X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/5815abc12f7b91a77880d4156968706bd60229d0..45329490797bbaf91000dfa992a97a811f306b70:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 1dbd0e662..6ede1dc95 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1811,9 +1811,13 @@ the traditional &'ndbm'& interface. .next To complicate things further, there are several very different versions of the Berkeley DB package. Version 1.85 was stable for a very long time, releases -2.&'x'& and 3.&'x'& were current for a while, but the latest versions when Exim last revamped support were numbered 4.&'x'&. -Maintenance of some of the earlier releases has ceased. All versions of -Berkeley DB could be obtained from +2.&'x'& and 3.&'x'& were current for a while, +.new +but the latest versions when Exim last revamped support were numbered 5.&'x'&. +Maintenance of some of the earlier releases has ceased, +and Exim no longer supports versions before 3.&'x'&. +.wen +All versions of Berkeley DB could be obtained from &url(http://www.sleepycat.com/), which is now a redirect to their new owner's page with far newer versions listed. It is probably wise to plan to move your storage configurations away from @@ -1837,6 +1841,9 @@ USE_DB=yes .endd Similarly, for gdbm you set USE_GDBM, and for tdb you set USE_TDB. An error is diagnosed if you set more than one of these. +.new +You can set USE_NDBM if needed to override an operating system default. +.wen At the lowest level, the build-time configuration sets none of these options, thereby assuming an interface of type (1). However, some operating system @@ -1851,7 +1858,11 @@ in one of these lines: .code DBMLIB = -ldb DBMLIB = -ltdb +DBMLIB = -lgdbm -lgdbm_compat .endd +.new +The last of those was for a Linux having GDBM provide emulated NDBM facilities. +.wen Settings like that will work if the DBM library is installed in the standard place. Sometimes it is not, and the library's header file may also not be in the default path. You may need to set INCLUDE to specify where the header @@ -6755,6 +6766,9 @@ domains = ${lookup{$sender_host_address}lsearch{/some/file}} domains = lsearch;/some/file .endd The first uses a string expansion, the result of which must be a domain list. +.new +The key for an expansion-style lookup must be given explicitly. +.wen No strings have been specified for a successful or a failing lookup; the defaults in this case are the looked-up data and an empty string, respectively. The expansion takes place before the string is processed as a list, and the @@ -6779,6 +6793,12 @@ domain2: Any data that follows the keys is not relevant when checking that the domain matches the list item. +.new +The key for a list-style lookup is implicit, from the lookup context, if +the lookup is a single-key type (see below). +For query-style lookup types the key must be given explicitly. +.wen + It is possible, though no doubt confusing, to use both kinds of lookup at once. Consider a file containing lines like this: .code @@ -6813,7 +6833,7 @@ The &'single-key'& type requires the specification of a file in which to look, and a single key to search for. The key must be a non-empty string for the lookup to succeed. The lookup type determines how the file is searched. .cindex "tainted data" "single-key lookups" -The file string may not be tainted +The file string may not be tainted. .cindex "tainted data" "de-tainting" All single-key lookups support the option &"ret=key"&. @@ -10575,7 +10595,7 @@ sending the request. Values are &"yes"& (the default) or &"no"& &*tls*& Controls the use of TLS on the connection. Values are &"yes"& or &"no"& (the default). -If it is enabled, a shutdown as descripbed above is never done. +If it is enabled, a shutdown as described above is never done. .endlist @@ -12098,8 +12118,9 @@ matched using &%match_ip%&. .cindex "&%pam%& expansion condition" &'Pluggable Authentication Modules'& (&url(https://mirrors.edge.kernel.org/pub/linux/libs/pam/)) are a facility that is -available in the latest releases of Solaris and in some GNU/Linux -distributions. The Exim support, which is intended for use in conjunction with +available in Solaris +and in some GNU/Linux distributions. +The Exim support, which is intended for use in conjunction with the SMTP AUTH command, is available only if Exim is compiled with .code SUPPORT_PAM=yes @@ -15873,8 +15894,8 @@ described in section &<>&. .cindex "ESMTP extensions" DSN DSN extensions (RFC3461) will be advertised in the EHLO message to, and accepted from, these hosts. -Hosts may use the NOTIFY and ENVID options on RCPT TO commands, -and RET and ORCPT options on MAIL FROM commands. +Hosts may use the NOTIFY and ORCPT options on RCPT TO commands, +and RET and ENVID options on MAIL FROM commands. A NOTIFY=SUCCESS option requests success-DSN messages. A NOTIFY= option with no argument requests that no delay or failure DSNs are sent. @@ -18480,8 +18501,17 @@ of the later IKE values, which led into RFC7919 providing new fixed constants (the "ffdhe" identifiers). At this point, all of the "ike" values should be considered obsolete; -they're still in Exim to avoid breaking unusual configurations, but are +they are still in Exim to avoid breaking unusual configurations, but are candidates for removal the next time we have backwards-incompatible changes. +.new +Two of them in particular (&`ike1`& and &`ike22`&) are called out by RFC 8247 +as MUST NOT use for IPSEC, and two more (&`ike23`& and &`ike24`&) as +SHOULD NOT. +Because of this, Exim regards them as deprecated; if either of the first pair +are used, warnings will be logged in the paniclog, and if any are used then +warnings will be logged in the mainlog. +All four will be removed in a future Exim release. +.wen The TLS protocol does not negotiate an acceptable size for this; clients tend to hard-drop connections if what is offered by the server is unacceptable, @@ -30459,6 +30489,11 @@ accepted by an &%accept%& verb that has a &%message%& modifier, the contents of the message override the banner message that is otherwise specified by the &%smtp_banner%& option. +.new +For tls-on-connect connections, the ACL is run after the TLS connection +is accepted (however, &%host_reject_connection%& is tested before). +.wen + .section "The EHLO/HELO ACL" "SECID192" .cindex "EHLO" "ACL for" @@ -31576,12 +31611,43 @@ sender when the destination system is doing content-scan based rejection. This control turns on debug logging, almost as though Exim had been invoked with &`-d`&, with the output going to a new logfile in the usual logs directory, by default called &'debuglog'&. -The filename can be adjusted with the &'tag'& option, which -may access any variables already defined. The logging may be adjusted with -the &'opts'& option, which takes the same values as the &`-d`& command-line -option. -Logging started this way may be stopped, and the file removed, -with the &'kill'& option. + +.new +Options are a slash-separated list. +If an option takes an argument, the option name and argument are separated by +an equals character. +Several options are supported: +.wen +.display +tag=<&'suffix'&> The filename can be adjusted with thise option. + The argument, which may access any variables already defined, + is appended to the default name. + +opts=<&'debug&~options'&> The argument specififes what is to be logged, + using the same values as the &`-d`& command-line option. + +stop Logging started with this control may be + stopped by using this option. + +kill Logging started with this control may be + stopped by using this option. + Additionally the debug file will be removed, + providing one means for speculative debug tracing. + +pretrigger=<&'size'&> This option specifies a memory buffuer to be used + for pre-trigger debug capture. + Debug lines are recorded in the buffer until + and if) a trigger occurs; at which time they are + dumped to the debug file. Newer lines displace the + oldest if the buffer is full. After a trigger, + immediate writes to file are done as normal. + +trigger=<&'reason'&> This option selects cause for the pretrigger buffer + see above) to be copied to file. A reason of $*now* + take effect immediately; one of &*paniclog*& triggers + on a write to the panic log. +.endd + Some examples (which depend on variables that don't exist in all contexts): .code @@ -31590,6 +31656,8 @@ contexts): control = debug/opts=+expand+acl control = debug/tag=.$message_exim_id/opts=+expand control = debug/kill + control = debug/opts=+all/pretrigger=1024/trigger=paniclog + control = debug/trigger=now .endd @@ -39827,7 +39895,8 @@ For example, to dump the retry database: .code exim_dumpdb /var/spool/exim retry .endd -Two lines of output are produced for each entry: +For the retry database +two lines of output are produced for each entry: .code T:mail.ref.example:192.168.242.242 146 77 Connection refused 31-Oct-1995 12:00:12 02-Nov-1995 12:21:39 02-Nov-1995 20:21:39 * @@ -42593,6 +42662,7 @@ Events have names which correspond to the point in process at which they fire. The name is placed in the variable &$event_name$& and the event action expansion must check this, as it will be called for every possible event type. +.new The current list of events is: .display &`dane:fail after transport `& per connection @@ -42607,9 +42677,11 @@ The current list of events is: &`tcp:connect before transport `& per connection &`tcp:close after transport `& per connection &`tls:cert before both `& per certificate in verification chain +&`tls:fail:connect after main `& per connection &`smtp:connect after transport `& per connection &`smtp:ehlo after transport `& per connection .endd +.wen New event types may be added in future. The event name is a colon-separated list, defining the type of @@ -42635,6 +42707,7 @@ with the event type: &`msg:rcpt:host:defer `& error string &`msg:rcpt:defer `& error string &`tls:cert `& verification chain depth +&`tls:fail:connect `& error string &`smtp:connect `& smtp banner &`smtp:ehlo `& smtp ehlo response .endd