diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 368 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 8 | ||||
| -rw-r--r-- | doc/doc-txt/NewStuff | 24 | ||||
| -rw-r--r-- | doc/doc-txt/OptionLists.txt | 4 | ||||
| -rw-r--r-- | doc/doc-txt/experimental-spec.txt | 211 |
5 files changed, 410 insertions, 205 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index b154743c2..28c8b1462 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -3902,6 +3902,13 @@ together with the file descriptor number of an open pipe. Closure of the pipe signals the final completion of the sequence of processes that are passing messages through the same SMTP connection. +.new +.vitem &%-MCq%&&~<&'recipient&~address'&>&~<&'size'&> +.oindex "&%-MCq%&" +This option is not intended for use by external callers. It is used internally +by Exim to implement quota checking for local users. +.wen + .vitem &%-MCS%& .oindex "&%-MCS%&" This option is not intended for use by external callers. It is used internally @@ -4512,12 +4519,17 @@ appear in the correct order. Each flag is described in a separate item below. .cindex "queue" "routing" .cindex "routing" "whole queue before delivery" .cindex "first pass routing" +.cindex "queue runner" "two phase" An option starting with &%-qq%& requests a two-stage queue run. In the first stage, the queue is scanned as if the &%queue_smtp_domains%& option matched every domain. Addresses are routed, local deliveries happen, but no remote transports are run. Performance will be best if the &%queue_run_in_order%& option is false. +If that is so and the &%queue_fast_ramp%& option is true then +in the first phase of the run, +once a threshold number of messages are routed for a given host, +a delivery process is forked in parallel with the rest of the scan. .cindex "hints database" "remembering routing" The hints database that remembers which messages are waiting for specific hosts @@ -6653,11 +6665,18 @@ If the value of &$sender_host_address$& is 192.168.5.6, expansion of the first &%domains%& setting above generates the second setting, which therefore causes a second lookup to occur. +.new The lookup type may optionally be followed by a comma and a comma-separated list of options. Each option is a &"name=value"& pair. Whether an option is meaningful depands on the lookup type. +All lookups support the option &"cache=no_rd"&. +If this is given then the cache that Exim manages for lookup results +is not checked before diong the lookup. +The result of the lookup is still written to the cache. +.wen + The rest of this chapter describes the different lookup types that are available. Any of them can be used in any part of the configuration where a lookup is permitted. @@ -6681,6 +6700,7 @@ If this is given and the lookup (either underlying implementation or cached value) returns data, the result is replaced with a non-tainted version of the lookup key. +.cindex "tainted data" "de-tainting" .next .cindex "query-style lookup" "definition of" The &'query-style'& type accepts a generalized database query. No particular @@ -6854,6 +6874,29 @@ The final resulting element can be a simple JSON type or a JSON object or array; for the latter two a string-representation of the JSON is returned. For elements of type string, the returned value is de-quoted. + + +.new +.next +.cindex LMDB +.cindex lookup lmdb +.cindex database lmdb +&(lmdb)&: The given file is an LMDB database. +LMDB is a memory-mapped key-value store, +with API modeled loosely on that of BerkeleyDB. +See &url(https://symas.com/products/lightning-memory-mapped-database/) +for the feature set and operation modes. + +Exim provides read-only access via the LMDB C library. +The library can be obtained from &url(https://github.com/LMDB/lmdb) +or your operating system package repository. +To enable LMDB support in Exim set LOOKUP_LMDB=yes in &_Local/Makefile_&. + +You will need to separately create the LMDB database file, +possibly using the &"mdb_load"& utility. +.wen + + .next .cindex "linear search" .cindex "lookup" "lsearch" @@ -10564,6 +10607,14 @@ ${sort {${lookup dnsdb{>:,,mx=example.com}}} {<} {${listextract{1}{<,$item}}}} will sort an MX lookup into priority order. + +.new +.vitem &*${srs_encode&~{*&<&'secret'&>&*}{*&<&'return&~path'&>&*}{*&<&'original&~domain'&>&*}}*& +SRS encoding. See SECT &<<SECTSRS>>& for details. +.wen + + + .vitem &*${substr{*&<&'string1'&>&*}{*&<&'string2'&>&*}{*&<&'string3'&>&*}}*& .cindex "&%substr%& expansion item" .cindex "substring extraction" @@ -11626,6 +11677,13 @@ includes the case of letters, whereas for &%gti%& the comparison is case-independent. Case and collation order are defined per the system C locale. + +.new +.vitem &*inbound_srs&~{*&<&'local&~part'&>&*}{*&<&'secret'&>&*}*& +SRS decode. See SECT &<<SECTSRS>>& for details. +.wen + + .vitem &*inlist&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& &&& &*inlisti&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& .cindex "string" "comparison" @@ -13708,6 +13766,17 @@ the value of the Distinguished Name of the certificate is made available in the If certificate verification fails it may refer to a failing chain element which is not the leaf. + +.new +.vitem &$tls_in_resumption$& &&& + &$tls_out_resumption$& +.vindex &$tls_in_resumption$& +.vindex &$tls_out_resumption$& +.cindex TLS resumption +Observability for TLS session resumption. See &<<SECTresumption>>& for details. +.wen + + .vitem &$tls_in_sni$& .vindex "&$tls_in_sni$&" .vindex "&$tls_sni$&" @@ -14712,6 +14781,7 @@ See also the &'Policy controls'& section above. .row &%hold_domains%& "hold delivery for these domains" .row &%local_interfaces%& "for routing checks" .row &%queue_domains%& "no immediate delivery for these" +.row &%queue_fast_ramp%& "parallel delivery with 2-phase queue run" .row &%queue_only%& "no immediate delivery at all" .row &%queue_only_file%& "no immediate delivery if file exists" .row &%queue_only_load%& "no immediate delivery if load is high" @@ -16884,6 +16954,17 @@ domains that do not match are processed. All other deliveries wait until the next queue run. See also &%hold_domains%& and &%queue_smtp_domains%&. +.new +.option queue_fast_ramp main boolean false +.cindex "queue runner" "two phase" +.cindex "queue" "double scanning" +If set to true, two-phase queue runs, initiated using &%-qq%& on the +command line, may start parallel delivery processes during their first +phase. This will be done when a threshold number of messages have been +routed for a single host. +.wen + + .option queue_list_requires_admin main boolean true .cindex "restricting access to features" .oindex "&%-bp%&" @@ -18254,6 +18335,14 @@ preference order of the available ciphers. Details are given in sections &<<SECTreqciphssl>>& and &<<SECTreqciphgnu>>&. +.new +.option tls_resumption_hosts main "host list&!!" unset +.cindex TLS resumption +This option controls which connections to offer the TLS resumption feature. +See &<<SECTresumption>>& for details. +.wen + + .option tls_try_verify_hosts main "host list&!!" unset .cindex "TLS" "client certificate verification" .cindex "certificate" "verification of client" @@ -25375,6 +25464,20 @@ so can cause parallel connections to the same host if &%remote_max_parallel%& permits this. +.new +.option message_linelength_limit smtp integer 998 +.cindex "line length" limit +This option sets the maximum line length, in bytes, that the transport +will send. Any messages with lines exceeding the given value +will fail and a failure-DSN ("bounce") message will if possible be returned +to the sender. +The default value is that defined by the SMTP standards. + +It is generally wise to also check in the data ACL so that messages +received via SMTP can be refused without producing a bounce. +.wen + + .option multi_domain smtp boolean&!! true .vindex "&$domain$&" When this option is set, the &(smtp)& transport can handle a number of @@ -25556,6 +25659,14 @@ is used in different ways by OpenSSL and GnuTLS (see sections ciphers is a preference order. +.new +.option tls_resumption_hosts smtp "host list&!!" unset +.cindex TLS resumption +This option controls which connections to use the TLS resumption feature. +See &<<SECTresumption>>& for details. +.wen + + .option tls_sni smtp string&!! unset .cindex "TLS" "Server Name Indication" @@ -29372,6 +29483,100 @@ Open-source PKI book, available online at .ecindex IIDencsmtp2 +.new +.section "TLS Resumption" "SECTresumption" +.cindex TLS resumption +TLS Session Resumption for TLS 1.2 and TLS 1.3 connections can be used (defined +in RFC 5077 for 1.2). The support for this requires GnuTLS 3.6.3 or OpenSSL 1.1.1 +(or later). + +Session resumption (this is the "stateless" variant) involves the server sending +a "session ticket" to the client on one connection, which can be stored by the +client and used for a later session. The ticket contains sufficient state for +the server to reconstruct the TLS session, avoiding some expensive crypto +calculation and (on TLS1.2) one full packet roundtrip time. + +.ilist +Operational cost/benefit: + + The extra data being transmitted costs a minor amount, and the client has + extra costs