. Update the Copyright year (only) when changing content.
. /////////////////////////////////////////////////////////////////////////////
. Update the Copyright year (only) when changing content.
. /////////////////////////////////////////////////////////////////////////////
To complicate things further, there are several very different versions of the
Berkeley DB package. Version 1.85 was stable for a very long time, releases
2.&'x'& and 3.&'x'& were current for a while,
To complicate things further, there are several very different versions of the
Berkeley DB package. Version 1.85 was stable for a very long time, releases
2.&'x'& and 3.&'x'& were current for a while,
but the latest versions when Exim last revamped support were numbered 5.&'x'&.
Maintenance of some of the earlier releases has ceased,
and Exim no longer supports versions before 3.&'x'&.
but the latest versions when Exim last revamped support were numbered 5.&'x'&.
Maintenance of some of the earlier releases has ceased,
and Exim no longer supports versions before 3.&'x'&.
All versions of Berkeley DB could be obtained from
&url(http://www.sleepycat.com/), which is now a redirect to their new owner's
page with far newer versions listed.
All versions of Berkeley DB could be obtained from
&url(http://www.sleepycat.com/), which is now a redirect to their new owner's
page with far newer versions listed.
.endd
Similarly, for gdbm you set USE_GDBM, and for tdb you set USE_TDB. An
error is diagnosed if you set more than one of these.
.endd
Similarly, for gdbm you set USE_GDBM, and for tdb you set USE_TDB. An
error is diagnosed if you set more than one of these.
At the lowest level, the build-time configuration sets none of these options,
thereby assuming an interface of type (1). However, some operating system
At the lowest level, the build-time configuration sets none of these options,
thereby assuming an interface of type (1). However, some operating system
Settings like that will work if the DBM library is installed in the standard
place. Sometimes it is not, and the library's header file may also not be in
the default path. You may need to set INCLUDE to specify where the header
Settings like that will work if the DBM library is installed in the standard
place. Sometimes it is not, and the library's header file may also not be in
the default path. You may need to set INCLUDE to specify where the header
domains = lsearch;/some/file
.endd
The first uses a string expansion, the result of which must be a domain list.
domains = lsearch;/some/file
.endd
The first uses a string expansion, the result of which must be a domain list.
No strings have been specified for a successful or a failing lookup; the
defaults in this case are the looked-up data and an empty string, respectively.
The expansion takes place before the string is processed as a list, and the
No strings have been specified for a successful or a failing lookup; the
defaults in this case are the looked-up data and an empty string, respectively.
The expansion takes place before the string is processed as a list, and the
The key for a list-style lookup is implicit, from the lookup context, if
the lookup is a single-key type (see below).
For query-style lookup types the key must be given explicitly.
The key for a list-style lookup is implicit, from the lookup context, if
the lookup is a single-key type (see below).
For query-style lookup types the key must be given explicitly.
It is possible, though no doubt confusing, to use both kinds of lookup at once.
Consider a file containing lines like this:
It is possible, though no doubt confusing, to use both kinds of lookup at once.
Consider a file containing lines like this:
key value is assumed by Exim for query-style lookups. You can use whichever
Exim variables you need to construct the database query.
.cindex "tainted data" "quoting for lookups"
key value is assumed by Exim for query-style lookups. You can use whichever
Exim variables you need to construct the database query.
.cindex "tainted data" "quoting for lookups"
If tainted data is used in the query then it should be quuted by
using the &*${quote_*&<&'lookup-type'&>&*:*&<&'string'&>&*}*& expansion operator
appropriate for the lookup.
If tainted data is used in the query then it should be quuted by
using the &*${quote_*&<&'lookup-type'&>&*:*&<&'string'&>&*}*& expansion operator
appropriate for the lookup.
.cindex "expansion" "running a command"
.cindex "&%run%& expansion item"
This item runs an external command, as a subprocess.
.cindex "expansion" "running a command"
.cindex "&%run%& expansion item"
This item runs an external command, as a subprocess.
One option is supported after the word &'run'&, comma-separated.
If the option &'preexpand'& is not used,
One option is supported after the word &'run'&, comma-separated.
If the option &'preexpand'& is not used,
a careful assessment for security vulnerabilities should be done.
If the option &'preexpand'& is used,
a careful assessment for security vulnerabilities should be done.
