X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/44649fdb169979af3c5a08b10889d1ecee48a469..eea58ada63dde3265728daccc037d3a376b25f45:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 3542557c4..afc15d433 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -4221,6 +4221,20 @@ option sets the IP interface address value. A port number may be included, using the same syntax as for &%-oMa%&. The interface address is placed in &$received_ip_address$& and the port number, if present, in &$received_port$&. +.vitem &%-oMm%&&~<&'message&~reference'&> +.oindex "&%-oMm%&" +.cindex "message reference" "message reference, specifying for local message" +See &%-oMa%& above for general remarks about the &%-oM%& options. The &%-oMm%& +option sets the message reference, e.g. message-id, and is logged during +delivery. This is useful when some kind of audit trail is required to tie +messages together. The format of the message reference is checked and will +abort if the format is invalid. The option will only be accepted if exim is +running in trusted mode, not as any regular user. + +The best example of a message reference is when Exim sends a bounce message. +The message reference is the message-id of the original message for which Exim +is sending the bounce. + .vitem &%-oMr%&&~<&'protocol&~name'&> .oindex "&%-oMr%&" .cindex "protocol, specifying for local message" @@ -6959,11 +6973,16 @@ The data from each lookup is concatenated, with newline separators by default, in the same way that multiple DNS records for a single item are handled. A different separator can be specified, as described above. +Modifiers for &(dnsdb)& lookups are givien by optional keywords, +each followed by a comma, +that may appear before the record type. + The &(dnsdb)& lookup fails only if all the DNS lookups fail. If there is a temporary DNS error for any of them, the behaviour is controlled by -an optional keyword followed by a comma that may appear before the record -type. The possible keywords are &"defer_strict"&, &"defer_never"&, and -&"defer_lax"&. With &"strict"& behaviour, any temporary DNS error causes the +a defer-option modifier. +The possible keywords are +&"defer_strict"&, &"defer_never"&, and &"defer_lax"&. +With &"strict"& behaviour, any temporary DNS error causes the whole lookup to defer. With &"never"& behaviour, a temporary DNS error is ignored, and the behaviour is as if the DNS lookup failed to find anything. With &"lax"& behaviour, all the queries are attempted, but a temporary DNS @@ -6976,6 +6995,21 @@ ${lookup dnsdb{a=one.host.com:two.host.com}} Thus, in the default case, as long as at least one of the DNS lookups yields some data, the lookup succeeds. +.new +.cindex "DNSSEC" "dns lookup" +Use of &(DNSSEC)& is controlled by a dnssec modifier. +The possible keywords are +&"dnssec_strict"&, &"dnssec_lax"&, and &"dnssec_never"&. +With &"strict"& or &"lax"& DNSSEC information is requested +with the lookup. +With &"strict"& a response from the DNS resolver that +is not labelled as authenticated data +is treated as equivalent to a temporary DNS error. +The default is &"never"&. + +See also the &$lookup_dnssec_authenticated$& variable. +.wen + @@ -7198,6 +7232,9 @@ them. The following names are recognized: &`USER `& set the DN, for authenticating the LDAP bind &`PASS `& set the password, likewise &`REFERRALS `& set the referrals parameter +.new +&`SERVERS `& set alternate server list for this query only +.wen &`SIZE `& set the limit for the number of entries returned &`TIME `& set the maximum waiting time for a query .endd @@ -7219,6 +7256,15 @@ Netscape SDK; for OpenLDAP no action is taken. The TIME parameter (also a number of seconds) is passed to the server to set a server-side limit on the time taken to complete a search. +.new +The SERVERS parameter allows you to specify an alternate list of ldap servers +to use for an individual lookup. The global ldap_servers option provides a +default list of ldap servers, and a single lookup can specify a single ldap +server to use. But when you need to do a lookup with a list of servers that is +different than the default list (maybe different order, maybe a completely +different set of servers), the SERVERS parameter allows you to specify this +alternate list. +.wen Here is an example of an LDAP query in an Exim lookup that uses some of these values. This is a single line, folded to fit on the page: @@ -11421,6 +11467,16 @@ ability to find the amount of free space (only true for experimental systems), the space value is -1. See also the &%check_log_space%& option. +.new +.vitem &$lookup_dnssec_authenticated$& +.vindex "&$lookup_dnssec_authenticated$&" +This variable is set after a DNS lookup done by +a dnsdb lookup expansion, dnslookup router or smtp transport. +It will be empty if &(DNSSEC)& was not requested, +&"no"& if the result was not labelled as authenticated data +and &"yes"& if it was. +.wen + .vitem &$mailstore_basename$& .vindex "&$mailstore_basename$&" This variable is set only when doing deliveries in &"mailstore"& format in the @@ -17622,6 +17678,7 @@ when there is a DNS lookup error. +.new .option dnssec_request_domains dnslookup "domain list&!!" unset .cindex "MX record" "security" .cindex "DNSSEC" "MX lookup" @@ -17630,9 +17687,11 @@ when there is a DNS lookup error. DNS lookups for domains matching &%dnssec_request_domains%& will be done with the dnssec request bit set. This applies to all of the SRV, MX A6, AAAA, A lookup sequence. +.wen +.new .option dnssec_require_domains dnslookup "domain list&!!" unset .cindex "MX record" "security" .cindex "DNSSEC" "MX lookup" @@ -17642,6 +17701,7 @@ DNS lookups for domains matching &%dnssec_request_domains%& will be done with the dnssec request bit set. Any returns not having the Authenticated Data bit (AD bit) set wil be ignored and logged as a host-lookup failure. This applies to all of the SRV, MX A6, AAAA, A lookup sequence. +.wen @@ -22548,6 +22608,33 @@ See the &%search_parents%& option in chapter &<>& for more details. +.new +.option dnssec_request_domains smtp "domain list&!!" unset +.cindex "MX record" "security" +.cindex "DNSSEC" "MX lookup" +.cindex "security" "MX lookup" +.cindex "DNS" "DNSSEC" +DNS lookups for domains matching &%dnssec_request_domains%& will be done with +the dnssec request bit set. +This applies to all of the SRV, MX A6, AAAA, A lookup sequence. +.wen + + + +.new +.option dnssec_require_domains smtp "domain list&!!" unset +.cindex "MX record" "security" +.cindex "DNSSEC" "MX lookup" +.cindex "security" "MX lookup" +.cindex "DNS" "DNSSEC" +DNS lookups for domains matching &%dnssec_request_domains%& will be done with +the dnssec request bit set. Any returns not having the Authenticated Data bit +(AD bit) set wil be ignored and logged as a host-lookup failure. +This applies to all of the SRV, MX A6, AAAA, A lookup sequence. +.wen + + + .option dscp smtp string&!! unset .cindex "DCSP" "outbound" This option causes the DSCP value associated with a socket to be set to one @@ -34659,7 +34746,11 @@ exim -bpu or (in case &*-a*& switch is specified) .code exim -bp -.endd +.endd +.new +The &*-C*& option is used to specify an alternate &_exim.conf_& which might +contain alternate exim configuration the queue management might be using. +.wen to obtain a queue listing, and then greps the output to select messages that match given criteria. The following selection options are available: