X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/7b505d28898cadb14eebded54b255d22541caaa6..ee549a2ed04164407f4f897be3bf545f32579c5c:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 76bdd1396..1fec82923 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1401,7 +1401,8 @@ check an address given in the SMTP EXPN command (see the &%expn%& option). If the &%domains%& option is set, the domain of the address must be in the set of domains that it defines. .cindex "tainted data" "de-tainting" -.cindex "de-tainting" "using router domains option" +.cindex de-tainting "using router domains option" +.cindex de-tainting &$domains$& A match verifies the variable &$domain$& (which carries tainted data) and assigns an untainted value to the &$domain_data$& variable. Such an untainted value is often needed in the transport. @@ -1421,6 +1422,7 @@ rather than the generic &%condition%& option. If the &%local_parts%& option is set, the local part of the address must be in the set of local parts that it defines. A match verifies the variable &$local_part$& (which carries tainted data) +.cindex de-tainting &$local_parts$& and assigns an untainted value to the &$local_part_data$& variable. Such an untainted value is often needed in the transport. For specifics of the matching operation and the resulting untainted value, @@ -2837,6 +2839,12 @@ displayed. These options are used by Sendmail for selecting configuration files and are ignored by Exim. +.new +.cmdopt -atrn <&'host'&> <&'domainlist'&> +This option requests an ODMR customer connection. +See &<>& for details. +.wen + .cmdopt -B <&'type'&> .oindex "&%-B%&" .cindex "8-bit characters" @@ -3435,7 +3443,7 @@ Unqualified addresses are automatically qualified using &%qualify_domain%& and &%qualify_recipient%&, as appropriate, unless the &%-bnq%& option is used. Some other SMTP commands are recognized in the input. HELO and EHLO act -as RSET; VRFY, EXPN, ETRN, and HELP act as NOOP; +as RSET; VRFY, EXPN, ETRN, ATRN, and HELP act as NOOP; QUIT quits, ignoring the rest of the standard input. .cindex "return code" "for &%-bS%&" @@ -5210,7 +5218,7 @@ This can then be used in a &(redirect)& router setting like this: data = ${lookup mysql{ALIAS_QUERY}} .endd In earlier versions of Exim macros were sometimes used for domain, host, or -address lists. In Exim 4 these are handled better by named lists &-- see +address lists. In Exim version 4 these are handled better by named lists &-- see section &<>&. @@ -8261,12 +8269,21 @@ An option group name for MySQL option files can be specified in square brackets; the default value is &"exim"&. The full syntax of each item in &%mysql_servers%& is: .display -<&'hostname'&>::<&'port'&>(<&'socket name'&>)[<&'option group'&>]/&&& - <&'database'&>/<&'user'&>/<&'password'&> +<&'hostspec'&><&'portspec'&>(<&'socket name'&>)[<&'option group'&>]/&&& + <&'database'&>/<&'user'&>/<&'password'&> .endd Any of the four sub-parts of the first field can be omitted. For normal use on the local host it can be left blank or set to just &"localhost"&. +.new +A &'hostspec'& can be a hostname, an IPv4 address or an IPv6 address. +For the latter, a &'portspec'& is a dot followed by a port number; +for the other two a &'portspec'& is a colon followed by a port number. +.wen + +Note that the default list-separator for the list of servers is a colon so +(unless that is changed) all colons in list items must be doubled. + No database need be supplied &-- but if it is absent here, it must be given in the queries. @@ -8282,6 +8299,10 @@ parameters for the connection. .subsection "Special PostgreSQL features" SECID74 +.new +The &'hostspec'& for PostgreSQL follows the same rules as for MySQL above. +.wen + PostgreSQL lookups can also use Unix domain socket connections to the database. This is usually faster and costs less CPU time than a TCP/IP connection. However it can be used only if the mail server runs on the same machine as the @@ -8428,10 +8449,18 @@ type of match and is given below as the &*value*& information. .section "Expansion of lists" "SECTlistexpand" .cindex "expansion" "of lists" -Each list is expanded as a single string before it is used. +.new +Each list, after any leading change-of-separator specification +(see &<>&) is expanded as a single string, .cindex "tainted data" tracking -&*Note*&: As a result, if any componend was tainted then the -entire result string becomes tainted. +&*Note*&: As a result, if any component was tainted then the +entire expansion result string becomes tainted. + +Splitting out a leading explicit change-of-separator permits +one being safely used on a list that has tainted components +while still detecting the use of a tainted setting. +The latter is not permitted. +.wen &'Exception: the router headers_remove option, where list-item splitting is done before string-expansion.'