[exim-cvs] cvs commit: exim/exim-doc/doc-txt README experime…

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Tom Kistner
Ημερομηνία:  
Προς: exim-cvs
Αντικείμενο: [exim-cvs] cvs commit: exim/exim-doc/doc-txt README experimental-spec.txt
tom 2005/06/27 19:32:20 BST

  Modified files:
    exim-doc/doc-txt     README experimental-spec.txt 
  Log:
  Remove tabs and trailing spaces ...


  Revision  Changes    Path
  1.2       +1 -1      exim/exim-doc/doc-txt/README
  1.3       +107 -107  exim/exim-doc/doc-txt/experimental-spec.txt


  Index: README
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/README,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- README    7 Oct 2004 15:04:35 -0000    1.1
  +++ README    27 Jun 2005 18:32:20 -0000    1.2
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/README,v 1.1 2004/10/07 15:04:35 ph10 Exp $
  +$Cambridge: exim/exim-doc/doc-txt/README,v 1.2 2005/06/27 18:32:20 tom Exp $


Exim Documentation
------------------
@@ -49,7 +49,7 @@
places a directory called doc/html containing the set of HTML files. The kick
off points are:

  -   html/spec.html       - specification (framed)
  +   html/spec.html     - specification (framed)
      html/filter_toc.html    - filter docs




  Index: experimental-spec.txt
  ===================================================================
  RCS file: /home/cvs/exim/exim-doc/doc-txt/experimental-spec.txt,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- experimental-spec.txt    8 Mar 2005 15:33:05 -0000    1.2
  +++ experimental-spec.txt    27 Jun 2005 18:32:20 -0000    1.3
  @@ -1,4 +1,4 @@
  -$Cambridge: exim/exim-doc/doc-txt/experimental-spec.txt,v 1.2 2005/03/08 15:33:05 tom Exp $
  +$Cambridge: exim/exim-doc/doc-txt/experimental-spec.txt,v 1.3 2005/06/27 18:32:20 tom Exp $


From time to time, experimental features may be added to Exim.
While a feature is experimental, there will be a build-time
@@ -45,7 +45,7 @@

Incoming messages are fed to the DK validation process as they
are received "on the wire". This happens synchronously to
-Exim's buffering of the message in the spool.
+Exim's buffering of the message in the spool.

You must set "control = dk_verify" in one of the ACLs
preceding DATA (you will typically use acl_smtp_rcpt), at a
@@ -67,32 +67,32 @@
1.1.) DK ACL conditions

     dk_sender_domains = <domain list>
  -                      
  +
       This   condition   takes  a   domainlist  as argument  and
       succeeds if the domain that DK has  been verifying  for is
       found in the list.



     dk_senders = <address list>
  -  
  +
       This  condition  takes  an  addresslist  as argument   and
       succeeds  if  the address  that DK has been  verifying for
       is  found in the list.



     dk_sender_local_parts = <local part list>
  -  
  +
       This  condition  takes   a local_part  list   as  argument
       and  succeeds   if  the   domain   that    DK   has   been
       verifying  for is found in the list.



     dk_status = <colon separated list of keywords>
  -  
  +
       This condition takes a  list of keywords as  argument, and
       succeeds if one of the listed keywords matches the outcome
       of the DK check. The available keywords are:
  -    
  +
       good            DK check succeeded, mail is verified.
       bad             DK check failed.
       no signature    Mail is not signed with DK.
  @@ -103,23 +103,23 @@



     dk_policy = <colon separated list of keywords>
  -  
  +
       This condition takes a  list of keywords as  argument, and
       succeeds if one of the listed keywords matches the  policy
       announced  by the  target domain.  The available  keywords
       are:
  -    
  +
       signsall        The target domain signs all outgoing email.
       testing         The target domain is currently testing DK.



     dk_domain_source = <colon separated list of keywords>
  -  
  +
       This condition takes a  list of keywords as  argument, and
       succeeds  if  one  of  the  listed  keywords  matches  the
       location where DK found the sender domain it verified for.
       The available keywords are:
  -    
  +
       from            The domain came from the "From:" header.
       sender          The domain came from the "Sender:" header.
       none            DK was unable to find the responsible domain.
  @@ -129,53 +129,53 @@
   1.2.) DK verification expansion variables


     $dk_sender_domain
  -  
  +
       Contains the domain that DK has verified for.
  -    
  -  
  +
  +
     $dk_sender
  -  
  +
       Contains the address that DK has verified for.
  -    
  -    
  +
  +
     $dk_sender_local_part
  -  
  +
       Contains the local part that DK has verified for.
  -  
  -  
  +
  +
     $dk_sender_source
  -  
  +
       Contains the "source" of the above three variables, one of
  -    
  +
         "from"    The address came from the "From:" header.
         "sender"  The address came from the "Sender:" header.
  -   
  +
       When DK was unable to find a valid address, this variable
  -    is "0".      
  +    is "0".



