X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/82d14d6a7ecbaf515d7feb30c351c92a4b429f43..055e2cb463e4e4adf2d9292a50ac274938f9a5ac:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 69a810c0c..44417ca71 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6060,7 +6060,7 @@ address_pipe: .endd This transport is used for handling deliveries to pipes that are generated by redirection (aliasing or users' &_.forward_& files). The &%return_output%& -option specifies that any output on stdout or stderr generated by the pipe is to +option specifies that any output on stdout or stderr generated by the pipe is to be returned to the sender. .code address_file: @@ -9264,10 +9264,11 @@ by earlier ACLs are visible. Upper case and lower case letters are synonymous in header names. If the following character is white space, the terminating colon may be omitted, but this is not recommended, because you may then forget it when it is needed. When -white space terminates the header name, it is included in the expanded string. -If the message does not contain the given header, the expansion item is -replaced by an empty string. (See the &%def%& condition in section -&<>& for a means of testing for the existence of a header.) +white space terminates the header name, this white space is included in the +expanded string. If the message does not contain the given header, the +expansion item is replaced by an empty string. (See the &%def%& condition in +section &<>& for a means of testing for the existence of a +header.) If there is more than one header with the same name, they are all concatenated to form the substitution string, up to a maximum length of 64K. Unless @@ -11109,7 +11110,8 @@ support for TLS or the content scanning extension. When a &%match%& expansion condition succeeds, these variables contain the captured substrings identified by the regular expression during subsequent processing of the success string of the containing &%if%& expansion item. -However, they do not retain their values afterwards; in fact, their previous +In the expansion condition case +they do not retain their values afterwards; in fact, their previous values are restored at the end of processing an &%if%& item. The numerical variables may also be set externally by some other matching process which precedes the expansion of the string. For example, the commands available in @@ -11317,9 +11319,11 @@ not the same as the user id of the originator of a message (see &$originator_uid$&). If Exim re-execs itself, this variable in the new incarnation normally contains the Exim uid. -.vitem &$compile_date$& -.vindex "&$compile_date$&" -The date on which the Exim binary was compiled. +.vitem &$callout_address$& +.vitem &$callout_address$& +.vindex "&$callout_address$&" +After a callout for verification, spamd or malware daemon service, the +address that was connected to. .vitem &$compile_number$& .vindex "&$compile_number$&" @@ -12156,6 +12160,12 @@ increases for each accepted recipient. It can be referenced in an ACL. This variable is set to contain the matching regular expression after a &%regex%& ACL condition has matched (see section &<>&). +.vitem "&$regex1$&, &$regex2$&, etc" +.cindex "regex submatch variables (&$1regex$& &$2regex$& etc)" +When a &%regex%& or &%mime_regex%& ACL condition succeeds, +these variables contain the +captured substrings identified by the regular expression. + .vitem &$reply_address$& .vindex "&$reply_address$&" @@ -14459,7 +14469,7 @@ routing, but which are not used for listening by the daemon. See section . Allow this long option name to split; give it unsplit as a fifth argument . for the automatic .oindex that is generated by .option. -.option "extract_addresses_remove_ &~&~arguments" main boolean true &&& +.option "extract_addresses_remove_arguments" main boolean true &&& extract_addresses_remove_arguments .oindex "&%-t%&" .cindex "command line" "addresses with &%-t%&" @@ -22698,7 +22708,7 @@ See the &%timeout_defer%& option for how timeouts are handled. .cindex "&(pipe)& transport" "logging output" If this option is set, and the status returned by the command is one of the codes listed in &%temp_errors%& (that is, delivery was deferred), -and any output was produced on stdout or stderr, the first line of it is +and any output was produced on stdout or stderr, the first line of it is written to the main log. @@ -29036,7 +29046,8 @@ This condition is relevant only in an ACL that is run after a message has been received, that is, in an ACL specified by &%acl_smtp_data%& or &%acl_not_smtp%&. It