X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/fa7b17bdbc8c055c475a50791627cd75d257f4f3..de2e5b3dc657ad28e291f43b0850ab42e0012313:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index a073730c6..736ac0fe4 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -2528,6 +2528,8 @@ use of Exim's filtering capabilities, you should make the document entitled If you are already running Exim on your host, building and installing a new version automatically makes it available to MUAs, or any other programs that call the MTA directly. However, if you are running an Exim daemon, you do need +.cindex restart "on HUP signal" +.cindex signal "HUP, to restart" to send it a HUP signal, to make it re-execute itself, and thereby pick up the new binary. You do not need to stop processing mail in order to install a new version of Exim. The install script does not modify an existing runtime @@ -2766,9 +2768,12 @@ used to specify a path on the command line if a pid file is required. The SIGHUP signal .cindex "SIGHUP" +.cindex restart "on HUP signal" +.cindex signal "HUP, to restart" .cindex "daemon" "restarting" .cindex signal "to reload configuration" .cindex daemon "reload configuration" +.cindex reload configuration can be used to cause the daemon to re-execute itself. This should be done whenever Exim's configuration file, or any file that is incorporated into it by means of the &%.include%& facility, is changed, and also whenever a new version @@ -9214,7 +9219,13 @@ dependent upon the option for which a value is sought; in this documentation, options for which string expansion is performed are marked with † after the data type. ACL rules always expand strings. A couple of expansion conditions do not expand some of the brace-delimited branches, for security -reasons. +reasons, +.new +.cindex "tainted data" expansion +.cindex expansion "tainted data" +and expansion of data deriving from the sender (&"tainted data"&) +is not permitted. +.wen @@ -19007,14 +19018,19 @@ matters. .new -.option set routers string unset +.option set routers "string list" unset .cindex router variables -This option may be used multiple times on a router. -Each string given must be of the form $"name = value"$ +This option may be used multiple times on a router; +because of this the list aspect is mostly irrelevant. +The list separator is a semicolon but can be changed in the +usual way. + +Each list-element given must be of the form $"name = value"$ and the names used must start with the string &"r_"&. -Strings are accumulated for each router which is run. +Values containing a list-separator should have them doubled. When a router runs, the strings are evaluated in order, -to create variables. +to create variables which are added to the set associated with +the address. The variable is set with the expansion of the value. The variables can be used by the router options (not including any preconditions) @@ -28472,6 +28488,13 @@ transport provide the client with a certificate, which is passed to the server if it requests it. If the server is Exim, it will request a certificate only if &%tls_verify_hosts%& or &%tls_try_verify_hosts%& matches the client. +.new +Do not use a certificate which has the OCSP-must-staple extension, +for client use (they are usable for server use). +As TLS has no means for the client to staple before TLS 1.3 it will result +in failed connections. +.wen + If the &%tls_verify_certificates%& option is set on the &(smtp)& transport, it specifies a collection of expected server certificates. These may be @@ -39526,6 +39549,11 @@ was received from the client, this records the Distinguished Name from that certificate. .endlist +.new +Any of the above may have an extra hyphen prepended, to indicate the the +corresponding data is untrusted. +.wen + Following the options there is a list of those addresses to which the message is not to be delivered. This set of addresses is initialized from the command line when the &%-t%& option is used and &%extract_addresses_remove_arguments%& @@ -40295,7 +40323,11 @@ would relax host matching rules to a broader network range. .cindex SPF "lookup expansion" .cindex lookup spf A lookup expansion is also available. It takes an email -address as the key and an IP address as the database: +address as the key and an IP address +.new +(v4 or v6) +.wen +as the database: .code ${lookup {username@domain} spf {ip.ip.ip.ip}} @@ -40303,7 +40335,6 @@ address as the key and an IP address as the database: The lookup will return the same result strings as can appear in &$spf_result$& (pass,fail,softfail,neutral,none,err_perm,err_temp). -Currently, only IPv4 addresses are supported.