X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/258dfd012173250b20520c8fb24329eb8998970a..92beef8b1e1c73348d48edbb5cff37b47c4e2f81:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index aed97644c..8e7cb4d92 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1399,16 +1399,21 @@ If the &%domains%& option is set, the domain of the address must be in the set of domains that it defines. .next .vindex "&$local_part_prefix$&" +.vindex "&$local_part_prefix_v$&" .vindex "&$local_part$&" .vindex "&$local_part_suffix$&" +.vindex "&$local_part_suffix_v$&" .cindex affix "router precondition" If the &%local_parts%& option is set, the local part of the address must be in the set of local parts that it defines. If &%local_part_prefix%& or &%local_part_suffix%& is in use, the prefix or suffix is removed from the local part before this check. If you want to do precondition tests on local parts that include affixes, you can do so by using a &%condition%& option (see below) -that uses the variables &$local_part$&, &$local_part_prefix$&, and -&$local_part_suffix$& as necessary. +.new +that uses the variables &$local_part$&, &$local_part_prefix$&, +&$local_part_prefix_v$&, &$local_part_suffix$& +and &$local_part_suffix_v$& as necessary. +.wen .next .vindex "&$local_user_uid$&" .vindex "&$local_user_gid$&" @@ -3866,6 +3871,14 @@ This option is not intended for use by external callers. It is used internally by Exim in conjunction with the &%-MC%& option. It signifies that the remote host supports the ESMTP &_DSN_& extension. +.new +.vitem &%-MCd%& +.oindex "&%-MCd%&" +This option is not intended for use by external callers. It is used internally +by Exim in conjunction with the &%-d%& option +to pass on an information string on the purpose of the process. +.wen + .vitem &%-MCG%&&~<&'queue&~name'&> .oindex "&%-MCG%&" This option is not intended for use by external callers. It is used internally @@ -6662,6 +6675,10 @@ Two different types of data lookup are implemented: The &'single-key'& type requires the specification of a file in which to look, and a single key to search for. The key must be a non-empty string for the lookup to succeed. The lookup type determines how the file is searched. +.new +.cindex "tainted data" "single-key lookups" +The file string may not be tainted +.wen .next .cindex "query-style lookup" "definition of" The &'query-style'& type accepts a generalized database query. No particular @@ -6753,11 +6770,42 @@ by default, but has an option to omit them (see section &<>&). .next .cindex "lookup" "dsearch" .cindex "dsearch lookup type" -&(dsearch)&: The given file must be a directory; this is searched for an entry -whose name is the key by calling the &[lstat()]& function. The key may not -contain any forward slash characters. If &[lstat()]& succeeds, the result of -the lookup is the name of the entry, which may be a file, directory, -symbolic link, or any other kind of directory entry. An example of how this +&(dsearch)&: The given file must be an +.new +absolute +.wen +directory path; this is searched for an entry +whose name is the key by calling the &[lstat()]& function. +The key may not +contain any forward slash characters. +If &[lstat()]& succeeds then so does the lookup. +.new +.cindex "tainted data" "dsearch result" +The result is regarded as untainted. + +Options for the lookup can be given by appending them after the word "dsearch", +separated by a comma. Options, if present, are a comma-separated list having +each element starting with a tag name and an equals. + +Two options are supported, for the return value and for filtering match +candidates. +The "ret" option requests an alternate result value of +the entire path for the entry. Example: +.code +${lookup {passwd} dsearch,ret=full {/etc}} +.endd +The default result is just the requested entry. +The "filter" option requests that only directory entries of a given type +are matched. The match value is one of "file", "dir" or "subdir" (the latter +not matching "." or ".."). Example: +.code +${lookup {passwd} dsearch,filter=file {/etc}} +.endd +The default matching is for any entry type, including directories +and symlinks. +.wen + +An example of how this lookup can be used to support virtual domains is given in section &<>&. .next @@ -7002,7 +7050,11 @@ passed to a Redis database. See section &<>&. .next .cindex "sqlite lookup type" .cindex "lookup" "sqlite" -&(sqlite)&: The format of the query is a filename followed by an SQL statement +&(sqlite)&: The format of the query is +new +an optional filename +.wen +followed by an SQL statement that is passed to an SQLite database. See section &<>&. .next @@ -7909,6 +7961,11 @@ If any MySQL, PostgreSQL, Oracle, InterBase or Redis lookups are used, the or &%redis_servers%& option (as appropriate) must be set to a colon-separated list of server information. +.oindex &%mysql_servers%& +.oindex &%pgsql_servers%& +.oindex &%oracle_servers%& +.oindex &%ibase_servers%& +.oindex &%redis_servers%& (For MySQL and PostgreSQL, the global option need not be set if all queries contain their own server information &-- see section &<>&.) @@ -7959,12 +8016,14 @@ The &%quote_redis%& expansion operator escapes whitespace and backslash characters with a backslash. .section "Specifying the server in the query" "SECTspeserque" +.new For MySQL, PostgreSQL and Redis lookups (but not currently for Oracle and InterBase), it is possible to specify a list of servers with an individual query. This is -done by starting the query with +done by appending a comma-separated option to the query type: .display -&`servers=`&&'server1:server2:server3:...'