X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/26959551d814815c763eef5cee98668a1713089d..6545de78cb822ab5db97a2f16fe7a42cc9488bd8:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 27823a4f1..160410bd3 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1946,6 +1946,36 @@ support has not been tested for some time. +.section "Dynamically loaded lookup module support" "SECTdynamicmodules" +.cindex "lookup modules" +.cindex "dynamic modules" +.cindex ".so building" +On some platforms, Exim supports not compiling all lookup types directly into +the main binary, instead putting some into external modules which can be loaded +on demand. +This permits packagers to build Exim with support for lookups with extensive +library dependencies without requiring all users to install all of those +dependencies. +Most, but not all, lookup types can be built this way. + +Set &`LOOKUP_MODULE_DIR`& to the directory into which the modules will be +installed; Exim will only load modules from that directory, as a security +measure. You will need to set &`CFLAGS_DYNAMIC`& if not already defined +for your OS; see &_OS/Makefile-Linux_& for an example. +Some other requirements for adjusting &`EXTRALIBS`& may also be necessary, +see &_src/EDITME_& for details. + +Then, for each module to be loaded dynamically, define the relevant +&`LOOKUP_`&<&'lookup_type'&> flags to have the value "2" instead of "yes". +For example, this will build in lsearch but load sqlite and mysql support +on demand: +.code +LOOKUP_LSEARCH=yes +LOOKUP_SQLITE=2 +LOOKUP_MYSQL=2 +.endd + + .section "The building process" "SECID29" .cindex "build directory" Once &_Local/Makefile_& (and &_Local/eximon.conf_&, if required) have been @@ -15401,6 +15431,13 @@ are using OpenSSL, you can set &%tls_verify_certificates%& to the name of a directory containing certificate files. This does not work with GnuTLS; the option must be set to the name of a single file if you are using GnuTLS. +These certificates should be for the certificate authorities trusted, rather +than the public cert of individual clients. With both OpenSSL and GnuTLS, if +the value is a file then the certificates are sent by Exim as a server to +connecting clients, defining the list of accepted certificate authorities. +Thus the values defined should be considered public data. To avoid this, +use OpenSSL with a directory. + .option tls_verify_hosts main "host list&!!" unset .cindex "TLS" "client certificate verification" @@ -24966,6 +25003,19 @@ and try again later, but that is their problem, though it does waste some of your resources. +.new +.section "The SMTP DKIM ACL" "SECTDKIMACL" +The &%acl_smtp_dkim%& ACL is available only when Exim is compiled with DKIM support +enabled (which is the default). + +The ACL test specified by &%acl_smtp_dkim%& happens after a message has been +received, and is executed for each DKIM signature found in a message. If not +otherwise specified, the default action is to accept. + +For details on the operation of DKIM, see chapter &<>&. +.wen + + .section "The SMTP MIME ACL" "SECID194" The &%acl_smtp_mime%& option is available only when Exim is compiled with the content-scanning extension. For details, see chapter &<>&. @@ -34195,6 +34245,13 @@ arbitrary program's being run as exim, not as root. +.section "Dynamic module directory" "SECTdynmoddir" +Any dynamically loadable modules must be installed into the directory +defined in &`LOOKUP_MODULE_DIR`& in &_Local/Makefile_& for Exim to permit +loading it. + + + .section "Use of sprintf()" "SECID279" .cindex "&[sprintf()]&" A large number of occurrences of &"sprintf"& in the code are actually calls to