Add optional authenticated_sender info to A= elements of log lines; bug 1314.

[users/heiko/exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 34518d3c490dd24c43802727da4c8397a13e2be0..6b63062be49440008d5ffc81bfc6e4590ca41d58 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -9923,12 +9923,12 @@ dotted-nibble hexadecimal form.  In both cases, this is the "natural" form
 for DNS.  For example,
 .code
 ${reverse_ip:192.0.2.4}
 for DNS.  For example,
 .code
 ${reverse_ip:192.0.2.4}

-${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.3}
+${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.127}

 .endd
 returns
 .code
 4.2.0.192
 .endd
 returns
 .code
 4.2.0.192

-3.0.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2
+f.7.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2

 .endd
 
 
 .endd
 
 


@@ -24072,6 +24072,12 @@ client_condition = ${if !eq{$tls_out_cipher}{}}
 .endd
 
 
 .endd
 
 

+.option client_set_id authenticators string&!! unset
+When client authentication succeeds, this condition is expanded; the
+result is used in the log lines for outbound messasges.
+Typically it will be the user name used for authentication.
+
+

 .option driver authenticators string unset
 This option must always be set. It specifies which of the available
 authenticators is to be used.
 .option driver authenticators string unset
 This option must always be set. It specifies which of the available
 authenticators is to be used.


@@ -26143,6 +26149,9 @@ before or after the data) correctly &-- they keep the message on their queues
 and try again later, but that is their problem, though it does waste some of
 your resources.
 
 and try again later, but that is their problem, though it does waste some of
 your resources.
 

+The &%acl_smtp_data%& ACL is run after both the &%acl_smtp_dkim%& and
+the &%acl_smtp_mime%& ACLs.
+

 
 .section "The SMTP DKIM ACL" "SECTDKIMACL"
 The &%acl_smtp_dkim%& ACL is available only when Exim is compiled with DKIM support
 
 .section "The SMTP DKIM ACL" "SECTDKIMACL"
 The &%acl_smtp_dkim%& ACL is available only when Exim is compiled with DKIM support


@@ -26152,13 +26161,17 @@ The ACL test specified by &%acl_smtp_dkim%& happens after a message has been
 received, and is executed for each DKIM signature found in a message.  If not
 otherwise specified, the default action is to accept.
 
 received, and is executed for each DKIM signature found in a message.  If not
 otherwise specified, the default action is to accept.
 

-For details on the operation of DKIM, see chapter &<<CHID12>>&.
+This ACL is evaluated before &%acl_smtp_mime%& and &%acl_smtp_data%&.
+
+For details on the operation of DKIM, see chapter &<<CHAPdkim>>&.

 
 
 .section "The SMTP MIME ACL" "SECID194"
 The &%acl_smtp_mime%& option is available only when Exim is compiled with the
 content-scanning extension. For details, see chapter &<<CHAPexiscan>>&.
 
 
 
 .section "The SMTP MIME ACL" "SECID194"
 The &%acl_smtp_mime%& option is available only when Exim is compiled with the
 content-scanning extension. For details, see chapter &<<CHAPexiscan>>&.
 

+This ACL is evaluated after &%acl_smtp_dkim%& but before &%acl_smtp_data%&.
+

 
 .section "The QUIT ACL" "SECTQUITACL"
 .cindex "QUIT, ACL for"
 
 .section "The QUIT ACL" "SECTQUITACL"
 .cindex "QUIT, ACL for"


@@ -27105,7 +27118,7 @@ contexts):
 .cindex "disable DKIM verify"
 .cindex "DKIM" "disable verify"
 This control turns off DKIM verification processing entirely.  For details on
 .cindex "disable DKIM verify"
 .cindex "DKIM" "disable verify"
 This control turns off DKIM verification processing entirely.  For details on

-the operation and configuration of DKIM, see chapter &<<CHID12>>&.
+the operation and configuration of DKIM, see chapter &<<CHAPdkim>>&.