in storing and retrieving the data. + + In the Exim/Gnutls implementation the extra cost on an initial connection + which is TLS1.2 over a loopback path is about 6ms on 2017-laptop class hardware. + The saved cost on a subsequent connection is about 4ms; three or more + connections become a net win. On longer network paths, two or more + connections will have an average lower startup time thanks to the one + saved packet roundtrip. TLS1.3 will save the crypto cpu costs but not any + packet roundtrips. + +.cindex "hints database" tls + Since a new hints DB is used on the TLS client, + the hints DB maintenance should be updated to additionally handle "tls". + +.next +Security aspects: + + The session ticket is encrypted, but is obviously an additional security + vulnarability surface. An attacker able to decrypt it would have access + all connections using the resumed session. + The session ticket encryption key is not committed to storage by the server + and is rotated regularly (OpenSSL: 1hr, and one previous key is used for + overlap; GnuTLS 6hr but does not specify any overlap). + Tickets have limited lifetime (2hr, and new ones issued after 1hr under + OpenSSL. GnuTLS 2hr, appears to not do overlap). + + There is a question-mark over the security of the Diffie-Helman parameters + used for session negotiation. + +.next +Observability: + + The &%log_selector%& "tls_resumption" appends an asterisk to the tls_cipher "X=" + element. + + The variables &$tls_in_resumption$& and &$tls_out_resumption$& + have bits 0-4 indicating respectively + support built, client requested ticket, client offered session, + server issued ticket, resume used. A suitable decode list is provided + in the builtin macro _RESUME_DECODE for in &%listextract%& expansions. + +.next +Control: + +The &%tls_resumption_hosts%& main option specifies a hostlist for which +exim, operating as a server, will offer resumption to clients. +Current best practice is to not offer the feature to MUA connection. +Commonly this can be done like this: +.code +tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}} +.endd +If the peer host matches the list after expansion then resumption +is offered and/or accepted. + +The &%tls_resumption_hosts%& smtp transport option performs the +equivalent function for operation as a client. +If the peer host matches the list after expansion then resumption +is attempted (if a stored session is available) or the information +stored (if supplied by the peer). + + +.next +Issues: + + In a resumed session: +.ilist + The variables &$tls_{in,out}_cipher$& will have values different + to the original (under GnuTLS). +.next + The variables &$tls_{in,out}_ocsp$& will be "not requested" or "no response", + and the &%hosts_require_ocsp%& smtp trasnport option will fail. +. XXX need to do something with that hosts_require_ocsp +.endlist + +.endlist +.wen + .section DANE "SECDANE" .cindex DANE @@ -32492,6 +32697,15 @@ The &%success_on_redirect%& option causes verification always to succeed immediately after a successful redirection. By default, if a redirection generates just one address, that address is also verified. See further discussion in section &<<SECTredirwhilveri>>&. +.new +.next +If the &%quota%& option is specified for recipient verify, +successful routing to an appendfile transport is followed by a call into +the transport to evaluate the quota status for the recipient. +No actual delivery is done, but verification will succeed if the quota +is sufficient for the message (if the sender gave a message size) or +not already exceeded (otherwise). +.wen .endlist .cindex "verifying address" "differentiating failures" @@ -32525,6 +32739,9 @@ connection, HELO, or MAIL). &%recipient%&: The RCPT command in a callout was rejected. .next &%postmaster%&: The postmaster check in a callout was rejected. +.new +.next +&%quota%&: The quota check for a local recipient did non pass. .endlist The main use of these variables is expected to be to distinguish between @@ -32854,6 +33071,38 @@ behaviour will be the same. +.new +.section "Quota caching" "SECTquotacache" +.cindex "hints database" "quota cache" +.cindex "quota" "cache, description of" +.cindex "caching" "quota" +Exim caches the results of quota verification +in order to reduce the amount of resources used. +The &"callout"& hints database is used. + +The default cache periods are five minutes for a positive (good) result +and one hour for a negative result. +To change the periods the &%quota%& option can be followed by an equals sign +and a number of optional