X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/982854f86c4acc7779b6b65094ba557a9fcd50d6..ee549a2ed04164407f4f897be3bf545f32579c5c:/doc/doc-docbook/spec.xfpt?ds=inline diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index c8f765905..1fec82923 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1401,7 +1401,8 @@ check an address given in the SMTP EXPN command (see the &%expn%& option). If the &%domains%& option is set, the domain of the address must be in the set of domains that it defines. .cindex "tainted data" "de-tainting" -.cindex "de-tainting" "using router domains option" +.cindex de-tainting "using router domains option" +.cindex de-tainting &$domains$& A match verifies the variable &$domain$& (which carries tainted data) and assigns an untainted value to the &$domain_data$& variable. Such an untainted value is often needed in the transport. @@ -1421,6 +1422,7 @@ rather than the generic &%condition%& option. If the &%local_parts%& option is set, the local part of the address must be in the set of local parts that it defines. A match verifies the variable &$local_part$& (which carries tainted data) +.cindex de-tainting &$local_parts$& and assigns an untainted value to the &$local_part_data$& variable. Such an untainted value is often needed in the transport. For specifics of the matching operation and the resulting untainted value, @@ -2837,6 +2839,12 @@ displayed. These options are used by Sendmail for selecting configuration files and are ignored by Exim. +.new +.cmdopt -atrn <&'host'&> <&'domainlist'&> +This option requests an ODMR customer connection. +See &<>& for details. +.wen + .cmdopt -B <&'type'&> .oindex "&%-B%&" .cindex "8-bit characters" @@ -5210,7 +5218,7 @@ This can then be used in a &(redirect)& router setting like this: data = ${lookup mysql{ALIAS_QUERY}} .endd In earlier versions of Exim macros were sometimes used for domain, host, or -address lists. In Exim 4 these are handled better by named lists &-- see +address lists. In Exim version 4 these are handled better by named lists &-- see section &<>&. @@ -9253,6 +9261,8 @@ does not match the list. This may not always be what you want to happen. To change Exim's behaviour, the special items &`+include_unknown`& or &`+ignore_unknown`& may appear in the list (at top level &-- they are not recognized in an indirected file). +The effects of these special items do not propagate into referenced +named lists. .ilist If any item that follows &`+include_unknown`& requires information that @@ -9619,6 +9629,7 @@ longer case-independent. This does not affect the domain, which remains in lower case. However, although independent matches on the domain alone are still performed caselessly, regular expressions that match against an entire address become case-sensitive after &"+caseful"& has been seen. +The effects of &"+caseful"& propagate into any referenced named lists. .new This string may not be tainted. @@ -12637,6 +12648,13 @@ this variable holds the pipe command when the transport is running. .vindex ATRN "data for routing" When an ATRN command is accepted, this variable is filled in with the client IP and port, for use in a manualroute router. + +.vitem &$atrn_mode$& +.vindex ATRN mode +.vindex ODMR mode +When in provider mode this variable will contain &"P"&. +When in customer mode it will contain &"C"&. +Otherwise, it will be empty. .wen .vitem "&$auth1$& &-- &$auth4$&" @@ -15343,12 +15361,13 @@ non-SMTP message. See section &<>& for further details. .cindex ATRN "ACL for" .cindex ATRN advertisement .cindex "ESMTP extensions" ATRN +.cindex ODMR provider This option defines the ACL that is run when an SMTP ATRN command is received. If no value is set, or the result after expansion is an empty string, then the ATRN facility is not advertised. See chapter &<>& for general information on ACLs, -and section &<>& for description of ATRN. +and section &<>& for description of ATRN. .wen .option acl_smtp_auth main string&!! unset @@ -15976,8 +15995,8 @@ See section &<>&. .options dmarc_forensic_sender main string&!! unset &&& - dmarc_history_file main string unset &&& - dmarc_tld_file main string unset + dmarc_history_file&!! main string unset &&& + dmarc_tld_file main&!! string unset .cindex DMARC "main section options" These options control DMARC processing. See section &<>& for details. @@ -19464,11 +19483,15 @@ This applies to all of the SRV, MX, AAAA, A lookup sequence. .option domains routers&!? "domain list&!!" unset .cindex "router" "restricting to specific domains" .vindex "&$domain_data$&" -If this option is set, the router is skipped unless the current domain matches -the list. +If this option is set, +the argument is first expanded to give a list. +The router is skipped unless the current domain matches the list. The data returned by the list check is placed in &$domain_data$& for use in string expansions of the driver's private options and in the transport. +If the result of expansion is empty or a forced-fail, +the router is skipped. + See section &<>& for a list of the order in which