. /////////////////////////////////////////////////////////////////////////////
.set previousversion "4.75"
-.set version "4.77"
+.set version "4.80"
.set ACL "access control lists (ACLs)"
.set I " "
<bookinfo>
<title>Specification of the Exim Mail Transfer Agent</title>
<titleabbrev>The Exim MTA</titleabbrev>
-<date>06 May 2011</date>
+<date>17 May 2012</date>
<author><firstname>Exim</firstname><surname>Maintainers</surname></author>
<authorinitials>EM</authorinitials>
<revhistory><revision>
- <revnumber>4.77</revnumber>
- <date>10 Oct 2011</date>
+ <revnumber>4.80</revnumber>
+ <date>17 May 2012</date>
<authorinitials>EM</authorinitials>
</revision></revhistory>
-<copyright><year>2011</year><holder>University of Cambridge</holder></copyright>
+<copyright><year>2012</year><holder>University of Cambridge</holder></copyright>
</bookinfo>
.literal off
&`fail`& keyword causes a &'forced expansion failure'& &-- see section
&<<SECTforexpfai>>& for an explanation of what this means.
-The supported DNS record types are A, CNAME, MX, NS, PTR, SRV, and TXT, and,
-when Exim is compiled with IPv6 support, AAAA (and A6 if that is also
+.new
+The supported DNS record types are A, CNAME, MX, NS, PTR, SPF, SRV, and TXT,
+and, when Exim is compiled with IPv6 support, AAAA (and A6 if that is also
configured). If no type is given, TXT is assumed. When the type is PTR,
the data can be an IP address, written as normal; inversion and the addition of
&%in-addr.arpa%& or &%ip6.arpa%& happens automatically. For example:
+.wen
.code
${lookup dnsdb{ptr=192.168.4.5}{$value}fail}
.endd
white space is ignored.
.cindex "TXT record" "in &(dnsdb)& lookup"
+.cindex "SPF record" "in &(dnsdb)& lookup"
+.new
For TXT records with multiple items of data, only the first item is returned,
unless a separator for them is specified using a comma after the separator
character followed immediately by the TXT record item separator. To concatenate
-items without a separator, use a semicolon instead.
+items without a separator, use a semicolon instead. For SPF records the
+default behaviour is to concatenate multiple items without using a separator.
+.wen
.code
${lookup dnsdb{>\n,: txt=a.b.example}}
${lookup dnsdb{>\n; txt=a.b.example}}
+${lookup dnsdb{spf=example.org}}
.endd
It is permitted to specify a space as the separator character. Further
white space is ignored.
on how Exim was built; the values are not suitable for keying material.
If Exim is linked against OpenSSL then RAND_pseudo_bytes() is used.
.new
-if Exim is linked against GnuTLS then gnutls_rnd(GNUTLS_RND_NONCE) is used.
+If Exim is linked against GnuTLS then gnutls_rnd(GNUTLS_RND_NONCE) is used,
+for versions of GnuTLS with that function.
.wen
Otherwise, the implementation may be arc4random(), random() seeded by
srandomdev() or srandom(), or a custom implementation even weaker than
.vindex "&$tod_epoch$&"
The time and date as a number of seconds since the start of the Unix epoch.
+.vitem &$tod_epoch_l$&
+.vindex "&$tod_epoch_l$&"
+The time and date as a number of microseconds since the start of the Unix epoch.
+
.vitem &$tod_full$&
.vindex "&$tod_full$&"
A full version of the time and date, for example: Wed, 16 Oct 1995 09:51:40
.row &%tls_advertise_hosts%& "advertise TLS to these hosts"
.row &%tls_certificate%& "location of server certificate"
.row &%tls_crl%& "certificate revocation list"
+.row &%tls_dh_max_bits%& "clamp D-H bit count suggestion"
.row &%tls_dhparam%& "DH parameters for server"
.row &%tls_on_connect_ports%& "specify SSMTP (SMTPS) ports"
.row &%tls_privatekey%& "location of server private key"
invoking Exim with the &%-bV%& flag.
.new
-Historical note: prior to release 4.78, Exim defaulted this value to
+Historical note: prior to release 4.80, Exim defaulted this value to
"+dont_insert_empty_fragments", which may still be needed for compatibility
with some clients, but which lowers security by increasing exposure to
some now infamous attacks.
.wen
+.new
+.option tls_dh_max_bits main integer 2236
+.cindex "TLS" "D-H bit count"
+The number of bits used for Diffie-Hellman key-exchange may be suggested by
+the chosen TLS library. That value might prove to be too high for
+interoperability. This option provides a maximum clamp on the value
+suggested, trading off security for interoperability.
+
+The value must be at least 1024.
+
+The value 2236 was chosen because, at time of adding the option, it was the
+hard-coded maximum value supported by the NSS cryptographic library, as used
+by Thunderbird, while GnuTLS was suggesting 2432 bits as normal.
