diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 63 | ||||
-rw-r--r-- | doc/doc-txt/ChangeLog | 2 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 2 | ||||
-rw-r--r-- | doc/doc-txt/experimental-spec.txt | 28 |
4 files changed, 65 insertions, 30 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index cbe5c1851..7c34bbbc7 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -13135,6 +13135,7 @@ listed in more than one group. .row &%acl_smtp_auth%& "ACL for AUTH" .row &%acl_smtp_connect%& "ACL for connection" .row &%acl_smtp_data%& "ACL for DATA" +.row &%acl_smtp_data_prdr%& "ACL for DATA, per-recipient" .row &%acl_smtp_dkim%& "ACL for DKIM verification" .row &%acl_smtp_etrn%& "ACL for ETRN" .row &%acl_smtp_expn%& "ACL for EXPN" @@ -13290,6 +13291,7 @@ See also the &'Policy controls'& section above. .row &%ignore_fromline_hosts%& "allow &""From ""& from these hosts" .row &%ignore_fromline_local%& "allow &""From ""& from local SMTP" .row &%pipelining_advertise_hosts%& "advertise pipelining to these hosts" +.row &%prdr_enable%& "advertise PRDR to all hosts" .row &%tls_advertise_hosts%& "advertise TLS to these hosts" .endtable @@ -13441,6 +13443,16 @@ This option defines the ACL that is run after an SMTP DATA command has been processed and the message itself has been received, but before the final acknowledgment is sent. See chapter &<<CHAPACL>>& for further details. +.option acl_smtp_data_prdr main string&!! unset +.cindex "DATA" "ACL for" +.cindex "&ACL;" "PRDR-related" +.cindex "&ACL;" "per-user data processing" +This option defines the ACL that, +if the PRDR feature has been negotiated, +is run for each recipient after an SMTP DATA command has been +processed and the message itself has been received, but before the +acknowledgment is sent. See chapter &<<CHAPACL>>& for further details. + .option acl_smtp_etrn main string&!! unset .cindex "ETRN" "ACL for" This option defines the ACL that is run when an SMTP ETRN command is @@ -15083,6 +15095,15 @@ that clients will use it; &"out of order"& commands that are &"expected"& do not count as protocol errors (see &%smtp_max_synprot_errors%&). +.option prdr_enable main boolean false +.cindex "PRDR" "enabling on server" +This option can be used to enable the Per-Recipient Data Response extension +to SMTP, defined by Eric Hall. +If the option is set, PRDR is advertised by Exim when operating as a server. +If the client requests PRDR, and more than one recipient, for a message +an additional ACL is called for each recipient after the message content +is recieved. See section &<<SECTPRDRACL>>&. + .option preserve_message_logs main boolean false .cindex "message logs" "preserving" If this option is set, message log files are not deleted when messages are @@ -22973,6 +22994,12 @@ connects. If authentication fails, Exim will try to transfer the message unauthenticated. See also &%hosts_require_auth%&, and chapter &<<CHAPSMTPAUTH>>& for details of authentication. +.option hosts_try_prdr smtp "host list&!!" unset +.cindex "PRDR" "enabling, optional in client" +This option provides a list of servers to which, provided they announce +PRDR support, Exim will attempt to negotiate PRDR +for multi-recipient messages. + .option interface smtp "string list&!!" unset .cindex "bind IP address" .cindex "IP address" "binding" @@ -26460,6 +26487,7 @@ options in the main part of the configuration. These options are: .cindex "SMTP" "connection, ACL for" .cindex "non-SMTP messages" "ACLs for" .cindex "MIME content scanning" "ACL for" +.cindex "PRDR" "ACL for" .table2 140pt .irow &%acl_not_smtp%& "ACL for non-SMTP messages" @@ -26468,6 +26496,7 @@ options in the main part of the configuration. These options are: .irow &%acl_smtp_auth%& "ACL for AUTH" .irow &%acl_smtp_connect%& "ACL for start of SMTP connection" .irow &%acl_smtp_data%& "ACL after DATA is complete" +.irow &%acl_smtp_data_prdr%& "ACL for each recipient, after DATA is complete" .irow &%acl_smtp_etrn%& "ACL for ETRN" .irow &%acl_smtp_expn%& "ACL for EXPN" .irow &%acl_smtp_helo%& "ACL for HELO or EHLO" @@ -26582,8 +26611,10 @@ before or after the data) correctly &-- they keep the message on their queues and try again later, but that is their problem, though it does waste some of your resources. -The &%acl_smtp_data%& ACL is run after both the &%acl_smtp_dkim%& and -the &%acl_smtp_mime%& ACLs. +The &%acl_smtp_data%& ACL is run after +the &%acl_smtp_data_prdr%&, +the &%acl_smtp_dkim%& +and the &%acl_smtp_mime%& ACLs. .section "The SMTP DKIM ACL" "SECTDKIMACL" The &%acl_smtp_dkim%& ACL is available only when Exim is compiled with DKIM support @@ -26605,6 +26636,34 @@ content-scanning extension. For details, see chapter &<<CHAPexiscan>>&. This ACL is evaluated after &%acl_smtp_dkim%& but before &%acl_smtp_data%&. +.section "The SMTP PRDR ACL" "SECTPRDRACL" +.oindex "&%prdr_enable%&" +The &%acl_smtp_data_prdr%& ACL is available only when Exim is compiled +with PRDR support enabled (which is the default). +It becomes active only when the PRDR feature is negotiated between +client and server for a message, and more than one recipient +has been accepted. + +The ACL test specfied by &%acl_smtp_data_prdr%& happens after a message +has been recieved, and is executed for each recipient of the message. +The test may accept or deny for inividual recipients. +The &%acl_smtp_data%& will still be called after this ACL and +can reject the message overall, even if this ACL has accepted it +for some or all recipients. + +PRDR may be used to support per-user content filtering. Without it +one must defer any recipient after the first that has a different +content-filter configuration. With PRDR, the RCPT-time check +for this can be disabled when the MAIL-time $smtp_command included +"PRDR". Any required difference in behaviour of the main DATA-time +ACL should however depend on the PRDR-time ACL having run, as Exim +will avoid doing so in some situations (eg. single-recipient mails). + +See also the &%prdr_enable%& global option +and the &%hosts_try_prdr%& smtp transport option. + +This ACL is evaluated after &%acl_smtp_dkim%& but before &%acl_smtp_data%&. + .section "The QUIT ACL" "SECTQUITACL" .cindex "QUIT, ACL for" The ACL for the SMTP QUIT command is anomalous, in that the outcome of the ACL diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 33e43b196..276876fe6 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -115,6 +115,8 @@ JH/22 Expansion operators ${md5:string} and ${sha1::string} can now operate on certificate variables to give certificate fingerprints Also new ${sha256:cert_variable}. +JH/23 The PRDR feature is moved from being Experimental into the mainline. + Exim version 4.82 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 9eebd089f..ac06ebfc6 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -49,6 +49,8 @@ Version 4.83 work over them for generating fingerprints, and a new sha256 operator for them added. +11. PRDR is now supported dy default. + Version 4.82 ------------ diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 1ec323433..018bfddb9 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -6,34 +6,6 @@ about experimental features, all of which are unstable and liable to incompatible change. -PRDR support --------------------------------------------------------------- - -Per-Recipient Data Reponse is an SMTP extension proposed by Eric Hall -in a (now-expired) IETF draft from 2007. It's not hit mainstream -use, but has apparently been implemented in the META1 MTA. - -There is mention at http://mail.aegee.org/intern/sendmail.html -of a patch to sendmail "to make it PRDR capable". - - ref: http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt - -If Exim is built with EXPERIMENTAL_PRDR there is a new config -boolean "prdr_enable" which controls whether PRDR is advertised -as part of an EHLO response, a new "acl_data_smtp_prdr" ACL -(called for each recipient, after data arrives but before the -data ACL), and a new smtp transport option "hosts_try_prdr". - -PRDR may be used to support per-user content filtering. Without it -one must defer any recipient after the first that has a different -content-filter configuration. With PRDR, the RCPT-time check -for this can be disabled when the MAIL-time $smtp_command included -"PRDR". Any required difference in behaviour of the main DATA-time -ACL should however depend on the PRDR-time ACL having run, as Exim -will avoid doing so in some situations (eg. single-recipient mails). - - - OCSP Stapling support -------------------------------------------------------------- |