lookup. Lookups of this type are conditional expansion items. Different results
can be defined for the cases of lookup success and failure. See chapter
&<<CHAPexpand>>&, where string expansions are described in detail.
-The key for the lookup is specified as part of the string expansion.
+The key for the lookup is &*specified*& as part of the string expansion.
.next
Lists of domains, hosts, and email addresses can contain lookup requests as a
way of avoiding excessively long linear lists. In this case, the data that is
returned by the lookup is often (but not always) discarded; whether the lookup
succeeds or fails is what really counts. These kinds of list are described in
chapter &<<CHAPdomhosaddlists>>&.
-The key for the lookup is given by the context in which the list is expanded.
+The key for the lookup is &*implicit*&,
+given by the context in which the list is expanded.
.endlist
String expansions, lists, and lookups interact with each other in such a way
In the second example, the lookup is a single item in a domain list. It causes
Exim to use a lookup to see if the domain that is being processed can be found
-in the file. The file could contains lines like this:
+in the file.
+The file could contains lines like this:
.code
domain1:
domain2:
.cindex "sqlite lookup type"
.cindex "lookup" "sqlite"
&(sqlite)&: The format of the query is
-new
-an optional filename
-followed by an SQL statement
-that is passed to an SQLite database. See section &<<SECTsqlite>>&.
+an SQL statement that is passed to an SQLite database. See section &<<SECTsqlite>>&.
.next
&(testdb)&: This is a lookup type that is used for testing Exim. It is
addition to the SQL query. An SQLite database is a single file, and there is no
daemon as in the other SQL databases.
+.new
.oindex &%sqlite_dbfile%&
-The preferred way of specifying the file is by using the
-&%sqlite_dbfile%& option, set to
-an absolute path.
+There are two ways of
+specifying the file.
+The first is is by using the &%sqlite_dbfile%& main option.
+The second, which allows separate files for each query,
+is to use an option appended, comma-separated, to the &"sqlite"&
+lookup type word. The option is the word &"file"&, then an equals,
+then the filename.
+The filename in this case cannot contain whitespace or open-brace charachters.
+.wen
+
A deprecated method is available, prefixing the query with the filename
separated by white space.
-This means that the path name cannot contain white space.
+This means that
.cindex "tainted data" "sqlite file"
-It also means that the query cannot use any tainted values, as that taints
+the query cannot use any tainted values, as that taints
the entire query including the filename - resulting in a refusal to open
the file.
+In all the above cases the filename must be an absolute path.
+
Here is a lookup expansion example:
.code
sqlite_dbfile = /some/thing/sqlitedb
tainted values
.cindex "tainted data" "de-tainting"
come down to using the tainted value as a lookup key in a trusted database.
-This database could be the filestem structure,
+This database could be the filesystem structure,
or the password file,
or accessed via a DBMS.
Specific methods are indexed under &"de-tainting"&.
.wen
-.vitem "&*${lookup{*&<&'key'&>&*}&~*&<&'search&~type'&>&*&~&&&
- {*&<&'file'&>&*}&~{*&<&'string1'&>&*}&~{*&<&'string2'&>&*}}*&"
-This is the first of one of two different types of lookup item, which are both
-described in the next item.
-
-.vitem "&*${lookup&~*&<&'search&~type'&>&*&~{*&<&'query'&>&*}&~&&&
+.vitem "&*${lookup&~{*&<&'key'&>&*}&~*&<&'search&~type'&>&*&~&&&
+ {*&<&'file'&>&*}&~{*&<&'string1'&>&*}&~{*&<&'string2'&>&*}}*&" &&&
+ "&*${lookup&~*&<&'search&~type'&>&*&~{*&<&'query'&>&*}&~&&&
{*&<&'string1'&>&*}&~{*&<&'string2'&>&*}}*&"
.cindex "expansion" "lookup in"
.cindex "file" "lookups"
.cindex "tainted data"
If the origin of the data is an incoming message,
the result of expanding this variable is tainted.
-When un untainted version is needed, one should be obtained from
+When in untainted version is needed, one should be obtained from
looking up the value in a local (therefore trusted) database.
Often &$domain_data$& is usable in this role.
or need not succeed respectively.
The &%tls_verify_cert_hostnames%& option lists hosts for which additional
-checks are made: that the host name (the one in the DNS A record)
-is valid for the certificate.
+name checks are made on the server certificate.
+.new
+The match against this list is, as per other Exim usage, the
+IP for the host. That is most closely associated with the
+name on the DNS A (or AAAA) record for the host.
+However, the name that needs to be in the certificate
+is the one at the head of any CNAME chain leading to the A record.
+.wen
The option defaults to always checking.
The &(smtp)& transport has two OCSP-related options: