.row &%av_scanner%& "specify virus scanner"
.row &%check_rfc2047_length%& "check length of RFC 2047 &""encoded &&&
words""&"
+.row &%dns_cname_loops%& "follow CNAMEs returned by resolver"
.row &%dns_csa_search_limit%& "control CSA parent search depth"
.row &%dns_csa_use_reverse%& "en/disable CSA IP reverse search"
.row &%header_maxsize%& "total size of message header"
reversed and looked up in the reverse DNS, as described in more detail in
section &<<SECTverifyCSA>>&.
+.new
+.option dns_cname_loops main integer 1
+.cindex DNS "CNAME following"
+This option controls the following of CNAME chains, needed if the resolver does
+not do it internally.
+As of 2018 most should, and the default can be left.
+If you have an ancient one, a value of 10 is likely needed.
+
+The default value of one CNAME-follow is needed
+thanks to the observed return for an MX request,
+given no MX presence but a CNAME to an A, of the CNAME.
+.wen
+
.option dns_dnssec_ok main integer -1
.cindex "DNS" "resolver options"
of the message. Its value must not be zero. See also &%final_timeout%&.
+.option dkim_canon smtp string&!! unset
.option dkim_domain smtp string list&!! unset
-.option dkim_selector smtp string&!! unset
+.option dkim_hash smtp string&!! sha256
+.option dkim_identity smtp string&!! unset
.option dkim_private_key smtp string&!! unset
-.option dkim_canon smtp string&!! unset
+.option dkim_selector smtp string&!! unset
.option dkim_strict smtp string&!! unset
.option dkim_sign_headers smtp string&!! "per RFC"
-.option dkim_hash smtp string&!! sha256
-.option dkim_identity smtp string&!! unset
+.option dkim_timestamps smtp string&!! unset
DKIM signing options. For details see section &<<SECDKIMSIGN>>&.
will be signed, and one signature added for a missing header with the
name will be appended.
+.new
+.option dkim_timestamps smtp integer&!! unset
+This option controls the inclusion of timestamp information in the signature.
+If not set, no such information will be included.
+Otherwise, must be an unsigned number giving an offset in seconds from the current time
+for the expiry tag
+(eg. 1209600 for two weeks);
+both creation (t=) and expiry (x=) tags will be included.
+
+RFC 6376 lists these tags as RECOMMENDED.
+.wen
+
.section "Verifying DKIM signatures in incoming mail" "SECDKIMVFY"
.cindex "DKIM" "verification"