&(pgsql)&: The format of the query is an SQL statement that is passed to a
PostgreSQL database. See section &<<SECTsql>>&.
+.next
+.new
+.cindex "Redis lookup type"
+.cindex lookup Redis
+&(redis)&: The format of the query is an SQL statement that is passed to a
+Redis database. See section &<<SECTsql>>&.
+.wen
+
.next
.cindex "sqlite lookup type"
.cindex "lookup" "sqlite"
.cindex "lookup" "Oracle"
.cindex "InterBase lookup type"
.cindex "lookup" "InterBase"
-Exim can support lookups in InterBase, MySQL, Oracle, PostgreSQL, and SQLite
+.cindex "Redis lookup type"
+.cindex lookup Redis
+Exim can support lookups in InterBase, MySQL, Oracle, PostgreSQL, Redis,
+and SQLite
databases. Queries for these databases contain SQL statements, so an example
might be
.code
with a newline between the data for each row.
-.section "More about MySQL, PostgreSQL, Oracle, and InterBase" "SECID72"
+.section "More about MySQL, PostgreSQL, Oracle, InterBase, and Redis" "SECID72"
.cindex "MySQL" "lookup type"
.cindex "PostgreSQL lookup type"
.cindex "lookup" "MySQL"
.cindex "lookup" "Oracle"
.cindex "InterBase lookup type"
.cindex "lookup" "InterBase"
-If any MySQL, PostgreSQL, Oracle, or InterBase lookups are used, the
-&%mysql_servers%&, &%pgsql_servers%&, &%oracle_servers%&, or &%ibase_servers%&
+.cindex "Redis lookup type"
+.cindex lookup Redis
+If any MySQL, PostgreSQL, Oracle, InterBase or Redis lookups are used, the
+&%mysql_servers%&, &%pgsql_servers%&, &%oracle_servers%&, &%ibase_servers%&,
+or &%redis_servers%&
option (as appropriate) must be set to a colon-separated list of server
information.
-(For MySQL and PostgreSQL only, the global option need not be set if all
+(For MySQL and PostgreSQL, the global option need not be set if all
queries contain their own server information &-- see section
-&<<SECTspeserque>>&.) Each item in the list is a slash-separated list of four
+&<<SECTspeserque>>&.)
+For all but Redis
+each item in the list is a slash-separated list of four
items: host name, database name, user name, and password. In the case of
Oracle, the host name field is used for the &"service name"&, and the database
name field is not used and should be empty. For example:
found, but that is still a successful query. In other words, the list of
servers provides a backup facility, not a list of different places to look.
+.new
+For Redis the global option need not be specified if all queries contain their
+own server information &-- see section &<<SECTspeserque>>&.
+If specified, the option must be set to a colon-separated list of server
+information.
+Each item in the list is a slash-separated list of three items:
+host, database number, and password.
+.olist
+The host is required and may be either an IPv4 address and optional
+port number (separated by a colon, which needs doubling due to the
+higher-level list), or a Unix socket pathname enclosed in parentheses
+.next
+The database number is optional; if present that number is selected in the backend
+.next
+The password is optional; if present it is used to authenticate to the backend
+.endlist
+.wen
+
.new
The &%quote_mysql%&, &%quote_pgsql%&, and &%quote_oracle%& expansion operators
convert newline, tab, carriage return, and backspace to \n, \t, \r, and \b
respectively, and the characters single-quote, double-quote, and backslash
itself are escaped with backslashes.
+
+The &%quote_redis%& expansion operator
+escapes whitespace and backslash characters with a backslash.
.wen
.section "Specifying the server in the query" "SECTspeserque"
-For MySQL and PostgreSQL lookups (but not currently for Oracle and InterBase),
+For MySQL, PostgreSQL and Redis lookups (but not currently for Oracle and InterBase),
it is possible to specify a list of servers with an individual query. This is
done by starting the query with
.display
condition = ${if >{$acl_m4}{3}}
.endd
+
+
+.new
+.vitem &*${imapfolder{*&<&'foldername'&>&*}}*&
+.cindex expansion "imap folder"
+.cindex "&%imapfolder%& expansion item"
+This item converts a (possibly multilevel, or with non-ASCII characters)
+folder specification to a Maildir name for filesystem use.
