From 976b7e9fc18bab62d624acf49c6330915b875d41 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 4 Jun 2012 22:32:32 +0100 Subject: [PATCH] Basic documentation for cutthrough. --- doc/doc-docbook/spec.xfpt | 23 +++++++++++++++++++++++ doc/doc-txt/ChangeLog | 2 ++ doc/doc-txt/NewStuff | 29 +++++++++++++++++++++++++++++ 3 files changed, 54 insertions(+) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 0ea36adc2..02aff0662 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -26905,6 +26905,27 @@ Notice that we put back the lower cased version afterwards, assuming that is what is wanted for subsequent tests. +.new +.vitem &*control&~=&~cutthrough_delivery*& +.cindex "&ACL;" "cutthrough routing" +This option requests delivery be attempted while the item is being received. +It is usable in the RCPT ACL and valid only for single-recipient mails forwarded +from one SMTP connection to another. If a recipient-verify callout connection is +requested in the same ACL it is held open and used for the data, otherwise one is made +after the ACL completes. + +Should the ultimate destination system positively accept or reject the mail, +a corresponding indication is given to the source system and nothing is queued. +If there is a temporary error the item is queued for later delivery in the +usual fashion. If the item is successfully delivered in cutthrough mode the log line +is tagged with ">>" rather than "=>" and appears before the acceptance "<=" +line. + +Delivery in this mode avoids the generation of a bounce mail to a (possibly faked) +sender when the destination system is doing content-scan based rejection. +.wen + + .new .vitem &*control&~=&~dscp/*&<&'value'&> .cindex "&ACL;" "setting DSCP value" @@ -31632,6 +31653,8 @@ required for the transaction. If the remote server advertises support for the STARTTLS command, and Exim was built to support TLS encryption, it tries to start a TLS session unless the server matches &%hosts_avoid_tls%&. See chapter &<>& for more details. +Either a match in that or &%hosts_verify_avoid_tls%& apply when the transport +is called for verification. If the remote server advertises support for the AUTH command, Exim scans the authenticators configuration for any suitable client settings, as described diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index ecf3985a6..02f526756 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -33,6 +33,8 @@ PP/07 Handle "exim -L " to indicate to use syslog with tag as the process TL/01 Bugzilla 1258 - Refactor MAIL FROM optional args processing. +JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support. + Exim version 4.80 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 7efbe6ef4..aae58c631 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -55,6 +55,35 @@ Version 4.81 process name. A few other flags used by Sendmail are now accepted and ignored. + 7. New cutthrough routing feature. Requested by a "control = cutthrough_delivery" + ACL modifier; works for single-recipient mails which are recieved on and + deliverable via SMTP. Using the connection made for a recipient verify, + if requested before the verify, or a new one made for the purpose while + the inbound connection is still active. The bulk of the mail item is copied + direct from the inbound socket to the outbound (as well as the spool file). + When the source notifies the end of data, the data acceptance by the destination + is negociated before the acceptance is sent to the source. If the destination + does not accept the mail item, for example due to content-scanning, the item + is not accepted from the source and therefore there is no need to generate + a bounce mail. This is of benefit when providing a secondary-MX service. + The downside is that delays are under the control of the ultimate destination + system not your own. + + The Recieved-by: header on items delivered by cutthrough is generated + early in of reception rather than at the end; this will affect any timestamp + included. The log line showing delivery is recorded before that showing + reception; it uses a new ">>" tag instead of "=>". + + To support the feature, verify-callout connections can now use ESMTP and TLS. + The usual smtp transport options are honoured, plus a (new, default everything) + hosts_verify_avoid_tls. + + New variable families named tls_in_cipher, tls_out_cipher etc. are introduced + for specific access to the information for each connection. The old names + are present for now but deprecated. + + Not yet supported: IGNOREQUOTA, SIZE, PIPELINING, AUTH. + Version 4.80 ------------ -- 2.25.1