X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/e98566e5a394a1e480676cef74892bc213b39936..b2d54f831659ee95d4d4cf395f568b395e262310:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 5ca60327e..294034a6c 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -52,7 +52,7 @@ .set I "    " .macro copyyear -2018 +2018, 2019 .endmacro . ///////////////////////////////////////////////////////////////////////////// @@ -3963,6 +3963,20 @@ is sent to the sender, containing the text &"cancelled by administrator"&. Bounce messages are just discarded. This option can be used only by an admin user. +.new +.vitem &%-MG%&&~<&'queue&~name'&&~<&'message&~id'&>&~<&'message&~id'&>&~... +.oindex "&%-MG%&" +.cindex queue named +.cindex "named queues" +.cindex "queue" "moving messages" +This option requests that each listed message be moved from its current +queue to the given named queue. +The destination queue name argument is required, but can be an empty +string to define the default queue. +If the messages are not currently located in the default queue, +a &%-qG%& option will be required to define the source queue. +.wen + .vitem &%-Mmad%&&~<&'message&~id'&>&~<&'message&~id'&>&~... .oindex "&%-Mmad%&" .cindex "delivery" "cancelling all" @@ -6113,9 +6127,6 @@ dnslookup: domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 -.ifdef _HAVE_DNSSEC - dnssec_request_domains = * -.endif no_more .endd The &%domains%& option behaves as per smarthost, above. @@ -6666,11 +6677,10 @@ aliases or other indexed data referenced by an MTA. Information about cdb and tools for building the files can be found in several places: .display &url(https://cr.yp.to/cdb.html) -&url(http://www.corpit.ru/mjt/tinycdb.html) +&url(https://www.corpit.ru/mjt/tinycdb.html) &url(https://packages.debian.org/stable/utils/freecdb) &url(https://github.com/philpennock/cdbtools) (in Go) .endd -. --- 2018-09-07: corpit.ru http:-only A cdb distribution is not needed in order to build Exim with cdb support, because the code for reading cdb files is included directly in Exim itself. However, no means of building or testing cdb files is provided with Exim, so @@ -9475,9 +9485,15 @@ set in &_Local/Makefile_&. Once loaded, Exim remembers the dynamically loaded object so that it doesn't reload the same object file in the same Exim process (but of course Exim does start new processes frequently). -There may be from zero to eight arguments to the function. When compiling -a local function that is to be called in this way, &_local_scan.h_& should be -included. The Exim variables and functions that are defined by that API +There may be from zero to eight arguments to the function. + +.new +When compiling +a local function that is to be called in this way, +first &_DLFUNC_IMPL_& should be defined, +and second &_local_scan.h_& should be included. +.wen +The Exim variables and functions that are defined by that API are also available for dynamically loaded functions. The function itself must have the following type: .code @@ -13354,6 +13370,9 @@ or a &%def%& condition. &*Note*&: Under versions of OpenSSL preceding 1.1.1, when a list of more than one file is used for &%tls_certificate%&, this variable is not reliable. +.new +The macro "_TLS_BAD_MULTICERT_IN_OURCERT" will be defined for those versions. +.wen .vitem &$tls_in_peercert$& .vindex "&$tls_in_peercert$&" @@ -13503,6 +13522,19 @@ the transport. .vindex &$tls_out_tlsa_usage$& Bitfield of TLSA record types found. See section &<>&. +.new +.vitem &$tls_in_ver$& +.vindex "&$tls_in_ver$&" +When a message is received from a remote host over an encrypted SMTP connection +this variable is set to the protocol version, eg &'TLS1.2'&. + +.vitem &$tls_out_ver$& +.vindex "&$tls_out_ver$&" +When a message is being delivered to a remote host over an encrypted SMTP connection +this variable is set to the protocol version. +.wen + + .vitem &$tod_bsdinbox$& .vindex "&$tod_bsdinbox$&" The time of day and the date, in the format required for BSD-style mailbox @@ -16270,7 +16302,7 @@ harm. This option overrides the &%pipe_as_creator%& option of the &(pipe)& transport driver. -.option openssl_options main "string list" "+no_sslv2 +no_sslv3 +single_dh_use +no_ticket" +.option openssl_options main "string list" "+no_sslv2 +no_sslv3 +single_dh_use +no_ticket +no_renegotiation" .cindex "OpenSSL "compatibility options" This option allows an administrator to adjust the SSL options applied by OpenSSL to connections. It is given as a space-separated list of items, @@ -16737,6 +16769,7 @@ received_header_text = Received: \ ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\ by $primary_hostname \ ${if def:received_protocol {with $received_protocol }}\ + ${if def:tls_ver { ($tls_ver)}}\ ${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}\ (Exim $version_number)\n\t\ ${if def:sender_address \ @@ -17686,9 +17719,9 @@ separator in the usual way (&<>&) to avoid confusion