X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/af0fd7f3c9e7bcf632309fcba36fc5f93d2a0044..8f2cf8f5adaa08ef84b47bf9bc2f71e39236c22d:/doc/doc-docbook/spec.xfpt?ds=sidebyside
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 6ede1dc95..1bc63bff3 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -239,14 +239,6 @@
failure report
bounce message
-
- de-tainting
- tainting, de-tainting
-
-
- detainting
- tainting, de-tainting
-
dialup
intermittently connected hosts
@@ -9628,8 +9620,6 @@ reasons,
.cindex expansion "tainted data"
and expansion of data deriving from the sender (&"tainted data"&)
is not permitted (including acessing a file using a tainted name).
-The main config option &%allow_insecure_tainted_data%& can be used as
-mitigation during uprades to more secure configurations.
Common ways of obtaining untainted equivalents of variables with
tainted values
@@ -14609,7 +14599,6 @@ listed in more than one group.
.section "Miscellaneous" "SECID96"
.table2
.row &%add_environment%& "environment variables"
-.row &%allow_insecure_tainted_data%& "turn taint errors into warnings"
.row &%bi_command%& "to run for &%-bi%& command line option"
.row &%debug_store%& "do extra internal checks"
.row &%disable_ipv6%& "do no IPv6 processing"
@@ -15223,17 +15212,6 @@ domains (defined in the named domain list &%local_domains%& in the default
configuration). This &"magic string"& matches the domain literal form of all
the local host's IP addresses.
-.option allow_insecure_tainted_data main boolean false
-.cindex "de-tainting"
-.oindex "allow_insecure_tainted_data"
-The handling of tainted data may break older (pre 4.94) configurations.
-Setting this option to "true" turns taint errors (which result in a temporary
-message rejection) into warnings. This option is meant as mitigation only
-and deprecated already today. Future releases of Exim may ignore it.
-The &%taint%& log selector can be used to suppress even the warnings.
-
-
-
.option allow_mx_to_ip main boolean false
.cindex "MX record" "pointing to IP address"
It appears that more and more DNS zone administrators are breaking the rules
@@ -38901,7 +38879,6 @@ selection marked by asterisks:
&` smtp_protocol_error `& SMTP protocol errors
&` smtp_syntax_error `& SMTP syntax errors
&` subject `& contents of &'Subject:'& on <= lines
-&`*taint `& taint errors or warnings
&`*tls_certificate_verified `& certificate verification status
&`*tls_cipher `& TLS cipher suite on <= and => lines
&` tls_peerdn `& TLS peer DN on <= and => lines
@@ -39295,11 +39272,6 @@ using a CA trust anchor,
&`CV=dane`& if using a DNS trust anchor,
and &`CV=no`& if not.
.next
-.cindex "log" "Taint warnings"
-&%taint%&: Log warnings about tainted data. This selector can't be
-turned of if &%allow_insecure_tainted_data%& is false (which is the
-default).
-.next
.cindex "log" "TLS cipher"
.cindex "TLS" "logging cipher"
&%tls_cipher%&: When a message is sent or received over an encrypted