Docs: clarify when TLS authenticator is run

[exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index d2d40728b3610abd80effa54112450ebdf660647..c1c6293c9d182355bc526d1e20423d8623705aa5 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -444,10 +444,11 @@ Please do not ask for configuration help in the bug-tracker.
 The following Exim mailing lists exist:
 
 .table2 140pt
 The following Exim mailing lists exist:
 
 .table2 140pt

-.row &'exim-announce@exim.org'&   "Moderated, low volume announcements list"
-.row &'exim-users@exim.org'&      "General discussion list"
-.row &'exim-dev@exim.org'&        "Discussion of bugs, enhancements, etc."
-.row &'exim-cvs@exim.org'&        "Automated commit messages from the VCS"
+.row &'exim-announce@lists.exim.org'&   "Moderated, low volume announcements list"
+.row &'exim-users@lists.exim.org'&      "General discussion list"
+.row &'exim-users-de@lists.exim.org'&   "General discussion list in German language"
+.row &'exim-dev@lists.exim.org'&        "Discussion of bugs, enhancements, etc."
+.row &'exim-cvs@lists.exim.org'&        "Automated commit messages from the VCS"

 .endtable
 
 You can subscribe to these lists, change your existing subscriptions, and view
 .endtable
 
 You can subscribe to these lists, change your existing subscriptions, and view


@@ -26161,7 +26162,8 @@ This option give a list of hosts for which,
 while verifying the server certificate,
 checks will be included on the host name
 (note that this will generally be the result of a DNS MX lookup)
 while verifying the server certificate,
 checks will be included on the host name
 (note that this will generally be the result of a DNS MX lookup)

-versus Subject and Subject-Alternate-Name fields.  Wildcard names are permitted
+versus the Subject-Alternate-Name (or, if none, Subject-Name) fields.
+Wildcard names are permitted,

 limited to being the initial component of a 3-or-more component FQDN.
 
 There is no equivalent checking on client certificates.
 limited to being the initial component of a 3-or-more component FQDN.
 
 There is no equivalent checking on client certificates.


@@ -28979,9 +28981,10 @@ for which it must have been requested via the
 (see &<<CHAPTLS>>&).
 
 If an authenticator of this type is configured it is
 (see &<<CHAPTLS>>&).
 
 If an authenticator of this type is configured it is

-run before any SMTP-level communication is done,
+run immediately after a TLS connection being negotiated
+(due to either STARTTLS or TLS-on-connect)

 and can authenticate the connection.
 and can authenticate the connection.

-If it does, SMTP authentication is not offered.
+If it does, SMTP authentication is not subsequently offered.

 
 A maximum of one authenticator of this type may be present.
 
 
 A maximum of one authenticator of this type may be present.