1 files changed, 34 insertions, 4 deletions

diff --git a/usr.sbin/smtpd/smtpd.conf.5 b/usr.sbin/smtpd/smtpd.conf.5
index b7125035d07..1bbb87ef061 100644
--- a/usr.sbin/smtpd/smtpd.conf.5
+++ b/usr.sbin/smtpd/smtpd.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: smtpd.conf.5,v 1.60 2012/08/26 13:55:47 gilles Exp $
+.\"	$OpenBSD: smtpd.conf.5,v 1.61 2012/08/29 16:26:17 gilles Exp $
 .\"
 .\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org>
 .\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net>
@@ -16,7 +16,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .\"
-.Dd $Mdocdate: August 26 2012 $
+.Dd $Mdocdate: August 29 2012 $
 .Dt SMTPD.CONF 5
 .Os
 .Sh NAME
@@ -193,10 +193,40 @@ Specify a maximum message size of
 bytes.
 The argument may contain a multiplier, as documented in
 .Xr scan_scaled 3 .
-.It Ic queue Ar compress
-Enable gzip compression for the queue.
+.It Xo
+.Ic queue
+.Ic compression Op Ar gzip
+.Xc
+Enable transparent deflating and inflating of all envelopes
+and messages.
+Only supported algorithm at the moment is gzip.
 Envelopes and messages may be inspected using
 .Xr gzcat 1 .
+.It Xo
+.Ic queue encryption
+.Ic key Ar key
+.Ic Op cipher Ar algorithm
+.Ic Op digest Ar digest
+.Xc
+Enable transparent encryption of all envelopes and messages
+using cipher
+.Ar algorithm ,
+by default Blowfish in CBC mode.
+.Ar key
+is expanded internally using the
+.Ar digest
+hash algorithm, by default SHA256.
+See
+.Xr crypto 3
+for supported ciphers and digests.
+.Pp
+This option is compatible with compression and will perform
+both in the appropriate order.
+.Pp
+.Xr smtpd 8
+will prepend an encrypted random IV before encryption and will strip
+it before decryption to ensure identical envelopes and messages
+produce different output.
 .It Ic accept | reject
 .Xr smtpd 8
 accepts and rejects messages