diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-04-15 10:36:56 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-04-15 11:22:04 +0100 |
| commit | ec2a355fdc961aba7ace27c624c01accd58dc1ed (patch) | |
| tree | f9641fcbe830c2c3c231fc833b7c9baded9bc4b3 /doc | |
| parent | fa714063ea46ef6dd92dbef3525781d85513394b (diff) | |
TLS resumption: support Outlook hosts-behind-loadbalancer
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 30 | ||||
| -rw-r--r-- | doc/doc-txt/OptionLists.txt | 3 |
2 files changed, 33 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 98ca33d23..89f762436 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -25515,6 +25515,36 @@ helo_data = ${lookup dnsdb{ptr=$sending_ip_address} \ The use of &%helo_data%& applies both to sending messages and when doing callouts. +.new +.option host_name_extract smtp "string list&!!" "see below" +.cindex "load balancer" "hosts behind" +.cindex TLS resumption +Some mail-accepting sites +(notably Microsoft) +operate many servers behind a network load-balancer. When this is done, +with separated TLS session caches, TLS session resuption becomes problematic. +It will only succeed when the same server happens to be selected by the +load-balancer, matching the session stored in the client's cache. + +Exim can pull out a server name, if there is one, from the response to the +client's SMTP EHLO command. +The default value of this option: +.code + ${if and { {match {$host} {.outlook.com\$}} \ + {match {$item} {\N^250-([\w.]+)\s\N}} \ + } {$1}} +.endd +suffices for one known case. +During the expansion of this option the &$item$& variable will have the +server's EHLO response. +The result of the option expansion is included in the key used to store and +retrieve the TLS session, for sessino resumption. + +Operators of high-load sites may wish to evaluate their logs for indications +of other destination sites operating load-balancers, and develop a suitable +expression for this option. +.wen + .option hosts smtp "string list&!!" unset Hosts are associated with an address by a router such as &(dnslookup)&, which finds the hosts by looking up the address domain in the DNS, or by diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index 4314c534b..55b0f36fc 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -296,6 +296,9 @@ hold_domains domain list unset main home_directory string* unset transports 4.00 replaces individual options host_all_ignored string "defer" manualroute 4.67 host_find_failed string "freeze" manualroute 4.00 +host_name_extract string + "${if and {{match{.outlook.com\\$}{$host}} {match{$item}{\\N^250-([\\w.]+)\\s\\N}}} {$1}}" + smtp 4.96 host_lookup host list unset main 3.00 host_lookup_order string list "bydns:byaddr" main 4.30 host_reject_connection host list unset main 4.00 |