X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/46e872abb44a2589488ec47febaf376c89688c1c..96d16729c2267491424478e623a492acaec6b35e:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d62ceafd7..4c79e87cf 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -3885,7 +3885,9 @@ id, and the remaining ones must be email addresses. However, if the message is active (in the middle of a delivery attempt), it is not altered. This option can be used only by an admin user. -.vitem "&%-MC%&&~<&'transport'&>&~<&'hostname'&>&~<&'sequence&~number'&>&&& +.vitem "&%-MC%&&~<&'transport'&>&~<&'hostname'&>&&& + &~<&'host&~IP'&>&&& + &~<&'sequence&~number'&>&&& &~<&'message&~id'&>" .oindex "&%-MC%&" .cindex "SMTP" "passed connection" @@ -13703,7 +13705,11 @@ filter file to set values that can be tested in users' filter files. For example, a system filter could set a value indicating how likely it is that a message is junk mail. -.vitem &$spam_$&&'xxx'& +.vitem &$spam_score$& &&& + &$spam_score_int$& &&& + &$spam_bar$& &&& + &$spam_report$& &&& + &$spam_action$& A number of variables whose names start with &$spam$& are available when Exim is compiled with the content-scanning extension. For details, see section &<>&. @@ -16977,7 +16983,7 @@ not count as protocol errors (see &%smtp_max_synprot_errors%&). .option pipelining_connect_advertise_hosts main "host list&!!" * .cindex "pipelining" "early connection" .cindex "pipelining" PIPE_CONNECT -.cindex "ESMTP extensions" X_PIPE_CONNECT +.cindex "ESMTP extensions" PIPE_CONNECT If Exim is built with the SUPPORT_PIPE_CONNECT build option this option controls which hosts the facility is advertised to and from which pipeline early-connection (before MAIL) SMTP @@ -16986,7 +16992,9 @@ When used, the pipelining saves on roundtrip times. See also the &%hosts_pipe_connect%& smtp transport option. -Currently the option name &"X_PIPE_CONNECT"& is used. +.new +The SMTP service extension keyword advertised is &"PIPE_CONNECT"&. +.wen .option prdr_enable main boolean false @@ -19724,6 +19732,10 @@ Values containing a list-separator should have them doubled. When a router runs, the strings are evaluated in order, to create variables which are added to the set associated with the address. +.new +This is done immediately after all the preconditions, before the +evaluation of the &%address_data%& option. +.wen The variable is set with the expansion of the value. The variables can be used by the router options (not including any preconditions) @@ -27362,7 +27374,7 @@ conditions: .ilist The client host must match &%auth_advertise_hosts%& (default *). .next -It the &%server_advertise_condition%& option is set, its expansion must not +If the &%server_advertise_condition%& option is set, its expansion must not yield the empty string, &"0"&, &"no"&, or &"false"&. .endlist @@ -27470,7 +27482,7 @@ encode '\0user@domain.com\0pas$$word' .endd gives an incorrect answer because of the unescaped &"@"& and &"$"& characters. -If you have the &%mimencode%& command installed, another way to do produce +If you have the &%mimencode%& command installed, another way to produce base64-encoded strings is to run the command .code echo -e -n `\0user\0password' | mimencode @@ -28169,6 +28181,10 @@ supplied by the server. .option server_channelbinding gsasl boolean false Do not set this true and rely on the properties without consulting a cryptographic engineer. +. Unsure what that's about. It might be the "Triple Handshake" +. vulnerability; cf. https://www.mitls.org/pages/attacks/3SHAKE +. If so, we're ok, requiring Extended Master Secret if TLS +. Session Resumption was used. Some authentication mechanisms are able to use external context at both ends of the session to bind the authentication to that context, and fail the @@ -38300,8 +38316,11 @@ parentheses afterwards. When more than one address is included in a single delivery (for example, two SMTP RCPT commands in one transaction) the second and subsequent addresses are flagged with &`->`& instead of &`=>`&. When two or more messages are delivered -down a single SMTP connection, an asterisk follows the IP address in the log -lines for the second and subsequent messages. +down a single SMTP connection, an asterisk follows the +.new +remote IP address (and port if enabled) +.wen +in the log lines for the second and subsequent messages. When two or more messages are delivered down a single TLS connection, the DNS and some TLS-related information logged for the first message delivered will not be present in the log lines for the second and subsequent messages. @@ -38668,6 +38687,7 @@ routing email addresses, but it does apply to &"byname"& lookups. client's ident port times out. .next .cindex "log" "incoming interface" +.cindex "log" "outgoing interface" .cindex "log" "local interface" .cindex "log" "local address and port" .cindex "TCP/IP" "logging local address and port" @@ -38676,7 +38696,10 @@ client's ident port times out. to the &"<="& line as an IP address in square brackets, tagged by I= and followed by a colon and the port number. The local interface and port are also added to other SMTP log lines, for example, &"SMTP connection from"&, to -rejection lines, and (despite the name) to outgoing &"=>"& and &"->"& lines. +rejection lines, and (despite the name) to outgoing +.new +&"=>"&, &"->"&, &"=="& and &"**"& lines. +.wen The latter can be disabled by turning off the &%outgoing_interface%& option. .next .cindex log "incoming proxy address"