X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/47aaa9d6df68458c03a9fa65c6f2fd2bdee898f9..0725fcc5aa930ce1d9f5e9d37639b2728d9cc260:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 0f46896e9..f1940bb1e 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -52,7 +52,7 @@ .set I "    " .macro copyyear -2019 +2020 .endmacro . ///////////////////////////////////////////////////////////////////////////// @@ -3910,7 +3910,7 @@ messages through the same SMTP connection. .oindex "&%-MCS%&" This option is not intended for use by external callers. It is used internally by Exim in conjunction with the &%-MC%& option, and passes on the fact that the -SMTP SIZE option should be used on messages delivered down the existing +ESMTP SIZE option should be used on messages delivered down the existing connection. .vitem &%-MCT%& @@ -6381,7 +6381,7 @@ All other options are defaulted. .code local_delivery: driver = appendfile - file = /var/mail/$local_part_verified + file = /var/mail/$local_part_data delivery_date_add envelope_to_add return_path_add @@ -6394,7 +6394,7 @@ traditional BSD mailbox format. .new We prefer to avoid using &$local_part$& directly to define the mailbox filename, as it is provided by a potential bad actor. -Instead we use &$local_part_verified$&, +Instead we use &$local_part_data$&, the result of looking up &$local_part$& in the user database (done by using &%check_local_user%& in the the router). .wen @@ -6641,6 +6641,8 @@ file that is searched could contain lines like this: .endd When the lookup succeeds, the result of the expansion is a list of domains (and possibly other types of item that are allowed in domain lists). +.cindex "tainted data" "de-tainting" +The result of the expansion is not tainted. In the second example, the lookup is a single item in a domain list. It causes Exim to use a lookup to see if the domain that is being processed can be found @@ -6853,7 +6855,7 @@ If a selector is numeric, it must apply to a JSON array; the (zero-based) nunbered array element is selected. Otherwise it must apply to a JSON object; the named element is selected. The final resulting element can be a simple JSON type or a JSON object -or array; for the latter two a string-representation os the JSON +or array; for the latter two a string-representation of the JSON is returned. For elements of type string, the returned value is de-quoted. .next @@ -6977,9 +6979,10 @@ be followed by optional colons. lookup types support only literal keys. .next +.cindex "spf lookup type" .cindex "lookup" "spf" -If Exim is built with SPF support, manual lookups can be done -(as opposed to the standard ACL condition method. +&(spf)&: If Exim is built with SPF support, manual lookups can be done +(as opposed to the standard ACL condition method). For details see section &<>&. .endlist ilist @@ -8120,7 +8123,7 @@ daemon as in the other SQL databases. .new .oindex &%sqlite_dbfile%& -The preferred way of specifying the file is by using the +The preferred way of specifying the file is by using the &%sqlite_dbfile%& option, set to an absolute path. .wen @@ -8334,6 +8337,35 @@ in the previous section. You could also use the &(wildlsearch)& or +.new +.section "Results of list checking" SECTlistresults +The primary result of doing a list check is a truth value. +In some contexts additional information is stored +about the list element that matched: +.vlist +.vitem hosts +A &%hosts%& ACL condition +will store a result in the &$host_data$& variable. +.vitem local_parts +A &%local_parts%& router option or &%local_parts%& ACL condition +will store a result in the &$local_part_data$& variable. +.vitem domains +A &%domains%& router option or &%domains%& ACL condition +.vitem senders +A &%senders%& router option or &%senders%& ACL condition +will store a result in the &$sender_data$& variable. +.vitem recipients +A &%recipients%& ACL condition +will store a result in the &$recipient_data$& variable. +.endlist + +The detail of the additional information depends on the +type of match and is given below as the &*value*& information. +.wen + + + + .section "Named lists" "SECTnamedlists" .cindex "named lists" .cindex "list" "named" @@ -8496,6 +8528,12 @@ If a pattern consists of a single @ character, it matches the local host name, as set by the &%primary_hostname%& option (or defaulted). This makes it possible to use the same configuration file on several different hosts that differ only in their names. + +.new +The value for a match will be the primary host name. +.wen + + .next .cindex "@[] in a domain list" .cindex "domain list" "matching local IP interfaces" @@ -8505,7 +8543,14 @@ in square brackets (as in an email address that contains a domain literal), but only if that IP address is recognized as local for email routing purposes. The &%local_interfaces%& and &%extra_local_interfaces%& options can be used to control which of a host's several IP addresses are treated as local. -In today's Internet, the use of domain literals is controversial. +In today's Internet, the use of domain literals is controversial; +see the &%allow_domain_literals%& main option. + +.new +The value for a match will be the string &`@[]`&. +.wen + + .next .cindex "@mx_any" .cindex "@mx_primary" @@ -8554,6 +8599,11 @@ involved, it is easiest to change the delimiter for the main list as well: domains = >&) to specify that it is not to be expanded (unless you really do want to build a regular expression by expansion, of course). + +.new +The value for a match will be the list element string (starting with the circumflex). +Additionally, &$0$& will be set to the string matching the regular expression, +and &$1$& (onwards) to any submatches identified by parentheses. +.wen + + + .next .cindex "lookup" "in domain list" .cindex "domain list" "matching by lookup" @@ -8593,12 +8658,15 @@ must be a filename in a suitable format for the lookup type. For example, for domains = cdb;/etc/mail/local_domains.cdb .endd The appropriate type of lookup is done on the file using the domain name as the -key. In most cases, the data that is looked up is not used; Exim is interested +key. In most cases, the value resulting from the lookup is not used; Exim is interested only in whether or not the key is present in the file. However, when a lookup is used for the &%domains%& option on a router -or a &%domains%& condition in an ACL statement, the data is preserved in the +or a &%domains%& condition in an ACL statement, the value is preserved in the &$domain_data$& variable and can be referred to in other router options or other statements in the same ACL. +.cindex "tainted data" "de-tainting" +The value will be untainted. + .next Any of the single-key lookup type names may be preceded by @@ -8617,6 +8685,7 @@ original lookup fails. This is not a useful feature when using a domain list to select particular domains (because any domain would match), but it might have value if the result of the lookup is being used via the &$domain_data$& expansion variable. + .next If the pattern starts with the name of a query-style lookup type followed by a semicolon (for example, &"nisplus;"& or &"ldap;"&), the remainder of the @@ -8626,25 +8695,37 @@ chapter &<>&. For example: hold_domains = mysql;select domain from holdlist \ where domain = '${quote_mysql:$domain}'; .endd -In most cases, the data that is looked up is not used (so for an SQL query, for +In most cases, the value resulting from the lookup is not used (so for an SQL query, for example, it doesn't matter what field you select). Exim is interested only in whether or not the query succeeds. However, when a lookup is used for the -&%domains%& option on a router, the data is preserved in the &$domain_data$& +&%domains%& option on a router, the value is preserved in the &$domain_data$& variable and can be referred to in other options. +.cindex "tainted data" "de-tainting" +The value will be untainted. + .next .new If the pattern starts with the name of a lookup type of either kind (single-key or query-style) it may be -followed by a command and options, +followed by a comma and options, The options are lookup-type specific and consist of a comma-separated list. Each item starts with a tag and and equals "=". .wen + .next .cindex "domain list" "matching literal domain name" If none of the above cases apply, a caseless textual comparison is made between the pattern and the domain. + +The value for a match will be the list element string. +.cindex "tainted data" "de-tainting" +Note that this is commonly untainted +(depending on the way the list was created). +This is a useful way of obtaining an untainted equivalent to +the domain, for later operations. .endlist + Here is an example that uses several different kinds of pattern: .code domainlist funny_domains = \ @@ -10285,21 +10366,37 @@ ${readsocket{/socket/name}{request string}{3s}} .endd The third argument is a list of options, of which the first element is the timeout -and must be present if the argument is given. +and must be present if any options are given. Further elements are options of form &'name=value'&. -Two option types is currently recognised: shutdown and tls. -The first defines whether (the default) -or not a shutdown is done on the connection after