& @@ -8614,6 +8643,11 @@ domainlist dom2 = !a.b : *.b where &'x.y'& does not match. It's best to avoid negation altogether in referenced lists if you can. +.new +The list item which references a named list (&"+"&) +may not be tainted. +.wen + .cindex "hiding named list values" .cindex "named lists" "hiding value of" Some named list definitions may contain sensitive data, for example, passwords for @@ -8718,6 +8752,9 @@ possible to use the same configuration file on several different hosts that differ only in their names. The value for a match will be the primary host name. +.new +The pattern may not be tainted. +.wen .next @@ -8733,6 +8770,9 @@ In today's Internet, the use of domain literals is controversial; see the &%allow_domain_literals%& main option. The value for a match will be the string &`@[]`&. +.new +The pattern may not be tainted. +.wen .next @@ -8749,6 +8789,10 @@ local host, and the second only when no primary MX target is the local host, but a secondary MX target is. &"Primary"& means an MX record with the lowest preference value &-- there may of course be more than one of them. +.new +The pattern may not be tainted. +.wen + The MX lookup that takes place when matching a pattern of this type is performed with the resolver options for widening names turned off. Thus, for example, a single-component domain will &'not'& be expanded by adding the @@ -9217,6 +9261,8 @@ does not match the list. This may not always be what you want to happen. To change Exim's behaviour, the special items &`+include_unknown`& or &`+ignore_unknown`& may appear in the list (at top level &-- they are not recognized in an indirected file). +The effects of these special items do not propagate into referenced +named lists. .ilist If any item that follows &`+include_unknown`& requires information that @@ -9583,6 +9629,13 @@ longer case-independent. This does not affect the domain, which remains in lower case. However, although independent matches on the domain alone are still performed caselessly, regular expressions that match against an entire address become case-sensitive after &"+caseful"& has been seen. +The effects of &"+caseful"& propagate into any referenced named lists. + +.new +This string may not be tainted. +To do caseful matching on list elements whic are tainted, +place them in a named list. +.wen @@ -9601,6 +9654,12 @@ matching in the local part list, but not elsewhere in the router. If &%caseful_local_part%& is set true in a router, matching in the &%local_parts%& option is case-sensitive from the start. +.new +This string may not be tainted. +To do caseful matching on list elements whic are tainted, +place them in a named list. +.wen + If a local part list is indirected to a file (see section &<>&), comments are handled in the same way as address lists &-- they are recognized only if the # is preceded by white space or the start of the line. @@ -10083,11 +10142,15 @@ leading and trailing quotes are removed from the returned value. .cindex "list" "selecting by condition" .cindex "expansion" "selecting from list by condition" .vindex "&$item$&" -After expansion, <&'string'&> is interpreted as a list, colon-separated by -default, but the separator can be changed in the usual way (&<>&). -For each item -in this list, its value is placed in &$item$&, and then the condition is -evaluated. +.new +<&'string1'&> first has the part after any change-of-list-separator +(see &<>&) expanded, +then the whole is taken as a list. +.wen +The default separator for the list is a colon. + +For each item in this list, +its value is placed in &$item$&, and then the condition is evaluated. Any modification of &$value$& by this evaluation is discarded. If the condition is true, &$item$& is added to the output as an item in a new list; if the condition is false, the item is discarded. The @@ -10351,8 +10414,12 @@ The <&'number'&> argument must consist entirely of decimal digits, apart from an optional leading minus, and leading