<author><firstname>Exim</firstname><surname>Maintainers</surname></author>
<authorinitials>EM</authorinitials>
<revhistory><revision>
- <revnumber>
-.version
- </revnumber>
- <date>
-.fulldate
- </date>
+.versiondatexml
<authorinitials>EM</authorinitials>
</revision></revhistory>
<copyright><year>
.cindex "&`+include_unknown`&"
.cindex "&`+ignore_unknown`&"
-By default, Exim behaves as if the host does not match the list. This may not
-always be what you want to happen. To change Exim's behaviour, the special
-items &`+include_unknown`& or &`+ignore_unknown`& may appear in the list (at
-top level &-- they are not recognized in an indirected file).
+Exim parses a host list from left to right. If it encounters a permanent
+lookup failure in any item in the host list before it has found a match,
+Exim treats it as a failure and the default behavior is as if the host
+does not match the list. This may not always be what you want to happen.
+To change Exim's behaviour, the special items &`+include_unknown`& or
+&`+ignore_unknown`& may appear in the list (at top level &-- they are
+not recognized in an indirected file).
.ilist
If any item that follows &`+include_unknown`& requires information that
list. The effect of each one lasts until the next, or until the end of the
list.
+To explain the host/ip processing logic a different way for the same ACL:
+
+.ilist
+If you have name lookups or wildcarded host names and
+IP addresses in the same host list, you should normally put the IP
+addresses first. For example, in an ACL you could have:
+.code
+accept hosts = 10.9.8.7 : *.friend.example
+.endd
+The reason you normally would order it this way lies in the
+left-to-right way that Exim processes lists. It can test IP addresses
+without doing any DNS lookups, but when it reaches an item that requires
+a host name, it fails if it cannot find a host name to compare with the
+pattern. If the above list is given in the opposite order, the
+&%accept%& statement fails for a host whose name cannot be found, even
+if its IP address is 10.9.8.7.
+
+.next
+If you really do want to do the name check first, and still recognize the IP
+address, you can rewrite the ACL like this:
+.code
+accept hosts = *.friend.example
+accept hosts = 10.9.8.7
+.endd
+If the first &%accept%& fails, Exim goes on to try the second one. See chapter
+&<<CHAPACL>>& for details of ACLs. Alternatively, you can use
+&`+ignore_unknown`&, which was discussed in depth in the first example in
+this section.
+.endlist
+
+
.section "Temporary DNS errors when looking up host information" &&&
"SECTtemdnserr"
process. However, a trusted user can override this by means of the &%-oMai%&
command line option.
+.vitem &$authenticated_fail_id$&
+.cindex "authentication" "fail" "id"
+.vindex "&$authenticated_fail_id$&"
+When an authentication attempt fails, the variable &$authenticated_fail_id$&
+will contain the failed authentication id. If more than one authentication
+id is attempted, it will contain only the last one. The variable is
+available for processing in the ACL's, generally the quit or notquit ACL.
+A message to a local recipient could still be accepted without requiring
+authentication, which means this variable could also be visible in all of
+the ACL's as well.
. Allow this long option name to split; give it unsplit as a fifth argument
. for the automatic .oindex that is generated by .option.
+. We insert " &~&~" which is both pretty nasty visually and results in
+. non-searchable text. HowItWorks.txt mentions an option for inserting
+. zero-width-space, which would be nicer visually and results in (at least)
+. html that Firefox will split on when it's forced to reflow (rather than
+. inserting a horizontal scrollbar). However, the text is still not
+. searchable. NM changed this occurrence for bug 1197 to no longer allow
+. the option name to split.
.option "smtp_accept_max_per_connection" main integer 1000 &&&
smtp_accept_max_per_connection
various &%-od%&&'x'& command line options.
-. Allow this long option name to split; give it unsplit as a fifth argument
-. for the automatic .oindex that is generated by .option.
+. See the comment on smtp_accept_max_per_connection
-.option "smtp_accept_queue_per_ &~&~connection" main integer 10 &&&
+.option "smtp_accept_queue_per_connection" main integer 10 &&&
smtp_accept_queue_per_connection
.cindex "queueing incoming messages"
.cindex "message" "queueing by message count"
part.
.cindex "regular expressions" "in retry rules"
-&*Warning*&: If you use a regular expression in a routing rule pattern, it
+&*Warning*&: If you use a regular expression in a retry rule pattern, it
must match a complete address, not just a domain, because that is how regular
expressions work in address lists.
.display
expansion is &"1"&, &"yes"&, or &"true"&, authentication succeeds and the
generic &%server_set_id%& option is expanded and saved in &$authenticated_id$&.
For any other result, a temporary error code is returned, with the expanded
-string as the error text.
+string as the error text, and the failed id saved in
+&$authenticated_fail_id$&.
&*Warning*&: If you use a lookup in the expansion to find the user's
password, be sure to make the authentication fail if the user is unknown.
A colon-separated list of names of headers included in the signature.
.vitem &%$dkim_key_testing%&
"1" if the key record has the "testing" flag set, "0" if not.
-.vitem &%$nosubdomains%&
+.vitem &%$dkim_key_nosubdomains%&
"1" if the key record forbids subdomaining, "0" otherwise.
.vitem &%$dkim_key_srvtype%&
Service type (tag s=) from the key record. Defaults to "*" if not specified
git://git.exim.org / users / heiko / exim.git / blobdiff