+For information on internationalisation support see &<<SECTi18nMDA>>&.
+.wen
+
+
+
.vitem &*${length{*&<&'string1'&>&*}{*&<&'string2'&>&*}}*&
.cindex "expansion" "string truncation"
.cindex "&%length%& expansion item"
.cindex "expansion" "utf-8 forcing"
.cindex "&%utf8clean%& expansion item"
This replaces any invalid utf-8 sequence in the string by the character &`?`&.
+
+.new
+.vitem "&*${utf8_domain_to_alabel:*&<&'string'&>&*}*&" &&&
+ "&*${utf8_domain_from_alabel:*&<&'string'&>&*}*&" &&&
+ "&*${utf8_localpart_to_alabel:*&<&'string'&>&*}*&" &&&
+ "&*${utf8_localpart_from_alabel:*&<&'string'&>&*}*&"
+.cindex expansion UTF-8
+.cindex UTF-8 expansion
+.cindex EAI
+.cindex internationalisation
+.cindex "&%utf8_domain_to_alabel%& expansion item"
+.cindex "&%utf8_domain_from_alabel%& expansion item"
+.cindex "&%utf8_localpart_to_alabel%& expansion item"
+.cindex "&%utf8_localpart_from_alabel%& expansion item"
+These convert EAI mail name components between UTF-8 and a-label forms.
+For information on internationalisation support see &<<SECTi18nMTA>>&.
+.wen
.endlist
qualified host name. See also &$smtp_active_hostname$&.
+.new
+.vitem &$proxy_host_address$& &&&
+ &$proxy_host_port$& &&&
+ &$proxy_target_address$& &&&
+ &$proxy_target_port$& &&&
+ &$proxy_session$&
+These variables are only available when built with Proxy Protocol
+or Socks5 support
+For details see chapter &<<SECTproxyInbound>>&.
+.wen
+
.new
.vitem &$prdr_requested$&
.cindex "PRDR" "variable for"
.section "Logging" "SECID99"
.table2
+.row &%event_action%& "custom logging"
.row &%hosts_connection_nolog%& "exemption from connect logging"
.row &%log_file_path%& "override compiled-in value"
.row &%log_selector%& "set/unset optional logging"
.row &%helo_verify_hosts%& "HELO hard-checked for these hosts"
.row &%host_lookup%& "host name looked up for these hosts"
.row &%host_lookup_order%& "order of DNS and local name lookups"
+.row &%hosts_proxy%& "use proxy protocol for these hosts"
.row &%host_reject_connection%& "reject connection from these hosts"
.row &%hosts_treat_as_local%& "useful in some cluster configurations"
.row &%local_scan_timeout%& "timeout for &[local_scan()]&"
.row &%ignore_fromline_local%& "allow &""From ""& from local SMTP"
.row &%pipelining_advertise_hosts%& "advertise pipelining to these hosts"
.row &%prdr_enable%& "advertise PRDR to all hosts"
+.row &%smtputf8_advertise_hosts%& "advertise SMTPUTF8 to these hosts"
.row &%tls_advertise_hosts%& "advertise TLS to these hosts"
.endtable
not used.
+.new
+.option event_action main string&!! unset
+.cindex events
+This option declares a string to be expanded for Exim's events mechanism.
+For details see &<<CHAPevents>>&.
+.wen
+
+
.option exim_group main string "compile-time configured"
.cindex "gid (group id)" "Exim's own"
.cindex "Exim group"
+.new
+.option hosts_proxy main "host list&!!" unset
+.cindex proxy "proxy protocol"
+This option enables use of Proxy Protocol proxies for incoming
+connections. For details see &<<SECTproxyInbound>>&.
