X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/71b32d412ac4792ca5e8d4a697afddb46c407bd9..6851a9c5760767525e7586051c42be49342ed0f0:/doc/doc-docbook/spec.xfpt?ds=sidebyside diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index be93cf670..ca5b2ea29 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -3869,12 +3869,12 @@ by Exim in conjunction with the &%-MC%& option, and passes on the fact that the host to which Exim is connected supports TLS encryption. .new -.vitem &%-MCt%&&~<&'IP&~address'&>&~<&'port'&> +.vitem &%-MCt%&&~<&'IP&~address'&>&~<&'port'&>&~<&'cipher'&> .oindex "&%-MCt%&" This option is not intended for use by external callers. It is used internally by Exim in conjunction with the &%-MC%& option, and passes on the fact that the connection is being proxied by a parent process for handling TLS encryption. -The pair of arguments give the local address and port being proxied. +The arguments give the local address and port being proxied, and the TLS cipher. .wen .vitem &%-Mc%&&~<&'message&~id'&>&~<&'message&~id'&>&~... @@ -11042,9 +11042,14 @@ colon-separated components are permitted, each containing from one to four hexadecimal digits. There may be fewer than eight components if an empty component (adjacent colons) is present. Only one empty component is permitted. -&*Note*&: The checks are just on the form of the address; actual numerical -values are not considered. Thus, for example, 999.999.999.999 passes the IPv4 -check. The main use of these tests is to distinguish between IP addresses and +.new +&*Note*&: The checks used to be just on the form of the address; actual numerical +values were not considered. Thus, for example, 999.999.999.999 passed the IPv4 +check. +This is no longer the case. +.wen + +The main use of these tests is to distinguish between IP addresses and host names, or between IPv4 and IPv6 addresses. For example, you could use .code ${if isip4{$sender_host_address}... @@ -30903,6 +30908,23 @@ command when performing the callout, instead of an empty address. There is no need to use this option unless you know that the called hosts make use of the sender when checking recipients. If used indiscriminately, it reduces the usefulness of callout caching. + +.new +.vitem &*hold*& +This option applies to recipient callouts only. For example: +.code +require verify = recipient/callout=use_sender,hold +.endd +It causes the connection to be helod open and used for any further recipients +and for eventual delivery (should that be done quickly). +Doing this saves on TCP and SMTP startup costs, and TLS costs also +when that is used for the connections. +The advantage is only gained if there are no callout cache hits +(which could be enforced by the no_cache option), +if the use_sender option is used, +if neither the random nor the use_postmaster option is used, +and if no other callouts intervene. +.wen .endlist If you use any of the parameters that set a non-empty sender for the MAIL @@ -35769,9 +35791,9 @@ down a single SMTP connection, an asterisk follows the IP address in the log lines for the second and subsequent messages. .new When two or more messages are delivered down a single TLS connection, the -TLS-related information logged for the first message delivered -(which may not be the earliest line in the log) +DNS and some TLS-related information logged for the first message delivered will not be present in the log lines for the second and subsequent messages. +TLS cipher information is still available. .wen .cindex "delivery" "cutthrough; logging"