X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/e4413c34ca04474ce76fbbb544788d41d0bdc423..36f7a17f69fe27a4c04a4ff98f80f780007db175:/doc/doc-docbook/spec.xfpt?ds=sidebyside diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index e070616c7..0d6c23907 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -45,14 +45,14 @@ . Update the Copyright year (only) when changing content. . ///////////////////////////////////////////////////////////////////////////// -.set previousversion "4.83" +.set previousversion "4.91" .include ./local_params .set ACL "access control lists (ACLs)" .set I "    " .macro copyyear -2014 +2018 .endmacro . ///////////////////////////////////////////////////////////////////////////// @@ -436,6 +436,7 @@ directory are: .row &_filter.txt_& "specification of the filter language" .row &_Exim3.upgrade_& "upgrade notes from release 2 to release 3" .row &_Exim4.upgrade_& "upgrade notes from release 3 to release 4" +.row &_openssl.txt_& "installing a current OpenSSL release" .endtable The main specification and the specification of the filtering language are also @@ -447,12 +448,9 @@ available in other formats (HTML, PostScript, PDF, and Texinfo). Section .section "FTP and web sites" "SECID2" .cindex "web site" .cindex "FTP site" -The primary site for Exim source distributions is currently the University of -Cambridge's FTP site, whose contents are described in &'Where to find the Exim -distribution'& below. In addition, there is a web site and an FTP site at -&%exim.org%&. These are now also hosted at the University of Cambridge. The -&%exim.org%& site was previously hosted for a number of years by Energis -Squared, formerly Planet Online Ltd, whose support I gratefully acknowledge. +The primary site for Exim source distributions is the &%exim.org%& FTP site, +available over HTTPS, HTTP and FTP. These services, and the &%exim.org%& +website, are hosted at the University of Cambridge. .cindex "wiki" .cindex "FAQ" @@ -461,12 +459,14 @@ differently formatted versions of the documentation. A recent addition to the online information is the Exim wiki (&url(http://wiki.exim.org)), which contains what used to be a separate FAQ, as well as various other examples, tips, and know-how that have been contributed by Exim users. +The wiki site should always redirect to the correct place, which is currently +provided by GitHub, and is open to editing by anyone with a GitHub account. .cindex Bugzilla -An Exim Bugzilla exists at &url(http://bugs.exim.org). You can use +An Exim Bugzilla exists at &url(https://bugs.exim.org). You can use this to report bugs, and also to add items to the wish list. Please search first to check that you are not duplicating a previous entry. - +Please do not ask for configuration help in the bug-tracker. .section "Mailing lists" "SECID3" @@ -492,18 +492,11 @@ via this web page: Please ask Debian-specific questions on this list and not on the general Exim lists. -.section "Exim training" "SECID4" -.cindex "training courses" -Training courses in Cambridge (UK) used to be run annually by the author of -Exim, before he retired. At the time of writing, there are no plans to run -further Exim courses in Cambridge. However, if that changes, relevant -information will be posted at &url(http://www-tus.csx.cam.ac.uk/courses/exim/). - .section "Bug reports" "SECID5" .cindex "bug reports" .cindex "reporting bugs" Reports of obvious bugs can be emailed to &'bugs@exim.org'& or reported -via the Bugzilla (&url(http://bugs.exim.org)). However, if you are unsure +via the Bugzilla (&url(https://bugs.exim.org)). However, if you are unsure whether some behaviour is a bug or not, the best thing to do is to post a message to the &'exim-dev'& mailing list and have it discussed. @@ -511,30 +504,41 @@ message to the &'exim-dev'& mailing list and have it discussed. .section "Where to find the Exim distribution" "SECTavail" .cindex "FTP site" +.cindex "HTTPS download site" .cindex "distribution" "ftp site" -The master ftp site for the Exim distribution is +.cindex "distribution" "https site" +The master distribution site for the Exim distribution is .display -&*ftp://ftp.csx.cam.ac.uk/pub/software/email/exim*& +&*https://downloads.exim.org/*& .endd -This is mirrored by -.display -&*ftp://ftp.exim.org/pub/exim*& -.endd -The file references that follow are relative to the &_exim_& directories at -these sites. There are now quite a number of independent mirror sites around +The service is available over HTTPS, HTTP and FTP. +We encourage people to migrate to HTTPS. + +The