sending the request. -Example, to not do so (preferred, eg. by some webservers): +Example: .code ${readsocket{/socket/name}{request string}{3s:shutdown=no}} .endd -The second, tls, controls the use of TLS on the connection. Example: -.code -${readsocket{/socket/name}{request string}{3s:tls=yes}} -.endd -The default is to not use TLS. + +.new +The following option names are recognised: +.ilist +&*cache*& +Defines if the result data can be cached for use by a later identical +request in the same process. +Values are &"yes"& or &"no"& (the default). +If not, all cached results for this connection specification +will be invalidated. + +.next +&*shutdown*& +Defines whether or not a write-shutdown is done on the connection after +sending the request. Values are &"yes"& (the default) or &"no"& +(preferred, eg. by some webservers). + +.next +&*tls*& +Controls the use of TLS on the connection. +Values are &"yes"& or &"no"& (the default). If it is enabled, a shutdown as descripbed above is never done. +.endlist +.wen + A fourth argument allows you to change any newlines that are in the data that is read, in the same way as for &%readfile%& (see above). This example @@ -12325,7 +12422,9 @@ the complete argument of the ETRN command (see section &<>&). .cindex "tainted data" If the origin of the data is an incoming message, the result of expanding this variable is tainted. -See also &$domain_verified$&. +When un untainted version is needed, one should be obtained from +looking up the value in a local (therefore trusted) database. +Often &$domain_data$& is usable in this role. .wen @@ -12532,29 +12631,15 @@ Consider carefully the implications of using it unvalidated as a name for file access. This presents issues for users' &_.forward_& and filter files. For traditional full user accounts, use &%check_local_users%& and the -&$local_part_verified$& variable rather than this one. +&$local_part_data$& variable rather than this one. For virtual users, store a suitable pathname component in the database which is used for account name validation, and use that retrieved value rather than this variable. +Often &$local_part_data$& is usable in this role. If needed, use a router &%address_data%& or &%set%& option for the retrieved data. .wen -.vindex "&$local_part_prefix$&" -.vindex "&$local_part_prefix_v$&" -.vindex "&$local_part_suffix$&" -.vindex "&$local_part_suffix_v$&" -.cindex affix variables -If a local part prefix or suffix has been recognized, it is not included in the -value of &$local_part$& during routing and subsequent delivery. The values of -any prefix or suffix are in &$local_part_prefix$& and -&$local_part_suffix$&, respectively. -.new -If the affix specification included a wildcard then the portion of -the affix matched by the wildcard is in -&$local_part_prefix_v$& or &$local_part_suffix_v$& as appropriate. -.wen - When a message is being delivered to a file, pipe, or autoreply transport as a result of aliasing or forwarding, &$local_part$& is set to the local part of the parent address, not to the filename or command (see &$address_file$& and @@ -12595,44 +12680,33 @@ router as &$local_part_data$&. In addition, if the driver routes the address to a transport, the value is available in that transport. If the transport is handling multiple addresses, the value from the first address is used. +.new +The &%check_local_user%& router option also sets this variable. +.wen + &$local_part_data$& is also set when the &%local_parts%& condition in an ACL matches a local part by means of a lookup. The data read by the lookup is available during the rest of the ACL statement. In all other situations, this variable expands to nothing. -.vitem &$local_part_prefix$& -.vindex "&$local_part_prefix$&" +.vindex &$local_part_prefix$& &&& + &$local_part_prefix_v$& &&& + &$local_part_suffix$& &&& + &$local_part_suffix_v$& .cindex affix variables -When an address is being routed or delivered, and a -specific prefix for the local part was recognized, it is available in this -variable, having been removed from &$local_part$&. - -.new -.vitem &$local_part_prefix_v$& -.vindex "&$local_part_prefix_v$&" -When &$local_part_prefix$& is valid and the prefix match used a wildcard, -the portion matching the wildcard is available in this variable. -.wen - -.vitem &$local_part_suffix$& -.vindex "&$local_part_suffix$&" -When an address is being routed or delivered, and a -specific suffix for the local part was recognized, it is available in this -variable, having been removed from &$local_part$&. - +If a local part prefix or suffix has been recognized, it is not included in the +value of &$local_part$& during routing and subsequent delivery. The values of +any prefix or suffix are in &$local_part_prefix$& and +&$local_part_suffix$&, respectively. .new -.vitem &$local_part_suffix_v$& -.vindex "&$local_part_suffix_v$&" -When &$local_part_suffix$& is valid and the suffix match used a wildcard, -the portion matching the wildcard is available in this variable. -.wen +.cindex "tainted data" +If the specification did not include a wildcard then +the affix variable value is not tainted. -.new -.vitem &$local_part_verified$& -.vindex "&$local_part_verified$&" -If the router generic option &%check_local_part%& has run successfully, -this variable has the user database version of &$local_part$&. -Such values are not tainted and hence usable for building file names. +If the affix specification included a wildcard then the portion of +the affix matched by the wildcard is in +&$local_part_prefix_v$& or &$local_part_suffix_v$& as appropriate, +and both the whole and varying values are tainted. .wen .vitem &$local_scan_data$& @@ -13290,6 +13364,18 @@ library, by setting: dns_dnssec_ok = 1 .endd +.new +In addition, on Linux with glibc 2.31 or newer the resolver library will +default to stripping out a successful validation status. +This will break a previously working Exim installation. +Provided that you do trust the resolver (ie, is on localhost) you can tell +glibc to pass through any successful validation with a new option in +&_/etc/resolv.conf_&: +.code +options trust-ad +.endd +.wen + Exim does not perform DNSSEC validation itself, instead leaving that to a validating resolver (e.g. unbound, or bind with suitable configuration). @@ -14562,6 +14648,7 @@ See also the &'Policy controls'& section above. .table2 .row &%dkim_verify_hashes%& "DKIM hash methods accepted for signatures" .row &%dkim_verify_keytypes%& "DKIM key types accepted for signatures" +.row &%dkim_verify_min_keysizes%& "DKIM key sizes accepted for signatures" .row &%dkim_verify_signers%& "DKIM domains for which DKIM ACL is run" .row &%host_lookup%& "host name looked up for these hosts" .row &%host_lookup_order%& "order of DNS and local name lookups" @@ -14710,6 +14797,7 @@ Those options that undergo string expansion before use are marked with .cindex "8-bit characters" .cindex "log" "selectors" .cindex "log" "8BITMIME" +.cindex "ESMTP extensions" 8BITMIME This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it @@ -14923,6 +15011,7 @@ That is, set the option to an empty string so that no check is done. .option auth_advertise_hosts main "host list&!!" * .cindex "authentication" "advertising" .cindex "AUTH" "advertising" +.cindex "ESMTP extensions" AUTH If any server authentication mechanisms are configured, Exim advertises them in response to an EHLO command only if the calling host matches this list. Otherwise, Exim does not advertise AUTH. @@ -14984,12 +15073,18 @@ just the command name, it is not a complete command line. If an argument is required, it must come from the &%-oA%& command line option. -.option bounce_message_file main string unset +.option bounce_message_file main string&!! unset .cindex "bounce message" "customizing" .cindex "customizing" "bounce message" This option defines a template file containing paragraphs of text to be used for constructing bounce messages. Details of the file's contents are given in -chapter &<>&. See also &%warn_message_file%&. +chapter &<>&. +.new +.cindex bounce_message_file "tainted data" +The option is expanded to give the file path, which must be +absolute and untainted. +.wen +See also &%warn_message_file%&. .option bounce_message_text main string unset @@ -15178,6 +15273,7 @@ may wish to deliberately disable them. .option chunking_advertise_hosts main "host list&!!" * .cindex CHUNKING advertisement .cindex "RFC 3030" "CHUNKING" +.cindex "ESMTP extensions" CHUNKING The CHUNKING extension (RFC3030) will be advertised in the EHLO message to these hosts. Hosts may use the BDAT command as an alternate to DATA. @@ -15336,6 +15432,16 @@ This option gives a list of key types which are acceptable in signatures, and an order of processing. Signatures with algorithms not in the list will be ignored. + +.new +.option dkim_verify_min_keysizes main "string list" "rsa=1024 ed25519=250" +This option gives a list of key sizes which are acceptable in signatures. +The list is keyed by the algorithm type for the key; the values are in bits. +Signatures with keys smaller than given by this option will fail verification. + +The default enforces the RFC 8301 minimum key size for RSA signatures. +.wen + .option dkim_verify_minimal