Relax restrictions on which ACLs verify conditions may be used

2 files changed, 9 insertions, 3 deletions

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index e3684ba30..8350b4da7 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -31776,8 +31776,9 @@ send email. Details of how this works are given in section
 .cindex "header lines" "verifying header names only ASCII"
 .cindex "verifying" "header names only ASCII"
 This condition is relevant only in an ACL that is run after a message has been
-received, that is, in an ACL specified by &%acl_smtp_data%& or
-&%acl_not_smtp%&.  It checks all header names (not the content) to make sure
+received.
+This usually means an ACL specified by &%acl_smtp_data%& or &%acl_not_smtp%&.
+It checks all header names (not the content) to make sure
 there are no non-ASCII characters, also excluding control characters.  The
 allowable characters are decimal ASCII values 33 through 126.
 
@@ -31932,7 +31933,7 @@ Note that '/' is legal in local-parts; if the address may have such
 (eg. is generated from the received message)
 they must be protected from the options parsing by doubling:
 .code
-verify = sender=${sg{${address:$h_sender:}}{/}{//}}
+verify = sender=${listquote{/}{${address:$h_sender:}}}
 .endd
 .endlist
 
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index fef4c74b8..0354ff258 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -44,6 +44,11 @@ JH/08 Bug 2598: Fix verify ACL condition.  The options for the condition are
       expanded; previously using tainted values was rejected.  Fix by using
       dynamically-created buffers.
 
+JH/09 Relax restrictions on ACL verify condition needing access to message
+      headers.  Previously they were only permitted in data and non-smtp ACLs;
+      permit also mime, dkim, prdr quit and notquit.  Applies to header-syntax,
+      not_blind, header_sender and header_names_ascii verification.
+
 
 Exim version 4.94
 -----------------