.set I " "
.macro copyyear
-2019
+2020
.endmacro
. /////////////////////////////////////////////////////////////////////////////
.endd
The third argument is a list of options, of which the first element is the timeout
-and must be present if the argument is given.
+and must be present if any options are given.
Further elements are options of form &'name=value'&.
-Two option types is currently recognised: shutdown and tls.
-The first defines whether (the default)
-or not a shutdown is done on the connection after sending the request.
-Example, to not do so (preferred, eg. by some webservers):
+Example:
.code
${readsocket{/socket/name}{request string}{3s:shutdown=no}}
.endd
-The second, tls, controls the use of TLS on the connection. Example:
-.code
-${readsocket{/socket/name}{request string}{3s:tls=yes}}
-.endd
-The default is to not use TLS.
+
+.new
+The following option names are recognised:
+.ilist
+&*cache*&
+Defines if the result data can be cached for use by a later identical
+request in the same process.
+Values are &"yes"& or &"no"& (the default).
+If not, all cached results for this connection specification
+will be invalidated.
+
+.next
+&*shutdown*&
+Defines whether or not a write-shutdown is done on the connection after
+sending the request. Values are &"yes"& (the default) or &"no"&
+(preferred, eg. by some webservers).
+
+.next
+&*tls*&
+Controls the use of TLS on the connection.
+Values are &"yes"& or &"no"& (the default).
If it is enabled, a shutdown as descripbed above is never done.
+.endlist
+.wen
+
A fourth argument allows you to change any newlines that are in the data
that is read, in the same way as for &%readfile%& (see above). This example
.cindex "tainted data"
If the origin of the data is an incoming message,
the result of expanding this variable is tainted.
-See also &$domain_verified$&.
+When un untainted version is needed, one should be obtained from
+looking up the value in a local (therefore trusted) database.
+Often &$domain_data$& is usable in this role.
.wen
For virtual users, store a suitable pathname component in the database
which is used for account name validation, and use that retrieved value
rather than this variable.
+Often &$local_part_data$& is usable in this role.
If needed, use a router &%address_data%& or &%set%& option for
the retrieved data.
.wen
any prefix or suffix are in &$local_part_prefix$& and
&$local_part_suffix$&, respectively.
.new
+.cindex "tainted data"
If the affix specification included a wildcard then the portion of
the affix matched by the wildcard is in
-&$local_part_prefix_v$& or &$local_part_suffix_v$& as appropriate.
+&$local_part_prefix_v$& or &$local_part_suffix_v$& as appropriate,
+and both the whole and variable values are tainted.
+
+If the specification did not include a wildcard then
+the affix variable value is not tainted.
.wen
When a message is being delivered to a file, pipe, or autoreply transport as a
.table2
.row &%dkim_verify_hashes%& "DKIM hash methods accepted for signatures"
.row &%dkim_verify_keytypes%& "DKIM key types accepted for signatures"
+.row &%dkim_verify_min_keysizes%& "DKIM key sizes accepted for signatures"
.row &%dkim_verify_signers%& "DKIM domains for which DKIM ACL is run"
.row &%host_lookup%& "host name looked up for these hosts"
.row &%host_lookup_order%& "order of DNS and local name lookups"
required, it must come from the &%-oA%& command line option.
-.option bounce_message_file main string unset
+.option bounce_message_file main string&!! unset
.cindex "bounce message" "customizing"
.cindex "customizing" "bounce message"
This option defines a template file containing paragraphs of text to be used
for constructing bounce messages. Details of the file's contents are given in
-chapter &<<CHAPemsgcust>>&. See also &%warn_message_file%&.
+chapter &<<CHAPemsgcust>>&.
+.new
+.cindex bounce_message_file "tainted data"
+The option is expanded to give the file path, which must be
+absolute and untainted.
+.wen
+See also &%warn_message_file%&.
.option bounce_message_text main string unset
and an order of processing.
Signatures with algorithms not in the list will be ignored.
+
+.new
+.option dkim_verify_min_keysizes main "string list" "rsa=1024 ed25519=250"
+This option gives a list of key sizes which are acceptable in signatures.
+The list is keyed by the algorithm type for the key; the values are in bits.
+Signatures with keys smaller than given by this option will fail verification.
+
+The default enforces the RFC 8301 minimum key size for RSA signatures.
+.wen
+
.option dkim_verify_minimal main boolean false
If set to true, verification of signatures will terminate after the
first success.
See &%uucp_from_pattern%& above.
-.option warn_message_file main string unset
+.option warn_message_file main string&!! unset
.cindex "warning of delay" "customizing the message"
.cindex "customizing" "warning message"
This option defines a template file containing paragraphs of text to be used
for constructing the warning message which is sent by Exim when a message has
been in the queue for a specified amount of time, as specified by
&%delay_warning%&. Details of the file's contents are given in chapter
-&<<CHAPemsgcust>>&. See also &%bounce_message_file%&.
