Introduce main config option allow_insecure_tainted_data

[exim.git] / src / src / EDITME

diff --git a/src/src/EDITME b/src/src/EDITME
index b583a993c4f70c977474cf37160d49137da333c8..f4329fabf53beff6e4851144482281ef16c7ebe2 100644 (file)
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -605,6 +605,8 @@ DISABLE_MAL_MKS=yes
 
 # Uncomment the following line to add DMARC checking capability, implemented
 # using libopendmarc libraries. You must have SPF and DKIM support enabled also.
+# Library version libopendmarc-1.4.1-1.fc33.x86_64  (on Fedora 33) is known broken;
+# 1.3.2-3 works.  I seems that the OpenDMARC project broke their API.
 # SUPPORT_DMARC=yes
 # CFLAGS += -I/usr/local/include
 # LDFLAGS += -lopendmarc
@@ -746,6 +748,13 @@ FIXED_NEVER_USERS=root
 
 # WHITELIST_D_MACROS=TLS:SPOOL
 
+# The next setting enables a main config option
+# "allow_insecure_tainted_data" to turn taint failures into warnings.
+# Though this option is new, it is deprecated already now, and will be
+# ignored in future releases of Exim. It is meant as mitigation for
+# upgrading old (possibly insecure) configurations to more secure ones.
+ALLOW_INSECURE_TAINTED_DATA=yes
+
 #------------------------------------------------------------------------------
 # Exim has support for the AUTH (authentication) extension of the SMTP
 # protocol, as defined by RFC 2554. If you don't know what SMTP authentication