X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/faf3b3fa5ec908ec8bce570fb8b2b4c3864ec035..212c50c3b5dcdf00442933496a44b1d1db6908b5:/doc/doc-docbook/spec.xfpt?ds=sidebyside diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 865742bc3..15d909be0 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6602,7 +6602,7 @@ file that is searched could contain lines like this: When the lookup succeeds, the result of the expansion is a list of domains (and possibly other types of item that are allowed in domain lists). .cindex "tainted data" "de-tainting" -.cindex "de-tainting" "using a lookup expansion"" +.cindex "de-tainting" "using a lookup expansion" The result of the expansion is not tainted. .next @@ -16189,9 +16189,12 @@ case. That is why the default tries a DNS lookup first. .cindex "host" "rejecting connections from" If this option is set, incoming SMTP calls from the hosts listed are rejected as soon as the connection is made. -This option is obsolete, and retained only for backward compatibility, because +This option is mostly obsolete, retained for backward compatibility because nowadays the ACL specified by &%acl_smtp_connect%& can also reject incoming -connections immediately. +connections immediately +.new +(except for tls-on-connect connections). +.wen The ability to give an immediate rejection (either by this option or using an ACL) is provided for use in unusual cases. Many hosts will just try again, @@ -29778,7 +29781,7 @@ connection. The client for the connection proposes a set of protocol names, and the server responds with a selected one. It is not, as of 2021, commonly used for SMTP connections. -However, to guard against misirected or malicious use of web clients +However, to guard against misdirected or malicious use of web clients (which often do use ALPN) against MTA ports, Exim by default check that there is no incompatible ALPN specified by a client for a TLS connection. If there is, the connection is rejected. @@ -29788,7 +29791,7 @@ The behaviour of both client and server can be configured using the options &%tls_alpn%& and &%hosts_require_alpn%&. There are no variables providing observability. Some feature-specific logging may appear on denied connections, but this -depends on the behavious of the peer +depends on the behaviour of the peer (not all peers can send a feature-specific TLS Alert). This feature is available when Exim is built with @@ -31632,7 +31635,7 @@ pretrigger=<&'size'&> This option specifies a memory buffuer to be used immediate writes to file are done as normal. trigger=<&'reason'&> This option selects cause for the pretrigger buffer - see above) to be copied to file. A reason of $*now* + see above) to be copied to file. A reason of &*now*& take effect immediately; one of &*paniclog*& triggers on a write to the panic log. .endd