X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/ce437b2e0dc12c342b1ac67d5435a893b800fd05..4f7a93c27e3d43b44c42d3fc503f03b9b42ca622:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 5ecee5057..75a53786d 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -5103,6 +5103,10 @@ The following classes of macros are defined: &` _DRIVER_ROUTER_* `& router drivers &` _DRIVER_TRANSPORT_* `& transport drivers &` _DRIVER_AUTHENTICATOR_* `& authenticator drivers +&` _EXP_COND_* `& expansion conditions +&` _EXP_ITEM_* `& expansion items +&` _EXP_OP_* `& expansion operators +&` _EXP_VAR_* `& expansion variables &` _LOG_* `& log_selector values &` _OPT_MAIN_* `& main config options &` _OPT_ROUTERS_* `& generic router options @@ -6602,7 +6606,7 @@ file that is searched could contain lines like this: When the lookup succeeds, the result of the expansion is a list of domains (and possibly other types of item that are allowed in domain lists). .cindex "tainted data" "de-tainting" -.cindex "de-tainting" "using a lookup expansion"" +.cindex "de-tainting" "using a lookup expansion" The result of the expansion is not tainted. .next @@ -9907,7 +9911,11 @@ After expansion, <&'string'&> is interpreted as a list, colon-separated by default, but the separator can be changed in the usual way (&<>&). For each item in this list, its value is place in &$item$&, and then the condition is -evaluated. If the condition is true, &$item$& is added to the output as an +evaluated. +.new +Any modification of &$value$& by this evaluation is discarded. +.wen +If the condition is true, &$item$& is added to the output as an item in a new list; if the condition is false, the item is discarded. The separator used for the output list is the same as the one used for the input, but a separator setting is not included in the output. For example: @@ -9915,7 +9923,8 @@ input, but a separator setting is not included in the output. For example: ${filter{a:b:c}{!eq{$item}{b}}} .endd yields &`a:c`&. At the end of the expansion, the value of &$item$& is restored -to what it was before. See also the &%map%& and &%reduce%& expansion items. +to what it was before. +See also the &%map%& and &%reduce%& expansion items. .vitem &*${hash{*&<&'string1'&>&*}{*&<&'string2'&>&*}{*&<&'string3'&>&*}}*& @@ -10506,6 +10515,17 @@ At the end of a &*reduce*& expansion, the values of &$item$& and &$value$& are restored to what they were before. See also the &%filter%& and &%map%& expansion items. +. A bit of a special-case logic error in writing an expansion; +. probably not worth including in the mainline of documentation. +. If only we had footnotes (the html output variant is the problem). +. +. .new +. &*Note*&: if an &'expansion condition'& is used in <&'string3'&> +. and that condition modifies &$value$&, +. then the string expansions dependent on the condition cannot use +. the &$value$& of the reduce iteration. +. .wen + .vitem &*$rheader_*&<&'header&~name'&>&*:*&&~or&~&*$rh_*&<&'header&~name'&>&*:*& This item inserts &"raw"& header lines. It is described with the &%header%& expansion item in section &<>& above. @@ -11658,6 +11678,7 @@ Consider using a dsearch lookup. .cindex "first delivery" .cindex "expansion" "first delivery test" .cindex "&%first_delivery%& expansion condition" +.cindex retry condition This condition, which has no data, is true during a message's first delivery attempt. It is false during any subsequent delivery attempts. @@ -16176,6 +16197,11 @@ This option is obsolete, and retained only for backward compatibility, because nowadays the ACL specified by &%acl_smtp_connect%& can also reject incoming connections immediately. +.new +If the connection is on a TLS-on-connect port then the TCP connection is +just dropped. Otherwise, an SMTP error is sent first. +.wen + The ability to give an immediate rejection (either by this option or using an ACL) is provided for use in unusual cases. Many hosts will just try again, sometimes without much delay. Normally, it is better to use an ACL to reject @@ -17666,13 +17692,18 @@ This facility is only available on Linux. .cindex "banner for SMTP" .cindex "welcome banner for SMTP" .cindex "customizing" "SMTP banner" -This string, which is expanded every time it is used, is output as the initial +If a connect ACL does not supply a message, +this string (which is expanded every time it is used) is output as the initial positive response to an SMTP connection. The