main boolean false If set to true, verification of signatures will terminate after the first success. @@ -15418,6 +15524,18 @@ default. A value of 0 coerces DNSSEC off, a value of 1 coerces DNSSEC on. If the resolver library does not support DNSSEC then this option has no effect. +.new +On Linux with glibc 2.31 or newer this is insufficient, the resolver library +will default to stripping out a successful validation status. +This will break a previously working Exim installation. +Provided that you do trust the resolver (ie, is on localhost) you can tell +glibc to pass through any successful validation with a new option in +&_/etc/resolv.conf_&: +.code +options trust-ad +.endd +.wen + .option dns_ipv4_lookup main "domain list&!!" unset .cindex "IPv6" "DNS lookup for AAAA records" @@ -15507,6 +15625,7 @@ described in section &<>&. .cindex "bounce messages" "success" .cindex "DSN" "success" .cindex "Delivery Status Notification" "success" +.cindex "ESMTP extensions" DSN DSN extensions (RFC3461) will be advertised in the EHLO message to, and accepted from, these hosts. Hosts may use the NOTIFY and ENVID options on RCPT TO commands, @@ -15514,6 +15633,10 @@ and RET and ORCPT options on MAIL FROM commands. A NOTIFY=SUCCESS option requests success-DSN messages. A NOTIFY= option with no argument requests that no delay or failure DSNs are sent. +.new +&*Note*&: Supplying success-DSN messages has been criticised +on privacy grounds; it can leak details of internal forwarding. +.wen .option dsn_from main "string&!!" "see below" .cindex "&'From:'& header line" "in bounces" @@ -16395,6 +16518,11 @@ to depend on the IP address of the remote host for messages arriving via TCP/IP. After expansion, the value must be a sequence of decimal digits, optionally followed by K or M. +.cindex "SIZE" "ESMTP extension, advertising" +.cindex "ESMTP extensions" SIZE +If nonzero the value will be advertised as a parameter to the ESMTP SIZE +service extension keyword. + &*Note*&: This limit cannot be made to depend on a message's sender or any other properties of an individual message, because it has to be advertised in the server's response to EHLO. String expansion failure causes a temporary @@ -16662,6 +16790,7 @@ of the &%-oX%& option, unless a path is explicitly supplied by &%-oP%&. .option pipelining_advertise_hosts main "host list&!!" * .cindex "PIPELINING" "suppressing advertising" +.cindex "ESMTP extensions" PIPELINING This option can be used to suppress the advertisement of the SMTP PIPELINING extension to specific hosts. See also the &*no_pipelining*& control in section &<>&. When PIPELINING is not advertised and @@ -16673,6 +16802,7 @@ not count as protocol errors (see &%smtp_max_synprot_errors%&). .option pipelining_connect_advertise_hosts main "host list&!!" * .cindex "pipelining" "early connection" .cindex "pipelining" PIPE_CONNECT +.cindex "ESMTP extensions" X_PIPE_CONNECT If Exim is built with the SUPPORT_PIPE_CONNECT build option this option controls which hosts the facility is advertised to and from which pipeline early-connection (before MAIL) SMTP @@ -16686,6 +16816,7 @@ Currently the option name &"X_PIPE_CONNECT"& is used. .option prdr_enable main boolean false .cindex "PRDR" "enabling on server" +.cindex "ESMTP extensions" PRDR This option can be used to enable the Per-Recipient Data Response extension to SMTP, defined by Eric Hall. If the option is set, PRDR is advertised by Exim when operating as a server. @@ -17405,6 +17536,7 @@ hosts), you can do so by an appropriate use of a &%control%& modifier in an ACL .option smtp_etrn_command main string&!! unset .cindex "ETRN" "command to be run" +.cindex "ESMTP extensions" ETRN .vindex "&$domain$&" If this option is set, the given command is run whenever an SMTP ETRN command is received from a host that is permitted to issue such commands (see @@ -17585,7 +17717,8 @@ example, instead of &"Administrative prohibition"&, it might give: .option smtputf8_advertise_hosts main "host list&!!" * -.cindex "SMTPUTF8" "advertising" +.cindex "SMTPUTF8" "ESMTP extension, advertising" +.cindex "ESMTP extensions" SMTPUTF8 When Exim is built with support for internationalised mail names, the availability thereof is advertised in response to EHLO only to those client hosts that match this option. See @@ -17876,6 +18009,7 @@ unfortunately not all, operating systems. .cindex "TLS" "advertising" .cindex "encryption" "on SMTP connection" .cindex "SMTP" "encrypted connection" +.cindex "ESMTP extensions" STARTTLS When Exim is built with support for TLS encrypted connections, the availability of the STARTTLS command to set up