&&`;`& .endd +&`,servers=`&&'server1:server2:server3:...'& +.wen Each item in the list may take one of two forms: .olist If it contains no slashes it is assumed to be just a host name. The appropriate @@ -7989,14 +8048,25 @@ mysql_servers = slave1/db/name/pw:\ .endd In an updating lookup, you could then write: .code -${lookup mysql{servers=master; UPDATE ...} } +${lookup mysql,servers=master {UPDATE ...} } .endd That query would then be sent only to the master server. If, on the other hand, the master is not to be used for reading, and so is not present in the global option, you can still update it by a query of this form: .code -${lookup pgsql{servers=master/db/name/pw; UPDATE ...} } +${lookup pgsql,servers=master/db/name/pw {UPDATE ...} } +.endd + +.new +An older syntax places the servers speciification before the qury, +semicolon separated: +.code +${lookup mysql{servers=master; UPDATE ...} } .endd +The new version avoids potential issues with tainted +arguments in the query, for explicit expansion. +&*Note*&: server specifications in list-style lookups are still problematic. +.wen .section "Special MySQL features" "SECID73" @@ -8046,19 +8116,35 @@ affected. .cindex "sqlite lookup type" SQLite is different to the other SQL lookups because a filename is required in addition to the SQL query. An SQLite database is a single file, and there is no -daemon as in the other SQL databases. The interface to Exim requires the name -of the file, as an absolute path, to be given at the start of the query. It is -separated from the query by white space. This means that the path name cannot -contain white space. Here is a lookup expansion example: +daemon as in the other SQL databases. + +.new +.oindex &%sqlite_dbfile%& +The preferred way of specifying the file is by using the +&%sqlite_dbfile%& option, set to +an absolute path. +.wen +A deprecated method is available, prefixing the query with the filename +separated by white space. +This means that the path name cannot contain white space. +.cindex "tainted data" "sqlite file" +It also means that the query cannot use any tainted values, as that taints +the entire query including the filename - resulting in a refusal to open +the file. + +.new +Here is a lookup expansion example: .code -${lookup sqlite {/some/thing/sqlitedb \ - select name from aliases where id='userx';}} +sqlite_dbfile = /some/thing/sqlitedb +... +${lookup sqlite {select name from aliases where id='userx';}} .endd In a list, the syntax is similar. For example: .code -domainlist relay_to_domains = sqlite;/some/thing/sqlitedb \ +domainlist relay_to_domains = sqlite;\ select * from relays where ip='$sender_host_address'; .endd +.wen The only character affected by the &%quote_sqlite%& operator is a single quote, which it doubles. @@ -8546,6 +8632,14 @@ whether or not the query succeeds. However, when a lookup is used for the &%domains%& option on a router, the data is preserved in the &$domain_data$& variable and can be referred to in other options. .next +.new +If the pattern starts with the name of a lookup type +of either kind (single-key or query-style) it may be +followed by a command and options, +The options are lookup-type specific and consist of a comma-separated list. +Each item starts with a tag and and equals "=". +.wen +.next .cindex "domain list" "matching literal domain name" If none of the above cases apply, a caseless textual comparison is made between the pattern and the domain. @@ -12447,12 +12541,19 @@ the retrieved data. .wen .vindex "&$local_part_prefix$&" +.vindex "&$local_part_prefix_v$&" .vindex "&$local_part_suffix$&" +.vindex "&$local_part_suffix_v$&" .cindex affix variables If a local part prefix or suffix has been recognized, it is not included in the value of &$local_part$& during routing and subsequent delivery. The values of any prefix or suffix are in &$local_part_prefix$& and &$local_part_suffix$&, respectively. +.new +If the affix specification included a wildcard then the portion of +the affix matched by the wildcard is in +&$local_part_prefix_v$& or &$local_part_suffix_v$& as appropriate. +.wen When a message is being delivered to a file, pipe, or autoreply transport as a result of aliasing or forwarding, &$local_part$& is set to the local