default setting is: .code smtp_banner = $smtp_active_hostname ESMTP Exim \ $version_number $tod_full .endd -Failure to expand the string causes a panic error. If you want to create a +.new +Failure to expand the string causes a panic error; +a forced fail just closes the connection. +.wen +If you want to create a multiline response to the initial SMTP connection, use &"\n"& in the string at appropriate points, but not at the end. Note that the 220 code is not included in this string. Exim adds it automatically (several times in the case of a @@ -25590,12 +25621,18 @@ hard failure if required. See also &%hosts_try_auth%&, and chapter &<>& for details of authentication. -.option hosts_request_ocsp smtp "host list&!!" * +.option hosts_request_ocsp smtp "host list&!!" "see below" .cindex "TLS" "requiring for certain servers" Exim will request a Certificate Status on a TLS session for any host that matches this list. &%tls_verify_certificates%& should also be set for the transport. +.new +The default is &"**"& if DANE is not in use for the connection, +or if DANE-TA us used. +It is empty if DANE-EE is used. +.wen + .option hosts_require_alpn smtp "host list&!!" unset .cindex ALPN "require negotiation in client" .cindex TLS ALPN @@ -26065,7 +26102,7 @@ If both this option and &%tls_try_verify_hosts%& are unset operation is as if this option selected all hosts. &*Warning*&: Including a host in &%tls_verify_hosts%& does not require that connections use TLS. -Fallback to in-clear communication will be done unless restricted by +Fallback to in-clear communication will be done unless restricted by the &%hosts_require_tls%& option. .option utf8_downconvert smtp integer&!! -1 @@ -29755,7 +29792,7 @@ connection. The client for the connection proposes a set of protocol names, and the server responds with a selected one. It is not, as of 2021, commonly used for SMTP connections. -However, to guard against misirected or malicious use of web clients +However, to guard against misdirected or malicious use of web clients (which often do use ALPN) against MTA ports, Exim by default check that there is no incompatible ALPN specified by a client for a TLS connection. If there is, the connection is rejected. @@ -29765,7 +29802,7 @@ The behaviour of both client and server can be configured using the options &%tls_alpn%& and &%hosts_require_alpn%&. There are no variables providing observability. Some feature-specific logging may appear on denied connections, but this -depends on the behavious of the peer +depends on the behaviour of the peer (not all peers can send a feature-specific TLS Alert). This feature is available when Exim is built with @@ -30457,8 +30494,11 @@ accepted by an &%accept%& verb that has a &%message%& modifier, the contents of the message override the banner message that is otherwise specified by the &%smtp_banner%& option. -For tls-on-connect connections, the ACL is run after the TLS connection -is accepted (however, &%host_reject_connection%& is tested before). +.new +For tls-on-connect connections, the ACL is run before the TLS connection +is accepted; if the ACL does not accept then the TCP connection is dropped without +any TLS startup attempt and without any SMTP response being transmitted. +.wen .subsection "The EHLO/HELO ACL" SECID192 @@ -31609,7 +31649,7 @@ pretrigger=<&'size'&> This option specifies a memory buffuer to be used immediate writes to file are done as normal. trigger=<&'reason'&> This option selects cause for the pretrigger buffer - see above) to be copied to file. A reason of $*now* + see above) to be copied to file. A reason of &*now*& take effect immediately; one of &*paniclog*& triggers on a write to the panic log. .endd @@ -32989,7 +33029,7 @@ address you should specify alternate list separators for both the outer The &%seen%& ACL condition can be used to test whether a situation has been previously met. It uses a hints database to record a timestamp against a key. -host. The syntax of the condition is: +The syntax of the condition is: .display &`seen =`& <&'optional flag'&><&'time interval'&> &`/`& <&'options'&> .endd @@ -33107,16 +33147,23 @@ the &%count=%& option. .subsection "Ratelimit options for what is being measured" ratoptmea .cindex "rate limiting" "per_* options" -The &%per_conn%& option limits the client's connection rate. It is not +.vlist +.vitem per_conn +.cindex "rate limiting" per_conn +This option limits the client's connection