transport driver.
-.option openssl_options main "string list" "+no_sslv2"
+.option openssl_options main "string list" "+no_sslv2 +single_dh_use"
.cindex "OpenSSL "compatibility options"
This option allows an administrator to adjust the SSL options applied
by OpenSSL to connections. It is given as a space-separated list of items,
session, and indeed is required to issue a new EHLO or HELO after successfully
setting up encryption following a STARTTLS command.
+.new
+Note also that a deny neither forces the client to go away nor means that
+mail will be refused on the connection. Consider checking for
+&$sender_helo_name$& being defined in a MAIL or RCPT ACL to do that.
+.wen
+
If the command is accepted by an &%accept%& verb that has a &%message%&
modifier, the message may not contain more than one line (it will be truncated
at the first newline and a panic logged if it does). Such a message cannot
be tracked on a per-domain basis, rather than merely upon source IP address.
DKIM is documented in RFC 4871.
-Since version 4.70, DKIM support is compiled into Exim by default. It can be
-disabled by setting DISABLE_DKIM=yes in &_Local/Makefile_&.
+.new
+DKIM support is compiled into Exim by default if TLS support is present.
+.wen
+It can be disabled by setting DISABLE_DKIM=yes in &_Local/Makefile_&.
Exim's DKIM implementation allows to
.olist