The lookup type may optionally be followed by a comma
and a comma-separated list of options.
Each option is a &"name=value"& pair.
-Whether an option is meaningful depands on the lookup type.
+Whether an option is meaningful depends on the lookup type.
All lookups support the option &"cache=no_rd"&.
If this is given then the cache that Exim manages for lookup results
-is not checked before diong the lookup.
+is not checked before doing the lookup.
The result of the lookup is still written to the cache.
.wen
.section "Local part lists" "SECTlocparlis"
.cindex "list" "local part list"
.cindex "local part" "list"
+These behave in the same way as domain and host lists, with the following
+changes:
+
Case-sensitivity in local part lists is handled in the same way as for address
lists, as just described. The &"+caseful"& item can be used if required. In a
setting of the &%local_parts%& option in a router with &%caseful_local_part%&
is done by calling the &[stat()]& function. The use of the &%exists%& test in
users' filter files may be locked out by the system administrator.
+.new
+&*Note:*& Testing a path using this condition is not a sufficient way of
+de-tainting it.
+.wen
+
.vitem &*first_delivery*&
.cindex "delivery" "first"
.cindex "first delivery"
used to determine the file or directory name for the delivery. Normally, the
contents of &$address_file$& are used in some way in the string expansion.
.endlist
+If the &%create_file%& option is set to a path which
+matches (see the option definition below for details)
+a file or directory name
+for the delivery, that name becomes de-tainted.
+
.cindex "tainted data" "in filenames"
.cindex appendfile "tainted data"
Tainted data may not be used for a file or directory name.
delivery, it applies to the top level directory, not the maildir directories
beneath.
+.new
The option must be set to one of the words &"anywhere"&, &"inhome"&, or
-&"belowhome"&. In the second and third cases, a home directory must have been
+&"belowhome"&, or to an absolute path.
+.wen
+
+In the second and third cases, a home directory must have been
set for the transport. This option is not useful when an explicit filename is
given for normal mailbox deliveries. It is intended for the case when filenames
are generated from users' &_.forward_& files. These are usually handled
by an &(appendfile)& transport called &%address_file%&. See also
&%file_must_exist%&.
+.new
+In the fourth case,
+the value given for this option must be an absolute path for an
+existing directory.
+The expansion of either the &%directory%& or &%file%&
+option is checked for being a strict (possibly potential) descendant,
+in the filesystem, of the value given.
+.cindex "tainted data" "de-tainting"
+If the check passes then the path checked becomes de-tainted.
+If the check fails then the transport returns failure.
+.wen
+
.option directory appendfile string&!! unset
This option is mutually exclusive with the &%file%& option, but one of &%file%&
(see &%maildir_format%& and &%mailstore_format%&), and see section
&<<SECTopdir>>& for further details of this form of delivery.
+.new
+The result of expansion must not be tainted, unless the &%create_file%& option
+specifies a path.
+.wen
+
.option directory_file appendfile string&!! "see below"
.cindex "base62"
&%use_fcntl_lock%&, &%use_flock_lock%&, or &%use_lockfile%& must be set with
&%file%&.
+.new
+The result of expansion must not be tainted, unless the &%create_file%& option
+specifies a path.
+.wen
+
.cindex "NFS" "lock file"
.cindex "locking files"
.cindex "lock files"
&'reject '& The DMARC check failed and the library recommends rejecting the email.
&'quarantine '& The DMARC check failed and the library recommends keeping it for further inspection.
&'none '& The DMARC check passed and the library recommends no specific action, neutral.
-&'norecord '& No policy section in the DMARC record for this sender domain.
+&'norecord '& No policy section in the DMARC record for this RFC5322.From field
&'nofrom '& Unable to determine the domain of the sender.
&'temperror '& Library error or dns error.
&'off '& The DMARC check was disabled for this email.
git://git.exim.org / users / jgh / exim.git / blobdiff