.set I " "
.macro copyyear
-2017
+2018
.endmacro
. /////////////////////////////////////////////////////////////////////////////
${lookup redis{get keyname}}
.endd
+.new
+As of release 4.91, "lightweight" support for Redis Cluster is available.
+Requires &%redis_servers%& list to contain all the servers in the cluster, all
+of which must be reachable from the running exim instance. If the cluster has
+master/slave replication, the list must contain all the master and slave
+servers.
+
+When the Redis Cluster returns a "MOVED" response to a query, exim does not
+immediately follow the redirection but treats the response as a DEFER, moving on
+to the next server in the &%redis_servers%& list until the correct server is
+reached.
+.wen
+
.ecindex IIDfidalo1
.ecindex IIDfidalo2
.vitem &$spf_header_comment$& &&&
&$spf_received$& &&&
&$spf_result$& &&&
+ &$spf_result_guessed$& &&&
&$spf_smtp_comment$&
These variables are only available if Exim is built with SPF support.
For details see section &<<SECSPF>>&.
There is a new variable &$tls_out_dane$& which will have "yes" if
verification succeeded using DANE and "no" otherwise (only useful
-in combination with EXPERIMENTAL_EVENT), and a new variable &$tls_out_tlsa_usage$& (detailed above).
+in combination with events; see &<<CHAPevents>>&),
+and a new variable &$tls_out_tlsa_usage$& (detailed above).
+
+.cindex DANE reporting
+An event (see &<<CHAPevents>>&) of type "dane:fail" will be raised on failures
+to achieve DANE-verified connection, if one was either requested and offered, or
+required. This is intended to support TLS-reporting as defined in
+&url(https://tools.ietf.org/html/draft-ietf-uta-smtp-tlsrpt-17).
+The &$event_data$& will be one of the Result Types defined in
+Section 4.3 of that document.
Under GnuTLS, DANE is only supported from version 3.0.0 onwards.
.wen
.vitem &%avast%&
.cindex "virus scanners" "avast"
This is the scanner daemon of Avast. It has been tested with Avast Core
-Security (currently at version 1.1.7).
-You can get a trial version at &url(http://www.avast.com) or for Linux
-at &url(http://www.avast.com/linux-server-antivirus).
+Security (currently at version 2.2.0).
+You can get a trial version at &url(https://www.avast.com) or for Linux
+at &url(https://www.avast.com/linux-server-antivirus).
This scanner type takes one option,
which can be either a full path to a UNIX socket,
or host and port specifiers separated by white space.
PACK
.endd
+Only the first virus detected will be reported.
+
.vitem &%aveserver%&
.cindex "virus scanners" "Kaspersky"
be a valid RSA private key in ASCII armor (.pem file), including line breaks
.new
.next
-with GnuTLS 3.6.0 or later, be a valid Ed25519 private key (same format as above)
+with GnuTLS 3.6.0 or OpenSSL 1.1.1 or later,
+be a valid Ed25519 private key (same format as above)
.wen
.next
start with a slash, in which case it is treated as a file that contains
.vitem &%$dkim_algo%&
The algorithm used. One of 'rsa-sha1' or 'rsa-sha256'.
.new
-If running under GnuTLS 3.6.0 or later, may also be 'ed25519-sha256'.
+If running under GnuTLS 3.6.0 or OpenSSL 1.1.1 or later,
+may also be 'ed25519-sha256'.
The "_CRYPTO_SIGN_ED25519" macro will be defined if support is present
for EC keys.
.wen
one of pass, fail, softfail, none, neutral, permerror or
temperror.
+.vitem &$spf_result_guessed$&
+.vindex &$spf_result_guessed$&
+ This boolean is trus only if a best-guess operation was used
+ and required in order to obtain a result.
+
.vitem &$spf_smtp_comment$&
.vindex &$spf_smtp_comment$&
This contains a string that can be used in a SMTP response
The current list of events is:
.display
+&`dane:fail after transport `& per connection
&`msg:complete after main `& per message
&`msg:delivery after transport `& per recipient
&`msg:rcpt:host:defer after transport `& per recipient per host
An additional variable, &$event_data$&, is filled with information varying
with the event type:
.display
+&`dane:fail `& failure reason
&`msg:delivery `& smtp confirmation message
&`msg:rcpt:host:defer `& error string
&`msg:rcpt:defer `& error string
return an empty string. Should it return anything else the
following will be forced:
.display
-&`msg:delivery `& (ignored)
-&`msg:host:defer `& (ignored)
-&`msg:fail:delivery`& (ignored)
&`tcp:connect `& do not connect
-&`tcp:close `& (ignored)
&`tls:cert `& refuse verification
&`smtp:connect `& close connection
.endd
-No other use is made of the result string.
+All other message types ignore the result string, and
+no other use is made of it.
For a tcp:connect event, if the connection is being made to a proxy
then the address and port variables will be that of the proxy and not