Fix listing a named queue by a non-admin user. Bug 2398

[exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index c21bc0dcc2d308e27ab986f9fe3b494feed12f46..dea7bc76180c9246b775668cb80bfbef991a9968 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -2766,6 +2766,8 @@ used to specify a path on the command line if a pid file is required.
 The SIGHUP signal
 .cindex "SIGHUP"
 .cindex "daemon" "restarting"
 The SIGHUP signal
 .cindex "SIGHUP"
 .cindex "daemon" "restarting"

+.cindex signal "to reload configuration"
+.cindex daemon "reload configuration"

 can be used to cause the daemon to re-execute itself. This should be done
 whenever Exim's configuration file, or any file that is incorporated into it by
 means of the &%.include%& facility, is changed, and also whenever a new version
 can be used to cause the daemon to re-execute itself. This should be done
 whenever Exim's configuration file, or any file that is incorporated into it by
 means of the &%.include%& facility, is changed, and also whenever a new version


@@ -6744,7 +6746,8 @@ the implicit key is the host's IP address rather than its name (see section
 
 .new
 &*Warning 3*&: Do not use an IPv4-mapped IPv6 address for a key; use the
 
 .new
 &*Warning 3*&: Do not use an IPv4-mapped IPv6 address for a key; use the

-IPv4.  Such addresses being searched for are converted to IPv4.
+IPv4, in dotted-quad form. (Exim converts IPv4-mapped IPv6 addresses to this
+notation before executing the lookup.)

 .wen
 .next
 .new
 .wen
 .next
 .new


@@ -9197,6 +9200,7 @@ Many strings in Exim's runtime configuration are expanded before use. Some of
 them are expanded every time they are used; others are expanded only once.
 
 When a string is being expanded it is copied verbatim from left to right except
 them are expanded every time they are used; others are expanded only once.
 
 When a string is being expanded it is copied verbatim from left to right except

+.cindex expansion "string concatenation"

 when a dollar or backslash character is encountered. A dollar specifies the
 start of a portion of the string that is interpreted and replaced as described
 below in section &<<SECTexpansionitems>>& onwards. Backslash is used as an
 when a dollar or backslash character is encountered. A dollar specifies the
 start of a portion of the string that is interpreted and replaced as described
 below in section &<<SECTexpansionitems>>& onwards. Backslash is used as an


@@ -12179,6 +12183,7 @@ This variable contains the version string of the Exim build.
 The first character is a major version number, currently 4.
 Then after a dot, the next group of digits is a minor version number.
 There may be other characters following the minor version.
 The first character is a major version number, currently 4.
 Then after a dot, the next group of digits is a minor version number.
 There may be other characters following the minor version.

+This value may be overridden by the &%exim_version%& main config option.

 
 .vitem &$header_$&<&'name'&>
 This is not strictly an expansion variable. It is expansion syntax for
 
 .vitem &$header_$&<&'name'&>
 This is not strictly an expansion variable. It is expansion syntax for


@@ -13510,7 +13515,8 @@ Otherwise, empty.
 
 .vitem &$version_number$&
 .vindex "&$version_number$&"
 
 .vitem &$version_number$&
 .vindex "&$version_number$&"

-The version number of Exim.
+The version number of Exim. Same as &$exim_version$&, may be overridden
+by the &%exim_version%& main config option.

 
 .vitem &$warn_message_delay$&
 .vindex "&$warn_message_delay$&"
 
 .vitem &$warn_message_delay$&
 .vindex "&$warn_message_delay$&"


@@ -15341,6 +15347,14 @@ not also supplied, the gid is taken from the result of &[getpwnam()]& if it is
 used. See chapter &<<CHAPsecurity>>& for a discussion of security issues.
 
 
 used. See chapter &<<CHAPsecurity>>& for a discussion of security issues.
 
 

+.option exim_version main string "current version"
+.cindex "Exim version"
+.cindex customizing "version number"
+.cindex "version number of Exim" override
+This option allows to override the &$version_number$&/&$exim_version$& Exim reports in
+various places.  Use with care, this may fool stupid security scanners.
+
+

 .option extra_local_interfaces main "string list" unset
 This option defines network interfaces that are to be considered local when
 routing, but which are not used for listening by the daemon. See section
 .option extra_local_interfaces main "string list" unset
 This option defines network interfaces that are to be considered local when
 routing, but which are not used for listening by the daemon. See section


@@ -16166,7 +16180,7 @@ harm. This option overrides the &%pipe_as_creator%& option of the &(pipe)&
 transport driver.
 
 
 transport driver.
 
 

-.option openssl_options main "string list" "+no_sslv2 +single_dh_use +no_ticket"
+.option openssl_options main "string list" "+no_sslv2 +no_sslv3 +single_dh_use +no_ticket"

 .cindex "OpenSSL "compatibility options"
 This option allows an administrator to adjust the SSL options applied
 by OpenSSL to connections.  It is given as a space-separated list of items,
 .cindex "OpenSSL "compatibility options"
 This option allows an administrator to adjust the SSL options applied
 by OpenSSL to connections.  It is given as a space-separated list of items,


@@ -17562,7 +17576,7 @@ use when sending messages as a client, you must set the &%tls_certificate%&
 option in the relevant &(smtp)& transport.
 
 &*Note*&: If you use filenames based on IP addresses, change the list
 option in the relevant &(smtp)& transport.
 
 &*Note*&: If you use filenames based on IP addresses, change the list

-separator in the usual way (&<<SECTlistsepchange>>&) >to avoid confusion under IPv6.
+separator in the usual way (&<<SECTlistsepchange>>&) to avoid confusion under IPv6.

 
 &*Note*&: Under versions of OpenSSL preceding 1.1.1,
 when a list of more than one
 
 &*Note*&: Under versions of OpenSSL preceding 1.1.1,
 when a list of more than one


@@ -28316,7 +28330,7 @@ There is no current way to staple a proof for a client certificate.
 
 
 
 
 
 

-.section "Configuring an Exim client to use TLS" "SECID185"
+.section "Configuring an Exim client to use TLS" "SECTclientTLS"

 .cindex "cipher" "logging"
 .cindex "log" "TLS cipher"
 .cindex "log" "distinguished name"
 .cindex "cipher" "logging"
 .cindex "log" "TLS cipher"
 .cindex "log" "distinguished name"


@@ -30841,7 +30855,7 @@ For SMTP input that does not come over TCP/IP (the &%-bs%& command line
 option), this condition is always true.
 
 
 option), this condition is always true.
 
 

-.vitem &*verify&~=&~not_blind*&
+.vitem &*verify&~=&~not_blind/*&<&'options'&>

 .cindex "verifying" "not blind"
 .cindex "bcc recipients, verifying none"
 This condition checks that there are no blind (bcc) recipients in the message.
 .cindex "verifying" "not blind"
 .cindex "bcc recipients, verifying none"
 This condition checks that there are no blind (bcc) recipients in the message.


@@ -30851,6 +30865,11 @@ case-sensitively; domains are checked case-insensitively. If &'Resent-To:'& or
 &'Resent-Cc:'& header lines exist, they are also checked. This condition can be
 used only in a DATA or non-SMTP ACL.
 
 &'Resent-Cc:'& header lines exist, they are also checked. This condition can be
 used only in a DATA or non-SMTP ACL.
 

+.new
+There is one possible option, &`case_insensitive`&.  If this is present then
+local parts are checked case-insensitively.
+.wen
+

 There are, of course, many legitimate messages that make use of blind (bcc)
 recipients. This check should not be used on its own for blocking messages.
 
 There are, of course, many legitimate messages that make use of blind (bcc)
 recipients. This check should not be used on its own for blocking messages.