X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/8c40856083f3a2e89350ab3aacfb95256fbadd9d..e4413c34ca04474ce76fbbb544788d41d0bdc423:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 89fb5841e..e070616c7 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -11259,6 +11259,17 @@ The building process for Exim keeps a count of the number of times it has been compiled. This serves to distinguish different compilations of the same version of the program. +.vitem &$config_dir$& +.vindex "&$config_dir$&" +The directory name of the main configuration file. That is, the content of +&$config_file$& with the last component stripped. The value does not +contain the trailing slash. If &$config_file$& does not contain a slash, +&$config_dir$& is ".". + +.vitem &$config_file$& +.vindex "&$config_file$&" +The name of the main configuration file Exim is using. + .vitem &$demime_errorlevel$& .vindex "&$demime_errorlevel$&" This variable is available when Exim is compiled with @@ -11366,6 +11377,13 @@ This variable contains the path to the Exim binary. .vindex "&$exim_uid$&" This variable contains the numerical value of the Exim user id. +.vitem &$exim_version$& +.vindex "&$exim_uid$&" +This variable contains the version string of the Exim build. +The first character is a major version number, currently 4. +Then after a dot, the next group of digits is a minor version number. +There may be other characters following the minor version. + .vitem &$found_extension$& .vindex "&$found_extension$&" This variable is available when Exim is compiled with the @@ -16494,7 +16512,7 @@ preference order of the available ciphers. Details are given in sections See &%tls_verify_hosts%& below. -.option tls_verify_certificates main string&!! unset +.option tls_verify_certificates main string&!! system .cindex "TLS" "client certificate verification" .cindex "certificate" "verification of client" The value of this option is expanded, and must then be either the @@ -16505,7 +16523,8 @@ match &%tls_verify_hosts%& or &%tls_try_verify_hosts%&. The "system" value for the option will use a system default location compiled into the SSL library. -This is not available for GnuTLS versions preceding 3.0.20 and an explicit location +This is not available for GnuTLS versions preceding 3.0.20, +and will be taken as empty; an explicit location must be specified. The use of a directory for the option value is not avilable for GnuTLS versions @@ -23445,7 +23464,7 @@ unknown state), opens a new one to the same host, and then tries the delivery in clear. -.option tls_try_verify_hosts smtp "host list&!!" unset +.option tls_try_verify_hosts smtp "host list&!!" * .cindex "TLS" "server certificate verification" .cindex "certificate" "verification of server" This option gives a list of hosts for which, on encrypted connections, @@ -23471,7 +23490,7 @@ limited to being the initial component of a 3-or-more component FQDN. There is no equivalent checking on client certificates. -.option tls_verify_certificates smtp string&!! unset +.option tls_verify_certificates smtp string&!! system .cindex "TLS" "server certificate verification" .cindex "certificate" "verification of server" .vindex "&$host$&" @@ -23483,7 +23502,8 @@ a file or directory containing permitted certificates for servers, for use when setting up an encrypted connection. The "system" value for the option will use a location compiled into the SSL library. -This is not available for GnuTLS versions preceding 3.0.20 and an explicit location +This is not available for GnuTLS versions preceding 3.0.20; a value of "system" +is taken as empty and an explicit location must be specified. The use of a directory for the option value is not avilable for GnuTLS versions @@ -23500,6 +23520,7 @@ expansion of this option. See chapter &<>& for details of TLS. For back-compatability, if neither tls_verify_hosts nor tls_try_verify_hosts are set +(a single-colon empty list counts as being set) and certificate verification fails the TLS connection is closed. @@ -26492,7 +26513,7 @@ if it requests it. If the server is Exim, it will request a certificate only if &%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client. If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it -specified a collection of expected server certificates. +specifies a collection of expected server certificates. These may be the system default set (depeding on library version), a file or, depnding on liibrary version, a directory, @@ -30305,6 +30326,31 @@ The usual list-parsing of the content (see &<>&) applies. The following scanner types are supported in this release: .vlist +.vitem &%avast%& +.cindex "virus scanners" "avast" +This is the scanner daemon of Avast version 1.1.7 and 1.1.6 +(as reported by "/bin/avast -v"). +You can get a trial version at &url(http://www.avast.com). +This scanner type requires one option, +either a full path to a UNIX socket, +or host and port specifiers separated by white space. +The host may a name or an IP address; the port is either a +single number or a pair of numbers with a dash between. +Any further options are given, on separate lines, +to the daemon as options before the main scan command. +For example: +.code +av_scanner = avast:/var/run/avast4/local.sock:FLAGS -fullfiles:SENSITIVITY -pup +av_scanner = avast:192.168.2.22 5036 +.endd +If you omit the argument, the default path +&_/var/run/avast4/local.sock_& +is used. +If you use a remote host, +you need to make Exim's spool directory available to it, +as the scanner is passed a file path, not file contents. + + .vitem &%aveserver%& .cindex "virus scanners" "Kaspersky" This is the scanner daemon of Kaspersky Version 5. You can get a trial version @@ -30393,9 +30439,13 @@ av_scanner = cmdline:\ .endd .vitem &%drweb%& .cindex "virus scanners" "DrWeb" -The DrWeb daemon scanner (&url(http://www.sald.com/)) interface takes one -argument, either a full path to a UNIX socket, or an IP address and port -separated by white space, as in these examples: +The DrWeb daemon scanner (&url(http://www.sald.com/)) interface +takes one option, +either a full path to a UNIX socket, +or host and port specifiers separated by white space. +The host may be a name or an IP address; the port is either a +single number or a pair of numbers with a dash between. +For example: .code av_scanner = drweb:/var/run/drwebd.sock av_scanner = drweb:192.168.2.20 31337 @@ -34810,7 +34860,7 @@ selection marked by asterisks: &` smtp_protocol_error `& SMTP protocol errors &` smtp_syntax_error `& SMTP syntax errors &` subject `& contents of &'Subject:'& on <= lines -&` tls_certificate_verified `& certificate verification status +&`*tls_certificate_verified `& certificate verification status &`*tls_cipher `& TLS cipher suite on <= and => lines &` tls_peerdn `& TLS peer DN on <= and => lines &` tls_sni `& TLS SNI on <= lines