X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/de78e2d59e3924238648b8fb363a1412fa9e499d..692b0b1ab0384ebfad82706881b9a547aa334422:/doc/doc-txt/experimental-spec.txt?ds=inline diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 4836a7d51..2e72def27 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -884,18 +884,20 @@ with DANE in their OCSP settings. For client-side DANE there are two new smtp transport options, -hosts_try_dane and hosts_require_dane. They do the obvious thing. +hosts_try_dane and hosts_require_dane. [ should they be domain-based rather than host-based? ] +Hosts_require_dane will result in failure if the target host +is not DNSSEC-secured. + DANE will only be usable if the target host has DNSSEC-secured MX, A and TLSA records. A TLSA lookup will be done if either of the above options match and the host-lookup succeded using dnssec. If a TLSA lookup is done and succeeds, a DANE-verified TLS connection -will be required for the host. - -(TODO: specify when fallback happens vs. when the host is not used) +will be required for the host. If it does not, the host will not +be used; there is no fallback to non-DANE or non-TLS. If DANE is requested and useable (see above) the following transport options are ignored: @@ -965,6 +967,50 @@ Rationale: Note that non-RFC-documented field names and data types are used. +LMDB Lookup support +------------------- +LMDB is an ultra-fast, ultra-compact, crash-proof key-value embedded data store. +It is modeled loosely on the BerkeleyDB API. You shoul read about the feature +set as well as operation modes at https://symas.com/products/lightning-memory-mapped-database/ + +LMDB single key lookup support is provided by linking to the LMDB C library. +The current implementation does not support writing to the LMDB database. + +Visit https://github.com/LMDB/lmdb to download the library or find it in your +operating systems package repository. + +If building from source, this description assumes that headers will be in +/usr/local/include, and that the libraries are in /usr/local/lib. + +1. In order to build exim with LMDB lookup support add or uncomment + +EXPERIMENTAL_LMDB=yes + +to your Local/Makefile. (Re-)build/install exim. exim -d should show +Experimental_LMDB in the line "Support for:". + +EXPERIMENTAL_LMDB=yes +LDFLAGS += -llmdb +# CFLAGS += -I/usr/local/include +# LDFLAGS += -L/usr/local/lib + +The first line sets the feature to include the correct code, and +the second line says to link the LMDB libraries into the +exim binary. The commented out lines should be uncommented if you +built LMDB from source and installed in the default location. +Adjust the paths if you installed them elsewhere, but you do not +need to uncomment them if an rpm (or you) installed them in the +package controlled locations (/usr/include and /usr/lib). + +2. Create your LMDB files, you can use the mdb_load utility which is +part of the LMDB distribution our your favourite language bindings. + +3. Add the single key lookups to your exim.conf file, example lookups +are below. + +${lookup{$sender_address_domain}lmdb{/var/lib/baruwa/data/db/relaydomains.mdb}{$value}} +${lookup{$sender_address_domain}lmdb{/var/lib/baruwa/data/db/relaydomains.mdb}{$value}fail} +${lookup{$sender_address_domain}lmdb{/var/lib/baruwa/data/db/relaydomains.mdb}} --------------------------------------------------------------