X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/4c04137d73637107669e02b21f890387aaa2ef34..c92df897f31aae2f87f69349eda4ad4f295d11b2:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index db4c6e2a2..5900b9c9e 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -52,7 +52,7 @@ .set I "    " .macro copyyear -2016 +2017 .endmacro . ///////////////////////////////////////////////////////////////////////////// @@ -4268,7 +4268,7 @@ or &%-bs%& is used. For &%-bh%&, the protocol is forced to one of the standard SMTP protocol names (see the description of &$received_protocol$& in section &<>&). For &%-bs%&, the protocol is always &"local-"& followed by one of those same names. For &%-bS%& (batched SMTP) however, the protocol can -be set by &%-oMr%&. +be set by &%-oMr%&. Repeated use of this option is not supported. .vitem &%-oMs%&&~<&'host&~name'&> .oindex "&%-oMs%&" @@ -4368,6 +4368,7 @@ host name and its colon can be omitted when only the protocol is to be set. Note the Exim already has two private options, &%-pd%& and &%-ps%&, that refer to embedded Perl. It is therefore impossible to set a protocol value of &`d`& or &`s`& using this option (but that does not seem a real limitation). +Repeated use of this option is not supported. .vitem &%-q%& .oindex "&%-q%&" @@ -6731,8 +6732,8 @@ PostgreSQL database. See section &<>&. .next .cindex "Redis lookup type" .cindex lookup Redis -&(redis)&: The format of the query is an SQL statement that is passed to a -Redis database. See section &<>&. +&(redis)&: The format of the query is either a simple get or simple set, +passed to a Redis database. See section &<>&. .next .cindex "sqlite lookup type" @@ -7805,6 +7806,19 @@ are rejected after a timeout period, during which the SQLite library waits for the lock to be released. In Exim, the default timeout is set to 5 seconds, but it can be changed by means of the &%sqlite_lock_timeout%& option. + +.new +.section "More about Redis" "SECTredis" +.cindex "lookup" "Redis" +.cindex "redis lookup type" +Redis is a non-SQL database. Commands are simple get and set. +Examples: +.code +${lookup redis{set keyname ${quote_redis:objvalue plus}}} +${lookup redis{get keyname}} +.endd +.wen + .ecindex IIDfidalo1 .ecindex IIDfidalo2 @@ -12257,7 +12271,7 @@ qualified host name. See also &$smtp_active_hostname$&. &$proxy_local_port$& &&& &$proxy_session$& These variables are only available when built with Proxy Protocol -or Socks5 support +or SOCKS5 support. For details see chapter &<>&. .vitem &$prdr_requested$& @@ -12607,6 +12621,13 @@ validating resolver (e.g. unbound, or bind with suitable configuration). If you have changed &%host_lookup_order%& so that &`bydns`& is not the first mechanism in the list, then this variable will be false. +.new +This requires that your system resolver library support EDNS0 (and that +DNSSEC flags exist in the system headers). If the resolver silently drops +all EDNS0 options, then this will have no effect. OpenBSD's asr resolver +is known to currently ignore EDNS0, documented in CAVEATS of asr_run(3). +.wen + .vitem &$sender_host_name$& .vindex "&$sender_host_name$&" @@ -13528,6 +13549,7 @@ listed in more than one group. .section "Miscellaneous" "SECID96" .table2 .row &%bi_command%& "to run for &%-bi%& command line option" +.row &%debug_store%& "do extra internal checks" .row &%disable_ipv6%& "do no IPv6 processing" .row &%keep_malformed%& "for broken files &-- should not happen" .row &%localhost_number%& "for unique message ids in clusters" @@ -14416,6 +14438,15 @@ The CHUNKING extension (RFC3030) will be advertised in the EHLO message to these hosts. Hosts may use the BDAT command as an alternate to DATA. +.new +.option debug_store main boolean &`false`& +.cindex debugging "memory corruption" +.cindex memory debugging +This option, when true, enables extra checking in Exim's internal memory +management. For use when a memory corruption issue is being investigated, +it should normally be left as default. +.wen + .option daemon_smtp_ports main string &`smtp`& .cindex "port" "for daemon" .cindex "TCP/IP" "setting listening ports" @@ -14665,6 +14696,7 @@ record in the authoritative section is used instead. .option dns_use_edns0 main integer -1 .cindex "DNS" "resolver options" .cindex "DNS" "EDNS0" +.cindex "DNS" "OpenBSD If this option is set to a non-negative number then Exim will initialise the DNS resolver library to either use or not use EDNS0 extensions, overriding the system default. A value of 0 coerces EDNS0 off, a value of 1 coerces EDNS0 @@ -14672,6 +14704,12 @@ on. If the resolver library does not support EDNS0 then this option has no effect. +.new +OpenBSD's asr resolver routines are known to ignore the EDNS0 option; this +means that DNSSEC will not work with Exim on that platform either, unless Exim +is linked against an alternative DNS client library. +.wen + .option drop_cr main boolean false This is an obsolete option that is now a no-op. It used to affect the way Exim @@ -15638,7 +15676,7 @@ harm. This option overrides the &%pipe_as_creator%& option of the &(pipe)& transport driver. -.option openssl_options main "string list" "+no_sslv2 +single_dh_use" +.option openssl_options main "string list" "+no_sslv2 +single_dh_use +no_ticket" .cindex "OpenSSL "compatibility options" This option allows an administrator