Any unused are made empty. The variable &$acl_narg$& is set to the number of
arguments. The named ACL (see chapter &<<CHAPACL>>&) is called
and may use the variables; if another acl expansion is used the values
-are overwritten. If the ACL sets
+are restored after it returns. If the ACL sets
a value using a "message =" modifier and returns accept or deny, the value becomes
the result of the expansion.
-If no message was set and the ACL returned accept or deny
-the value is an empty string.
-If the ACL returned defer the result is a forced-fail. Otherwise the expansion fails.
+If no message is set and the ACL returns accept or deny
+the expansion result is an empty string.
+If the ACL returns defer the result is a forced-fail. Otherwise the expansion fails.
.vitem "&*${dlfunc{*&<&'file'&>&*}{*&<&'function'&>&*}{*&<&'arg'&>&*}&&&
for DNS. For example,
.code
${reverse_ip:192.0.2.4}
-${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.3}
+${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.127}
.endd
returns
.code
4.2.0.192
-3.0.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2
+f.7.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2
.endd
Any unused are made empty. The variable &$acl_narg$& is set to the number of
arguments. The named ACL (see chapter &<<CHAPACL>>&) is called
and may use the variables; if another acl expansion is used the values
-are overwritten. If the ACL sets
+are restored after it returns. If the ACL sets
a value using a "message =" modifier the variable $value becomes
the result of the expansion, otherwise it is empty.
If the ACL returns accept the condition is true; if deny, false.
be terminated by colon or white space, because it may contain a wide variety of
characters. Note also that braces must &'not'& be used.
+.vitem &$headers_added$&
+.vindex "&$headers_added$&"
+Within an ACL this variable contains the headers added so far by
+the ACL modifier add_header (section &<<SECTaddheadacl>>&).
+The headers are a newline-separated list.
+
.vitem &$home$&
.vindex "&$home$&"
When the &%check_local_user%& option is set for a router, the user's home
.option accept_8bitmime main boolean true
.cindex "8BITMIME"
.cindex "8-bit characters"
+.cindex "log" "selectors"
+.cindex "log" "8BITMIME"
This option causes Exim to send 8BITMIME in its response to an SMTP
EHLO command, and to accept the BODY= parameter on MAIL commands.
However, though Exim is 8-bit clean, it is not a protocol converter, and it
&url(http://cr.yp.to/smtp/8bitmime.html)
.endd
+To log received 8BITMIME status use
+.code
+log_selector = +8bitmime
+.endd
+
.option acl_not_smtp main string&!! unset
.cindex "&ACL;" "for non-SMTP messages"
.cindex "non-SMTP messages" "ACLs for"
.endd
+.option client_set_id authenticators string&!! unset
+When client authentication succeeds, this condition is expanded; the
+result is used in the log lines for outbound messasges.
+Typically it will be the user name used for authentication.
+
+
.option driver authenticators string unset
This option must always be set. It specifies which of the available
authenticators is to be used.
and try again later, but that is their problem, though it does waste some of
your resources.
+The &%acl_smtp_data%& ACL is run after both the &%acl_smtp_dkim%& and
+the &%acl_smtp_mime%& ACLs.
+
.section "The SMTP DKIM ACL" "SECTDKIMACL"
The &%acl_smtp_dkim%& ACL is available only when Exim is compiled with DKIM support
received, and is executed for each DKIM signature found in a message. If not
otherwise specified, the default action is to accept.
-For details on the operation of DKIM, see chapter &<<CHID12>>&.
+This ACL is evaluated before &%acl_smtp_mime%& and &%acl_smtp_data%&.
+
+For details on the operation of DKIM, see chapter &<<CHAPdkim>>&.
.section "The SMTP MIME ACL" "SECID194"
The &%acl_smtp_mime%& option is available only when Exim is compiled with the
content-scanning extension. For details, see chapter &<<CHAPexiscan>>&.
+This ACL is evaluated after &%acl_smtp_dkim%& but before &%acl_smtp_data%&.
+
.section "The QUIT ACL" "SECTQUITACL"
.cindex "QUIT, ACL for"
.cindex "disable DKIM verify"
.cindex "DKIM" "disable verify"
This control turns off DKIM verification processing entirely. For details on
-the operation and configuration of DKIM, see chapter &<<CHID12>>&.
+the operation and configuration of DKIM, see chapter &<<CHAPdkim>>&.
.wen
are included in the entry that is written to the reject log.
