diff options
author | Todd Lyons <tlyons@exim.org> | 2014-04-29 17:07:04 -0700 |
---|---|---|
committer | Todd Lyons <tlyons@exim.org> | 2014-04-29 17:07:04 -0700 |
commit | eea58ada63dde3265728daccc037d3a376b25f45 (patch) | |
tree | b7b4a63c3c6c21d8e169d9ee12fdae3108c86800 /doc | |
parent | d2af03f4c11273d6f52c9043119e24e732080885 (diff) | |
parent | 578897ea8764001d0538b8b645d161524ba1fa4e (diff) |
Merge branch 'master' of ssh://git.exim.org/home/git/exim
Diffstat (limited to 'doc')
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 31 | ||||
-rw-r--r-- | doc/doc-txt/ChangeLog | 3 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 2 |
3 files changed, 32 insertions, 4 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 623ce535a..afc15d433 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -11471,7 +11471,7 @@ the space value is -1. See also the &%check_log_space%& option. .vitem &$lookup_dnssec_authenticated$& .vindex "&$lookup_dnssec_authenticated$&" This variable is set after a DNS lookup done by -either a dnslookup router or a dnsdb lookup expansion. +a dnsdb lookup expansion, dnslookup router or smtp transport. It will be empty if &(DNSSEC)& was not requested, &"no"& if the result was not labelled as authenticated data and &"yes"& if it was. @@ -17687,8 +17687,6 @@ when there is a DNS lookup error. DNS lookups for domains matching &%dnssec_request_domains%& will be done with the dnssec request bit set. This applies to all of the SRV, MX A6, AAAA, A lookup sequence. - -See also the &$lookup_dnssec_authenticated$& variable. .wen @@ -22610,6 +22608,33 @@ See the &%search_parents%& option in chapter &<<CHAPdnslookup>>& for more details. +.new +.option dnssec_request_domains smtp "domain list&!!" unset +.cindex "MX record" "security" +.cindex "DNSSEC" "MX lookup" +.cindex "security" "MX lookup" +.cindex "DNS" "DNSSEC" +DNS lookups for domains matching &%dnssec_request_domains%& will be done with +the dnssec request bit set. +This applies to all of the SRV, MX A6, AAAA, A lookup sequence. +.wen + + + +.new +.option dnssec_require_domains smtp "domain list&!!" unset +.cindex "MX record" "security" +.cindex "DNSSEC" "MX lookup" +.cindex "security" "MX lookup" +.cindex "DNS" "DNSSEC" +DNS lookups for domains matching &%dnssec_request_domains%& will be done with +the dnssec request bit set. Any returns not having the Authenticated Data bit +(AD bit) set wil be ignored and logged as a host-lookup failure. +This applies to all of the SRV, MX A6, AAAA, A lookup sequence. +.wen + + + .option dscp smtp string&!! unset .cindex "DCSP" "outbound" This option causes the DSCP value associated with a socket to be set to one diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 7f01919c2..172748584 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -85,7 +85,8 @@ TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455. JH/14 New options dnssec_request_domains, dnssec_require_domains on the - dnslookup router (applying to the forward lookup). + dnslookup router and the smtp transport (applying to the forward + lookup). TL/08 Bugzilla 1453: New LDAP "SERVERS=" option allows admin to override list of ldap servers used for a specific lookup. Patch provided by Heiko diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 6a1a5e8d1..33c66ceb9 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -42,6 +42,8 @@ Version 4.83 8. EXPERIMENTAL_OCSP now supports GnuTLS also, if you have version 3.1.3 or later of that. + 9. Support for DNSSEC on outbound connections. + Version 4.82 ------------ |