exim.git
7 years agoFix appendfile.c errmsg output that broke with d291c7
Heiko Schlittermann (HS12-RIPE) [Tue, 27 Jun 2017 15:35:20 +0000 (17:35 +0200)]
Fix appendfile.c errmsg output that broke with d291c7

7 years agoRepair manualroute transport name not-last option
Phil Pennock [Mon, 26 Jun 2017 22:39:29 +0000 (18:39 -0400)]
Repair manualroute transport name not-last option

Commit 55414b25b did const-ification surgery which removed the old
"temporarily drop a NUL in here" anti-pattern, but one of the
Ustrcmp->Ustrncmp conversions was missed, for transport-name comparison.

As a result, since Exim 4.85, we've had an undocumented
requirement-by-bug that the transport name be the last such option
given.  Restore old behaviour.

Still missing a test-case to deter regression.

7 years agoBail out if a configuration file starts with a byte order mark
Heiko Schlittermann (HS12-RIPE) [Sun, 25 Jun 2017 21:35:06 +0000 (23:35 +0200)]
Bail out if a configuration file starts with a byte order mark

7 years agoFix what d291c7670e4c370cdc4f631ea58f82c7f4f87823 broke. Closes 1115
Heiko Schlittermann (HS12-RIPE) [Sun, 25 Jun 2017 21:29:18 +0000 (23:29 +0200)]
Fix what d291c7670e4c370cdc4f631ea58f82c7f4f87823 broke. Closes 1115

7 years agoAdd quota/quota_filecount transport option modifier "no_check" Bug 1115
Heiko Schlittermann (HS12-RIPE) [Sun, 25 Jun 2017 20:54:08 +0000 (22:54 +0200)]
Add quota/quota_filecount transport option modifier "no_check" Bug 1115

This option modifier allows to ignore the quota limits, but update
the maildirsize file.

7 years agoDoc: check for w3m existence
Heiko Schlittermann (HS12-RIPE) [Sun, 25 Jun 2017 17:57:57 +0000 (19:57 +0200)]
Doc: check for w3m existence

w3m is called as non-last command in pipelines. A missing w3m
creates empty output and Make doesn't get it, because the last command
of the pipe (e.g. Tidytxt) doesn't return failure on empty input.

7 years agoWhen pipelining under TLS do not treat fd-readability as tls-readability
Jeremy Harris [Tue, 13 Jun 2017 18:01:00 +0000 (19:01 +0100)]
When pipelining under TLS do not treat fd-readability as tls-readability

7 years agoAdd compile-time checks on expanding-string function use
Jeremy Harris [Fri, 9 Jun 2017 00:20:07 +0000 (01:20 +0100)]
Add compile-time checks on expanding-string function use

7 years agoCleanup (prevent repeated use of -p/-oMr to avoid mem leak)
Heiko Schlittermann (HS12-RIPE) [Wed, 31 May 2017 21:08:56 +0000 (23:08 +0200)]
Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)

7 years agoFix log line corruption for DKIM status
Heiko Schlittermann (HS12-RIPE) [Tue, 13 Jun 2017 15:36:44 +0000 (17:36 +0200)]
Fix log line corruption for DKIM status

7 years agoOn a continued-transport delivery, do not check the hostlist for mismatch in the
Jeremy Harris [Sun, 11 Jun 2017 19:58:21 +0000 (20:58 +0100)]
On a continued-transport delivery, do not check the hostlist for mismatch in the
transport dispatch level when the transport does hosts-override.  Instead do the
full trasport process call and let it decide on compatibility with the connection.

7 years agoIn tls-proxy process take case to close unused pipe ends, select also for exception...
Jeremy Harris [Sun, 11 Jun 2017 22:47:08 +0000 (23:47 +0100)]
In tls-proxy process take case to close unused pipe ends, select also for exception conditions on data fds

7 years agoTestsuite: testcase for continued-delivery with transport hosts_override
Jeremy Harris [Sun, 11 Jun 2017 20:03:21 +0000 (21:03 +0100)]
Testsuite: testcase for continued-delivery with transport hosts_override

7 years agoFix logging of delivery port for callout lazy-close, when port specified by router
Jeremy Harris [Fri, 2 Jun 2017 13:22:42 +0000 (14:22 +0100)]
Fix logging of delivery port for callout lazy-close, when port specified by router