+.wen
+
+
.option hosts_treat_as_local main "domain list&!!" unset
.cindex "local host" "domains treated as"
.cindex "host" "treated as local"
550 failing address in "From" header is: <user@dom.ain
.endd
+
+.new
+.option smtputf8_advertise_hosts main "host list&!!" *
+.cindex "SMTPUTF8" "advertising"
+When Exim is built with support for internationalised mail names,
+the availability therof is advertised in
+response to EHLO only to those client hosts that match this option. See
+chapter &<<CHAPi18n>>& for details of Exim's support for internationalisation.
+.wen
+
+
.option spamd_address main string "see below"
This option is available when Exim is compiled with the content-scanning
extension. It specifies how Exim connects to SpamAssassin's &%spamd%& daemon.
resent to other recipients.
+.option event_action transports string&!! unset
+.cindex events
+This option declares a string to be expanded for Exim's events mechanism.
+For details see &<<CHAPevents>>&.
+.wen
+
+
.option group transports string&!! "Exim group"
.cindex "transport" "group; specifying"
This option specifies a gid for running the transport process, overriding any
&*Note:*& This control applies only to the current message, not to any others
that are being submitted at the same time using &%-bs%& or &%-bS%&.
+
+.new
+.vitem &*control&~=&~utf8_downconvert*&
+This control enables conversion of UTF-8 in message addresses
+to a-label form.
+For details see &<<SECTi18nMTA>>&.
+.wen
.endlist vlist
session was encrypted, there is an additional X field that records the cipher
suite that was used.
+.cindex log protocol
The protocol is set to &"esmtpsa"& or &"esmtpa"& for messages received from
hosts that have authenticated themselves using the SMTP AUTH command. The first
value is used when the SMTP connection was encrypted (&"secure"&). In this case
&`id `& message id for incoming message
&`P `& on &`<=`& lines: protocol used
&` `& on &`=>`& and &`**`& lines: return path
+&`PRX `& on &'<='& and&`=>`& lines: proxy address
&`QT `& on &`=>`& lines: time spent on queue so far
&` `& on &"Completed"& lines: time spent on queue
&`R `& on &`<=`& lines: reference for local bounce
&` queue_time `& time on queue for one recipient
&` queue_time_overall `& time on queue for whole message
&` pid `& Exim process id
+.new
+&` proxy `& proxy address on <= and => lines
+.wen
&` received_recipients `& recipients on <= lines
&` received_sender `& sender on <= lines
&`*rejected_header `& header contents on reject log
The latter can be disabled by turning off the &%outgoing_interface%& option.
.wen
.next
+.new
+.cindex log "incoming proxy address"
+.cindex proxy "logging proxy address"
+.cindex "TCP/IP" "logging proxy address"
+&%proxy%&: The internal (closest to the system running Exim) IP address
+of the proxy, tagged by PRX=, on the &"<="& line for a message accepted
+on a proxied connection
+or the &"=>"& line for a message delivered on a proxied connection..
+See &<<SECTproxyInbound>>& for more information.
+.wen
+.next
.cindex "log" "incoming remote port"
.cindex "port" "logging remote"
.cindex "TCP/IP" "logging incoming remote port"
DKIM is documented in RFC 4871.
Since version 4.70, DKIM support is compiled into Exim by default. It can be
-disabled by setting DISABLE_DKIM=yes in Local/Makefile.
+disabled by setting DISABLE_DKIM=yes in &_Local/Makefile_&.
Exim's DKIM implementation allows to
.olist
A proxy is an intermediate system through which communication is passed.
Proxies may provide a security, availability or load-distribution function.
+
+.section "Inbound proxies" SECTproxyInbound
+.cindex proxy inbound
+.cindex proxy "server side"
+.cindex proxy "Proxy protocol"
+.cindex "Proxy protocol" proxy
+
+Exim has support for receiving inbound SMTP connections via a proxy
+that uses &"Proxy Protocol"& to speak to it.
+To include this support, include &"SUPPORT_PROXY=yes"&
+in Local/Makefile.
