settings can be obtained by using &%routers%&, &%transports%&, or
&%authenticators%&.
+.cindex "environment"
+If &%environment%& is given as an argument, the set of environment
+variables is output, line by line. Using the &%-n%& flag suppresses the value of the
+variables.
+
.cindex "options" "macro &-- extracting"
If invoked by an admin user, then &%macro%&, &%macro_list%& and &%macros%&
are available, similarly to the drivers. Because macros are sometimes used
-.section "Expansion of lists" "SECID75"
+.section "Expansion of lists" "SECTlistexpand"
.cindex "expansion" "of lists"
Each list is expanded as a single string before it is used. The result of
expansion must be a list, possibly containing empty items, which is split up
This variable is set to the remote host's TCP port whenever &$host$& is set
for an outbound connection.
+.vitem &$initial_cwd$&
+.vindex "&$initial_cwd$&
+This variable contains the full path name of the initial working
+directory of the current Exim process. This may differ from the current
+working directory, as Exim changes this to "/" during early startup, and
+to &$spool_directory$& later.
.vitem &$inode$&
.vindex "&$inode$&"
This option defines the ACL that is run when an SMTP VRFY command is
received. See chapter &<<CHAPACL>>& for further details.
+.new
+.option add_environment main "string list" empty
+.cindex "environment" "inherited"
+This option allows to set individual environment variables that the
+currently linked libraries and programs in child processes use. The
+default list is empty,
+.wen
+
.option admin_groups main "string list&!!" unset
.cindex "admin user"
This option is expanded just once, at the start of Exim's processing. If the
.option ignore_fromline_local main boolean false
See &%ignore_fromline_hosts%& above.
+.new
+.option keep_environment main "string list" unset
+.cindex "environment" "inherited"
+This option contains a string list of environment variables to keep.
+You have to trust these variables or you have to be sure that
+these variables do not impose any security risk. Keep in mind that
+during the startup phase Exim is running with an effective UID 0 in most
+installations. As the default value is an empty list, the default
+environment for using libraries, running embedded Perl code, or running
+external binaries is empty, and does not not even contain PATH or HOME.
+
+Actually the list is interpreted as a list of patterns
+(&<<SECTlistexpand>>&), except that it is not expanded first.
+
+WARNING: Macro substitution is still done first, so having a macro
+FOO and having FOO_HOME in your &%keep_environment%& option may have
+unexpected results. You may work around this using a regular expression
+that does not match the macro name: ^[F]OO_HOME$.
+
+Current versions of Exim issue a warning during startupif you do not mention
+&%keep_environment%& or &%add_environment%& in your runtime configuration
+file.
+.wen
+
.option keep_malformed main time 4d
This option specifies the length of time to keep messages whose spool files
&%sender_unqualified_hosts%&, or if the message was submitted locally (not
using TCP/IP), and the &%-bnq%& option was not set.
+.option set_environment main "string list" empty
+.cindex "environment"
+This option allows to set individual environment variables that the
+currently linked libraries and programs in child processes use. The
+default list is empty,
+
.option slow_lookup_log main integer 0
.cindex "logging" "slow lookups"
Curve names of the form &'prime256v1'& are accepted.
For even more-recent library versions, names of the form &'P-512'&
are also accepted, plus the special value &'auto'&
-which tell the library to choose.
+which tells the library to choose.
If the option is set to an empty string, no EC curves will be enabled.
.option tls_verify_hosts smtp "host list&!!" unset
.cindex "TLS" "server certificate verification"
.cindex "certificate" "verification of server"
-This option gives a list of hosts for which. on encrypted connections,
+This option gives a list of hosts for which, on encrypted connections,
certificate verification must succeed.
The &%tls_verify_certificates%& option must also be set.
If both this option and &%tls_try_verify_hosts%& are unset
.section "Testing ACLs" "SECID188"
The &%-bh%& command line option provides a way of testing your ACL
configuration locally by running a fake SMTP session with which you interact.
-The host &'relay-test.mail-abuse.org'& provides a service for checking your
-relaying configuration (see section &<<SECTcheralcon>>& for more details).
-
.section "Specifying when ACLs are used" "SECID189"
An attempt to set this option for any recipient but the first
for a mail will be quietly ignored.
-If a recipient-verify callout connection is subsequently
+If a recipient-verify callout
+.new
+(with use_sender)
+.wen
+connection is subsequently
requested in the same ACL it is held open and used for
any subsequent recipients and the data,
otherwise one is made after the initial RCPT ACL completes.
modified by any of the post-data ACLs (DATA, MIME and DKIM).
Headers may be modified by routers (subject to the above) and transports.
+.new
+All the usual ACLs are called; if one results in the message being
+rejected, all effort spent in delivery (including the costs on
+the ultimate destination) will be wasted.
+Note that in the case of data-time ACLs this includes the entire
+message body.
+.wen
+
Cutthrough delivery is not supported via transport-filters or when DKIM signing
of outgoing messages is done, because it sends data to the ultimate destination
before the entire message has been received from the source.
You can check the relay characteristics of your configuration in the same way
that you can test any ACL behaviour for an incoming SMTP connection, by using
the &%-bh%& option to run a fake SMTP session with which you interact.
-
-For specifically testing for unwanted relaying, the host
-&'relay-test.mail-abuse.org'& provides a useful service. If you telnet to this
-host from the host on which Exim is running, using the normal telnet port, you
-will see a normal telnet connection message and then quite a long delay. Be
-patient. The remote host is making an SMTP connection back to your host, and
-trying a number of common probes to test for open relay vulnerability. The
-results of the tests will eventually appear on your terminal.
.ecindex IIDacl
&` `& on &"Completed"& lines: time spent on queue
&`R `& on &`<=`& lines: reference for local bounce
&` `& on &`=>`& &`**`& and &`==`& lines: router name
-&`S `& size of message
+&`S `& size of message in bytes
&`SNI `& server name indication from TLS client hello
&`ST `& shadow transport name
&`T `& on &`<=`& lines: message subject (topic)
git://git.exim.org / users / heiko / exim.git / blobdiff