X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/a79d883474c84fa2a286b7797a7664b599912fcd..e066e10220ab267cb88339789a67e28ec65b0e5b:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 98986e032..e3ac7f3b9 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -11665,8 +11665,11 @@ contain the trailing slash. If &$config_file$& does not contain a slash, .vindex "&$config_file$&" The name of the main configuration file Exim is using. +.vitem &$dkim_verify_status$& &&& +Results of DKIM verification. +For details see chapter &<>&. + .vitem &$dkim_cur_signer$& &&& - &$dkim_verify_status$& &&& &$dkim_verify_reason$& &&& &$dkim_domain$& &&& &$dkim_identity$& &&& @@ -17130,6 +17133,9 @@ use when sending messages as a client, you must set the &%tls_certificate%& option in the relevant &(smtp)& transport. .new +&*Note*&: If you use filenames based on IP addresses, change the list +separator in the usual way to avoid confusion under IPv6. + &*Note*&: Under current versions of OpenSSL, when a list of more than one file is used, the &$tls_in_ourcert$& veriable is unreliable. .wen @@ -27134,7 +27140,7 @@ let the Exim Maintainers know and we'll likely use it). .next .new With GnuTLS, if an explicit list is used for the &%tls_privatekey%& main option -main option, it must be ordered to match the %&tls_certificate%& list. +main option, it must be ordered to match the &%tls_certificate%& list. .wen .next Some other recently added features may only be available in one or the other. @@ -31324,6 +31330,7 @@ address and some time-based randomizing information. The &%prvs%& expansion item creates a signed address, and the &%prvscheck%& expansion item checks one. The syntax of these expansion items is described in section &<>&. +The validity period on signed addresses is seven days. As an example, suppose the secret per-address keys are stored in an MySQL database. A query to look up the key for an address could be defined as a macro @@ -38705,6 +38712,11 @@ dkim_verify_signers = $sender_address_domain:$dkim_signers If a domain or identity is listed several times in the (expanded) value of &%dkim_verify_signers%&, the ACL is only called once for that domain or identity. +.new +If multiple signatures match a domain (or identity), the ACL is called once +for each matching signature. +.wen + Inside the &%acl_smtp_dkim%&, the following expansion variables are available (from most to least important): @@ -38717,7 +38729,8 @@ an identity. This is one of the list items from the expanded main option &%dkim_verify_signers%& (see above). .vitem &%$dkim_verify_status%& -A string describing the general status of the signature. One of +Within the DKIM ACL, +a string describing the general status of the signature. One of .ilist &%none%&: There is no signature in the message for the current domain or identity (as reflected by &%$dkim_cur_signer%&). @@ -38742,6 +38755,9 @@ hash-method or key-size: set dkim_verify_status = fail set dkim_verify_reason = hash too weak .endd + +After all the DKIM ACL runs have completed, the value becomes a +colon-separated list of the values after each run. .wen .vitem &%$dkim_verify_reason%&