While a feature is experimental, there will be a build-time
option whose name starts "EXPERIMENTAL_" that must be set in
order to include the feature. This file contains information
-about experimenatal features, all of which are unstable and
-liable to incompatibile change.
+about experimental features, all of which are unstable and
+liable to incompatible change.
OCSP Stapling support
--------------------------------------------------------------
-X509 PKI certificates expire and can be revoked; to handle this, the
+X.509 PKI certificates expire and can be revoked; to handle this, the
clients need some way to determine if a particular certificate, from a
particular Certificate Authority (CA), is still valid. There are three
main ways to do so.
on each connection, so a new file will be handled transparently on the
next connection.
-Exim will check for a validity next update timestamp in the OCSP proof;
+Exim will check for a valid next update timestamp in the OCSP proof;
if not present, or if the proof has expired, it will be ignored.
At this point in time, we're gathering feedback on use, to determine if
it's worth adding complexity to the Exim daemon to periodically re-fetch
-OCSP files and somehow handling multiple files.
+OCSP files and somehow handling multiple files. There is no client support
+for OCSP in Exim, this is feature expected to be used by mail clients.
You can now run SPF checks in incoming SMTP by using the "spf"
ACL condition in either the MAIL, RCPT or DATA ACLs. When
-using it in the RCPT ACL, you can make the checks dependend on
+using it in the RCPT ACL, you can make the checks dependent on
the RCPT address (or domain), so you can check SPF records
only for certain target domains. This gives you the
possibility to opt-out certain customers that do not want
When the spf_guess condition has run, it sets up the same expansion
variables as when spf condition is run, described above.
-Additionally, since Best-guess is not standarized, you may redefine
+Additionally, since Best-guess is not standardized, you may redefine
what "Best-guess" means to you by redefining spf_guess variable in
global config. For example, the following:
in your Local/Makefile.
+DCC Support
+--------------------------------------------------------------
+
+*) Building exim
+
+In order to build exim with DCC support add
+
+EXPERIMENTAL_DCC=yes
+
+to your Makefile. (Re-)build/install exim. exim -d should show
+EXPERIMENTAL_DCC under "Support for".
+
+
+*) Configuration
+
+In the main section of exim.cf add at least
+ dccifd_address = /usr/local/dcc/var/dccifd
+or
+ dccifd_address = <ip> <port>
+
+In the DATA ACL you can use the new condition
+ dcc = *
+
+After that "$dcc_header" contains the X-DCC-Header.
+
+Return values are:
+ fail for overall "R", "G" from dccifd
+ defer for overall "T" from dccifd
+ accept for overall "A", "S" from dccifd
+
+dcc = */defer_ok works as for spamd.
+
+The "$dcc_result" variable contains the overall result from DCC
+answer. There will an X-DCC: header added to the mail.
+
+Usually you'll use
+ defer !dcc = *
+to greylist with DCC.
+
+If you set, in the main section,
+ dcc_direct_add_header = true
+then the dcc header will be added "in deep" and if the spool
+file was already written it gets removed. This forces Exim to
+write it again if needed. This helps to get the DCC Header
+through to eg. SpamAssassin.
+
+If you want to pass even more headers in the middle of the
+DATA stage you can set
+ $acl_m_dcc_add_header
+to tell the DCC routines add more information; eg, you might set
+this to some results from ClamAV. Be careful. Header syntax is
+not checked and is added "as is".
+
+
--------------------------------------------------------------
End of file
--------------------------------------------------------------
git://git.exim.org / users / heiko / exim.git / blobdiff