preconditions are evaluated. @@ -19838,7 +19861,11 @@ See &%local_part_suffix%& above. .option local_parts routers&!? "local part list&!!" unset .cindex "router" "restricting to specific local parts" .cindex "local part" "checking in router" +If this option is set, the argument is first expanded to give a list. The router is run only if the local part of the address matches the list. +If the result of expansion is empty or a forced-fail, +the router is skipped. + See section &<>& for a list of the order in which preconditions are evaluated, and section &<>& for a discussion of local part lists. Because the @@ -19848,7 +19875,7 @@ example: local_parts = dbm;/usr/local/specials/$domain_data .endd .vindex "&$local_part_data$&" -the data returned by the list check +The data returned by the list check for the local part is placed in the variable &$local_part_data$& for use in expansions of the router's private options or in the transport. You might use this option, for @@ -38059,22 +38086,29 @@ for it to change them before running the command. .new -.subsection "The ATRN command" SECTATRN +.subsection "The ATRN command, and ODMR" SECTODMR .cindex ATRN processing .cindex "ESMTP extensions" ATRN -A second method for intermittently-connecting destinations -is specified by +.cindex ODMR provider +A second method for handling +On-Demand Message Reception (ODMR) +for intermittently-connecting destinations is specified by &url(https://www.rfc-editor.org/rfc/rfc2645.html,RFC 2645). This describes an ESMTP command called ATRN which requests -a swap in server/client roles of the communicating endpoints, and delivery -of queued messages. +a swap in server/client roles of the communicating SMTP endpoints, +and delivery of queued messages. Note that this supports customers having IP addresses that change frequently. -Exim supports the &"provider"& side of ATRN, using the terms -of that specification: -initially as an SMTP server, then transferring to an SMTP client +Exim supports both the &"provider"& and &"customer"& sides of ODMR, +to use the terms of that specification. + +. need a sub-subsection here +.subsection "ODMR provider connection" SECTODMRPRDVR + +In the &"provider"& use case Exim is +initially an SMTP server, then transferring to an SMTP client role if an ATRN command is accepted. .oindex "&%acl_smtp_atrn%&" @@ -38141,13 +38175,13 @@ other situations so can be safely placed in a general router chain. For example: .code begin routers -odmr_client: +to_odmr_customer: driver = manualroute route_data = <;$atrn_host - transport = client_smtp + transport = call_customer begin transports -client_smtp: +call_customer: driver = smtp .endd @@ -38163,6 +38197,46 @@ method be supported. Exim does not enforce this, but leaves it up to the configuration; see chapter &<>&. + +.subsection "ODMR customer connection" SECTODMRCUST +.cindex ODMR customer +Exim supports the &"customer"& side of ODMR, +with a command-line option &"-atrn"& that requests a connection +to a given host, issuance of an ATRN command then operation +in SMTP server mode. +The option must be followed by two arguments. + +The first is the name or IP of the provider to be contacted. + +The second, which may be empty, should be a comma-separated list +of domains for which mail is to be requested. +Interpretation of the list is up to the provider; +an empty list is expected to result in some default being returned. + +The provider host is placed in &$domain$& for routing; +router and transport must be configured suitably to make the connection. +For example: +.code +begin routers +to_odmr_provider: + driver = manualroute + condition = ${if eq {$atrn_mode}{C}} + route_data = <;$domain + transport = call_provider + +begin transports +call_provider: + driver = smtp + port = odmr + hosts_try_auth = * + command_timeout = 10m +.endd + +Note that the specification requires a long timeout for the ATRN +command, to allow for scanning of queued messages. + +Configuration should also include client-side authentication +and processing for receiving messages. .wen @@ -43065,10 +43139,13 @@ the most current version can be downloaded from a link at &url(https://publicsuffix.org/list/public_suffix_list.dat). See also the util/renew-opendmarc-tlds.sh script. The default for the option is unset. -If not set, DMARC processing is disabled. +.new +It is expanded before use. +If not set (or empty after expansion), DMARC processing is disabled. +.wen -The &%dmarc_history_file%& option, if set +The &%dmarc_history_file%& option .oindex &%dmarc_history_file%& defines the location of a file to log results of dmarc verification on inbound emails. The @@ -43077,7 +43154,11 @@ which will manage the data, send out DMARC reports, and expire the data. Make sure the directory of this file is writable by the user exim runs as. -The default is unset. +The default for the option is unset. +.new +It is expanded before use. +If not set (or empty after expansion), no history is written. +.wen The &%dmarc_forensic_sender%& option .oindex &%dmarc_forensic_sender%&