X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/7ab90dd415eac327c57c5ba755b2005a8c0b946f..05bf16f6217e93594929c8bbbbbc852caf3ed374:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 08a0a974a..0632ba26b 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -37001,7 +37001,7 @@ the following table: &`F `& sender address (on delivery lines) &`H `& host name and IP address &`I `& local interface used -&`id `& message id for incoming message +&`id `& message id (from header) for incoming message &`K `& CHUNKING extension used &`L `& on &`<=`& and &`=>`& lines: PIPELINING extension used &`M8S `& 8BITMIME status for incoming message @@ -37108,6 +37108,8 @@ selection marked by asterisks: &` incoming_port `& remote port on <= lines &`*lost_incoming_connection `& as it says (includes timeouts) &` millisec `& millisecond timestamps and RT,QT,DT,D times +&`*msg_id `& on <= lines, Message-ID: header value +&` msg_id_created `& on <= lines, Message-ID: header value when one had to be added &` outgoing_interface `& local interface on => lines &` outgoing_port `& add remote port to => lines &`*queue_run `& start and end queue runs @@ -37291,6 +37293,16 @@ connection is unexpectedly dropped. &%millisec%&: Timestamps have a period and three decimal places of finer granularity appended to the seconds value. .next +.new +.cindex "log" "message id" +&%msg_id%&: The value of the Message-ID: header. +.next +&%msg_id_created%&: The value of the Message-ID: header, when one had to be created. +This will be either because the message is a bounce, or was submitted locally +(submission mode) without one. +The field identifier will have an asterix appended: &"id*="&. +.wen +.next .cindex "log" "outgoing interface" .cindex "log" "local interface" .cindex "log" "local address and port" @@ -39534,7 +39546,7 @@ senders). .cindex "DKIM" "signing" For signing to be usable you must have published a DKIM record in DNS. -Note that RFC 8301 says: +Note that RFC 8301 (which does not cover EC keys) says: .code rsa-sha1 MUST NOT be used for signing or verifying. @@ -39554,7 +39566,11 @@ These options take (expandable) strings as arguments. .option dkim_domain smtp string list&!! unset The domain(s) you want to sign with. After expansion, this can be a list. -Each element in turn is put into the &%$dkim_domain%& expansion variable +Each element in turn, +.new +lowercased, +.wen +is put into the &%$dkim_domain%& expansion variable while expanding the remaining signing options. If it is empty after expansion, DKIM signing is not done, and no error will result even if &%dkim_strict%& is set. @@ -39755,6 +39771,14 @@ dkim_verify_signers = $sender_address_domain:$dkim_signers If a domain or identity is listed several times in the (expanded) value of &%dkim_verify_signers%&, the ACL is only called once for that domain or identity. +.new +Note that if the option is set using untrustworthy data +(such as the From: header) +care should be taken to force lowercase for domains +and for the domain part if identities. +The default setting can be regarded as trustworthy in this respect. +.wen + If multiple signatures match a domain (or identity), the ACL is called once for each matching signature.