X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/c86c97065357b1cca9601246cec74aa364a635f5..c4dee92d5d5ff5e77e29b8ba94ae3a505cb25bb0:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 5b3436f74..cdac2a266 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -5103,6 +5103,10 @@ The following classes of macros are defined: &` _DRIVER_ROUTER_* `& router drivers &` _DRIVER_TRANSPORT_* `& transport drivers &` _DRIVER_AUTHENTICATOR_* `& authenticator drivers +&` _EXP_COND_* `& expansion conditions +&` _EXP_ITEM_* `& expansion items +&` _EXP_OP_* `& expansion operators +&` _EXP_VAR_* `& expansion variables &` _LOG_* `& log_selector values &` _OPT_MAIN_* `& main config options &` _OPT_ROUTERS_* `& generic router options @@ -7799,7 +7803,8 @@ connection timeout (the system timeout is used), no user or password, no limit on the number of entries returned, and no time limit on queries. When a DN is quoted in the USER= setting for LDAP authentication, Exim -removes any URL quoting that it may contain before passing it LDAP. Apparently +removes any URL quoting that it may contain before passing it to the LDAP library. +Apparently some libraries do this for themselves, but some do not. Removing the URL quoting has two advantages: @@ -9648,7 +9653,10 @@ Example use (as an ACL modifier): .code add_header = :at_start:${authresults {$primary_hostname}} .endd -This is safe even if no authentication results are available. +This is safe even if no authentication results are available +.new +and would generally be placed in the DATA ACL. +.wen .vitem "&*${certextract{*&<&'field'&>&*}{*&<&'certificate'&>&*}&&& @@ -11759,8 +11767,8 @@ Case and collation order are defined per the system C locale. SRS decode. See SECT &<>& for details. -.vitem &*inlist&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& &&& - &*inlisti&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& +.vitem &*inlist&~{*&<&'subject'&>&*}{*&<&'list'&>&*}*& &&& + &*inlisti&~{*&<&'subject'&>&*}{*&<&'list'&>&*}*& .cindex "string" "comparison" .cindex "list" "iterative conditions" Both strings are expanded; the second string is treated as a list of simple @@ -16189,11 +16197,13 @@ case. That is why the default tries a DNS lookup first. .cindex "host" "rejecting connections from" If this option is set, incoming SMTP calls from the hosts listed are rejected as soon as the connection is made. -This option is mostly obsolete, retained for backward compatibility because +This option is obsolete, and retained only for backward compatibility, because nowadays the ACL specified by &%acl_smtp_connect%& can also reject incoming -connections immediately +connections immediately. + .new -(except for tls-on-connect connections). +If the connection is on a TLS-on-connect port then the TCP connection is +just dropped. Otherwise, an SMTP error is sent first. .wen The ability to give an immediate rejection (either by this option or using an @@ -17686,13 +17696,18 @@ This facility is only available on Linux. .cindex "banner for SMTP" .cindex "welcome banner for SMTP" .cindex "customizing" "SMTP banner" -This string, which is expanded every time it is used, is output as the initial +If a connect ACL does not supply a message, +this string (which is expanded every time it is used) is output as the initial positive response to an SMTP connection. The default setting is: .code smtp_banner = $smtp_active_hostname ESMTP Exim \ $version_number $tod_full .endd -Failure to expand the string causes a panic error. If you want to create a +.new +Failure to expand the string causes a panic error; +a forced fail just closes the connection. +.wen +If you want to create a multiline response to the initial SMTP connection, use &"\n"& in the string at appropriate points, but not at the end. Note that the 220 code is not included in this string. Exim adds it automatically (several times in the case of a @@ -30483,8 +30498,11 @@ accepted by an &%accept%& verb that has a &%message%& modifier, the contents of the message override the banner message that is otherwise specified by the &%smtp_banner%& option. -For tls-on-connect connections, the ACL is run after the TLS connection -is accepted (however, &%host_reject_connection%& is tested before). +.new +For tls-on-connect connections, the ACL is run before the TLS connection +is accepted; if the ACL does not accept then the TCP connection is dropped without +any TLS startup attempt and without any SMTP response being transmitted. +.wen .subsection "The EHLO/HELO ACL" SECID192 @@ -31635,7 +31653,7 @@ pretrigger=<&'size'&> This option specifies a memory buffuer to be used immediate writes to file are done as normal. trigger=<&'reason'&> This option selects cause for the pretrigger buffer - see above) to be copied to file. A reason of $*now* + see above) to be copied to file. A reason of &*now*& take effect immediately; one of &*paniclog*& triggers on a write to the panic log. .endd @@ -38889,7 +38907,7 @@ selection marked by asterisks: .irow &`etrn`& * "ETRN commands" .irow &`host_lookup_failed`& * "as it says" .irow &`ident_timeout`&   "timeout for ident connection" -.irow &`incoming_interface`&   "local interface on <= and => lines" +.irow &`incoming_interface`&   "local interface & port on <= and => lines" .irow &`incoming_port`&   "remote port on <= lines" .irow &`lost_incoming_connection`& * "as it says (includes timeouts)" .irow &`millisec`&   "millisecond timestamps and RT,QT,DT,D times"