part of @@ -12506,12 +12607,26 @@ When an address is being routed or delivered, and a specific prefix for the local part was recognized, it is available in this variable, having been removed from &$local_part$&. +.new +.vitem &$local_part_prefix_v$& +.vindex "&$local_part_prefix_v$&" +When &$local_part_prefix$& is valid and the prefix match used a wildcard, +the portion matching the wildcard is available in this variable. +.wen + .vitem &$local_part_suffix$& .vindex "&$local_part_suffix$&" When an address is being routed or delivered, and a specific suffix for the local part was recognized, it is available in this variable, having been removed from &$local_part$&. +.new +.vitem &$local_part_suffix_v$& +.vindex "&$local_part_suffix_v$&" +When &$local_part_suffix$& is valid and the suffix match used a wildcard, +the portion matching the wildcard is available in this variable. +.wen + .new .vitem &$local_part_verified$& .vindex "&$local_part_verified$&" @@ -12854,6 +12969,13 @@ or if not set, the value of &$qualify_domain$&. .cindex queues named The name of the spool queue in use; empty for the default queue. +.vitem &$queue_size$& +.vindex "&$queue_size$&" +.cindex "queue" "size of" +.cindex "spool" "number of messages" +This variable contains the number of messages queued. +It is evaluated on demand, but no more often than once every minute. + .vitem &$r_...$& .vindex &$r_...$& .cindex router variables @@ -14276,6 +14398,7 @@ listed in more than one group. .row &%daemon_startup_sleep%& "time to sleep between tries" .row &%extra_local_interfaces%& "not necessarily listened on" .row &%local_interfaces%& "on which to listen, with optional ports" +.row &%notifier_socket%& "override compiled-in value" .row &%pid_file_path%& "override compiled-in value" .row &%queue_run_max%& "maximum simultaneous queue runners" .endtable @@ -16349,6 +16472,24 @@ harm. This option overrides the &%pipe_as_creator%& option of the &(pipe)& transport driver. +.new +.option notifier_socket main string "$spool_directory/exim_daemon_notify" +This option gives the name for a unix-domain socket on which the daemon +listens for work and information-requests. +Only installations running multiple daemons sharing a spool directory +should need to modify the default. + +The option is expanded before use. +If the platform supports Linux-style abstract socket names, the result +is used with a nul byte prefixed. +Otherwise, it should be a full path name and use a directory accessible +to Exim. + +If the Exim command line uses a &%-oX%& option and does not use &%-oP%& +then a notifier socket is not created. +.wen + + .option openssl_options main "string list" "+no_sslv2 +no_sslv3 +single_dh_use +no_ticket +no_renegotiation" .cindex "OpenSSL "compatibility options" This option allows an administrator to adjust the SSL options applied @@ -17274,6 +17415,13 @@ example: smtp_etrn_command = /etc/etrn_command $domain \ $sender_host_address .endd +.new +If the option is not set, the argument for the ETRN command must +be a &'#'& followed by an address string. +In this case an &'exim -R '& command is used; +if the ETRN ACL has set up a named-queue then &'-MCG '& is appended. +.wen + A new process is created to run the command, but Exim does not wait for it to complete. Consequently, its status cannot be checked. If the command cannot be run, a line is written to the panic log, but the ETRN caller still receives @@ -18655,8 +18803,10 @@ This option specifies a list of text headers, colon-separated (by default, changeable in the usual way &<>&), that is associated with any addresses that are accepted by the router. However, the option has no effect when an address is just being verified. -Each list item is separately expanded, at routing time. -If an item ends in *, it will match any header with the same prefix. +Each list item is separately expanded, at transport time. +.new +If an item ends in *, it will match any header with the given prefix. +.wen The way in which the text is used to remove header lines at transport time is described in section &<>&. Header lines are not actually removed until @@ -18664,7 +18814,7 @@ the message is in the process of being transported. This means that references to header lines in string expansions in the transport's configuration still &"see"& the original header lines. -The &%headers_remove%& option is expanded after &%errors_to%& and +The &%headers_remove%& option is handled after &%errors_to%& and &%headers_add%&, but before &%transport%&. If an item expansion is forced to fail, the item has no effect. Other expansion failures are treated as configuration errors. @@ -18769,6 +18919,12 @@ command for LMTP, SMTP, and BSMTP deliveries has the prefix removed by default. This behaviour can be overridden by setting &%rcpt_include_affixes%& true on the relevant transport. +.new +.vindex &$local_part_prefix_v$& +If wildcarding (above) was used then the part of the prefix