diff options
| author | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2020-10-04 12:22:01 +0200 |
|---|---|---|
| committer | Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> | 2020-10-05 10:46:49 +0200 |
| commit | 4c7f095f4f32a2259017fa5acab6b1278af9e702 (patch) | |
| tree | 907d039c457ae1f6cf1064e546c6f2e57db4fd25 /doc | |
| parent | d0de84b2d250e2f066286db3a3f5400a0f931b67 (diff) | |
Add proxy_protocol_timeout main config option.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 12 | ||||
| -rw-r--r-- | doc/doc-txt/NewStuff | 3 |
2 files changed, 14 insertions, 1 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index d0c3e7846..31c8c5653 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -14680,6 +14680,7 @@ listed in more than one group. .row &%local_scan_timeout%& "timeout for &[local_scan()]&" .row &%message_size_limit%& "for all messages" .row &%percent_hack_domains%& "recognize %-hack for these domains" +.row &%proxy_protocol_timeout%& "timeout for proxy protocol negotiation" .row &%spamd_address%& "set interface to SpamAssassin" .row &%strict_acl_vars%& "object to unset ACL variables" .row &%spf_smtp_comment_template%& "template for &$spf_smtp_comment$&" @@ -17017,6 +17018,14 @@ admin user unless &%prod_requires_admin%& is set false. See also &%queue_list_requires_admin%& and &%commandline_checks_require_admin%&. +.new +.option proxy_protocol_timeout main time 3s +.cindex proxy "proxy protocol" +This option sets the timeout for proxy protocol negotiation. +For details see section &<<SECTproxyInbound>>&. +.wen + + .option qualify_domain main string "see below" .cindex "domain" "for qualifying addresses" .cindex "address" "qualification" @@ -41929,7 +41938,8 @@ automatically determines which version is in use. The Proxy Protocol header is the first data received on a TCP connection and is inserted before any TLS-on-connect handshake from the client; Exim negotiates TLS between Exim-as-server and the remote client, not between -Exim and the proxy server. +Exim and the proxy server. The Proxy Protocol header must be received +within &%proxy_protocol_timeout%&, which defaults to 3s. The following expansion variables are usable (&"internal"& and &"external"& here refer to the interfaces diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index acbbc15fd..cd1699dc6 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -43,6 +43,9 @@ Version 4.95 than the provious behaviour of always loading at startup time for every connection. This helps particularly for the CA bundle. +12. Proxy Protocol Timeout is configurable via "proxy_protocol_timeout" + main config option. + Version 4.94 ------------ |