X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/f3908561b1eef15d57608ab6b346125bf2a11478..c3d43245c842965fed6a9153f9c6e9e8be326b7c:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 7d5b3b3cf..2dbe6d2d3 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -11595,10 +11595,15 @@ preserve some of the authentication information in the variable user/password authenticator configuration might preserve the user name for use in the routers. Note that this is not the same information that is saved in &$sender_host_authenticated$&. + When a message is submitted locally (that is, not over a TCP connection) the value of &$authenticated_id$& is normally the login name of the calling process. However, a trusted user can override this by means of the &%-oMai%& command line option. +.new +This second case also sets up inforamtion used by the +&$authresults$& expansion item. +.wen .vitem &$authenticated_fail_id$& .cindex "authentication" "fail" "id" @@ -38939,6 +38944,7 @@ openssl rsa -in dkim_rsa.private -out /dev/stdout -pubout -outform PEM .endd Take the base-64 lines from the output of the second command, concatenated, for the DNS TXT record. +See section 3.6 of RFC6376 for the record specification. Under GnuTLS: .code @@ -38961,19 +38967,16 @@ for some transition period. The "_CRYPTO_SIGN_ED25519" macro will be defined if support is present for EC keys. -As of writing, producing EC key materials is not well supported -by the major libraries. OpenSSL 1.1.1 and GnuTLS 3.6.0 can create private keys: +OpenSSL 1.1.1 and GnuTLS 3.6.0 can create Ed25519 private keys: .code openssl genpkey -algorithm ed25519 -out dkim_ed25519.private certtool --generate-privkey --key-type=ed25519 --outfile=dkim_ed25519.private .endd -To help in producing the required public key value for a DNS record -the release package &_util/_& directory contains source for a utility -buildable with GnuTLS 3.6.0; -use it like this: +To produce the required public key value for a DNS record: .code -ed25519_privkey_pem_to_pubkey_raw_b64 dkim_ed25519.private +openssl pkey -outform DER -pubout -in dkim_ed25519.private | tail -c +13 | base64 +certtool --load_privkey=dkim_ed25519.private --pubkey_info --outder | tail -c +13 | base64 .endd .wen @@ -39346,18 +39349,11 @@ its domain as well. This should be treated like "none". .vitem &%permerror%& This indicates a syntax error in the SPF record of the queried domain. -You may deny messages when this occurs. (Changed in 4.83) +You may deny messages when this occurs. .vitem &%temperror%& This indicates a temporary error during all processing, including Exim's SPF processing. You may defer messages when this occurs. -(Changed in 4.83) - -.vitem &%err_temp%& -Same as permerror, deprecated in 4.83, will be removed in a future release. - -.vitem &%err_perm%& -Same as temperror, deprecated in 4.83, will be removed in a future release. .endlist You can prefix each string with an exclamation mark to invert