X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/d7148a072a5fee80ffa8d1aeebf9bc05d0e903b4..b5a70bdfa38bcc3e1143f8fe6f63e7613f03e690:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 0cdc98657..579c112c9 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -8758,6 +8758,23 @@ string easier to understand. This item inserts &"basic"& header lines. It is described with the &%header%& expansion item below. + +.vitem "&*${acl{*&<&'name'&>&*}{*&<&'arg'&>&*}...}*&" +.cindex "expansion" "calling an acl" +.cindex "&%acl%&" "call from expansion" +The name and zero to nine argument strings are first expanded separately. The expanded +arguments are assigned to the variables &$acl_arg1$& to &$acl_arg9$& in order. +Any unused are made empty. The variable &$acl_narg$& is set to the number of +arguments. The named ACL (see chapter &<>&) is called +and may use the variables; if another acl expansion is used the values +are overwritten. If the ACL sets +a value using a "message =" modifier and returns accept or deny, the value becomes +the result of the expansion. +If no message was set and the ACL returned accept or deny +the value is an empty string. +If the ACL returned defer the result is a forced-fail. Otherwise the expansion fails. + + .vitem "&*${dlfunc{*&<&'file'&>&*}{*&<&'function'&>&*}{*&<&'arg'&>&*}&&& {*&<&'arg'&>&*}...}*&" .cindex &%dlfunc%& @@ -9567,6 +9584,7 @@ environments where Exim uses base 36 instead of base 62 for its message identifiers, base-36 digits. The number is converted to decimal and output as a string. + .vitem &*${domain:*&<&'string'&>&*}*& .cindex "domain" "extraction" .cindex "expansion" "domain extraction" @@ -9726,6 +9744,25 @@ See the description of the general &%length%& item above for details. Note that when &%length%& is used as an operator. +.vitem &*${listcount:*&<&'string'&>&*}*& +.cindex "expansion" "list item count" +.cindex "list" "item count" +.cindex "list" "count of items" +.cindex "&%listcount%& expansion item" +The string is interpreted as a list and the number of items is returned. + + +.vitem &*${listnamed:*&<&'name'&>&*}*&&~and&~&*${list_*&<&'type'&>&*name'&>&*}*& +.cindex "expansion" "named list" +.cindex "&%listnamed%& expansion item" +The name is interpreted as a named list and the content of the list is returned, +expanding any referenced lists, re-quoting as needed for colon-separation. +If the optional type if given it must be one of "a", "d", "h" or "l" +and selects address-, domain-, host- or localpart- lists to search among respectively. +Otherwise all types are searched in an undefined order and the first +matching list is returned. + + .vitem &*${local_part:*&<&'string'&>&*}*& .cindex "expansion" "local part extraction" .cindex "&%local_part%& expansion item" @@ -10023,6 +10060,21 @@ In all cases, a relative comparator OP is testing if <&'string1'&> OP 10M, not if 10M is larger than &$message_size$&. +.vitem &*acl&~{{*&<&'name'&>&*}{*&<&'arg1'&>&*}&&& + {*&<&'arg2'&>&*}...}*& +.cindex "expansion" "calling an acl" +.cindex "&%acl%&" "expansion condition" +The name and zero to nine argument strings are first expanded separately. The expanded +arguments are assigned to the variables &$acl_arg1$& to &$acl_arg9$& in order. +Any unused are made empty. The variable &$acl_narg$& is set to the number of +arguments. The named ACL (see chapter &<>&) is called +and may use the variables; if another acl expansion is used the values +are overwritten. If the ACL sets +a value using a "message =" modifier the variable $value becomes +the result of the expansion, otherwise it is empty. +If the ACL returns accept the condition is true; if deny, false. +If the ACL returns defer the result is a forced-fail. + .vitem &*bool&~{*&<&'string'&>&*}*& .cindex "expansion" "boolean parsing" .cindex "&%bool%& expansion condition" @@ -12805,6 +12857,9 @@ listed in more than one group. .section "TLS" "SECID108" .table2 .row &%gnutls_compat_mode%& "use GnuTLS compatibility mode" +.new +.row &%gnutls_enable_pkcs11%& "allow GnuTLS to autoload PKCS11 modules" +.wen .row &%openssl_options%& "adjust OpenSSL compatibility options" .row &%tls_advertise_hosts%& "advertise TLS to these hosts" .row &%tls_certificate%& "location of server certificate" @@ -13833,6 +13888,19 @@ This option controls whether GnuTLS is used in compatibility mode in an Exim server. This reduces security slightly, but improves interworking with older implementations of TLS. + +.new +option gnutls_enable_pkcs11 main boolean unset +This option will let GnuTLS (2.12.0 or later) autoload PKCS11 modules with +the p11-kit configuration files in &_/etc/pkcs11/modules/_&. + +See +&url(http://www.gnu.org/software/gnutls/manual/gnutls.html#Smart-cards-and-HSMs) +for documentation. +.wen + + + .option headers_charset main string "see below" This option sets a default character set for translating from