Fix the variables set by gsasl authenticator

[users/jgh/exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 2946d70131621203ab938248b16f3617b65f034e..42a393558ef404c7b562de64a960be99a36f53f2 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -27363,7 +27363,7 @@ but it is present in many binary distributions.
 .scindex IIDdcotauth1 "&(dovecot)& authenticator"
 .scindex IIDdcotauth2 "authenticators" "&(dovecot)&"
 This authenticator is an interface to the authentication facility of the
-Dovecot POP/IMAP server, which can support a number of authentication methods.
+Dovecot 2 POP/IMAP server, which can support a number of authentication methods.
 Note that Dovecot must be configured to use auth-client not auth-userdb.
 If you are using Dovecot to authenticate POP/IMAP clients, it might be helpful
 to use the same mechanisms for SMTP authentication. This is a server
@@ -27394,6 +27394,29 @@ option is passed in the Dovecot authentication command. If, for a TLS
 connection, a client certificate has been verified, the &"valid-client-cert"&
 option is passed. When authentication succeeds, the identity of the user
 who authenticated is placed in &$auth1$&.
+
+.new
+The Dovecot configuration to match the above wil look
+something like:
+.code
+conf.d/10-master.conf :-
+
+service auth {
+...
+#SASL
+  unix_listener auth-client {
+    mode = 0660
+    user = mail
+  }
+...
+}
+
+conf.d/10-auth.conf :-
+
+auth_mechanisms = plain login ntlm
+.endd
+.wen
+
 .ecindex IIDdcotauth1
 .ecindex IIDdcotauth2
 
@@ -30374,6 +30397,13 @@ This control turns off DKIM verification processing entirely.  For details on
 the operation and configuration of DKIM, see section &<<SECDKIM>>&.
 
 
+.vitem &*control&~=&~dmarc_disable_verify*&
+.cindex "disable DMARC verify"
+.cindex "DMARC" "disable verify"
+This control turns off DMARC verification processing entirely.  For details on
+the operation and configuration of DMARC, see section &<<SECDMARC>>&.
+
+
 .vitem &*control&~=&~dscp/*&<&'value'&>
 .cindex "&ACL;" "setting DSCP value"
 .cindex "DSCP" "inbound"
@@ -33641,7 +33671,12 @@ directory, so you might set
 HAVE_LOCAL_SCAN=yes
 LOCAL_SCAN_SOURCE=Local/local_scan.c
 .endd
-for example. The function must be called &[local_scan()]&. It is called by
+for example. The function must be called &[local_scan()]&;
+.new
+the source file(s) for it should first #define LOCAL_SCAN
+and then #include "local_scan.h".
+.wen
+It is called by
 Exim after it has received a message, when the success return code is about to
 be sent. This is after all the ACLs have been run. The return code from your
 function controls whether the message is actually accepted or not. There is a
@@ -34320,12 +34355,18 @@ dropping of a TCP/IP connection), you can call &'smtp_fflush()'&, which has no
 arguments. It flushes the output stream, and returns a non-zero value if there
 is an error.
 
-.vitem &*void&~*store_get(int)*&
+.new
+.vitem &*void&~*store_get(int,BOOL)*&
 This function accesses Exim's internal store (memory) manager. It gets a new
-chunk of memory whose size is given by the argument. Exim bombs out if it ever
+chunk of memory whose size is given by the first argument.
+The second argument should be given as TRUE if the memory will be used for
+data possibly coming from an attacker (eg. the message content),
+FALSE if it is locally-sourced.
+Exim bombs out if it ever
 runs out of memory. See the next section for a discussion of memory handling.
+.wen
 
-.vitem &*void&~*store_get_perm(int)*&
+.vitem &*void&~*store_get_perm(int,BOOL)*&
 This function is like &'store_get()'&, but it always gets memory from the
 permanent pool. See the next section for a discussion of memory handling.
 
@@ -40515,7 +40556,10 @@ the most current version can be downloaded
 from a link at &url(https://publicsuffix.org/list/, currently pointing
 at https://publicsuffix.org/list/public_suffix_list.dat)
 See also util/renew-opendmarc-tlds.sh script.
-The default for the option is /etc/exim/opendmarc.tlds.
+.new
+The default for the option is unset.
+If not set, DMARC processing is disabled.
+.wen
 
 
 The &%dmarc_history_file%& option, if set
@@ -41038,14 +41082,17 @@ Events have names which correspond to the point in process at which they fire.
 The name is placed in the variable &$event_name$& and the event action
 expansion must check this, as it will be called for every possible event type.
 
+.new
 The current list of events is:
+.wen
 .display
 &`dane:fail              after    transport  `& per connection
 &`msg:complete           after    main       `& per message
+&`msg:defer              after    transport  `& per message per delivery try
 &`msg:delivery           after    transport  `& per recipient
 &`msg:rcpt:host:defer    after    transport  `& per recipient per host
 &`msg:rcpt:defer         after    transport  `& per recipient
-&`msg:host:defer         after    transport  `& per attempt
+&`msg:host:defer         after    transport  `& per host per delivery try; host errors
 &`msg:fail:delivery      after    transport  `& per recipient
 &`msg:fail:internal      after    main       `& per recipient
 &`tcp:connect            before   transport  `& per connection
@@ -41071,12 +41118,13 @@ An additional variable, &$event_data$&, is filled with information varying
 with the event type:
 .display
 &`dane:fail            `& failure reason
+&`msg:defer            `& error string
 &`msg:delivery         `& smtp confirmation message
 &`msg:fail:internal    `& failure reason
 &`msg:fail:delivery    `& smtp error message
+&`msg:host:defer       `& error string
 &`msg:rcpt:host:defer  `& error string
 &`msg:rcpt:defer       `& error string
-&`msg:host:defer       `& error string
 &`tls:cert             `& verification chain depth
 &`smtp:connect         `& smtp banner
 &`smtp:ehlo            `& smtp ehlo response