X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/b3326a3c07ab6cd4c4dcfb48bcaaa9465b6c8e22..8ff2ba119ba654e9238f157f94bf10ed640ed877:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index ec1e080bd..0ba62ce5e 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1,3 +1,4 @@ + . ///////////////////////////////////////////////////////////////////////////// . This is the primary source of the Exim Manual. It is an xfpt document that is . converted into DocBook XML for subsequent conversion into printable and online @@ -948,6 +949,7 @@ User filters are run as part of the routing process, described below. .cindex "base36" .cindex "Darwin" .cindex "Cygwin" +.cindex "exim_msgdate" Every message handled by Exim is given a &'message id'& which is sixteen characters long. It is divided into three parts, separated by hyphens, for example &`16VDhn-0001bo-D3`&. Each part is a sequence of letters and digits, @@ -994,6 +996,10 @@ received by the same process, or by another process with the same (re-used) pid, it is guaranteed that the time will be different. In most cases, the clock will already have ticked while the message was being received. +The exim_msgdate utility (see section &<>&) can be +used to display the date, and optionally the process id, of an Exim +Message ID. + .section "Receiving mail" "SECID13" .cindex "receiving mail" @@ -2810,6 +2816,14 @@ of Exim is installed. It is not necessary to do this when other files that are referenced from the configuration (for example, alias files) are changed, because these are reread each time they are used. +.new +Either a SIGTERM or a SIGINT signal should be used to cause the daemon +to cleanly shut down. +Subprocesses handling recceiving or delivering messages, +or for scanning the queue, +will not be affected by the termination of the daemon process. +.wen + .cmdopt -bdf This option has the same effect as &%-bd%& except that it never disconnects from the controlling terminal, even when no debugging is specified. @@ -3258,6 +3272,12 @@ to the standard output. It is restricted to admin users, unless &%queue_list_requires_admin%& is set false. +.cmdopt -bpi +.cindex queue "list of message IDs" +This option operates like &%-bp%&, but only outputs message ids +(one per line). + + .cmdopt -bpr This option operates like &%-bp%&, but the output is not sorted into chronological order of message arrival. This can speed it up when there are @@ -3267,6 +3287,9 @@ going to be post-processed in a way that doesn't need the sorting. .cmdopt -bpra This option is a combination of &%-bpr%& and &%-bpa%&. +.cmdopt -bpri +This option is a combination of &%-bpr%& and &%-bpi%&. + .cmdopt -bpru This option is a combination of &%-bpr%& and &%-bpu%&. @@ -4397,15 +4420,21 @@ It is only relevant when the &%-bd%& (start listening daemon) option is also given. Normally the daemon creates this socket, unless a &%-oX%& and &*no*& &%-oP%& option is also present. -If this option is given then the socket will not be created. This could be -required if the system is running multiple daemons. +.new +If this option is given then the socket will not be created. This is required +if the system is running multiple daemons, in which case it should +be used on all. +The features supported by the socket will not be available in such cases. The socket is currently used for .ilist fast ramp-up of queue runner processes .next +caching compiled regexes +.next obtaining a current queue size .endlist +.wen .cmdopt -pd .cindex "Perl" "starting the interpreter" @@ -4489,23 +4518,33 @@ every domain. Addresses are routed, local deliveries happen, but no remote transports are run. Performance will be best if the &%queue_run_in_order%& option is false. -If that is so and the &%queue_fast_ramp%& option is true then -in the first phase of the run, +If that is so and +the &%queue_fast_ramp%& option is true +and a daemon-notifier socket is available +then in the first phase of the run, once a threshold number of messages are routed for a given host, a delivery process is forked in parallel with the rest of the scan. .cindex "hints database" "remembering routing" The hints database that remembers which messages are waiting for specific hosts -is updated, as if delivery to those hosts had been deferred. After this is -complete, a second, normal queue scan happens, with routing and delivery taking -place as normal. Messages that are routed to the same host should mostly be +is updated, as if delivery to those hosts had been deferred. + +After the first queue scan complete, +a second, normal queue scan is done, with routing and delivery taking +place as normal. +Messages that are routed to the same host should mostly be delivered down a single SMTP .cindex "SMTP" "passed connection" .cindex "SMTP" "multiple deliveries" .cindex "multiple SMTP deliveries" connection because of the hints that were set up during the first queue scan. -This option may be useful for hosts that are connected to the Internet + +.new +Two-phase queue runs should be used on systems which, even intermittently, +have a large queue (such as mailing-list operators). +They may also be useful for hosts that are connected to the Internet intermittently. +.wen .vitem &%-q[q]i...