.section "TLS" "SECID108"
.table2
.row &%gnutls_compat_mode%& "use GnuTLS compatibility mode"
+.new
+.row &%gnutls_enable_pkcs11%& "allow GnuTLS to autoload PKCS11 modules"
+.wen
.row &%openssl_options%& "adjust OpenSSL compatibility options"
.row &%tls_advertise_hosts%& "advertise TLS to these hosts"
.row &%tls_certificate%& "location of server certificate"
server. This reduces security slightly, but improves interworking with older
implementations of TLS.
+
+.new
+option gnutls_enable_pkcs11 main boolean unset
+This option will let GnuTLS (2.12.0 or later) autoload PKCS11 modules with
+the p11-kit configuration files in &_/etc/pkcs11/modules/_&.
+
+See
+&url(http://www.gnu.org/software/gnutls/manual/gnutls.html#Smart-cards-and-HSMs)
+for documentation.
+.wen
+
+
+
.option headers_charset main string "see below"
This option sets a default character set for translating from encoded MIME
&"words"& in header lines, when referenced by an &$h_xxx$& expansion item. The
If the result is any other value, the router is run (as this is the last
precondition to be evaluated, all the other preconditions must be true).
-This option is unique in that multiple &%condition%& options may be present.
+This option is unusual in that multiple &%condition%& options may be present.
All &%condition%& options must succeed.
The &%condition%& option provides a means of applying custom conditions to the
the expansion is forced to fail, the option has no effect. Other expansion
failures are treated as configuration errors.
+Unlike most options, &%headers_add%& can be specified multiple times
+for a router; all listed headers are added.
+
&*Warning 1*&: The &%headers_add%& option cannot be used for a &(redirect)&
router that has the &%one_time%& option set.
the option has no effect. Other expansion failures are treated as configuration
errors.
+Unlike most options, &%headers_remove%& can be specified multiple times
+for a router; all listed headers are removed.
+
&*Warning 1*&: The &%headers_remove%& option cannot be used for a &(redirect)&
router that has the &%one_time%& option set.
is forced to fail, no action is taken. Other expansion failures are treated as
errors and cause the delivery to be deferred.
+Unlike most options, &%headers_add%& can be specified multiple times
+for a transport; all listed headers are added.
+
.option headers_only transports boolean false
is forced to fail, no action is taken. Other expansion failures are treated as
errors and cause the delivery to be deferred.
+Unlike most options, &%headers_remove%& can be specified multiple times
+for a router; all listed headers are added.
+
.option headers_rewrite transports string unset
.endd
Exim does not check the syntax of these added header lines.
+Multiple &%headers_add%& options for a single router or transport can be
+specified; the values will be concatenated (with a separating newline
+added) before expansion.
+
The result of expanding &%headers_remove%& must consist of a colon-separated
list of header names. This is confusing, because header names themselves are
often terminated by colons. In this case, the colons are the list separators,
.code
headers_remove = return-receipt-to:acknowledge-to
.endd
+
+Multiple &%headers_remove%& options for a single router or transport can be
+specified; the values will be concatenated (with a separating colon
+added) before expansion.
+
When &%headers_add%& or &%headers_remove%& is specified on a router, its value
is expanded at routing time, and then associated with all addresses that are
accepted by that router, and also with any new addresses that it generates. If
&`*sender_verify_fail `& sender verification failures
&`*size_reject `& rejection because too big
&`*skip_delivery `& delivery skipped in a queue run
-&` smtp_confirmation `& SMTP confirmation on => lines
+&`*smtp_confirmation `& SMTP confirmation on => lines
&` smtp_connection `& SMTP connections
&` smtp_incomplete_transaction`& incomplete SMTP transactions
&` smtp_no_mail `& session with no MAIL commands