X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/bd4ece7debfe8926fe99608da6cfe5aaac6a550b..f846c8f531d5615c24a6d4dc0afb9815c4f766f7:/doc/doc-docbook/spec.xfpt diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index e124ab018..9b7ada823 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -17018,6 +17018,25 @@ or for any deliveries caused by this router. You should not set this option unless you really, really know what you are doing. See also the generic transport option of the same name. +.option dnssec_request_domains routers "domain list&!!" unset +.cindex "MX record" "security" +.cindex "DNSSEC" "MX lookup" +.cindex "security" "MX lookup" +.cindex "DNS" "DNSSEC" +DNS lookups for domains matching &%dnssec_request_domains%& will be done with +the dnssec request bit set. +This applies to all of the SRV, MX, AAAA, A lookup sequence. + +.option dnssec_require_domains routers "domain list&!!" unset +.cindex "MX record" "security" +.cindex "DNSSEC" "MX lookup" +.cindex "security" "MX lookup" +.cindex "DNS" "DNSSEC" +DNS lookups for domains matching &%dnssec_request_domains%& will be done with +the dnssec request bit set. Any returns not having the Authenticated Data bit +(AD bit) set wil be ignored and logged as a host-lookup failure. +This applies to all of the SRV, MX, AAAA, A lookup sequence. + .option domains routers&!? "domain list&!!" unset .cindex "router" "restricting to specific domains" @@ -18070,28 +18089,6 @@ when there is a DNS lookup error. -.option dnssec_request_domains dnslookup "domain list&!!" unset -.cindex "MX record" "security" -.cindex "DNSSEC" "MX lookup" -.cindex "security" "MX lookup" -.cindex "DNS" "DNSSEC" -DNS lookups for domains matching &%dnssec_request_domains%& will be done with -the dnssec request bit set. -This applies to all of the SRV, MX, AAAA, A lookup sequence. - - - -.option dnssec_require_domains dnslookup "domain list&!!" unset -.cindex "MX record" "security" -.cindex "DNSSEC" "MX lookup" -.cindex "security" "MX lookup" -.cindex "DNS" "DNSSEC" -DNS lookups for domains matching &%dnssec_request_domains%& will be done with -the dnssec request bit set. Any returns not having the Authenticated Data bit -(AD bit) set wil be ignored and logged as a host-lookup failure. -This applies to all of the SRV, MX, AAAA, A lookup sequence. - - .option fail_defer_domains dnslookup "domain list&!!" unset .cindex "MX record" "not found" @@ -23190,12 +23187,13 @@ that matches this list, even if the server host advertises PIPELINING support. Exim will not try to start a TLS session when delivering to any host that matches this list. See chapter &<>& for details of TLS. -.option hosts_verify_avoid_tls smtp "host list&!!" * +.new +.option hosts_verify_avoid_tls smtp "host list&!!" unset .cindex "TLS" "avoiding for certain hosts" Exim will not try to start a TLS session for a verify callout, or when delivering in cutthrough mode, to any host that matches this list. -Note that the default is to not use TLS. +.wen .option hosts_max_try smtp integer 5 @@ -24374,12 +24372,12 @@ A server unexpectedly closed the SMTP connection. There may, of course, legitimate reasons for this (host died, network died), but if it repeats a lot for the same host, it indicates something odd. -.vitem %&lookup%& +.vitem &%lookup%& A DNS lookup for a host failed. Note that a &%dnslookup%& router will need to have matched its &%fail_defer_domains%& option for this retry type to be usable. Also note that a &%manualroute%& router will probably need -its &%host_find_failed%& option set to &%defer&%. +its &%host_find_failed%& option set to &%defer%&. .vitem &%refused_MX%& A connection to a host obtained from an MX record was refused. @@ -31159,7 +31157,8 @@ containing the decoded data. This is perhaps the most important of the MIME variables. It contains a proposed filename for an attachment, if one was found in either the &'Content-Type:'& or &'Content-Disposition:'& headers. The filename will be -RFC2047 decoded, but no additional sanity checks are done. If no filename was +RFC2047 or RFC2231 decoded, but no additional sanity checks are done. + If no filename was found, this variable contains the empty string. .vitem &$mime_is_coverletter$&