and trailing white space (which is ignored). -After expansion, <&'string1'&> is interpreted as a list, colon-separated by -default, but the separator can be changed in the usual way (&<>&). +.new +The <&'string1'&> argument, after any leading change-of-separator +(see &<>&), +is expanded and the whole forms the list. +.wen +By default, the list separator is a colon. The first field of the list is numbered one. If the number is negative, the fields are @@ -10452,10 +10519,15 @@ ${lookup nisplus {[name=$local_part],passwd.org_dir:gcos} \ .vitem &*${map{*&<&'string1'&>&*}{*&<&'string2'&>&*}}*& .cindex "expansion" "list creation" .vindex "&$item$&" -After expansion, <&'string1'&> is interpreted as a list, colon-separated by -default, but the separator can be changed in the usual way (&<>&). -For each item -in this list, its value is place in &$item$&, and then <&'string2'&> is +.new +<&'string1'&> first has the part after any change-of-list-separator +(see &<>&) expanded, +then the whole is taken as a list. +.wen +The default separator for the list is a colon. + +For each item in this list, +its value is place in &$item$&, and then <&'string2'&> is expanded and added to the output as an item in a new list. The separator used for the output list is the same as the one used for the input, but a separator setting is not included in the output. For example: @@ -10675,9 +10747,15 @@ locks out the use of this expansion item in filter files. .cindex "list" "reducing to a scalar" .vindex "&$value$&" .vindex "&$item$&" -This operation reduces a list to a single, scalar string. After expansion, -<&'string1'&> is interpreted as a list, colon-separated by default, but the -separator can be changed in the usual way (&<>&). +This operation reduces a list to a single, scalar string. + +.new +<&'string1'&> first has the part after any change-of-list-separator +(see &<>&) expanded, +then the whole is taken as a list. +.wen +The default separator for the list is a colon. + Then <&'string2'&> is expanded and assigned to the &$value$& variable. After this, each item in the <&'string1'&> list is assigned to &$item$&, in turn, and <&'string3'&> is expanded for each of @@ -10834,8 +10912,13 @@ rather than any Unicode-aware character handling. .cindex sorting "a list" .cindex list sorting .cindex expansion "list sorting" -After expansion, <&'string'&> is interpreted as a list, colon-separated by -default, but the separator can be changed in the usual way (&<>&). +.new +<&'string'&> first has the part after any change-of-list-separator +(see &<>&) expanded, +then the whole is taken as a list. +.wen +The default separator for the list is a colon. + The <&'comparator'&> argument is interpreted as the operator of a two-argument expansion condition. The numeric operators plus ge, gt, le, lt (and ~i variants) are supported. @@ -11291,7 +11374,8 @@ All measurement is done in bytes and is not UTF-8 aware. .cindex "list" "item count" .cindex "list" "count of items" .cindex "&%listcount%& expansion item" -The string is interpreted as a list and the number of items is returned. +The part of the string after any leading change-of-separator is expanded, +then the whole is interpreted as a list and the number of items is returned. .vitem &*${listnamed:*&<&'name'&>&*}*&&~and&~&*${listnamed_*&<&'type'&>&*:*&<&'name'&>&*}*& @@ -11912,9 +11996,14 @@ attempt. It is false during any subsequent delivery attempts. .cindex "expansion" "&*forall*& condition" .cindex "expansion" "&*forany*& condition" .vindex "&$item$&" -These conditions iterate over a list. The first argument is expanded to form -the list. By default, the list separator is a colon, but it can be changed by -the normal method (&<>&). +These conditions iterate over a list. +.new +The first argument, after any leading change-of-separator +(see &<>&), +is expanded and the whole forms the list. +.wen +By default, the list separator is a colon. + The second argument is interpreted as a condition that is to be applied to each item in the list in turn. During the interpretation of the condition, the current list item is placed in a variable called &$item$&. @@ -11991,9 +12080,14 @@ SRS decode. See SECT &<>& for details. &*inlisti&~{*&<&'subject'&>&*}{*&<&'list'&>&*}*& .cindex "string" "comparison" .cindex "list" "iterative conditions" -Both strings are expanded; the second string is treated as a list of simple -strings; if