%& .oindex "&%-qi%&" @@ -4591,6 +4630,15 @@ combined daemon at system boot time is to use a command such as Such a daemon listens for incoming SMTP calls, and also starts a queue runner process every 30 minutes. +.new +.cindex "named queues" "queue runners" +It is possible to set up runners for multiple named queues within one daemon, +For example: +.code +exim -qGhipri/2m -q10m -qqGmailinglist/1h +.endd +.wen + When a daemon is started by &%-q%& with a time value, but without &%-bd%&, no pid file is written unless one is explicitly requested by the &%-oP%& option. @@ -5103,6 +5151,10 @@ The following classes of macros are defined: &` _DRIVER_ROUTER_* `& router drivers &` _DRIVER_TRANSPORT_* `& transport drivers &` _DRIVER_AUTHENTICATOR_* `& authenticator drivers +&` _EXP_COND_* `& expansion conditions +&` _EXP_ITEM_* `& expansion items +&` _EXP_OP_* `& expansion operators +&` _EXP_VAR_* `& expansion variables &` _LOG_* `& log_selector values &` _OPT_MAIN_* `& main config options &` _OPT_ROUTERS_* `& generic router options @@ -6602,7 +6654,7 @@ file that is searched could contain lines like this: When the lookup succeeds, the result of the expansion is a list of domains (and possibly other types of item that are allowed in domain lists). .cindex "tainted data" "de-tainting" -.cindex "de-tainting" "using a lookup expansion"" +.cindex "de-tainting" "using a lookup expansion" The result of the expansion is not tainted. .next @@ -7799,7 +7851,8 @@ connection timeout (the system timeout is used), no user or password, no limit on the number of entries returned, and no time limit on queries. When a DN is quoted in the USER= setting for LDAP authentication, Exim -removes any URL quoting that it may contain before passing it LDAP. Apparently +removes any URL quoting that it may contain before passing it to the LDAP library. +Apparently some libraries do this for themselves, but some do not. Removing the URL quoting has two advantages: @@ -9648,7 +9701,10 @@ Example use (as an ACL modifier): .code add_header = :at_start:${authresults {$primary_hostname}} .endd -This is safe even if no authentication results are available. +This is safe even if no authentication results are available +.new +and would generally be placed in the DATA ACL. +.wen .vitem "&*${certextract{*&<&'field'&>&*}{*&<&'certificate'&>&*}&&& @@ -9907,7 +9963,11 @@ After expansion, <&'string'&> is interpreted as a list, colon-separated by default, but the separator can be changed in the usual way (&<>&). For each item in this list, its value is place in &$item$&, and then the condition is -evaluated. If the condition is true, &$item$& is added to the output as an +evaluated. +.new +Any modification of &$value$& by this evaluation is discarded. +.wen +If the condition is true, &$item$& is added to the output as an item in a new list; if the condition is false, the item is discarded. The separator used for the output list is the same as the one used for the input, but a separator setting is not included in the output. For example: @@ -9915,7 +9975,8 @@ input, but a separator setting is not included in the output. For example: ${filter{a:b:c}{!eq{$item}{b}}} .endd yields &`a:c`&. At the end of the expansion, the value of &$item$& is restored -to what it was before. See also the &%map%& and &%reduce%& expansion items. +to what it was before. +See also the &%map%& and &%reduce%& expansion items. .vitem &*${hash{*&<&'string1'&>&*}{*&<&'string2'&>&*}{*&<&'string3'&>&*}}*& @@ -10506,6 +10567,17 @@ At the end of a &*reduce*& expansion, the values of &$item$& and &$value$& are restored to what they were before. See also the &%filter%& and &%map%& expansion items. +. A bit of a special-case logic error in writing an expansion; +. probably not worth including in the mainline of documentation. +. If only we had footnotes (the html output variant is the