encoded MIME &"words"& in header lines, when referenced by an &$h_xxx$& expansion item. The @@ -16265,7 +16333,7 @@ router is skipped, and the address is offered to the next one. If the result is any other value, the router is run (as this is the last precondition to be evaluated, all the other preconditions must be true). -This option is unique in that multiple &%condition%& options may be present. +This option is unusual in that multiple &%condition%& options may be present. All &%condition%& options must succeed. The &%condition%& option provides a means of applying custom conditions to the @@ -16464,6 +16532,9 @@ The &%headers_add%& option is expanded after &%errors_to%&, but before the expansion is forced to fail, the option has no effect. Other expansion failures are treated as configuration errors. +Unlike most options, &%headers_add%& can be specified multiple times +for a router; all listed headers are added. + &*Warning 1*&: The &%headers_add%& option cannot be used for a &(redirect)& router that has the &%one_time%& option set. @@ -16497,6 +16568,9 @@ The &%headers_remove%& option is expanded after &%errors_to%& and the option has no effect. Other expansion failures are treated as configuration errors. +Unlike most options, &%headers_remove%& can be specified multiple times +for a router; all listed headers are removed. + &*Warning 1*&: The &%headers_remove%& option cannot be used for a &(redirect)& router that has the &%one_time%& option set. @@ -19500,6 +19574,9 @@ routers. If the result of the expansion is an empty string, or if the expansion is forced to fail, no action is taken. Other expansion failures are treated as errors and cause the delivery to be deferred. +Unlike most options, &%headers_add%& can be specified multiple times +for a transport; all listed headers are added. + .option headers_only transports boolean false @@ -19522,6 +19599,9 @@ routers. If the result of the expansion is an empty string, or if the expansion is forced to fail, no action is taken. Other expansion failures are treated as errors and cause the delivery to be deferred. +Unlike most options, &%headers_remove%& can be specified multiple times +for a router; all listed headers are added. + .option headers_rewrite transports string unset @@ -27265,6 +27345,7 @@ The conditions are as follows: .vitem &*acl&~=&~*&<&'name&~of&~acl&~or&~ACL&~string&~or&~file&~name&~'&> .cindex "&ACL;" "nested" .cindex "&ACL;" "indirect" +.cindex "&ACL;" "arguments" .cindex "&%acl%& ACL condition" The possible values of the argument are the same as for the &%acl_smtp_%&&'xxx'& options. The named or inline ACL is run. If it returns @@ -27274,6 +27355,10 @@ condition is on a &%warn%& verb. In that case, a &"defer"& return makes the condition false. This means that further processing of the &%warn%& verb ceases, but processing of the ACL continues. +If the argument is a named ACL, up to nine space-separated optional values +can be appended; they appear in $acl_arg1 to $acl_arg9, and $acl_narg is set +to the count of values. The name and values are expanded separately. + If the nested &%acl%& returns &"drop"& and the outer condition denies access, the connection is dropped. If it returns &"discard"&, the verb must be &%accept%& or &%discard%&, and the action is taken immediately &-- no further @@ -31408,6 +31493,10 @@ headers_add = X-added-header: added by $primary_hostname\n\ .endd Exim does not check the syntax of these added header lines. +Multiple &%headers_add%& options for a single router or transport can be +specified; the values will be concatenated (with a separating newline +added) before expansion. + The result of expanding &%headers_remove%& must consist of a colon-separated list of header names. This is confusing, because header names themselves are often terminated by colons. In this case, the colons are the list separators, @@ -31415,6 +31504,11 @@ not part of the names. For example: .code headers_remove = return-receipt-to:acknowledge-to .endd + +Multiple &%headers_remove%& options for a single router or transport can be +specified; the values will be concatenated (with a separating colon +added) before expansion. + When &%headers_add%& or &%headers_remove%& is specified on a router, its value is expanded at routing time, and then associated with all addresses that are accepted by that router, and also with any new addresses that it generates. If @@ -33597,7 +33691,7 @@ selection marked by asterisks: &`*sender_verify_fail `& sender verification failures &`*size_reject `& rejection because too big &`*skip_delivery `& delivery skipped in a queue run -&` smtp_confirmation `& SMTP confirmation on => lines +&`*smtp_confirmation `& SMTP confirmation on => lines &` smtp_connection `& SMTP connections &` smtp_incomplete_transaction`& incomplete SMTP transactions &` smtp_no_mail `& session with no MAIL commands