exim.git
8 years agoDocs: add warning on SNI-dependent certfile expansion needing a good default
Jeremy Harris [Wed, 12 Oct 2016 12:40:19 +0000 (13:40 +0100)]
Docs: add warning on SNI-dependent certfile expansion needing a good default

8 years agoLazy-create builtin macros
Jeremy Harris [Mon, 10 Oct 2016 19:24:34 +0000 (20:24 +0100)]
Lazy-create builtin macros

By only filling out the internal macro representation for the builtin macros
when a config line includes an underscore followed by a letter which might be one
we should save startup effort on configs which never use a builtin.

8 years agoFix check for commandline macro definition
Jeremy Harris [Mon, 10 Oct 2016 13:20:30 +0000 (14:20 +0100)]
Fix check for commandline macro definition
Without this, mailq (done by unpriv user) and daemon SIGHUP handling fail

Broken-by: c0b9d3e87264
8 years agoDocs: add section on builtin macros
Jeremy Harris [Sun, 9 Oct 2016 13:14:57 +0000 (14:14 +0100)]
Docs: add section on builtin macros

8 years agoDH parameters update, new values & default exim-4_88_RC2
Phil Pennock [Sun, 29 May 2016 06:31:18 +0000 (02:31 -0400)]
DH parameters update, new values & default

* Add three new Exim-specific DH parameter constants; state provenance,
  but no way for others to verify; this is a signed commit, which is
  about as much as we can do for the truly paranoid: provide an audit
  trail.
* Add the RFC 7919 DH primes
  + No TLS feature negotiation, per 7919, but the DH primes can be used
    if folks so choose
* Fixed broken format string in util/gen_pkcs3.c
* Tried to make gen_pkcs3.c support q values.
  + Turns out, q doesn't affect the PEM and that's not a mistake in my
    initialisation; I've checked with a cryptographer, we're losing some
    server-side optimizations but not any security properties for our
    scenario.

Fixes: 1895

8 years agoFix callouts connection fallback from TLS to cleartext. Bug 1897
Jeremy Harris [Sat, 8 Oct 2016 18:21:41 +0000 (19:21 +0100)]
Fix callouts connection fallback from TLS to cleartext.  Bug 1897

8 years agoDocs: add another index entry for delay_warning
Jeremy Harris [Wed, 5 Oct 2016 12:03:01 +0000 (13:03 +0100)]
Docs: add another index entry for delay_warning

8 years agoTestsuite: for CHUNKING set sender name explicitly
Jeremy Harris [Mon, 3 Oct 2016 23:11:32 +0000 (00:11 +0100)]
Testsuite: for CHUNKING set sender name explicitly
for consistent chunk size on different platforms

8 years agoTestsuite: for CHUNKING rewrite sender name in headers to consistent value
Jeremy Harris [Mon, 3 Oct 2016 16:00:05 +0000 (17:00 +0100)]
Testsuite: for CHUNKING rewrite sender name in headers to consistent value
for consistent chunk size on different test platforms

8 years agoClose logfile after a while waiting for non-smtp input. Bug 1891
Jeremy Harris [Sun, 2 Oct 2016 18:58:19 +0000 (19:58 +0100)]
Close logfile after a while waiting for non-smtp input.  Bug 1891

8 years agoAvoid parsing cost for auto-macro creates
Jeremy Harris [Sun, 2 Oct 2016 16:39:18 +0000 (17:39 +0100)]
Avoid parsing cost for auto-macro creates

8 years agoLogging: connection_reject log selector should apply also to the connect acl
Jeremy Harris [Sun, 2 Oct 2016 13:03:09 +0000 (14:03 +0100)]
Logging: connection_reject log selector should apply also to the connect acl

8 years agoFix mime ACL filename decode
Jeremy Harris [Fri, 30 Sep 2016 13:59:04 +0000 (14:59 +0100)]
Fix mime ACL filename decode

A latent bug (uninitialised memory referred to by $mime_decoded_filename)
uncovered by 40c90bca9f7e

8 years agoFix checking for -D option use
Jeremy Harris [Thu, 29 Sep 2016 22:18:54 +0000 (23:18 +0100)]
Fix checking for -D option use

Broken-by: c0b9d3e87264
8 years agoFeature macros should be uppercase
Jeremy Harris [Thu, 29 Sep 2016 21:56:02 +0000 (22:56 +0100)]
Feature macros should be uppercase

8 years agoDebug: fix openssl tls_close() debug output
Jeremy Harris [Thu, 29 Sep 2016 21:44:14 +0000 (22:44 +0100)]
Debug: fix openssl tls_close() debug output

8 years agoTestsuite: tidying
Jeremy Harris [Thu, 29 Sep 2016 20:25:47 +0000 (21:25 +0100)]
Testsuite: tidying

8 years agoRefactor driver feature-macro generation to be driven by existing tables
Jeremy Harris [Wed, 28 Sep 2016 21:24:00 +0000 (22:24 +0100)]
Refactor driver feature-macro generation to be driven by existing tables

Would like to do lookup drivers too but unsure about dyn-linked variants

8 years agoDefault to filesystem space/inode checking enabled
Jeremy Harris [Wed, 28 Sep 2016 18:41:08 +0000 (19:41 +0100)]
Default to filesystem space/inode checking enabled

8 years agoDrain socket to get clean TCP FINs
Jeremy Harris [Tue, 27 Sep 2016 22:23:52 +0000 (23:23 +0100)]
Drain socket to get clean TCP FINs

8 years agoAdd automatic macros for config-file options. Bug 1819
Jeremy Harris [Sun, 25 Sep 2016 21:59:36 +0000 (22:59 +0100)]
Add automatic macros for config-file options.  Bug 1819

