X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/914beb783819ef615fa6b901ce1beb07d085367e..c86c97065357b1cca9601246cec74aa364a635f5:/doc/doc-docbook/spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 7d5d6c499..5b3436f74 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -6602,7 +6602,7 @@ file that is searched could contain lines like this:
 When the lookup succeeds, the result of the expansion is a list of domains (and
 possibly other types of item that are allowed in domain lists).
 .cindex "tainted data" "de-tainting"
-.cindex "de-tainting" "using a lookup expansion""
+.cindex "de-tainting" "using a lookup expansion"
 The result of the expansion is not tainted.
 
 .next
@@ -16189,9 +16189,12 @@ case. That is why the default tries a DNS lookup first.
 .cindex "host" "rejecting connections from"
 If this option is set, incoming SMTP calls from the hosts listed are rejected
 as soon as the connection is made.
-This option is obsolete, and retained only for backward compatibility, because
+This option is mostly obsolete, retained for backward compatibility because
 nowadays the ACL specified by &%acl_smtp_connect%& can also reject incoming
-connections immediately.
+connections immediately
+.new
+(except for tls-on-connect connections).
+.wen
 
 The ability to give an immediate rejection (either by this option or using an
 ACL) is provided for use in unusual cases. Many hosts will just try again,
@@ -29788,7 +29791,7 @@ The behaviour of both client and server can be configured using the options
 &%tls_alpn%& and &%hosts_require_alpn%&.
 There are no variables providing observability.
 Some feature-specific logging may appear on denied connections, but this
-depends on the behavious of the peer
+depends on the behaviour of the peer
 (not all peers can send a feature-specific TLS Alert).
 
 This feature is available when Exim is built with