content served at &'https://downloads.exim.org/'& is identical to the +content served at &'https://ftp.exim.org/pub/exim'& and +&'ftp://ftp.exim.org/pub/exim'&. + +If accessing via a hostname containing &'ftp'&, then the file references that +follow are relative to the &_exim_& directories at these sites. +If accessing via the hostname &'downloads'& then the subdirectories described +here are top-level directories. + +There are now quite a number of independent mirror sites around the world. Those that I know about are listed in the file called &_Mirrors_&. -Within the &_exim_& directory there are subdirectories called &_exim3_& (for +Within the top exim directory there are subdirectories called &_exim3_& (for previous Exim 3 distributions), &_exim4_& (for the latest Exim 4 distributions), and &_Testing_& for testing versions. In the &_exim4_& subdirectory, the current release can always be found in files called .display +&_exim-n.nn.tar.xz_& &_exim-n.nn.tar.gz_& &_exim-n.nn.tar.bz2_& .endd -where &'n.nn'& is the highest such version number in the directory. The two +where &'n.nn'& is the highest such version number in the directory. The three files contain identical data; the only difference is the type of compression. -The &_.bz2_& file is usually a lot smaller than the &_.gz_& file. +The &_.xz_& file is usually the smallest, while the &_.gz_& file is the +most portable to old systems. .cindex "distribution" "signing details" .cindex "distribution" "public key" @@ -548,17 +552,14 @@ PGP key, a version of which can be found in the release directory in the file &_nigel-pubkey.asc_&. All keys used will be available in public keyserver pools, such as &'pool.sks-keyservers.net'&. -At time of last update, releases were being made by Phil Pennock and signed with -key &'0x403043153903637F'&, although that key is expected to be replaced in 2013. -A trust path from Nigel's key to Phil's can be observed at -&url(https://www.security.spodhuis.org/exim-trustpath). - -Releases have also been authorized to be performed by Todd Lyons who signs with -key &'0xC4F4F94804D29EBA'&. A direct trust path exists between previous RE Phil -Pennock and Todd Lyons through a common associate. +At time of last update, releases were being made by Jeremy Harris and signed +with key &'0xBCE58C8CE41F32DF'&. Other recent keys used for signing are those +of Heiko Schlittermann, &'0x26101B62F69376CE'&, +and of Phil Pennock, &'0x4D1E900E14C1CC04'&. The signatures for the tar bundles are in: .display +&_exim-n.nn.tar.xz.asc_& &_exim-n.nn.tar.gz.asc_& &_exim-n.nn.tar.bz2.asc_& .endd @@ -577,7 +578,7 @@ inside the &_exim4_& directory of the FTP site: &_exim-texinfo-n.nn.tar.gz_& .endd These tar files contain only the &_doc_& directory, not the complete -distribution, and are also available in &_.bz2_& as well as &_.gz_& forms. +distribution, and are also available in &_.bz2_& and &_.xz_& forms. .section "Limitations" "SECID6" @@ -1575,7 +1576,7 @@ If a host is unreachable for a period of time, a number of messages may be waiting for it by the time it recovers, and sending them in a single SMTP connection is clearly beneficial. Whenever a delivery to a remote host is deferred, -.cindex "hints database" +.cindex "hints database" "deferred deliveries" Exim makes a note in its hints database, and whenever a successful SMTP delivery has happened, it looks to see if any other messages are waiting for the same host. If any are found, they are sent over the same SMTP @@ -1677,6 +1678,9 @@ Symbolic links to the sources are installed in this directory, which is where the actual building takes place. In most cases, Exim can discover the machine architecture and operating system for itself, but the defaults can be overridden if necessary. +.cindex compiler requirements +.cindex compiler version +A C99-capable compiler will be required for the build. .section "PCRE library" "SECTpcre" @@ -1860,7 +1864,7 @@ described RFC 2047. This makes it possible to transmit characters that are not in the ASCII character set, and to label them as being in a particular character set. When Exim is inspecting header lines by means of the &%$h_%& mechanism, it decodes them, and translates them into a specified character set -(default ISO-8859-1). The translation is possible only if the operating system +(default is set at build time). The translation is possible only if the operating system supports the &[iconv()]& function. However, some of the operating systems that supply &[iconv()]& do not support @@ -1985,10 +1989,10 @@ Two different types