paramemters, separated by commas. +For example: +.code +verify = recipient/quota=cachepos=1h,cacheneg=1d +.endd +Possible parameters are: +.vlist +.vitem &*cachepos&~=&~*&<&'time&~interval'&> +.cindex "quota cache" "positive entry expiry, specifying" +Set the lifetime for a positive cache entry. +A value of zero seconds is legitimate. + +.vitem &*cacheneg&~=&~*&<&'time&~interval'&> +.cindex "quota cache" "negative entry expiry, specifying" +As above, for a negative entry. + +.vitem &*no_cache*& +Set both positive and negative lifetimes to zero. +.wen + .section "Sender address verification reporting" "SECTsenaddver" .cindex "verifying" "suppressing error details" See section &<<SECTaddressverification>>& for a general discussion of @@ -37983,6 +38232,7 @@ selection marked by asterisks: &`*tls_certificate_verified `& certificate verification status &`*tls_cipher `& TLS cipher suite on <= and => lines &` tls_peerdn `& TLS peer DN on <= and => lines +&` tls_resumption `& append * to cipher field &` tls_sni `& TLS SNI on <= lines &` unknown_in_list `& DNS lookup failed in list match @@ -38384,6 +38634,14 @@ connection, the cipher suite used is added to the log line, preceded by X=. connection, and a certificate is supplied by the remote host, the peer DN is added to the log line, preceded by DN=. .next +.cindex "log" "TLS resumption" +.cindex "TLS" "logging session resumption" +.new +&%tls_resumption%&: When a message is sent or received over an encrypted +connection and the TLS session resumed one used on a previous TCP connection, +an asterisk is appended to the X= cipher field in the log line. +.wen +.next .cindex "log" "TLS SNI" .cindex "TLS" "logging SNI" &%tls_sni%&: When a message is received over an encrypted connection, and @@ -38929,6 +39187,10 @@ for remote hosts .next &'ratelimit'&: the data for implementing the ratelimit ACL condition .next +.new +&'tls'&: TLS session resumption data +.wen +.next &'misc'&: other hints data .endlist @@ -40342,8 +40604,8 @@ There is no dot-stuffing (and no dot-termination). . //////////////////////////////////////////////////////////////////////////// . //////////////////////////////////////////////////////////////////////////// -.chapter "DKIM, SPF and DMARC" "CHAPdkim" &&& - "DKIM, SPF and DMARC Support" +.chapter "DKIM, SPF, SRS and DMARC" "CHAPdkim" &&& + "DKIM, SPF, SRS and DMARC Support" .section "DKIM (DomainKeys Identified Mail)" SECDKIM .cindex "DKIM" @@ -41035,6 +41297,108 @@ The lookup will return the same result strings as can appear in +.section "SRS (Sender Rewriting Scheme)" SECTSRS +.cindex SRS "sender rewriting scheme" + +.new +SRS can be used to modify sender addresses when forwarding so that +SPF verification does not object to them. +It operates by encoding the original envelope sender in a new +sender local part and using a domain run by the forwarding site +as the new domain for the sender. Any DSN message should be returned +to this new sender at the forwarding site, which can extract the +original sender from the coded local part and forward the DSN to +the originator. + +This is a way of avoiding the breakage that SPF does to forwarding. +The constructed local-part will be longer than the original, +leading to possible problems with very long addresses. +The changing of the sender address also hinders the tracing of mail +problems. + +Exim can be built to include native SRS support. To do this +SUPPORT_SRS=yes must be defined in &_Local/Makefile_&. +If this has been done, the macros _HAVE_SRS and _HAVE_NATIVE_SRS +will be defined. +The support is limited to SRS0-encoding; SRS1 is not supported. + +.cindex SRS excoding +To encode an address use this expansion item: +.vlist +.vitem &*${srs_encode&~{*&<&'secret'&>&*}{*&<&'return&~path'&>&*}{*&<&'original&~domain'&>&*}}*& +.cindex "&%srs_encode%& expansion item" +.cindex SRS "expansion item" +The first argument should be a secret known and used by all systems +handling the recipient domain for the original message. +There is no need to periodically change this key; a timestamp is also +encoded. +The second argument should be given as the envelope sender address before this +encoding operation. +The third argument should be the recipient domain of the message when +it arrived at this system. +.endlist + +.cindex SRS decoding +To decode an address use this expansion condition: +.vlist +.vitem &*inbound_srs&~{*&<&'local&~part'&>&*}{*&<&'secret'&>&*}*& +The first argument should be the recipient local prt as is was received. +The second argument is the site secret. + +If the messages is not for an SRS-encoded recipient the condition will +return false. If it is, the condition will return true and the variable +&$srs_recipient$& will be set to the decoded (original) value. +.endlist + +Example usage: +.code + #macro + SRS_SECRET = <pick something unique for your site for this. Use on all MXs.