Exim 4.89 is a stabilization release with very few new features; 4.88
had enough issues that some folks held off upgrading. It's more useful
for the changebars in the 4.89 release to be relative to the 4.87
release than 4.88.
This reverts most of commit
fd047340363431f15d2b0ac686b9dba4fa125781.
. Update the Copyright year (only) when changing content.
. /////////////////////////////////////////////////////////////////////////////
. Update the Copyright year (only) when changing content.
. /////////////////////////////////////////////////////////////////////////////
-.set previousversion "4.88"
+.set previousversion "4.87"
.include ./local_params
.set ACL "access control lists (ACLs)"
.include ./local_params
.set ACL "access control lists (ACLs)"
.section "Exim documentation" "SECID1"
. Keep this example change bar when updating the documentation!
.section "Exim documentation" "SECID1"
. Keep this example change bar when updating the documentation!
.cindex "documentation"
This edition of the Exim specification applies to version &version() of Exim.
Substantive changes from the &previousversion; edition are marked in some
renditions of the document; this paragraph is so marked if the rendition is
capable of showing a change indicator.
.cindex "documentation"
This edition of the Exim specification applies to version &version() of Exim.
Substantive changes from the &previousversion; edition are marked in some
renditions of the document; this paragraph is so marked if the rendition is
capable of showing a change indicator.
This document is very much a reference manual; it is not a tutorial. The reader
is expected to have some familiarity with the SMTP mail transfer protocol and
This document is very much a reference manual; it is not a tutorial. The reader
is expected to have some familiarity with the SMTP mail transfer protocol and
by Exim in conjunction with the &%-MC%& option. It signifies that the
remote host supports the ESMTP &_DSN_& extension.
by Exim in conjunction with the &%-MC%& option. It signifies that the
remote host supports the ESMTP &_DSN_& extension.
.vitem &%-MCG%&
.oindex "&%-MCG%&"
This option is not intended for use by external callers. It is used internally
by Exim in conjunction with the &%-MC%& option. It signifies that an
alternate queue is used, named by the following option.
.vitem &%-MCG%&
.oindex "&%-MCG%&"
This option is not intended for use by external callers. It is used internally
by Exim in conjunction with the &%-MC%& option. It signifies that an
alternate queue is used, named by the following option.
.vitem &%-MCP%&
.oindex "&%-MCP%&"
.vitem &%-MCP%&
.oindex "&%-MCP%&"
and &%-S%& options).
.cindex "queue runner" "description of operation"
and &%-S%& options).
.cindex "queue runner" "description of operation"
If other commandline options do not specify an action,
If other commandline options do not specify an action,
the &%-q%& option starts one queue runner process. This scans the queue of
waiting messages, and runs a delivery process for each one in turn. It waits
for each delivery process to finish before starting the next one. A delivery
the &%-q%& option starts one queue runner process. This scans the queue of
waiting messages, and runs a delivery process for each one in turn. It waits
for each delivery process to finish before starting the next one. A delivery
be done. If a message requires any remote deliveries, it remains on the queue
for later delivery.
be done. If a message requires any remote deliveries, it remains on the queue
for later delivery.
.vitem &%-q[q][i][f[f]][l][G<name>[/<time>]]]%&
.oindex "&%-qG%&"
.cindex queue named
.vitem &%-q[q][i][f[f]][l][G<name>[/<time>]]]%&
.oindex "&%-qG%&"
.cindex queue named
mailq -qGquarantine
exim -qGoffpeak -Rf @special.domain.example
.endd
mailq -qGquarantine
exim -qGoffpeak -Rf @special.domain.example
.endd
.vitem &%-q%&<&'qflags'&>&~<&'start&~id'&>&~<&'end&~id'&>
When scanning the queue, Exim can be made to skip over messages whose ids are
.vitem &%-q%&<&'qflags'&>&~<&'start&~id'&>&~<&'end&~id'&>
When scanning the queue, Exim can be made to skip over messages whose ids are
section &<<SECTnamedlists>>&.
section &<<SECTnamedlists>>&.
.section "Builtin macros" "SECTbuiltinmacros"
Exim defines some macros depending on facilities available, which may
differ due to build-time definitions and from one release to another.
.section "Builtin macros" "SECTbuiltinmacros"
Exim defines some macros depending on facilities available, which may
differ due to build-time definitions and from one release to another.
.endd
Use an &"exim -bP macros"& command to get the list of macros.
.endd
Use an &"exim -bP macros"& command to get the list of macros.