under IP &*Note*&: Under versions of OpenSSL preceding 1.1.1, when a list of more than one file is used, the &$tls_in_ourcert$& variable is unreliable. - -&*Note*&: OCSP stapling is not usable under OpenSSL -when a list of more than one file is used. +.new +The macro "_TLS_BAD_MULTICERT_IN_OURCERT" will be defined for those versions. +.wen If the option contains &$tls_out_sni$& and Exim is built against OpenSSL, then if the OpenSSL build supports TLS extensions and the TLS client sends the @@ -17841,6 +17874,9 @@ status proof for the server's certificate, as obtained from the Certificate Authority. Usable for GnuTLS 3.4.4 or 3.3.17 or OpenSSL 1.1.0 (or later). +.new +The macro "_HAVE_TLS_OCSP" will be defined for those versions. +.wen .new For OpenSSL 1.1.0 or later, and @@ -17848,6 +17884,9 @@ For OpenSSL 1.1.0 or later, and for GnuTLS 3.5.6 or later the expanded value of this option can be a list of files, to match a list given for the &%tls_certificate%& option. The ordering of the two lists must match. +.new +The macro "_HAVE_TLS_OCSP_LIST" will be defined for those versions. +.wen .new The file(s) should be in DER format, @@ -34274,8 +34313,10 @@ with translation. This function is used in conjunction with &'smtp_printf()'&, as described below. -.vitem &*void&~smtp_printf(char&~*,&~...)*& -The arguments of this function are like &[printf()]&; it writes to the SMTP +.new +.vitem &*void&~smtp_printf(char&~*,BOOL,&~...)*& +The arguments of this function are almost like &[printf()]&; it writes to the SMTP +.wen output stream. You should use this function only when there is an SMTP output stream, that is, when the incoming message is being received via interactive SMTP. This is the case when &%smtp_input%& is TRUE and &%smtp_batched_input%& @@ -34287,6 +34328,17 @@ is involved. If an SMTP TLS connection is established, &'smtp_printf()'& uses the TLS output function, so it can be used for all forms of SMTP connection. +.new +The second argument is used to request that the data be buffered +(when TRUE) or flushed (along with any previously buffered, when FALSE). +This is advisory only, but likely to save on system-calls and packets +sent when a sequence of calls to the function are made. + +The argument was added in Exim version 4.90 - changing the API. +Nobody noticed until 4.93 was imminent. +A decision on the way forward has not yet been made. +.wen + Strings that are written by &'smtp_printf()'& from within &[local_scan()]& must start with an appropriate response code: 550 if you are going to return LOCAL_SCAN_REJECT, 451 if you are going to return @@ -34304,7 +34356,11 @@ the data returned via the &%return_text%& argument. The added value of using multiple output lines. The &'smtp_printf()'& function does not return any error indication, because it -does not automatically flush pending output, and therefore does not test +does not +.new +guarantee a flush of +.wen +pending output, and therefore does not test the state of the stream. (In the main code of Exim, flushing and error detection is done when Exim is ready for the next SMTP input command.) If you want to flush the output and check for an error (for example, the @@ -40323,8 +40379,12 @@ for more information of what they mean. SPF is a mechanism whereby a domain may assert which IP addresses may transmit messages with its domain in the envelope from, documented by RFC 7208. -For more information on SPF see &url(http://www.openspf.org). -. --- 2018-09-07: still not https +For more information on SPF see &url(http://www.open-spf.org), a static copy of +the &url(http://openspf.org). +. --- 2019-10-28: still not https, open-spf.org is told to be a +. --- web-archive copy of the now dead openspf.org site +. --- See https://www.mail-archive.com/mailop@mailop.org/msg08019.html for a +. --- discussion. Messages sent by a system not authorised will fail checking of such assertions. This includes retransmissions done by traditional forwarders. @@ -40387,7 +40447,7 @@ deny spf = fail message = $sender_host_address is not allowed to send mail from \ ${if def:sender_address_domain \ {$sender_address_domain}{$sender_helo_name}}. \ - Please see http://www.openspf.org/Why?scope=\ + Please see http://www.open-spf.org/Why?scope=\ ${if def:sender_address_domain {mfrom}{helo}};\ identity=${if def:sender_address_domain \ {$sender_address}{$sender_helo_name}};\ @@ -40440,9 +40500,9 @@ In addition to SPF, you can also perform checks for so-called "Best-guess". Strictly speaking, "Best-guess" is not standard SPF, but it is supported by the same framework that enables SPF capability. -Refer to &url(http://www.openspf.org/FAQ/Best_guess_record) +Refer to &url(http://www.open-spf.org/FAQ/Best_guess_record) for a description of what it means. -. --- 2018-09-07: still not https: +. --- 2019-10-28: still not https: To access this feature, simply use the spf_guess condition in place of the spf one. For example: