From: Heiko Schlittermann (HS12-RIPE) Date: Wed, 2 Mar 2016 18:53:07 +0000 (+0100) Subject: Merge branch 'master' X-Git-Tag: exim-4_87_RC6~16 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/d1af83598f7d6b32516a11bb28e569d592a05c48?ds=sidebyside;hp=-c Merge branch 'master' --- d1af83598f7d6b32516a11bb28e569d592a05c48 diff --combined doc/doc-docbook/spec.xfpt index 9d2316937,673cdf250..799104ec4 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@@ -3151,11 -3151,6 +3151,11 @@@ using one of the words &%router_list%& settings can be obtained by using &%routers%&, &%transports%&, or &%authenticators%&. +.cindex "environment" +If &%environment%& is given as an argument, the set of environment +variables is output, line by line. Using the &%-n%& flag supresses the value of the +variables. + .cindex "options" "macro &-- extracting" If invoked by an admin user, then &%macro%&, &%macro_list%& and &%macros%& are available, similarly to the drivers. Because macros are sometimes used @@@ -3487,8 -3482,6 +3487,8 @@@ name, but it can be a colon-separated l file that exists is used. Failure to open an existing file stops Exim from proceeding any further along the list, and an error is generated. +The file names need to be absolute names. + When this option is used by a caller other than root, and the list is different from the compiled-in list, Exim gives up its root privilege immediately, and runs with the real and effective uid and gid set to those of the caller. @@@ -7746,7 -7739,7 +7746,7 @@@ domain, host, address and local part li -.section "Expansion of lists" "SECID75" +.section "Expansion of lists" "SECTlistexpand" .cindex "expansion" "of lists" Each list is expanded as a single string before it is used. The result of expansion must be a list, possibly containing empty items, which is split up @@@ -13954,14 -13947,6 +13954,14 @@@ received. See chapter &<>& fo This option defines the ACL that is run when an SMTP VRFY command is received. See chapter &<>& for further details. +.new +.option add_environment main "string list" empty +.cindex "environment" "inherited" +This option allows to set individual environment variables that the +currently linked libraries and programs in child processes use. The +default list is empty, +.wen + .option admin_groups main "string list&!!" unset .cindex "admin user" This option is expanded just once, at the start of Exim's processing. If the @@@ -15049,30 -15034,6 +15049,30 @@@ process rather than a remote host, and .option ignore_fromline_local main boolean false See &%ignore_fromline_hosts%& above. +.new +.option keep_environment main "string list" unset +.cindex "environment" "inherited" +This option contains a string list of environment variables to keep. +You have to trust these variables or you have to be sure that +these variables do not impose any security risk. Keep in mind that +during the startup phase Exim is running with an effective UID 0 in most +installations. As the default value is an empty list, the default +environment for using libraries, running embedded Perl code, or running +external binaries is empty, and does not not even contain PATH or HOME. + +Actually the list is interpreted as a list of patterns +(&<>&), except that it is not expanded first. + +WARNING: Macro substitution is still done first, so having a macro +FOO and having FOO_HOME in your &%keep_environment%& option may have +unexpected results. You may work around this using a regular expression +that does not match the macro name: ^[F]OO_HOME$. + +Current versions of Exim issue a warning during startupif you do not mention +&%keep_environment%& or &%add_environment%& in your runtime configuration +file. +.wen + .option keep_malformed main time 4d This option specifies the length of time to keep messages whose spool files @@@ -16111,12 -16072,6 +16111,12 @@@ it qualifies them only if the message c &%sender_unqualified_hosts%&, or if the message was submitted locally (not using TCP/IP), and the &%-bnq%& option was not set. +.option set_environment main "string list" empty +.cindex "environment" +This option allows to set individual environment variables that the +currently linked libraries and programs in child processes use. The +default list is empty, + .option slow_lookup_log main integer 0 .cindex "logging" "slow lookups" @@@ -27505,9 -27460,6 +27505,6 @@@ a realistic ACL for checking RCPT comma .section "Testing ACLs" "SECID188" The &%-bh%& command line option provides a way of testing your ACL configuration locally by running a fake SMTP session with which you interact. - The host &'relay-test.mail-abuse.org'& provides a service for checking your - relaying configuration (see section &<>& for more details). - .section "Specifying when ACLs are used" "SECID189" @@@ -30958,14 -30910,6 +30955,6 @@@ in chapter &<>& You can check the relay characteristics of your configuration in the same way that you can test any ACL behaviour for an incoming SMTP connection, by using the &%-bh%& option to run a fake SMTP session with which you interact. - - For specifically testing for unwanted relaying, the host - &'relay-test.mail-abuse.org'& provides a useful service. If you telnet to this - host from the host on which Exim is running, using the normal telnet port, you - will see a normal telnet connection message and then quite a long delay. Be - patient. The remote host is making an SMTP connection back to your host, and - trying a number of common probes to test for open relay vulnerability. The - results of the tests will eventually appear on your terminal. .ecindex IIDacl