+
+If you prefer more security and are willing to break some clients, raise this
+number.
+.wen
+
+
.option tls_dhparam main string&!! unset
.cindex "TLS" "D-H parameters for server"
The value of this option is expanded, and must then be the absolute path to
This is used only for OpenSSL. When Exim is linked with GnuTLS, this option is
ignored. See section &<<SECTopenvsgnu>>& for further details.
+.new
+If the DH bit-count from loading the file is greater than tls_dh_max_bits then
+it will be ignored.
+.wen
+
.option tls_on_connect_ports main "string list" unset
This option specifies a list of incoming SSMTP (aka SMTPS) ports that should
case routing fails.
+.new
+.section "Declining addresses by dnslookup" "SECTdnslookupdecline"
+.cindex "&(dnslookup)& router" "declines"
+There are a few cases where a &(dnslookup)& router will decline to accept
+an address; if such a router is expected to handle "all remaining non-local
+domains", then it is important to set &%no_more%&.
+
+Reasons for a &(dnslookup)& router to decline currently include:
+.ilist
+The domain does not exist in DNS
+.next
+The domain exists but the MX record's host part is just "."; this is a common
+convention (borrowed from SRV) used to indicate that there is no such service
+for this domain and to not fall back to trying A/AAAA records.
+.next
+Ditto, but for SRV records, when &%check_srv%& is set on this router.
+.next
+MX record points to a non-existent host.
+.next
+MX record points to an IP address and the main section option
+&%allow_mx_to_ip%& is not set.
+.next
+MX records exist and point to valid hosts, but all hosts resolve only to
+addresses blocked by the &%ignore_target_hosts%& generic option on this router.
+.next
+The domain is not syntactically valid (see also &%allow_utf8_domains%& and
+&%dns_check_names_pattern%& for handling one variant of this)
+.next
+&%check_secondary_mx%& is set on this router but the local host can
+not be found in the MX records (see below)
+.endlist
+.wen
+
+
.section "Private options for dnslookup" "SECID118"
.cindex "authentication" "CRAM-MD5"
.cindex "authentication" "SCRAM-SHA-1"
The &(gsasl)& authenticator provides server integration for the GNU SASL
-library and the mechanisms it provides. This is new as of the 4.78 release
+library and the mechanisms it provides. This is new as of the 4.80 release
and there are a few areas where the library does not let Exim smoothly
scale to handle future authentication mechanisms, so no guarantee can be
made that any particular new authentication mechanism will be supported
without code changes in Exim.
-.option server_channelbinding gsasl bool false
+.option server_channelbinding gsasl boolean false
Some authentication mechanisms are able to use external context at both ends
of the session to bind the authentication to that context, and fail the
authentication process if that context differs. Specifically, some TLS
name of a directory (for OpenSSL it can be either).
.next
The &%tls_dhparam%& option is ignored, because early versions of GnuTLS had no
-facility for varying its Diffie-Hellman parameters. I understand that this has
-changed, but Exim has not been updated to provide this facility.
+facility for varying its Diffie-Hellman parameters.
+.new
+Since then, the GnuTLS support has been updated to generate parameters upon
+demand, keeping them in the spool directory. See &<<SECTgnutlsparam>>& for
+details.
+.wen
.next
.vindex "&$tls_peerdn$&"
Distinguished Name (DN) strings reported by the OpenSSL library use a slash for
affects the value of the &$tls_peerdn$& variable.
.next
OpenSSL identifies cipher suites using hyphens as separators, for example:
-DES-CBC3-SHA. GnuTLS uses underscores, for example: RSA_ARCFOUR_SHA. What is
-more, OpenSSL complains if underscores are present in a cipher list. To make
-life simpler, Exim changes underscores to hyphens for OpenSSL and hyphens to
-underscores for GnuTLS when processing lists of cipher suites in the
+DES-CBC3-SHA. GnuTLS historically used underscores, for example:
+RSA_ARCFOUR_SHA. What is more, OpenSSL complains if underscores are present
+in a cipher list. To make life simpler, Exim changes underscores to hyphens
+for OpenSSL and passes the string unchanged to GnuTLS (expecting the library
+to handle its own older variants) when processing lists of cipher suites in the
&%tls_require_ciphers%& options (the global option and the &(smtp)& transport
option).
.next
.endlist
-.section "GnuTLS parameter computation" "SECID181"
+.section "GnuTLS parameter computation" "SECTgnutlsparam"
.new
GnuTLS uses D-H parameters that may take a substantial amount of time
to compute. It is unreasonable to re-compute them for every TLS session.
Therefore, Exim keeps this data in a file in its spool directory, called
-&_gnutls-params-normal_&.
+&_gnutls-params-NNNN_& for some value of NNNN, corresponding to the number
+of bits requested.
The file is owned by the Exim user and is readable only by
its owner. Every Exim process that start up GnuTLS reads the D-H
parameters from this file. If the file does not exist, the first Exim process
a substantial amount of time, causing timeouts on incoming connections.
The solution is to generate the parameters externally to Exim. They are stored
-in &_gnutls-params-normal_& in PEM format, which means that they can be
+in &_gnutls-params-N_& in PEM format, which means that they can be
generated externally using the &(certtool)& command that is part of GnuTLS.
To replace the parameters with new ones, instead of deleting the file
&(certtool)& and, when this has been done, replace Exim's cache file by
renaming. The relevant commands are something like this:
.code
+# ls
+[ look for file; assume gnutls-params-2236 is the most recent ]
# rm -f new-params
# touch new-params
# chown exim:exim new-params
# chmod 0600 new-params
-# certtool --generate-dh-params >>new-params
+# certtool --generate-dh-params --bits 2236 >>new-params
# chmod 0400 new-params
-# mv new-params gnutls-params-normal
+# mv new-params gnutls-params-2236
.endd
If Exim never has to generate the parameters itself, the possibility of
stalling is removed.
-The filename changed in Exim 4.78, to gain the -normal suffix, corresponding
-to the GnuTLS constant &`GNUTLS_SEC_PARAM_NORMAL`&, defining the number of
-bits to include. At time of writing, NORMAL corresponds to 2432 bits for D-H.
+The filename changed in Exim 4.80, to gain the -bits suffix. The value which
+Exim will choose depends upon the version of GnuTLS in use. For older GnuTLS,
+the value remains hard-coded in Exim as 1024. As of GnuTLS 2.12.x, there is
+a way for Exim to ask for the "normal" number of bits for D-H public-key usage,
+and Exim does so. This attempt to remove Exim from TLS policy decisions
+failed, as GnuTLS 2.12 returns a value higher than the current hard-coded limit
+of the NSS library. Thus Exim gains the &%tls_dh_max_bits%& global option,
+which applies to all D-H usage, client or server. If the value returned by
+GnuTLS is greater than &%tls_dh_max_bits%& then the value will be clamped down
+to &%tls_dh_max_bits%&. The default value has been set at the current NSS
+limit, which is still much higher than Exim historically used.
+
+The filename and bits used will change as the GnuTLS maintainers change the
+value for their parameter &`GNUTLS_SEC_PARAM_NORMAL`&, as clamped by
+&%tls_dh_max_bits%&. At the time of writing (mid 2012), GnuTLS 2.12 recommends
+2432 bits, while NSS is limited to 2236 bits.
.wen
suites before the cipher negotiation takes place. This specifies which ciphers
are acceptable. The list is colon separated and may contain names like
DES-CBC3-SHA. Exim passes the expanded value of &%tls_require_ciphers%&
-directly to this function call. The following quotation from the OpenSSL
+directly to this function call.
+Many systems will install the OpenSSL manual-pages, so you may have
+&'ciphers(1)'& available to you.
+The following quotation from the OpenSSL
documentation specifies what forms of item are allowed in the cipher string:
.ilist
not be moved to the end of the list.
.endlist
+.new
+The OpenSSL &'ciphers(1)'& command may be used to test the results of a given
+string:
+.code
+# note single-quotes to get ! past any shell history expansion
+$ openssl ciphers 'HIGH:!MD5:!SHA1'
+.endd
+
+This example will let the library defaults be permitted on the MX port, where
+there's probably no identity verification anyway, but ups the ante on the
+submission ports where the administrator might have some influence on the
+choice of clients used:
+.code
+# OpenSSL variant; see man ciphers(1)
+tls_require_ciphers = ${if =={$received_port}{25}\
+ {DEFAULT}\
+ {HIGH:!MD5:!SHA1}}
+.endd
+.wen
+
.new
Documentation of the strings accepted may be found in the GnuTLS manual, under
"Priority strings". This is online as
-&url(http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html).
+&url(http://www.gnu.org/software/gnutls/manual/html_node/Priority-Strings.html),
+but beware that this relates to GnuTLS 3, which may be newer than the version
+installed on your system. If you are using GnuTLS 3,
+&url(http://www.gnu.org/software/gnutls/manual/html_node/Listing-the-ciphersuites-in-a-priority-string.html, then the example code)
+on that site can be used to test a given string.
-Prior to Exim 4.78, an older API of GnuTLS was used, and Exim supported three
+Prior to Exim 4.80, an older API of GnuTLS was used, and Exim supported three
additional options, "&%gnutls_require_kx%&", "&%gnutls_require_mac%&" and
"&%gnutls_require_protocols%&". &%tls_require_ciphers%& was an Exim list.
+
+This example will let the library defaults be permitted on the MX port, where
+there's probably no identity verification anyway, and lowers security further
+by increasing compatibility; but this ups the ante on the submission ports
+where the administrator might have some influence on the choice of clients
+used:
+.code
+# GnuTLS variant
+tls_require_ciphers = ${if =={$received_port}{25}\
+ {NORMAL:%COMPAT}\
+ {SECURE128}}
+.endd
.wen