X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/958af3bdb77dc5c190b7f5117c68d2b0acd7b5bc..caa2a7c81d19907a6125438bc1e71b6a2f5e16d6:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 302a62312..4c79e87cf 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -3885,7 +3885,9 @@ id, and the remaining ones must be email addresses. However, if the message is active (in the middle of a delivery attempt), it is not altered. This option can be used only by an admin user. -.vitem "&%-MC%&&~<&'transport'&>&~<&'hostname'&>&~<&'sequence&~number'&>&&& +.vitem "&%-MC%&&~<&'transport'&>&~<&'hostname'&>&&& + &~<&'host&~IP'&>&&& + &~<&'sequence&~number'&>&&& &~<&'message&~id'&>" .oindex "&%-MC%&" .cindex "SMTP" "passed connection" @@ -28179,6 +28181,10 @@ supplied by the server. .option server_channelbinding gsasl boolean false Do not set this true and rely on the properties without consulting a cryptographic engineer. +. Unsure what that's about. It might be the "Triple Handshake" +. vulnerability; cf. https://www.mitls.org/pages/attacks/3SHAKE +. If so, we're ok, requiring Extended Master Secret if TLS +. Session Resumption was used. Some authentication mechanisms are able to use external context at both ends of the session to bind the authentication to that context, and fail the @@ -38310,8 +38316,11 @@ parentheses afterwards. When more than one address is included in a single delivery (for example, two SMTP RCPT commands in one transaction) the second and subsequent addresses are flagged with &`->`& instead of &`=>`&. When two or more messages are delivered -down a single SMTP connection, an asterisk follows the IP address in the log -lines for the second and subsequent messages. +down a single SMTP connection, an asterisk follows the +.new +remote IP address (and port if enabled) +.wen +in the log lines for the second and subsequent messages. When two or more messages are delivered down a single TLS connection, the DNS and some TLS-related information logged for the first message delivered will not be present in the log lines for the second and subsequent messages.