X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/ac4d558b5e07523392bab2b4468b4c9f73745af9..c246a1de88:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index b891679a0..3fe2afb3e 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1667,6 +1667,9 @@ Symbolic links to the sources are installed in this directory, which is where the actual building takes place. In most cases, Exim can discover the machine architecture and operating system for itself, but the defaults can be overridden if necessary. +.cindex compiler requirements +.cindex compiler version +A C99-capable compiler will be required for the build. .section "PCRE library" "SECTpcre" @@ -2788,6 +2791,13 @@ files or databases you are using, you must exit and restart Exim before trying the same lookup again. Otherwise, because each Exim process caches the results of lookups, you will just get the same result as before. +.new +Macro processing is done on lines before string-expansion: new macros can be +defined and macros will be expanded. +Because macros in thc config file are often used for secrets, those are only +available to admin users. +.wen + .vitem &%-bem%&&~<&'filename'&> .oindex "&%-bem%&" .cindex "testing" "string expansion" @@ -4274,7 +4284,7 @@ or &%-bs%& is used. For &%-bh%&, the protocol is forced to one of the standard SMTP protocol names (see the description of &$received_protocol$& in section &<>&). For &%-bs%&, the protocol is always &"local-"& followed by one of those same names. For &%-bS%& (batched SMTP) however, the protocol can -be set by &%-oMr%&. +be set by &%-oMr%&. Repeated use of this option is not supported. .vitem &%-oMs%&&~<&'host&~name'&> .oindex "&%-oMs%&" @@ -4374,6 +4384,7 @@ host name and its colon can be omitted when only the protocol is to be set. Note the Exim already has two private options, &%-pd%& and &%-ps%&, that refer to embedded Perl. It is therefore impossible to set a protocol value of &`d`& or &`s`& using this option (but that does not seem a real limitation). +Repeated use of this option is not supported. .vitem &%-q%& .oindex "&%-q%&" @@ -9963,7 +9974,7 @@ a regular expression, and a substitution string. For example: ${sg{abcdefabcdef}{abc}{xyz}} .endd yields &"xyzdefxyzdef"&. Because all three arguments are expanded before use, -if any $ or \ characters are required in the regular expression or in the +if any $, } or \ characters are required in the regular expression or in the substitution string, they have to be escaped. For example: .code ${sg{abcdef}{^(...)(...)\$}{\$2\$1}} @@ -10114,7 +10125,15 @@ character. For example: .code ${addresses:>& Chief , sec@base.ment (dogsbody)} .endd -expands to &`ceo@up.stairs&&sec@base.ment`&. Compare the &*address*& (singular) +expands to &`ceo@up.stairs&&sec@base.ment`&. The string is expanded +first, so if the expanded string starts with >, it may change the output +separator unintentionally. This can be avoided by setting the output +separator explicitly: +.code +${addresses:>:$h_from:} +.endd + +Compare the &*address*& (singular) expansion item, which extracts the working address from a single RFC2822 address. See the &*filter*&, &*map*&, and &*reduce*& items for ways of processing lists. @@ -12792,6 +12811,15 @@ argument, that is, the text that follows the command name, with leading white space removed. Following the introduction of &$smtp_command$&, this variable is somewhat redundant, but is retained for backwards compatibility. +.new +.vitem &$smtp_command_history$& +.cindex SMTP "command history" +.vindex "&$smtp_command_history$&" +A comma-separated list (with no whitespace) of the most-recent SMTP commands +received, in time-order left to right. Only a limited number of commands +are remembered. +.wen + .vitem &$smtp_count_at_connection_start$& .vindex "&$smtp_count_at_connection_start$&" This variable is set greater than zero only in processes spawned by the Exim @@ -19468,6 +19496,10 @@ instead of TRY_AGAIN. That is why the default action is to try a DNS lookup first. Only if that gives a definite &"no such host"& is the local function called. +&*Compatibility*&: From Exim 4.85 until fixed for 4.90, there was an +inadvertent constraint that a transport name as an option had to be the last +option specified. + If no IP address for a host can be found, what happens is controlled by the @@ -22127,10 +22159,14 @@ the obvious value which users understand most easily. The value of the option is expanded, and must then be a numerical value (decimal point allowed), optionally