matching the +wildcard is available in &$local_part_prefix_v$&. +.wen + When an address is being verified, &%local_part_prefix%& affects only the behaviour of the router. If the callout feature of verification is in use, this means that the full address, including the prefix, will be used during the @@ -20107,8 +20263,10 @@ semicolon is the default route list separator. .section "Format of one host item" "SECTformatonehostitem" -Each item in the list of hosts is either a host name or an IP address, -optionally with an attached port number. When no port is given, an IP address +Each item in the list of hosts can be either a host name or an IP address, +optionally with an attached port number, or it can be a single "+" +(see &%hosts_randomize%&). +When no port is given, an IP address is not enclosed in brackets. When a port is specified, it overrides the port specification on the transport. The port is separated from the name or address by a colon. This leads to some complications: @@ -21843,15 +22001,21 @@ checked, since this option does not automatically suppress them. .option headers_remove transports list&!! unset .cindex "header lines" "removing" .cindex "transport" "header lines; removing" -This option specifies a list of header names, -colon-separated (by default, changeable in the usual way &<>&); -these headers are omitted from the message as it is transported, as described -in section &<>&. Header removal can also be specified by -routers. +This option specifies a list of text headers, +colon-separated (by default, changeable in the usual way &<>&), +to be removed from the message. +However, the option has no effect when an address is just being verified. Each list item is separately expanded. If the result of the expansion is an empty string, or if the expansion is forced to fail, no action is taken. Other expansion failures are treated as errors and cause the delivery to be deferred. +.new +If an item ends in *, it will match any header with the given prefix. +.wen + +Matching headers are omitted from the message as it is transported, as described +in section &<>&. Header removal can also be specified by +routers. Unlike most options, &%headers_remove%& can be specified multiple times for a transport; all listed headers are removed. @@ -30143,7 +30307,7 @@ in several different ways. For example: It can be at the end of an &%accept%& statement: .code accept ...some conditions - control = queue_only + control = queue .endd In this case, the control is applied when this statement yields &"accept"&, in other words, when the conditions are all true. @@ -30152,7 +30316,7 @@ other words, when the conditions are all true. It can be in the middle of an &%accept%& statement: .code accept ...some conditions... - control = queue_only + control = queue ...some more conditions... .endd If the first set of conditions are true, the control is applied, even if the @@ -33650,13 +33814,22 @@ The following list describes all expansion variables that are available in the MIME ACL: .vlist +.vitem &$mime_anomaly_level$& &&& + &$mime_anomaly_text$& +.vindex &$mime_anomaly_level$& +.vindex &$mime_anomaly_text$& +If there are problems decoding, these variables contain information on +the detected issue. + .vitem &$mime_boundary$& -If the current part is a multipart (see &$mime_is_multipart$&) below, it should +.vindex &$mime_boundary$& +If the current part is a multipart (see &$mime_is_multipart$& below), it should have a boundary string, which is stored in this variable. If the current part has no boundary parameter in the &'Content-Type:'& header, this variable contains the empty string. .vitem &$mime_charset$& +.vindex &$mime_charset$& This variable contains the character set identifier, if one was found in the &'Content-Type:'& header. Examples for charset identifiers are: .code @@ -33668,31 +33841,37 @@ Please note that this value is not normalized, so you should do matches case-insensitively. .vitem &$mime_content_description$& +.vindex &$mime_content_description$& This variable contains the normalized content of the &'Content-Description:'& header. It can contain a human-readable description of the parts content. Some implementations repeat the filename for attachments here, but they are usually only used for display purposes. .vitem &$mime_content_disposition$& +.vindex &$mime_content_disposition$& This variable contains the normalized content of the &'Content-Disposition:'& header. You can expect strings like &"attachment"& or &"inline"& here. .vitem &$mime_content_id$& +.vindex &$mime_content_id$& This variable contains the normalized content of the &'Content-ID:'& header. This is a unique ID that can be used to reference a part from another part. .vitem &$mime_content_size$& +.vindex &$mime_content_size$& This variable is set only after the &%decode%& modifier (see above) has been successfully run. It contains the size of the decoded part in kilobytes. The