X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/94fb0f79f59d58bbb09b67ff8e4fa8b838eac8ab..08dfc92a7bdd17647ef79e47e85a121a57f55274:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 547bc44cc..b521a7e7e 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1,4 +1,4 @@ -. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.42 2008/04/16 10:16:13 fanf2 Exp $ +. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.44 2008/06/04 19:15:47 fanf2 Exp $ . . ///////////////////////////////////////////////////////////////////////////// . This is the primary source of the Exim Manual. It is an xfpt document that is @@ -25469,7 +25469,8 @@ ACL fragment writes no logging information when access is denied: &` log_reject_target =`& .endd This modifier can be used in SMTP and non-SMTP ACLs. It applies to both -permanent and temporary rejections. +permanent and temporary rejections. Its effect lasts for the rest of the +current ACL. .vitem &*logwrite*&&~=&~<&'text'&> @@ -27552,19 +27553,8 @@ the third string (in this case &"1"&), whether or not the cryptographic and timeout checks succeed. The &$prvscheck_result$& variable contains the result of the checks (empty for failure, &"1"& for success). -There are two more issues you must consider when implementing prvs-signing. -Firstly, you need to ensure that prvs-signed addresses are not blocked by your -ACLs. A prvs-signed address contains a slash character, but the default Exim -configuration contains this statement in the RCPT ACL: -.code -deny message = Restricted characters in address - domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|] -.endd -This is a conservative rule that blocks local parts that contain slashes. You -should remove the slash in the last line. - -Secondly, you have to ensure that the routers accept prvs-signed addresses and +There is one more issue you must consider when implementing prvs-signing: +you have to ensure that the routers accept prvs-signed addresses and deliver them correctly. The easiest way to handle this is to use a &(redirect)& router to remove the signature with a configuration along these lines: .code