X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/d6e96b36bd210fc2dbf8830202ff4daf0720ef1a..44649fdb169979af3c5a08b10889d1ecee48a469:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 0ed811ab5..3542557c4 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -52,7 +52,7 @@ .set I "    " .macro copyyear -2013 +2014 .endmacro . ///////////////////////////////////////////////////////////////////////////// @@ -6840,7 +6840,7 @@ is used on its own as the result. If the lookup does not succeed, the &`fail`& keyword causes a &'forced expansion failure'& &-- see section &<>& for an explanation of what this means. -The supported DNS record types are A, CNAME, MX, NS, PTR, SPF, SRV, and TXT, +The supported DNS record types are A, CNAME, MX, NS, PTR, SPF, SRV, TLSA and TXT, and, when Exim is compiled with IPv6 support, AAAA (and A6 if that is also configured). If no type is given, TXT is assumed. When the type is PTR, the data can be an IP address, written as normal; inversion and the addition of @@ -8298,7 +8298,14 @@ Both &`+include_unknown`& and &`+ignore_unknown`& may appear in the same list. The effect of each one lasts until the next, or until the end of the list. -To explain the host/ip processing logic a different way for the same ACL: +.new +.section "Mixing wildcarded host names and addresses in host lists" &&& + "SECTmixwilhos" +.cindex "host list" "mixing names and addresses in" + +This section explains the host/ip processing logic with the same concepts +as the previous section, but specifically addresses what happens when a +wildcarded hostname is one of the items in the hostlist. .ilist If you have name lookups or wildcarded host names and @@ -8327,7 +8334,7 @@ If the first &%accept%& fails, Exim goes on to try the second one. See chapter &`+ignore_unknown`&, which was discussed in depth in the first example in this section. .endlist - +.wen .section "Temporary DNS errors when looking up host information" &&& @@ -8399,33 +8406,6 @@ See section &<>&.) -.section "Mixing wildcarded host names and addresses in host lists" &&& - "SECTmixwilhos" -.cindex "host list" "mixing names and addresses in" -If you have name lookups or wildcarded host names and IP addresses in the same -host list, you should normally put the IP addresses first. For example, in an -ACL you could have: -.code -accept hosts = 10.9.8.7 : *.friend.example -.endd -The reason for this lies in the left-to-right way that Exim processes lists. -It can test IP addresses without doing any DNS lookups, but when it reaches an -item that requires a host name, it fails if it cannot find a host name to -compare with the pattern. If the above list is given in the opposite order, the -&%accept%& statement fails for a host whose name cannot be found, even if its -IP address is 10.9.8.7. - -If you really do want to do the name check first, and still recognize the IP -address, you can rewrite the ACL like this: -.code -accept hosts = *.friend.example -accept hosts = 10.9.8.7 -.endd -If the first &%accept%& fails, Exim goes on to try the second one. See chapter -&<>& for details of ACLs. - - - .section "Address lists" "SECTaddresslist" @@ -10171,6 +10151,14 @@ number of larger units and output in Exim's normal time format, for example, .cindex "expansion" "case forcing" .cindex "&%uc%& expansion item" This forces the letters in the string into upper-case. + +.vitem &*${utf8clean:*&<&'string'&>&*}*& +.cindex "correction of invalid utf-8 sequences in strings" +.cindex "utf-8" "utf-8 sequences" +.cindex "incorrect utf-8" +.cindex "expansion" "utf-8 forcing" +.cindex "&%utf8clean%& expansion item" +This replaces any invalid utf-8 sequence in the string by the character &`?