X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=doc%2Fdoc-docbook%2Fspec.xfpt;h=e34ed805441acfc5c7433e8ccb2a8f892e110f62;hb=fd4d887101c6b4075a477bc275e51c35b94fd4c2;hp=f7bebc866c9c8ba89126c0048ffcf3be9c7cd190;hpb=09b99df91359c95c1c5a7f25c9a9cfcb17b7dd02;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index f7bebc866..e34ed8054 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -28003,14 +28003,18 @@ is what is wanted for subsequent tests. .cindex "cutthrough" "requesting" This option requests delivery be attempted while the item is being received. -The option usable in the RCPT ACL. +The option is usable in the RCPT ACL. If enabled for a message recieved via smtp and routed to an smtp transport, -and the message has only one recipient, +and only one transport, interface, destination host and port combination +is used for all recipients of the message, then the delivery connection is made while the receiving connection is open and data is copied from one to the other. +An attempt to set this option for any recipient but the first +for a mail will be quietly ignored. If a recipient-verify callout connection is subsequently -requested in the same ACL it is held open and used for the data, +requested in the same ACL it is held open and used for +any subsequent receipients and the data, otherwise one is made after the initial RCPT ACL completes. Note that routers are used in verify mode, @@ -28022,12 +28026,13 @@ Headers may be modified by routers (subject to the above) and transports. Cutthrough delivery is not supported via transport-filters or when DKIM signing of outgoing messages is done, because it sends data to the ultimate destination before the entire message has been received from the source. +It is not supported for messages recieved with the SMTP PRDR option in use. Should the ultimate destination system positively accept or reject the mail, a corresponding indication is given to the source system and nothing is queued. If there is a temporary error the item is queued for later delivery in the usual fashion. If the item is successfully delivered in cutthrough mode -the log line is tagged with ">>" rather than "=>" and appears +the delivery log lines are tagged with ">>" rather than "=>" and appear before the acceptance "<=" line. Delivery in this mode avoids the generation of a bounce mail to a @@ -28819,7 +28824,7 @@ verified is redirected to a single address, verification continues with the new address, and in that case, the subsequent value of &$address_data$& is the value for the child address. -.vitem &*verify&~=&~reverse_host_lookup*& +.vitem &*verify&~=&~reverse_host_lookup/*&<&'options'&> .cindex "&%verify%& ACL condition" .cindex "&ACL;" "verifying host reverse lookup" .cindex "host" "verifying reverse lookup" @@ -28830,6 +28835,9 @@ Verification ensures that the host name obtained from a reverse DNS lookup, or one of its aliases, does, when it is itself looked up in the DNS, yield the original IP address. +There is one possible option, &`defer_ok`&. If this is present and a +DNS operation returns a temporary error, the verify condition succeeds. + If this condition is used for a locally generated message (that is, when there is no client host involved), it always succeeds. @@ -30703,14 +30711,23 @@ deny message = This message contains malware ($malware_name) .endd -.section "Scanning with SpamAssassin" "SECTscanspamass" +.section "Scanning with SpamAssassin and Rspamd" "SECTscanspamass" .cindex "content scanning" "for spam" .cindex "spam scanning" .cindex "SpamAssassin" +.cindex "Rspamd" The &%spam%& ACL condition calls SpamAssassin's &%spamd%& daemon to get a spam -score and a report for the message. You can get SpamAssassin at -&url(http://www.spamassassin.org), or, if you have a working Perl -installation, you can use CPAN by running: +score and a report for the message. +.new +Support is also provided for Rspamd (which can speak SpamAssassin's protocol but +provides reduced functionality when used in this mode). + +For more information about installation and configuration of SpamAssassin or +Rspamd refer to their respective websites at +&url(http://spamassassin.apache.org) and &url(http://www.rspamd.com) +.wen + +SpamAssassin can be installed with CPAN by running: .code perl -MCPAN -e 'install Mail::SpamAssassin' .endd @@ -30719,36 +30736,64 @@ documentation to see how you can tweak it. The default installation should work nicely, however. .oindex "&%spamd_address%&" -After having installed and configured SpamAssassin, start the &%spamd%& daemon. -By default, it listens on 127.0.0.1, TCP port 783. If you use another host or -port for &%spamd%&, you must set the &%spamd_address%& option in the global -part of the Exim configuration as follows (example): +By default, SpamAssassin listens on 127.0.0.1, TCP port 783 and if you +intend to use an instance running on the local host you do not need to set +&%spamd_address%&. If you intend to use another host or port for SpamAssassin, +you must set the &%spamd_address%& option in the global part of the Exim +configuration as follows (example): .code spamd_address = 192.168.99.45 387 .endd -You do not need to set this option if you use the default. As of version 2.60, -&%spamd%& also supports communication over UNIX sockets. If you want to use -these, supply &%spamd_address%& with an absolute file name instead of a -address/port pair: + +.new +To use Rspamd (which by default listens on all local addresses +on TCP port 11333) +you should add &%variant=rspamd%& after the address/port pair, for example: +.code +spamd_address = 127.0.0.1 11333 variant=rspamd +.endd +.wen + +As of version 2.60, &%SpamAssassin%& also supports communication over UNIX +sockets. If you want to us these, supply &%spamd_address%& with an absolute +file name instead of an address/port pair: .code spamd_address = /var/run/spamd_socket .endd You can have multiple &%spamd%& servers to improve scalability. These can reside on other hardware reachable over the network. To specify multiple &%spamd%& servers, put multiple address/port pairs in the &%spamd_address%& -option, separated with colons: +option, separated with colons (the separator can be changed in the usual way): .code spamd_address = 192.168.2.10 783 : \ 192.168.2.11 783 : \ 192.168.2.12 783 .endd -Up to 32 &%spamd%& servers are supported. The servers are queried in a random -fashion. When a server fails to respond to the connection attempt, all other +Up to 32 &%spamd%& servers are supported. +When a server fails to respond to the connection attempt, all other servers are tried until one succeeds. If no server responds, the &%spam%& condition defers. -&*Warning*&: It is not possible to use the UNIX socket connection method with -multiple &%spamd%& servers. +.new +Unix and TCP socket specifications may be mixed in any order. +Each element of the list is a list itself, space-separated by default +and changeable in the usual way. +Elements after the first for Unix sockets, or second for TCP socket, +are options. +The supported option are: +.code +variant=rspamd Use Rspamd rather than SpamAssassin protocol +time=- Use only between these times of day +weight= Selection bias +backup Use only if all non-backup servers fail +.endd + +Time specifications for the &`time`& option are .. +in the local time zone; each element being one or more digits. + +Servers are queried in a random fashion, weighted by the selection bias. +The default value for selection bias is 1. +.wen The &%spamd_address%& variable is expanded before use if it starts with a dollar sign. In this case, the expansion may return a string that is @@ -30765,7 +30810,10 @@ The right-hand side of the &%spam%& condition specifies a name. This is relevant if you have set up multiple SpamAssassin profiles. If you do not want to scan using a specific profile, but rather use the SpamAssassin system-wide default profile, you can scan for an unknown name, or simply use &"nobody"&. -However, you must put something on the right-hand side. +.new +Rspamd does not use this setting. However, you must put something on the +right-hand side. +.wen The name allows you to use per-domain or per-user antispam profiles in principle, but this is not straightforward in practice, because a message may @@ -30819,6 +30867,14 @@ headers, since MUAs can match on such strings. .vitem &$spam_report$& A multiline text table, containing the full SpamAssassin report for the message. Useful for inclusion in headers or reject messages. + +.new +.vitem &$spam_action$& +For SpamAssassin either 'reject' or 'no action' depending on the +spam score versus threshold. +For Rspamd, the recommended action. +.wen + .endlist The &%spam%& condition caches its results unless expansion in @@ -34943,8 +34999,8 @@ selection marked by asterisks: &`*etrn `& ETRN commands &`*host_lookup_failed `& as it says &` ident_timeout `& timeout for ident connection -&` incoming_interface `& incoming interface on <= lines -&` incoming_port `& incoming port on <= lines +&` incoming_interface `& local interface on <= and => lines +&` incoming_port `& remote port on <= lines &`*lost_incoming_connection `& as it says (includes timeouts) &` outgoing_port `& add remote port to => lines &`*queue_run `& start and end queue runs @@ -35063,12 +35119,16 @@ routing email addresses, but it does apply to &"byname"& lookups. client's ident port times out. .next .cindex "log" "incoming interface" +.cindex "log" "local interface" +.cindex "log" "local address and port" +.cindex "TCP/IP" "logging local address and port" .cindex "interface" "logging" &%incoming_interface%&: The interface on which a message was received is added to the &"<="& line as an IP address in square brackets, tagged by I= and followed by a colon and the port number. The local interface and port are also -added to other SMTP log lines, for example &"SMTP connection from"&, and to -rejection lines. +added to other SMTP log lines, for example &"SMTP connection from"& and to +rejection lines +and (despite the name) the local interface is added to &"=>"& lines.. .next .cindex "log" "incoming remote port" .cindex "port" "logging remote"