If the option &'preexpand'& is used,
the command and its arguments are first expanded as one string. The result is
split apart into individual arguments by spaces, and then the command is run
as above.
the command and its arguments are first expanded as one string. The result is
split apart into individual arguments by spaces, and then the command is run
as above.
around the command arguments. A possible guard against this is to wrap the
variable in the &%sg%& operator to change any quote marks to some other
character.
around the command arguments. A possible guard against this is to wrap the
variable in the &%sg%& operator to change any quote marks to some other
character.
The standard input for the command exists, but is empty. The standard output
and standard error are set to the same file descriptor.
The standard input for the command exists, but is empty. The standard output
and standard error are set to the same file descriptor.
Since this operation is expected to
be mostly used for looking up masked addresses in files, the
Since this operation is expected to
be mostly used for looking up masked addresses in files, the
result for an IPv6
address uses dots to separate components instead of colons, because colon
terminates a key string in lsearch files. So, for example,
result for an IPv6
address uses dots to separate components instead of colons, because colon
terminates a key string in lsearch files. So, for example,
If the optional form &*mask_n*& is used, IPv6 address result are instead
returned in normailsed form, using colons and with zero-compression.
If the optional form &*mask_n*& is used, IPv6 address result are instead
returned in normailsed form, using colons and with zero-compression.
The variable &$value$& will be set for a successful match and can be
used in the success clause of an &%if%& expansion item using the condition.
.cindex "tainted data" "de-tainting"
The variable &$value$& will be set for a successful match and can be
used in the success clause of an &%if%& expansion item using the condition.
.cindex "tainted data" "de-tainting"
The variable &$value$& will be set for a successful match and can be
used in the success clause of an &%if%& expansion item using the condition.
.cindex "tainted data" "de-tainting"
The variable &$value$& will be set for a successful match and can be
used in the success clause of an &%if%& expansion item using the condition.
.cindex "tainted data" "de-tainting"
Note that <&'string2'&> is not itself subject to string expansion, unless
Exim was built with the EXPAND_LISTMATCH_RHS option.
Note that <&'string2'&> is not itself subject to string expansion, unless
Exim was built with the EXPAND_LISTMATCH_RHS option.
This section contains an alphabetical list of all the expansion variables. Some
of them are available only when Exim is compiled with specific options such as
support for TLS or the content scanning extension.
This section contains an alphabetical list of all the expansion variables. Some
of them are available only when Exim is compiled with specific options such as
support for TLS or the content scanning extension.
Such variables should not be further expanded,
used as filenames
or used as command-line arguments for external commands.
Such variables should not be further expanded,
used as filenames
or used as command-line arguments for external commands.
precedes the expansion of the string. For example, the commands available in
Exim filter files include an &%if%& command with its own regular expression
matching condition.
precedes the expansion of the string. For example, the commands available in
Exim filter files include an &%if%& command with its own regular expression
matching condition.
.vitem "&$acl_arg1$&, &$acl_arg2$&, etc"
Within an acl condition, expansion condition or expansion item
.vitem "&$acl_arg1$&, &$acl_arg2$&, etc"
Within an acl condition, expansion condition or expansion item
(described under &%transport_filter%& in chapter &<<CHAPtransportgeneric>>&).
It cannot be used in general expansion strings, and provokes an &"unknown
variable"& error if encountered.
(described under &%transport_filter%& in chapter &<<CHAPtransportgeneric>>&).
It cannot be used in general expansion strings, and provokes an &"unknown
variable"& error if encountered.
&*Note*&: This value permits data supplied by a potential attacker to
be used in the command for a &(pipe)& transport.
Such configurations should be carefully assessed for security vulnerbilities.
&*Note*&: This value permits data supplied by a potential attacker to
be used in the command for a &(pipe)& transport.
Such configurations should be carefully assessed for security vulnerbilities.
When a &%regex%& or &%mime_regex%& ACL condition succeeds,
these variables contain the
captured substrings identified by the regular expression.
When a &%regex%& or &%mime_regex%& ACL condition succeeds,
these variables contain the
captured substrings identified by the regular expression.
At this point, all of the "ike" values should be considered obsolete;
they are still in Exim to avoid breaking unusual configurations, but are
candidates for removal the next time we have backwards-incompatible changes.
At this point, all of the "ike" values should be considered obsolete;
they are still in Exim to avoid breaking unusual configurations, but are
candidates for removal the next time we have backwards-incompatible changes.
