The &'query-style'& type accepts a generalized database query. No particular
key value is assumed by Exim for query-style lookups. You can use whichever
Exim variables you need to construct the database query.
+.cindex "tainted data" "quoting for lookups"
+.new
+If tainted data is used in the query then it should be quuted by
+using the &*${quote_*&<&'lookup-type'&>&*:*&<&'string'&>&*}*& expansion operator
+appropriate for the lookup.
+.wen
.endlist
The code for each lookup type is in a separate source file that is included in
notation before executing the lookup.)
One option is supported, "ret=full", to request the return of the entire line
-rather than omitting the key porttion.
+rather than omitting the key portion.
Note however that the key portion will have been de-quoted.
.next
This item inserts &"raw"& header lines. It is described with the &%header%&
expansion item in section &<<SECTexpansionitems>>& above.
-.vitem "&*${run{*&<&'command'&>&*&~*&<&'args'&>&*}{*&<&'string1'&>&*}&&&
+.vitem "&*${run <&'options'&> {*&<&'command&~arg&~list'&>&*}{*&<&'string1'&>&*}&&&
{*&<&'string2'&>&*}}*&"
.cindex "expansion" "running a command"
.cindex "&%run%& expansion item"
-The command and its arguments are first expanded as one string. The string is
-split apart into individual arguments by spaces, and then the command is run
+This item runs an external command, as a subprocess.
+.new
+One option is supported after the word &'run'&, comma-separated.
+
+If the option &'preexpand'& is not used,
+the command string is split into individual arguments by spaces
+and then each argument is expanded.
+Then the command is run
in a separate process, but under the same uid and gid. As in other command
executions from Exim, a shell is not used by default. If the command requires
a shell, you must explicitly code it.
+The command name may not be tainted, but the remaining arguments can be.
+If the option &'preexpand'& is used,
+.wen
+the command and its arguments are first expanded as one string. The result is
+split apart into individual arguments by spaces, and then the command is run
+as above.
Since the arguments are split by spaces, when there is a variable expansion
which has an empty result, it will cause the situation that the argument will
simply be omitted when the program is actually executed by Exim. If the
around the command arguments. A possible guard against this is to wrap the
variable in the &%sg%& operator to change any quote marks to some other
character.
+.new
+Neither the command nor any argument may be tainted.
+.wen
The standard input for the command exists, but is empty. The standard output
and standard error are set to the same file descriptor.
${if forany{fOo:NeeDLE:bAr}{eqi{$item}{Needle}}}
.endd
+.new
+The variable &$value$& will be set for a successful match and can be
+used in the success clause of an &%if%& expansion item using the condition.
+.cindex "tainted data" "de-tainting"
+It will have the same taint status as the list; expansions such as
+.code
+${if inlist {$h_mycode:} {0 : 1 : 42} {$value}}
+.endd
+can be used for de-tainting.
+Any previous &$value$& is restored after the if.
+.wen
+
+
.vitem &*isip&~{*&<&'string'&>&*}*& &&&
&*isip4&~{*&<&'string'&>&*}*& &&&
&*isip6&~{*&<&'string'&>&*}*&
have their local parts matched casefully. Domains are always matched
caselessly.
+.new
+The variable &$value$& will be set for a successful match and can be
+used in the success clause of an &%if%& expansion item using the condition.
+.cindex "tainted data" "de-tainting"
+It will have the same taint status as the list; expansions such as
+.code
+${if match_local_part {$local_part} {alice : bill : charlotte : dave} {$value}}
+.endd
+can be used for de-tainting.
+Any previous &$value$& is restored after the if.
+.wen
+
Note that <&'string2'&> is not itself subject to string expansion, unless
Exim was built with the EXPAND_LISTMATCH_RHS option.
that is used for &%helo_data%& to be obtained by a DNS lookup of the outgoing
interface address, you could use this:
.code
-helo_data = ${lookup dnsdb{ptr=$sending_ip_address}{$value}\
+helo_data = ${lookup dnsdb{ptr=$sending_ip_address} \
+ {${listextract{1}{<\n $value}}} \
{$primary_hostname}}
.endd
The use of &%helo_data%& applies both to sending messages and when doing
See also the &%pipelining_connect_advertise_hosts%& main option.
Note:
-When the facility is used, the transport &%helo_data%& option
+.new
+When the facility is used, if the transport &%interface%& option is unset
+the &%helo_data%& option
+.wen
will be expanded before the &$sending_ip_address$& variable
is filled in.
A check is made for the use of that variable, without the
only point of caution. The &$tls_out_sni$& variable will be set to this string
for the lifetime of the client connection (including during authentication).
+.new
If DANE validated the connection attempt then the value of the &%tls_sni%& option
-is forced to the domain part of the recipient address.
+is forced to the name of the destination host, after any MX- or CNAME-folowing.
+.wen
Except during SMTP client sessions, if &$tls_in_sni$& is set then it is a string
received from a client.
.code
exim -bp
.endd
-The &*-C*& option is used to specify an alternate &_exim.conf_& which might
-contain alternate exim configuration the queue management might be using.
-
to obtain a queue listing, and then greps the output to select messages
that match given criteria. The following selection options are available:
Include delivered recipients in queue listing.
.endlist
+The following options give alternates for configuration:
+
+.vlist
+.vitem &*-C*&&~<&'config&~file'&>
+is used to specify an alternate &_exim.conf_& which might
+contain alternate exim configuration the queue management might be using.
+
+.vitem &*-E*&&~<&'path'&>
+can be used to specify a path for the exim binary,
+overriding the built-in one.
+.endlist
+
There is one more option, &%-h%&, which outputs a list of options.
+.new
+At least one selection option, or either the &*-c*& or &*-h*& option, must be given.
+.wen
start of the epoch. The second number is a count of the number of messages
warning of delayed delivery that have been sent to the sender.
-There follow a number of lines starting with a hyphen. These can appear in any
-order, and are omitted when not relevant:
+.new
+There follow a number of lines starting with a hyphen.
+These contain variables, can appear in any
+order, and are omitted when not relevant.
+
+If there is a second hyphen after the first,
+the corresponding data is tainted.
+If there is a value in parentheses, the data is quoted for a lookup.
+
+The following word specifies a variable,
+and the remainder of the item depends on the variable.
+.wen
.vlist
.vitem "&%-acl%&&~<&'number'&>&~<&'length'&>"
certificate.
.endlist
-Any of the above may have an extra hyphen prepended, to indicate the the
-corresponding data is untrusted.
-
Following the options there is a list of those addresses to which the message
is not to be delivered. This set of addresses is initialized from the command
line when the &%-t%& option is used and &%extract_addresses_remove_arguments%&
git://git.exim.org / exim.git / blobdiff