the first string is a member of the second, then the condition -is true. +The <&'subject'&> string is expanded. +.new +The <&'list'&> first has any change-of-list-separator ++(see &<>&) retained verbatim, ++then the remainder is expanded. ++.wen +The whole is treated as a list of simple strings; +if the subject string is a member of that list, then the condition is true. For the case-independent &%inlisti%& condition, case is defined per the system C locale. These are simpler to use versions of the more powerful &*forany*& condition. @@ -12186,6 +12280,10 @@ just as easy to use the fact that a lookup is itself a condition, and write: Note that <&'string2'&> is not itself subject to string expansion, unless Exim was built with the EXPAND_LISTMATCH_RHS option. +.new +For the latter case, only the part after any leading +change-of-separator specification is expanded. +.wen Consult section &<>& for further details of these patterns. @@ -12214,9 +12312,10 @@ ${if match_domain{$domain}{+local_domains}{... .endd .cindex "&`+caseful`&" For address lists, the matching starts off caselessly, but the &`+caseful`& -item can be used, as in all address lists, to cause subsequent items to -have their local parts matched casefully. Domains are always matched -caselessly. +item can be used, as in all address lists, to cause subsequent items +(including those of referenced named lists) +to have their local parts matched casefully. +Domains are always matched caselessly. The variable &$value$& will be set for a successful match and can be used in the success clause of an &%if%& expansion item using the condition. @@ -12231,6 +12330,10 @@ Any previous &$value$& is restored after the if. Note that <&'string2'&> is not itself subject to string expansion, unless Exim was built with the EXPAND_LISTMATCH_RHS option. +.new +For the latter case, only the part after any leading +change-of-separator specification is expanded. +.wen &*Note*&: Host lists are &'not'& supported in this way. This is because hosts have two identities: a name and an IP address, and it is not clear @@ -12540,6 +12643,20 @@ to the relevant file. When, as a result of aliasing or forwarding, a message is directed to a pipe, this variable holds the pipe command when the transport is running. +.new +.vitem &$atrn_host$& +.vindex ATRN "data for routing" +When an ATRN command is accepted, this variable is filled in with the client +IP and port, for use in a manualroute router. + +.vitem &$atrn_mode$& +.vindex ATRN mode +.vindex ODMR mode +When in provider mode this variable will contain &"P"&. +When in customer mode it will contain &"C"&. +Otherwise, it will be empty. +.wen + .vitem "&$auth1$& &-- &$auth4$&" .vindex "&$auth1$&, &$auth2$&, etc" These variables are used in SMTP authenticators (see chapters @@ -12714,7 +12831,9 @@ When a message has been received this variable contains a colon-separated list of signer domains and identities for the message. For details see section &<>&. -.vitem &$dmarc_domain_policy$& &&& +.vitem &$dmarc_alignment_spf$& &&& + &$dmarc_alignment_dkim$& &&& + &$dmarc_domain_policy$& &&& &$dmarc_status$& &&& &$dmarc_status_text$& &&& &$dmarc_used_domains$& @@ -14914,6 +15033,7 @@ listed in more than one group. .row &%acl_not_smtp%& "ACL for non-SMTP messages" .row &%acl_not_smtp_mime%& "ACL for non-SMTP MIME parts" .row &%acl_not_smtp_start%& "ACL for start of non-SMTP message" +.row &%acl_smtp_atrn%& "ACL for ATRN" .row &%acl_smtp_auth%& "ACL for AUTH" .row &%acl_smtp_connect%& "ACL for connection" .row &%acl_smtp_data%& "ACL for DATA" @@ -15236,6 +15356,20 @@ SMTP messages. This option defines the ACL that is run before Exim starts reading a non-SMTP message. See section &<>& for further details. +.new +.option acl_smtp_atrn main string&!! unset +.cindex ATRN "ACL for" +.cindex ATRN advertisement +.cindex "ESMTP extensions" ATRN +.cindex ODMR provider +This option defines the ACL that is run when an SMTP ATRN command is +received. +If no value is set, or the result after expansion is an empty string, +then the ATRN facility is not advertised. +See chapter &<>& for general information on ACLs, +and section &<>& for description of ATRN. +.wen + .option acl_smtp_auth main string&!! unset .cindex "&ACL;" "setting up for SMTP commands" .cindex "AUTH" "ACL for" @@ -15279,7 +15413,8 @@ See section &<>& for further details. This option defines the ACL that is run when