X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/5f30be9dabe065123b15f8694227c069132bba65..35110e7035925a8f2bb93c64151da7e0afaf85cf:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 400d8739d..fa73e5081 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -48,7 +48,7 @@ . ///////////////////////////////////////////////////////////////////////////// .set previousversion "4.72" -.set version "4.73" +.set version "4.74" .set ACL "access control lists (ACLs)" .set I "    " @@ -1544,7 +1544,6 @@ If a host is unreachable for a period of time, a number of messages may be waiting for it by the time it recovers, and sending them in a single SMTP connection is clearly beneficial. Whenever a delivery to a remote host is deferred, - .cindex "hints database" Exim makes a note in its hints database, and whenever a successful SMTP delivery has happened, it looks to see if any other messages are waiting @@ -1947,6 +1946,36 @@ support has not been tested for some time. +.section "Dynamically loaded lookup module support" "SECTdynamicmodules" +.cindex "lookup modules" +.cindex "dynamic modules" +.cindex ".so building" +On some platforms, Exim supports not compiling all lookup types directly into +the main binary, instead putting some into external modules which can be loaded +on demand. +This permits packagers to build Exim with support for lookups with extensive +library dependencies without requiring all users to install all of those +dependencies. +Most, but not all, lookup types can be built this way. + +Set &`LOOKUP_MODULE_DIR`& to the directory into which the modules will be +installed; Exim will only load modules from that directory, as a security +measure. You will need to set &`CFLAGS_DYNAMIC`& if not already defined +for your OS; see &_OS/Makefile-Linux_& for an example. +Some other requirements for adjusting &`EXTRALIBS`& may also be necessary, +see &_src/EDITME_& for details. + +Then, for each module to be loaded dynamically, define the relevant +&`LOOKUP_`&<&'lookup_type'&> flags to have the value "2" instead of "yes". +For example, this will build in lsearch but load sqlite and mysql support +on demand: +.code +LOOKUP_LSEARCH=yes +LOOKUP_SQLITE=2 +LOOKUP_MYSQL=2 +.endd + + .section "The building process" "SECID29" .cindex "build directory" Once &_Local/Makefile_& (and &_Local/eximon.conf_&, if required) have been @@ -3255,7 +3284,7 @@ doing such tests. .cindex "version number of Exim" This option causes Exim to write the current version number, compilation number, and compilation date of the &'exim'& binary to the standard output. -It also lists the DBM library this is being used, the optional modules (such as +It also lists the DBM library that is being used, the optional modules (such as specific lookup types), the drivers that are included in the binary, and the name of the run time configuration file that is in use. @@ -15402,6 +15431,13 @@ are using OpenSSL, you can set &%tls_verify_certificates%& to the name of a directory containing certificate files. This does not work with GnuTLS; the option must be set to the name of a single file if you are using GnuTLS. +These certificates should be for the certificate authorities trusted, rather +than the public cert of individual clients. With both OpenSSL and GnuTLS, if +the value is a file then the certificates are sent by Exim as a server to +connecting clients, defining the list of accepted certificate authorities. +Thus the values defined should be considered public data. To avoid this, +use OpenSSL with a directory. + .option tls_verify_hosts main "host list&!!" unset .cindex "TLS" "client certificate verification" @@ -23753,7 +23789,7 @@ login: driver = plaintext public_name = LOGIN server_prompts = Username:: : Password:: - server_condition = ${if and{{ + server_condition = ${if and{{ \ !eq{}{$auth1} }{ \ ldapauth{user="cn=${quote_ldap_dn:$auth1},ou=people,o=example.org" \ pass=${quote:$auth2} \ @@ -24967,6 +25003,19 @@ and try again later, but that is their problem, though it does waste some of your resources. +.new +.section "The SMTP DKIM ACL" "SECTDKIMACL" +The &%acl_smtp_dkim%& ACL is available only when Exim is compiled with DKIM support +enabled (which is the default). + +The ACL test specified by &%acl_smtp_dkim%& happens after a message has been +received, and is executed for each DKIM signature found in a message. If not +otherwise specified, the default action is to accept. + +For details on the operation of DKIM, see chapter &<>&. +.wen + + .section "The SMTP MIME ACL" "SECID194" The &%acl_smtp_mime%& option is available only when Exim is compiled with the content-scanning extension. For details, see chapter &<>&. @@ -31006,8 +31055,8 @@ rejected (there seems little point) but instead just get qualified. HELO and EHLO act as RSET; VRFY, EXPN, ETRN and HELP, act as NOOP; QUIT quits. -No policy checking is done for BSMTP input. That is, no ACL is run at anytime. -In this respect it is like non-SMTP local input. +Minimal policy checking is done for BSMTP input. Only the non-SMTP +ACL is run in the same way as for non-SMTP local input. If an error is detected while reading a message, including a missing &"."& at the end, Exim gives up immediately. It writes details of the error to the @@ -34196,6 +34245,13 @@ arbitrary program's being run as exim, not as root. +.section "Dynamic module directory" "SECTdynmoddir" +Any dynamically loadable modules must be installed into the directory +defined in &`LOOKUP_MODULE_DIR`& in &_Local/Makefile_& for Exim to permit +loading it. + + + .section "Use of sprintf()" "SECID279" .cindex "&[sprintf()]&" A large number of occurrences of &"sprintf"& in the code are actually calls to