rate. It is not normally used in the &%acl_not_smtp%&, &%acl_not_smtp_mime%&, or &%acl_not_smtp_start%& ACLs. -The &%per_mail%& option limits the client's rate of sending messages. This is +.vitem per_mail +.cindex "rate limiting" per_conn +This option limits the client's rate of sending messages. This is the default if none of the &%per_*%& options is specified. It can be used in &%acl_smtp_mail%&, &%acl_smtp_rcpt%&, &%acl_smtp_predata%&, &%acl_smtp_mime%&, &%acl_smtp_data%&, or &%acl_not_smtp%&. -The &%per_byte%& option limits the sender's email bandwidth. It can be used in +.vitem per_byte +.cindex "rate limiting" per_conn +This option limits the sender's email bandwidth. It can be used in the same ACLs as the &%per_mail%& option, though it is best to use this option in the &%acl_smtp_mime%&, &%acl_smtp_data%& or &%acl_not_smtp%& ACLs; if it is used in an earlier ACL, Exim relies on the SIZE parameter given by the client @@ -33124,7 +33171,9 @@ in its MAIL command, which may be inaccurate or completely missing. You can follow the limit &'m'& in the configuration with K, M, or G to specify limits in kilobytes, megabytes, or gigabytes, respectively. -The &%per_rcpt%& option causes Exim to limit the rate at which recipients are +.vitem per_rcpt +.cindex "rate limiting" per_rcpt +This option causes Exim to limit the rate at which recipients are accepted. It can be used in the &%acl_smtp_rcpt%&, &%acl_smtp_predata%&, &%acl_smtp_mime%&, or &%acl_smtp_data%& ACLs. In &%acl_smtp_rcpt%& the rate is updated one recipient at a time; in the other @@ -33132,24 +33181,37 @@ ACLs the rate is updated with the total (accepted) recipient count in one go. No in either case the rate limiting engine will see a message with many recipients as a large high-speed burst. -The &%per_addr%& option is like the &%per_rcpt%& option, except it counts the +.vitem per_addr +.cindex "rate limiting" per_addr +This option is like the &%per_rcpt%& option, except it counts the number of different recipients that the client has sent messages to in the last time period. That is, if the client repeatedly sends messages to the same recipient, its measured rate is not increased. This option can only be used in &%acl_smtp_rcpt%&. -The &%per_cmd%& option causes Exim to recompute the rate every time the +.vitem per_cmd +.cindex "rate limiting" per_cmd +This option causes Exim to recompute the rate every time the condition is processed. This can be used to limit the rate of any SMTP command. If it is used in multiple ACLs it can limit the aggregate rate of multiple different commands. -The &%count=%& option can be used to alter how much Exim adds to the client's -measured rate. For example, the &%per_byte%& option is equivalent to -&`per_mail/count=$message_size`&. If there is no &%count=%& option, Exim +.vitem count +.cindex "rate limiting" count +This option can be used to alter how much Exim adds to the client's +measured rate. +A value is required, after an equals sign. +For example, the &%per_byte%& option is equivalent to +&`per_mail/count=$message_size`&. +If there is no &%count=%& option, Exim increases the measured rate by one (except for the &%per_rcpt%& option in ACLs -other than &%acl_smtp_rcpt%&). The count does not have to be an integer. +other than &%acl_smtp_rcpt%&). +The count does not have to be an integer. -The &%unique=%& option is described in section &<>& below. +.vitem unique +.cindex "rate limiting" unique +This option is described in section &<>& below. +.endlist .subsection "Ratelimit update modes" ratoptupd @@ -35836,6 +35898,7 @@ The system filter is run at the start of a delivery attempt, before any routing is done. If a message fails to be completely delivered at the first attempt, the system filter is run again at the start of every retry. If you want your filter to do something only once per message, you can make use +.cindex retry condition of the &%first_delivery%& condition in an &%if%& command in the filter to prevent it happening on retries. @@ -42176,7 +42239,7 @@ the DATA acl. .subsection ACL SSECDMARCACL .cindex DMARC "ACL condition" -DMARC checks cam be run on incoming SMTP messages by using the +DMARC checks can be run on incoming SMTP messages by using the &"dmarc_status"& ACL condition in the DATA ACL. You are required to call the &"spf"& condition first in the ACLs, then the &"dmarc_status"& condition. Putting this condition in the ACLs is required in order