an SMTP ETRN command is received. If no value is set then the ETRN facility is not advertised. -See chapter &<>& for further details. +See chapter &<>& for general information on ACLs, +and section &<>& for description of ETRN. .option acl_smtp_expn main string&!! unset .cindex "EXPN" "ACL for" @@ -15860,8 +15995,8 @@ See section &<>&. .options dmarc_forensic_sender main string&!! unset &&& - dmarc_history_file main string unset &&& - dmarc_tld_file main string unset + dmarc_history_file&!! main string unset &&& + dmarc_tld_file main&!! string unset .cindex DMARC "main section options" These options control DMARC processing. See section &<>& for details. @@ -18045,7 +18180,7 @@ hosts), you can do so by an appropriate use of a &%control%& modifier in an ACL .option smtp_etrn_command main string&!! unset -.cindex "ETRN" "command to be run" +.cindex ETRN "command to be run" .cindex "ESMTP extensions" ETRN .vindex "&$domain$&" If this option is set, the given command is run whenever an SMTP ETRN @@ -18072,7 +18207,7 @@ the command. .option smtp_etrn_serialize main boolean true -.cindex "ETRN" "serializing" +.cindex ETRN serializing When this option is set, it prevents the simultaneous execution of more than one identical command as a result of ETRN in an SMTP connection. See section &<>& for details. @@ -19348,11 +19483,15 @@ This applies to all of the SRV, MX, AAAA, A lookup sequence. .option domains routers&!? "domain list&!!" unset .cindex "router" "restricting to specific domains" .vindex "&$domain_data$&" -If this option is set, the router is skipped unless the current domain matches -the list. +If this option is set, +the argument is first expanded to give a list. +The router is skipped unless the current domain matches the list. The data returned by the list check is placed in &$domain_data$& for use in string expansions of the driver's private options and in the transport. +If the result of expansion is empty or a forced-fail, +the router is skipped. + See section &<>& for a list of the order in which preconditions are evaluated. @@ -19687,8 +19826,8 @@ real_localuser: For security, it would probably be a good idea to restrict the use of this router to locally-generated messages, using a condition such as this: .code - condition = ${if match {$sender_host_address}\ - {\N^(|127\.0\.0\.1)$\N}} + condition = ${if match_ip {$sender_host_address} \ + {<; ; 127.0.0.1 ; ::1}} .endd If both &%local_part_prefix%& and &%local_part_suffix%& are set for a router, @@ -19722,7 +19861,11 @@ See &%local_part_suffix%& above. .option local_parts routers&!? "local part list&!!" unset .cindex "router" "restricting to specific local parts" .cindex "local part" "checking in router" +If this option is set, the argument is first expanded to give a list. The router is run only if the local part of the address matches the list. +If the result of expansion is empty or a forced-fail, +the router is skipped. + See section &<>& for a list of the order in which preconditions are evaluated, and section &<>& for a discussion of local part lists. Because the @@ -19732,7 +19875,7 @@ example: local_parts = dbm;/usr/local/specials/$domain_data .endd .vindex "&$local_part_data$&" -the data returned by the list check +The data returned by the list check for the local part is placed in the variable &$local_part_data$& for use in expansions of the router's private options or in the transport. You might use this option, for @@ -22430,8 +22573,8 @@ real_localuser: For security, it would probably be a good idea to restrict the use of this router to locally-generated messages, using a condition such as this: .code - condition = ${if match {$sender_host_address}\ - {\N^(|127\.0\.0\.1)$\N}} + condition = ${if match_ip {$sender_host_address} \ + {<; ; 127.0.0.1 ; ::1}} .endd @@ -28001,17 +28144,17 @@ Successful authentication sets up information used by the .cindex authentication "failure event, server" If an authenticator is run and does not succeed, -an event (see &<>&) of type "auth:fail" is raised. +an event of type "auth:fail" is raised. While the event is being processed the variables &$sender_host_authenticated$& (with the authenticator name) and &$authenticated_fail_id$& (as set by the authenticator &%server_set_id%& option) will be valid. If the event is serviced and a string is returned then the string will be logged instead of the default log line. -See <> for