X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/f3766eb5a200d0deb99dc3f096ced249727940cd..a2e4e31dae3c20aa9e64427190ab49bd2d315217:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 201aefc5d..6a1d7ce12 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1,4 +1,4 @@ -. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.55 2009/10/14 14:48:40 nm4 Exp $ +. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.72 2010/03/05 16:26:46 nm4 Exp $ . . ///////////////////////////////////////////////////////////////////////////// . This is the primary source of the Exim Manual. It is an xfpt document that is @@ -48,7 +48,7 @@ . ///////////////////////////////////////////////////////////////////////////// .set previousversion "4.69" -.set version "4.70" +.set version "4.71" .set ACL "access control lists (ACLs)" .set I "    " @@ -172,15 +172,13 @@ Specification of the Exim Mail Transfer Agent The Exim MTA -09 June 2009 -PhilipHazel -PH -University of Cambridge Computing Service -
New Museums Site, Pembroke Street, Cambridge CB2 3QH, England
+5 November 2009 +EximMaintainers +EM - 4.70 - 10 June 2009 - PH + 4.71 + 5 November 2009 + EM 2009University of Cambridge
@@ -2975,6 +2973,7 @@ local part) and outputs what it finds. .cindex "options" "router &-- extracting" .cindex "options" "transport &-- extracting" +.cindex "options" "authenticator &-- extracting" If one of the words &%router%&, &%transport%&, or &%authenticator%& is given, followed by the name of an appropriate driver instance, the option settings for that driver are output. For example: @@ -2988,6 +2987,11 @@ using one of the words &%router_list%&, &%transport_list%&, or settings can be obtained by using &%routers%&, &%transports%&, or &%authenticators%&. +.cindex "options" "macro &-- extracting" +If invoked by an admin user, then &%macro%&, &%macro_list%& and &%macros%& +are available, similarly to the drivers. Because macros are sometimes used +for storing passwords, this option is restricted. +The output format is one item per line. .vitem &%-bp%& .oindex "&%-bp%&" @@ -5885,6 +5889,10 @@ password are correct. In the examples it just produces an error message. To make the authenticators work, you can use a string expansion expression like one of the examples in &<>&. +Beware that the sequence of the parameters to PLAIN and LOGIN differ; the +usercode and password are in different positions. &<>& +covers both. + .ecindex IIDconfiwal @@ -6128,7 +6136,7 @@ IPv6 addresses must be enclosed in quotes to prevent the first internal colon being interpreted as a key terminator. For example: .code 1.2.3.4: data for 1.2.3.4 -192.168.0.0/16 data for 192.168.0.0/16 +192.168.0.0/16: data for 192.168.0.0/16 "abcd::cdab": data for abcd::cdab "abcd:abcd::/32" data for abcd:abcd::/32 .endd @@ -9571,6 +9579,17 @@ For single-key lookup types, no quoting is ever necessary and this operator yields an unchanged string. +.vitem &*${randint:*&<&'n'&>&*}*& +.cindex "random number" +This operator returns a somewhat random number which is less than the +supplied number and is at least 0. The quality of this randomness depends +on how Exim was built; the values are not suitable for keying material. +If Exim is linked against OpenSSL then RAND_pseudo_bytes() is used. +Otherwise, the implementation may be arc4random(), random() seeded by +srandomdev() or srandom(), or a custom implementation even weaker than +random(). + + .vitem &*${rfc2047:*&<&'string'&>&*}*& .cindex "expansion" "RFC 2047" .cindex "RFC 2047" "expansion operator" @@ -10199,6 +10218,10 @@ configuration, you might have this: .code server_condition = ${if pwcheck{$auth1:$auth2}} .endd +Again, for a PLAIN authenticator configuration, this would be: +.code +server_condition = ${if pwcheck{$auth2:$auth3}} +.endd .vitem &*queue_running*& .cindex "queue runner" "detecting when delivering from" .cindex "expansion" "queue runner test" @@ -10986,7 +11009,7 @@ precise size of the file that has been written. See also &$message_body_size$&, &$body_linecount$&, and &$body_zerocount$&. .cindex "RCPT" "value of &$message_size$&" -While running an ACL at the time of an SMTP RCPT command, &$message_size$& +While running a per message ACL (mail/rcpt/predata), &$message_size$& contains the size supplied on the MAIL command, or -1 if no size was given. The value may not, of course, be truthful. @@ -12354,6 +12377,7 @@ listed in more than one group. .row &%gnutls_require_kx%& "control GnuTLS key exchanges" .row &%gnutls_require_mac%& "control GnuTLS MAC algorithms" .row &%gnutls_require_protocols%& "control GnuTLS protocols" +.row &%gnutls_compat_mode%& "use GnuTLS compatibility mode" .row &%tls_advertise_hosts%& "advertise TLS to these hosts" .row &%tls_certificate%& "location of server certificate" .row &%tls_crl%& "certificate revocation list" @@ -13353,6 +13377,10 @@ server. For details, see section &<>&. This option controls the protocols