See section &<<SECDKIMVFY>>&.
-.option dmarc_forensic_sender main string&!! unset
-.option dmarc_history_file main string unset
-.option dmarc_tld_file main string unset
+.option dmarc_forensic_sender main string&!! unset &&&
+ dmarc_history_file main string unset &&&
+ dmarc_tld_file main string unset
.cindex DMARC "main section options"
These options control DMARC processing.
See section &<<SECDMARC>>& for details.
follows:
.ilist
-LF not preceded by CR is treated as a line ending.
-.next
CR is treated as a line ending; if it is immediately followed by LF, the LF
is ignored.
.next
.next
If the first header line received in a message ends with CRLF, a subsequent
bare LF in a header line is treated in the same way as a bare CR in a header
-line.
+line and a bare LF in a body line is replaced with a space.
+.next
+If the first header line received in a message does not end with CRLF, a subsequent
+LF not preceded by CR is treated as a line ending.
.endlist
.irow &`deliver_time`& "time taken to attempt delivery"
.irow &`delivery_size`& "add &`S=`&&'nnn'& to => lines"
.irow &`dkim`& * "DKIM verified domain on <= lines"
-.irow &`dkim_verbose`& "separate full DKIM verification result line, per signature"
+.irow &`dkim_verbose`& "separate full DKIM verification result line, per signature; DKIM signing"
.irow &`dnslist_defer`& * "defers of DNS list (aka RBL) lookups"
.irow &`dnssec`& "DNSSEC secured lookups"
.irow &`etrn`& * "ETRN commands"
.cindex log "DKIM verification"
.cindex DKIM "verification logging"
&%dkim_verbose%&: A log entry is written for each attempted DKIM verification.
+.new
+Also, on message delivery lines signing information (domain and selector)
+is added, tagged with DKIM=.
+.wen
.next
.cindex "log" "dnslist defer"
.cindex "DNS list" "logging defer"
.option dkim_timestamps smtp integer&!! unset
This option controls the inclusion of timestamp information in the signature.
If not set, no such information will be included.
-Otherwise, must be an unsigned number giving an offset in seconds from the current time
-for the expiry tag
-(eg. 1209600 for two weeks);
-both creation (t=) and expiry (x=) tags will be included.
+.new
+Otherwise, must be an unsigned number giving an offset in seconds from the
+current time for the expiry tag (e.g. 1209600 for two weeks); both creation
+(t=) and expiry (x=) tags will be included unless the offset is 0 (no expiry).
+.wen
RFC 6376 lists these tags as RECOMMENDED.
.subsection "SRS (Sender Rewriting Scheme)" SECTSRS
.cindex SRS "sender rewriting scheme"
+.cindex VERP "variable envelope return path"
SRS can be used to modify sender addresses when forwarding so that
SPF verification does not object to them.
-It operates by encoding the original envelope sender in a new
+It can also be used to identify a received bounce message as
+likely (or not) having been trigged by a message from the
+local system, and for identifying dead addresses in mailing lists.
+It is one implementation of a VERP (Variable Envelope Return Path) method.
+
+SRS operates by encoding the original envelope sender in a new
sender local part and using a domain run by the forwarding site
as the new domain for the sender. Any DSN message should be returned
to this new sender at the forwarding site, which can extract the