Docs: clarify when TLS authenticator is run

[exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index a2374b18763c0c9abdcd457f220b785418bd4c55..c1c6293c9d182355bc526d1e20423d8623705aa5 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -28981,9 +28981,10 @@ for which it must have been requested via the
 (see &<<CHAPTLS>>&).
 
 If an authenticator of this type is configured it is
-run before any SMTP-level communication is done,
+run immediately after a TLS connection being negotiated
+(due to either STARTTLS or TLS-on-connect)
 and can authenticate the connection.
-If it does, SMTP authentication is not offered.
+If it does, SMTP authentication is not subsequently offered.
 
 A maximum of one authenticator of this type may be present.