when GnuTLS is used in an Exim server. For details, see section &<>&. +.option gnutls_compat_mode main boolean unset +This option controls whether GnuTLS is used in compatibility mode in an Exim +server. This reduces security slightly, but improves interworking with older +implementations of TLS. .option headers_charset main string "see below" This option sets a default character set for translating from encoded MIME @@ -13424,10 +13452,10 @@ do. By default, Exim just checks the syntax of HELO and EHLO commands (see &%helo_accept_junk_hosts%& and &%helo_allow_chars%&). However, some sites like to do more extensive checking of the data supplied by these commands. The ACL -condition &`verify`& &`=`& &`helo`& is provided to make this possible. +condition &`verify = helo`& is provided to make this possible. Formerly, it was necessary also to set this option (&%helo_try_verify_hosts%&) to force the check to occur. From release 4.53 onwards, this is no longer -necessary. If the check has not been done before &`verify`& &`=`& &`helo`& is +necessary. If the check has not been done before &`verify = helo`& is encountered, it is done at that time. Consequently, this option is obsolete. Its specification is retained here for backwards compatibility. @@ -13449,7 +13477,7 @@ available) yields the calling host address. However, the EHLO or HELO command is not rejected if any of the checks fail. Processing continues, but the result of the check is remembered, and can -be detected later in an ACL by the &`verify`& &`=`& &`helo`& condition. +be detected later in an ACL by the &`verify = helo`& condition. .option helo_verify_hosts main "host list&!!" unset .cindex "HELO verifying" "mandatory" @@ -13505,8 +13533,8 @@ this check fails, Exim behaves as if the name lookup failed. .vindex "&$sender_host_name$&" After any kind of failure, the host name (in &$sender_host_name$&) remains unset, and &$host_lookup_failed$& is set to the string &"1"&. See also -&%dns_again_means_nonexist%&, &%helo_lookup_domains%&, and &`verify`& &`=`& -&`reverse_host_lookup`& in ACLs. +&%dns_again_means_nonexist%&, &%helo_lookup_domains%&, and +&`verify = reverse_host_lookup`& in ACLs. .option host_lookup_order main "string list" &`bydns:byaddr`& @@ -17826,10 +17854,10 @@ redirection items of the form :defer: :fail: .endd -respectively. When a redirection list contains such an item, it applies to the -entire redirection; any other items in the list are ignored (&':blackhole:'& is -different). Any text following &':fail:'& or &':defer:'& is placed in the error -text associated with the failure. For example, an alias file might contain: +respectively. When a redirection list contains such an item, it applies +to the entire redirection; any other items in the list are ignored. Any +text following &':fail:'& or &':defer:'& is placed in the error text +associated with the failure. For example, an alias file might contain: .code X.Employee: :fail: Gone away, no forwarding address .endd @@ -21142,6 +21170,7 @@ procmail_pipe: envelope_to_add check_string = "From " escape_string = ">From " + umask = 077 user = $local_part group = mail @@ -21441,18 +21470,23 @@ being used, names are looked up using &[gethostbyname()]& instead of using the DNS. Of course, that function may in fact use the DNS, but it may also consult other sources of information such as &_/etc/hosts_&. -.option gnutls_require_kx main string unset +.option gnutls_require_kx smtp string unset This option controls the key exchange mechanisms when GnuTLS is used in an Exim client. For details, see section &<>&. -.option gnutls_require_mac main string unset +.option gnutls_require_mac smtp string unset This option controls the MAC algorithms when GnuTLS is used in an Exim client. For details, see section &<>&. -.option gnutls_require_protocols main string unset +.option gnutls_require_protocols smtp string unset This option controls the protocols when GnuTLS is used in an Exim client. For details, see section &<>&. +.option gnutls_compat_mode smtp boolean unset +This option controls whether GnuTLS is used in compatibility mode in an Exim +server. This reduces security slightly, but improves interworking with older +implementations of TLS. + .option helo_data smtp string&!! "see below" .cindex "HELO" "argument, setting" .cindex "EHLO" "argument, setting" @@ -23554,7 +23588,6 @@ the password conform to the Exim syntax. At the LDAP level, the password is an uninterpreted string. - .section "Support for different kinds of authentication" "SECID174" A number of string expansion features are provided for the purpose of interfacing to different ways of user authentication. These include checking @@ -23813,7 +23846,7 @@ sasl_cram_md5: sasl_plain: driver = cyrus_sasl public_name = PLAIN - server_set_id = $auth1 + server_set_id = $auth2 .endd Cyrus SASL does implement the LOGIN authentication method, even though it is