X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/599fc3c68f5e942c1d662012053ecfc6ea26bd49..43ac2ce5e55c134367e7a6c8eb8d2129df00c770:/doc/doc-docbook/spec.xfpt?ds=sidebyside diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index cf227ccf6..2774f6d4d 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6663,6 +6663,13 @@ If the value of &$sender_host_address$& is 192.168.5.6, expansion of the first &%domains%& setting above generates the second setting, which therefore causes a second lookup to occur. +.new +The lookup type may optionally be followed by a comma +and a comma-separated list of options. +Each option is a &"name=value"& pair. +Whether an option is meaningful depands on the lookup type. +.wen + The rest of this chapter describes the different lookup types that are available. Any of them can be used in any part of the configuration where a lookup is permitted. @@ -6680,6 +6687,13 @@ lookup to succeed. The lookup type determines how the file is searched. .new .cindex "tainted data" "single-key lookups" The file string may not be tainted + +.cindex "tainted data" "de-tainting" +All single-key lookups support the option &"ret=key"&. +If this is given and the lookup +(either underlying implementation or cached value) +returns data, the result is replaced with a non-tainted +version of the lookup key. .wen .next .cindex "query-style lookup" "definition of" @@ -12311,13 +12325,6 @@ contain the trailing slash. If &$config_file$& does not contain a slash, .vindex "&$config_file$&" The name of the main configuration file Exim is using. -.vitem &$dmarc_domain_policy$& &&& - &$dmarc_status$& &&& - &$dmarc_status_text$& &&& - &$dmarc_used_domains$& -Results of DMARC verification. -For details see section &<>&. - .vitem &$dkim_verify_status$& Results of DKIM verification. For details see section &<>&. @@ -12350,6 +12357,13 @@ When a message has been received this variable contains a colon-separated list of signer domains and identities for the message. For details see section &<>&. +.vitem &$dmarc_domain_policy$& &&& + &$dmarc_status$& &&& + &$dmarc_status_text$& &&& + &$dmarc_used_domains$& +Results of DMARC verification. +For details see section &<>&. + .vitem &$dnslist_domain$& &&& &$dnslist_matched$& &&& &$dnslist_text$& &&& @@ -14564,6 +14578,7 @@ listed in more than one group. .row &%percent_hack_domains%& "recognize %-hack for these domains" .row &%spamd_address%& "set interface to SpamAssassin" .row &%strict_acl_vars%& "object to unset ACL variables" +.row &%spf_smtp_comment_template%& "template for &$spf_smtp_comment$&" .endtable @@ -14650,6 +14665,9 @@ See also the &'Policy controls'& section above. .row &%dkim_verify_keytypes%& "DKIM key types accepted for signatures" .row &%dkim_verify_min_keysizes%& "DKIM key sizes accepted for signatures" .row &%dkim_verify_signers%& "DKIM domains for which DKIM ACL is run" +.row &%dmarc_forensic_sender%& "DMARC sender for report messages" +.row &%dmarc_history_file%& "DMARC results log" +.row &%dmarc_tld_file%& "DMARC toplevel domains file" .row &%host_lookup%& "host name looked up for these hosts" .row &%host_lookup_order%& "order of DNS and local name lookups" .row &%recipient_unqualified_hosts%& "may send unqualified recipients" @@ -15454,6 +15472,14 @@ the ACL once for each signature in the message. See section &<>&. +.option dmarc_forensic_sender main string&!! unset +.option dmarc_history_file main string unset +.option dmarc_tld_file main string unset +.cindex DMARC "main section options" +These options control DMARC processing. +See section &<>& for details. + + .option dns_again_means_nonexist main "domain list&!!" unset .cindex "DNS" "&""try again""& response; overriding" DNS lookups give a &"try again"& response for the DNS errors @@ -17736,6 +17762,48 @@ See section &<>& for more details. This option is available when Exim is compiled with SPF support. See section &<>& for more details. +.new +.option spf_smtp_comment_template main string&!! "Please%_see%_http://www.open-spf.org/Why" +This option is available when Exim is compiled with SPF support. It +allows the customisation of the SMTP comment that the SPF library +generates. You are strongly encouraged to link to your own explanative +site. The template must not contain spaces. If you need spaces in the +output, use the proper placeholder. If libspf2 can not parse the +template, it uses a built-in default broken link. The following placeholders +(along with Exim variables (but see below)) are allowed in the template: +.ilist +&*%_*&: A space. +.next +&*%{L}*&: Envelope sender's local part. +.next +&*%{S}*&: Envelope sender. +.next +&*%{O}*&: Envelope sender's domain. +.next +&*%{D}*&: Current(?) domain. +.next +&*%{I}*&: SMTP client Ip. +.next +&*%{C}*&: SMTP client pretty IP. +.next +&*%{T}*&: Epoch time (UTC). +.next +&*%{P}*&: SMTP client domain name. +.next +&*%{V}*&: IP version. +.next +&*%{H}*&: EHLO/HELO domain. +.next +&*%{R}*&: Receiving domain. +.endlist +The capitalized placeholders do proper URL encoding, if you use them +lowercased, no encoding takes place. This list was compiled from the +libspf2 sources. + +A note on using Exim variables: As +currently the SPF library is initialized before the SMTP EHLO phase, +the variables useful for expansion are quite limited. +.wen .option split_spool_directory main boolean false @@ -40975,13 +41043,16 @@ deny spf = fail message = $sender_host_address is not allowed to send mail from \ ${if def:sender_address_domain \ {$sender_address_domain}{$sender_helo_name}}. \ - Please see http://www.open-spf.org/Why?scope=\ - ${if def:sender_address_domain {mfrom}{helo}};\ + Please see http://www.open-spf.org/Why;\ identity=${if def:sender_address_domain \ {$sender_address}{$sender_helo_name}};\ ip=$sender_host_address .endd +Note: The above mentioned URL may not be as helpful as expected. You are +encouraged to replace the link with a link to a site with more +explanations. + When the spf condition has run, it sets up several expansion variables: @@ -41016,8 +41087,13 @@ variables: .vitem &$spf_smtp_comment$& .vindex &$spf_smtp_comment$& +.vindex &%spf_smtp_comment_template%& This contains a string that can be used in a SMTP response to the calling party. Useful for "fail". +.new + The string is generated by the SPF library from the template configured in the main config + option &%spf_smtp_comment_template%&. +.wen .endlist