of DNS record for handling IPv6 addresses have been defined. AAAA records (analogous to A records for IPv4) are in use, and are currently seen as the mainstream. Another record type called A6 was proposed as better than AAAA because it had more flexibility. However, it was felt to be -over-complex, and its status was reduced to &"experimental"&. It is not known -if anyone is actually using A6 records. Exim has support for A6 records, but -this is included only if you set &`SUPPORT_A6=YES`& in &_Local/Makefile_&. The -support has not been tested for some time. +over-complex, and its status was reduced to &"experimental"&. +Exim used to +have a compile option for including A6 record support but this has now been +withdrawn. @@ -2032,9 +2036,6 @@ For example, on a Sun system running Solaris 8, the directory .cindex "symbolic link" "to source files" Symbolic links to relevant source files are installed in the build directory. -&*Warning*&: The &%-j%& (parallel) flag must not be used with &'make'&; the -building process fails if it is set. - If this is the first time &'make'& has been run, it calls a script that builds a make file inside the build directory, using the configuration files from the &_Local_& directory. The new make file is then passed to another instance of @@ -2630,6 +2631,8 @@ users to set envelope senders. .cindex "&'From:'& header line" .cindex "&'Sender:'& header line" +.cindex "header lines" "From:" +.cindex "header lines" "Sender:" For a trusted user, there is never any check on the contents of the &'From:'& header line, and a &'Sender:'& line is never added. Furthermore, any existing &'Sender:'& line in incoming local (non-TCP/IP) messages is not removed. @@ -2791,7 +2794,7 @@ continuations. As in Exim's run time configuration, white space at the start of continuation lines is ignored. Each argument or data line is passed through the string expansion mechanism, and the result is output. Variable values from the configuration file (for example, &$qualify_domain$&) are available, but no -message-specific values (such as &$sender_domain$&) are set, because no message +message-specific values (such as &$message_exim_id$&) are set, because no message is being processed (but see &%-bem%& and &%-Mset%&). &*Note*&: If you use this mechanism to test lookups, and you change the data @@ -2799,6 +2802,11 @@ files or databases you are using, you must exit and restart Exim before trying the same lookup again. Otherwise, because each Exim process caches the results of lookups, you will just get the same result as before. +Macro processing is done on lines before string-expansion: new macros can be +defined and macros will be expanded. +Because macros in the config file are often used for secrets, those are only +available to admin users. + .vitem &%-bem%&&~<&'filename'&> .oindex "&%-bem%&" .cindex "testing" "string expansion" @@ -3052,7 +3060,8 @@ trusted user for the sender of a message to be set in this way. .oindex "&%-bmalware%&" .cindex "testing", "malware" .cindex "malware scan test" -This debugging option causes Exim to scan the given file, +This debugging option causes Exim to scan the given file or directory +(depending on the used scanner interface), using the malware scanning framework. The option of &%av_scanner%& influences this option, so if &%av_scanner%&'s value is dependent upon an expansion then the expansion should have defaults which apply to this invocation. ACLs are @@ -3110,8 +3119,12 @@ users, the output is as in this example: .code mysql_servers = .endd -If &%configure_file%& is given as an argument, the name of the run time -configuration file is output. +If &%config%& is given as an argument, the config is +output, as it was parsed, any include file resolved, any comment removed. + +If &%config_file%& is given as an argument, the name of the run time +configuration file is output. (&%configure_file%& works too, for +backward compatibility.) If a list of configuration files was supplied, the value that is output here is the name of the file that was actually used. @@ -3150,11 +3163,18 @@ using one of the words &%router_list%&, &%transport_list%&, or settings can be obtained by using &%routers%&, &%transports%&, or &%authenticators%&. +.cindex "environment" +If &%environment%& is given as an argument, the set of environment +variables is output, line by line. Using the &%-n%& flag suppresses the value of the +variables. + .cindex "options" "macro &-- extracting" If invoked by an admin user, then &%macro%&, &%macro_list%& and &%macros%& are