X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/5428a9463ae1080029a84a1b33e4a8a6915c5f28..72c9e342b1a4a410efc165a38281da2f5b69ad90:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 5f1c25f41..ece837d03 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -52,7 +52,7 @@ .set I "    " .macro copyyear -2013 +2014 .endmacro . ///////////////////////////////////////////////////////////////////////////// @@ -9181,6 +9181,44 @@ of <&'string2'&>, whichever is the shorter. Do not confuse &%length%& with &%strlen%&, which gives the length of a string. +.vitem "&*${listextract{*&<&'number'&>&*}&&& + {*&<&'string1'&>&*}{*&<&'string2'&>&*}{*&<&'string3'&>&*}}*&" +.cindex "expansion" "extracting list elements by number" +.cindex "&%listextract%&" "extract list elements by number" +.cindex "list" "extracting elements by number" +The <&'number'&> argument must consist entirely of decimal digits, +apart from an optional leading minus, +and leading and trailing white space (which is ignored). + +After expansion, <&'string1'&> is interpreted as a list, colon-separated by +default, but the separator can be changed in the usual way. + +The first field of the list is numbered one. +If the number is negative, the fields are +counted from the end of the list, with the rightmost one numbered -1. +The numbered element of the list is extracted and placed in &$value$&, +then <&'string2'&> is expanded as the result. + +If the modulus of the +number is zero or greater than the number of fields in the string, +the result is the expansion of <&'string3'&>. + +For example: +.code +${listextract{2}{x:42:99}} +.endd +yields &"42"&, and +.code +${listextract{-3}{<, x,42,99,& Mailer,,/bin/bash}{result: $value}} +.endd +yields &"result: 99"&. + +If {<&'string3'&>} is omitted, an empty string is used for string3. +If {<&'string2'&>} is also omitted, the value that was +extracted is used. +You can use &`fail`& instead of {<&'string3'&>} as in a string extract. + + .vitem "&*${lookup{*&<&'key'&>&*}&~*&<&'search&~type'&>&*&~&&& {*&<&'file'&>&*}&~{*&<&'string1'&>&*}&~{*&<&'string2'&>&*}}*&" This is the first of one of two different types of lookup item, which are both @@ -11940,7 +11978,7 @@ other times, this variable is false. It is likely that you will need to coerce DNSSEC support on in the resolver library, by setting: .code -dns_use_dnssec = 1 +dns_dnssec_ok = 1 .endd Exim does not perform DNSSEC validation itself, instead leaving that to a @@ -13152,10 +13190,10 @@ See also the &'Policy controls'& section above. .row &%disable_ipv6%& "do no IPv6 processing" .row &%dns_again_means_nonexist%& "for broken domains" .row &%dns_check_names_pattern%& "pre-DNS syntax check" +.row &%dns_dnssec_ok%& "parameter for resolver" .row &%dns_ipv4_lookup%& "only v4 lookup for these domains" .row &%dns_retrans%& "parameter for resolver" .row &%dns_retry%& "parameter for resolver" -.row &%dns_use_dnssec%& "parameter for resolver" .row &%dns_use_edns0%& "parameter for resolver" .row &%hold_domains%& "hold delivery for these domains" .row &%local_interfaces%& "for routing checks" @@ -13652,6 +13690,9 @@ a very large time at the end of the list. For example: .code delay_warning = 2h:12h:99d .endd +Note that the option is only evaluated at the time a delivery attempt fails, +which depends on retry and queue-runner configuration. +Typically retries will be configured more frequently than warning messages. .option delay_warning_condition main string&!! "see below" .vindex "&$domain$&" @@ -13773,6 +13814,17 @@ This option controls whether or not an IP address, given as a CSA domain, is reversed and looked up in the reverse DNS, as described in more detail in section &<>&. + +.option dns_dnssec_ok main integer -1 +.cindex "DNS" "resolver options" +.cindex "DNS" "DNSSEC" +If this option is set to a non-negative number then Exim will initialise the +DNS resolver library to either use or not use DNSSEC, overriding the system +default. A value of 0 coerces DNSSEC off, a value of 1 coerces DNSSEC on. + +If the resolver library does not support DNSSEC then this option has no effect. + + .option dns_ipv4_lookup main "domain list&!!" unset .cindex "IPv6" "DNS lookup for AAAA records" .cindex "DNS" "IPv6 lookup for AAAA records" @@ -13803,16 +13855,6 @@ to set in them. See &%dns_retrans%& above. -.option dns_use_dnssec main