checks the syntax of all header lines that can contain lists of addresses (&'Sender:'&, &'From:'&, &'Reply-To:'&, &'To:'&, &'Cc:'&, -and &'Bcc:'&). Unqualified addresses (local parts without domains) are +and &'Bcc:'&), returning true if there are no problems. +Unqualified addresses (local parts without domains) are permitted only in locally generated messages and from hosts that match &%sender_unqualified_hosts%& or &%recipient_unqualified_hosts%&, as appropriate. @@ -30953,6 +30964,10 @@ malware = * / defer_ok / tmo=10s .endd A timeout causes the ACL to defer. +.vindex "&$callout_address$&" +When a connection is made to the scanner the expansion variable &$callout_address$& +is set to record the actual address used. + .vindex "&$malware_name$&" When a virus is found, the condition sets up an expansion variable called &$malware_name$& that contains the name of the virus. You can use it in a @@ -31103,6 +31118,10 @@ a dollar sign. In this case, the expansion may return a string that is used as the list so that multiple spamd servers can be the result of an expansion. +.vindex "&$callout_address$&" +When a connection is made to the server the expansion variable &$callout_address$& +is set to record the actual address used. + .section "Calling SpamAssassin from an Exim ACL" "SECID206" Here is a simple example of the use of the &%spam%& condition in a DATA ACL: .code @@ -31461,6 +31480,8 @@ deny message = contains blacklisted regex ($regex_match_string) The conditions returns true if any one of the regular expressions matches. The &$regex_match_string$& expansion variable is then set up and contains the matching regular expression. +The expansion variables &$regex1$& &$regex2$& etc +are set to any substrings captured by the regular expression. &*Warning*&: With large messages, these conditions can be fairly CPU-intensive. @@ -35313,6 +35334,9 @@ selection marked by asterisks: &` incoming_interface `& local interface on <= and => lines &` incoming_port `& remote port on <= lines &`*lost_incoming_connection `& as it says (includes timeouts) +.new +&` outgoing_interface `& local interface on => lines +.wen &` outgoing_port `& add remote port to => lines &`*queue_run `& start and end queue runs &` queue_time `& time on queue for one recipient @@ -35438,9 +35462,11 @@ client's ident port times out. &%incoming_interface%&: The interface on which a message was received is added to the &"<="& line as an IP address in square brackets, tagged by I= and followed by a colon and the port number. The local interface and port are also -added to other SMTP log lines, for example &"SMTP connection from"& and to -rejection lines -and (despite the name) the local interface is added to &"=>"& lines.. +added to other SMTP log lines, for example &"SMTP connection from"&, to +rejection lines, and (despite the name) to outgoing &"=>"& and &"->"& lines. +.new +The latter can be disabled by turning off the &%outgoing_interface%& option. +.wen .next .cindex "log" "incoming remote port" .cindex "port" "logging remote" @@ -35458,13 +35484,30 @@ important with the widening use of NAT (see RFC 2505). &%lost_incoming_connection%&: A log line is written when an incoming SMTP connection is unexpectedly dropped. .next +.cindex "log" "outgoing interface" +.cindex "log" "local interface" +.cindex "log" "local address and port" +.cindex "TCP/IP" "logging local address and port" +.cindex "interface" "logging" +.new +&%outgoing_interface%&: If &%incoming_interface%& is turned on, then the +interface on which a message was sent is added to delivery lines as an I= tag +followed by IP address in square brackets. You can disable this by turning +off the &%outgoing_interface%& option. +.wen +.next .cindex "log" "outgoing remote port" .cindex "port" "logging outgoint remote" .cindex "TCP/IP" "logging ougtoing remote port" &%outgoing_port%&: The remote port number is added to delivery log lines (those -containing => tags) following the IP address. This option is not included in -the default setting, because for most ordinary configurations, the remote port -number is always 25 (the SMTP port). +containing => tags) following the IP address. +.new +The local port is also added if &%incoming_interface%& and +&%outgoing_interface%& are both enabled. +.wen +This option is not included in the default setting, because for most ordinary +configurations, the remote port number is always 25 (the SMTP port), and the +local port is a random ephemeral port. .next .cindex "log" "process ids in" .cindex "pid (process id)" "in log lines"