X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/99ea5f6faeaf714e34bbcd75fdc50cc94dc7a1c8..a151887254d10c7ae64030a410b39f069d02ca79:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 0ffc88c58..4a22b2e5f 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6692,11 +6692,11 @@ causes a second lookup to occur. The lookup type may optionally be followed by a comma and a comma-separated list of options. Each option is a &"name=value"& pair. -Whether an option is meaningful depands on the lookup type. +Whether an option is meaningful depends on the lookup type. All lookups support the option &"cache=no_rd"&. If this is given then the cache that Exim manages for lookup results -is not checked before diong the lookup. +is not checked before doing the lookup. The result of the lookup is still written to the cache. .wen @@ -9451,6 +9451,9 @@ become case-sensitive after &"+caseful"& has been seen. .section "Local part lists" "SECTlocparlis" .cindex "list" "local part list" .cindex "local part" "list" +These behave in the same way as domain and host lists, with the following +changes: + Case-sensitivity in local part lists is handled in the same way as for address lists, as just described. The &"+caseful"& item can be used if required. In a setting of the &%local_parts%& option in a router with &%caseful_local_part%& @@ -11656,6 +11659,11 @@ condition is true if the named file (or directory) exists. The existence test is done by calling the &[stat()]& function. The use of the &%exists%& test in users' filter files may be locked out by the system administrator. +.new +&*Note:*& Testing a path using this condition is not a sufficient way of +de-tainting it. +.wen + .vitem &*first_delivery*& .cindex "delivery" "first" .cindex "first delivery" @@ -22859,6 +22867,11 @@ If &%file%& or &%directory%& is set for a delivery from a redirection, it is used to determine the file or directory name for the delivery. Normally, the contents of &$address_file$& are used in some way in the string expansion. .endlist +If the &%create_file%& option is set to a path which +matches (see the option definition below for details) +a file or directory name +for the delivery, that name becomes de-tainted. + .cindex "tainted data" "in filenames" .cindex appendfile "tainted data" Tainted data may not be used for a file or directory name. @@ -23006,14 +23019,30 @@ directories defined by the &%directory%& option. In the case of maildir delivery, it applies to the top level directory, not the maildir directories beneath. +.new The option must be set to one of the words &"anywhere"&, &"inhome"&, or -&"belowhome"&. In the second and third cases, a home directory must have been +&"belowhome"&, or to an absolute path. +.wen + +In the second and third cases, a home directory must have been set for the transport. This option is not useful when an explicit filename is given for normal mailbox deliveries. It is intended for the case when filenames are generated from users' &_.forward_& files. These are usually handled by an &(appendfile)& transport called &%address_file%&. See also &%file_must_exist%&. +.new +In the fourth case, +the value given for this option must be an absolute path for an +existing directory. +The expansion of either the &%directory%& or &%file%& +option is checked for being a strict (possibly potential) descendant, +in the filesystem, of the value given. +.cindex "tainted data" "de-tainting" +If the check passes then the path checked becomes de-tainted. +If the check fails then the transport returns failure. +.wen + .option directory appendfile string&!! unset This option is mutually exclusive with the &%file%& option, but one of &%file%& @@ -23026,6 +23055,11 @@ appended to a single mailbox file. A number of different formats are provided (see &%maildir_format%& and &%mailstore_format%&), and see section &<>& for further details of this form of delivery. +.new +The result of expansion must not be tainted, unless the &%create_file%& option +specifies a path. +.wen + .option directory_file appendfile string&!! "see below" .cindex "base62" @@ -23058,6 +23092,11 @@ specifies a single file, to which the message is appended. One or more of &%use_fcntl_lock%&, &%use_flock_lock%&, or &%use_lockfile%& must be set with &%file%&. +.new +The result of expansion must not be tainted, unless the &%create_file%& option +specifies a path. +.wen + .cindex "NFS" "lock file" .cindex "locking files" .cindex "lock files" @@ -41605,7 +41644,7 @@ mean, refer to the DMARC website above. Valid strings are: &'reject '& The DMARC check failed and the library recommends rejecting the email. &'quarantine '& The DMARC check failed and the library recommends keeping it for further inspection. &'none '& The DMARC check passed and the library recommends no specific action, neutral. -&'norecord '& No policy section in the DMARC record for this sender domain. +&'norecord '& No policy section in the DMARC record for this RFC5322.From field &'nofrom '& Unable to determine the domain of the sender. &'temperror '& Library error or dns error. &'off '& The DMARC check was disabled for this email.