     $dk_signsall
  -  
  +
       Is "1" if the target domain signs all outgoing email,
       "0" otherwise.
  -    
  -    
  +
  +
     $dk_testing
  -  
  +
       Is "1" if the target domain is testing DK, "0" otherwise.
  -    
  -       
  +
  +
     $dk_is_signed
  -  
  +
       Is "1" if the message is signed, "0" otherwise.
  -    
  -    
  +
  +
     $dk_status
  -  
  +
       Contains the outcome of the DK check as a string, commonly
       used to add a "DomainKey-Status:" header to messages. Will
       contain one of:
  -    
  +
       good            DK check succeeded, mail is verified.
       bad             DK check failed.
       no signature    Mail is not signed with DK.
  @@ -186,10 +186,10 @@



     $dk_result
  -  
  +
       Contains a  human-readable result  of the  DK check,  more
       verbose than $dk_status. Useful for logging purposes.
  -   
  +



2) Sign outgoing email with DK
@@ -206,7 +206,7 @@


     dk_selector = <expanded string> [MANDATORY]
  -  
  +
       This  sets  the  key  selector  string.  You  can  use the
       $dk_domain  expansion  variable  to  look  up  a  matching
       selector.  The result  is put  in the  expansion  variable
  @@ -215,11 +215,11 @@



     dk_private_key = <expanded string> [MANDATORY]
  -  
  +
       This  sets the  private key  to use.  You SHOULD  use  the
       $dk_domain   and  $dk_selector   expansion  variables   to
       determine the private key to use. The result can either
  -    
  +
         o be a valid RSA private key in ASCII armor, including
           line breaks.
         o start with a slash, in which case it is treated as
  @@ -227,10 +227,10 @@
         o be "0", "false" or the empty string, in which case
           the message will not be signed. This case will not
           result in an error, even if dk_strict is set.
  -        
  +


     dk_canon = <expanded string> [OPTIONAL]
  -    
  +
       This  option sets  the canonicalization  method used  when
       signing a  message. The  DK draft  currently supports  two
       methods:  "simple"  and "nofws".  The  option defaults  to
  @@ -238,7 +238,7 @@



     dk_strict = <expanded string> [OPTIONAL]
  -  
  +
       This  option  defines  how  Exim  behaves  when  signing a
       message that should be signed fails for some reason.  When
       the expansion evaluates to either "1" or "true", Exim will
  @@ -248,13 +248,13 @@



     dk_domain = <expanded string> [NOT RECOMMENDED]
  -  
  +
       This  option overrides  DKs autodetection  of the  signing
       domain. You should only use  this option if you know  what
       you are doing. The result of the string expansion is  also
       put in $dk_domain.
  -    
  -    
  +
  +



   2. Brighmail AntiSpam (BMI) suppport
  @@ -288,7 +288,7 @@
        of the config file).
     5) (Optional) Set up per-recipient opt-in information.


-These four steps are explained in more details below.
+These four steps are explained in more details below.

1) Adding support for BMI at compile time

  @@ -302,14 +302,14 @@
     EXPERIMENTAL_BRIGHTMAIL=yes
     CFLAGS=-DBRIGHTMAIL -I/path/to/the/dir/with/the/includefile
     EXTRALIBS_EXIM=-L/path/to/the/dir/with/the/library -lbmiclient_single
  -  
  +
     If  you use  other CFLAGS  or EXTRALIBS_EXIM  settings then
     merge the content of these lines with them.


