From 7c6ec81b9594697a5b916db1aabbb1c8b6c4e342 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 25 Sep 2017 16:36:47 +0100 Subject: DKIM: support specifying alternate-identity tag for signing. Bug 2170 --- doc/doc-docbook/spec.xfpt | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'doc/doc-docbook') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 44a274b98..4a8e1d06e 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -23800,6 +23800,7 @@ of the message. Its value must not be zero. See also &%final_timeout%&. .option dkim_strict smtp string&!! unset .option dkim_sign_headers smtp string&!! unset .option dkim_hash smtp string&!! sha256 +.option dkim_identity smtp string&!! unset DKIM signing options. For details see section &<>&. @@ -38553,6 +38554,19 @@ is set. .endlist If the option is empty after expansion, DKIM signing is not done. +.new +.option dkim_hash smtp string&!! sha256 +Can be set alternatively to &"sha1"& to use an alternate hash +method. Note that sha1 is now condidered insecure, and deprecated. + +.option dkim_identity smtp string&!! unset +If set after expansion, the value is used to set an "i=" tag in +the signing header. The DKIM standards restrict the permissible +syntax of this optional tag to a mail address, with possibly-empty +local part, an @, and a domain identical to or subdomain of the "d=" +tag value. Note that Exim does not check the value. +.wen + .option dkim_canon smtp string&!! unset This option sets the canonicalization method used when signing a message. The DKIM RFC currently supports two methods: "simple" and "relaxed". @@ -38572,12 +38586,6 @@ list of header names. Headers with these names will be included in the message signature. When unspecified, the header names recommended in RFC4871 will be used. -.new -.option dkim_hash smtp string&!! sha256 -Can be set alternatively to &"sha1"& to use an alternate hash -method. Note that sha1 is now condidered insecure, and deprecated. -.wen - .section "Verifying DKIM signatures in incoming mail" "SECID514" .cindex "DKIM" "verification" -- cgit v1.2.3