasure when the condition is true
consists of refusing the message, and
is generally the better choice if you have clients that retry automatically.
If the action when true is anything more complex then this option is
likely not what is wanted.
The &%strict%& option means that the client's recorded rate is always
updated. The effect of this is that Exim measures the client's average rate
The &%strict%& option means that the client's recorded rate is always
updated. The effect of this is that Exim measures the client's average rate
The main use of these variables is expected to be to distinguish between
rejections of MAIL and rejections of RCPT in callouts.
The main use of these variables is expected to be to distinguish between
rejections of MAIL and rejections of RCPT in callouts.
The above variables may also be set after a &*successful*&
address verification to:
.ilist
&%random%&: A random local-part callout succeeded
.endlist
The above variables may also be set after a &*successful*&
address verification to:
.ilist
&%random%&: A random local-part callout succeeded
.endlist
condition succeeds if a virus is found and its name matches the regular
expression. This allows you to take special actions on certain types of virus.
Note that &"/"& characters in the RE must be doubled due to the list-processing,
condition succeeds if a virus is found and its name matches the regular
expression. This allows you to take special actions on certain types of virus.
Note that &"/"& characters in the RE must be doubled due to the list-processing,
you must set the &%spamd_address%& option in the global part of the Exim
configuration as follows (example):
.code
you must set the &%spamd_address%& option in the global part of the Exim
configuration as follows (example):
.code
.endd
The SpamAssassin protocol relies on a TCP half-close from the client.
If your SpamAssassin client side is running a Linux system with an
.endd
The SpamAssassin protocol relies on a TCP half-close from the client.
If your SpamAssassin client side is running a Linux system with an
You can have multiple &%spamd%& servers to improve scalability. These can
reside on other hardware reachable over the network. To specify multiple
&%spamd%& servers, put multiple address/port pairs in the &%spamd_address%&
You can have multiple &%spamd%& servers to improve scalability. These can
reside on other hardware reachable over the network. To specify multiple
&%spamd%& servers, put multiple address/port pairs in the &%spamd_address%&
Unix and TCP socket specifications may be mixed in any order.
Each element of the list is a list itself, space-separated by default
Unix and TCP socket specifications may be mixed in any order.
Each element of the list is a list itself, space-separated by default
For TCP socket specifications a host name or IP (v4 or v6, but
subject to list-separator quoting rules) address can be used,
For TCP socket specifications a host name or IP (v4 or v6, but
subject to list-separator quoting rules) address can be used,
.cindex "&[local_scan()]& function" "building Exim to use"
To make use of the local scan function feature, you must tell Exim where your
function is before building Exim, by setting
.cindex "&[local_scan()]& function" "building Exim to use"
To make use of the local scan function feature, you must tell Exim where your
function is before building Exim, by setting
LOCAL_SCAN_SOURCE in your
&_Local/Makefile_&. A recommended place to put it is in the &_Local_&
directory, so you might set
LOCAL_SCAN_SOURCE in your
&_Local/Makefile_&. A recommended place to put it is in the &_Local_&
directory, so you might set
&%pid%&: The current process id is added to every log line, in square brackets,
immediately after the time and date.
.next
&%pid%&: The current process id is added to every log line, in square brackets,
immediately after the time and date.
.next
is insurance against disk crashes where the directory is lost but the files
themselves are recoverable.
is insurance against disk crashes where the directory is lost but the files
themselves are recoverable.
The file formats may be changed, or new formats added, at any release.
Spool files are not intended as an interface to other programs
and should not be used as such.
The file formats may be changed, or new formats added, at any release.
Spool files are not intended as an interface to other programs
and should not be used as such.
Some people are tempted into editing -D files in order to modify messages. You
need to be extremely careful if you do this; it is not recommended and you are
Some people are tempted into editing -D files in order to modify messages. You
need to be extremely careful if you do this; it is not recommended and you are
.option dkim_timestamps smtp integer&!! unset
This option controls the inclusion of timestamp information in the signature.
If not set, no such information will be included.
.option dkim_timestamps smtp integer&!! unset
This option controls the inclusion of timestamp information in the signature.
If not set, no such information will be included.
Verification of DKIM signatures in SMTP incoming email is done for all
messages for which an ACL control &%dkim_disable_verify%& has not been set.
.cindex authentication "expansion item"
Performing verification sets up information used by the
&$authresults$& expansion item.
Verification of DKIM signatures in SMTP incoming email is done for all
messages for which an ACL control &%dkim_disable_verify%& has not been set.
.cindex authentication "expansion item"
Performing verification sets up information used by the
&$authresults$& expansion item.
-.new The results of that verification are then made available to the
-&%acl_smtp_dkim%& ACL, &new(which can examine and modify them).
+The results of that verification are then made available to the
+&%acl_smtp_dkim%& ACL, which can examine and modify them.
By default, this ACL is called once for each
syntactically(!) correct signature in the incoming message.
A missing ACL definition defaults to accept.
By default, this ACL is called once for each
syntactically(!) correct signature in the incoming message.
A missing ACL definition defaults to accept.
If a cutthrough delivery was in progress for the message, that is
summarily dropped (having wasted the transmission effort).
If a cutthrough delivery was in progress for the message, that is
summarily dropped (having wasted the transmission effort).
a large number of expansion variables
containing the signature status and its details are set up during the
runtime of the ACL.
a large number of expansion variables
containing the signature status and its details are set up during the
runtime of the ACL.
The number of signed body bytes. If zero ("0"), the body is unsigned. If no
limit was set by the signer, "9999999999999" is returned. This makes sure
that this variable always expands to an integer value.
The number of signed body bytes. If zero ("0"), the body is unsigned. If no
limit was set by the signer, "9999999999999" is returned. This makes sure
that this variable always expands to an integer value.
&*Note:*& The presence of the signature tag specifying a signing body length
is one possible route to spoofing of valid DKIM signatures.
A paranoid implementation might wish to regard signature where this variable
shows less than the "no limit" return as being invalid.
&*Note:*& The presence of the signature tag specifying a signing body length
is one possible route to spoofing of valid DKIM signatures.
A paranoid implementation might wish to regard signature where this variable
shows less than the "no limit" return as being invalid.
The smtp transport has an option &%utf8_downconvert%&.
If set it must expand to one of the three values described above,
and it overrides any previously set value.
The smtp transport has an option &%utf8_downconvert%&.
If set it must expand to one of the three values described above,
and it overrides any previously set value.