the use of the SIZE option altogether.
+.new
+.option socks_proxy smtp string&!! unset
+.cindex proxy SOCKS
+This option enables use of SOCKS proxies for connections made by the
+transport. For details see &<<SECTproxySOCKS>>&.
+.wen
+
+
.option tls_certificate smtp string&!! unset
.cindex "TLS" "client certificate, location of"
.cindex "certificate" "client, location of"
. ////////////////////////////////////////////////////////////////////////////
. ////////////////////////////////////////////////////////////////////////////
+.chapter "Proxies" "CHAPproxies" &&&
+ "Proxy support"
+.cindex "proxy support"
+.cindex "proxy" "access via"
+
+.new
+A proxy is an intermediate system through which communication is passed.
+Proxies may provide a security, availability or load-distribution function.
+
+.section "Outbound proxies" SECTproxySOCKS
+.cindex proxy outbound
+.cindex proxy "client side"
+.cindex proxy SOCKS
+.cindex SOCKS proxy
+Exim has support for sending outbound SMTP via a proxy
+using a protocol called SOCKS5 (defined by RFC1928).
+The support can be removed by defining DISABLE_SOCKS=yes in Local/Makefile.
+
+Use of a proxy is enabled by setting the &%socks_proxy%& on an smtp transport.
+The option value is expanded and should then be a list
+(colon-separated by default) of proxy specifiers.
+Each proxy specifier is a list
+(space-separated by default) where the initial element
+is an IP address and any subsequent elements are options.
+
+Options are a string <name>=<value>.
+The list of options is in the following table:
+.display
+&`auth `& authentication method
+&`name `& authentication username
+&`pass `& authentication password
+&`port `& tcp port
+&`tmo `& connection timeout
+&`pri `& priority
+&`weight `& selection bias
+.endd
+
+More details on each of these options follows:
+
+.ilist
+.cindex authentication "to proxy"
+.cindex proxy authentication
+&%auth%&: Either &"none"& (default) or &"name"&.
+Using &"name"& selects username/password authentication per RFC 1929
+for access to the proxy.
+Default is &"none"&.
+.next
+&%name%&: sets the username for the &"name"& authentication method.
+Default is empty.
+.next
+&%pass%&: sets the password for the &"name"& authentication method.
+Default is empty.
+.next
+&%port%&: the TCP port number to use for the connection to the proxy.
+Default is 1080.
+.next
+&%tmo%&: sets a connection timeout in seconds for this proxy.
+Default is 5.
+.next
+&%pri%&: specifies a priority for the proxy within the list,
+higher values being tried first.
+The default priority is 1.
+.next
+&%weight%&: specifies a selection bias.
+Within a priority set servers are queried in a random fashion,
+weighted by this value.
+The default value for selection bias is 1.
+.endlist
+
+Proxies from the list are tried according to their priority
+and weight settings until one responds. The timeout for the
+overall connection applies to the set of proxied attempts.
+.wen
+
+. ////////////////////////////////////////////////////////////////////////////
+. ////////////////////////////////////////////////////////////////////////////
+
.chapter "Adding new drivers or lookup types" "CHID13" &&&
"Adding drivers or lookups"
.cindex "adding drivers"
JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalisation
for DKIM processing.
+JH/23 Move SOCKS5 support from Experimental to mainline. It can be left out
+ from a build by defining DISABLE_SOCKS.
+
Exim version 4.86
-----------------
No other use is made of the result string.
+If transport proxying is used, the remote IP/port during a
+tcp:connect event will be that of the proxy.
+
Known issues:
- the tls:cert event is only called for the cert chain elements
-SOCKS
-------------------------------------------------------------
-Support for proxying outbound SMTP via a Socks 5 proxy
-(RFC 1928) is included if Exim is compiled with
-EXPERIMENTAL_SOCKS defined.
-
-If an smtp transport has a nonempty socks_proxy option
-defined, this is active. The option is expanded and
-should be a list (colon-separated by default) of
-proxy specifiers. Each proxy specifier is a list
-(space-separated by default) where the initial element
-is an IP address and any subsequent elements are options.
-
-Options are a string <name>=<value>.
-These options are currently defined:
-- "auth", with possible values "none" and "name".
- Using "name" selects username/password authentication
- per RFC 1929. Default is "none".
-- "name" sets the authentication username. Default is empty.
-- "pass" sets the authentication password. Default is empty.
-- "port" sets the tcp port number for the proxy. Default is 1080.
-- "tmo" sets a connection timeout in seconds for this proxy. Default is 5.
-- "pri" specifies a priority for the server within the list, higher
- values being tried first. The default priority is 1.
-- "weight" specifies a selection bias. Within a priority set servers
- are queried in a random fashion, weighted by this value. The default
- value for selection bias is 1.
-
-Proxies from the list are tried according to their priority
-and weight settings until one responds. The timeout for the
-overall connection applies to the set of proxied attempts.
-
-If events are used, the remote IP/port during a
-tcp:connect event will be that of the proxy.