> + + #routers + + outbound: + driver = dnslookup + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +my_domains + transport = ${if eq {$local_part@$domain} \ + {$original_local_part@$original_domain} \ + {remote_smtp} {remote_forwarded_smtp}} + + inbound_srs: + driver = redirect + senders = : + domains = +my_domains + # detect inbound bounces which are SRS'd, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + + inbound_srs_failure: + driver = redirect + senders = : + domains = +my_domains + # detect inbound bounces which look SRS'd but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + + #... further routers here + + + # transport; should look like the non-forward outbound + # one, plus the max_rcpt and return_path options + remote_forwarded_smtp: + driver = smtp + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} +.endd + + +.wen + + + .section DMARC SECDMARC .cindex DMARC verification diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 585deb042..a4526ca5c 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -3,6 +3,14 @@ affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.95 +----------------- + +JH/01 Bug 1329: Fix format of Maildir-format filenames to match other mail- + related applications. Previously an "H" was used where available info + says that "M" should be, so change to match. + + Exim version 4.94 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 43e170e11..5769a9733 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -6,6 +6,30 @@ Before a formal release, there may be quite a lot of detail so that people can test from the snapshots or the Git before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.95 +------------ + + 1. The fast-ramp two phase queue run support, previously experimental, is + now supported by default. + + 2. The native SRS support, previously experimental, is now supported. It is + not built unless specified in the Local/Makefile. + + 3. TLS resumption support, previously experimental, is now supported and + included in default builds. + + 4. Single-key LMDB lookups, previously experimental, are now supported. + The support is not built unless specified in the Local/Makefile. + + 5. Option "message_linelength_limit" on the smtp transport to enforce (by + default) the RFC 998 character limit. + + 6. An option to ignore the cache on a lookup. + + 7. Quota checking during reception (i.e. at SMTP time) for appendfile- + transport-managed quotas. + + Version 4.94 ------------ diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index 8b2dee352..183f6b722 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -382,6 +382,7 @@ message_body_newlines boolean false main message_body_visible integer 500 main message_id_header_domain string* unset main 4.11 message_id_header_text string* unset main +message_linelength_limit integer 998 smtp 4.94 message_logs boolean true main 4.10 message_prefix string* + appendfile 4.00 replaces prefix string* unset pipe 4.00 replaces prefix @@ -443,6 +444,7 @@ qualify_recipient string + main qualify_single boolean true dnslookup 4.00 query string* + iplookup 4.00 queue_domains domain list unset main 4.00 +queue_fasst_ramp boolean false main 4.95 queue_list_requires_admin boolean true main 1.95 queue_only boolean false main queue_only_file string unset main 2.05 @@ -606,6 +608,8 @@ tls_privatekey string* unset main tls_remember_emstp boolean false main 4.21 tls_require_ciphers string* unset smtp 4.00 replaces tls_verify_ciphers string* unset main 4.33 +tls_resumption_hosts host list* unset main 4.95 + host list* unset smtp 4.95 tls_sni string* unset main 4.80 tls_tempfail_tryclear boolean true smtp 4.05 tls_try_verify_hosts host list unset main 4.00 diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 3beab4b9c..68366a4a9 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -294,9 +294,9 @@ These four steps are explained in more details below. SRS (Sender Rewriting Scheme) Support (using libsrs_alt) -------------------------------------------------------------- -See also below, for an alternative native support implementation. +See also the main docs, for an alternative native support implementation. -Exim currently includes SRS support via Miles Wilton's +Exim can be built with SRS support using Miles Wilton's libsrs_alt