+
+It was built on specifications from:
+http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
+That URL was revised in May 2014 to version 2 spec:
+http://git.1wt.eu/web?p=haproxy.git;a=commitdiff;h=afb768340c9d7e50d8e
+
+The purpose of this facility is so that an application load balancer,
+such as HAProxy, can sit in front of several Exim servers
+to distribute load.
+Exim uses the local protocol communication with the proxy to obtain
+the remote SMTP system IP address and port information.
+There is no logging if a host passes or
+fails Proxy Protocol negotiation, but it can easily be determined and
+recorded in an ACL (example is below).
+
+Use of a proxy is enabled by setting the &%hosts_proxy%&
+main configuration option to a hostlist; connections from these
+hosts will use Proxy Protocol.
+
+The following expansion variables are usable
+(&"internal"& and &"external"& here refer to the interfaces
+of the proxy):
+.display
+&'proxy_host_address '& internal IP address of the proxy
+&'proxy_host_port '& internal TCP port of the proxy
+&'proxy_target_address '& external IP address of the proxy
+&'proxy_target_port '& external TCP port of the proxy
+&'proxy_session '& boolean: SMTP connection via proxy
+.endd
+If &$proxy_session$& is set but &$proxy_host_address$& is empty
+there was a protocol error.
+
+Since the real connections are all coming from the proxy, and the
+per host connection tracking is done before Proxy Protocol is
+evaluated, &%smtp_accept_max_per_host%& must be set high enough to
+handle all of the parallel volume you expect per inbound proxy.
+With the option set so high, you lose the ability
+to protect your server from many connections from one IP.
+In order to prevent your server from overload, you
+need to add a per connection ratelimit to your connect ACL.
+A possible solution is:
+.display
+ # Set max number of connections per host
+ LIMIT = 5
+ # Or do some kind of IP lookup in a flat file or database
+ # LIMIT = ${lookup{$sender_host_address}iplsearch{/etc/exim/proxy_limits}}
+
+ defer message = Too many connections from this IP right now
+ ratelimit = LIMIT / 5s / per_conn / strict
+.endd
+
+
+
.section "Outbound proxies" SECTproxySOCKS
.cindex proxy outbound
.cindex proxy "client side"
The support can be optionally included by defining SUPPORT_SOCKS=yes in
Local/Makefile.
-Use of a proxy is enabled by setting the &%socks_proxy%& on an smtp transport.
+Use of a proxy is enabled by setting the &%socks_proxy%& option
+on an smtp transport.
The option value is expanded and should then be a list
(colon-separated by default) of proxy specifiers.
Each proxy specifier is a list
Options are a string <name>=<value>.
The list of options is in the following table:
.display
-&`auth `& authentication method
-&`name `& authentication username
-&`pass `& authentication password
-&`port `& tcp port
-&`tmo `& connection timeout
-&`pri `& priority
-&`weight `& selection bias
+&'auth '& authentication method
+&'name '& authentication username
+&'pass '& authentication password
+&'port '& tcp port
+&'tmo '& connection timeout
+&'pri '& priority
+&'weight '& selection bias
.endd
More details on each of these options follows:
Proxies from the list are tried according to their priority
and weight settings until one responds. The timeout for the
overall connection applies to the set of proxied attempts.
+
+.section Logging SECTproxyLog
+To log the (local) IP of a proxy in the incoming or delivery logline,
+add &"+proxy"& to the &%log_selector%& option.
+This will add a component tagged with &"PRX="& to the line.
+.wen
+
+. ////////////////////////////////////////////////////////////////////////////
+. ////////////////////////////////////////////////////////////////////////////
+
+.chapter "Internationalisation" "CHAPi18n" &&&
+ "Internationalisation""
+.cindex internationalisation "email address"
+.cindex EAI
+.cindex i18n
+.cindex UTF-8 "mail name handling"
+
+.new
+Exim has support for Internationalised mail names.
+To include this it must be built with SUPPORT_I18N and the libidn library.
+Standards supported are RFCs 2060, 5890, 6530 and 6533.
