X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/6e445b7e5e7b82c8b441a4d891d31c5add3310eb..685bbd33eed692f3da8a92241b4cdce95d1792ab:/doc/doc-docbook/spec.xfpt?ds=sidebyside diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index c40590a01..442c1ae9a 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1756,7 +1756,7 @@ headers are in an unusual location you will need to either set the PCRE2_LIBS and INCLUDE directives appropriately, or set PCRE2_CONFIG=yes to use the installed &(pcre-config)& command. If your operating system has no -PCRE2 support then you will need to obtain and build the current PCRE +PCRE2 support then you will need to obtain and build the current PCRE2 from &url(https://github.com/PhilipHazel/pcre2/releases). More information on PCRE2 is available at &url(https://www.pcre.org/). @@ -2587,6 +2587,25 @@ use of Exim's filtering capabilities, you should make the document entitled +.section "Running the daemon" SECTdaemonLaunch +The most common command line for launching the Exim daemon looks like +.code +exim -bd -q5m +.endd +This starts a daemon which +.ilist +listens for incoming smtp connections, launching handler processes for +each new one +.next +starts a queue-runner process every five minutes, to inspect queued messages +and run delivery attempts on any that have arrived at their retry time +.endlist +Should a queue run take longer than the time between queue-runner starts, +they will run in parallel. +Numbers of jobs of the various types are subject to policy controls +defined in the configuration. + + .section "Upgrading Exim" "SECID36" .cindex "upgrading Exim" If you are already running Exim on your host, building and installing a new @@ -10556,7 +10575,7 @@ sending the request. Values are &"yes"& (the default) or &"no"& &*tls*& Controls the use of TLS on the connection. Values are &"yes"& or &"no"& (the default). -If it is enabled, a shutdown as descripbed above is never done. +If it is enabled, a shutdown as described above is never done. .endlist @@ -12079,8 +12098,9 @@ matched using &%match_ip%&. .cindex "&%pam%& expansion condition" &'Pluggable Authentication Modules'& (&url(https://mirrors.edge.kernel.org/pub/linux/libs/pam/)) are a facility that is -available in the latest releases of Solaris and in some GNU/Linux -distributions. The Exim support, which is intended for use in conjunction with +available in Solaris +and in some GNU/Linux distributions. +The Exim support, which is intended for use in conjunction with the SMTP AUTH command, is available only if Exim is compiled with .code SUPPORT_PAM=yes @@ -18410,12 +18430,7 @@ larger prime than requested. The value of this option is expanded and indicates the source of DH parameters to be used by Exim. -This option is ignored for GnuTLS version 3.6.0 and later. -The library manages parameter negotiation internally. - -&*Note: The Exim Maintainers strongly recommend, -for other TLS library versions, -using a filename with site-generated +&*Note: The Exim Maintainers strongly recommend using a filename with site-generated local DH parameters*&, which has been supported across all versions of Exim. The other specific constants available are a fallback so that even when "unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS. @@ -18640,7 +18655,8 @@ either &%tls_verify_hosts%& or &%tls_try_verify_hosts%& is set and Any client that matches &%tls_verify_hosts%& is constrained by &%tls_verify_certificates%&. When the client initiates a TLS session, it must present one of the listed certificates. If it does not, the connection is -aborted. &*Warning*&: Including a host in &%tls_verify_hosts%& does not require +aborted. +&*Warning*&: Including a host in &%tls_verify_hosts%& does not require the host to use TLS. It can still send SMTP commands through unencrypted connections. Forcing a client to use TLS has to be done separately using an ACL to reject inappropriate commands when the connection is not encrypted. @@ -26095,6 +26111,10 @@ certificate verification must succeed. The &%tls_verify_certificates%& option must also be set. If both this option and &%tls_try_verify_hosts%& are unset operation is as if this option selected all hosts. +&*Warning*&: Including a host in &%tls_verify_hosts%& does not require +that connections use TLS. +Fallback to in-clear communication will be done unless restricted by +the &%hosts_require_tls%& option. .option utf8_downconvert smtp integer&!! -1 .cindex utf8 "address downconversion" @@ -39808,7 +39828,8 @@ For example, to dump the retry database: .code exim_dumpdb /var/spool/exim retry .endd -Two lines of output are produced for each entry: +For the retry database +two lines of output are produced for each entry: .code T:mail.ref.example:192.168.242.242 146 77 Connection refused 31-Oct-1995 12:00:12 02-Nov-1995 12:21:39 02-Nov-1995 20:21:39 *