dependencies.
.new
Any combination of lookup types can be built this way.
-All of the lookup modules found as an Exim process starts will be loaded.
+Lookup types that provide several variants will be loaded as
+Exim starts.
+Types that provide only one method are not loaded until used by
+the runtime configuration.
.wen
For building
colon in the example above are necessary. If they were not there, the list would
be interpreted as the two items 127.0.0.1:: and 1.
-.section "Changing list separators" "SECTlistsepchange"
+.subsection "Changing list separators" "SECTlistsepchange"
.cindex "list separator" "changing"
.cindex "IPv6" "addresses in lists"
Doubling colons in IPv6 addresses is an unwelcome chore, so a mechanism was
-.section "Empty items in lists" "SECTempitelis"
+.subsection "Empty items in lists" "SECTempitelis"
.cindex "list" "empty item in"
An empty item at the end of a list is always ignored. In other words, trailing
separator characters are ignored. Thus, the list in
.vitem &*${srs_encode&~{*&<&'secret'&>&*}{*&<&'return&~path'&>&*}{*&<&'original&~domain'&>&*}}*&
-SRS encoding. See SECT &<<SECTSRS>>& for details.
+SRS encoding. See section &<<SECTSRS>>& for details.
the operation and configuration of DKIM, see section &<<SECDKIM>>&.
-.vitem &*control&~=&~dmarc_disable_verify*&
+.vitem &*control&~=&~dmarc_disable_verify*& &&&
+ &*control&~=&~dmarc_enable_forensic*&
.cindex "disable DMARC verify"
-.cindex "DMARC" "disable verify"
-This control turns off DMARC verification processing entirely. For details on
+.cindex DMARC "disable verify"
+.cindex DMARC controls
+.cindex DMARC "forensic mails"
+These control affect DMARC processing. For details on
the operation and configuration of DMARC, see section &<<SECDMARC>>&.
+The &"disable"& turns off DMARC verification processing entirely.
+
.vitem &*control&~=&~dscp/*&<&'value'&>
.cindex "&ACL;" "setting DSCP value"
.next
A queue runner process retains root privilege throughout its execution. Its
job is to fork a controlled sequence of delivery processes.
+
.next
-A delivery process retains root privilege throughout most of its execution,
-but any actual deliveries (that is, the transports themselves) are run in
-subprocesses which always change to a non-root uid and gid. For local
-deliveries this is typically the uid and gid of the owner of the mailbox; for
-remote deliveries, the Exim uid and gid are used. Once all the delivery
+A delivery process retains root privilege throughout most of its execution.,
+including while the recipient addresses in a message are being routed.
+
+.ilist
+However, if a user's filter file has to be processed,
+this is done in a subprocess that runs under the individual user's uid and
+gid. A system filter is run as root unless &%system_filter_user%& is set.
+.endlist
+
+Any actual deliveries (that is, the transports themselves) are run in
+subprocesses which always change to a non-root uid and gid.
+.ilist
+For local
+deliveries this is typically the uid and gid of the owner of the mailbox.
+.next
+For remote deliveries, the Exim uid and gid are used.
+.endlist
+
+Once all the delivery
subprocesses have been run, a delivery process changes to the Exim uid and gid
while doing post-delivery tidying up such as updating the retry database and
generating bounce and warning messages.
-While the recipient addresses in a message are being routed, the delivery
-process runs as root. However, if a user's filter file has to be processed,
-this is done in a subprocess that runs under the individual user's uid and
-gid. A system filter is run as root unless &%system_filter_user%& is set.
.next
A process that is testing addresses (the &%-bt%& option) runs as root so that
the routing is done in the same environment as a message delivery.
openssl genrsa -out dkim_rsa.private 2048
openssl rsa -in dkim_rsa.private -out /dev/stdout -pubout -outform PEM
.endd
-The result file from the first command should be retained, and
-this option set to use it.
+The result file from the first command should be retained,
+permissions set so that Exim can read it,
+and this option set to use it.
Take the base-64 lines from the output of the second command, concatenated,
for the DNS TXT record.
See section 3.6 of RFC6376 for the record specification.
SPF verification support is built into Exim if SUPPORT_SPF=yes is set in
&_Local/Makefile_&. The support uses the &_libspf2_& library
&url(https://www.libspf2.org/).
+.new
+.cindex "dynamic modules"
+The support can be built as a dynamic-load module if desired;
+see the comments in that Makefile.
+.wen
+
There is no Exim involvement in the transmission of messages;
publishing certain DNS records is all that is required.
git://git.exim.org / exim.git / blobdiff