an encrypted session is advertised in response to EHLO only to those client hosts that match this option. See @@ -18313,14 +18447,20 @@ regular expression by a parenthesized subpattern. The default value for See &%uucp_from_pattern%& above. -.option warn_message_file main string unset +.option warn_message_file main string&!! unset .cindex "warning of delay" "customizing the message" .cindex "customizing" "warning message" This option defines a template file containing paragraphs of text to be used for constructing the warning message which is sent by Exim when a message has been in the queue for a specified amount of time, as specified by &%delay_warning%&. Details of the file's contents are given in chapter -&<>&. See also &%bounce_message_file%&. +&<>&. +.new +.cindex warn_message_file "tainted data" +The option is expanded to give the file path, which must be +absolute and untainted. +.wen +See also &%bounce_message_file%&. .option write_rejectlog main boolean true @@ -19131,7 +19271,7 @@ but the user is specified symbolically, the gid associated with the uid is used. For example: .code require_files = mail:/some/file -require_files = $local_part:$home/.procmailrc +require_files = $local_part_data:$home/.procmailrc .endd If a user or group name in a &%require_files%& list does not exist, the &%require_files%& condition fails. @@ -21762,7 +21902,7 @@ local_users: # This transport overrides the group group_delivery: driver = appendfile - file = /var/spool/mail/$local_part + file = /var/spool/mail/$local_part_data group = mail .endd If &%user%& is set for a transport, its value overrides what is set in the @@ -22277,7 +22417,7 @@ message. For example, a content scan could insert a new header line containing a spam score. This could be interpreted by a filter in the user's MUA. It is not possible to discard a message at this stage. -.cindex "SMTP" "SIZE" +.cindex "SIZE" "ESMTP extension" A problem might arise if the filter increases the size of a message that is being sent down an SMTP connection. If the receiving SMTP server has indicated support for the SIZE parameter, Exim will have sent the size of the message @@ -22597,7 +22737,7 @@ is used as a result of a &"keep"& action in the filter. This example shows one way of handling this requirement: .code file = ${if eq{$address_file}{inbox} \ - {/var/mail/$local_part} \ + {/var/mail/$local_part_data} \ {${if eq{${substr_0_1:$address_file}}{/} \ {$address_file} \ {$home/mail/$address_file} \ @@ -22778,8 +22918,8 @@ The string value is expanded for each delivery, and must yield an absolute path. The most common settings of this option are variations on one of these examples: .code -file = /var/spool/mail/$local_part -file = /home/$local_part/inbox +file = /var/spool/mail/$local_part_data +file = /home/$local_part_data/inbox file = $home/inbox .endd .cindex "&""sticky""& bit" @@ -23535,7 +23675,7 @@ and directories in a maildir mailbox, including subdirectories for maildir++ folders. Consider this example: .code maildir_format = true -directory = /var/mail/$local_part\ +directory = /var/mail/$local_part_data\ ${if eq{$local_part_suffix}{}{}\ {/.${substr_1:$local_part_suffix}}} maildirfolder_create_regex = /\.[^/]+$ @@ -24525,14 +24665,14 @@ configuration for &%procmail%&: # transport procmail_pipe: driver = pipe - command = /usr/local/bin/procmail -d $local_part + command = /usr/local/bin/procmail -d $local_part_data return_path_add delivery_date_add envelope_to_add check_string = "From " escape_string = ">From " umask = 077 - user = $local_part + user = $local_part_data group = mail # router @@ -24990,7 +25130,8 @@ facilities such as AUTH, PIPELINING, SIZE, and STARTTLS. .option hosts_avoid_pipelining smtp "host list&!!" unset .cindex "PIPELINING" "avoiding the use of" -Exim will not use the SMTP PIPELINING extension when delivering to any host +.cindex "ESMTP extensions" PIPELINING +Exim will not use the ESMTP PIPELINING extension when delivering to any host that matches this list, even if the server host advertises PIPELINING support. .option hosts_pipe_connect smtp "host list&!!" unset @@ -25194,6 +25335,7 @@ such as DNSBL lookups, will still delay the emission of the SMTP banner. .option hosts_try_prdr smtp "host list&!!" * .cindex "PRDR" "enabling, optional in client" +.cindex "ESMTP extensions" PRDR This option provides a list of servers to which, provided they announce PRDR support, Exim will attempt to negotiate PRDR for multi-recipient messages. @@ -25351,7 +25493,7 @@ See also the &%max_parallel%& generic transport option. .option size_addition smtp integer 1024 -.cindex "SMTP" "SIZE" +.cindex "SIZE" "ESMTP extension" .cindex "message" "size issue for transport filter" .cindex "size" "of message" .cindex "transport" "filter" @@ -25536,13 +25678,17 @@ The &%tls_verify_certificates%& option must also be set. If both this option and &%tls_try_verify_hosts%& are unset operation is as if this option selected all hosts. -.option utf8_downconvert smtp integer!! unset +.option utf8_downconvert smtp integer&!! -1 .cindex utf8 "address downconversion" .cindex i18n "utf8 address downconversion" If built with internationalization support, -this option controls conversion of UTF-8 in message addresses +this option controls conversion of UTF-8 in message envelope addresses to a-label form. -For details see section &<>&. +If, after expansion, the value is 1, 0, or -1 then this value overrides +any value previously set for the message. Otherwise, any previously +set value is used. To permit use of a previous value, +set this option to an empty string. +For details on the values see section &<>&. @@ -26650,6 +26796,7 @@ transfer of mail between servers that have no managerial connection with each other. .cindex "AUTH" "description of" +.cindex "ESMTP extensions" AUTH Very briefly, the way SMTP authentication works is as follows: .ilist @@ -28681,6 +28828,7 @@ tls_require_ciphers = ${if =={$received_port}{25}\ .section "Configuring an Exim server to use TLS" "SECID182" .cindex "TLS" "configuring an Exim server" +.cindex "ESMTP extensions" STARTTLS When Exim has been built with TLS support, it advertises the availability of the STARTTLS command to client hosts that match &%tls_advertise_hosts%&, but not to any others. The default value of this option is *, which means @@ -28940,6 +29088,7 @@ deliveries as well as to incoming, the latter one causing logging of the server certificate's DN. The remaining client configuration for TLS is all within the &(smtp)& transport. +.cindex "ESMTP extensions" STARTTLS It is not necessary to set any options to have TLS work in the &(smtp)& transport. If Exim is built with TLS support, and TLS is advertised by a server, the &(smtp)& transport always tries to start a TLS session. However, @@ -30882,6 +31031,7 @@ calling host. Its effect lasts until the end of the SMTP connection. .vitem &*control&~=&~no_pipelining*& .cindex "PIPELINING" "suppressing advertising" +.cindex "ESMTP extensions" PIPELINING This control turns off the advertising of the PIPELINING extension to SMTP in the current session. To be useful, it must be obeyed before Exim sends its response to an EHLO command. Therefore, it should normally appear in an ACL @@ -30957,7 +31107,7 @@ data is read. that are being submitted at the same time using &%-bs%& or &%-bS%&. .vitem &*control&~=&~utf8_downconvert*& -This control enables conversion of UTF-8 in message addresses +This control enables conversion of UTF-8 in message envelope addresses to a-label form. For details see section &<>&. .endlist vlist @@ -35087,7 +35237,7 @@ central_filter: check_local_user driver = redirect domains = +local_domains - file = /central/filters/$local_part + file = /central/filters/$local_part_data no_verify allow_filter allow_freeze @@ -35845,13 +35995,14 @@ used to contain the envelope information. .cindex "outgoing LMTP over TCP/IP" .cindex "EHLO" .cindex "HELO" -.cindex "SIZE option on MAIL command" +.cindex "SIZE" "option on MAIL command" Outgoing SMTP and LMTP over TCP/IP is implemented by the &(smtp)& transport. The &%protocol%& option selects which protocol is to be used, but the actual processing is the same in both cases. +.cindex "ESMTP extensions" SIZE If, in response to its EHLO command, Exim is told that the SIZE -parameter is supported, it adds SIZE=<&'n'&> to each subsequent MAIL +extension is supported, it adds SIZE=<&'n'&> to each subsequent MAIL command. The value of <&'n'&> is the message size plus the value of the &%size_addition%& option (default 1024) to allow for additions to the message such as per-transport header lines, or changes made in a @@ -36247,7 +36398,8 @@ RCPT failures. .section "The ETRN command" "SECTETRN" .cindex "ETRN" "processing" -RFC 1985 describes an SMTP command called ETRN that is designed to +.cindex "ESMTP extensions" ETRN +RFC 1985 describes an ESMTP command called ETRN that is designed to overcome the security problems of the TURN command (which has fallen into disuse). When Exim receives an ETRN command on a TCP/IP connection, it runs the ACL specified by &%acl_smtp_etrn%& in order to decide whether the command @@ -36602,10 +36754,10 @@ lists in a separate domain from normal mail. For example: lists: driver = redirect domains = lists.example - file = /usr/lists/$local_part + file = ${lookup {$local_part} dsearch,ret=full {/usr/lists}} forbid_pipe forbid_file - errors_to = $local_part-request@lists.example + errors_to = ${quote_local_part:$local_part-request}@lists.example no_more .endd This router is skipped for domains other than &'lists.example'&. For addresses @@ -36693,7 +36845,8 @@ lists_request: driver = redirect domains = lists.example local_part_suffix = -request - file = /usr/lists/$local_part$local_part_suffix + local_parts = ${lookup {$local_part} dsearch,filter=file {/usr/lists}} + file = /usr/lists/${local_part_data}-request no_more lists_post: @@ -36701,10 +36854,10 @@ lists_post: domains = lists.example senders = ${if exists {/usr/lists/$local_part}\ {lsearch;/usr/lists/$local_part}{*}} - file = /usr/lists/$local_part + file = ${lookup {$local_part} dsearch,ret=full {/usr/lists}} forbid_pipe forbid_file - errors_to = $local_part-request@lists.example + errors_to = ${quote_local_part:$local_part-request}@lists.example no_more lists_closed: @@ -36762,7 +36915,7 @@ verp_smtp: max_rcpt = 1 return_path = \ ${if match {$return_path}{^(.+?)-request@your.dom.example\$}\ - {$1-request+$local_part=$domain@your.dom.example}fail} + {${quote_local_part:$1-request+$local_part=$domain}@your.dom.example}fail} .endd This has the effect of rewriting the return path (envelope sender) on outgoing SMTP messages, if the local part of the original return path ends in @@ -36813,7 +36966,7 @@ verp_dnslookup: transport = remote_smtp errors_to = \ ${if match {$return_path}{^(.+?)-request@your.dom.example\$}} - {$1-request+$local_part=$domain@your.dom.example}fail} + {${quote_local_part:$1-request+$local_part=$domain}@your.dom.example}fail} no_more .endd Before you start sending out messages with VERPed return paths, you must also @@ -36901,7 +37054,7 @@ follows: .code my_mailboxes: driver = appendfile - file = /var/mail/$domain/$local_part + file = /var/mail/$domain/$local_part_data user = mail .endd This uses a directory of mailboxes for each domain. The &%user%& setting is @@ -36956,9 +37109,9 @@ another MTA: userforward: driver = redirect check_local_user - file = $home/.forward$local_part_suffix local_part_suffix = -* local_part_suffix_optional + file = ${lookup {.forward$local_part_suffix} dsearch,ret=full {$home} {$value}fail} allow_filter .endd If there is no suffix, &_.forward_& is used; if the suffix is &'-special'&, for @@ -40693,6 +40846,10 @@ Notes from the key record (tag n=). .vitem &%$dkim_key_length%& Number of bits in the key. +.new +Valid only once the key is loaded, which is at the time the header signature +is verified, which is after the body hash is. +.wen Note that RFC 8301 says: .code @@ -40700,9 +40857,8 @@ Verifiers MUST NOT consider signatures using RSA keys of less than 1024 bits as valid signatures. .endd -To enforce this you must have a DKIM ACL which checks this variable -and overwrites the &$dkim_verify_status$& variable as discussed above. -As EC keys are much smaller, the check should only do this for RSA keys. +This is enforced by the default setting for the &%dkim_verify_min_keysizes%& +option. .endlist @@ -41331,6 +41487,7 @@ requirement, upon libidn2. .section "MTA operations" SECTi18nMTA .cindex SMTPUTF8 "ESMTP option" +.cindex "ESMTP extensions" SMTPUTF8 The main configuration option &%smtputf8_advertise_hosts%& specifies a host list. If this matches the sending host and accept_8bitmime is true (the default) then the ESMTP option @@ -41377,22 +41534,27 @@ may use the following modifier: control = utf8_downconvert control = utf8_downconvert/ .endd -This sets a flag requiring that addresses are converted to -a-label form before smtp delivery, for use in a -Message Submission Agent context. +This sets a flag requiring that envelope addresses are converted to +a-label form before smtp delivery. +This is usually for use in a Message Submission Agent context, +but could be used for any message. + If a value is appended it may be: .display -&`1 `& (default) mandatory downconversion +&`1 `& mandatory downconversion &`0 `& no downconversion &`-1 `& if SMTPUTF8 not supported by destination host .endd +If no value is given, 1 is used. If mua_wrapper is set, the utf8_downconvert control is initially set to -1. The smtp transport has an option &%utf8_downconvert%&. If set it must expand to one of the three values described above, -and it overrides any previously set value. +or an empty string. +If non-empty it overrides value previously set +(due to mua_wrapper or by an ACL control). There is no explicit support for VRFY and EXPN.