details on events. +See &<>& for details on events. -.section "Testing server authentication" "SECID169" +.subsection "Testing server authentication" "SECID169" .cindex "authentication" "testing a server" .cindex "AUTH" "testing a server" .cindex "base64 encoding" "creating authentication test data" @@ -28090,12 +28233,12 @@ usual way. .next .cindex authentication "failure event, client" If the response to authentication is a permanent error (5&'xx'& code), -an event (see &<>&) of type "auth:fail" is raised. +an event of type "auth:fail" is raised. While the event is being processed the variable &$sender_host_authenticated$& (with the authenticator name) will be valid. If the event is serviced and a string is returned then the string will be logged. -See <> for details on events. +See &<>& for details on events. .next If the response to authentication is a permanent error (5&'xx'& code), Exim @@ -28220,7 +28363,7 @@ There are good and bad examples at the end of the next section. -.section "The PLAIN authentication mechanism" "SECID172" +.subsection "The PLAIN authentication mechanism" "SECID172" .cindex "PLAIN authentication mechanism" .cindex authentication PLAIN .cindex "binary zero" "in &(plaintext)& authenticator" @@ -28304,7 +28447,7 @@ always fails if its second argument is empty. However, the second way of writing the test makes the logic clearer. -.section "The LOGIN authentication mechanism" "SECID173" +.subsection "The LOGIN authentication mechanism" "SECID173" .cindex "LOGIN authentication mechanism" .cindex authentication LOGIN The LOGIN authentication mechanism is not documented in any RFC, but is in use @@ -28352,7 +28495,7 @@ the password conform to the Exim syntax. At the LDAP level, the password is an uninterpreted string. -.section "Support for different kinds of authentication" "SECID174" +.subsection "Support for different kinds of authentication" "SECID174" A number of string expansion features are provided for the purpose of interfacing to different ways of user authentication. These include checking traditionally encrypted passwords from &_/etc/passwd_& (or equivalent), PAM, @@ -30831,15 +30974,17 @@ configuration locally by running a fake SMTP session with which you interact. .cindex "&ACL;" "options for specifying" In order to cause an ACL to be used, you have to name it in one of the relevant options in the main part of the configuration. These options are: +.cindex "ATRN" "ACL for" .cindex "AUTH" "ACL for" .cindex "DATA" "ACLs for" +.cindex "DKIM" "ACL for" .cindex "ETRN" "ACL for" .cindex "EXPN" "ACL for" .cindex "HELO" "ACL for" .cindex "EHLO" "ACL for" -.cindex "DKIM" "ACL for" .cindex "MAIL" "ACL for" -.cindex "QUIT, ACL for" +.cindex "QUIT" "ACL for" +.cindex "PRDR" "ACL for" .cindex "RCPT" "ACL for" .cindex "STARTTLS, ACL for" .cindex "VRFY" "ACL for" @@ -30847,12 +30992,12 @@ options in the main part of the configuration. These options are: .cindex "SMTP" "connection, ACL for" .cindex "non-SMTP messages" "ACLs for" .cindex "MIME content scanning" "ACL for" -.cindex "PRDR" "ACL for" .table2 140pt .irow &%acl_not_smtp%& "ACL for non-SMTP messages" .irow &%acl_not_smtp_mime%& "ACL for non-SMTP MIME parts" .irow &%acl_not_smtp_start%& "ACL at start of non-SMTP message" +.irow &%acl_smtp_atrn%& "ACL for ATRN" .irow &%acl_smtp_auth%& "ACL for AUTH" .irow &%acl_smtp_connect%& "ACL for start of SMTP connection" .irow &%acl_smtp_data%& "ACL after DATA is complete" @@ -31284,9 +31429,11 @@ For &%acl_not_smtp%&, &%acl_smtp_auth%&, &%acl_smtp_connect%&, &%acl_smtp_mime%&, &%acl_smtp_predata%&, and &%acl_smtp_starttls%&, the action when the ACL is not defined is &"accept"&. -For the others (&%acl_smtp_etrn%&, &%acl_smtp_expn%&, &%acl_smtp_rcpt%&, -&%acl_smtp_vrfy%& -and &%acl_smtp_wellknown%&), +.new +For the others (&%acl_smtp_atrn%&, +.wen +&%acl_smtp_etrn%&, &%acl_smtp_expn%&, &%acl_smtp_rcpt%&, +&%acl_smtp_vrfy%& and &%acl_smtp_wellknown%&), the action when the ACL is not defined is &"deny"&. This means that &%acl_smtp_rcpt%& must be defined in order to receive any messages over an SMTP connection. @@ -31337,7 +31484,7 @@ of previously accepted recipients. At DATA time (for both the DATA ACLs), .cindex "&ACL;" "data for non-message ACL" .vindex &$smtp_command_argument$& .vindex &$smtp_command$& -When an ACL is being run for AUTH, EHLO, ETRN, EXPN, HELO, STARTTLS, or VRFY, +When an ACL is being run for