+
+.section "MTA operations" SECTi18nMTA
+.cindex SMTPUTF8 "ESMTP option"
+The main configuration option &%smtputf8_advertise_hosts%& specifies
+a host list. If this matches the sending host and
+accept_8bitmime is true (the default) then the ESMTP option
+SMTPUTF8 will be advertised.
+
+If the sender specifies the SMTPUTF8 option on a MAIL command
+international handling for the message is enabled and
+the expansion variable &$message_smtputf8$& will have value TRUE.
+
+The option &%allow_utf8_domains%& is set to true for this
+message. All DNS lookups are converted to a-label form
+whatever the setting of &%allow_utf8_domains%&
+when Exim is built with SUPPORT_I18N.
+
+Both localparts and domain are maintained as the original
+UTF-8 form internally; any comparison or regular-expression use will
+require appropriate care. Filenames created, eg. by
+the appendfile transport, will have UTF-8 names.
+
+Helo names sent by the smtp transport will have any UTF-8
+components expanded to a-label form,
+and any certificate name checks will be done using the a-label
+form of the name.
+
+.cindex log protocol
+.cindex SMTPUTF8 logging
+Log lines and Received-by: header lines will acquire a "utf8"
+prefix on the protocol element, eg. utf8esmtp.
+
+The following expansion operator can be used:
+.code
+${utf8_domain_to_alabel:str}
+${utf8_domain_from_alabel:str}
+${utf8_localpart_to_alabel:str}
+${utf8_localpart_from_alabel:str}
+.endd
+
+ACLs may use the following modifier:
+.display
+control = utf8_downconvert
+control = utf8_downconvert/<value>
+.endd
+This sets a flag requiring that addresses are converted to
+a-label form before smtp delivery, for use in a
+Message Submission Agent context.
+If a value is appended it may be:
+.display
+&`1 `& (default) mandatory downconversion
+&`0 `& no downconversion
+&`-1 `& if SMTPUTF8 not supported by destination host
+.endd
+
+If mua_wrapper is set, the utf8_downconvert control
+is initially set to -1.
+
+
+There is no explicit support for VRFY and EXPN.
+Configurations supporting these should inspect
+&$smtp_command_argument$& for an SMTPUTF8 argument.
+
+There is no support for LMTP on Unix sockets.
+Using the "lmtp" protocol option on an smtp transport,
+for LMTP over TCP, should work as expected.
+
+There is no support for DSN unitext handling,
+and no provision for converting logging from or to UTF-8.
+
+
+
+.section "MDA operations" SECTi18nMDA
+To aid in constructing names suitable for IMAP folders
+the following expansion operator can be used:
+.code
+${imapfolder {<string>} {<sep>} {<specials>}}
+.endd
+
+The string is converted from the charset specified by
+the "headers charset" command (in a filter file)
+or &%headers_charset%& main configuration option (otherwise),
+to the
+modified UTF-7 encoding specified by RFC 2060,
+with the following exception: All occurences of <sep>
+(which has to be a single character)
+are replaced with periods ("."), and all periods and slashes that are not
+<sep> and are not in the <specials> string are BASE64 encoded.
+
+The third argument can be omitted, defaulting to an empty string.
+The second argument can be omitted, defaulting to "/".
+
+This is the encoding used by Courier for Maildir names on disk, and followed
+by many other IMAP servers.
+
+Examples:
+.display
+&`${imapfolder {Foo/Bar}} `& yields &`Foo.Bar`&
+&`${imapfolder {Foo/Bar}{.}{/}} `& yields &`Foo&&AC8-Bar`&
+&`${imapfolder {Räksmörgås}} `& yields &`R&&AOQ-ksm&&APY-rg&&AOU-s`&
+.endd
+
+Note that the source charset setting is vital, and also that characters
+must be representable in UTF-16.
+
+.wen
+
+. ////////////////////////////////////////////////////////////////////////////
+. ////////////////////////////////////////////////////////////////////////////
+
+.chapter "Events" "CHAPevents" &&&
+ "Events"
+.cindex events
+
+.new
+The events mechanism in Exim can be used to intercept processing at a number
+of points. It was originally invented to giave a way to do customised logging
+actions (for example, to a database) but can also be used to modify some
+processing actions.
