X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/0f773e4df59a9d35929d5839f89c15487a1dd0be..0cd95fa34e04827767674b6a5545c55ae391a3e2:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index edba1232f..09ff75044 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -28578,7 +28578,7 @@ and for clients to only attempt, this authentication method on a secure (eg. under TLS) connection. One possible use, compatible with the -K-9 Mail Andoid client (&url(https://k9mail.github.io/)), +K-9 Mail Android client (&url(https://k9mail.github.io/)), is for using X509 client certificates. It thus overlaps in function with the TLS authenticator @@ -32496,6 +32496,13 @@ Section &<>& below describes how you can distinguish between different values. Some DNS lists may return more than one address record; see section &<>& for details of how they are checked. +.new +Values returned by a properly running DBSBL should be in the 127.0.0.0/8 +range. If a DNSBL operator loses control of the domain, lookups on it +may start returning other addresses. Because of this, Exim now ignores +returned values outside the 127/8 region. +.wen + .section "Variables set from DNS lists" "SECID204" .cindex "expansion" "variables, set from DNS list" @@ -32632,6 +32639,14 @@ deny dnslists = relays.ordb.org .endd which is less clear, and harder to maintain. +Negation can also be used with a bitwise-and restriction. +The dnslists condition with only be trus if a result is returned +by the lookup which, anded with the restriction, is all zeroes. +For example: +.code +deny dnslists = zen.spamhaus.org!&0.255.255.0 +.endd + @@ -39009,7 +39024,7 @@ unchanged, or whether they should be rendered as escape sequences. when TLS is in use. The item is &`CV=yes`& if the peer's certificate was verified using a CA trust anchor, -&`CA=dane`& if using a DNS trust anchor, +&`CV=dane`& if using a DNS trust anchor, and &`CV=no`& if not. .next .cindex "log" "TLS cipher"