7 years agoTestsuite: stabilize output sequence for 2x35/6
Jeremy Harris [Fri, 2 Jun 2017 10:58:28 +0000 (11:58 +0100)]
Testsuite: stabilize output sequence for 2x35/6

7 years agoDocs: tweak "sock" malware interface description
Jeremy Harris [Sat, 3 Jun 2017 15:51:05 +0000 (16:51 +0100)]
Docs: tweak "sock" malware interface description

7 years agoFix crash in transport, on second smtp-connect fail for a list of target hosts
Jeremy Harris [Sat, 3 Jun 2017 12:39:18 +0000 (13:39 +0100)]
Fix crash in transport, on second smtp-connect fail for a list of target hosts

Reported as the sequence:
  1MX: 554 on connect (banner)
  2MX: TCP conn timeout

7 years agoDocs: add missing dollarsign
Jeremy Harris [Fri, 2 Jun 2017 11:13:06 +0000 (12:13 +0100)]
Docs: add missing dollarsign

7 years agoTestsuite: stabilize output sequence for case 4530
Jeremy Harris [Wed, 31 May 2017 16:31:37 +0000 (17:31 +0100)]
Testsuite: stabilize output sequence for case 4530

7 years agoTestsuite: stabilize output sequence for case 0906
Jeremy Harris [Tue, 30 May 2017 22:43:09 +0000 (23:43 +0100)]
Testsuite: stabilize output sequence for case 0906

7 years agoMalware: make "sock" cmdline default usable. Bug 2111
Jeremy Harris [Mon, 29 May 2017 16:23:12 +0000 (17:23 +0100)]
Malware: make "sock" cmdline default usable.  Bug 2111

7 years agodoc: string2 not expanded, don't imply otherwise
Phil Pennock [Fri, 26 May 2017 20:41:42 +0000 (16:41 -0400)]
doc: string2 not expanded, don't imply otherwise

A simple reading which skips the later paragraph would mislead people;
this was remnant text from before the EXPAND_LISTMATCH_RHS changed the
default behaviour.

A couple of paragraphs later we contradicted this now-misleading
parenthetical, but that's not enough.  Nuke it.

7 years agotypo
Jeremy Harris [Thu, 25 May 2017 15:27:43 +0000 (16:27 +0100)]
typo

7 years agoTLS: do not use DH_bits for LibreSSL; it is not supported (as of LibreSSL 2.3.2)
Jeremy Harris [Sun, 21 May 2017 15:51:24 +0000 (16:51 +0100)]
TLS: do not use DH_bits for LibreSSL; it is not supported (as of LibreSSL 2.3.2)

7 years agoDebug: more info during server-side authentication
Jeremy Harris [Sun, 21 May 2017 15:42:05 +0000 (16:42 +0100)]
Debug: more info during server-side authentication

7 years agoOpenSSL: add sender_host_address info to certificate verify error log messages when...
Jeremy Harris [Mon, 15 May 2017 16:36:37 +0000 (17:36 +0100)]
OpenSSL: add sender_host_address info to certificate verify error log messages when in verify callout

7 years agoUse DH_bits for OpenSSL 1.1.0
Phil Pennock [Sun, 21 May 2017 03:17:21 +0000 (23:17 -0400)]
Use DH_bits for OpenSSL 1.1.0

Fixes bug 2095

7 years agoTLS: PIPELINING under OpenSSL
Jeremy Harris [Fri, 19 May 2017 21:55:25 +0000 (22:55 +0100)]
TLS: PIPELINING under OpenSSL

7 years agoTestsuite: delays in 2x3[567]
Jeremy Harris [Wed, 17 May 2017 22:19:43 +0000 (23:19 +0100)]
Testsuite: delays in 2x3[567]

7 years agoTestsuite: add delays for predictable log sequencing in 2x36, log-sorting for 2x38
Jeremy Harris [Wed, 17 May 2017 20:05:33 +0000 (21:05 +0100)]
Testsuite: add delays for predictable log sequencing in 2x36, log-sorting for 2x38

7 years agoTLS: do decent PIPELINING under TLS, at least with GnuTLS
Jeremy Harris [Wed, 17 May 2017 16:32:30 +0000 (17:32 +0100)]
TLS: do decent PIPELINING under TLS, at least with GnuTLS

I've not found an equivalent in OpenSSL of gnutls_record_cork() nor gnutls_record_check_pending() yet.

