examples, tips, and know-how that have been contributed by Exim users.
.cindex Bugzilla
-An Exim Bugzilla exists at &url(http://bugs.exim.org). You can use
+An Exim Bugzilla exists at &url(https://bugs.exim.org). You can use
this to report bugs, and also to add items to the wish list. Please search
first to check that you are not duplicating a previous entry.
.cindex "bug reports"
.cindex "reporting bugs"
Reports of obvious bugs can be emailed to &'bugs@exim.org'& or reported
-via the Bugzilla (&url(http://bugs.exim.org)). However, if you are unsure
+via the Bugzilla (&url(https://bugs.exim.org)). However, if you are unsure
whether some behaviour is a bug or not, the best thing to do is to post a
message to the &'exim-dev'& mailing list and have it discussed.
by Exim in conjunction with the &%-MC%& option. It signifies that the
remote host supports the ESMTP &_DSN_& extension.
-.vitem &%-MCG%&
+.vitem &%-MCG%&&~<&'queue&~name'&>
.oindex "&%-MCG%&"
This option is not intended for use by external callers. It is used internally
by Exim in conjunction with the &%-MC%& option. It signifies that an
by Exim in conjunction with the &%-MC%& option, and passes on the fact that the
host to which Exim is connected supports TLS encryption.
+.new
+.vitem &%-MCt%&&~<&'IP&~address'&>&~<&'port'&>&~<&'cipher'&>
+.oindex "&%-MCt%&"
+This option is not intended for use by external callers. It is used internally
+by Exim in conjunction with the &%-MC%& option, and passes on the fact that the
+connection is being proxied by a parent process for handling TLS encryption.
+The arguments give the local address and port being proxied, and the TLS cipher.
+.wen
+
.vitem &%-Mc%&&~<&'message&~id'&>&~<&'message&~id'&>&~...
.oindex "&%-Mc%&"
.cindex "hints database" "not overridden by &%-Mc%&"
hexadecimal digits. There may be fewer than eight components if an empty
component (adjacent colons) is present. Only one empty component is permitted.
-&*Note*&: The checks are just on the form of the address; actual numerical
-values are not considered. Thus, for example, 999.999.999.999 passes the IPv4
-check. The main use of these tests is to distinguish between IP addresses and
+.new
+&*Note*&: The checks used to be just on the form of the address; actual numerical
+values were not considered. Thus, for example, 999.999.999.999 passed the IPv4
+check.
+This is no longer the case.
+.wen
+
+The main use of these tests is to distinguish between IP addresses and
host names, or between IPv4 and IPv6 addresses. For example, you could use
.code
${if isip4{$sender_host_address}...
message on the same connection. See section &<<SECTmulmessam>>& for an
explanation of when this might be needed.
+.new
+.option hosts_noproxy_tls smtp "host list&!!" *
+.cindex "TLS" "passing connection"
+.cindex "multiple SMTP deliveries"
+.cindex "TLS" "multiple message deliveries"
+For any host that matches this list, a TLS session which has
+been started will not be passed to a new delivery process for sending another
+message on the same session.
+
+The traditional implementation closes down TLS and re-starts it in the new
+process, on the same open TCP connection, for each successive message
+sent. If permitted by this option a pipe to to the new process is set up
+instead, and the original process maintains the TLS connection and proxies
+the SMTP connection from and to the new process and any subsequents.
+The new process has no access to TLS information, so cannot include it in
+logging.
+.wen
+
+
.option hosts_override smtp boolean false
If this option is set and the &%hosts%& option is also set, any hosts that are
.cindex "TLS" "configuring an Exim server"
When Exim has been built with TLS support, it advertises the availability of
the STARTTLS command to client hosts that match &%tls_advertise_hosts%&,
-but not to any others. The default value of this option is unset, which means
-that STARTTLS is not advertised at all. This default is chosen because you
-need to set some other options in order to make TLS available, and also it is
-sensible for systems that want to use TLS only as a client.
+but not to any others. The default value of this option is *, which means
+that STARTTLS is alway advertised. Set it to blank to never advertise;
+this is reasonble for systems that want to use TLS only as a client.
+
+If STARTTLS is to be used you
+need to set some other options in order to make TLS available.
If a client issues a STARTTLS command and there is some configuration
problem in the server, the command is rejected with a 454 error. If the client
need to use this option unless you know that the called hosts make use of the
sender when checking recipients. If used indiscriminately, it reduces the
usefulness of callout caching.
+
+.new
+.vitem &*hold*&
+This option applies to recipient callouts only. For example:
+.code
+require verify = recipient/callout=use_sender,hold
+.endd
+It causes the connection to be helod open and used for any further recipients
+and for eventual delivery (should that be done quickly).
+Doing this saves on TCP and SMTP startup costs, and TLS costs also
+when that is used for the connections.
+The advantage is only gained if there are no callout cache hits
+(which could be enforced by the no_cache option),
+if the use_sender option is used,
+if neither the random nor the use_postmaster option is used,
+and if no other callouts intervene.
+.wen
.endlist
If you use any of the parameters that set a non-empty sender for the MAIL
.endd
If you omit the argument, the default values show above are used.
+.new
+.vitem &%f-prot6d%&
+.cindex "virus scanners" "f-prot6d"
+The f-prot6d scanner is accessed using the FPSCAND protocol over TCP.
+One argument is taken, being a space-separated hostname and port number.
+For example:
+.code
+av_scanner = f-prot6d:localhost 10200
+.endd
+If you omit the argument, the default values show above are used.
+.wen
+
.vitem &%fsecure%&
.cindex "virus scanners" "F-Secure"
The F-Secure daemon scanner (&url(http://www.f-secure.com)) takes one
flagged with &`->`& instead of &`=>`&. When two or more messages are delivered
down a single SMTP connection, an asterisk follows the IP address in the log
lines for the second and subsequent messages.
+.new
+When two or more messages are delivered down a single TLS connection, the
+DNS and some TLS-related information logged for the first message delivered
+will not be present in the log lines for the second and subsequent messages.
+TLS cipher information is still available.
+.wen
.cindex "delivery" "cutthrough; logging"
.cindex "cutthrough" "logging"
.cindex "&'exipick'&"
John Jetmore's &'exipick'& utility is included in the Exim distribution. It
lists messages from the queue according to a variety of criteria. For details
-of &'exipick'&'s facilities, visit the web page at
-&url(http://www.exim.org/eximwiki/ToolExipickManPage) or run &'exipick'& with
+of &'exipick'&'s facilities, run &'exipick'& with
the &%--help%& option.
&`msg:rcpt:host:defer after transport `& per recipient per host
&`msg:rcpt:defer after transport `& per recipient
&`msg:host:defer after transport `& per attempt
-&`msg:fail:delivery after main `& per recipient
+&`msg:fail:delivery after transport `& per recipient
&`msg:fail:internal after main `& per recipient
&`tcp:connect before transport `& per connection
&`tcp:close after transport `& per connection
before or after the action is associates with. Those which fire before
can be used to affect that action (more on this below).
+.new
+The third column in the table above says what section of the configumration
+should define the event action.
+.wen
+
An additional variable, &$event_data$&, is filled with information varying
with the event type:
.display