X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=doc%2Fdoc-docbook%2Fspec.xfpt;h=18cff9ed65c5b5d4110fcddd21c1d5b78c6b00af;hp=7d8080b9dd2de36822e41b709e2395fa7c4095b5;hb=bd0fff00c496a0530f1320721816bbcd07d2c478;hpb=e93f9a69dd2a211be2889b0e0f01cf4d41012dc0 diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 7d8080b9d..18cff9ed6 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -533,10 +533,23 @@ The &_.bz2_& file is usually a lot smaller than the &_.gz_& file. .cindex "distribution" "signing details" .cindex "distribution" "public key" .cindex "public key for signed distribution" -The distributions are currently signed with Nigel Metheringham's GPG key. The -corresponding public key is available from a number of keyservers, and there is -also a copy in the file &_nigel-pubkey.asc_&. The signatures for the tar bundles are -in: +.new +The distributions will be PGP signed by an individual key of the Release +Coordinator. This key will have a uid containing an email address in the +&'exim.org'& domain and will have signatures from other people, including +other Exim maintainers. We expect that the key will be in the "strong set" of +PGP keys. There should be a trust path to that key from Nigel Metheringham's +PGP key, a version of which can be found in the release directory in the file +&_nigel-pubkey.asc_&. All keys used will be available in public keyserver pools, +such as &'pool.sks-keyservers.net'&. + +At time of last update, releases were being made by Phil Pennock and signed with +key &'0x403043153903637F'&, although that key is expected to be replaced in 2013. +A trust path from Nigel's key to Phil's can be observed at +&url(https://www.security.spodhuis.org/exim-trustpath). +.wen + +The signatures for the tar bundles are in: .display &_exim-n.nn.tar.gz.asc_& &_exim-n.nn.tar.bz2.asc_& @@ -1348,6 +1361,8 @@ Setting the &%verify%& option actually sets two options, &%verify_sender%& and &%verify_recipient%&, which independently control the use of the router for sender and recipient verification. You can set these options directly if you want a router to be used for only one type of verification. +Note that cutthrough delivery is classed as a recipient verification +for this purpose. .next If the &%address_test%& option is set false, the router is skipped when Exim is run with the &%-bt%& option to test an address routing. This can be helpful @@ -1357,6 +1372,7 @@ having to simulate the effect of the scanner. .next Routers can be designated for use only when verifying an address, as opposed to routing it for delivery. The &%verify_only%& option controls this. +Again, cutthrough delibery counts as a verification. .next Individual routers can be explicitly skipped when running the routers to check an address given in the SMTP EXPN command (see the &%expn%& option). @@ -11047,6 +11063,12 @@ inserting the message header line with the given name. Note that the name must be terminated by colon or white space, because it may contain a wide variety of characters. Note also that braces must &'not'& be used. +.vitem &$headers_added$& +.vindex "&$headers_added$&" +Within an ACL this variable contains the headers added so far by +the ACL modifier add_header (section &<>&). +The headers are a newline-separated list. + .vitem &$home$& .vindex "&$home$&" When the &%check_local_user%& option is set for a router, the user's home @@ -13077,6 +13099,8 @@ Those options that undergo string expansion before use are marked with .option accept_8bitmime main boolean true .cindex "8BITMIME" .cindex "8-bit characters" +.cindex "log" "selectors" +.cindex "log" "8BITMIME" This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it @@ -13090,6 +13114,11 @@ A more detailed analysis of the issues is provided by Dan Bernstein: &url(http://cr.yp.to/smtp/8bitmime.html) .endd +To log received 8BITMIME status use +.code +log_selector = +8bitmime +.endd + .option acl_not_smtp main string&!! unset .cindex "&ACL;" "for non-SMTP messages" .cindex "non-SMTP messages" "ACLs for" @@ -17225,7 +17254,8 @@ Setting this option has the effect of setting &%verify_sender%& and .cindex "EXPN" "with &%verify_only%&" .oindex "&%-bv%&" .cindex "router" "used only when verifying" -If this option is set, the router is used only when verifying an address or +If this option is set, the router is used only when verifying an address, +delivering in cutthrough mode or testing with the &%-bv%& option, not when actually doing a delivery, testing with the &%-bt%& option, or running the SMTP EXPN command. It can be further restricted to verifying only senders or recipients by means of @@ -17239,7 +17269,8 @@ user or group. .option verify_recipient routers&!? boolean true If this option is false, the router is skipped when verifying recipient -addresses +addresses, +delivering in cutthrough mode or testing recipient verification using &%-bv%&. See section &<>& for a list of the order in which preconditions are evaluated. @@ -27035,7 +27066,7 @@ This option requests delivery be attempted while the item is being received. It is usable in the RCPT ACL and valid only for single-recipient mails forwarded from one SMTP connection to another. If a recipient-verify callout connection is requested in the same ACL it is held open and used for the data, otherwise one is made -after the ACL completes. +after the ACL completes. Note that routers are used in verify mode. Should the ultimate destination system positively accept or reject the mail, a corresponding indication is given to the source system and nothing is queued. @@ -27302,7 +27333,9 @@ receiving a message). The message must ultimately be accepted for any ACL verb, including &%deny%& (though this is potentially useful only in a RCPT ACL). -If the data for the &%add_header%& modifier contains one or more newlines that +Leading and trailing newlines are removed from +the data for the &%add_header%& modifier; if it then +contains one or more newlines that are not followed by a space or a tab, it is assumed to contain multiple header lines. Each one is checked for valid syntax; &`X-ACL-Warn:`& is added to the front of any line that is not a valid header line. @@ -27320,7 +27353,9 @@ message is rejected after DATA or by the non-SMTP ACL, all added header lines are included in the entry that is written to the reject log. .cindex "header lines" "added; visibility of" -Header lines are not visible in string expansions until they are added to the +Header lines are not visible in string expansions +of message headers +until they are added to the message. It follows that header lines defined in the MAIL, RCPT, and predata ACLs are not visible until the DATA ACL and MIME ACLs are run. Similarly, header lines that are added by the DATA or MIME ACLs are not visible in those @@ -27329,6 +27364,8 @@ passing data between (for example) the MAIL and RCPT ACLs. If you want to do this, you can use ACL variables, as described in section &<>&. +The list of headers yet to be added is given by the &%$headers_added%& variable. + The &%add_header%& modifier acts immediately as it is encountered during the processing of an ACL. Notice the difference between these two cases: .display @@ -33794,6 +33831,7 @@ log_selector = +arguments -retry_defer The list of optional log items is in the following table, with the default selection marked by asterisks: .display +&` 8bitmime `& received 8BITMIME status &`*acl_warn_skipped `& skipped &%warn%& statement in ACL &` address_rewrite `& address rewriting &` all_parents `& all parents in => lines @@ -33841,6 +33879,14 @@ selection marked by asterisks: More details on each of these items follows: .ilist +.cindex "8BITMIME" +.cindex "log" "8BITMIME" +&%8bitmime%&: This causes Exim to log any 8BITMIME status of received messages, +which may help in tracking down interoperability issues with ancient MTAs +that are not 8bit clean. This is added to the &"<="& line, tagged with +&`M8S=`& and a value of &`0`&, &`7`& or &`8`&, corresponding to "not given", +&`7BIT`& and &`8BITMIME`& respectively. +.next .cindex "&%warn%& ACL verb" "log when skipping" &%acl_warn_skipped%&: When an ACL &%warn%& statement is skipped because one of its conditions cannot be evaluated, a log line to this effect is written if