.cindex "header lines" "added; visibility of"
-Header lines are not visible in string expansions until they are added to the
+Header lines are not visible in string expansions
+of message headers
+until they are added to the
message. It follows that header lines defined in the MAIL, RCPT, and predata
ACLs are not visible until the DATA ACL and MIME ACLs are run. Similarly,
header lines that are added by the DATA or MIME ACLs are not visible in those
this, you can use ACL variables, as described in section
&<<SECTaclvariables>>&.
+The list of headers yet to be added is given by the &%$headers_added%& variable.
+
The &%add_header%& modifier acts immediately as it is encountered during the
processing of an ACL. Notice the difference between these two cases:
.display
ceases, but processing of the ACL continues.
If the argument is a named ACL, up to nine space-separated optional values
-can be appended; they appear in $acl_arg1 to $acl_arg9, and $acl_narg is set
-to the count of values. The name and values are expanded separately.
+can be appended; they appear within the called ACL in $acl_arg1 to $acl_arg9,
+and $acl_narg is set to the count of values.
+Previous values of these variables are restored after the call returns.
+The name and values are expanded separately.
If the nested &%acl%& returns &"drop"& and the outer condition denies access,
the connection is dropped. If it returns &"discard"&, the verb must be
last of these is given in parentheses after the final address. The R and T
fields record the router and transport that were used to process the address.
+If SMTP AUTH was used for the delivery there is an additional item A=
+followed by the name of the authenticator that was used.
+If an authenticated identification was set up by the authenticator's &%client_set_id%&
+option, this is logged too, separated by a colon from the authenticator name.
+
If a shadow transport was run after a successful local delivery, the log line
for the successful delivery has an item added on the end, of the form
.display
A summary of the field identifiers that are used in log lines is shown in
the following table:
.display
-&`A `& authenticator name (and optional id)
+&`A `& authenticator name (and optional id and sender)
&`C `& SMTP confirmation on delivery
&` `& command list for &"no mail in SMTP session"&
&`CV `& certificate verification status
The list of optional log items is in the following table, with the default
selection marked by asterisks:
.display
+&` 8bitmime `& received 8BITMIME status
&`*acl_warn_skipped `& skipped &%warn%& statement in ACL
&` address_rewrite `& address rewriting
&` all_parents `& all parents in => lines
&`*smtp_confirmation `& SMTP confirmation on => lines
&` smtp_connection `& SMTP connections
&` smtp_incomplete_transaction`& incomplete SMTP transactions
+&` smtp_mailauth `& AUTH argument to MAIL commands
&` smtp_no_mail `& session with no MAIL commands
&` smtp_protocol_error `& SMTP protocol errors
&` smtp_syntax_error `& SMTP syntax errors
More details on each of these items follows:
.ilist
+.cindex "8BITMIME"
+.cindex "log" "8BITMIME"
+&%8bitmime%&: This causes Exim to log any 8BITMIME status of received messages,
+which may help in tracking down interoperability issues with ancient MTAs
+that are not 8bit clean. This is added to the &"<="& line, tagged with
+&`M8S=`& and a value of &`0`&, &`7`& or &`8`&, corresponding to "not given",
+&`7BIT`& and &`8BITMIME`& respectively.
+.next
.cindex "&%warn%& ACL verb" "log when skipping"
&%acl_warn_skipped%&: When an ACL &%warn%& statement is skipped because one of
its conditions cannot be evaluated, a log line to this effect is written if
setting of 10 for &%smtp_accep_max_nonmail%&, the connection will in any case
have been aborted before 20 non-mail commands are processed.
.next
+&%smtp_mailauth%&: A third subfield with the authenticated sender,
+colon-separated, is appended to the A= item for a message arrival or delivery
+log line, if an AUTH argument to the SMTP MAIL command (see &<<SECTauthparamail>>&)
+was accepted or used.
+.next
.cindex "log" "SMTP protocol error"
.cindex "SMTP" "logging protocol error"
&%smtp_protocol_error%&: A log line is written for every SMTP protocol error
. ////////////////////////////////////////////////////////////////////////////
. ////////////////////////////////////////////////////////////////////////////
-.chapter "Support for DKIM (DomainKeys Identified Mail)" "CHID12" &&&
+.chapter "Support for DKIM (DomainKeys Identified Mail)" "CHAPdkim" &&&
"DKIM Support"
.cindex "DKIM"
git://git.exim.org / exim.git / blobdiff