problem). +. +. .new +. &*Note*&: if an &'expansion condition'& is used in <&'string3'&> +. and that condition modifies &$value$&, +. then the string expansions dependent on the condition cannot use +. the &$value$& of the reduce iteration. +. .wen + .vitem &*$rheader_*&<&'header&~name'&>&*:*&&~or&~&*$rh_*&<&'header&~name'&>&*:*& This item inserts &"raw"& header lines. It is described with the &%header%& expansion item in section &<>& above. @@ -10997,6 +11069,24 @@ abbreviation &%h%& can be used when &%hash%& is used as an operator. +.new +.vitem &*${headerwrap_*&<&'cols'&>&*_*&<&'limit'&>&*:*&<&'string'&>&*}*& +.cindex header "wrapping operator" +.cindex expansion "header wrapping" +This operator line-wraps its argument in a way useful for headers. +The &'cols'& value gives the column number to wrap after, +the &'limit'& gives a limit number of result characters to truncate at. +Either just the &'limit'& and the preceding underbar, or both, can be omitted; +the defaults are 80 and 998. +Wrapping will be inserted at a space if possible before the +column number is reached. +Whitespace at a chosen wrap point is removed. +A line-wrap consists of a newline followed by a tab, +and the tab is counted as 8 columns. +.wen + + + .vitem &*${hex2b64:*&<&'hexstring'&>&*}*& .cindex "base64 encoding" "conversion from hex" .cindex "expansion" "hex to base64" @@ -11658,6 +11748,7 @@ Consider using a dsearch lookup. .cindex "first delivery" .cindex "expansion" "first delivery test" .cindex "&%first_delivery%& expansion condition" +.cindex retry condition This condition, which has no data, is true during a message's first delivery attempt. It is false during any subsequent delivery attempts. @@ -11742,8 +11833,8 @@ Case and collation order are defined per the system C locale. SRS decode. See SECT &<>& for details. -.vitem &*inlist&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& &&& - &*inlisti&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& +.vitem &*inlist&~{*&<&'subject'&>&*}{*&<&'list'&>&*}*& &&& + &*inlisti&~{*&<&'subject'&>&*}{*&<&'list'&>&*}*& .cindex "string" "comparison" .cindex "list" "iterative conditions" Both strings are expanded; the second string is treated as a list of simple @@ -15596,7 +15687,12 @@ by a setting such as this: .code dns_again_means_nonexist = *.in-addr.arpa .endd -This option applies to all DNS lookups that Exim does. It also applies when the +This option applies to all DNS lookups that Exim does, +.new +except for TLSA lookups (where knowing about such failures +is security-relevant). +.wen +It also applies when the &[gethostbyname()]& or &[getipnodebyname()]& functions give temporary errors, since these are most likely to be caused by DNS lookup problems. The &(dnslookup)& router has some options of its own for controlling what happens @@ -16176,6 +16272,11 @@ This option is obsolete, and retained only for backward compatibility, because nowadays the ACL specified by &%acl_smtp_connect%& can also reject incoming connections immediately. +.new +If the connection is on a TLS-on-connect port then the TCP connection is +just dropped. Otherwise, an SMTP error is sent first. +.wen + The ability to give an immediate rejection (either by this option or using an ACL) is provided for use in unusual cases. Many hosts will just try again, sometimes without much delay. Normally, it is better to use an ACL to reject @@ -17666,13 +17767,18 @@ This facility is only available on Linux. .cindex "banner for SMTP" .cindex "welcome banner for SMTP" .cindex "customizing" "SMTP banner" -This string, which is expanded every time it is used, is output as the initial +If a connect ACL does not supply a message, +this string (which is expanded every time it is used) is output as the initial positive response to an SMTP connection. The default setting is: .code smtp_banner = $smtp_active_hostname ESMTP Exim \ $version_number $tod_full .endd -Failure to expand the string causes a panic error. If you want to create a +.new +Failure to expand the string causes a panic error; +a forced fail just closes the connection. +.wen +If you want to create a multiline response to the initial SMTP connection, use &"\n"& in the string at appropriate points, but not at the end. Note that the 220 code is not included in this string. Exim adds it automatically (several times in the case of a @@ -18414,20 +18520,27 @@ prior to the 4.80 release, as Debian used to patch Exim to raise the minimum acceptable bound from 1024 to 2048. -.option tls_eccurve main string&!! &`auto`& +.option