Two of them in particular (&`ike1`& and &`ike22`&) are called out by RFC 8247
as MUST NOT use for IPSEC, and two more (&`ike23`& and &`ike24`&) as
SHOULD NOT.
Two of them in particular (&`ike1`& and &`ike22`&) are called out by RFC 8247
as MUST NOT use for IPSEC, and two more (&`ike23`& and &`ike24`&) as
SHOULD NOT.
are used, warnings will be logged in the paniclog, and if any are used then
warnings will be logged in the mainlog.
All four will be removed in a future Exim release.
are used, warnings will be logged in the paniclog, and if any are used then
warnings will be logged in the mainlog.
All four will be removed in a future Exim release.
The TLS protocol does not negotiate an acceptable size for this; clients tend
to hard-drop connections if what is offered by the server is unacceptable,
The TLS protocol does not negotiate an acceptable size for this; clients tend
to hard-drop connections if what is offered by the server is unacceptable,
the &%environment%& option can be used to add additional variables to this
environment. The environment for the &(pipe)& transport is not subject
to the &%add_environment%& and &%keep_environment%& main config options.
the &%environment%& option can be used to add additional variables to this
environment. The environment for the &(pipe)& transport is not subject
to the &%add_environment%& and &%keep_environment%& main config options.
&*Note*&: Using enviroment variables loses track of tainted data.
Writers of &(pipe)& transport commands should be wary of data supplied
by potential attackers.
&*Note*&: Using enviroment variables loses track of tainted data.
Writers of &(pipe)& transport commands should be wary of data supplied
by potential attackers.
.display
&`DOMAIN `& the domain of the address
&`HOME `& the home directory, if set
.display
&`DOMAIN `& the domain of the address
&`HOME `& the home directory, if set
Exim, and each argument is separately expanded, as described in section
&<<SECThowcommandrun>>& above.
Exim, and each argument is separately expanded, as described in section
&<<SECThowcommandrun>>& above.
expression for this option.
The smtp:ehlo event and the &$tls_out_resumption$& variable
will be useful for such work.
expression for this option.
The smtp:ehlo event and the &$tls_out_resumption$& variable
will be useful for such work.
.option hosts smtp "string list&!!" unset
Hosts are associated with an address by a router such as &(dnslookup)&, which
.option hosts smtp "string list&!!" unset
Hosts are associated with an address by a router such as &(dnslookup)&, which
will be expanded before the &$sending_ip_address$& variable
is filled in.
A check is made for the use of that variable, without the
will be expanded before the &$sending_ip_address$& variable
is filled in.
A check is made for the use of that variable, without the
only point of caution. The &$tls_out_sni$& variable will be set to this string
for the lifetime of the client connection (including during authentication).
only point of caution. The &$tls_out_sni$& variable will be set to this string
for the lifetime of the client connection (including during authentication).
If DANE validated the connection attempt then the value of the &%tls_sni%& option
is forced to the name of the destination host, after any MX- or CNAME-following.
If DANE validated the connection attempt then the value of the &%tls_sni%& option
is forced to the name of the destination host, after any MX- or CNAME-following.
For tls-on-connect connections, the ACL is run after the TLS connection
is accepted (however, &%host_reject_connection%& is tested before).
For tls-on-connect connections, the ACL is run after the TLS connection
is accepted (however, &%host_reject_connection%& is tested before).
with &`-d`&, with the output going to a new logfile in the usual logs directory,
by default called &'debuglog'&.
with &`-d`&, with the output going to a new logfile in the usual logs directory,
by default called &'debuglog'&.
Logging set up by the control will be maintained across spool residency.
Options are a slash-separated list.
If an option takes an argument, the option name and argument are separated by
an equals character.
Several options are supported:
Logging set up by the control will be maintained across spool residency.
Options are a slash-separated list.
If an option takes an argument, the option name and argument are separated by
an equals character.
Several options are supported:
.display
tag=<&'suffix'&> The filename can be adjusted with thise option.
The argument, which may access any variables already defined,
.display
tag=<&'suffix'&> The filename can be adjusted with thise option.
The argument, which may access any variables already defined,
non-SMTP ACLs. It causes the incoming message to be scanned for a match with
any of the regular expressions. For details, see chapter &<<CHAPexiscan>>&.
non-SMTP ACLs. It causes the incoming message to be scanned for a match with
any of the regular expressions. For details, see chapter &<<CHAPexiscan>>&.