.section "Conditional skips in the configuration file" "SECID46"
.section "Conditional skips in the configuration file" "SECID46"
If an integer value is followed by the letter K, it is multiplied by 1024; if
it is followed by the letter M, it is multiplied by 1024x1024;
If an integer value is followed by the letter K, it is multiplied by 1024; if
it is followed by the letter M, it is multiplied by 1024x1024;
if by the letter G, 1024x1024x1024.
if by the letter G, 1024x1024x1024.
When the values
of integer option settings are output, values which are an exact multiple of
1024 or 1024x1024 are sometimes, but not always, printed using the letters K
When the values
of integer option settings are output, values which are an exact multiple of
1024 or 1024x1024 are sometimes, but not always, printed using the letters K
uses the PCRE regular expression library; this provides regular expression
matching that is compatible with Perl 5. The syntax and semantics of
regular expressions is discussed in
uses the PCRE regular expression library; this provides regular expression
matching that is compatible with Perl 5. The syntax and semantics of
regular expressions is discussed in
many Perl reference books, and also in
Jeffrey Friedl's &'Mastering Regular Expressions'&, which is published by
O'Reilly (see &url(http://www.oreilly.com/catalog/regex2/)).
many Perl reference books, and also in
Jeffrey Friedl's &'Mastering Regular Expressions'&, which is published by
O'Reilly (see &url(http://www.oreilly.com/catalog/regex2/)).
.cindex "expansion" "of lists"
Each list is expanded as a single string before it is used.
.cindex "expansion" "of lists"
Each list is expanded as a single string before it is used.
&'Exception: the router headers_remove option, where list-item
splitting is done before string-expansion.'&
&'Exception: the router headers_remove option, where list-item
splitting is done before string-expansion.'&
The result of
expansion must be a list, possibly containing empty items, which is split up
The result of
expansion must be a list, possibly containing empty items, which is split up
.vitem &*${base32:*&<&'digits'&>&*}*&
.cindex "&%base32%& expansion item"
.cindex "expansion" "conversion to base 32"
.vitem &*${base32:*&<&'digits'&>&*}*&
.cindex "&%base32%& expansion item"
.cindex "expansion" "conversion to base 32"
.cindex "expansion" "conversion to base 32"
The string must consist entirely of base-32 digits.
The number is converted to decimal and output as a string.
.cindex "expansion" "conversion to base 32"
The string must consist entirely of base-32 digits.
The number is converted to decimal and output as a string.
.vitem &*${base62:*&<&'digits'&>&*}*&
.cindex "&%base62%& expansion item"
.vitem &*${base62:*&<&'digits'&>&*}*&
.cindex "&%base62%& expansion item"
significant bit set (so-called &"8-bit characters"&) count as printing or not
is controlled by the &%print_topbitchars%& option.
significant bit set (so-called &"8-bit characters"&) count as printing or not
is controlled by the &%print_topbitchars%& option.
.vitem &*${escape8bit:*&<&'string'&>&*}*&
.cindex "expansion" "escaping 8-bit characters"
.cindex "&%escape8bit%& expansion item"
If the string contains and characters with the most significant bit set,
they are converted to escape sequences starting with a backslash.
Backslashes and DEL characters are also converted.
.vitem &*${escape8bit:*&<&'string'&>&*}*&
.cindex "expansion" "escaping 8-bit characters"
.cindex "&%escape8bit%& expansion item"
If the string contains and characters with the most significant bit set,
they are converted to escape sequences starting with a backslash.
Backslashes and DEL characters are also converted.
.vitem &*${eval:*&<&'string'&>&*}*&&~and&~&*${eval10:*&<&'string'&>&*}*&
.vitem &*${eval:*&<&'string'&>&*}*&&~and&~&*${eval10:*&<&'string'&>&*}*&
.cindex certificate fingerprint
.cindex "expansion" "SHA-256 hashing"
.cindex "&%sha256%& expansion item"
.cindex certificate fingerprint
.cindex "expansion" "SHA-256 hashing"
.cindex "&%sha256%& expansion item"
The &%sha256%& operator computes the SHA-256 hash value of the string
and returns
it as a 64-digit hexadecimal number, in which any letters are in upper case.
The &%sha256%& operator computes the SHA-256 hash value of the string
and returns
it as a 64-digit hexadecimal number, in which any letters are in upper case.
If the string is a single variable of type certificate,
returns the SHA-256 hash fingerprint of the certificate.
If the string is a single variable of type certificate,
returns the SHA-256 hash fingerprint of the certificate.
