X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/dae124ff1a33721637d0be99181a4783ee46e25f..9f691660159a9279353a99fca776c7687faaae26:/doc/doc-docbook/spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index b20d82311..67d79aa7a 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -6755,6 +6755,9 @@ domains = ${lookup{$sender_host_address}lsearch{/some/file}}
 domains = lsearch;/some/file
 .endd
 The first uses a string expansion, the result of which must be a domain list.
+.new
+The key for an expansion-style lookup must be given explicitly.
+.wen
 No strings have been specified for a successful or a failing lookup; the
 defaults in this case are the looked-up data and an empty string, respectively.
 The expansion takes place before the string is processed as a list, and the
@@ -6779,6 +6782,12 @@ domain2:
 Any data that follows the keys is not relevant when checking that the domain
 matches the list item.
 
+.new
+The key for a list-style lookup is implicit, from the lookup context, if
+the lookup is a single-key type (see below).
+For query-style lookup types the key must be given explicitly.
+.wen
+
 It is possible, though no doubt confusing, to use both kinds of lookup at once.
 Consider a file containing lines like this:
 .code
@@ -18481,8 +18490,17 @@ of the later IKE values, which led into RFC7919 providing new fixed constants
 (the "ffdhe" identifiers).
 
 At this point, all of the "ike" values should be considered obsolete;
-they're still in Exim to avoid breaking unusual configurations, but are
+they are still in Exim to avoid breaking unusual configurations, but are
 candidates for removal the next time we have backwards-incompatible changes.
+.new
+Two of them in particular (&`ike1`& and &`ike22`&) are called out by RFC 8247
+as MUST NOT use for IPSEC, and two more (&`ike23`& and &`ike24`&) as
+SHOULD NOT.
+Because of this, Exim regards them as deprecated; if either of the first pair
+are used, warnings will be logged in the paniclog, and if any are used then
+warnings will be logged in the mainlog.
+All four will be removed in a future Exim release.
+.wen
 
 The TLS protocol does not negotiate an acceptable size for this; clients tend
 to hard-drop connections if what is offered by the server is unacceptable,
@@ -30460,6 +30478,11 @@ accepted by an &%accept%& verb that has a &%message%& modifier, the contents of
 the message override the banner message that is otherwise specified by the
 &%smtp_banner%& option.
 
+.new
+For tls-on-connect connections, the ACL is run after the TLS connection
+is accepted (however, &%host_reject_connection%& is tested before).
+.wen
+
 
 .section "The EHLO/HELO ACL" "SECID192"
 .cindex "EHLO" "ACL for"
@@ -31581,8 +31604,10 @@ The filename can be adjusted with the &'tag'& option, which
 may access any variables already defined.  The logging may be adjusted with
 the &'opts'& option, which takes the same values as the &`-d`& command-line
 option.
-Logging started this way may be stopped, and the file removed,
-with the &'kill'& option.
+.new
+Logging started this way may be stopped by using the &'stop'& option.
+The &'kill'& option additionally removes the debug file.
+.wen
 Some examples (which depend on variables that don't exist in all
 contexts):
 .code
@@ -42595,6 +42620,7 @@ Events have names which correspond to the point in process at which they fire.
 The name is placed in the variable &$event_name$& and the event action
 expansion must check this, as it will be called for every possible event type.
 
+.new
 The current list of events is:
 .display
 &`dane:fail              after    transport  `& per connection
@@ -42609,9 +42635,11 @@ The current list of events is:
 &`tcp:connect            before   transport  `& per connection
 &`tcp:close              after    transport  `& per connection
 &`tls:cert               before   both       `& per certificate in verification chain
+&`tls:fail:connect       after    main       `& per connection
 &`smtp:connect           after    transport  `& per connection
 &`smtp:ehlo              after    transport  `& per connection
 .endd
+.wen
 New event types may be added in future.
 
 The event name is a colon-separated list, defining the type of
@@ -42637,6 +42665,7 @@ with the event type:
 &`msg:rcpt:host:defer  `& error string
 &`msg:rcpt:defer       `& error string
 &`tls:cert             `& verification chain depth
+&`tls:fail:connect     `& error string
 &`smtp:connect         `& smtp banner
 &`smtp:ehlo            `& smtp ehlo response
 .endd