X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=doc%2Fdoc-txt%2Fexperimental-spec.txt;h=481af1a9b08e044e6d92b90b0e04f67b717db24a;hb=08bd2689bdeceb41f161a7d54fc1af4abcbbb8c1;hp=4be142e6675e9fb3100f111f4c9bfa85e56bd57f;hpb=afcdd656bff655cd2d65bc0db39fd0667b55d6ce;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 4be142e66..481af1a9b 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -436,6 +436,7 @@ dmarc_tld_file Defines the location of a text file of valid during domain parsing. Maintained by Mozilla, the most current version can be downloaded from a link at http://publicsuffix.org/list/. + See also util/renew-opendmarc-tlds.sh script. Optional: dmarc_history_file Defines the location of a file to log results @@ -792,20 +793,38 @@ standard header. Note that it would be wise to strip incoming messages of A-R headers that claim to be from our own . -There are two new variables: $arc_state and $arc_state_reason. +There are three new variables: $arc_state, $arc_state_reason, $arc_domains: + + $arc_state One of pass, fail, none + $arc_state_reason (if fail, why) + $arc_domains colon-sep list of ARC chain domains, in chain order. + problematic elements may have empty list elements Receive log lines for an ARC pass will be tagged "ARC". Signing -- -arc_sign = : : +arc_sign = : : [ : ] An option on the smtp transport, which constructs and prepends to the message an ARC set of headers. The textually-first Authentication-Results: header is used as a basis (you must have added one on entry to the ADMD). Expanded as a whole; if unset, empty or forced-failure then no signing is done. If it is set, all three elements must be non-empty. +The fourth element is optional, and if present consists of a comma-separated list +of options. The options implemented are + + timestamps Add a t= tag to the generated AMS and AS headers, with the + current time. + expire[=] Add an x= tag to the generated AMS header, with an expiry time. + If the value is an plain number it is used unchanged. + If it starts with a '+' then the following number is added + to the current time, as an offset in seconds. + If a value is not given it defaults to a one month offset. + +[As of writing, gmail insist that a t= tag on the AS is mandatory] + Caveats: * There must be an Authentication-Results header, presumably added by an ACL while receiving the message, for the same ADMD, for arc_sign to succeed. @@ -820,6 +839,10 @@ Caveats: should try to stick to one ADMD, so pick a primary domain and use that for AR headers and outbound signing. +Signing is not compatible with cutthrough delivery; any (before expansion) +value set for the option will result in cutthrough delivery not being +used via the transport in question. + --------------------------------------------------------------