not a standard method. It is disabled by default in the source distribution, @@ -23846,7 +23879,7 @@ dovecot_plain: driver = dovecot public_name = PLAIN server_socket = /var/run/dovecot/auth-client - server_set_id = $auth1 + server_set_id = $auth2 dovecot_ntlm: driver = dovecot @@ -24429,13 +24462,10 @@ unencrypted. The &%tls_certificate%& and &%tls_privatekey%& options of the &(smtp)& transport provide the client with a certificate, which is passed to the server if it requests it. If the server is Exim, it will request a certificate only if -&%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client. &*Note*&: -These options must be set in the &(smtp)& transport for Exim to use TLS when it -is operating as a client. Exim does not assume that a server certificate (set -by the global options of the same name) should also be used when operating as a -client. +&%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client. -If &%tls_verify_certificates%& is set, it must name a file or, +If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it +must name a file or, for OpenSSL only (not GnuTLS), a directory, that contains a collection of expected server certificates. The client verifies the server's certificate against this collection, taking into account any revoked certificates that are @@ -24447,6 +24477,12 @@ list of permitted cipher suites. If either of these checks fails, delivery to the current host is abandoned, and the &(smtp)& transport tries to deliver to alternative hosts, if any. + &*Note*&: +These options must be set in the &(smtp)& transport for Exim to use TLS when it +is operating as a client. Exim does not assume that a server certificate (set +by the global options of the same name) should also be used when operating as a +client. + .vindex "&$host$&" .vindex "&$host_address$&" All the TLS options in the &(smtp)& transport are expanded before use, with @@ -24781,7 +24817,6 @@ client are given temporary error responses until QUIT is received or the connection is closed. In these special cases, the QUIT ACL does not run. - .section "The not-QUIT ACL" "SECTNOTQUITACL" .vindex &$acl_smtp_notquit$& The not-QUIT ACL, specified by &%acl_smtp_notquit%&, is run in most cases when @@ -25782,7 +25817,7 @@ This control is permitted only for the MAIL, RCPT, and start of data ACLs (the latter is the one defined by &%acl_smtp_predata%&). Setting it tells Exim that the current message is a submission from a local MUA. In this case, Exim operates in &"submission mode"&, and applies certain fixups to the message if -necessary. For example, it add a &'Date:'& header line if one is not present. +necessary. For example, it adds a &'Date:'& header line if one is not present. This control is not permitted in the &%acl_smtp_data%& ACL, because that is too late (the message has already been created). @@ -25795,7 +25830,7 @@ that may be received in the same SMTP connection. .vitem &*control&~=&~suppress_local_fixups*& .cindex "submission fixups, suppressing" This control applies to locally submitted (non TCP/IP) messages, and is the -complement of &`control`& &`=`& &`submission`&. It disables the fixups that are +complement of &`control = submission`&. It disables the fixups that are normally applied to locally-submitted messages. Specifically: .ilist @@ -25824,12 +25859,12 @@ All four possibilities for message fixups can be specified: .ilist Locally submitted, fixups applied: the default. .next -Locally submitted, no fixups applied: use &`control`& &`=`& -&`suppress_local_fixups`&. +Locally submitted, no fixups applied: use +&`control = suppress_local_fixups`&. .next Remotely submitted, no fixups applied: the default. .next -Remotely submitted, fixups applied: use &`control`& &`=`& &`submission`&. +Remotely submitted, fixups applied: use &`control = submission`&. .endlist @@ -26975,7 +27010,7 @@ entry must set the rate for the same key (otherwise it will always be zero). For example: .code acl_check_connect: - deny ratelimit = 100 / 5m / strict / noupdate + deny ratelimit = 100 / 5m / strict / per_cmd / noupdate log_message = RATE: $sender_rate/$sender_rate_period \ (max $sender_rate_limit) .endd @@ -30273,8 +30308,8 @@ If a message contains a number of different addresses, all those with the same characteristics (for example, the same envelope sender) that resolve to the same set of hosts, in the same order, are sent in a single SMTP transaction, even if they are for different domains, unless there are more than the setting -of the &%max_rcpts%& option in the &(smtp)& transport allows, in which case -they are split into groups containing no more than &%max_rcpts%& addresses +of the &%max_rcpt%&s option in the &(smtp)& transport allows, in which case +they are split into groups containing no more than &%max_rcpt%&s addresses each. If &%remote_max_parallel%& is greater than one, such groups may be sent in parallel sessions. The