X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=doc%2Fdoc-docbook%2Fspec.xfpt;h=c8b999c9f6201f17bdccf6b9681828a96e57661f;hb=6ce1ece9cb2b13fdc4d235146fa98835811570bd;hp=118b7b5669d0d204e4647e713bb547e2cc2abfe9;hpb=e326959e5e455e1b46124b023e0b202e4892e501;p=exim.git diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 118b7b566..c8b999c9f 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -9377,7 +9377,7 @@ If the ACL returns defer the result is a forced-fail. Otherwise the expansion f .cindex headers "authentication-results:" .cindex authentication "expansion item" This item returns a string suitable for insertion as an -&'Authentication-Results"'& +&'Authentication-Results:'& header line. The given <&'authserv-id'&> is included in the result; typically this will be a domain name identifying the system performing the authentications. @@ -15113,15 +15113,20 @@ to handle IPv6 literal addresses. .new -.option dkim_verify_hashes main "string list" "sha256 : sha512 : sha1" +.option dkim_verify_hashes main "string list" "sha256 : sha512" .cindex DKIM "selecting signature algorithms" This option gives a list of hash types which are acceptable in signatures, and an order of processing. Signatures with algorithms not in the list will be ignored. -Note that the presence of sha1 violates RFC 8301. -Signatures using the rsa-sha1 are however (as of writing) still common. -The default inclusion of sha1 may be dropped in a future release. +Acceptable values include: +.code +sha1 +sha256 +sha512 +.endd + +Note that the acceptance of sha1 violates RFC 8301. .option dkim_verify_keytypes main "string list" "ed25519 : rsa" This option gives a list of key types which are acceptable in signatures, @@ -17736,7 +17741,14 @@ larger prime than requested. The value of this option is expanded and indicates the source of DH parameters to be used by Exim. -&*Note: The Exim Maintainers strongly recommend using a filename with site-generated +.new +This option is ignored for GnuTLS version 3.6.0 and later. +The library manages parameter negotiation internally. +.wen + +&*Note: The Exim Maintainers strongly recommend, +for other TLS library versions, +using a filename with site-generated local DH parameters*&, which has been supported across all versions of Exim. The other specific constants available are a fallback so that even when "unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS. @@ -17832,7 +17844,10 @@ Certificate Authority. Usable for GnuTLS 3.4.4 or 3.3.17 or OpenSSL 1.1.0 (or later). -For GnuTLS 3.5.6 or later the expanded value of this option can be a list +.new +For OpenSSL 1.1.0 or later, and +.wen +for GnuTLS 3.5.6 or later the expanded value of this option can be a list of files, to match a list given for the &%tls_certificate%& option. The ordering of the two lists must match. @@ -40504,10 +40519,11 @@ defines the location of a text file of valid top level domains the opendmarc library uses during domain parsing. Maintained by Mozilla, the most current version can be downloaded -from a link at &url(http://publicsuffix.org/list/). +from a link at &url(https://publicsuffix.org/list/, currently pointing +at https://publicsuffix.org/list/public_suffix_list.dat) See also util/renew-opendmarc-tlds.sh script. -The default for the option is currently -/etc/exim/opendmarc.tlds +The default for the option is /etc/exim/opendmarc.tlds. + The &%dmarc_history_file%& option, if set .oindex &%dmarc_history_file%& @@ -41028,7 +41044,9 @@ Events have names which correspond to the point in process at which they fire. The name is placed in the variable &$event_name$& and the event action expansion must check this, as it will be called for every possible event type. +.new The current list of events is: +.wen .display &`dane:fail after transport `& per connection &`msg:complete after main `& per message @@ -41042,6 +41060,7 @@ The current list of events is: &`tcp:close after transport `& per connection &`tls:cert before both `& per certificate in verification chain &`smtp:connect after transport `& per connection +&`smtp:ehlo after transport `& per connection .endd New event types may be added in future. @@ -41068,6 +41087,7 @@ with the event type: &`msg:host:defer `& error string &`tls:cert `& verification chain depth &`smtp:connect `& smtp banner +&`smtp:ehlo `& smtp ehlo response .endd The :defer events populate one extra variable: &$event_defer_errno$&.