7 years agoRevert "DANE: do not trust a non-dnssec NXDOMAIN return for the TLSA lookup"
Jeremy Harris [Sun, 14 May 2017 16:06:17 +0000 (17:06 +0100)]
Revert "DANE: do not trust a non-dnssec NXDOMAIN return for the TLSA lookup"

This reverts commit 5d6bdf01a921a88030e9baec7ba5f238da90e979.

7 years agoAdd option commandline_checks_require_admin
Phil Pennock [Tue, 9 May 2017 20:00:58 +0000 (16:00 -0400)]
Add option commandline_checks_require_admin

May help with scenarios already so broken that bug report 2118 is
actually an issue (Wordpress vuln).

7 years agoTestsuite: add DANE cases for DNS secure no-TLSA lookups
Jeremy Harris [Sun, 7 May 2017 16:40:41 +0000 (17:40 +0100)]
Testsuite: add DANE cases for DNS secure no-TLSA lookups

7 years agoTestsuite: add DANE testcase for TLSA lookup SERVFAIL
Jeremy Harris [Sun, 7 May 2017 14:37:18 +0000 (15:37 +0100)]
Testsuite: add DANE testcase for TLSA lookup SERVFAIL

7 years agoDANE: do not trust a non-dnssec NXDOMAIN return for the TLSA lookup
Jeremy Harris [Sun, 7 May 2017 16:49:58 +0000 (17:49 +0100)]
DANE: do not trust a non-dnssec NXDOMAIN return for the TLSA lookup

7 years agoDANE: avoid info leak by checking TLSA dnssec before connecting to MX
Jeremy Harris [Sun, 7 May 2017 16:46:49 +0000 (17:46 +0100)]
DANE: avoid info leak by checking TLSA dnssec before connecting to MX

7 years agotidying
Jeremy Harris [Sun, 7 May 2017 13:41:49 +0000 (14:41 +0100)]
tidying

7 years agoTestsuite: fix fakens to not claim that an unsupported NXDOMAIN is dnssec-AD
Jeremy Harris [Sun, 7 May 2017 15:55:12 +0000 (16:55 +0100)]
Testsuite: fix fakens to not claim that an unsupported NXDOMAIN is dnssec-AD

7 years agoEnable use of sendfile on FreeBSD
Jeremy Harris [Sat, 6 May 2017 20:57:46 +0000 (21:57 +0100)]
Enable use of sendfile on FreeBSD

7 years agoEnable use of sendfile on FreeBSD
Jeremy Harris [Sat, 6 May 2017 19:19:31 +0000 (20:19 +0100)]
Enable use of sendfile on FreeBSD

7 years agoTeach SMTP input sync check ("input sent too soon") about SMTP input buffering
Jeremy Harris [Sat, 6 May 2017 20:01:45 +0000 (21:01 +0100)]
Teach SMTP input sync check ("input sent too soon") about SMTP input buffering

7 years agoDocs: add note on Received-By: header creation under cutthrough
Jeremy Harris [Sat, 6 May 2017 17:51:02 +0000 (18:51 +0100)]
Docs: add note on Received-By: header creation under cutthrough

7 years agotestsuite: tidying
Jeremy Harris [Thu, 4 May 2017 17:39:44 +0000 (18:39 +0100)]
testsuite: tidying

7 years agoCHUNKING / wire-format spool: use block-copies for receiption
Jeremy Harris [Thu, 4 May 2017 15:59:46 +0000 (16:59 +0100)]
CHUNKING / wire-format spool: use block-copies for receiption

7 years agotestsuite output changes
Jeremy Harris [Mon, 1 May 2017 13:13:57 +0000 (14:13 +0100)]
testsuite output changes

7 years agotestsuite: tidying
Jeremy Harris [Mon, 1 May 2017 11:42:32 +0000 (12:42 +0100)]
testsuite: tidying