.vitem &*${sha3:*&<&'string'&>&*}*& &&&
&*${sha3_<n>:*&<&'string'&>&*}*&
.cindex "SHA3 hash"
.vitem &*${sha3:*&<&'string'&>&*}*& &&&
&*${sha3_<n>:*&<&'string'&>&*}*&
.cindex "SHA3 hash"
The &%sha3%& expansion item is only supported if Exim has been
compiled with GnuTLS 3.5.0 or later.
The &%sha3%& expansion item is only supported if Exim has been
compiled with GnuTLS 3.5.0 or later.
.vitem &*${stat:*&<&'string'&>&*}*&
.vitem &*${stat:*&<&'string'&>&*}*&
qualified host name. See also &$smtp_active_hostname$&.
qualified host name. See also &$smtp_active_hostname$&.
.vitem &$proxy_external_address$& &&&
&$proxy_external_port$& &&&
&$proxy_local_address$& &&&
.vitem &$proxy_external_address$& &&&
&$proxy_external_port$& &&&
&$proxy_local_address$& &&&
These variables are only available when built with Proxy Protocol
or Socks5 support
For details see chapter &<<SECTproxyInbound>>&.
These variables are only available when built with Proxy Protocol
or Socks5 support
For details see chapter &<<SECTproxyInbound>>&.
.vitem &$prdr_requested$&
.cindex "PRDR" "variable for"
.vitem &$prdr_requested$&
.cindex "PRDR" "variable for"
The value set for the &%qualify_recipient%& option in the configuration file,
or if not set, the value of &$qualify_domain$&.
The value set for the &%qualify_recipient%& option in the configuration file,
or if not set, the value of &$qualify_domain$&.
.vitem &$queue_name$&
.vindex &$queue_name$&
.cindex "named queues"
.cindex queues named
The name of the spool queue in use; empty for the default queue.
.vitem &$queue_name$&
.vindex &$queue_name$&
.cindex "named queues"
.cindex queues named
The name of the spool queue in use; empty for the default queue.
.vitem &$rcpt_count$&
.vindex "&$rcpt_count$&"
.vitem &$rcpt_count$&
.vindex "&$rcpt_count$&"
There is also a command line option &%-pd%& (for delay) which suppresses the
initial startup, even if &%perl_at_start%& is set.
There is also a command line option &%-pd%& (for delay) which suppresses the
initial startup, even if &%perl_at_start%& is set.
.ilist
.oindex "&%perl_taintmode%&"
.cindex "Perl" "taintmode"
.ilist
.oindex "&%perl_taintmode%&"
.cindex "Perl" "taintmode"
taint mode of the Perl interpreter. You are encouraged to set this
option to a true value. To avoid breaking existing installations, it
defaults to false.
taint mode of the Perl interpreter. You are encouraged to set this
option to a true value. To avoid breaking existing installations, it
defaults to false.
.section "Calling Perl subroutines" "SECID86"
.section "Calling Perl subroutines" "SECID86"
See section &<<CALLaddparcall>>& for details of how this value is used.
See section &<<CALLaddparcall>>& for details of how this value is used.
.option check_log_inodes main integer 100
.option check_log_inodes main integer 100
See &%check_spool_space%& below.
See &%check_spool_space%& below.
.option check_log_space main integer 10M
.option check_log_space main integer 10M
See &%check_spool_space%& below.
.oindex "&%check_rfc2047_length%&"
See &%check_spool_space%& below.
.oindex "&%check_rfc2047_length%&"
set false, Exim recognizes encoded words of any length.
set false, Exim recognizes encoded words of any length.
.option check_spool_inodes main integer 100
.option check_spool_inodes main integer 100
See &%check_spool_space%& below.
See &%check_spool_space%& below.
.option check_spool_space main integer 10M
.option check_spool_space main integer 10M
.cindex "checking disk space"
.cindex "disk space, checking"
.cindex "spool directory" "checking space"
.cindex "checking disk space"
.cindex "disk space, checking"
.cindex "spool directory" "checking space"
failure a message is written to stderr and Exim exits with a non-zero code, as
it obviously cannot send an error message of any kind.
failure a message is written to stderr and Exim exits with a non-zero code, as
it obviously cannot send an error message of any kind.
There is a slight performance penalty for these checks.
Versions of Exim preceding 4.88 had these disabled by default;
high-rate installations confident they will never run out of resources
may wish to deliberately disable them.
There is a slight performance penalty for these checks.
Versions of Exim preceding 4.88 had these disabled by default;
high-rate installations confident they will never run out of resources
may wish to deliberately disable them.
.option chunking_advertise_hosts main "host list&!!" *
.cindex CHUNKING advertisement
.cindex "RFC 3030" "CHUNKING"
The CHUNKING extension (RFC3030) will be advertised in the EHLO message to
these hosts.
Hosts may use the BDAT command as an alternate to DATA.
.option chunking_advertise_hosts main "host list&!!" *
.cindex CHUNKING advertisement
.cindex "RFC 3030" "CHUNKING"
The CHUNKING extension (RFC3030) will be advertised in the EHLO message to
these hosts.
Hosts may use the BDAT command as an alternate to DATA.
.option daemon_smtp_ports main string &`smtp`&
.cindex "port" "for daemon"
.option daemon_smtp_ports main string &`smtp`&
.cindex "port" "for daemon"
run. If you do not want queue runs to occur, omit the &%-q%&&'xx'& setting on
the daemon's command line.
run. If you do not want queue runs to occur, omit the &%-q%&&'xx'& setting on
the daemon's command line.
.cindex queues named
.cindex "named queues"
To set limits for different named queues use
an expansion depending on the &$queue_name$& variable.
.cindex queues named
.cindex "named queues"
To set limits for different named queues use
an expansion depending on the &$queue_name$& variable.
.option queue_smtp_domains main "domain list&!!" unset
.cindex "queueing incoming messages"
.option queue_smtp_domains main "domain list&!!" unset
.cindex "queueing incoming messages"
Server Name Indication extension, then this option and others documented in
&<<SECTtlssni>>& will be re-expanded.
Server Name Indication extension, then this option and others documented in
&<<SECTtlssni>>& will be re-expanded.
If this option is unset or empty a fresh self-signed certificate will be
generated for every connection.
If this option is unset or empty a fresh self-signed certificate will be
generated for every connection.
.option tls_crl main string&!! unset
.cindex "TLS" "server certificate revocation list"
.option tls_crl main string&!! unset
.cindex "TLS" "server certificate revocation list"
The value of this option is expanded and indicates the source of DH parameters
to be used by Exim.
The value of this option is expanded and indicates the source of DH parameters
to be used by Exim.
&*Note: The Exim Maintainers strongly recommend using a filename with site-generated
local DH parameters*&, which has been supported across all versions of Exim. The
other specific constants available are a fallback so that even when
"unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS.
&*Note: The Exim Maintainers strongly recommend using a filename with site-generated
local DH parameters*&, which has been supported across all versions of Exim. The
other specific constants available are a fallback so that even when
"unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS.
If &%tls_dhparam%& is a filename starting with a &`/`&,
then it names a file from which DH
If &%tls_dhparam%& is a filename starting with a &`/`&,
then it names a file from which DH
does not exist, Exim will attempt to create it.
See section &<<SECTgnutlsparam>>& for further details.
does not exist, Exim will attempt to create it.
See section &<<SECTgnutlsparam>>& for further details.
If Exim is using OpenSSL and this option is empty or unset, then Exim will load
a default DH prime; the default is Exim-specific but lacks verifiable provenance.
If Exim is using OpenSSL and this option is empty or unset, then Exim will load
a default DH prime; the default is Exim-specific but lacks verifiable provenance.
At this point, all of the "ike" values should be considered obsolete;
they're still in Exim to avoid breaking unusual configurations, but are
candidates for removal the next time we have backwards-incompatible changes.
At this point, all of the "ike" values should be considered obsolete;
they're still in Exim to avoid breaking unusual configurations, but are
candidates for removal the next time we have backwards-incompatible changes.
The TLS protocol does not negotiate an acceptable size for this; clients tend
to hard-drop connections if what is offered by the server is unacceptable,
The TLS protocol does not negotiate an acceptable size for this; clients tend
to hard-drop connections if what is offered by the server is unacceptable,
unauthenticated. See also &%hosts_require_auth%&, and chapter
&<<CHAPSMTPAUTH>>& for details of authentication.
unauthenticated. See also &%hosts_require_auth%&, and chapter
&<<CHAPSMTPAUTH>>& for details of authentication.
.option hosts_try_chunking smtp "host list&!!" *
.cindex CHUNKING "enabling, in client"
.cindex BDAT "SMTP command"
.option hosts_try_chunking smtp "host list&!!" *
.cindex CHUNKING "enabling, in client"
.cindex BDAT "SMTP command"
This option provides a list of servers to which, provided they announce
CHUNKING support, Exim will attempt to use BDAT commands rather than DATA.
