X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/1c8faf8da3c98415164241b701202f3f62099e0d..5c161fa615ab4a2d40170fedd71d1b9a7f079ff6:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 7f9f42630..34b36ca9f 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1394,9 +1394,22 @@ Again, cutthrough delivery counts as a verification. .next Individual routers can be explicitly skipped when running the routers to check an address given in the SMTP EXPN command (see the &%expn%& option). + .next If the &%domains%& option is set, the domain of the address must be in the set of domains that it defines. +.new +.cindex "tainted data" "de-tainting" +A match verifies the variable &$domain$& (which carries tainted data) +and assigns an untainted value to the &$domain_data$& variable. +Such an untainted value is often needed in the transport. +For specifics of the matching operation and the resulting untainted value, +refer to section &<>&. + +When an untainted value is wanted, use this option +rather than the generic &%condition%& option. +.wen + .next .vindex "&$local_part_prefix$&" .vindex "&$local_part_prefix_v$&" @@ -1405,13 +1418,26 @@ of domains that it defines. .vindex "&$local_part_suffix_v$&" .cindex affix "router precondition" If the &%local_parts%& option is set, the local part of the address must be in -the set of local parts that it defines. If &%local_part_prefix%& or +the set of local parts that it defines. +.new +A match verifies the variable &$local_part$& (which carries tainted data) +and assigns an untainted value to the &$local_part_data$& variable. +Such an untainted value is often needed in the transport. +For specifics of the matching operation and the resulting untainted value, +refer to section &<>&. + +When an untainted value is wanted, use this option +rather than the generic &%condition%& option. +.wen + +If &%local_part_prefix%& or &%local_part_suffix%& is in use, the prefix or suffix is removed from the local part before this check. If you want to do precondition tests on local parts that include affixes, you can do so by using a &%condition%& option (see below) that uses the variables &$local_part$&, &$local_part_prefix$&, &$local_part_prefix_v$&, &$local_part_suffix$& and &$local_part_suffix_v$& as necessary. + .next .vindex "&$local_user_uid$&" .vindex "&$local_user_gid$&" @@ -1421,23 +1447,37 @@ an account on the local host. If this check succeeds, the uid and gid of the local user are placed in &$local_user_uid$& and &$local_user_gid$& and the user's home directory is placed in &$home$&; these values can be used in the remaining preconditions. + .next If the &%router_home_directory%& option is set, it is expanded at this point, because it overrides the value of &$home$&. If this expansion were left till later, the value of &$home$& as set by &%check_local_user%& would be used in subsequent tests. Having two different values of &$home$& in the same router could lead to confusion. + .next If the &%senders%& option is set, the envelope sender address must be in the set of addresses that it defines. + .next If the &%require_files%& option is set, the existence or non-existence of specified files is tested. + .next .cindex "customizing" "precondition" If the &%condition%& option is set, it is evaluated and tested. This option uses an expanded string to allow you to set up your own custom preconditions. Expanded strings are described in chapter &<>&. + +.new +Note that while using +this option for address matching technically works, +it does not set any de-tainted values. +Such values are often needed, either for router-specific options or +for transport options. +Using the &%domains%& and &%local_parts%& options is usually the most +convenient way to obtain them. +.wen .endlist @@ -8428,7 +8468,10 @@ will store a result in the &$host_data$& variable. A &%local_parts%& router option or &%local_parts%& ACL condition will store a result in the &$local_part_data$& variable. .vitem domains +.new A &%domains%& router option or &%domains%& ACL condition +will store a result in the &$domain_data$& variable +.wen .vitem senders A &%senders%& router option or &%senders%& ACL condition will store a result in the &$sender_data$& variable. @@ -9513,7 +9556,9 @@ reasons, .cindex "tainted data" definition .cindex expansion "tainted data" and expansion of data deriving from the sender (&"tainted data"&) -is not permitted. +.new +is not permitted (including acessing a file using a tainted name). +.wen .new Common ways of obtaining untainted equivalents of variables with @@ -10102,7 +10147,7 @@ newline at the very end. For the &%header%& and &%bheader%& expansion, for those headers that contain lists of addresses, a comma is also inserted at the junctions between headers. This does not happen for the &%rheader%& expansion. -.cindex "tainted data" +.cindex "tainted data" "message headers" When the headers are from an incoming message, the result of expanding any of these variables is tainted. @@ -14048,6 +14093,10 @@ taint mode of the Perl interpreter. You are encouraged to set this option to a true value. To avoid breaking existing installations, it defaults to false. +.new +&*Note*&: This is entirely separate from Exim's tainted-data tracking. +.wen + .section "Calling Perl subroutines" "SECID86" When the configuration file includes a &%perl_startup%& option you can make use @@ -18960,7 +19009,8 @@ This applies to all of the SRV, MX, AAAA, A lookup sequence. If this option is set, the router is skipped unless the current domain matches the list. If the match is achieved by means of a file lookup, the data that the lookup returned for the domain is placed in &$domain_data$& for use in string -expansions of the driver's private options. See section &<>& for +expansions of the driver's private options and in the transport. +See section &<>& for a list of the order in which preconditions are evaluated. @@ -19323,12 +19373,13 @@ section &<>& for a discussion of local part lists. Because the string is expanded, it is possible to make it depend on the domain, for example: .code -local_parts = dbm;/usr/local/specials/$domain +local_parts = dbm;/usr/local/specials/$domain_data .endd .vindex "&$local_part_data$&" If the match is achieved by a lookup, the data that the lookup returned for the local part is placed in the variable &$local_part_data$& for use in -expansions of the router's private options. You might use this option, for +expansions of the router's private options or in the transport. +You might use this option, for example, if you have a large number of local virtual domains, and you want to send all postmaster mail to the same place without having to set up an alias in each virtual domain: @@ -25477,9 +25528,12 @@ incoming messages, use an appropriate ACL. .cindex "authentication" "optional in client" This option provides a list of servers to which, provided they announce authentication support, Exim will attempt to authenticate as a client when it -connects. If authentication fails, Exim will try to transfer the message -unauthenticated. See also &%hosts_require_auth%&, and chapter -&<>& for details of authentication. +connects. If authentication fails +.new +and &%hosts_require_auth%& permits, +.wen +Exim will try to transfer the message unauthenticated. +See also chapter &<>& for details of authentication. .option hosts_try_chunking smtp "host list&!!" * .cindex CHUNKING "enabling, in client" @@ -38614,6 +38668,7 @@ routing email addresses, but it does apply to &"byname"& lookups. client's ident port times out. .next .cindex "log" "incoming interface" +.cindex "log" "outgoing interface" .cindex "log" "local interface" .cindex "log" "local address and port" .cindex "TCP/IP" "logging local address and port" @@ -38622,7 +38677,10 @@ client's ident port times out. to the &"<="& line as an IP address in square brackets, tagged by I= and followed by a colon and the port number. The local interface and port are also added to other SMTP log lines, for example, &"SMTP connection from"&, to -rejection lines, and (despite the name) to outgoing &"=>"& and &"->"& lines. +rejection lines, and (despite the name) to outgoing +.new +&"=>"&, &"->"&, &"=="& and &"**"& lines. +.wen The latter can be disabled by turning off the &%outgoing_interface%& option. .next .cindex log "incoming proxy address"