7 years agotidying: coverity
Jeremy Harris [Mon, 1 May 2017 11:08:17 +0000 (12:08 +0100)]
tidying: coverity

7 years agoFix continue_more on TLS connection. Bug 2104
Jeremy Harris [Sun, 30 Apr 2017 21:11:27 +0000 (22:11 +0100)]
Fix continue_more on TLS connection.  Bug 2104

7 years agoDocs: more info on wire-format spoolfiles
Jeremy Harris [Sun, 30 Apr 2017 13:39:37 +0000 (14:39 +0100)]
Docs: more info on wire-format spoolfiles

7 years agotidying: coverity fixes
Jeremy Harris [Sat, 29 Apr 2017 12:28:38 +0000 (13:28 +0100)]
tidying: coverity fixes

7 years agoDocs: describe operation of continued-connection TLS
Jeremy Harris [Fri, 28 Apr 2017 23:19:45 +0000 (00:19 +0100)]
Docs: describe operation of continued-connection TLS

7 years agoSupport wire-format spoolfiles
Jeremy Harris [Fri, 28 Apr 2017 22:54:35 +0000 (23:54 +0100)]
Support wire-format spoolfiles

7 years agoEnable use of sendfile
Jeremy Harris [Wed, 26 Apr 2017 14:28:22 +0000 (15:28 +0100)]
Enable use of sendfile

7 years agoTweak debug output
Jeremy Harris [Wed, 26 Apr 2017 19:18:31 +0000 (20:18 +0100)]
Tweak debug output

7 years agoDocs: add 8BITMIME status field to log line info
Jeremy Harris [Mon, 24 Apr 2017 12:41:09 +0000 (13:41 +0100)]
Docs: add 8BITMIME status field to log line info

7 years agoDocs: note that dkim_domain can take a list for signing
Jeremy Harris [Wed, 19 Apr 2017 15:39:23 +0000 (16:39 +0100)]
Docs: note that dkim_domain can take a list for signing

7 years agoFix DISABLE_DKIM biuld
Jeremy Harris [Sun, 23 Apr 2017 12:52:15 +0000 (13:52 +0100)]
Fix DISABLE_DKIM biuld

7 years agoDKIM: avoid use of temporary file for signing
Jeremy Harris [Sun, 23 Apr 2017 11:20:43 +0000 (12:20 +0100)]
DKIM: avoid use of temporary file for signing

7 years agoCHUNKING: pipeline data right after the BDAT command
Jeremy Harris [Tue, 18 Apr 2017 14:13:20 +0000 (15:13 +0100)]
CHUNKING: pipeline data right after the BDAT command

7 years agoReduce number of places knowing about filename-construction for mbox file-for-scanning
Jeremy Harris [Mon, 17 Apr 2017 19:43:23 +0000 (20:43 +0100)]
Reduce number of places knowing about filename-construction for mbox file-for-scanning

7 years agoRework detection of multiple ports on a given IP, for the daemon status line
Jeremy Harris [Sun, 16 Apr 2017 15:32:06 +0000 (16:32 +0100)]
Rework detection of multiple ports on a given IP, for the daemon status line

Previously only spotted adjacent cases in the address list, now a full scan

7 years agotidying
Jeremy Harris [Sun, 16 Apr 2017 16:19:23 +0000 (17:19 +0100)]
tidying

7 years agoTransport: fix smtp under combo of mua_wrapper and limited max_rcpt
Jeremy Harris [Sat, 15 Apr 2017 15:22:52 +0000 (16:22 +0100)]
Transport: fix smtp under combo of mua_wrapper and limited max_rcpt

7 years agoBuiltin macros: note config trigger line in debug output
Jeremy Harris [Fri, 14 Apr 2017 13:29:40 +0000 (14:29 +0100)]
Builtin macros: note config trigger line in debug output

7 years ago$SOURCE_DATE_EPOCH support for build date stamp
Phil Pennock [Thu, 13 Apr 2017 03:22:36 +0000 (23:22 -0400)]
$SOURCE_DATE_EPOCH support for build date stamp

If, and _only_ if, $SOURCE_DATE_EPOCH is found in environ during build,
use it to set the timestamp embedded in the binary instead of using
__DATE__ and __TIME__ cpp directives.