`&. .endlist @@ -10239,7 +10227,7 @@ If the ACL returns defer the result is a forced-fail. .cindex "&%bool%& expansion condition" This condition turns a string holding a true or false representation into a boolean state. It parses &"true"&, &"false"&, &"yes"& and &"no"& -(case-insensitively); also positive integer numbers map to true if non-zero, +(case-insensitively); also integer numbers map to true if non-zero, false if zero. An empty string is treated as false. Leading and trailing whitespace is ignored; @@ -11978,7 +11966,7 @@ other times, this variable is false. It is likely that you will need to coerce DNSSEC support on in the resolver library, by setting: .code -dns_use_dnssec = 1 +dns_dnssec_ok = 1 .endd Exim does not perform DNSSEC validation itself, instead leaving that to a @@ -13190,10 +13178,10 @@ See also the &'Policy controls'& section above. .row &%disable_ipv6%& "do no IPv6 processing" .row &%dns_again_means_nonexist%& "for broken domains" .row &%dns_check_names_pattern%& "pre-DNS syntax check" +.row &%dns_dnssec_ok%& "parameter for resolver" .row &%dns_ipv4_lookup%& "only v4 lookup for these domains" .row &%dns_retrans%& "parameter for resolver" .row &%dns_retry%& "parameter for resolver" -.row &%dns_use_dnssec%& "parameter for resolver" .row &%dns_use_edns0%& "parameter for resolver" .row &%hold_domains%& "hold delivery for these domains" .row &%local_interfaces%& "for routing checks" @@ -13814,6 +13802,17 @@ This option controls whether or not an IP address, given as a CSA domain, is reversed and looked up in the reverse DNS, as described in more detail in section &<>&. + +.option dns_dnssec_ok main integer -1 +.cindex "DNS" "resolver options" +.cindex "DNS" "DNSSEC" +If this option is set to a non-negative number then Exim will initialise the +DNS resolver library to either use or not use DNSSEC, overriding the system +default. A value of 0 coerces DNSSEC off, a value of 1 coerces DNSSEC on. + +If the resolver library does not support DNSSEC then this option has no effect. + + .option dns_ipv4_lookup main "domain list&!!" unset .cindex "IPv6" "DNS lookup for AAAA records" .cindex "DNS" "IPv6 lookup for AAAA records" @@ -13844,16 +13843,6 @@ to set in them. See &%dns_retrans%& above. -.option dns_use_dnssec main integer -1 -.cindex "DNS" "resolver options" -.cindex "DNS" "DNSSEC" -If this option is set to a non-negative number then Exim will initialise the -DNS resolver library to either use or not use DNSSEC, overriding the system -default. A value of 0 coerces DNSSEC off, a value of 1 coerces DNSSEC on. - -If the resolver library does not support DNSSEC then this option has no effect. - - .option dns_use_edns0 main integer -1 .cindex "DNS" "resolver options" .cindex "DNS" "EDNS0" @@ -16738,11 +16727,12 @@ and the discussion in chapter &<>&. -.option headers_add routers string&!! unset +.option headers_add routers list&!! unset .cindex "header lines" "adding" .cindex "router" "adding header lines" -This option specifies a string of text that is expanded at routing time, and -associated with any addresses that are accepted by the router. However, this +This option specifies a list of text headers, newline-separated, +that is associated with any addresses that are accepted by the router. +Each item is separately expanded, at routing time. However, this option has no effect when an address is just being verified. The way in which the text is used to add header lines at transport time is described in section &<>&. New header lines are not actually added until the @@ -16751,8 +16741,8 @@ header lines in string expansions in the transport's configuration do not &"see"& the added header lines. The &%headers_add%& option is expanded after &%errors_to%&, but before -&%headers_remove%& and &%transport%&. If the expanded string is empty, or if -the expansion is forced to fail, the option has no effect. Other expansion +&%headers_remove%& and &%transport%&. If an item is empty, or if +an item expansion is forced to fail, the item has no effect. Other expansion failures are treated as configuration errors. Unlike most options, &%headers_add%& can be specified multiple times @@ -16774,11 +16764,12 @@ avoided. The &%repeat_use%& option of the &%redirect%& router may be of help. -.option headers_remove routers string&!! unset +.option headers_remove routers list&!! unset .cindex "header lines" "removing" .cindex "router" "removing header lines" -This option specifies a string of text that is expanded at routing time, and -associated with any addresses that are accepted by the router. However, this +This option specifies a list of text headers, colon-separated, +that is associated with any addresses that are accepted by the router. +Each item is separately expanded, at routing time. However, this option