     Note for BMI6.x users: You'll also have to add -lxml2_single
     to the EXTRALIBS_EXIM line. Users of 5.5x do not need to  do
     this.
  -  
  +
     You    should     also    include     the    location     of
     libbmiclient_single.so in your dynamic linker  configuration
     file   (usually   /etc/ld.so.conf)   and   run    "ldconfig"
  @@ -322,9 +322,9 @@
     To enable BMI  support in the  main exim configuration,  you
     should set the path to the main BMI configuration file  with
     the "bmi_config_file" option, like this:
  -  
  +
     bmi_config_file = /opt/brightmail/etc/brightmail.cfg
  -  
  +
     This must go into section 1 of exims configuration file (You
     can  put it  right on  top). If  you omit  this option,  it
     defaults to /opt/brightmail/etc/brightmail.cfg.
  @@ -332,7 +332,7 @@
     Note for BMI6.x users: This  file is in XML format  in V6.xx
     and its  name is  /opt/brightmail/etc/bmiconfig.xml. So  BMI
     6.x users MUST set the bmi_config_file option.
  -  
  +


3) Set up ACL control statement

  @@ -345,7 +345,7 @@
     use the "accept" block(s)  that accept messages from  remote
     servers for your own domain(s). Here is an example that uses
     the "accept" blocks from exims default configuration file:
  -  
  +


     accept  domains       = +local_domains
             endpass
  @@ -356,7 +356,7 @@
             endpass
             verify        = recipient
             control       = bmi_run
  -  
  +
     If bmi_run  is not  set in  any ACL  during reception of the
     message, it will NOT be passed to the BMI server.


  @@ -369,106 +369,106 @@
     during routing, so you  can query the verdicts  by recipient
     at  that stage.  From Exims  view, a  verdict can  have the
     following outcomes:
  -  
  +
     o deliver the message normally
     o deliver the message to an alternate location
     o do not deliver the message
  -  
  +
     To query  the verdict  for a  recipient, the  implementation
     offers the following tools:
  -  
  -  
  +
  +
     - Boolean router  preconditions. These  can be  used in  any
       router. For a simple  implementation of BMI, these  may be
       all  that  you  need.  The  following  preconditions   are
       available:
  -    
  +
       o bmi_deliver_default
  -    
  +
         This  precondition  is  TRUE  if  the  verdict  for  the
         recipient is  to deliver  the message  normally. If  the
         message has not been  processed by the BMI  server, this
         variable defaults to TRUE.
  -      
  +
       o bmi_deliver_alternate
  -    
  +
         This  precondition  is  TRUE  if  the  verdict  for  the
         recipient  is to  deliver the  message to  an alternate
         location.  You  can  get the  location  string  from the
         $bmi_alt_location expansion variable if you need it. See
         further below. If the message has not been processed  by
         the BMI server, this variable defaults to FALSE.
  -      
  +
       o bmi_dont_deliver
  -    
  +
         This  precondition  is  TRUE  if  the  verdict  for  the
         recipient  is  NOT  to   deliver  the  message  to   the
         recipient. You will typically use this precondition in a
         top-level blackhole router, like this:
  -      
  +
           # don't deliver messages handled by the BMI server
           bmi_blackhole:
             driver = redirect
             bmi_dont_deliver
             data = :blackhole:
  -      
  +
         This router should be on top of all others, so  messages
         that should not be delivered do not reach other  routers
         at all. If   the  message  has  not  been  processed  by
         the  BMI server, this variable defaults to FALSE.
  -      
  -      
  +
  +
     - A list router  precondition to query  if rules "fired"  on
       the message for the recipient. Its name is "bmi_rule". You
       use  it  by  passing it  a  colon-separated  list of  rule
       numbers. You can use this condition to route messages that
       matched specific rules. Here is an example:
  -    
  +
         # special router for BMI rule #5, #8 and #11
         bmi_rule_redirect:
           driver = redirect
           bmi_rule = 5:8:11
           data = postmaster@???
  -      
  -  
  +
  +
     - Expansion variables. Several  expansion variables are  set
       during  routing.  You  can  use  them  in  custom   router
       conditions,  for  example.  The  following  variables  are
       available:
  -    
  +
       o $bmi_base64_verdict
  -    
  +
         This variable  will contain  the BASE64  encoded verdict
         for the recipient being routed. You can use it to add  a
         header to messages for tracking purposes, for example:
  -      
  +
         localuser:
           driver = accept
           check_local_user
           headers_add = X-Brightmail-Verdict: $bmi_base64_verdict
           transport = local_delivery
  -      
  +
         If there is no verdict available for the recipient being
         routed, this variable contains the empty string.
  -    
  +
       o $bmi_base64_tracker_verdict
  -    
  +
         This variable  will contain  a BASE64  encoded subset of
         the  verdict  information  concerning  the  "rules" that
         fired  on the  message. You  can add  this string  to a
         header, commonly named "X-Brightmail-Tracker". Example:
  -      
  +
         localuser:
           driver = accept
           check_local_user
           headers_add = X-Brightmail-Tracker: $bmi_base64_tracker_verdict
           transport = local_delivery
  -        
  +
         If there is no verdict available for the recipient being
         routed, this variable contains the empty string.
  -      
  +
       o $bmi_alt_location
  -    
  +
         If  the  verdict  is  to  redirect  the  message  to  an
         alternate  location,  this  variable  will  contain  the
         alternate location string returned by the BMI server. In
  @@ -477,17 +477,17 @@
         there is  no verdict  available for  the recipient being
         routed, or if the  message is to be  delivered normally,
         this variable contains the empty string.
  -      
  +
       o $bmi_deliver
  -    
  +
         This is an additional integer variable that can be  used
         to query if the message should be delivered at all.  You
         should use router preconditions instead if possible.
  -      
  +
         $bmi_deliver is '0': the message should NOT be delivered.
         $bmi_deliver is '1': the message should be delivered.
  -      
  -   
  +
  +
     IMPORTANT NOTE: Verdict inheritance.
     The  message  is passed  to  the BMI  server  during message
     reception,  using the  target addresses  from the  RCPT TO:
  @@ -496,8 +496,8 @@
     inherit the  verdict from  the original  address. This means
     that verdicts also apply to all "child" addresses  generated
     from top-level addresses that were sent to the BMI server.
  -  
  -  
  +
  +
   5) Using per-recipient opt-in information (Optional)


