add_header = :at_start:${authresults {<admd-identifier>}}
Note that it would be wise to strip incoming messages of A-R headers
- that claim to be from our own <admd-identifier>.
+ that claim to be from our own <admd-identifier>. Eg:
+
+ remove_header = \N^(?i)Authentication-Results\s*::\s*example.org;\N
There are four new variables:
Logging protocol unusual states
---------------------------------------------------------------
An extra log_selector, "protocol_detail" has been added in the default build.
-The name may change in future, hence the Experimenal status.
+The name may change in future, hence the Experimental status.
Currrently the only effect is to enable logging, under TLS,
of a TCP RST received directly after a QUIT (in server mode).
-Limits ESMTP extension
+XCLIENT proxy support
---------------------------------------------------------------
-Per https://datatracker.ietf.org/doc/html/draft-freed-smtp-limits-01
-
-If compiled with EXPERIMENTAL_ESMTP_LIMITS=yes :-
-
-As a server, Exim will advertise, in the EHLO response, the limit for RCPT
-commands set by the recipients_max main-section config option (if it is set),
-and the limit for MAIL commands set by the smtp_accept_max_per_connection
-option.
-
-Note that as of writing, smtp_accept_max_per_connection is expanded but
-recipients_max is not.
-
-A new main-section option "limits_advertise_hosts" controls whether
-the limits are advertised; the default for the option is "*".
-
-As a client, Exim will:
-
- - note an advertised MAILMAX; the lower of the value given and the
- value from the transport connection_max_messages option is used.
-
- - note an advertised RCPTMAX; the lower of the
- value given and the value from the transport max_rcpt option is used.
- Parallisation of transactions is not done if due to a RCPTMAX, unlike
- max_rcpt.
-
- - note an advertised RCPTDOMAINMAX, and behave as if the transport
- multi_domains option was set to false. The value advertised is ignored.
-
-Values advertised are only noted for TLS connections and ones for which
-the server does not advertise TLS support.
-
+Per https://www.postfix.org/XCLIENT_README.html
+
+XCLIENT is an ESMTP extension supporting an inbound proxy.
+The only client immplementation known is in Nginx
+(https://nginx.org/en/docs/mail/ngx_mail_proxy_module.html)
+
+If compiled with EXPERIMENTAL_XCLIENT=yes :-
+
+As a server, Exim will advertise XCLIENT support (conditional on a new option
+"hosts_xclient") and service XCLIENT commands with parameters
+ ADDR
+ NAME
+ PORT
+ LOGIN
+ DESTADDR
+ DESTPORT
+A fresh HELO/EHLO is required after a succesful XCLIENT, and the usual
+values are derived from that (making the HELO and PROTO paramemters redundant).
+
+An XCLIENT command must give both ADDR and PORT parameters if no previous
+XCLIENT has succeeded in the SMTP session.
+
+After a success:
+ $proxy_session variable becomes "yes"
+ $proxy_local_address, $proxy_local_port have the proxy "inside" values
+ $proxy_external_address, $proxy_external_port have the proxy "outside" values
+ $sender_host_address, $sender_host_port have the remot client values
--------------------------------------------------------------
End of file