X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=doc%2Fdoc-docbook%2Fspec.xfpt;h=44a274b98f641b644753b752c41f3e4564a52a35;hb=4c0a7a9cb02f9904c2e890f77ff8ce3a6beb25f4;hp=862c8f91d901ea0d1fc38665cedbbacd669b3e74;hpb=a2673768b71ee86c71e16e46d53d0ffc4f66b0de;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 862c8f91d..44a274b98 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -23799,6 +23799,7 @@ of the message. Its value must not be zero. See also &%final_timeout%&. .option dkim_canon smtp string&!! unset .option dkim_strict smtp string&!! unset .option dkim_sign_headers smtp string&!! unset +.option dkim_hash smtp string&!! sha256 DKIM signing options. For details see section &<>&. @@ -38525,13 +38526,15 @@ while expanding the remaining signing options. .wen If it is empty after expansion, DKIM signing is not done. -.option dkim_selector smtp string&!! unset +.option dkim_selector smtp string list&!! unset This sets the key selector string. -You can use the &%$dkim_domain%& expansion variable to look up a matching selector. -The result is put in the expansion +.new +After expansion, which can use &$dkim_domain$&, this can be a list. +Each element in turn is put in the expansion variable &%$dkim_selector%& which may be used in the &%dkim_private_key%& option along with &%$dkim_domain%&. -If the option is empty after expansion, DKIM signing is not done. +If the option is empty after expansion, DKIM signing is not done for this domain. +.wen .option dkim_private_key smtp string&!! unset This sets the private key to use. @@ -38569,6 +38572,12 @@ list of header names. Headers with these names will be included in the message signature. When unspecified, the header names recommended in RFC4871 will be used. +.new +.option dkim_hash smtp string&!! sha256 +Can be set alternatively to &"sha1"& to use an alternate hash +method. Note that sha1 is now condidered insecure, and deprecated. +.wen + .section "Verifying DKIM signatures in incoming mail" "SECID514" .cindex "DKIM" "verification" @@ -38578,7 +38587,7 @@ Verification of DKIM signatures in SMTP incoming email is implemented via the syntactically(!) correct signature in the incoming message. A missing ACL definition defaults to accept. If any ACL call does not accept, the message is not accepted. -If a cutthrough delivery was in progress for the message it is +If a cutthrough delivery was in progress for the message, that is summarily dropped (having wasted the transmission effort). To evaluate the signature in the ACL a large number of expansion variables