X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=doc%2Fdoc-docbook%2Fspec.xfpt;h=c46b503074b13693c5fb4c6a9f5858776d9e6997;hp=ba32403d6f85864b1de191f45376bd1db6f603c0;hb=6e773413c0c0d4bb52b7a9af4c23ab83e26aa26b;hpb=23bb69826c8d600ce4a268ad27e14b0390e540c8 diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index ba32403d6..c46b50307 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -10482,7 +10482,7 @@ variables or headers inside regular expressions. .cindex "SHA-1 hash" .cindex "expansion" "SHA-1 hashing" .cindex certificate fingerprint -.cindex "&%sha2%& expansion item" +.cindex "&%sha1%& expansion item" The &%sha1%& operator computes the SHA-1 hash value of the string, and returns it as a 40-digit hexadecimal number, in which any letters are in upper case. @@ -10490,16 +10490,38 @@ If the string is a single variable of type certificate, returns the SHA-1 hash fingerprint of the certificate. -.vitem &*${sha256:*&<&'certificate'&>&*}*& +.vitem &*${sha256:*&<&'string'&>&*}*& .cindex "SHA-256 hash" .cindex certificate fingerprint .cindex "expansion" "SHA-256 hashing" .cindex "&%sha256%& expansion item" -The &%sha256%& operator computes the SHA-256 hash fingerprint of the -certificate, +.new +The &%sha256%& operator computes the SHA-256 hash value of the string +and returns +it as a 64-digit hexadecimal number, in which any letters are in upper case. +.wen + +If the string is a single variable of type certificate, +returns the SHA-256 hash fingerprint of the certificate. + + +.new +.vitem &*${sha3:*&<&'string'&>&*}*& +.vitem &*${sha3_:*&<&'string'&>&*}*& +.cindex "SHA3 hash" +.cindex "expansion" "SHA3 hashing" +.cindex "&%sha3%& expansion item" +The &%sha3%& operator computes the SHA3-256 hash value of the string and returns it as a 64-digit hexadecimal number, in which any letters are in upper case. -Only arguments which are a single variable of certificate type are supported. + +If a number is appended, separated by an underbar, it specifies +the output length. Values of 224, 256, 384 and 512 are accepted; +with 256 being the default. + +The &%sha3%& expansion item is only supported if Exim has been +compiled with GnuTLS 3.5.0 or later. +.wen .vitem &*${stat:*&<&'string'&>&*}*& @@ -28712,13 +28734,18 @@ with &`-d`&, with the output going to a new logfile, by default called &'debuglog'&. The filename can be adjusted with the &'tag'& option, which may access any variables already defined. The logging may be adjusted with the &'opts'& option, which takes the same values as the &`-d`& command-line -option. Some examples (which depend on variables that don't exist in all +option. +.new +Logging may be stopped, and the file removed, with the &'kill'& option. +.wen +Some examples (which depend on variables that don't exist in all contexts): .code control = debug control = debug/tag=.$sender_host_address control = debug/opts=+expand+acl control = debug/tag=.$message_exim_id/opts=+expand + control = debug/kill .endd @@ -35528,6 +35555,7 @@ the following table: &`CV `& certificate verification status &`D `& duration of &"no mail in SMTP session"& &`DN `& distinguished name from peer certificate +&`DS `& DNSSEC secured lookups &`DT `& on &`=>`& lines: time taken for a delivery &`F `& sender address (on delivery lines) &`H `& host name and IP address @@ -35618,6 +35646,7 @@ selection marked by asterisks: &` deliver_time `& time taken to perform delivery &` delivery_size `& add &`S=`&&'nnn'& to => lines &`*dnslist_defer `& defers of DNS list (aka RBL) lookups +&` dnssec `& DNSSEC secured lookups &`*etrn `& ETRN commands &`*host_lookup_failed `& as it says &` ident_timeout `& timeout for ident connection @@ -35725,6 +35754,14 @@ the &"=>"& line, tagged with S=. &%dnslist_defer%&: A log entry is written if an attempt to look up a host in a DNS black list suffers a temporary error. .next +.cindex log dnssec +.cindex dnssec logging +&%dnssec%&: For message acceptance and (attempted) delivery log lines, when +dns lookups gave secure results a tag of DS is added. +For acceptance this covers the reverse and forward lookups for host name verification. +It does not cover helo-name verification. +For delivery this covers the SRV, MX, A and/or AAAA lookups. +.next .cindex "log" "ETRN commands" .cindex "ETRN" "logging" &%etrn%&: Every valid ETRN command that is received is logged, before the ACL @@ -38379,7 +38416,7 @@ form of the name. Log lines and Received-by: header lines will acquire a "utf8" prefix on the protocol element, eg. utf8esmtp. -The following expansion operator can be used: +The following expansion operators can be used: .code ${utf8_domain_to_alabel:str} ${utf8_domain_from_alabel:str}