+
+Most installations will never need to use Events.
+The support can be left out of a build by defining DISABLE_EVENT=yes
+in &_Local/Makefile_&.
+
+There are two major classes of events: main and transport.
+The main configuration option &%event_action%& controls reception events;
+a transport option &%event_action%& controls delivery events.
+
+Both options are a string which is expanded when the event fires.
+An example might look like:
+.cindex logging custom
+.code
+event_action = ${if eq {msg:delivery}{$event_name} \
+{${lookup pgsql {SELECT * FROM record_Delivery( \
+ '${quote_pgsql:$sender_address_domain}',\
+ '${quote_pgsql:${lc:$sender_address_local_part}}', \
+ '${quote_pgsql:$domain}', \
+ '${quote_pgsql:${lc:$local_part}}', \
+ '${quote_pgsql:$host_address}', \
+ '${quote_pgsql:${lc:$host}}', \
+ '${quote_pgsql:$message_exim_id}')}} \
+} {}}
+.endd
+
+Events have names which correspond to the point in process at which they fire.
+The name is placed in the variable &$event_name$& and the event action
+expansion must check this, as it will be called for every possible event type.
+
+The current list of events is:
+.display
+&`msg:complete after main `& per message
+&`msg:delivery after transport `& per recipient
+&`msg:rcpt:host:defer after transport `& per recipient per host
+&`msg:rcpt:defer after transport `& per recipient
+&`msg:host:defer after transport `& per attempt
+&`msg:fail:delivery after main `& per recipient
+&`msg:fail:internal after main `& per recipient
+&`tcp:connect before transport `& per connection
+&`tcp:close after transport `& per connection
+&`tls:cert before both `& per certificate in verification chain
+&`smtp:connect after transport `& per connection
+.endd
+New event types may be added in future.
+
+The event name is a colon-separated list, defining the type of
+event in a tree of possibilities. It may be used as a list
+or just matched on as a whole. There will be no spaces in the name.
+
+The second column in the table above describes whether the event fires
+before or after the action is associates with. Those which fire before
+can be used to affect that action (more on this below).
+
+An additional variable, &$event_data$&, is filled with information varying
+with the event type:
+.display
+&`msg:delivery `& smtp confirmation mssage
+&`msg:rcpt:host:defer `& error string
+&`msg:rcpt:defer `& error string
+&`msg:host:defer `& error string
+&`tls:cert `& verification chain depth
+&`smtp:connect `& smtp banner
+.endd
+
+The :defer events populate one extra variable: &$event_defer_errno$&.
+
+For complex operations an ACL expansion can be used in &%event_action%&
+however due to the multiple contextx that Exim operates in during
+the course of its processing:
+.ilist
+variables set in transport events will not be visible outside that
+transport call
+.next
+acl_m variables in a server context are lost on a new connection,
+and after smtp helo/ehlo/mail/starttls/rset commands
+.endlist
+Using an ACL expansion with the logwrite modifier can be
+a useful way of writing to the main log.
+
+The expansion of the event_action option should normally
+return an empty string. Should it return anything else the
+following will be forced:
+.display
+&`msg:delivery `& (ignored)
+&`msg:host:defer `& (ignored)
+&`msg:fail:delivery`& (ignored)
+&`tcp:connect `& do not connect
+&`tcp:close `& (ignored)
+&`tls:cert `& refuse verification
+&`smtp:connect `& close connection
+.endd
+No other use is made of the result string.
+
+For a tcp:connect event, if the connection is being made to a proxy
+then the address and port variables will be that of the proxy and not
+the target system.
+
+For tls:cert events, if GnuTLS is in use this will trigger only per
+chain element received on the connection.
+For OpenSSL it will trigger for every chain element including those
+loaded locally.
.wen
. ////////////////////////////////////////////////////////////////////////////