to adjust the SSL options applied by OpenSSL to connections. It is given as a space-separated list of items, @@ -16871,6 +16909,9 @@ generates any deliveries to files or pipes, or any new mail messages, the appropriate &%system_filter_..._transport%& option(s) must be set, to define which transports are to be used. Details of this facility are given in chapter &<>&. +.new +A forced expansion failure results in no filter operation. +.wen .option system_filter_directory_transport main string&!! unset @@ -25865,6 +25906,19 @@ turned into a permanent error if you wish. In the second case, Exim tries to deliver the message unauthenticated. .endlist +.new +Note that the hostlist test for whether to do authentication can be +confused if name-IP lookups change between the time the peer is decided +on and the transport running. For example, with a manualroute +router given a host name, and DNS "round-robin" use by that name: if +the local resolver cache times out between the router and the transport +running, the transport may get an IP for the name for its authentication +check which does not match the connection peer IP. +No authentication will then be done, despite the names being identical. + +For such cases use a separate transport which always authenticates. +.wen + .cindex "AUTH" "on MAIL command" When Exim has authenticated itself to a remote server, it adds the AUTH parameter to the MAIL commands it sends, if it has an authenticated sender for @@ -28080,6 +28134,11 @@ run. A &"discard"& return from the DATA or the non-SMTP ACL discards all the remaining recipients. The &"discard"& return is not permitted for the &%acl_smtp_predata%& ACL. +.new +If the ACL for VRFY returns &"accept"&, a recipient verify (without callout) +is done on the address and the result determines the SMTP response. +.wen + .cindex "&[local_scan()]& function" "when all recipients discarded" The &[local_scan()]& function is always run, even if there are no remaining @@ -28899,7 +28958,11 @@ message body. Cutthrough delivery is not supported via transport-filters or when DKIM signing of outgoing messages is done, because it sends data to the ultimate destination before the entire message has been received from the source. -It is not supported for messages received with the SMTP PRDR option in use. +It is not supported for messages received with the SMTP PRDR +.new +or CHUNKING +.wen +options in use. Should the ultimate destination system positively accept or reject the mail, a corresponding indication is given to the source system and nothing is queued. @@ -29750,6 +29813,15 @@ to avoid doing it more than once per message. .cindex "&%verify%& ACL condition" This is a variation of the previous option, in which a modified address is verified as a sender. + +.new +Note that '/' is legal in local-parts; if the address may have such +(eg. is generated from the received message) +they must be protected from the options parsing by doubling: +.code +verify = sender=${sg{${address:$h_sender:}}{/}{//}} +.endd +.wen .endlist @@ -36015,7 +36087,7 @@ The latter can be disabled by turning off the &%outgoing_interface%& option. &%proxy%&: The internal (closest to the system running Exim) IP address of the proxy, tagged by PRX=, on the &"<="& line for a message accepted on a proxied connection -or the &"=>"& line for a message delivered on a proxied connection.. +or the &"=>"& line for a message delivered on a proxied connection. See &<>& for more information. .next .cindex "log" "incoming remote port" @@ -37875,9 +37947,8 @@ lock will be lost at the instant of rename. .next .vindex "&$body_linecount$&" If you change the number of lines in the file, the value of -&$body_linecount$&, which is stored in the -H file, will be incorrect. At -present, this value is not used by Exim, but there is no guarantee that this -will always be the case. +&$body_linecount$&, which is stored in the -H file, will be incorrect and can +cause incomplete transmission of messages or undeliverable messages. .next If the message is in MIME format, you must take care not to break it. .next @@ -38506,6 +38577,13 @@ recorded in an ACL (example is below). Use of a proxy is enabled by setting the &%hosts_proxy%& main configuration option to a hostlist; connections from these hosts will use Proxy Protocol. +Exim supports both version 1 and version 2 of the Proxy Protocol and +automatically determines which version is in use. + +The Proxy Protocol header is the first data received on a TCP connection +and is inserted before any TLS-on-connect handshake from the client; Exim +negotiates TLS between Exim-as-server and the remote client, not between +Exim and the proxy server. The following expansion variables are usable (&"internal"& and &"external"& here refer to the interfaces @@ -38626,6 +38704,12 @@ Exim has support for Internationalised mail names. To include this it must be built with SUPPORT_I18N and the libidn library. Standards supported are RFCs 2060, 5890, 6530 and 6533. +.new +If Exim is built with SUPPORT_I18N_2008 (in addition to SUPPORT_I18N, not +instead of it) then IDNA2008 is supported; this adds an extra library +requirement, upon libidn2. +.wen + .section "MTA operations" SECTi18nMTA .cindex SMTPUTF8 "ESMTP option" The main configuration option &%smtputf8_advertise_hosts%& specifies