.vitem &*seen&~=&~*&<&'parameters'&>
.cindex "&%sseen%& ACL condition"
This condition can be used to test if a situation has been previously met,
for example for greylisting.
Details are given in section &<<SECTseen>>&.
.vitem &*seen&~=&~*&<&'parameters'&>
.cindex "&%sseen%& ACL condition"
This condition can be used to test if a situation has been previously met,
for example for greylisting.
Details are given in section &<<SECTseen>>&.
Note that &"seen"& should be added to the list of hints databases
for maintenance if this ACL condition is used.
Note that &"seen"& should be added to the list of hints databases
for maintenance if this ACL condition is used.
clients when the SMTP PIPELINING extension is in use. The flushing can be
disabled by using a &%control%& modifier to set &%no_callout_flush%&.
clients when the SMTP PIPELINING extension is in use. The flushing can be
disabled by using a &%control%& modifier to set &%no_callout_flush%&.
.cindex "tainted data" "de-tainting"
.cindex "de-tainting" "using receipient verify"
A recipient callout which gets a 2&'xx'& code
will assign untainted values to the
&$domain_data$& and &$local_part_data$& variables,
corresponding to the domain and local parts of the recipient address.
.cindex "tainted data" "de-tainting"
.cindex "de-tainting" "using receipient verify"
A recipient callout which gets a 2&'xx'& code
will assign untainted values to the
&$domain_data$& and &$local_part_data$& variables,
corresponding to the domain and local parts of the recipient address.
.vitem &*const&~uschar&~*headers_charset*&
The value of the &%headers_charset%& configuration option.
.vitem &*const&~uschar&~*headers_charset*&
The value of the &%headers_charset%& configuration option.
.vitem &*BOOL&~host_checking*&
This variable is TRUE during a host checking session that is initiated by the
.vitem &*BOOL&~host_checking*&
This variable is TRUE during a host checking session that is initiated by the
.cindex "&'exim_dumpdb'&"
The entire contents of a database are written to the standard output by the
&'exim_dumpdb'& program,
.cindex "&'exim_dumpdb'&"
The entire contents of a database are written to the standard output by the
&'exim_dumpdb'& program,
taking as arguments the spool and database names.
An option &'-z'& may be given to request times in UTC;
otherwise times are in the local timezone.
An option &'-k'& may be given to dump only the record keys.
taking as arguments the spool and database names.
An option &'-z'& may be given to request times in UTC;
otherwise times are in the local timezone.
An option &'-k'& may be given to dump only the record keys.
For example, to dump the retry database:
.code
exim_dumpdb /var/spool/exim retry
For example, to dump the retry database:
.code
exim_dumpdb /var/spool/exim retry
sequence of digit pairs for year, month, day, hour, and minute. Colons can be
used as optional separators.
sequence of digit pairs for year, month, day, hour, and minute. Colons can be
used as optional separators.
Both displayed and input times are in the local timezone by default.
If an option &'-z'& is used on the command line, displayed times
are in UTC.
Both displayed and input times are in the local timezone by default.
If an option &'-z'& is used on the command line, displayed times
are in UTC.
start of the epoch. The second number is a count of the number of messages
warning of delayed delivery that have been sent to the sender.
start of the epoch. The second number is a count of the number of messages
warning of delayed delivery that have been sent to the sender.
There follow a number of lines starting with a hyphen.
These contain variables, can appear in any
order, and are omitted when not relevant.
There follow a number of lines starting with a hyphen.
These contain variables, can appear in any
order, and are omitted when not relevant.
The following word specifies a variable,
and the remainder of the item depends on the variable.
The following word specifies a variable,
and the remainder of the item depends on the variable.
The name is placed in the variable &$event_name$& and the event action
expansion must check this, as it will be called for every possible event type.
The name is placed in the variable &$event_name$& and the event action
expansion must check this, as it will be called for every possible event type.
The current list of events is:
.itable all 0 0 4 1pt left 1pt center 1pt center 1pt left
.irow dane:fail after transport "per connection"
The current list of events is:
.itable all 0 0 4 1pt left 1pt center 1pt center 1pt left
.irow dane:fail after transport "per connection"
New event types may be added in future.
The event name is a colon-separated list, defining the type of
New event types may be added in future.
The event name is a colon-separated list, defining the type of