integer -1 -.cindex "DNS" "resolver options" -.cindex "DNS" "DNSSEC" -If this option is set to a non-negative number then Exim will initialise the -DNS resolver library to either use or not use DNSSEC, overriding the system -default. A value of 0 coerces DNSSEC off, a value of 1 coerces DNSSEC on. - -If the resolver library does not support DNSSEC then this option has no effect. - - .option dns_use_edns0 main integer -1 .cindex "DNS" "resolver options" .cindex "DNS" "EDNS0" @@ -27251,7 +27293,12 @@ It is usable in the RCPT ACL and valid only for single-recipient mails forwarded from one SMTP connection to another. If a recipient-verify callout connection is requested in the same ACL it is held open and used for the data, otherwise one is made after the ACL completes. -Note that routers are used in verify mode. + +Note that routers are used in verify mode. Note also that headers cannot be +modified by any of the post-data ACLs (DATA, MIME and DKIM). +Cutthrough delivery is not supported via transport-filters or when DKIM signing +of outgoing messages is done, because it sends data to the ultimate destination +before the entire message has been received from the source. Should the ultimate destination system positively accept or reject the mail, a corresponding indication is given to the source system and nothing is queued. @@ -27505,12 +27552,15 @@ warn dnslists = sbl.spamhaus.org : \ add_header = X-blacklisted-at: $dnslist_domain .endd The &%add_header%& modifier is permitted in the MAIL, RCPT, PREDATA, DATA, -MIME, and non-SMTP ACLs (in other words, those that are concerned with +MIME, DKIM, and non-SMTP ACLs (in other words, those that are concerned with receiving a message). The message must ultimately be accepted for &%add_header%& to have any significant effect. You can use &%add_header%& with any ACL verb, including &%deny%& (though this is potentially useful only in a RCPT ACL). +Headers will not be added to the message if the modifier is used in +DATA, MIME or DKIM ACLs for messages delivered by cutthrough routing. + Leading and trailing newlines are removed from the data for the &%add_header%& modifier; if it then contains one or more newlines that @@ -27604,12 +27654,15 @@ warn message = Remove internal headers remove_header = x-route-mail1 : x-route-mail2 .endd The &%remove_header%& modifier is permitted in the MAIL, RCPT, PREDATA, DATA, -MIME, and non-SMTP ACLs (in other words, those that are concerned with +MIME, DKIM, and non-SMTP ACLs (in other words, those that are concerned with receiving a message). The message must ultimately be accepted for &%remove_header%& to have any significant effect. You can use &%remove_header%& with any ACL verb, including &%deny%&, though this is really not useful for any verb that doesn't result in a delivered message. +Headers will not be removed to the message if the modifier is used in +DATA, MIME or DKIM ACLs for messages delivered by cutthrough routing. + More than one header can be removed at the same time by using a colon separated list of header names. The header matching is case insensitive. Wildcards are not permitted, nor is list expansion performed, so you cannot use hostlists to @@ -36297,7 +36350,9 @@ disabled by setting DISABLE_DKIM=yes in Local/Makefile. Exim's DKIM implementation allows to .olist Sign outgoing messages: This function is implemented in the SMTP transport. -It can co-exist with all other Exim features, including transport filters. +It can co-exist with all other Exim features +(including transport filters) +except cutthrough delivery. .next Verify signatures in incoming messages: This is implemented by an additional ACL (acl_smtp_dkim), which can be called several times per message, with @@ -36388,6 +36443,10 @@ used. Verification of DKIM signatures in incoming email is implemented via the &%acl_smtp_dkim%& ACL. By default, this ACL is called once for each syntactically(!) correct signature in the incoming message. +A missing ACL definition defaults to accept. +If any ACL call does not acccept, the message is not accepted. +If a cutthrough delivery was in progress for the message it is +summarily dropped (having wasted the transmission effort). To evaluate the signature in the ACL a large number of expansion variables containing the signature status and its details are set up during the