.new
.cindex debugging "UTF-8 in"
.cindex UTF-8 "in debug output"
-The &`noutf8`& selector disables the use of
+The &`noutf8`& selector disables the use of
UTF-8 line-drawing characters to group related information.
When disabled. ascii-art is used instead.
Using the &`+all`& option does not set this modifier,
&*Warning*&: Unlike most other single-key lookup types, a file of data for
&((n)wildlsearch)& can &'not'& be turned into a DBM or cdb file, because those
lookup types support only literal keys.
+
+.next
+.cindex "lookup" "spf"
+If Exim is built with SPF support, manual lookups can be done
+(as opposed to the standard ACL condition method.
+For details see section &<<SECSPF>>&.
.endlist ilist
.vitem &*$rheader_*&<&'header&~name'&>&*:*&&~or&~&*$rh_*&<&'header&~name'&>&*:*&
This item inserts &"raw"& header lines. It is described with the &%header%&
-expansion item above.
+expansion item in section &<<SECTexpansionitems>>& above.
.vitem "&*${run{*&<&'command'&>&*&~*&<&'args'&>&*}{*&<&'string1'&>&*}&&&
{*&<&'string2'&>&*}}*&"
the value of &$authenticated_id$& is normally the login name of the calling
process. However, a trusted user can override this by means of the &%-oMai%&
command line option.
-This second case also sets up inforamtion used by the
+This second case also sets up information used by the
&$authresults$& expansion item.
.vitem &$authenticated_fail_id$&
inserting the message header line with the given name. Note that the name must
be terminated by colon or white space, because it may contain a wide variety of
characters. Note also that braces must &'not'& be used.
+See the full description in section &<<SECTexpansionitems>>& above.
.vitem &$headers_added$&
.vindex "&$headers_added$&"
A list of hosts, whether obtained via &%route_data%& or &%route_list%&, is
always separately expanded before use. If the expansion fails, the router
declines. The result of the expansion must be a colon-separated list of names
-and/or IP addresses, optionally also including ports. The format of each item
+and/or IP addresses, optionally also including ports.
+If the list is written with spaces, it must be protected with quotes.
+The format of each item
in the list is described in the next section. The list separator can be changed
as described in section &<<SECTlistconstruct>>&.
.option delay_after_cutoff smtp boolean true
+.cindex "final cutoff" "retries, controlling"
+.cindex retry "final cutoff"
This option controls what happens when all remote IP addresses for a given
domain have been inaccessible for so long that they have passed their retry
cutoff times.
If the value of this option begins with a digit it is taken as a port number;
otherwise it is looked up using &[getservbyname()]&. The default value is
-normally &"smtp"&, but if &%protocol%& is set to &"lmtp"&, the default is
-&"lmtp"&. If the expansion fails, or if a port number cannot be found, delivery
+normally &"smtp"&,
+but if &%protocol%& is set to &"lmtp"& the default is &"lmtp"&
+and if &%protocol%& is set to &"smtps"& the default is &"smtps"&.
+If the expansion fails, or if a port number cannot be found, delivery
is deferred.
+.new
+Note that at least one Linux distribution has been seen failing
+to put &"smtps"& in its &"/etc/services"& file, resulting is such deferrals.
+.wen
+
.option protocol smtp string smtp
If this option is set to &"smtps"&, the default value for the &%port%& option
changes to &"smtps"&, and the transport initiates TLS immediately after
connecting, as an outbound SSL-on-connect, instead of using STARTTLS to upgrade.
-The Internet standards bodies strongly discourage use of this mode.
+.new
+The Internet standards bodies used to strongly discourage use of this mode,
+but as of RFC 8314 it is perferred over STARTTLS for message submission
+(as distinct from MTA-MTA communication).
+.wen
.option retry_include_ip_address smtp boolean&!! true
messages. If this delivery fails, the address fails immediately. The
post-cutoff retry time is not used.
+.cindex "final cutoff" "retries, controlling"
+.cindex retry "final cutoff"
If the delivery is remote, there are two possibilities, controlled by the
.oindex "&%delay_after_cutoff%&"
&%delay_after_cutoff%& option of the &(smtp)& transport. The option is true by
-default. Until the post-cutoff retry time for one of the IP addresses is
+default. Until the post-cutoff retry time for one of the IP addresses,
+as set by the &%retry_data_expire%& option, is
reached, the failing email address is bounced immediately, without a delivery
attempt taking place. After that time, one new delivery attempt is made to
those IP addresses that are past their retry times, and if that still fails,
.option server_set_id authenticators string&!! unset
.vindex "&$authenticated_id$&"
+.vindex "&$authenticated_fail_id$&"
When an Exim server successfully authenticates a client, this string is
expanded using data from the authentication, and preserved for any incoming
messages in the variable &$authenticated_id$&. It is also included in the log
lines for incoming messages. For example, a user/password authenticator
configuration might preserve the user name that was used to authenticate, and
refer to it subsequently during delivery of the message.
+On a failing authentication the expansion result is instead saved in
+the &$authenticated_fail_id$& variable.
If expansion fails, the option is ignored.
made that any particular new authentication mechanism will be supported
without code changes in Exim.
+Exim's &(gsasl)& authenticator does not have client-side support at this
+time; only the server-side support is implemented. Patches welcome.
+
.option server_channelbinding gsasl boolean false
Do not set this true without consulting a cryptographic engineer.
&%pipelining%&: A field is added to delivery and accept
log lines when the ESMTP PIPELINING extension was used.
The field is a single "L".
+
On accept lines, where PIPELINING was offered but not used by the client,
the field has a minus appended.
.next
git://git.exim.org / exim.git / blobdiff