tls_eccurve main string list&!! &`auto`& .cindex TLS "EC cryptography" -This option selects a EC curve for use by Exim when used with OpenSSL. -It has no effect when Exim is used with GnuTLS. +This option selects EC curves for use by Exim when used with OpenSSL. +It has no effect when Exim is used with GnuTLS +(the equivalent can be done using a priority string for the +&%tls_require_ciphers%& option). -After expansion it must contain a valid EC curve parameter, such as -&`prime256v1`&, &`secp384r1`&, or &`P-512`&. Consult your OpenSSL manual -for valid selections. +After expansion it must contain +.new +one or (only for OpenSSL versiona 1.1.1 onwards) more +.wen +EC curve names, such as &`prime256v1`&, &`secp384r1`&, or &`P-521`&. +Consult your OpenSSL manual for valid curve names. For OpenSSL versions before (and not including) 1.0.2, the string &`auto`& selects &`prime256v1`&. For more recent OpenSSL versions &`auto`& tells the library to choose. -If the option expands to an empty string, no EC curves will be enabled. +.new +If the option expands to an empty string, the effect is undefined. +.wen .option tls_ocsp_file main string&!! unset @@ -22362,7 +22475,7 @@ its removal from incoming messages, so that delivered messages can safely be resent to other recipients. &*Note:*& If used on a transport handling multiple recipients -(the smtp transport unless &%rcpt_max%& is 1, the appendfile, pipe or lmtp +(the smtp transport unless &%max_rcpt%& is 1, the appendfile, pipe or lmtp transport if &%batch_max%& is greater than 1) then information about Bcc recipients will be leaked. Doing so is generally not advised. @@ -25590,12 +25703,18 @@ hard failure if required. See also &%hosts_try_auth%&, and chapter &<>& for details of authentication. -.option hosts_request_ocsp smtp "host list&!!" * +.option hosts_request_ocsp smtp "host list&!!" "see below" .cindex "TLS" "requiring for certain servers" Exim will request a Certificate Status on a TLS session for any host that matches this list. &%tls_verify_certificates%& should also be set for the transport. +.new +The default is &"**"& if DANE is not in use for the connection, +or if DANE-TA us used. +It is empty if DANE-EE is used. +.wen + .option hosts_require_alpn smtp "host list&!!" unset .cindex ALPN "require negotiation in client" .cindex TLS ALPN @@ -25737,12 +25856,22 @@ If this option is set true when the &%protocol%& option is set to &"lmtp"&, the string &`IGNOREQUOTA`& is added to RCPT commands, provided that the LMTP server has advertised support for IGNOREQUOTA in its response to the LHLO command. -.option max_rcpt smtp integer 100 +.option max_rcpt smtp integer&!! 100 .cindex "RCPT" "maximum number of outgoing" -This option limits the number of RCPT commands that are sent in a single -SMTP message transaction. Each set of addresses is treated independently, and +This option, +.new +after expansion, +.wen +limits the number of RCPT commands that are sent in a single +SMTP message transaction. +A value setting of zero disables the limit. + +.new +If a constant is given, +.wen +each set of addresses is treated independently, and so can cause parallel connections to the same host if &%remote_max_parallel%& -permits this. A value setting of zero disables the limit. +permits this. .option message_linelength_limit smtp integer 998 @@ -26065,7 +26194,7 @@ If both this option and &%tls_try_verify_hosts%& are unset operation is as if this option selected all hosts. &*Warning*&: Including a host in &%tls_verify_hosts%& does not require that connections use TLS. -Fallback to in-clear communication will be done unless restricted by +Fallback to in-clear communication will be done unless restricted by the &%hosts_require_tls%& option. .option utf8_downconvert smtp integer&!! -1 @@ -28206,7 +28335,7 @@ Dovecot 2 POP/IMAP server, which can support a number of authentication methods. Note that Dovecot must be configured to use auth-client not auth-userdb. If you are using Dovecot to authenticate POP/IMAP clients, it might be helpful to use the same mechanisms for SMTP authentication. This is a server -authenticator only. There is only one option: +authenticator only. There is only one non-generic option: .option server_socket dovecot string unset @@ -28218,6 +28347,7 @@ authenticators for different mechanisms. For example: dovecot_plain: driver = dovecot public_name = PLAIN + server_advertise_condition = ${if def:tls_in_cipher} server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 @@ -28227,6 +28357,13 @@ dovecot_ntlm: server_socket = /var/run/dovecot/auth-client server_set_id = $auth1 .endd + +.new +&*Note*&: plaintext authentication methods such as PLAIN and LOGIN +should not be advertised on cleartext SMTP connections. +See the discussion in section &<>&. +.wen + If the SMTP connection is encrypted, or if &$sender_host_address$& is equal to &$received_ip_address$& (that is, the connection is local), the &"secured"& option is passed in the Dovecot authentication command. If, for a TLS @@ -29755,7 +29892,7 @@ connection. The client for the connection proposes a set of protocol names, and the server responds with a selected one. It is not, as of 2021, commonly used for SMTP connections. -However, to guard against misirected or malicious use of web clients +However, to guard against misdirected or malicious use of web clients (which often do use ALPN) against MTA ports, Exim by default check that there is no incompatible ALPN specified by a client for a TLS connection. If there is, the connection is rejected. @@ -29765,7 +29902,7 @@ The behaviour of both client and server can be configured using the options &%tls_alpn%& and &%hosts_require_alpn%&. There are no variables providing observability. Some feature-specific logging may appear on denied connections, but this -depends on the behavious of the peer +depends on the behaviour of the peer (not all peers can send a feature-specific TLS Alert). This feature is available when Exim is built with @@ -30119,18 +30256,24 @@ DANE scales better than having to maintain (and communicate via side-channel) co for every possible target server. It also scales (slightly) better than having to maintain on an SMTP client a copy of the standard CAs bundle. It also means not having to pay a CA for certificates. -DANE requires a server operator to do three things: 1) run DNSSEC. This provides assurance to clients +DANE requires a server operator to do three things: +.olist +Run DNSSEC. This provides assurance to clients that DNS lookups they do for the server have not been tampered with. The domain MX record applying to this server, its A record, its TLSA record and any associated CNAME records must all be covered by DNSSEC. -2) add TLSA DNS records. These say what the server certificate for a TLS connection should be. -3) offer a server certificate, or certificate chain, in TLS connections which is is anchored by one of the TLSA records. +.next +Add TLSA DNS records. These say what the server certificate for a TLS connection should be. +.next +Offer a server certificate, or certificate chain, in TLS connections which is is anchored by one of the TLSA records. +.endlist There are no changes to Exim specific to server-side operation of DANE. Support for client-side operation of DANE can be included at compile time by defining SUPPORT_DANE=yes in &_Local/Makefile_&. If it has been included, the macro "_HAVE_DANE" will be defined. +.subsection "DNS records" A TLSA record consist of 4 fields, the "Certificate Usage", the "Selector", the "Matching type", and the "Certificate Association Data". For a detailed description of the TLSA record see @@ -30211,6 +30354,7 @@ libraries. This means no MD5 and no SHA-1. SHA2-256 is the minimum for reliable interoperability (and probably the maximum too, in 2018). +.subsection "Interaction with OCSP" The use of OCSP-stapling should be considered, allowing for fast revocation of certificates (which would otherwise be limited by the DNS TTL on the TLSA records). However, this is likely to only be usable with DANE-TA. NOTE: the default of requesting OCSP for all hosts is modified iff DANE is in use, to: @@ -30231,6 +30375,7 @@ This modification of hosts_request_ocsp is only done if it has the default value those who use &%hosts_require_ocsp%&, should consider the interaction with DANE in their OCSP settings. +.subsection "Client configuration" For client-side DANE there are three new smtp transport options, &%hosts_try_dane%&, &%hosts_require_dane%& and &%dane_require_tls_ciphers%&. The &"require"& variant will result in failure if the target host is not @@ -30269,6 +30414,7 @@ verification evaluation is wanted, the above variables should be set appropriate The router and transport option &%dnssec_request_domains%& must not be set to &"never"&, and &%dnssec_require_domains%& is ignored. +.subsection Observability If verification was successful using DANE then the "CV" item in the delivery log line will show as "CV=dane". There is a new variable &$tls_out_dane$& which will have "yes" if @@ -30284,11 +30430,13 @@ required. This is intended to support TLS-reporting as defined in The &$event_data$& will be one of the Result Types defined in Section 4.3 of that document. +.subsection General Under GnuTLS, DANE is only supported from version 3.0.0 onwards. DANE is specified in published RFCs and decouples certificate authority trust selection from a "race to the bottom" of "you must trust everything for mail -to get through". There is an alternative technology called MTA-STS, which +to get through". +There is an alternative technology called MTA-STS, which instead publishes MX trust anchor information on an HTTPS website. At the time this text was last updated, MTA-STS was still a draft, not yet an RFC. Exim has no support for MTA-STS as a client, but Exim mail server operators @@ -30446,8 +30594,11 @@ accepted by an &%accept%& verb that has a &%message%& modifier, the contents of the message override the banner message that is otherwise specified by the &%smtp_banner%& option. -For tls-on-connect connections, the ACL is run after the TLS connection -is accepted (however, &%host_reject_connection%& is tested before). +.new +For tls-on-connect connections, the ACL is run before the TLS connection +is accepted; if the ACL does not accept then the TCP connection is dropped without +any TLS startup attempt and without any SMTP response being transmitted. +.wen .subsection "The EHLO/HELO ACL" SECID192 @@ -31598,7 +31749,7 @@ pretrigger=<&'size'&> This option specifies a memory buffuer to be used immediate writes to file are done as normal. trigger=<&'reason'&> This option selects cause for the pretrigger buffer - see above) to be copied to file. A reason of $*now* + see above) to be copied to file. A reason of &*now*& take effect immediately; one of &*paniclog*& triggers on a write to the panic log. .endd @@ -32978,7 +33129,7 @@ address you should specify alternate list separators for both the outer The &%seen%& ACL condition can be used to test whether a situation has been previously met. It uses a hints database to record a timestamp against a key. -host. The syntax of the condition is: +The syntax of the condition is: .display &`seen =`& <&'optional flag'&><&'time interval'&> &`/`& <&'options'&> .endd @@ -33096,16 +33247,23 @@ the &%count=%& option. .subsection "Ratelimit options for what is being measured" ratoptmea .cindex "rate limiting" "per_* options" -The &%per_conn%& option limits the client's connection rate. It is not +.vlist +.vitem per_conn +.cindex "rate limiting" per_conn +This option limits the client's connection rate. It is not normally used in the &%acl_not_smtp%&, &%acl_not_smtp_mime%&, or &%acl_not_smtp_start%& ACLs. -The &%per_mail%& option limits the client's rate of sending messages. This is +.vitem per_mail +.cindex "rate limiting" per_conn +This option limits the client's rate of sending messages. This is the default if none of the &%per_*%& options is specified. It can be used in &%acl_smtp_mail%&, &%acl_smtp_rcpt%&, &%acl_smtp_predata%&, &%acl_smtp_mime%&, &%acl_smtp_data%&, or &%acl_not_smtp%&. -The &%per_byte%& option limits the sender's email bandwidth. It can be used in +.vitem per_byte +.cindex "rate limiting" per_conn +This option limits the sender's email bandwidth. It can be used in the same ACLs as the &%per_mail%& option, though it is best to use this option in the &%acl_smtp_mime%&, &%acl_smtp_data%& or &%acl_not_smtp%& ACLs; if it is used in an earlier ACL, Exim relies on the SIZE parameter given by the client @@ -33113,7 +33271,9 @@ in its MAIL command, which may be inaccurate or completely missing. You can follow the limit &'m'& in the configuration with K, M, or G to specify limits in kilobytes, megabytes, or gigabytes, respectively. -The &%per_rcpt%& option causes Exim to limit the rate at which recipients are +.vitem per_rcpt +.cindex "rate limiting" per_rcpt +This option causes Exim to limit the rate at which recipients are accepted. It can be used in the &%acl_smtp_rcpt%&, &%acl_smtp_predata%&, &%acl_smtp_mime%&, or &%acl_smtp_data%& ACLs. In &%acl_smtp_rcpt%& the rate is updated one recipient at a time; in the other @@ -33121,24 +33281,37 @@ ACLs the rate is updated with the total (accepted) recipient count in one go. No in either case the rate limiting engine will see a message with many recipients as a large high-speed burst. -The &%per_addr%& option is like the &%per_rcpt%& option, except it counts the +.vitem per_addr +.cindex "rate limiting" per_addr +This option is like the &%per_rcpt%& option, except it counts the number