followed by one of the letters K, M, or G, -for kilobytes, megabytes, or gigabytes. If Exim is running on a system with +for kilobytes, megabytes, or gigabytes, optionally followed by a slash +and further option modifiers. If Exim is running on a system with large file support (Linux and FreeBSD have this), mailboxes larger than 2G can be handled. +The option modifier &%no_check%& can be used to force delivery even if the over +quota condition is met. The quota gets updated as usual. + &*Note*&: A value of zero is interpreted as &"no quota"&. The expansion happens while Exim is running as root, before it changes uid for @@ -22165,6 +22201,8 @@ can only be used if &%quota%& is also set. The value is expanded; an expansion failure causes delivery to be deferred. A value of zero is interpreted as &"no quota"&. +The option modifier &%no_check%& can be used to force delivery even if the over +quota condition is met. The quota gets updated as usual. .option quota_is_inclusive appendfile boolean true See &%quota%& above. @@ -23775,7 +23813,9 @@ of the message. Its value must not be zero. See also &%final_timeout%&. .option dkim_private_key smtp string&!! unset .option dkim_canon smtp string&!! unset .option dkim_strict smtp string&!! unset -.option dkim_sign_headers smtp string&!! unset +.option dkim_sign_headers smtp string&!! "per RFC" +.option dkim_hash smtp string&!! sha256 +.option dkim_identity smtp string&!! unset DKIM signing options. For details see section &<>&. @@ -24114,7 +24154,7 @@ This option provides a list of servers to which, provided they announce CHUNKING support, Exim will attempt to use BDAT commands rather than DATA. BDAT will not be used in conjunction with a transport filter. -.option hosts_try_fastopen smtp "host list!!" unset +.option hosts_try_fastopen smtp "host list&!!" unset .cindex "fast open, TCP" "enabling, in client" .cindex "TCP Fast Open" "enabling, in client" .cindex "RFC 7413" "TCP Fast Open" @@ -24130,6 +24170,9 @@ as the initiator must present a cookie in the SYN segment. On (at least some) current Linux distributions the facility must be enabled in the kernel by the sysadmin before the support is usable. +There is no option for control of the server side; if the system supports +it it is always enebled. Note that legthy operations in the connect ACL, +such as DNSBL lookups, will still delay the emission of the SMTP banner. .option hosts_try_prdr smtp "host list&!!" * .cindex "PRDR" "enabling, optional in client" @@ -31710,10 +31753,10 @@ av_scanner = sock:127.0.0.1 6001:%s:(SPAM|VIRUS):(.*)$ .new Note that surrounding whitespace is stripped from each option, meaning there is no way to specify a trailing newline. +The socket specifier and both regular-expressions are required. +Default for the commandline is &_%s\n_& (note this does have a trailing newline); +specify an empty element to get this. .wen -Default for the socket specifier is &_/tmp/malware.sock_&. -Default for the commandline is &_%s\n_& (note this does have a trailing newline). -Both regular-expressions are required. .vitem &%sophie%& .cindex "virus scanners" "Sophos and Sophie" @@ -36017,6 +36060,7 @@ the following table: &`SNI `& server name indication from TLS client hello &`ST `& shadow transport name &`T `& on &`<=`& lines: message subject (topic) +&`TFO `& connection took advantage of TCP Fast Open &` `& on &`=>`& &`**`& and &`==`& lines: transport name &`U `& local user or RFC 1413 identity &`X `& TLS cipher suite @@ -36098,6 +36142,7 @@ selection marked by asterisks: &` incoming_interface `& local interface on <= and => lines &` incoming_port `& remote port on <= lines &`*lost_incoming_connection `& as it says (includes timeouts) +&` millisec `& millisecond timestamps and QT,DT,D times &` outgoing_interface `& local interface on => lines &` outgoing_port `& add remote port to => lines &`*queue_run `& start and end queue runs @@ -36187,6 +36232,8 @@ process is started because &%queue_only%& is set or &%-odq%& was used. .cindex "log" "delivery duration" &%deliver_time%&: For each delivery, the amount of real time it has taken to perform the actual delivery is logged as DT=<&'time'&>, for example, &`DT=1s`&. +If millisecond logging is enabled, short times will be shown with greater +precision, eg. &`DT=0.304`&. .next .cindex "log" "message size on delivery" .cindex "size" "of message" @@ -36262,6 +36309,14 @@ important with the widening use of NAT (see RFC 2505). &%lost_incoming_connection%&: A log line is written when an incoming SMTP