size is always rounded up to full kilobytes, so only a completely empty part has a &$mime_content_size$& of zero. .vitem &$mime_content_transfer_encoding$& +.vindex &$mime_content_transfer_encoding$& This variable contains the normalized content of the &'Content-transfer-encoding:'& header. This is a symbolic name for an encoding type. Typical values are &"base64"& and &"quoted-printable"&. .vitem &$mime_content_type$& +.vindex &$mime_content_type$& If the MIME part has a &'Content-Type:'& header, this variable contains its value, lowercased, and without any options (like &"name"& or &"charset"&). Here are some examples of popular MIME types, as they may appear in this variable: @@ -33707,6 +33886,7 @@ If the MIME part has no &'Content-Type:'& header, this variable contains the empty string. .vitem &$mime_decoded_filename$& +.vindex &$mime_decoded_filename$& This variable is set only after the &%decode%& modifier (see above) has been successfully run. It contains the full path and filename of the file containing the decoded data. @@ -33715,6 +33895,7 @@ containing the decoded data. .cindex "RFC 2047" .vlist .vitem &$mime_filename$& +.vindex &$mime_filename$& This is perhaps the most important of the MIME variables. It contains a proposed filename for an attachment, if one was found in either the &'Content-Type:'& or &'Content-Disposition:'& headers. The filename will be @@ -33725,6 +33906,7 @@ decoded, but no additional sanity checks are done. found, this variable contains the empty string. .vitem &$mime_is_coverletter$& +.vindex &$mime_is_coverletter$& This variable attempts to differentiate the &"cover letter"& of an e-mail from attached data. It can be used to clamp down on flashy or unnecessarily encoded content in the cover letter, while not restricting attachments at all. @@ -33757,18 +33939,22 @@ deny message = HTML mail is not accepted here condition = $mime_is_coverletter condition = ${if eq{$mime_content_type}{text/html}{1}{0}} .endd + .vitem &$mime_is_multipart$& +.vindex &$mime_is_multipart$& This variable has the value 1 (true) when the current part has the main type &"multipart"&, for example, &"multipart/alternative"& or &"multipart/mixed"&. Since multipart entities only serve as containers for other parts, you may not want to carry out specific actions on them. .vitem &$mime_is_rfc822$& +.vindex &$mime_is_rfc822$& This variable has the value 1 (true) if the current part is not a part of the checked message itself, but part of an attached message. Attached message decoding is fully recursive. .vitem &$mime_part_count$& +.vindex &$mime_part_count$& This variable is a counter that is raised for each processed MIME part. It starts at zero for the very first part (which is usually a multipart). The counter is per-message, so it is reset when processing RFC822 attachments (see @@ -33899,13 +34085,14 @@ in &_Local/Makefile_& (see section &<>& below). .cindex &%dlfunc%& "API description" You must include this line near the start of your code: .code +#define LOCAL_SCAN #include "local_scan.h" .endd This header file defines a number of variables and other values, and the prototype for the function itself. Exim is coded to use unsigned char values almost exclusively, and one of the things this header defines is a shorthand for &`unsigned char`& called &`uschar`&. -It also contains the following macro definitions, to simplify casting character +It also makes available the following macro definitions, to simplify casting character strings and pointers to character strings: .code #define CS (char *) @@ -36673,12 +36860,18 @@ to a router of this form: virtual: driver = redirect domains = dsearch;/etc/mail/virtual - data = ${lookup{$local_part}lsearch{/etc/mail/virtual/$domain}} + data = ${lookup{$local_part}lsearch{/etc/mail/virtual/$domain_data}} no_more .endd +.new The &%domains%& option specifies that the router is to be skipped, unless there is a file in the &_/etc/mail/virtual_& directory whose name is the same as the -domain that is being processed. When the router runs, it looks up the local +domain that is being processed. +The &(dsearch)& lookup used results in an untainted version of &$domain$& +being placed into the &$domain_data$& variable. +.wen + +When the router runs, it looks up the local part in the file to find a new address (or list of addresses). The &%no_more%& setting ensures that if the lookup fails (leading to &%data%& being an empty string), Exim gives up on the address without trying any subsequent routers. @@ -40159,6 +40352,8 @@ To generate keys under OpenSSL: openssl genrsa -out dkim_rsa.private 2048 openssl rsa -in dkim_rsa.private -out /dev/stdout -pubout -outform PEM .endd +The result file from the first command should be retained, and +this option set to use it. Take the base-64 lines from the output of the second command, concatenated, for the DNS TXT record. See section 3.6 of RFC6376 for the record specification.