ATRN, AUTH, EHLO, ETRN, EXPN, HELO, STARTTLS, or VRFY, the remainder of the SMTP command line is placed in &$smtp_command_argument$&, and the entire SMTP command is available in &$smtp_command$&. These variables can be tested using a &%condition%& condition. For example, @@ -32668,6 +32815,18 @@ loops. This condition allows you to use different ACLs in different circumstances. For example, different ACLs can be used to handle RCPT commands for different local users or different local domains. +.new +.vitem &*atrn_domains&~=&~*&<&'domain&~list'&> +.cindex ATRN "checking for queued messages" +This condition is only usable in the ATRN ACL. +It returns true if there are any messages queued for any of the domains given +in the list. +The list supplied must not be tainted +.cindex "tainted data" "de-tainting" +and should contain only domains relevant for the authenticated user +(to avoid leaking information about other users). +.wen + .vitem &*authenticated&~=&~*&<&'string&~list'&> .cindex "&%authenticated%& ACL condition" .cindex "authentication" "ACL checking" @@ -37926,6 +38085,161 @@ under its own uid and gid when receiving incoming SMTP, so it is not possible for it to change them before running the command. +.new +.subsection "The ATRN command, and ODMR" SECTODMR +.cindex ATRN processing +.cindex "ESMTP extensions" ATRN +.cindex ODMR provider +A second method for handling +On-Demand Message Reception (ODMR) +for intermittently-connecting destinations is specified by +&url(https://www.rfc-editor.org/rfc/rfc2645.html,RFC 2645). + +This describes an ESMTP command called ATRN which requests +a swap in server/client roles of the communicating SMTP endpoints, +and delivery of queued messages. +Note that this supports customers having IP addresses that +change frequently. + +Exim supports both the &"provider"& and &"customer"& sides of ODMR, +to use the terms of that specification. + +. need a sub-subsection here +.subsection "ODMR provider connection" SECTODMRPRDVR + +In the &"provider"& use case Exim is +initially an SMTP server, then transferring to an SMTP client +role if an ATRN command is accepted. + +.oindex "&%acl_smtp_atrn%&" +The command is only available if permitted by an ACL +specfied by the main-section &%acl_smtp_atrn%& option. +Per the standard, this should only be for a specific +provider port number (386, named "odmr"); +Exim should be configured to listen on that port +(in addition to other duties) via &%daemon_smtp_ports%& +or equivalent commandline options, and restrict the +advertising of the facility to the port: +.code +acl_smtp_atrn = ${if = {$received_port}{386} {check_atrn}{}} +.endd + +A recieved ATRN command will be rejected unless +authentication has previously been done on the connection. + +Any arguments supplied with an ATRN command are (per standard) +a comma-separated list of requested domains, +and will be available in the &$smtp_command_argument$& +variable. + +The ACL configured may return &"deny"& for any policy reaons +(for example, the authenticated user is not permitted the facility). +Otherwise it should use the ACL &"atrn_domains"& condition, +which returns true if there are queued messages for any of +the given list of domains. +If that condition fails the ACL should return &"defer"& +with a "453 You have no mail" response; +else it should return &"accept"&. + +For example (with default domain handling, and one possible de-taint method) : +.code +check_atrn: + warn set acl_m0 = clientdom.net + deny condition = ${if def:smtp_command_argument} + set acl_m0 = ${map \ + {<, $smtp_command_argument} \ + {${if inlist{$item}{clientdom.net:cl2dom.net} {$value}}} \ + } + condition = ${if !def:acl_m0} + defer !atrn_domains = <, $acl_m0 + message = 453 You have no mail + accept +.endd + +Acceptance by the ACL will result in a queue-run for messages +having addresses with the given domains. +A suitable router and transport must be configured for the deliveries. + +To access a named queue +.cindex queue named +the ACL should use a "queue =" modifier before the "atrn_domains" +condition. +If the ACL does not accept, re-set the queue to an empty value +so as to not disrupt any later SMTP operations on the connection. + +Use of the &"atrn_domains"& condition additionally sets up +the &$atrn_host$& variable, which can be used by a manualroute +router. Being otherwise empty, this router will decline in +other situations