     The  BMI server  features multiple  scanning "profiles"  for
  @@ -517,32 +517,32 @@
     flag. Here is an example that will pull opt-in data for each
     recipient      from       a      flat       file      called
     '/etc/exim/bmi_optin_data'.
  -  
  +
     The file format:
  -  
  +
       user1@???: <OPTIN STRING1>:<OPTIN STRING2>
       user2@???: <OPTIN STRING3>
  -    
  -    
  +
  +
     The example:
  -  
  +
       accept  domains       = +relay_to_domains
               endpass
               verify        = recipient
               bmi_optin     = ${lookup{$local_part@$domain}lsearch{/etc/exim/bmi_optin_data}}
  -            control       = bmi_run  
  -  
  +            control       = bmi_run
  +
     Of course,  you can  also use  any other  lookup method that
     exim supports, including LDAP, Postgres, MySQL, Oracle etc.,
     as long as  the result is  a list of  colon-separated opt-in
     strings.
  -  
  +
     For a list of available opt-in strings, please contact  your
     Brightmail representative.
  -  
  -  


-
+
+
+
3. Sender Policy Framework (SPF) support
--------------------------------------------------------------

@@ -551,10 +551,10 @@
read and understand the implications of deploying SPF on your
system before doing so.

-SPF support is added via the libspf2 library. Visit
+SPF support is added via the libspf2 library. Visit

     http://www.libspf2.org/
  -  
  +
   to obtain  a copy,  then compile  and install  it. By default,
   this will  put headers  in /usr/local/include  and the  static
   library in /usr/local/lib.
  @@ -601,7 +601,7 @@
     o err_temp  This indicates a temporary error during all
                 processing, including exim's SPF processing.
                 You may defer messages when this occurs.
  -              
  +
   You can prefix each string with an exclamation mark to  invert
   is meaning,  for example  "!fail" will  match all  results but
   "fail".  The  string  list is  evaluated  left-to-right,  in a
  @@ -640,29 +640,29 @@
     This contains a human-readable string describing the outcome
     of the SPF check. You can add it to a custom header or use
     it for logging purposes.
  -  
  +
     $spf_received
     This contains a complete SPF-Received: header that can be
     added to the message. Please note that according to the SPF
     draft, this header must be added at the top of the header
     list. Please see section 10 on how you can do this.
  -  
  +
     $spf_result
     This contains the outcome of the SPF check in string form,
     one of pass, fail, softfail, none, neutral, err_perm or
     err_temp.
  -  
  +
     $spf_smtp_comment
     This contains a string that can be used in a SMTP response
     to the calling party. Useful for "fail".
  -  
  -  
  +
  +


4. SRS (Sender Rewriting Scheme) Support
--------------------------------------------------------------

Exiscan currently includes SRS support via Miles Wilton's
-libsrs_alt library. The current version of the supported
+libsrs_alt library. The current version of the supported
library is 0.5.

In order to use SRS, you must get a copy of libsrs_alt from