library. The current version of the supported library is 0.5, there are reports of 1.0 working. @@ -309,10 +309,14 @@ https://opsec.eu/src/srs/ Unpack the tarball, then refer to MTAs/README.EXIM to proceed. You need to set -EXPERIMENTAL_SRS=yes +EXPERIMENTAL_SRS_ALT=yes in your Local/Makefile. +The built-in support, included by SUPPORT_SRS, +shuold *not* be enabled if you wish to use the libsrs_alt +version. + The following main-section options become available: srs_config string srs_hashlength int @@ -344,76 +348,6 @@ For configuration information see https://github.com/Exim/exim/wiki/SRS . -SRS (Sender Rewriting Scheme) Support (native) --------------------------------------------------------------- -This is less full-featured than the libsrs_alt version above. - -The Exim build needs to be done with this in Local/Makefile: -EXPERIMENTAL_SRS_NATIVE=yes - -The following are provided: -- an expansion item "srs_encode" - This takes three arguments: - - a site SRS secret - - the return_path - - the pre-forwarding domain - -- an expansion condition "inbound_srs" - This takes two arguments: the local_part to check, and a site SRS secret. - If the secret is zero-length, only the pattern of the local_part is checked. - The $srs_recipient variable is set as a side-effect. - -- an expansion variable $srs_recipient - This gets the original return_path encoded in the SRS'd local_part - -- predefined macros _HAVE_SRS and _HAVE_NATIVE_SRS - -Sample usage: - - #macro - SRS_SECRET = <pick something unique for your site for this> - - #routers - - outbound: - driver = dnslookup - # if outbound, and forwarding has been done, use an alternate transport - domains = ! +my_domains - transport = ${if eq {$local_part@$domain} \ - {$original_local_part@$original_domain} \ - {remote_smtp} {remote_forwarded_smtp}} - - inbound_srs: - driver = redirect - senders = : - domains = +my_domains - # detect inbound bounces which are SRS'd, and decode them - condition = ${if inbound_srs {$local_part} {SRS_SECRET}} - data = $srs_recipient - - inbound_srs_failure: - driver = redirect - senders = : - domains = +my_domains - # detect inbound bounces which look SRS'd but are invalid - condition = ${if inbound_srs {$local_part} {}} - allow_fail - data = :fail: Invalid SRS recipient address - - #... further routers here - - - # transport; should look like the non-forward outbound - # one, plus the max_rcpt and return_path options - remote_forwarded_smtp: - driver = smtp - # modify the envelope from, for mails that we forward - max_rcpt = 1 - return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} - - - - DCC Support -------------------------------------------------------------- Distributed Checksum Clearinghouse; http://www.rhyolite.com/dcc/ @@ -532,52 +466,6 @@ Rationale: Note that non-RFC-documented field names and data types are used. -LMDB Lookup support -------------------- -LMDB is an ultra-fast, ultra-compact, crash-proof key-value embedded data store. -It is modeled loosely on the BerkeleyDB API. You should read about the feature -set as well as operation modes at https://symas.com/products/lightning-memory-mapped-database/ - -LMDB single key lookup support is provided by linking to the LMDB C library. -The current implementation does not support writing to the LMDB database. - -Visit https://github.com/LMDB/lmdb to download the library or find it in your -operating systems package repository. - -If building from source, this description assumes that headers will be in -/usr/local/include, and that the libraries are in /usr/local/lib. - -1. In order to build exim with LMDB lookup support add or uncomment - -EXPERIMENTAL_LMDB=yes - -to your Local/Makefile. (Re-)build/install exim. exim -d should show -Experimental_LMDB in the line "Support for:". - -EXPERIMENTAL_LMDB=yes -LDFLAGS += -llmdb -# CFLAGS += -I/usr/local/include -# LDFLAGS += -L/usr/local/lib - -The first line sets the feature to include the correct code, and -the second line says to link the LMDB libraries into the -exim binary. The commented out lines should be uncommented if you -built LMDB from source and installed in the default location. -Adjust the paths if you installed them elsewhere, but you do not -need to uncomment them if an rpm (or you) installed them in the -package controlled locations (/usr/include and /usr/lib). - -2. Create your LMDB files, you can use the mdb_load utility which is -part of the LMDB distribution our your favourite language bindings. - -3. Add the single key lookups to your exim.conf file, example lookups -are