host to which Exim is connected supports TLS encryption.
.new
-.vitem &%-MCt%&&~<&'IP&~address'&>&~<&'port'&>
+.vitem &%-MCt%&&~<&'IP&~address'&>&~<&'port'&>&~<&'cipher'&>
.oindex "&%-MCt%&"
This option is not intended for use by external callers. It is used internally
by Exim in conjunction with the &%-MC%& option, and passes on the fact that the
connection is being proxied by a parent process for handling TLS encryption.
-The pair of arguments give the local address and port being proxied.
+The arguments give the local address and port being proxied, and the TLS cipher.
.wen
.vitem &%-Mc%&&~<&'message&~id'&>&~<&'message&~id'&>&~...
hexadecimal digits. There may be fewer than eight components if an empty
component (adjacent colons) is present. Only one empty component is permitted.
-&*Note*&: The checks are just on the form of the address; actual numerical
-values are not considered. Thus, for example, 999.999.999.999 passes the IPv4
-check. The main use of these tests is to distinguish between IP addresses and
+.new
+&*Note*&: The checks used to be just on the form of the address; actual numerical
+values were not considered. Thus, for example, 999.999.999.999 passed the IPv4
+check.
+This is no longer the case.
+.wen
+
+The main use of these tests is to distinguish between IP addresses and
host names, or between IPv4 and IPv6 addresses. For example, you could use
.code
${if isip4{$sender_host_address}...
need to use this option unless you know that the called hosts make use of the
sender when checking recipients. If used indiscriminately, it reduces the
usefulness of callout caching.
+
+.vitem &*hold*&
+This option applies to recipient callouts only. For example:
+.code
+require verify = recipient/callout=use_sender,hold
+.endd
+It causes the connection to be helod open and used for any further recipients
+and for eventual delivery (should that be done quickly).
+Doing this saves on TCP and SMTP startup costs, and TLS costs also
+when that is used for the connections.
+The advantage is only gained if there are no callout cache hits
+(which could be enforced by the no_cache option),
+if the use_sender option is used,
+if neither the random nor the use_postmaster option is used,
+and if no other callouts intervene.
.endlist
If you use any of the parameters that set a non-empty sender for the MAIL
.endd
If you omit the argument, the default values show above are used.
+.new
+.vitem &%f-prot6d%&
+.cindex "virus scanners" "f-prot6d"
+The f-prot6d scanner is accessed using the FPSCAND protocol over TCP.
+One argument is taken, being a space-separated hostname and port number.
+For example:
+.code
+av_scanner = f-prot6d:localhost 10200
+.endd
+If you omit the argument, the default values show above are used.
+.wen
+
.vitem &%fsecure%&
.cindex "virus scanners" "F-Secure"
The F-Secure daemon scanner (&url(http://www.f-secure.com)) takes one
lines for the second and subsequent messages.
.new
When two or more messages are delivered down a single TLS connection, the
-TLS-related information logged for the first message delivered
-(which may not be the earliest line in the log)
+DNS and some TLS-related information logged for the first message delivered
will not be present in the log lines for the second and subsequent messages.
+TLS cipher information is still available.
.wen
.cindex "delivery" "cutthrough; logging"
projects / exim.git / blobdiff