has no effect when an address is just being verified. The way in which the text is used to remove header lines at transport time is described in section &<>&. Header lines are not actually removed until @@ -16787,8 +16778,8 @@ to header lines in string expansions in the transport's configuration still &"see"& the original header lines. The &%headers_remove%& option is expanded after &%errors_to%& and -&%headers_add%&, but before &%transport%&. If the expansion is forced to fail, -the option has no effect. Other expansion failures are treated as configuration +&%headers_add%&, but before &%transport%&. If an item expansion is forced to fail, +the item has no effect. Other expansion failures are treated as configuration errors. Unlike most options, &%headers_remove%& can be specified multiple times @@ -17631,6 +17622,29 @@ when there is a DNS lookup error. +.option dnssec_request_domains dnslookup "domain list&!!" unset +.cindex "MX record" "security" +.cindex "DNSSEC" "MX lookup" +.cindex "security" "MX lookup" +.cindex "DNS" "DNSSEC" +DNS lookups for domains matching &%dnssec_request_domains%& will be done with +the dnssec request bit set. +This applies to all of the SRV, MX A6, AAAA, A lookup sequence. + + + +.option dnssec_require_domains dnslookup "domain list&!!" unset +.cindex "MX record" "security" +.cindex "DNSSEC" "MX lookup" +.cindex "security" "MX lookup" +.cindex "DNS" "DNSSEC" +DNS lookups for domains matching &%dnssec_request_domains%& will be done with +the dnssec request bit set. Any returns not having the Authenticated Data bit +(AD bit) set wil be ignored and logged as a host-lookup failure. +This applies to all of the SRV, MX A6, AAAA, A lookup sequence. + + + .option mx_domains dnslookup "domain list&!!" unset .cindex "MX record" "required to exist" .cindex "SRV record" "required to exist" @@ -19788,10 +19802,11 @@ value that the router supplies, and also overriding any value associated with &%user%& (see below). -.option headers_add transports string&!! unset +.option headers_add transports list&!! unset .cindex "header lines" "adding in transport" .cindex "transport" "header lines; adding" -This option specifies a string of text that is expanded and added to the header +This option specifies a list of text headers, newline-separated, +which are (separately) expanded and added to the header portion of a message as it is transported, as described in section &<>&. Additional header lines can also be specified by routers. If the result of the expansion is an empty string, or if the expansion @@ -19812,18 +19827,20 @@ transports, the settings of &%message_prefix%& and &%message_suffix%& should be checked, since this option does not automatically suppress them. -.option headers_remove transports string&!! unset +.option headers_remove transports list&!! unset .cindex "header lines" "removing" .cindex "transport" "header lines; removing" -This option specifies a string that is expanded into a list of header names; +This option specifies a list of header names, colon-separated; these headers are omitted from the message as it is transported, as described in section &<>&. Header removal can also be specified by -routers. If the result of the expansion is an empty string, or if the expansion +routers. +Each list item is separately expanded. +If the result of the expansion is an empty string, or if the expansion is forced to fail, no action is taken. Other expansion failures are treated as errors and cause the delivery to be deferred. Unlike most options, &%headers_remove%& can be specified multiple times -for a router; all listed headers are added. +for a router; all listed headers are removed. @@ -23018,6 +23035,14 @@ unknown state), opens a new one to the same host, and then tries the delivery in clear. +.option tls_try_verify_hosts smtp "host list&!! unset +.cindex "TLS" "server certificate verification" +.cindex "certificate" "verification of server" +This option gives a list of hosts for which, on encrypted connections, +certificate verification will be tried but need not succeed. +The &%tls_verify_certificates%& option must also be set. + + .option tls_verify_certificates smtp string&!! unset .cindex "TLS" "server certificate verification" .cindex "certificate" "verification of server" @@ -23032,6 +23057,20 @@ single file if you are using GnuTLS. The values of &$host$& and &$host_address$& are set to the name and address of the server during the expansion of this option. See chapter &<>& for details of TLS. +For back-compatability, +if neither tls_verify_hosts nor tls_try_verify_hosts are set +and certificate verification fails the TLS connection is closed. + + +.option tls_verify_hosts smtp "host list&!! unset +.cindex "TLS" "server certificate verification" +.cindex "certificate" "verification of server" +This option gives a list of hosts for which. on encrypted connections, +certificate verification must succeed. +The &%tls_verify_certificates%& option must also be set. +If both this option and &%tls_try_verify_hosts%& are unset +operation is as if this option selected all hosts. + @@ -25933,6 +25972,12 @@ for OpenSSL only (not GnuTLS), a directory, that contains a collection of expected server certificates. The client verifies the server's certificate against this collection, taking into account any revoked certificates that are in the list defined by &%tls_crl%&. +Failure to verify fails the TLS connection unless either of the +&%tls_verify_hosts%& or &%tls_try_verify_hosts%& options are set. + +The &%tls_verify_hosts%& and &%tls_try_verify_hosts%& options restrict +certificate verification to the listed servers. Verification either must +or need not succeed respectively. If &%tls_require_ciphers%& is set on the &(smtp)& transport, it must contain a @@ -27292,7 +27337,16 @@ It is usable in the RCPT ACL and valid only for single-recipient mails forwarded from one SMTP connection to another. If a recipient-verify callout connection is requested in the same ACL it is held open and used for the data, otherwise one is made after the ACL completes. -Note that routers are used in verify mode. + +Note that routers are used in verify mode, +and cannot depend on content of received headers. +Note also that headers cannot be +modified by any of the post-data ACLs (DATA, MIME and DKIM). +Headers may be modified by routers (subject to the above) and transports. + +Cutthrough delivery is not supported via transport-filters or when DKIM signing +of outgoing messages is done, because it sends data to the ultimate destination +before the entire message has been received from the source. Should the ultimate destination system positively accept or reject the mail, a corresponding indication is given to the source system and nothing is queued. @@ -27303,7 +27357,6 @@ line. Delivery in this mode avoids the generation of a bounce mail to a (possibly faked) sender when the destination system is doing content-scan based rejection. -Cutthrough delivery is not supported via transport-filters. .vitem &*control&~=&~debug/*&<&'options'&> @@ -27547,12 +27600,15 @@ warn dnslists = sbl.spamhaus.org : \ add_header = X-blacklisted-at: $dnslist_domain .endd The &%add_header%& modifier is permitted in the MAIL, RCPT, PREDATA, DATA, -MIME, and non-SMTP ACLs (in other words, those that are concerned with +MIME, DKIM, and non-SMTP ACLs (in other words, those that are concerned with receiving a message). The message must ultimately be accepted for &%add_header%& to have any significant effect. You can use &%add_header%& with any ACL verb, including &%deny%& (though this is potentially useful only in a RCPT ACL). +Headers will not be added to the message if the modifier is used in +DATA, MIME or DKIM ACLs for messages delivered by cutthrough routing. + Leading and trailing newlines are removed from the data for the &%add_header%& modifier; if it then contains one or more newlines that @@ -27646,12 +27702,15 @@ warn message = Remove internal headers remove_header = x-route-mail1 : x-route-mail2 .endd The &%remove_header%& modifier is permitted in the MAIL, RCPT, PREDATA, DATA, -MIME, and non-SMTP ACLs (in other words, those that are concerned with +MIME, DKIM, and non-SMTP ACLs (in other words, those that are concerned with receiving a message). The message must ultimately be accepted for &%remove_header%& to have any significant effect. You can use &%remove_header%& with any ACL verb, including &%deny%&, though this is really not useful for