X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/9f35c169ea5438eaa6331a6d51974de1c4f4fdb0..86d5230bb79219ec69786ff5b9add4306d31e986:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 18d67fe20..673cdf250 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -9677,7 +9677,8 @@ ${readsocket{inet:[::1]:1234}{request string}} Only a single host name may be given, but if looking it up yields more than one IP address, they are each tried in turn until a connection is made. For both kinds of socket, Exim makes a connection, writes the request string -(unless it is an empty string) and reads from the socket until an end-of-file +unless it is an empty string; and no terminating NUL is ever sent) +and reads from the socket until an end-of-file is read. A timeout of 5 seconds is applied. Additional, optional arguments extend what can be done. Firstly, you can vary the timeout. For example: .code @@ -23417,6 +23418,15 @@ the message. As a result, the overall timeout for a message depends on the size of the message. Its value must not be zero. See also &%final_timeout%&. +.option dkim_domain smtp string&!! unset +.option dkim_selector smtp string&!! unset +.option dkim_private_key smtp string&!! unset +.option dkim_canon smtp string&!! unset +.option dkim_strict smtp string&!! unset +.option dkim_sign_headers smtp string&!! unset +DKIM signing options. For details see &<>&. + + .option delay_after_cutoff smtp boolean true This option controls what happens when all remote IP addresses for a given domain have been inaccessible for so long that they have passed their retry @@ -24059,7 +24069,7 @@ and certificate verification fails the TLS connection is closed. .option tls_verify_hosts smtp "host list&!!" unset .cindex "TLS" "server certificate verification" .cindex "certificate" "verification of server" -This option gives a list of hosts for which. on encrypted connections, +This option gives a list of hosts for which, on encrypted connections, certificate verification must succeed. The &%tls_verify_certificates%& option must also be set. If both this option and &%tls_try_verify_hosts%& are unset @@ -27450,9 +27460,6 @@ a realistic ACL for checking RCPT commands. This is discussed in chapter .section "Testing ACLs" "SECID188" The &%-bh%& command line option provides a way of testing your ACL configuration locally by running a fake SMTP session with which you interact. -The host &'relay-test.mail-abuse.org'& provides a service for checking your -relaying configuration (see section &<>& for more details). - .section "Specifying when ACLs are used" "SECID189" @@ -28607,6 +28614,14 @@ Note also that headers cannot be modified by any of the post-data ACLs (DATA, MIME and DKIM). Headers may be modified by routers (subject to the above) and transports. +.new +All the usual ACLs are called; if one results in the message being +rejected, all effort spent in delivery (including the costs on +the ultimate destination) will be wasted. +Note that in the case of data-time ACLs this includes the entire +message body. +.wen + Cutthrough delivery is not supported via transport-filters or when DKIM signing of outgoing messages is done, because it sends data to the ultimate destination before the entire message has been received from the source. @@ -30895,14 +30910,6 @@ in chapter &<>&. You can check the relay characteristics of your configuration in the same way that you can test any ACL behaviour for an incoming SMTP connection, by using the &%-bh%& option to run a fake SMTP session with which you interact. - -For specifically testing for unwanted relaying, the host -&'relay-test.mail-abuse.org'& provides a useful service. If you telnet to this -host from the host on which Exim is running, using the normal telnet port, you -will see a normal telnet connection message and then quite a long delay. Be -patient. The remote host is making an SMTP connection back to your host, and -trying a number of common probes to test for open relay vulnerability. The -results of the tests will eventually appear on your terminal. .ecindex IIDacl @@ -35574,7 +35581,7 @@ the following table: &` `& on &"Completed"& lines: time spent on queue &`R `& on &`<=`& lines: reference for local bounce &` `& on &`=>`& &`**`& and &`==`& lines: router name -&`S `& size of message +&`S `& size of message in bytes &`SNI `& server name indication from TLS client hello &`ST `& shadow transport name &`T `& on &`<=`& lines: message subject (topic) @@ -38005,7 +38012,7 @@ where you accept mail from relay sources (internal hosts or authenticated senders). -.section "Signing outgoing messages" "SECID513" +.section "Signing outgoing messages" "SECDKIMSIGN" .cindex "DKIM" "signing" Signing is implemented by setting private options on the SMTP transport.