 .wen
 
 
 .wen
 
 


@@ -33636,6 +33649,11 @@ intermediate address(es) exist between the original and the final address, the
 last of these is given in parentheses after the final address. The R and T
 fields record the router and transport that were used to process the address.
 
 last of these is given in parentheses after the final address. The R and T
 fields record the router and transport that were used to process the address.
 

+If SMTP AUTH was used for the delivery there is an additional item A=
+followed by the name of the authenticator that was used.
+If an authenticated identification was set up by the authenticator's &%client_set_id%&
+option, this is logged too, separated by a colon from the authenticator name.
+

 If a shadow transport was run after a successful local delivery, the log line
 for the successful delivery has an item added on the end, of the form
 .display
 If a shadow transport was run after a successful local delivery, the log line
 for the successful delivery has an item added on the end, of the form
 .display


@@ -33749,7 +33767,7 @@ at the end of its processing.
 A summary of the field identifiers that are used in log lines is shown in
 the following table:
 .display
 A summary of the field identifiers that are used in log lines is shown in
 the following table:
 .display

-&`A   `&        authenticator name (and optional id)
+&`A   `&        authenticator name (and optional id and sender)

 &`C   `&        SMTP confirmation on delivery
 &`    `&        command list for &"no mail in SMTP session"&
 &`CV  `&        certificate verification status
 &`C   `&        SMTP confirmation on delivery
 &`    `&        command list for &"no mail in SMTP session"&
 &`CV  `&        certificate verification status


@@ -33866,6 +33884,7 @@ selection marked by asterisks:
 &`*smtp_confirmation          `&  SMTP confirmation on => lines
 &` smtp_connection            `&  SMTP connections
 &` smtp_incomplete_transaction`&  incomplete SMTP transactions
 &`*smtp_confirmation          `&  SMTP confirmation on => lines
 &` smtp_connection            `&  SMTP connections
 &` smtp_incomplete_transaction`&  incomplete SMTP transactions

+&` smtp_mailauth              `&  AUTH argument to MAIL commands

 &` smtp_no_mail               `&  session with no MAIL commands
 &` smtp_protocol_error        `&  SMTP protocol errors
 &` smtp_syntax_error          `&  SMTP syntax errors
 &` smtp_no_mail               `&  session with no MAIL commands
 &` smtp_protocol_error        `&  SMTP protocol errors
 &` smtp_syntax_error          `&  SMTP syntax errors


@@ -34134,6 +34153,11 @@ the last 20 are listed, preceded by &"..."&. However, with the default
 setting of 10 for &%smtp_accep_max_nonmail%&, the connection will in any case
 have been aborted before 20 non-mail commands are processed.
 .next
 setting of 10 for &%smtp_accep_max_nonmail%&, the connection will in any case
 have been aborted before 20 non-mail commands are processed.
 .next

+&%smtp_mailauth%&: A third subfield with the authenticated sender,
+colon-separated, is appended to the A= item for a message arrival or delivery
+log line, if an AUTH argument to the SMTP MAIL command (see &<<SECTauthparamail>>&)
+was accepted or used.
+.next

 .cindex "log" "SMTP protocol error"
 .cindex "SMTP" "logging protocol error"
 &%smtp_protocol_error%&: A log line is written for every SMTP protocol error
 .cindex "log" "SMTP protocol error"
 .cindex "SMTP" "logging protocol error"
 &%smtp_protocol_error%&: A log line is written for every SMTP protocol error


@@ -35993,7 +36017,7 @@ unqualified domain &'foundation'&.
 . ////////////////////////////////////////////////////////////////////////////
 . ////////////////////////////////////////////////////////////////////////////
 
 . ////////////////////////////////////////////////////////////////////////////
 . ////////////////////////////////////////////////////////////////////////////
 

-.chapter "Support for DKIM (DomainKeys Identified Mail)" "CHID12" &&&
+.chapter "Support for DKIM (DomainKeys Identified Mail)" "CHAPdkim" &&&

          "DKIM Support"
 .cindex "DKIM"
 
          "DKIM Support"
 .cindex "DKIM"