X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/a3c8643131ef2a3f8100de7027be6bdf4e2ef3af..67d81c1:/doc/doc-txt/experimental-spec.txt diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 92790ae33..2395267e8 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -452,12 +452,14 @@ which the spf condition should succeed. Valid strings are: This means the queried domain has published a SPF record, but wants to allow outside servers to send mail under its domain as well. - o err_perm This indicates a syntax error in the SPF - record of the queried domain. This should be - treated like "none". - o err_temp This indicates a temporary error during all + This should be treated like "none". + o permerror This indicates a syntax error in the SPF + record of the queried domain. You may deny + messages when this occurs. (Changed in 4.83) + o temperror This indicates a temporary error during all processing, including Exim's SPF processing. You may defer messages when this occurs. + (Changed in 4.83) You can prefix each string with an exclamation mark to invert is meaning, for example "!fail" will match all results but @@ -510,8 +512,8 @@ variables. $spf_result This contains the outcome of the SPF check in string form, - one of pass, fail, softfail, none, neutral, err_perm or - err_temp. + one of pass, fail, softfail, none, neutral, permerror or + temperror. $spf_smtp_comment This contains a string that can be used in a SMTP response @@ -1066,28 +1068,28 @@ Proxy Protocol server at 192.168.1.2 will look like this: 3. In the ACL's the following expansion variables are available. -proxy_host The src IP of the proxy server making the connection -proxy_port The src port the proxy server is using -proxy_session Boolean, yes/no, the connected host is required to use - Proxy Protocol. +proxy_host_address The src IP of the proxy server making the connection +proxy_host_port The src port the proxy server is using +proxy_session Boolean, yes/no, the connected host is required to use + Proxy Protocol. There is no expansion for a failed proxy session, however you can detect it by checking if $proxy_session is true but $proxy_host is empty. As an example, in my connect ACL, I have: warn condition = ${if and{ {bool{$proxy_session}} \ - {eq{$proxy_host}{}} } } + {eq{$proxy_host_address}{}} } } log_message = Failed required proxy protocol negotiation \ from $sender_host_name [$sender_host_address] warn condition = ${if and{ {bool{$proxy_session}} \ - {!eq{$proxy_host}{}} } } + {!eq{$proxy_host_address}{}} } } # But don't log health probes from the proxy itself - condition = ${if eq{$proxy_host}{$sender_host_address} \ + condition = ${if eq{$proxy_host_address}{$sender_host_address} \ {false}{true}} log_message = Successfully proxied from $sender_host_name \ [$sender_host_address] through proxy protocol \ - host $proxy_host + host $proxy_host_address 4. Runtime issues to be aware of: - Since the real connections are all coming from your proxy, and the