-
-
-
-
DANE
------------------------------------------------------------
DNS-based Authentication of Named Entities, as applied
# DISABLE_DNSSEC=yes
+#------------------------------------------------------------------------------
+# By default Exim has support for connecting outbound via a SOCK5 proxy.
+# To remove this support uncomment the following line.
+
+# DISABLE_SOCKS=yes
+
+
#------------------------------------------------------------------------------
# Compiling Exim with experimental features. These are documented in
# experimental-spec.txt. "Experimental" means that the way these features are
# Note: Enabling this unconditionally overrides DISABLE_DNSSEC
# EXPERIMENTAL_DANE=yes
-# Uncomment the following line to add SOCKS support
-# EXPERIMENTAL_SOCKS=yes
-
# Uncomment the following to add Internationalisation features. You need to
# have the IDN library installed.
# EXPERIMENTAL_INTERNATIONAL=yes
#define DEFAULT_CRYPT crypt
#define DELIVER_IN_BUFFER_SIZE 8192
#define DELIVER_OUT_BUFFER_SIZE 8192
+#define DISABLE_DNSSEC
#define DISABLE_DKIM
#define DISABLE_PRDR
#define DISABLE_OCSP
-#define DISABLE_DNSSEC
+#define DISABLE_SOCKS
#define DISABLE_D_OPTION
#define ENABLE_DISABLE_FSYNC
#define EXPERIMENTAL_INTERNATIONAL
#define EXPERIMENTAL_PROXY
#define EXPERIMENTAL_REDIS
-#define EXPERIMENTAL_SOCKS
#define EXPERIMENTAL_SPF
#define EXPERIMENTAL_SRS
#ifdef WITH_CONTENT_SCAN
fprintf(f, " Content_Scanning");
#endif
-#ifndef DISABLE_DKIM
- fprintf(f, " DKIM");
-#endif
#ifdef WITH_OLD_DEMIME
fprintf(f, " Old_Demime");
#endif
+#ifndef DISABLE_DKIM
+ fprintf(f, " DKIM");
+#endif
#ifndef DISABLE_DNSSEC
fprintf(f, " DNSSEC");
#endif
+#ifndef DISABLE_OCSP
+ fprintf(f, " OCSP");
+#endif
#ifndef DISABLE_PRDR
fprintf(f, " PRDR");
#endif
-#ifndef DISABLE_OCSP
- fprintf(f, " OCSP");
+#ifndef DISABLE_SOCKS
+ fprintf(f, " SOCKS");
#endif
#ifdef EXPERIMENTAL_SPF
fprintf(f, " Experimental_SPF");
#ifdef EXPERIMENTAL_REDIS
fprintf(f, " Experimental_Redis");
#endif
-#ifdef EXPERIMENTAL_SOCKS
- fprintf(f, " Experimental_SOCKS");
-#endif
fprintf(f, "\n");
fprintf(f, "Lookups (built-in):");
smtp_connect(host_item *host, int host_af, int port, uschar *interface,
int timeout, transport_instance * tb)
{
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
smtp_transport_options_block * ob =
(smtp_transport_options_block *)tb->options_block;
#endif
{
uschar * s = US" ";
if (interface) s = string_sprintf(" from %s ", interface);
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
if (ob->socks_proxy) s = string_sprintf("%svia proxy ", s);
#endif
debug_printf("Connecting to %s %s%s... ", host->name, callout_address, s);
/* Create and connect the socket */
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
if (ob->socks_proxy)
return socks_sock_connect(host, host_af, port, interface, tb, timeout);
#endif
(void *)offsetof(smtp_transport_options_block, serialize_hosts) },
{ "size_addition", opt_int,
(void *)offsetof(smtp_transport_options_block, size_addition) }
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
,{ "socks_proxy", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, socks_proxy) }
#endif
FALSE, /* lmtp_ignore_quota */
NULL, /* expand_retry_include_ip_address */
TRUE /* retry_include_ip_address */
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
,NULL /* socks_proxy */
#endif
#ifdef SUPPORT_TLS
BOOL lmtp_ignore_quota;
uschar *expand_retry_include_ip_address;
BOOL retry_include_ip_address;
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
uschar *socks_proxy;
#endif
#ifdef SUPPORT_TLS
extern BOOL smtp_mail_auth_str(uschar *, unsigned,
address_item *, smtp_transport_options_block *);
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
extern int socks_sock_connect(host_item *, int, int, uschar *,
transport_instance *, int);
#endif
#include "../exim.h"
#include "smtp.h"
-#ifdef EXPERIMENTAL_SOCKS /* entire file */
+#ifndef DISABLE_SOCKS /* entire file */
#ifndef nelem
# define nelem(arr) (sizeof(arr)/sizeof(*arr))
-support Experimental_SOCKS
+support SOCKS
-support Experimental_SOCKS
+support SOCKS
support GnuTLS
running IPv4
running socks
-support Experimental_SOCKS
+support SOCKS
support OpenSSL
running IPv4
running socks
projects / exim.git / commitdiff