diff options
author | Tony Finch <dot@dot.at> | 2008-05-14 09:16:38 +0000 |
---|---|---|
committer | Tony Finch <dot@dot.at> | 2008-05-14 09:16:38 +0000 |
commit | 2e3177124893f623c037a44f7972d7d4105da87a (patch) | |
tree | 603d79d3db32202ae5ae0a1e85c2ef5d0a38f023 /doc/doc-docbook | |
parent | 686c36b796ebb6d145e2d41efeab024b2c6360da (diff) |
BATV PRVS no longer uses slashes.
Fixes: bug #708
Diffstat (limited to 'doc/doc-docbook')
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 17 |
1 files changed, 3 insertions, 14 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 547bc44cc..874c3f0e9 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1,4 +1,4 @@ -. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.42 2008/04/16 10:16:13 fanf2 Exp $ +. $Cambridge: exim/doc/doc-docbook/spec.xfpt,v 1.43 2008/05/14 09:16:38 fanf2 Exp $ . . ///////////////////////////////////////////////////////////////////////////// . This is the primary source of the Exim Manual. It is an xfpt document that is @@ -27552,19 +27552,8 @@ the third string (in this case &"1"&), whether or not the cryptographic and timeout checks succeed. The &$prvscheck_result$& variable contains the result of the checks (empty for failure, &"1"& for success). -There are two more issues you must consider when implementing prvs-signing. -Firstly, you need to ensure that prvs-signed addresses are not blocked by your -ACLs. A prvs-signed address contains a slash character, but the default Exim -configuration contains this statement in the RCPT ACL: -.code -deny message = Restricted characters in address - domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|] -.endd -This is a conservative rule that blocks local parts that contain slashes. You -should remove the slash in the last line. - -Secondly, you have to ensure that the routers accept prvs-signed addresses and +There is one more issue you must consider when implementing prvs-signing: +you have to ensure that the routers accept prvs-signed addresses and deliver them correctly. The easiest way to handle this is to use a &(redirect)& router to remove the signature with a configuration along these lines: .code |