FreeBSD is ELF and has been for a long time

[exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 78d5b0b183041375c924889e53989a2097e632cf..15a8f35501c6086c50b8be45308134ef5e2533ae 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -2938,6 +2938,7 @@ if this is required. If the &%bi_command%& option is not set, calling Exim with
 &%-bi%& is a no-op.
 
 .new
 &%-bi%& is a no-op.
 
 .new

+. // Keep :help first, then the rest in alphabetical order

 .vitem &%-bI:help%&
 .oindex "&%-bI:help%&"
 .cindex "querying exim information"
 .vitem &%-bI:help%&
 .oindex "&%-bI:help%&"
 .cindex "querying exim information"


@@ -2947,6 +2948,12 @@ consumption.  This one is not.  The &%-bI:help%& option asks Exim for a
 synopsis of supported options beginning &`-bI:`&.  Use of any of these
 options shall cause Exim to exit after producing the requested output.
 
 synopsis of supported options beginning &`-bI:`&.  Use of any of these
 options shall cause Exim to exit after producing the requested output.
 

+.vitem &%-bI:dscp%&
+.oindex "&%-bI:dscp%&"
+.cindex "DSCP" "values"
+This option causes Exim to emit an alphabetically sorted list of all
+recognised DSCP names.
+

 .vitem &%-bI:sieve%&
 .oindex "&%-bI:sieve%&"
 .cindex "Sieve filter" "capabilities"
 .vitem &%-bI:sieve%&
 .oindex "&%-bI:sieve%&"
 .cindex "Sieve filter" "capabilities"


@@ -11687,6 +11694,31 @@ driver that successfully authenticated the client from which the message was
 received. It is empty if there was no successful authentication. See also
 &$authenticated_id$&.
 
 received. It is empty if there was no successful authentication. See also
 &$authenticated_id$&.
 

+.new
+.vitem &$sender_host_dnssec$&
+.vindex "&$sender_host_dnssec$&"
+If &$sender_host_name$& has been populated (by reference, &%hosts_lookup%& or
+otherwise) then this boolean will have been set true if, and only if, the
+resolver library states that the reverse DNS was authenticated data.  At all
+other times, this variable is false.
+
+It is likely that you will need to coerce DNSSEC support on in the resolver
+library, by setting:
+.code
+dns_use_dnssec = 1
+.endd
+
+Exim does not perform DNSSEC validation itself, instead leaving that to a
+validating resolver (eg, unbound, or bind with suitable configuration).
+
+Exim does not (currently) check to see if the forward DNS was also secured
+with DNSSEC, only the reverse DNS.
+
+If you have changed &%host_lookup_order%& so that &`bydns`& is not the first
+mechanism in the list, then this variable will be false.
+.wen
+
+

 .vitem &$sender_host_name$&
 .vindex "&$sender_host_name$&"
 When a message is received from a remote host, this variable contains the
 .vitem &$sender_host_name$&
 .vindex "&$sender_host_name$&"
 When a message is received from a remote host, this variable contains the


@@ -12836,6 +12868,9 @@ See also the &'Policy controls'& section above.
 .row &%dns_ipv4_lookup%&             "only v4 lookup for these domains"
 .row &%dns_retrans%&                 "parameter for resolver"
 .row &%dns_retry%&                   "parameter for resolver"
 .row &%dns_ipv4_lookup%&             "only v4 lookup for these domains"
 .row &%dns_retrans%&                 "parameter for resolver"
 .row &%dns_retry%&                   "parameter for resolver"

+.new
+.row &%dns_use_dnssec%&              "parameter for resolver"
+.wen

 .row &%dns_use_edns0%&               "parameter for resolver"
 .row &%hold_domains%&                "hold delivery for these domains"
 .row &%local_interfaces%&            "for routing checks"
 .row &%dns_use_edns0%&               "parameter for resolver"
 .row &%hold_domains%&                "hold delivery for these domains"
 .row &%local_interfaces%&            "for routing checks"


@@ -13476,6 +13511,18 @@ to set in them.
 See &%dns_retrans%& above.
 
 
 See &%dns_retrans%& above.
 
 

+.new
+.option dns_use_dnssec main integer -1
+.cindex "DNS" "resolver options"
+.cindex "DNS" "DNSSEC"
+If this option is set to a non-negative number then Exim will initialise the
+DNS resolver library to either use or not use DNSSEC, overriding the system
+default. A value of 0 coerces DNSSEC off, a value of 1 coerces DNSSEC on.
+
+If the resolver library does not support DNSSEC then this option has no effect.
+.wen
+
+

 .option dns_use_edns0 main integer -1
 .cindex "DNS" "resolver options"
 .cindex "DNS" "EDNS0"
 .option dns_use_edns0 main integer -1
 .cindex "DNS" "resolver options"
 .cindex "DNS" "EDNS0"


@@ -22054,6 +22101,22 @@ See the &%search_parents%& option in chapter &<<CHAPdnslookup>>& for more
 details.
 
 
 details.
 
 

+.new
+.option dscp smtp string unset
+.cindex "DCSP"
+.cindex "DiffServ"
+This option causes the DSCP value associated with a socket to be set to one
+of a number of fixed strings.  The &%-bI:dscp%& option may be used to ask
+Exim which values it knows of.  Common values include &`throughput`&,
+&`mincost`&, and on newer systems &`ef`&, &`af41`&, ...
+
+The outbound packets from Exim will be marked with this value in the header
+(for IPv4, the TOS field; for IPv6, the TCLASS field); there is no guarantee
+that these packets will have any effect, not be stripped by networking
+equipment, or do much of anything without cooperation with your Network
+Engineer and those of all network operators between the source and destination.
+.wen
+

 
 .option fallback_hosts smtp "string list" unset
 .cindex "fallback" "hosts specified on transport"
 
 .option fallback_hosts smtp "string list" unset
 .cindex "fallback" "hosts specified on transport"