of different recipients that the client has sent messages to in the last time period. That is, if the client repeatedly sends messages to the same recipient, its measured rate is not increased. This option can only be used in &%acl_smtp_rcpt%&. -The &%per_cmd%& option causes Exim to recompute the rate every time the +.vitem per_cmd +.cindex "rate limiting" per_cmd +This option causes Exim to recompute the rate every time the condition is processed. This can be used to limit the rate of any SMTP command. If it is used in multiple ACLs it can limit the aggregate rate of multiple different commands. -The &%count=%& option can be used to alter how much Exim adds to the client's -measured rate. For example, the &%per_byte%& option is equivalent to -&`per_mail/count=$message_size`&. If there is no &%count=%& option, Exim +.vitem count +.cindex "rate limiting" count +This option can be used to alter how much Exim adds to the client's +measured rate. +A value is required, after an equals sign. +For example, the &%per_byte%& option is equivalent to +&`per_mail/count=$message_size`&. +If there is no &%count=%& option, Exim increases the measured rate by one (except for the &%per_rcpt%& option in ACLs -other than &%acl_smtp_rcpt%&). The count does not have to be an integer. +other than &%acl_smtp_rcpt%&). +The count does not have to be an integer. -The &%unique=%& option is described in section &<>& below. +.vitem unique +.cindex "rate limiting" unique +This option is described in section &<>& below. +.endlist .subsection "Ratelimit update modes" ratoptupd @@ -35825,6 +35998,7 @@ The system filter is run at the start of a delivery attempt, before any routing is done. If a message fails to be completely delivered at the first attempt, the system filter is run again at the start of every retry. If you want your filter to do something only once per message, you can make use +.cindex retry condition of the &%first_delivery%& condition in an &%if%& command in the filter to prevent it happening on retries. @@ -38829,7 +39003,7 @@ selection marked by asterisks: .irow &`etrn`& * "ETRN commands" .irow &`host_lookup_failed`& * "as it says" .irow &`ident_timeout`&   "timeout for ident connection" -.irow &`incoming_interface`&   "local interface on <= and => lines" +.irow &`incoming_interface`&   "local interface & port on <= and => lines" .irow &`incoming_port`&   "remote port on <= lines" .irow &`lost_incoming_connection`& * "as it says (includes timeouts)" .irow &`millisec`&   "millisecond timestamps and RT,QT,DT,D times" @@ -39334,6 +39508,7 @@ the next chapter. The utilities described here are: .irow &<>& &'exim_tidydb'& "clean up a hints database" .irow &<>& &'exim_fixdb'& "patch a hints database" .irow &<>& &'exim_lock'& "lock a mailbox file" +.irow &<>& &'exim_msgdate'& "Message Ids for humans (exim_msgdate)" .endtable Another utility that might be of use to sites with many MTAs is Tom Kistner's @@ -40057,9 +40232,16 @@ exim_lock -q /var/spool/mail/spqr \ .endd Note that if a command is supplied, it must be entirely contained within the second argument &-- hence the quotes. -.ecindex IIDutils +.section "Message Ids for humans (exim_msgdate)" "SECTexim_msgdate" +.cindex "exim_msgdate" +The &'exim_msgdate'& utility is written by Andrew Aitchison and included in the Exim distribution. +This Perl script converts an Exim Mesage ID back into a human readable form. +For details of &'exim_msgdate'&'s options, run &'exim_msgdate'& with the &%--help%& option. + +Section &<>& (Message identification) describes Exim Mesage IDs. +.ecindex IIDutils . //////////////////////////////////////////////////////////////////////////// . //////////////////////////////////////////////////////////////////////////// @@ -42057,8 +42239,9 @@ Example usage: # one, plus the max_rcpt and return_path options remote_forwarded_smtp: driver = smtp - # modify the envelope from, for mails that we forward + # single-recipient so that $original_domain is valid max_rcpt = 1 + # modify the envelope from, for mails that we forward return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} .endd @@ -42165,7 +42348,7 @@ the DATA acl. .subsection ACL SSECDMARCACL .cindex DMARC "ACL condition" -DMARC checks cam be run on incoming SMTP messages by using the +DMARC checks can be run on incoming SMTP messages by using the &"dmarc_status"& ACL condition in the DATA ACL. You are required to call the &"spf"& condition first in the ACLs, then the &"dmarc_status"& condition. Putting this condition in the ACLs is required in order