+&<<CHAPemsgcust>>&.
+.new
+.cindex warn_message_file "tainted data"
+The option is expanded to give the file path, which must be
+absolute and untainted.
+.wen
+See also &%bounce_message_file%&.
.option write_rejectlog main boolean true
used. For example:
.code
require_files = mail:/some/file
-require_files = $local_part:$home/.procmailrc
+require_files = $local_part_verified:$home/.procmailrc
.endd
If a user or group name in a &%require_files%& list does not exist, the
&%require_files%& condition fails.
# This transport overrides the group
group_delivery:
driver = appendfile
- file = /var/spool/mail/$local_part
+ file = /var/spool/mail/$local_part_verified
group = mail
.endd
If &%user%& is set for a transport, its value overrides what is set in the
way of handling this requirement:
.code
file = ${if eq{$address_file}{inbox} \
- {/var/mail/$local_part} \
+ {/var/mail/$local_part_verified} \
{${if eq{${substr_0_1:$address_file}}{/} \
{$address_file} \
{$home/mail/$address_file} \
path. The most common settings of this option are variations on one of these
examples:
.code
-file = /var/spool/mail/$local_part
-file = /home/$local_part/inbox
+file = /var/spool/mail/$local_part_verified
+file = /home/$local_part_verified/inbox
file = $home/inbox
.endd
.cindex "&""sticky""& bit"
folders. Consider this example:
.code
maildir_format = true
-directory = /var/mail/$local_part\
+directory = /var/mail/$local_part_verified\
${if eq{$local_part_suffix}{}{}\
{/.${substr_1:$local_part_suffix}}}
maildirfolder_create_regex = /\.[^/]+$
check_local_user
driver = redirect
domains = +local_domains
- file = /central/filters/$local_part
+ file = /central/filters/$local_part_verified
no_verify
allow_filter
allow_freeze
lists:
driver = redirect
domains = lists.example
- file = /usr/lists/$local_part
+ file = ${lookup {$local_part} dsearch,ret=full {/usr/lists}}
forbid_pipe
forbid_file
- errors_to = $local_part-request@lists.example
+ errors_to = ${quote_local_part:$local_part-request}@lists.example
no_more
.endd
This router is skipped for domains other than &'lists.example'&. For addresses
driver = redirect
domains = lists.example
local_part_suffix = -request
- file = /usr/lists/$local_part$local_part_suffix
+ local_parts = ${lookup {$local_part} dsearch,filter=file {/usr/lists}}
+ file = /usr/lists/${local_part_data}-request
no_more
lists_post:
domains = lists.example
senders = ${if exists {/usr/lists/$local_part}\
{lsearch;/usr/lists/$local_part}{*}}
- file = /usr/lists/$local_part
+ file = ${lookup {$local_part} dsearch,ret=full {/usr/lists}}
forbid_pipe
forbid_file
- errors_to = $local_part-request@lists.example
+ errors_to = ${quote_local_part:$local_part-request}@lists.example
no_more
lists_closed:
max_rcpt = 1
return_path = \
${if match {$return_path}{^(.+?)-request@your.dom.example\$}\
- {$1-request+$local_part=$domain@your.dom.example}fail}
+ {${quote_local_part:$1-request+$local_part=$domain}@your.dom.example}fail}
.endd
This has the effect of rewriting the return path (envelope sender) on outgoing
SMTP messages, if the local part of the original return path ends in
transport = remote_smtp
errors_to = \
${if match {$return_path}{^(.+?)-request@your.dom.example\$}}
- {$1-request+$local_part=$domain@your.dom.example}fail}
+ {${quote_local_part:$1-request+$local_part=$domain}@your.dom.example}fail}
no_more
.endd
Before you start sending out messages with VERPed return paths, you must also
.code
my_mailboxes:
driver = appendfile
- file = /var/mail/$domain/$local_part
+ file = /var/mail/$domain/$local_part_data
user = mail
.endd
This uses a directory of mailboxes for each domain. The &%user%& setting is
.vitem &%$dkim_key_length%&
Number of bits in the key.
+.new
+Valid only once the key is loaded, which is at the time the header signature
+is verified, which is after the body hash is.
+.wen
Note that RFC 8301 says:
.code
less than 1024 bits as valid signatures.
.endd
-To enforce this you must have a DKIM ACL which checks this variable
-and overwrites the &$dkim_verify_status$& variable as discussed above.
-As EC keys are much smaller, the check should only do this for RSA keys.
+This is enforced by the default setting for the &%dkim_verify_min_keysizes%&
+option.
.endlist
git://git.exim.org / users / heiko / exim.git / blobdiff