Merge branch 'master' of git://git.exim.org/exim

4 files changed, 57 insertions, 8 deletions

diff --git a/doc/doc-docbook/filter.xfpt b/doc/doc-docbook/filter.xfpt
index 19ad586c3..8cac5d5c8 100644
--- a/doc/doc-docbook/filter.xfpt
+++ b/doc/doc-docbook/filter.xfpt
@@ -48,7 +48,7 @@
 . Copyright year.  Update this (only) when changing content.
 
 .macro copyyear
-2013
+2014
 .endmacro
 
 . ===========================================================================
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 86090290b..3542557c4 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17622,6 +17622,29 @@ when there is a DNS lookup error.
 
 
 
+.option dnssec_request_domains dnslookup "domain list&!!" unset
+.cindex "MX record" "security"
+.cindex "DNSSEC" "MX lookup"
+.cindex "security" "MX lookup"
+.cindex "DNS" "DNSSEC"
+DNS lookups for domains matching &%dnssec_request_domains%& will be done with
+the dnssec request bit set.
+This applies to all of the SRV, MX A6, AAAA, A lookup sequence.
+
+
+
+.option dnssec_require_domains dnslookup "domain list&!!" unset
+.cindex "MX record" "security"
+.cindex "DNSSEC" "MX lookup"
+.cindex "security" "MX lookup"
+.cindex "DNS" "DNSSEC"
+DNS lookups for domains matching &%dnssec_request_domains%& will be done with
+the dnssec request bit set.  Any returns not having the Authenticated Data bit
+(AD bit) set wil be ignored and logged as a host-lookup failure.
+This applies to all of the SRV, MX A6, AAAA, A lookup sequence.
+
+
+
 .option mx_domains dnslookup "domain list&!!" unset
 .cindex "MX record" "required to exist"
 .cindex "SRV record" "required to exist"
@@ -34633,9 +34656,13 @@ This utility is a Perl script contributed by Matt Hubbard. It runs
 .code
 exim -bpu
 .endd
-to obtain a queue listing with undelivered recipients only, and then greps the
-output to select messages that match given criteria. The following selection
-options are available:
+or (in case &*-a*& switch is specified)
+.code
+exim -bp
+.endd 
+
+to obtain a queue listing, and then greps the output to select messages 
+that match given criteria. The following selection options are available:
 
 .vlist
 .vitem &*-f*&&~<&'regex'&>
@@ -34682,6 +34709,9 @@ Brief format &-- one line per message.
 
 .vitem &*-R*&
 Display messages in reverse order.
+
+.vitem &*-a*&
+Include delivered recipients in queue listing.
 .endlist
 
 There is one more option, &%-h%&, which outputs a list of options.
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e41dc3e02..6252956a6 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -82,6 +82,12 @@ TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly
       is a combined value of both the record presence and the result of the
       analysis.
 
+JH/13 Fix handling of $tls_cipher et.al. in (non-verify) transport.  Bug 1455.
+
+JH/14 New options dnssec_request_domains, dnssec_require_domains on the
+      dnslookup router (applying to the forward lookup).
+
+
 Exim version 4.82
 -----------------
 
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 265e1211b..f21609662 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -1087,10 +1087,16 @@ Proxy Protocol server at 192.168.1.2 will look like this:
 
 3. In the ACL's the following expansion variables are available.
 
-proxy_host_address  The src IP of the proxy server making the connection
-proxy_host_port     The src port the proxy server is using
-proxy_session       Boolean, yes/no, the connected host is required to use
-                    Proxy Protocol.
+proxy_host_address   The (internal) src IP of the proxy server
+                     making the connection to the Exim server.
+proxy_host_port      The (internal) src port the proxy server is
+                     using to connect to the Exim server.
+proxy_target_address The dest (public) IP of the remote host to
+                     the proxy server.
+proxy_target_port    The dest port the remote host is using to
+                     connect to the proxy server.
+proxy_session        Boolean, yes/no, the connected host is required
+                     to use Proxy Protocol.
 
 There is no expansion for a failed proxy session, however you can detect
 it by checking if $proxy_session is true but $proxy_host is empty.  As
@@ -1110,6 +1116,13 @@ an example, in my connect ACL, I have:
                            [$sender_host_address] through proxy protocol \
                            host $proxy_host_address
 
+  # Possibly more clear
+  warn logwrite = Remote Source Address: $sender_host_address:$sender_host_port
+       logwrite = Proxy Target Address: $proxy_target_address:$proxy_target_port
+       logwrite = Proxy Internal Address: $proxy_host_address:$proxy_host_port
+       logwrite = Internal Server Address: $received_ip_address:$received_port
+
+
 4. Runtime issues to be aware of:
    - Since the real connections are all coming from your proxy, and the
      per host connection tracking is done before Proxy Protocol is