-. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.40 2008/04/13 11:45:09 tom Exp $
+. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.43 2008/05/14 09:16:38 fanf2 Exp $
.
. /////////////////////////////////////////////////////////////////////////////
. This is the primary source of the Exim Manual. It is an xfpt document that is
are all run in parallel, like a shell pipeline.
The filter can perform any transformations it likes, but of course should take
-care not to break RFC 2822 syntax. A demonstration Perl script is provided in
-&_util/transport-filter.pl_&; this makes a few arbitrary modifications just to
-show the possibilities. Exim does not check the result, except to test for a
-final newline when SMTP is in use. All messages transmitted over SMTP must end
-with a newline, so Exim supplies one if it is missing.
+care not to break RFC 2822 syntax. Exim does not check the result, except to
+test for a final newline when SMTP is in use. All messages transmitted over
+SMTP must end with a newline, so Exim supplies one if it is missing.
.cindex "content scanning" "per user"
A transport filter can be used to provide content-scanning on a per-user basis
to compute. It is unreasonable to re-compute them for every TLS session.
Therefore, Exim keeps this data in a file in its spool directory, called
&_gnutls-params_&. The file is owned by the Exim user and is readable only by
-its owner. Every Exim process that start up GnuTLS reads the RSA and D-H
+its owner. Every Exim process that start up GnuTLS reads the D-H
parameters from this file. If the file does not exist, the first Exim process
that needs it computes the data and writes it to a temporary file which is
renamed once it is complete. It does not matter if several Exim processes do
timeout checks succeed. The &$prvscheck_result$& variable contains the result
of the checks (empty for failure, &"1"& for success).
-There are two more issues you must consider when implementing prvs-signing.
-Firstly, you need to ensure that prvs-signed addresses are not blocked by your
-ACLs. A prvs-signed address contains a slash character, but the default Exim
-configuration contains this statement in the RCPT ACL:
-.code
-deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
-.endd
-This is a conservative rule that blocks local parts that contain slashes. You
-should remove the slash in the last line.
-
-Secondly, you have to ensure that the routers accept prvs-signed addresses and
+There is one more issue you must consider when implementing prvs-signing:
+you have to ensure that the routers accept prvs-signed addresses and
deliver them correctly. The easiest way to handle this is to use a &(redirect)&
router to remove the signature with a configuration along these lines:
.code
git://git.exim.org / users / jgh / exim.git / blobdiff