BDAT will not be used in conjunction with a transport filter.
This option provides a list of servers to which, provided they announce
CHUNKING support, Exim will attempt to use BDAT commands rather than DATA.
BDAT will not be used in conjunction with a transport filter.
.option hosts_try_fastopen smtp "host list!!" unset
.cindex "fast open, TCP" "enabling, in client"
.cindex "TCP Fast Open" "enabling, in client"
.option hosts_try_fastopen smtp "host list!!" unset
.cindex "fast open, TCP" "enabling, in client"
.cindex "TCP Fast Open" "enabling, in client"
On (at least some) current Linux distributions the facility must be enabled
in the kernel by the sysadmin before the support is usable.
On (at least some) current Linux distributions the facility must be enabled
in the kernel by the sysadmin before the support is usable.
.option hosts_try_prdr smtp "host list&!!" *
.cindex "PRDR" "enabling, optional in client"
.option hosts_try_prdr smtp "host list&!!" *
.cindex "PRDR" "enabling, optional in client"
To enable TLS operations on a server, the &%tls_advertise_hosts%& option
must be set to match some hosts. The default is * which matches all hosts.
To enable TLS operations on a server, the &%tls_advertise_hosts%& option
must be set to match some hosts. The default is * which matches all hosts.
If this is all you do, TLS encryption will be enabled but not authentication -
meaning that the peer has no assurance it is actually you he is talking to.
You gain protection from a passive sniffer listening on the wire but not
from someone able to intercept the communication.
If this is all you do, TLS encryption will be enabled but not authentication -
meaning that the peer has no assurance it is actually you he is talking to.
You gain protection from a passive sniffer listening on the wire but not
from someone able to intercept the communication.
Further protection requires some further configuration at the server end.
Further protection requires some further configuration at the server end.
attacks in the string (&`../`& or SQL), and ensuring that a valid filename
can always be referenced; it is important to remember that &$tls_in_sni$& is
arbitrary unverified data provided prior to authentication.
attacks in the string (&`../`& or SQL), and ensuring that a valid filename
can always be referenced; it is important to remember that &$tls_in_sni$& is
arbitrary unverified data provided prior to authentication.
Further, the initial certificate is loaded before SNI is arrived, so
an expansion for &%tls_certificate%& must have a default which is used
when &$tls_in_sni$& is empty.
Further, the initial certificate is loaded before SNI is arrived, so
an expansion for &%tls_certificate%& must have a default which is used
when &$tls_in_sni$& is empty.
The Exim developers are proceeding cautiously and so far no other TLS options
are re-expanded.
The Exim developers are proceeding cautiously and so far no other TLS options
are re-expanded.
the ACL specified by &%acl_smtp_data%&, which is the second ACL that is
associated with the DATA command.
the ACL specified by &%acl_smtp_data%&, which is the second ACL that is
associated with the DATA command.
.cindex CHUNKING "BDAT command"
.cindex BDAT "SMTP command"
.cindex "RFC 3030" CHUNKING
.cindex CHUNKING "BDAT command"
.cindex BDAT "SMTP command"
.cindex "RFC 3030" CHUNKING
. XXX why not? It should be possible, for the first BDAT.
The &%acl_smtp_data%& is run after the last BDAT command and all of
the data specified is received.
. XXX why not? It should be possible, for the first BDAT.
The &%acl_smtp_data%& is run after the last BDAT command and all of
the data specified is received.
For both of these ACLs, it is not possible to reject individual recipients. An
error response rejects the entire message. Unfortunately, it is known that some
For both of these ACLs, it is not possible to reject individual recipients. An
error response rejects the entire message. Unfortunately, it is known that some
.vitem &*queue*&&~=&~<&'text'&>
This modifier specifies the use of a named queue for spool files
for the message.
.vitem &*queue*&&~=&~<&'text'&>
This modifier specifies the use of a named queue for spool files
for the message.
of traffic, or for quarantine of messages.
Separate queue-runner processes will be needed for named queues.
If the text after expansion is empty, the default queue is used.
of traffic, or for quarantine of messages.
Separate queue-runner processes will be needed for named queues.
If the text after expansion is empty, the default queue is used.
.vitem &*remove_header*&&~=&~<&'text'&>
.vitem &*remove_header*&&~=&~<&'text'&>
the delivery log lines are tagged with ">>" rather than "=>" and appear
before the acceptance "<=" line.
the delivery log lines are tagged with ">>" rather than "=>" and appear
before the acceptance "<=" line.
If there is a temporary error the item is queued for later delivery in the
usual fashion.
This behaviour can be adjusted by appending the option &*defer=*&<&'value'&>
If there is a temporary error the item is queued for later delivery in the
usual fashion.
This behaviour can be adjusted by appending the option &*defer=*&<&'value'&>
&"pass"& copies an SMTP defer response from the target back to the initiator
and does not queue the message.
Note that this is independent of any recipient verify conditions in the ACL.
&"pass"& copies an SMTP defer response from the target back to the initiator
and does not queue the message.
Note that this is independent of any recipient verify conditions in the ACL.
Delivery in this mode avoids the generation of a bounce mail to a
(possibly faked)
Delivery in this mode avoids the generation of a bounce mail to a
(possibly faked)
may access any variables already defined. The logging may be adjusted with
the &'opts'& option, which takes the same values as the &`-d`& command-line
option.
may access any variables already defined. The logging may be adjusted with
the &'opts'& option, which takes the same values as the &`-d`& command-line
option.
Logging may be stopped, and the file removed, with the &'kill'& option.
Logging may be stopped, and the file removed, with the &'kill'& option.
Some examples (which depend on variables that don't exist in all
contexts):
.code
Some examples (which depend on variables that don't exist in all
contexts):
.code
A multiline text table, containing the full SpamAssassin report for the
message. Useful for inclusion in headers or reject messages.
This variable is only usable in a DATA-time ACL.
A multiline text table, containing the full SpamAssassin report for the
message. Useful for inclusion in headers or reject messages.
This variable is only usable in a DATA-time ACL.
Beware that SpamAssassin may return non-ASCII characters, especially
when running in country-specific locales, which are not legal
unencoded in headers.
Beware that SpamAssassin may return non-ASCII characters, especially
when running in country-specific locales, which are not legal
unencoded in headers.
.vitem &$spam_action$&
For SpamAssassin either 'reject' or 'no action' depending on the
.vitem &$spam_action$&
For SpamAssassin either 'reject' or 'no action' depending on the
.vitem &%$dkim_copiedheaders%&
A transcript of headers and their values which are included in the signature
(copied from the 'z=' tag of the signature).
.vitem &%$dkim_copiedheaders%&
A transcript of headers and their values which are included in the signature
(copied from the 'z=' tag of the signature).
Note that RFC6376 requires that verification fail if the From: header is
not included in the signature. Exim does not enforce this; sites wishing
strict enforcement should code the check explicitly.
Note that RFC6376 requires that verification fail if the From: header is
not included in the signature. Exim does not enforce this; sites wishing
strict enforcement should code the check explicitly.
.vitem &%$dkim_bodylength%&
The number of signed body bytes. If zero ("0"), the body is unsigned. If no
.vitem &%$dkim_bodylength%&
The number of signed body bytes. If zero ("0"), the body is unsigned. If no
Note that the above does not check for a total lack of DKIM signing;
for that check for empty &$h_DKIM-Signature:$& in the data ACL.
Note that the above does not check for a total lack of DKIM signing;
for that check for empty &$h_DKIM-Signature:$& in the data ACL.
.vitem &%dkim_status%&
ACL condition that checks a colon-separated list of possible DKIM verification
.vitem &%dkim_status%&
ACL condition that checks a colon-separated list of possible DKIM verification
main configuration option to a hostlist; connections from these
hosts will use Proxy Protocol.
main configuration option to a hostlist; connections from these
hosts will use Proxy Protocol.
The following expansion variables are usable
(&"internal"& and &"external"& here refer to the interfaces
of the proxy):
The following expansion variables are usable
(&"internal"& and &"external"& here refer to the interfaces
of the proxy):
.endd
If &$proxy_session$& is set but &$proxy_external_address$& is empty
there was a protocol error.
.endd
If &$proxy_session$& is set but &$proxy_external_address$& is empty
there was a protocol error.
Since the real connections are all coming from the proxy, and the
per host connection tracking is done before Proxy Protocol is
Since the real connections are all coming from the proxy, and the
per host connection tracking is done before Proxy Protocol is
test from the snapshots or the Git before the documentation is updated. Once
the documentation is updated, this file is reduced to a short list.
test from the snapshots or the Git before the documentation is updated. Once
the documentation is updated, this file is reduced to a short list.
Version 4.89
------------
Version 4.89
------------
git://git.exim.org / exim.git / commitdiff