DKIM: permit dkim_private_key to override dkim_strict on signing. Bug 2220

[users/jgh/exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 844178fcacf07889f1bff5f1cc75d92cbda7a16e..b6d283b95f48264e19cb74eaf7117bce0d3dff12 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -36058,6 +36058,7 @@ the following table:
 &`    `&        command list for &"no mail in SMTP session"&
 &`CV  `&        certificate verification status
 &`D   `&        duration of &"no mail in SMTP session"&
+&`DKIM`&        domain verified in incoming message
 &`DN  `&        distinguished name from peer certificate
 &`DS  `&        DNSSEC secured lookups
 &`DT  `&        on &`=>`& lines: time taken for a delivery
@@ -36127,6 +36128,12 @@ A delivery set up by a router configured with
 .endd
 failed. The delivery was discarded.
 .endlist olist
+.next
+.new
+.cindex DKIM "log line"
+&'DKIM: d='&&~&~Verbose results of a DKIM verification attempt, if enabled for
+logging and the message has a DKIM signature header.
+.wen
 .endlist ilist
 
 
@@ -36154,6 +36161,8 @@ selection marked by asterisks:
 &`*delay_delivery             `&  immediate delivery delayed
 &` deliver_time               `&  time taken to perform delivery
 &` delivery_size              `&  add &`S=`&&'nnn'& to => lines
+&`*dkim                       `&  DKIM verified domain on <= lines
+&` dkim_verbose               `&  separate full DKIM verification result line, per signature
 &`*dnslist_defer              `&  defers of DNS list (aka RBL) lookups
 &` dnssec                     `&  DNSSEC secured lookups
 &`*etrn                       `&  ETRN commands
@@ -36260,6 +36269,17 @@ precision, eg. &`DT=0.304`&.
 &%delivery_size%&: For each delivery, the size of message delivered is added to
 the &"=>"& line, tagged with S=.
 .next
+.new
+.cindex log "DKIM verification"
+.cindex DKIM "verification logging"
+&%dkim%&: For message acceptance log lines, when an DKIM signture in the header
+verifies successfully a tag of DKIM is added, with one of the verified domains.
+.next
+.cindex log "DKIM verification"
+.cindex DKIM "verification logging"
+&%dkim_verbose%&: A log entry is written for each attempted DKIM verification.
+.wen
+.next
 .cindex "log" "dnslist defer"
 .cindex "DNS list" "logging defer"
 .cindex "black list (DNS)"
@@ -38559,7 +38579,8 @@ The domain(s) you want to sign with.
 After expansion, this can be a list.
 Each element in turn is put into the &%$dkim_domain%& expansion variable
 while expanding the remaining signing options.
-If it is empty after expansion, DKIM signing is not done.
+If it is empty after expansion, DKIM signing is not done,
+and no error will result even if &%dkim_strict%& is set.
 
 .option dkim_selector smtp string list&!! unset
 This sets the key selector string.
@@ -38567,7 +38588,8 @@ After expansion, which can use &$dkim_domain$&, this can be a list.
 Each element in turn is put in the expansion
 variable &%$dkim_selector%& which may be used in the &%dkim_private_key%&
 option along with &%$dkim_domain%&.
-If the option is empty after expansion, DKIM signing is not done for this domain.
+If the option is empty after expansion, DKIM signing is not done for this domain,
+and no error will result even if &%dkim_strict%& is set.
 
 .option dkim_private_key smtp string&!! unset
 This sets the private key to use.
@@ -38584,7 +38606,6 @@ be "0", "false" or the empty string, in which case the message will not
 be signed. This case will not result in an error, even if &%dkim_strict%&
 is set.
 .endlist
-If the option is empty after expansion, DKIM signing is not done.
 
 .option dkim_hash smtp string&!! sha256
 Can be set alternatively to &"sha1"& to use an alternate hash