below. - -${lookup{$sender_address_domain}lmdb{/var/lib/baruwa/data/db/relaydomains.mdb}{$value}} -${lookup{$sender_address_domain}lmdb{/var/lib/baruwa/data/db/relaydomains.mdb}{$value}fail} -${lookup{$sender_address_domain}lmdb{/var/lib/baruwa/data/db/relaydomains.mdb}} - - Queuefile transport ------------------- Queuefile is a pseudo transport which does not perform final delivery. @@ -750,67 +638,8 @@ used via the transport in question. - -TLS Session Resumption ----------------------- -TLS Session Resumption for TLS 1.2 and TLS 1.3 connections can be used (defined -in RFC 5077 for 1.2). The support for this can be included by building with -EXPERIMENTAL_TLS_RESUME defined. This requires GnuTLS 3.6.3 or OpenSSL 1.1.1 -(or later). - -Session resumption (this is the "stateless" variant) involves the server sending -a "session ticket" to the client on one connection, which can be stored by the -client and used for a later session. The ticket contains sufficient state for -the server to reconstruct the TLS session, avoiding some expensive crypto -calculation and one full packet roundtrip time. - -Operational cost/benefit: - The extra data being transmitted costs a minor amount, and the client has - extra costs in storing and retrieving the data. - - In the Exim/Gnutls implementation the extra cost on an initial connection - which is TLS1.2 over a loopback path is about 6ms on 2017-laptop class hardware. - The saved cost on a subsequent connection is about 4ms; three or more - connections become a net win. On longer network paths, two or more - connections will have an average lower startup time thanks to the one - saved packet roundtrip. TLS1.3 will save the crypto cpu costs but not any - packet roundtrips. - - Since a new hints DB is used, the hints DB maintenance should be updated - to additionally handle "tls". - -Security aspects: - The session ticket is encrypted, but is obviously an additional security - vulnarability surface. An attacker able to decrypt it would have access - all connections using the resumed session. - The session ticket encryption key is not committed to storage by the server - and is rotated regularly (OpenSSL: 1hr, and one previous key is used for - overlap; GnuTLS 6hr but does not specify any overlap). - Tickets have limited lifetime (2hr, and new ones issued after 1hr under - OpenSSL. GnuTLS 2hr, appears to not do overlap). - - There is a question-mark over the security of the Diffie-Helman parameters - used for session negotiation. TBD. q-value; cf bug 1895 - -Observability: - New log_selector "tls_resumption", appends an asterisk to the tls_cipher "X=" - element. - - Variables $tls_{in,out}_resumption have bits 0-4 indicating respectively - support built, client requested ticket, client offered session, - server issued ticket, resume used. A suitable decode list is provided - in the builtin macro _RESUME_DECODE for ${listextract {}{}}. - -Issues: - In a resumed session: - $tls_{in,out}_cipher will have values different to the original (under GnuTLS) - $tls_{in,out}_ocsp will be "not requested" or "no response", and - hosts_require_ocsp will fail - - - Dovecot authenticator via inet socket ------------------------------------- +-------------------------------------------------------------- If Dovecot is configured similar to :- service auth { @@ -837,30 +666,6 @@ and a whitespace-separated port number must be given. -Twophase queue run fast ramp ----------------------------- -To include this feature, add to Local/Makefile: - EXPERIMENTAL_QUEUE_RAMP=yes - -If the (added for this feature) main-section option "queue_fast_ramp" (boolean) -is set, and a two-phase ("-qq") queue run finds, during the first phase, a -suitably large number of message routed for a given host - then (subject to -the usual queue-runner resource limits) delivery for that host is initiated -immediately, overlapping with the remainder of the first phase. - -This is incompatible with queue_run_in_order. - -The result should be a faster startup of deliveries when a large queue is -present and reasonable numbers of messages are routed to common hosts; this -could be a smarthost case, or delivery onto the Internet where a large proportion -of recipients hapen to be on a Gorilla-sized provider. - -As usual, the presence of a configuration option is associated with a -predefined macro, making it possible to write portable configurations. -For this one, the macro is _OPT_MAIN_QUEUE_FAST_RAMP. - - - -------------------------------------------------------------- End of file -------------------------------------------------------------- |