available, similarly to the drivers. Because macros are sometimes used for storing passwords, this option is restricted. The output format is one item per line. +For the "-bP macro " form, if no such macro is found +the exit status will be nonzero. .vitem &%-bp%& .oindex "&%-bp%&" @@ -3551,6 +3571,7 @@ example: exim '-D ABC = something' ... .endd &%-D%& may be repeated up to 10 times on a command line. +Only macro names up to 22 letters long can be set. .vitem &%-d%&<&'debug&~options'&> @@ -3811,6 +3832,24 @@ This option is not intended for use by external callers. It is used internally by Exim in conjunction with the &%-MC%& option. It signifies that the connection to the remote host has been authenticated. +.vitem &%-MCD%& +.oindex "&%-MCD%&" +This option is not intended for use by external callers. It is used internally +by Exim in conjunction with the &%-MC%& option. It signifies that the +remote host supports the ESMTP &_DSN_& extension. + +.vitem &%-MCG%&&~<&'queue&~name'&> +.oindex "&%-MCG%&" +This option is not intended for use by external callers. It is used internally +by Exim in conjunction with the &%-MC%& option. It signifies that an +alternate queue is used, named by the following argument. + +.vitem &%-MCK%& +.oindex "&%-MCK%&" +This option is not intended for use by external callers. It is used internally +by Exim in conjunction with the &%-MC%& option. It signifies that a +remote host supports the ESMTP &_CHUNKING_& extension. + .vitem &%-MCP%& .oindex "&%-MCP%&" This option is not intended for use by external callers. It is used internally @@ -3839,6 +3878,13 @@ This option is not intended for use by external callers. It is used internally by Exim in conjunction with the &%-MC%& option, and passes on the fact that the host to which Exim is connected supports TLS encryption. +.vitem &%-MCt%&&~<&'IP&~address'&>&~<&'port'&>&~<&'cipher'&> +.oindex "&%-MCt%&" +This option is not intended for use by external callers. It is used internally +by Exim in conjunction with the &%-MC%& option, and passes on the fact that the +connection is being proxied by a parent process for handling TLS encryption. +The arguments give the local address and port being proxied, and the TLS cipher. + .vitem &%-Mc%&&~<&'message&~id'&>&~<&'message&~id'&>&~... .oindex "&%-Mc%&" .cindex "hints database" "not overridden by &%-Mc%&" @@ -4002,7 +4048,8 @@ for that message. .oindex "&%-n%&" This option is interpreted by Sendmail to mean &"no aliasing"&. For normal modes of operation, it is ignored by Exim. -When combined with &%-bP%& it suppresses the name of an option from being output. +When combined with &%-bP%& it makes the output more terse (suppresses +option names, environment values and config pretty printing). .vitem &%-O%&&~<&'data'&> .oindex "&%-O%&" @@ -4246,7 +4293,7 @@ or &%-bs%& is used. For &%-bh%&, the protocol is forced to one of the standard SMTP protocol names (see the description of &$received_protocol$& in section &<>&). For &%-bs%&, the protocol is always &"local-"& followed by one of those same names. For &%-bS%& (batched SMTP) however, the protocol can -be set by &%-oMr%&. +be set by &%-oMr%&. Repeated use of this option is not supported. .vitem &%-oMs%&&~<&'host&~name'&> .oindex "&%-oMs%&" @@ -4346,6 +4393,7 @@ host name and its colon can be omitted when only the protocol is to be set. Note the Exim already has two private options, &%-pd%& and &%-ps%&, that refer to embedded Perl. It is therefore impossible to set a protocol value of &`d`& or &`s`& using this option (but that does not seem a real limitation). +Repeated use of this option is not supported. .vitem &%-q%& .oindex "&%-q%&" @@ -4356,7 +4404,8 @@ relax this restriction (and also the same requirement for the &%-M%&, &%-R%&, and &%-S%& options). .cindex "queue runner" "description of operation" -The &%-q%& option starts one queue runner process. This scans the queue of +If other commandline options do not specify an action, +the &%-q%& option starts one queue runner process. This scans the queue of waiting messages, and runs a delivery process for each one in turn. It waits for each delivery process to finish before starting the next one. A delivery process may not actually do any deliveries if the retry times for the addresses @@ -4441,8 +4490,27 @@ The &'l'& (the letter &"ell"&) flag specifies that only local deliveries are to be done. If a message requires any remote deliveries, it remains on the queue for later delivery. -.vitem &%-q%&<&'qflags'&>&~<&'start&~id'&>&~<&'end&~id'&> +.vitem &%-q[q][i][f[f]][l][G[/