summaryrefslogtreecommitdiff
path: root/doc/doc-docbook
diff options
context:
space:
mode:
authorTony Finch <dot@dot.at>2008-05-14 09:16:38 +0000
committerTony Finch <dot@dot.at>2008-05-14 09:16:38 +0000
commit2e3177124893f623c037a44f7972d7d4105da87a (patch)
tree603d79d3db32202ae5ae0a1e85c2ef5d0a38f023 /doc/doc-docbook
parent686c36b796ebb6d145e2d41efeab024b2c6360da (diff)
BATV PRVS no longer uses slashes.
Fixes: bug #708
Diffstat (limited to 'doc/doc-docbook')
-rw-r--r--doc/doc-docbook/spec.xfpt17
1 files changed, 3 insertions, 14 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 547bc44cc..874c3f0e9 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -1,4 +1,4 @@
-. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.42 2008/04/16 10:16:13 fanf2 Exp $
+. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.43 2008/05/14 09:16:38 fanf2 Exp $
.
. /////////////////////////////////////////////////////////////////////////////
. This is the primary source of the Exim Manual. It is an xfpt document that is
@@ -27552,19 +27552,8 @@ the third string (in this case &"1"&), whether or not the cryptographic and
timeout checks succeed. The &$prvscheck_result$& variable contains the result
of the checks (empty for failure, &"1"& for success).
-There are two more issues you must consider when implementing prvs-signing.
-Firstly, you need to ensure that prvs-signed addresses are not blocked by your
-ACLs. A prvs-signed address contains a slash character, but the default Exim
-configuration contains this statement in the RCPT ACL:
-.code
-deny message = Restricted characters in address
- domains = +local_domains
- local_parts = ^[.] : ^.*[@%!/|]
-.endd
-This is a conservative rule that blocks local parts that contain slashes. You
-should remove the slash in the last line.
-
-Secondly, you have to ensure that the routers accept prvs-signed addresses and
+There is one more issue you must consider when implementing prvs-signing:
+you have to ensure that the routers accept prvs-signed addresses and
deliver them correctly. The easiest way to handle this is to use a &(redirect)&
router to remove the signature with a configuration along these lines:
.code