De-duplicate two documentation sections

[users/heiko/exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index ae4d75ecb924398e4fe613df4f602af918fe83d7..04678b4808c3e40ef28177174f20893c901fbb74 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -8298,7 +8298,14 @@ Both &`+include_unknown`& and &`+ignore_unknown`& may appear in the same
 list. The effect of each one lasts until the next, or until the end of the
 list.
 
-To explain the host/ip processing logic a different way for the same ACL:
+.new
+.section "Mixing wildcarded host names and addresses in host lists" &&&
+         "SECTmixwilhos"
+.cindex "host list" "mixing names and addresses in"
+
+This section explains the host/ip processing logic with the same concepts
+as the previous section, but specifically addresses what happens when a
+wildcarded hostname is one of the items in the hostlist.
 
 .ilist
 If you have name lookups or wildcarded host names and
@@ -8327,7 +8334,7 @@ If the first &%accept%& fails, Exim goes on to try the second one. See chapter
 &`+ignore_unknown`&, which was discussed in depth in the first example in
 this section.
 .endlist
-
+.wen
 
 
 .section "Temporary DNS errors when looking up host information" &&&
@@ -8399,33 +8406,6 @@ See section &<<SECThoslispatsikey>>&.)
 
 
 
-.section "Mixing wildcarded host names and addresses in host lists" &&&
-         "SECTmixwilhos"
-.cindex "host list" "mixing names and addresses in"
-If you have name lookups or wildcarded host names and IP addresses in the same
-host list, you should normally put the IP addresses first. For example, in an
-ACL you could have:
-.code
-accept hosts = 10.9.8.7 : *.friend.example
-.endd
-The reason for this lies in the left-to-right way that Exim processes lists.
-It can test IP addresses without doing any DNS lookups, but when it reaches an
-item that requires a host name, it fails if it cannot find a host name to
-compare with the pattern. If the above list is given in the opposite order, the
-&%accept%& statement fails for a host whose name cannot be found, even if its
-IP address is 10.9.8.7.
-
-If you really do want to do the name check first, and still recognize the IP
-address, you can rewrite the ACL like this:
-.code
-accept hosts = *.friend.example
-accept hosts = 10.9.8.7
-.endd
-If the first &%accept%& fails, Exim goes on to try the second one. See chapter
-&<<CHAPACL>>& for details of ACLs.
-
-
-
 
 
 .section "Address lists" "SECTaddresslist"
@@ -10247,7 +10227,7 @@ If the ACL returns defer the result is a forced-fail.
 .cindex "&%bool%& expansion condition"
 This condition turns a string holding a true or false representation into
 a boolean state.  It parses &"true"&, &"false"&, &"yes"& and &"no"&
-(case-insensitively); also positive integer numbers map to true if non-zero,
+(case-insensitively); also integer numbers map to true if non-zero,
 false if zero.
 An empty string is treated as false.
 Leading and trailing whitespace is ignored;
@@ -23030,7 +23010,7 @@ in clear.
 .option tls_try_verify_hosts smtp "host list&!! unset
 .cindex "TLS" "server certificate verification"
 .cindex "certificate" "verification of server"
-For OpenSSL only, this option gives a list of hosts for which, on encrypted connections,
+This option gives a list of hosts for which, on encrypted connections,
 certificate verification will be tried but need not succeed.
 The &%tls_verify_certificates%& option must also be set.
 
@@ -23049,7 +23029,7 @@ single file if you are using GnuTLS. The values of &$host$& and
 &$host_address$& are set to the name and address of the server during the
 expansion of this option. See chapter &<<CHAPTLS>>& for details of TLS.
 
-For back-compatability, or when GnuTLS is used,
+For back-compatability,
 if neither tls_verify_hosts nor tls_try_verify_hosts are set
 and certificate verification fails the TLS connection is closed.
 
@@ -23057,7 +23037,7 @@ and certificate verification fails the TLS connection is closed.
 .option tls_verify_hosts smtp "host list&!! unset
 .cindex "TLS" "server certificate verification"
 .cindex "certificate" "verification of server"
-For OpenSSL only, this option gives a list of hosts for which. on encrypted connections,
+This option gives a list of hosts for which. on encrypted connections,
 certificate verification must succeed.
 The &%tls_verify_certificates%& option must also be set.
 If both this option and &%tls_try_verify_hosts%& are unset
@@ -27330,8 +27310,12 @@ from one SMTP connection to another.  If a recipient-verify callout connection i
 requested in the same ACL it is held open and used for the data, otherwise one is made
 after the ACL completes.
 
-Note that routers are used in verify mode.  Note also that headers cannot be
+Note that routers are used in verify mode,
+and cannot depend on content of received headers.
+Note also that headers cannot be
 modified by any of the post-data ACLs (DATA, MIME and DKIM).
+Headers may be modified by routers (subject to the above) and transports.
+
 Cutthrough delivery is not supported via transport-filters or when DKIM signing
 of outgoing messages is done, because it sends data to the ultimate destination
 before the entire message has been received from the source.
@@ -29035,6 +29019,7 @@ router that does not set up hosts routes to an &(smtp)& transport with a
 &%hosts%& setting, the transport's hosts are used. If an &(smtp)& transport has
 &%hosts_override%& set, its hosts are always used, whether or not the router
 supplies a host list.
+Callouts are only supported on &(smtp)& transports.
 
 The port that is used is taken from the transport, if it is specified and is a
 remote transport. (For routers that do verification only, no transport need be