connection is unexpectedly dropped. .next +.new +.cindex "log" "millisecond timestamps" +.cindex millisecond logging +.cindex timstamps "millisecond, in logs" +&%millisec%&: Timestamps have a period and three decimal places of finer granularity +appended to the seconds value. +.wen +.next .cindex "log" "outgoing interface" .cindex "log" "local interface" .cindex "log" "local address and port" @@ -36300,6 +36355,8 @@ includes reception time as well as the delivery time for the current address. This means that it may be longer than the difference between the arrival and delivery log line times, because the arrival log line is not written until the message has been successfully received. +If millisecond logging is enabled, short times will be shown with greater +precision, eg. &`QT=1.578s`&. .next &%queue_time_overall%&: The amount of time the message has been in the queue on the local host is logged as QT=<&'time'&> on &"Completed"& lines, for @@ -38488,13 +38545,15 @@ while expanding the remaining signing options. .wen If it is empty after expansion, DKIM signing is not done. -.option dkim_selector smtp string&!! unset +.option dkim_selector smtp string list&!! unset This sets the key selector string. -You can use the &%$dkim_domain%& expansion variable to look up a matching selector. -The result is put in the expansion +.new +After expansion, which can use &$dkim_domain$&, this can be a list. +Each element in turn is put in the expansion variable &%$dkim_selector%& which may be used in the &%dkim_private_key%& option along with &%$dkim_domain%&. -If the option is empty after expansion, DKIM signing is not done. +If the option is empty after expansion, DKIM signing is not done for this domain. +.wen .option dkim_private_key smtp string&!! unset This sets the private key to use. @@ -38513,6 +38572,19 @@ is set. .endlist If the option is empty after expansion, DKIM signing is not done. +.new +.option dkim_hash smtp string&!! sha256 +Can be set alternatively to &"sha1"& to use an alternate hash +method. Note that sha1 is now condidered insecure, and deprecated. + +.option dkim_identity smtp string&!! unset +If set after expansion, the value is used to set an "i=" tag in +the signing header. The DKIM standards restrict the permissible +syntax of this optional tag to a mail address, with possibly-empty +local part, an @, and a domain identical to or subdomain of the "d=" +tag value. Note that Exim does not check the value. +.wen + .option dkim_canon smtp string&!! unset This option sets the canonicalization method used when signing a message. The DKIM RFC currently supports two methods: "simple" and "relaxed". @@ -38526,11 +38598,17 @@ either "1" or "true", Exim will defer. Otherwise Exim will send the message unsigned. You can use the &%$dkim_domain%& and &%$dkim_selector%& expansion variables here. -.option dkim_sign_headers smtp string&!! unset -If set, this option must expand to (or be specified as) a colon-separated -list of header names. Headers with these names will be included in the message -signature. -When unspecified, the header names recommended in RFC4871 will be used. +.option dkim_sign_headers smtp string&!! "see below" +If set, this option must expand to a colon-separated +list of header names. +.new +Headers with these names, or the absence or such a header, will be included +in the message signature. +When unspecified, the header names listed in RFC4871 will be used, +whether or not each header is present in the message. +The default list is available for the expansion in the macro +"_DKIM_SIGN_HEADERS". +.wen .section "Verifying DKIM signatures in incoming mail" "SECID514" @@ -38541,7 +38619,7 @@ Verification of DKIM signatures in SMTP incoming email is implemented via the syntactically(!) correct signature in the incoming message. A missing ACL definition defaults to accept. If any ACL call does not accept, the message is not accepted. -If a cutthrough delivery was in progress for the message it is +If a cutthrough delivery was in progress for the message, that is summarily dropped (having wasted the transmission effort). To evaluate the signature in the ACL a large number of expansion variables @@ -38644,7 +38722,7 @@ The algorithm used. One of 'rsa-sha1' or 'rsa-sha256'. .vitem &%$dkim_canon_body%& The body canonicalization method. One of 'relaxed' or 'simple'. -.vitem &%dkim_canon_headers%& +.vitem &%$dkim_canon_headers%& The header canonicalization method. One of 'relaxed' or 'simple'. .vitem &%$dkim_copiedheaders%&