so can be safely placed in a general router chain. + +For example: +.code +begin routers +to_odmr_customer: + driver = manualroute + route_data = <;$atrn_host + transport = call_customer + +begin transports +call_customer: + driver = smtp +.endd + +Although not discssed in the specification document, +Exim supports use of ATRN within a STARTTLS- +or TLS-on-connect- encrypted connection +(which is wise if a plaintext authentication mechanism is used). +In such cases the TLS connection will remain open across the +role-swap, and be used for the sending of queued messages. + +Note that the RFC requires that the CRAM-MD5 authentication +method be supported. +Exim does not enforce this, but leaves it up to the configuration; +see chapter &<>&. + + +.subsection "ODMR customer connection" SECTODMRCUST +.cindex ODMR customer +Exim supports the &"customer"& side of ODMR, +with a command-line option &"-atrn"& that requests a connection +to a given host, issuance of an ATRN command then operation +in SMTP server mode. +The option must be followed by two arguments. + +The first is the name or IP of the provider to be contacted. + +The second, which may be empty, should be a comma-separated list +of domains for which mail is to be requested. +Interpretation of the list is up to the provider; +an empty list is expected to result in some default being returned. + +The provider host is placed in &$domain$& for routing; +router and transport must be configured suitably to make the connection. +For example: +.code +begin routers +to_odmr_provider: + driver = manualroute + condition = ${if eq {$atrn_mode}{C}} + route_data = <;$domain + transport = call_provider + +begin transports +call_provider: + driver = smtp + port = odmr + hosts_try_auth = * + command_timeout = 10m +.endd + +Note that the specification requires a long timeout for the ATRN +command, to allow for scanning of queued messages. + +Configuration should also include client-side authentication +and processing for receiving messages. +.wen + + .section "Incoming local SMTP" "SECID238" .cindex "SMTP" "local incoming" @@ -37945,7 +38259,8 @@ This accepts SMTP messages from local processes without doing any other tests. -.section "Outgoing batched SMTP" "SECTbatchSMTP" +.section "Batched SMTP" "SECTgenbatchSMTP" +.subsection "Outgoing batched SMTP" "SECTbatchSMTP" .cindex "SMTP" "batched outgoing" .cindex "batched SMTP output" Both the &(appendfile)& and &(pipe)& transports can be used for handling @@ -37992,7 +38307,7 @@ message (unless there are more than 1000 recipients). -.section "Incoming batched SMTP" "SECTincomingbatchedSMTP" +.subsection "Incoming batched SMTP" "SECTincomingbatchedSMTP" .cindex "SMTP" "batched incoming" .cindex "batched SMTP input" The &%-bS%& command line option causes Exim to accept one or more messages by @@ -42824,10 +43139,13 @@ the most current version can be downloaded from a link at &url(https://publicsuffix.org/list/public_suffix_list.dat). See also the util/renew-opendmarc-tlds.sh script. The default for the option is unset. -If not set, DMARC processing is disabled. +.new +It is expanded before use. +If not set (or empty after expansion), DMARC processing is disabled. +.wen -The &%dmarc_history_file%& option, if set +The &%dmarc_history_file%& option .oindex &%dmarc_history_file%& defines the location of a file to log results of dmarc verification on inbound emails. The @@ -42836,7 +43154,11 @@ which will manage the data, send out DMARC reports, and expire the data. Make sure the directory of this file is writable by the user exim runs as. -The default is unset. +The default for the option is unset. +.new +It is expanded before use. +If not set (or empty after expansion), no history is written. +.wen The &%dmarc_forensic_sender%& option .oindex &%dmarc_forensic_sender%& @@ -42951,6 +43273,18 @@ The domain which DMARC used to look up the DMARC policy record. The policy declared in the DMARC record. Valid values are "none", "reject" and "quarantine". It is blank when there is any error, including no DMARC record. + +.new +.vitem &$dmarc_alignment_spf$& +.vindex &$dmarc_alignment_spf$& +The result of the SPF alignment portion of the test status; +"yes" or "no". + +.vitem &$dmarc_alignment_dkim$& +.vindex &$dmarc_alignment_dkim$& +The result of the DKIM alignment portion of the test status; +"yes" or "no". +.wen .endlist .subsection Logging SSECDMARCLOGGING