correct SPF references and example (bugzilla 520) - thanks to Robert Millan

[users/heiko/exim.git] / doc / doc-txt / experimental-spec.txt
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt

index 3ad0825d5ac65c70eca7b7f059225b7fceda1b6e..15fd247ae42eb8588ed78b0db26785b4c0f12b96 100644 (file)
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/experimental-spec.txt,v 1.8 2007/09/28 12:58:41 tom Exp $
+$Cambridge: exim/doc/doc-txt/experimental-spec.txt,v 1.10 2008/01/16 09:36:19 tom Exp $
  
  From time to time, experimental features may be added to Exim.
  While a feature  is experimental, there  will be a  build-time
  
  From time to time, experimental features may be added to Exim.
  While a feature  is experimental, there  will be a  build-time
@@ -140,6 +140,22 @@ arguments.
      can  use the $dkim_domain and $dkim_selector expansion
      variables here.
  
      can  use the $dkim_domain and $dkim_selector expansion
      variables here.
  
+  dkim_sign_headers = <expanded string> [OPTIONAL]
+
+    When set, this option must expand to (or be specified as)
+    a colon-separated list of header names. These headers will
+    be included in the message signature. When unspecified,
+    the recommended headers will be used. Currently, these
+    are:
+
+    from:sender:reply-to:subject:date:
+    message-id:to:cc:mime-version:content-type:
+    content-transfer-encoding:content-id:
+    content-description:resent-date:resent-from:
+    resent-sender:resent-to:resent-cc:resent-message-id:
+    in-reply-to:references:
+    list-id:list-help:list-unsubscribe:
+    list-subscribe:list-post:list-owner:list-archive
  
  
  
  
  
  
@@ -681,7 +697,7 @@ These four steps are explained in more details below.
  3. Sender Policy Framework (SPF) support
  --------------------------------------------------------------
  
  3. Sender Policy Framework (SPF) support
  --------------------------------------------------------------
  
-To learn  more  about  SPF, visit   http://spf.pobox.com. This
+To learn  more  about  SPF, visit   http://www.openspf.org. This
  document does   not explain  the SPF  fundamentals, you should
  read and understand the implications of deploying SPF on  your
  system before doing so.
  document does   not explain  the SPF  fundamentals, you should
  read and understand the implications of deploying SPF on  your
  system before doing so.
@@ -745,11 +761,12 @@ the SPF check, the condition  succeeds. If none of the  listed
  strings matches the  outcome of the  SPF check, the  condition
  fails.
  
  strings matches the  outcome of the  SPF check, the  condition
  fails.
  
-Here is a simple example to fail forgery attempts from domains
-that publish SPF records:
+Here is an example to fail forgery attempts from domains that
+publish SPF records:
  
  /* -----------------
  
  /* -----------------
-deny message = $sender_host_address is not allowed to send mail from $sender_address_domain
+deny message = $sender_host_address is not allowed to send mail from ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.  \
+              Please see http://www.openspf.org/Why?scope=${if def:sender_address_domain {mfrom}{helo}};identity=${if def:sender_address_domain {$sender_address}{$sender_helo_name}};ip=$sender_host_address
       spf = fail
  --------------------- */
  
       spf = fail
  --------------------- */