any verb that doesn't result in a delivered message. +Headers will not be removed to the message if the modifier is used in +DATA, MIME or DKIM ACLs for messages delivered by cutthrough routing. + More than one header can be removed at the same time by using a colon separated list of header names. The header matching is case insensitive. Wildcards are not permitted, nor is list expansion performed, so you cannot use hostlists to @@ -27972,6 +28031,23 @@ This condition checks whether the sending host (the client) is authorized to send email. Details of how this works are given in section &<>&. +.new +.vitem &*verify&~=&~header_names_ascii*& +.cindex "&%verify%& ACL condition" +.cindex "&ACL;" "verifying header names only ASCII" +.cindex "header lines" "verifying header names only ASCII" +.cindex "verifying" "header names only ASCII" +This condition is relevant only in an ACL that is run after a message has been +received, that is, in an ACL specified by &%acl_smtp_data%& or +&%acl_not_smtp%&. It checks all header names (not the content) to make sure +there are no non-ASCII characters, also excluding control characters. The +allowable characters are decimal ASCII values 33 through 126. + +Exim itself will handle headers with non-ASCII characters, but it can cause +problems for downstream applications, so this option will allow their +detection and rejection in the DATA ACL's. +.wen + .vitem &*verify&~=&~header_sender/*&<&'options'&> .cindex "&%verify%& ACL condition" .cindex "&ACL;" "verifying sender in the header" @@ -28583,6 +28659,13 @@ deny condition = ${if isip4{$sender_host_address}} dnslists = some.list.example .endd +If an explicit key is being used for a DNS lookup and it may be an IPv6 +address you should specify alternate list separators for both the outer +(DNS list name) list and inner (lookup keys) list: +.code + dnslists = <; dnsbl.example.com/<|$acl_m_addrslist +.endd + .section "Rate limiting incoming messages" "SECTratelimiting" .cindex "rate limiting" "client sending" .cindex "limiting client sending rates" @@ -28964,6 +29047,7 @@ router that does not set up hosts routes to an &(smtp)& transport with a &%hosts%& setting, the transport's hosts are used. If an &(smtp)& transport has &%hosts_override%& set, its hosts are always used, whether or not the router supplies a host list. +Callouts are only supported on &(smtp)& transports. The port that is used is taken from the transport, if it is specified and is a remote transport. (For routers that do verification only, no transport need be @@ -29767,6 +29851,24 @@ av_scanner = mksd:2 .endd You can safely omit this option (the default value is 1). +.vitem &%sock%& +.cindex "virus scanners" "simple socket-connected" +This is a general-purpose way of talking to simple scanner daemons +running on the local machine. +There are four options: +an address (which may be an IP addres and port, or the path of a Unix socket), +a commandline to send (may include a single %s which will be replaced with +the path to the mail file to be scanned), +an RE to trigger on from the returned data, +an RE to extract malware_name from the returned data. +For example: +.code +av_scanner = sock:127.0.0.1 6001:%s:(SPAM|VIRUS):(.*)\$ +.endd +Default for the socket specifier is &_/tmp/malware.sock_&. +Default for the commandline is &_%s\n_&. +Both regular-expressions are required. + .vitem &%sophie%& .cindex "virus scanners" "Sophos and Sophie" Sophie is a daemon that uses Sophos' &%libsavi%& library to scan for viruses. @@ -31889,7 +31991,7 @@ they do not affect the values of the variables that refer to header lines. the transport cannot refer to the modified header lines, because such expansions all occur before the message is actually transported. -For both routers and transports, the result of expanding a &%headers_add%& +For both routers and transports, the argument of a &%headers_add%& option must be in the form of one or more RFC 2822 header lines, separated by newlines (coded as &"\n"&). For example: .code @@ -31899,10 +32001,10 @@ headers_add = X-added-header: added by $primary_hostname\n\ Exim does not check the syntax of these added header lines. Multiple &%headers_add%& options for a single router or transport can be -specified; the values will be concatenated (with a separating newline -added) before expansion. +specified; the values will append to a single list of header lines. +Each header-line is separately expanded. -The result of expanding &%headers_remove%& must consist of a colon-separated +The argument of a &%headers_remove%& option must consist of a colon-separated list of header names. This is confusing, because header names themselves are often terminated by colons. In this case, the colons are the list separators, not part of the names. For example: @@ -31911,11 +32013,12 @@ headers_remove = return-receipt-to:acknowledge-to .endd Multiple &%headers_remove%& options for a single router or transport can be -specified; the values will be concatenated (with a separating colon -added) before expansion. +specified; the arguments will append to a single header-names list. +Each item is separately expanded. -When &%headers_add%& or &%headers_remove%& is specified on a router, its value -is expanded at routing time, and then associated with all addresses that are +When &%headers_add%& or &%headers_remove%& is specified on a router, +items are expanded at routing time, +and then associated with all addresses that are accepted by that router, and also with any new addresses that it generates. If an address passes through several routers as a result of aliasing or forwarding, the changes are cumulative. @@ -34013,6 +34116,7 @@ the following table: &`R `& on &`<=`& lines: reference for local bounce &` `& on &`=>`& &`**`& and &`==`& lines: router name &`S `& size of message +&`SNI `& server name indication from TLS client hello &`ST `& shadow transport name &`T `& on &`<=`& lines: message subject (topic) &` `& on &`=>`& &`**`& and &`==`& lines: transport name @@ -34322,7 +34426,8 @@ The message that is written is &"spool file is locked"&. .next .cindex "log" "smtp confirmation" .cindex "SMTP" "logging confirmation" -&%smtp_confirmation%&: The response to the final &"."& in the SMTP dialogue for +.cindex "LMTP" "logging confirmation" +&%smtp_confirmation%&: The response to the final &"."& in the SMTP or LMTP dialogue for outgoing messages is added to delivery log lines in the form &`C=`&<&'text'&>. A number of MTAs (including Exim) return an identifying string in this response. @@ -34551,9 +34656,13 @@ This utility is a Perl script contributed by Matt Hubbard. It runs .code exim -bpu .endd -to obtain a queue listing with undelivered recipients only, and then greps the -output to select messages that match given criteria. The following selection -options are available: +or (in case &*-a*& switch is specified) +.code +exim -bp +.endd + +to obtain a queue listing, and then greps the output to select messages +that match given criteria. The following selection options are available: .vlist .vitem &*-f*&&~<&'regex'&> @@ -34600,6 +34709,9 @@ Brief format &-- one line per message. .vitem &*-R*& Display messages in reverse order. + +.vitem &*-a*& +Include delivered recipients in queue listing. .endlist There is one more option, &%-h%&, which outputs a list of options. @@ -36339,7 +36451,9 @@ disabled by setting DISABLE_DKIM=yes in Local/Makefile. Exim's DKIM implementation allows to .olist Sign outgoing messages: This function is implemented in the SMTP transport. -It can co-exist with all other Exim features, including transport filters. +It can co-exist with all other Exim features +(including transport filters) +except cutthrough delivery. .next Verify signatures in incoming messages: This is implemented by an additional ACL (acl_smtp_dkim), which can be called several times per message, with @@ -36430,6 +36544,10 @@ used. Verification of DKIM signatures in incoming email is implemented via the &%acl_smtp_dkim%& ACL. By default, this ACL is called once for each syntactically(!) correct signature in the incoming message. +A missing ACL definition defaults to accept. +If any ACL call does not acccept, the message is not accepted. +If a cutthrough delivery was in progress for the message it is +summarily dropped (having wasted the transmission effort). To evaluate the signature in the ACL a large number of expansion variables containing the signature status and its details are set up during the