From 95dfacf282b0a4f0f595b43bdc997ef0e3ed43ed Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 12 Jan 2019 20:47:23 +0000 Subject: Add basic framework for PRDR use with per-user content filters to example config. Mostly commented-out and with dummy lookups since we do not know what sorts of filtering may be employed. (cherry picked from commit b220576b3ba5396af6b3e0f45739f269079f8fc5) --- doc/doc-docbook/spec.xfpt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'doc/doc-docbook') diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index dc924678d..0fc086d7b 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6257,6 +6257,9 @@ remote_smtp: dnssec_request_domains = * hosts_try_dane = * .endif +.ifdef _HAVE_PRDR + hosts_try_prdr = * +.endif .endd This transport is used for delivering messages over SMTP connections. The list of remote hosts comes from the router. @@ -6265,6 +6268,11 @@ with over-long lines. The built-in macro _HAVE_DANE guards configuration to try to use DNSSEC for all queries and to use DANE for delivery; see section &<>& for more details. +The &%hosts_try_prdr%& option enables an efficiency SMTP option. It is +negotiated between client and server and not expected to cause problems +but can be disabled if needed. The built-in macro _HAVE_PRDR guards the +use of the &%hosts_try_prdr%& configuration option. + The other remote transport is used when delivering to a specific smarthost with whom there must be some kind of existing relationship, instead of the usual federated system. @@ -6299,6 +6307,9 @@ smarthost_smtp: tls_require_ciphers = SECURE192:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 .endif .endif +.ifdef _HAVE_PRDR + hosts_try_prdr = * +.endif .endd After the same &%message_size_limit%& hack, we then specify that this Transport can handle messages to multiple domains in one run. The assumption here is @@ -6318,6 +6329,9 @@ ROUTER_SMARTHOST macro, because that is unaffected by CNAMEs present in DNS. You want to specify the hostname which you'll expect to validate for, and that should not be subject to insecure tampering via DNS results. +For the &%hosts_try_prdr%& option see the previous transport. + +All other options are defaulted. .code local_delivery: driver = appendfile -- cgit v1.2.3