This per <https://reproducible-builds.org/specs/source-date-epoch/>
spec.  It's sane and sensible, without removing date stamping which
matters.  The examples encourage packagers to use timestamps which
do change when they backport patches, so that the date remains useful
for distinguishing builds instead of claiming one date forever across
multiple patchlevels.

This change written so that the old behaviour and code is used if the
environment variable is not found, to better continue to support ancient
platforms with other variants of date(1).

Built with and without an override, on macOS.

7 years agocompiler quietening
Jeremy Harris [Sun, 9 Apr 2017 14:42:49 +0000 (15:42 +0100)]
compiler quietening

7 years agoRemove references to some csx.cam sites
Nigel Metheringham [Mon, 10 Apr 2017 19:21:36 +0000 (20:21 +0100)]
Remove references to some csx.cam sites

The ftp.csx.cam.ac.uk server is no longer authoratative  not even up to date.

The training courses are no longer happening.

7 years agotypo
Jeremy Harris [Sun, 9 Apr 2017 13:03:31 +0000 (14:03 +0100)]
typo

7 years agotidying
Jeremy Harris [Sat, 8 Apr 2017 20:59:32 +0000 (21:59 +0100)]
tidying

7 years agotidying
Jeremy Harris [Thu, 6 Apr 2017 22:39:16 +0000 (23:39 +0100)]
tidying

7 years agoCallout/hold: ensure TLS-proxy process is not waited for as a transport process
Jeremy Harris [Thu, 6 Apr 2017 21:58:46 +0000 (22:58 +0100)]
Callout/hold: ensure TLS-proxy process is not waited for as a transport process

7 years agoDebug: show error for SMTP read response
Jeremy Harris [Thu, 6 Apr 2017 20:17:29 +0000 (21:17 +0100)]
Debug: show error for SMTP read response

7 years agoCallout/hold: fix uninitialized variable
Jeremy Harris [Wed, 5 Apr 2017 22:37:41 +0000 (23:37 +0100)]
Callout/hold: fix uninitialized variable

7 years agoDocs: expand descriptiong of control=debug
Jeremy Harris [Mon, 3 Apr 2017 17:12:49 +0000 (18:12 +0100)]
Docs: expand descriptiong of control=debug

7 years agoOpenssl: disable session-tickets by default and session-cache always
Jeremy Harris [Sun, 2 Apr 2017 13:54:39 +0000 (14:54 +0100)]
Openssl: disable session-tickets by default and session-cache always

7 years agoDocs: fix definition of msg:fail:delivery event
Jeremy Harris [Sun, 2 Apr 2017 11:50:56 +0000 (12:50 +0100)]
Docs: fix definition of msg:fail:delivery event

7 years agotidying
Jeremy Harris [Sun, 2 Apr 2017 11:12:56 +0000 (12:12 +0100)]
tidying

7 years agoDocumentation: replace http by https where possible
Heiko Schlittermann (HS12-RIPE) [Fri, 24 Mar 2017 21:20:37 +0000 (22:20 +0100)]
Documentation: replace http by https where possible

I didn't change the schema for external links. This
needs further checking if the content of https://…
matches the content of http://…

7 years agotidying
Jeremy Harris [Wed, 22 Mar 2017 21:02:24 +0000 (21:02 +0000)]
tidying

7 years agoDoc: clarify location of DMARC dmarc_tld_file
Heiko Schlittermann (HS12-RIPE) [Wed, 22 Mar 2017 15:44:39 +0000 (16:44 +0100)]
Doc: clarify location of DMARC dmarc_tld_file

7 years agoCallouts: a "hold" option for receipient-verify, which keeps the connection open...
Jeremy Harris [Tue, 21 Mar 2017 16:16:38 +0000 (16:16 +0000)]
Callouts: a "hold" option for receipient-verify, which keeps the connection open both for
further recipients and for eventual delivery.

7 years agoLogging: make cipher info available for continued-TLS connection deliveries
Jeremy Harris [Tue, 21 Mar 2017 15:54:00 +0000 (15:54 +0000)]
Logging: make cipher info available for continued-TLS connection deliveries

7 years agoexigrep: migrate to Getopt::Long, allow --no-pager
Heiko Schlittermann (HS12-RIPE) [Mon, 20 Mar 2017 22:04:44 +0000 (23:04 +0100)]
exigrep: migrate to Getopt::Long, allow --no-pager

This gives us long/more descriptive option names.
Add an option to supress the use of a pager.