order of hosts with identical MX values is not significant when checking whether addresses can be batched in this way. @@ -34392,39 +34427,48 @@ runtime of the ACL. Calling the ACL only for existing signatures is not sufficient to build more advanced policies. For that reason, the global option &%dkim_verify_signers%&, and a global expansion variable -&%$dkim_signing_domains%& exist. +&%$dkim_signers%& exist. The global option &%dkim_verify_signers%& can be set to a colon-separated list of DKIM domains or identities for which the ACL &%acl_smtp_dkim%& is called. It is expanded when the message has been received. At this point, -the expansion variable &%$dkim_signing_domains%& already contains a colon- -separated list of signer domains for the message. When &%dkim_verify_signers%& -is not specified in the main configuration, it defaults as: +the expansion variable &%$dkim_signers%& already contains a colon- +separated list of signer domains and identities for the message. When +&%dkim_verify_signers%& is not specified in the main configuration, +it defaults as: .code -dkim_verify_signers = $dkim_signing_domains +dkim_verify_signers = $dkim_signers .endd This leads to the default behaviour of calling &%acl_smtp_dkim%& for each DKIM signature in the message. Current DKIM verifiers may want to explicitly call the ACL for known domains or identities. This would be achieved as follows: .code -dkim_verify_signers = paypal.com:ebay.com:$dkim_signing_domains +dkim_verify_signers = paypal.com:ebay.com:$dkim_signers .endd This would result in &%acl_smtp_dkim%& always being called for "paypal.com" -and "ebay.com", plus all domains that have signatures in the message. You can -also be more creative in constructing your policy. Example: +and "ebay.com", plus all domains and identities that have signatures in the message. +You can also be more creative in constructing your policy. Example: .code -dkim_verify_signers = $sender_address_domain:$dkim_signing_domains +dkim_verify_signers = $sender_address_domain:$dkim_signers .endd +If a domain or identity is listed several times in the (expanded) value of +&%dkim_verify_signers%&, the ACL is only called once for that domain or identity. + + Inside the &%acl_smtp_dkim%&, the following expansion variables are available (from most to least important): .vlist +.vitem &%$dkim_cur_signer%& +The signer that is being evaluated in this ACL run. This can be domain or +an identity. This is one of the list items from the expanded main option +&%dkim_verify_signers%& (see above). .vitem &%$dkim_verify_status%& A string describing the general status of the signature. One of .ilist &%none%&: There is no signature in the message for the current domain or -identity. +identity (as reflected by &%$dkim_cur_signer%&). .next &%invalid%&: The signature could not be verified due to a processing error. More detail is available in &%$dkim_verify_reason%&. @@ -34455,14 +34499,12 @@ DKIM verification. It may of course also mean that the signature is forged. .endlist .vitem &%$dkim_domain%& The signing domain. IMPORTANT: This variable is only populated if there is -ab actual signature in the message. It does NOT neccessarily carry the -domain that is currently being evaluated. Please use the &%dkim_signers%& ACL -condition for that. +an actual signature in the message for the current domain or identity (as +reflected by &%$dkim_cur_signer%&). .vitem &%$dkim_identity%& -The signing identity. IMPORTANT: This variable is only populated if there is -ab actual signature in the message. It does NOT neccessarily carry the -identity that is currently being evaluated. Please use the &%dkim_signers%& ACL -condition for that. +The signing identity, if present. IMPORTANT: This variable is only populated +if there is an actual signature in the message for the current domain or +identity (as reflected by &%$dkim_cur_signer%&). .vitem &%$dkim_selector%& The key record selector string .vitem &%$dkim_algo%& @@ -34507,8 +34549,9 @@ In addition, two ACL conditions are provided: .vlist .vitem &%dkim_signers%& ACL condition that checks a colon-separated list of domains or identities -for a match against the domain or identity that the ACL is currently verifying. -This is typically used to restrict an ACL verb to a group of domains or identities, like: +for a match against the domain or identity that the ACL is currently verifying +(reflected by &%$dkim_cur_signer%&). This is typically used to restrict an ACL +verb to a group of domains or identities, like: .code # Warn when message apparently from GMail has no signature at all @@ -34535,7 +34578,6 @@ see the documentation of the &%$dkim_verify_status%& expansion variable above for more information of what they mean. .endlist - . //////////////////////////////////////////////////////////////////////////// . ////////////////////////////////////////////////////////////////////////////