7 years agoexigrep: use a pager if stdout is connected to a terminal
Heiko Schlittermann (HS12-RIPE) [Sun, 19 Mar 2017 00:12:38 +0000 (01:12 +0100)]
exigrep: use a pager if stdout is connected to a terminal

7 years agoexigrep: add POD and -h, -m
Heiko Schlittermann (HS12-RIPE) [Sat, 18 Mar 2017 23:44:06 +0000 (00:44 +0100)]
exigrep: add POD and -h, -m

7 years agoTestsuite: allow --range <number> +
Heiko Schlittermann (HS12-RIPE) [Sat, 18 Mar 2017 17:55:46 +0000 (18:55 +0100)]
Testsuite: allow --range <number> +

Now `runtest <number> +` and `runtest --range <number> +`
do the same.

7 years agoTestsuite: fixup testsuite test about flavours
Heiko Schlittermann (HS12-RIPE) [Sat, 18 Mar 2017 14:34:33 +0000 (15:34 +0100)]
Testsuite: fixup testsuite test about flavours

Support for flavours isn't dropped, but currently
we do not have flavour specific files.

7 years agoExpansions: check numeric values of IPv4 address components
Jeremy Harris [Sat, 18 Mar 2017 14:41:50 +0000 (14:41 +0000)]
Expansions: check numeric values of IPv4 address components

7 years agoLogging: mark continued-TLS connection deliveries with "X-*"
Jeremy Harris [Tue, 14 Mar 2017 16:38:41 +0000 (16:38 +0000)]
Logging: mark continued-TLS connection deliveries with "X-*"

7 years agoTestsuite: add --test and --range options
Heiko Schlittermann (HS12-RIPE) [Wed, 1 Mar 2017 23:00:41 +0000 (00:00 +0100)]
Testsuite: add --test and --range options

7 years agoTestsuite: Getopt::Long, --help, --man for runtest
Heiko Schlittermann (HS12-RIPE) [Wed, 1 Mar 2017 19:22:07 +0000 (20:22 +0100)]
Testsuite: Getopt::Long, --help, --man for runtest

7 years agoMalware: new connection type "f-prot6d" for FPSCAND protocol over TCP
Andrew Colin Kissa [Sun, 12 Mar 2017 19:14:47 +0000 (19:14 +0000)]
Malware: new connection type "f-prot6d" for FPSCAND protocol over TCP

7 years agoDocs: fix description of tls_advertise_hosts
Jeremy Harris [Sat, 11 Mar 2017 20:42:36 +0000 (20:42 +0000)]
Docs: fix description of tls_advertise_hosts

7 years agouClibc does not contain gnu/libc-version.h
Bernd Kuhls [Sun, 12 Mar 2017 02:01:00 +0000 (21:01 -0500)]
uClibc does not contain gnu/libc-version.h

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
7 years agoTestsuite: remove debug "ps" output from 0420
Heiko Schlittermann (HS12-RIPE) [Sat, 11 Mar 2017 10:22:02 +0000 (11:22 +0100)]
Testsuite: remove debug "ps" output from 0420

7 years agoDebug: Use UTF-8 linedrawing, for indent partial-markers
Jeremy Harris [Thu, 9 Mar 2017 09:01:51 +0000 (09:01 +0000)]
Debug: Use UTF-8 linedrawing, for indent partial-markers

7 years agoShorten long daemon-startup log lines
Jeremy Harris [Wed, 8 Mar 2017 16:01:54 +0000 (16:01 +0000)]
Shorten long daemon-startup log lines

7 years agoSome platforms (Solaris) do not have AF_LOCAL; use AF_UNIX
Jeremy Harris [Wed, 8 Mar 2017 12:42:58 +0000 (12:42 +0000)]
Some platforms (Solaris) do not have AF_LOCAL; use AF_UNIX

7 years agoDocs: fix macro typo
Jeremy Harris [Wed, 8 Mar 2017 12:13:18 +0000 (12:13 +0000)]
Docs: fix macro typo