8 years agoDocs: fix quotes
Jeremy Harris [Sat, 24 Sep 2016 16:59:51 +0000 (17:59 +0100)]
Docs: fix quotes

8 years agoDelivery: fix memory leak
Jeremy Harris [Sat, 24 Sep 2016 16:11:19 +0000 (17:11 +0100)]
Delivery: fix memory leak

8 years agoDoc: add clarification for DKIM example exim-4_88_RC1
Jeremy Harris [Fri, 23 Sep 2016 08:24:16 +0000 (09:24 +0100)]
Doc: add clarification for DKIM example

8 years agoDefend against symlink attack by another process running as exim
Jeremy Harris [Thu, 22 Sep 2016 21:55:49 +0000 (22:55 +0100)]
Defend against symlink attack by another process running as exim

Reported-by:
http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/

8 years agoRouting: avoid doing the one_time replacement operation when a redirect leaves the...
Jeremy Harris [Thu, 22 Sep 2016 18:59:48 +0000 (19:59 +0100)]
Routing: avoid doing the one_time replacement operation when a redirect leaves the address unchanged

When done, in combination with a defer the retry would see the address as delivered, hence losing mail.

8 years agoRouting: for efficiency, avoid complexifying the "condition" string until the second...
Jeremy Harris [Thu, 22 Sep 2016 18:29:49 +0000 (19:29 +0100)]
Routing: for efficiency, avoid complexifying the "condition" string until the second is read from config

8 years agoACL: merge the tables used for codition/modifier decode
Jeremy Harris [Sun, 18 Sep 2016 21:47:22 +0000 (22:47 +0100)]
ACL: merge the tables used for codition/modifier decode

8 years ago ACL: bsearch for controls
Jeremy Harris [Sun, 18 Sep 2016 17:14:29 +0000 (18:14 +0100)]
ACL: bsearch for controls

8 years agotidying
Jeremy Harris [Thu, 15 Sep 2016 22:58:57 +0000 (23:58 +0100)]
tidying

8 years agoDocs: mention Perl manpages for PCRE. Bug 1881
Jeremy Harris [Thu, 15 Sep 2016 20:43:22 +0000 (21:43 +0100)]
Docs: mention Perl manpages for PCRE.  Bug 1881

8 years agoLogging: fix errno decodes
Jeremy Harris [Tue, 13 Sep 2016 22:49:09 +0000 (23:49 +0100)]
Logging: fix errno decodes

8 years agoAuth: fix error check in CRAM-MD5
Jeremy Harris [Tue, 13 Sep 2016 22:41:55 +0000 (23:41 +0100)]
Auth: fix error check in CRAM-MD5

8 years agotidying
Jeremy Harris [Wed, 7 Sep 2016 20:58:04 +0000 (21:58 +0100)]
tidying

8 years agoLog EHLO response on getting conn-close response for HELO. Bug 1832
Jeremy Harris [Sat, 10 Sep 2016 20:37:56 +0000 (21:37 +0100)]
Log EHLO response on getting conn-close response for HELO.  Bug 1832

8 years agoReduce space used by flags in smtp transport
Jeremy Harris [Sat, 10 Sep 2016 20:36:33 +0000 (21:36 +0100)]
Reduce space used by flags in smtp transport

8 years agoMake BOOL unsigned; fix resulting latent bugs
Jeremy Harris [Sun, 11 Sep 2016 12:30:45 +0000 (13:30 +0100)]
Make BOOL unsigned; fix resulting latent bugs

8 years agoCutthrough: option to reflect 4xx errors from target to initiator
Jeremy Harris [Sun, 4 Sep 2016 13:54:18 +0000 (14:54 +0100)]
Cutthrough: option to reflect 4xx errors from target to initiator

8 years agoTestsuite: missing output file
Jeremy Harris [Sun, 4 Sep 2016 13:46:42 +0000 (14:46 +0100)]
Testsuite: missing output file

8 years agoDocs: prettify code examples. Bug 1284
Jeremy Harris [Sat, 3 Sep 2016 12:43:33 +0000 (13:43 +0100)]
Docs: prettify code examples.   Bug 1284

8 years agoDocs: add note on strict DKIM verification
Jeremy Harris [Sat, 3 Sep 2016 12:33:57 +0000 (13:33 +0100)]
Docs: add note on strict DKIM verification

8 years agoTestsuite: fix GnuTLS OCSP testing
Jeremy Harris [Thu, 1 Sep 2016 20:08:32 +0000 (21:08 +0100)]
Testsuite: fix GnuTLS OCSP testing

8 years agoSupport "G" multiplier on integer configuration values
Jeremy Harris [Thu, 1 Sep 2016 18:20:11 +0000 (19:20 +0100)]
Support "G" multiplier on integer configuration values

8 years agoTestsuite: fix spool-space testcase for larger disks
Jeremy Harris [Thu, 1 Sep 2016 18:02:06 +0000 (19:02 +0100)]
Testsuite: fix spool-space testcase for larger disks

8 years agoTidying: coverity issues
Jeremy Harris [Sat, 20 Aug 2016 16:52:15 +0000 (17:52 +0100)]
Tidying: coverity issues

8 years agoCHUNKING: after rejecting a pipelined SMTP command, flush any followon BDAT data
Jeremy Harris [Thu, 1 Sep 2016 17:25:58 +0000 (18:25 +0100)]
CHUNKING: after rejecting a pipelined SMTP command, flush any followon BDAT data

8 years agoAdd automatic macros for compile-time feature options
Jeremy Harris [Sun, 21 Aug 2016 22:44:06 +0000 (23:44 +0100)]
Add automatic macros for compile-time feature options

8 years agoTestsuite: fix macro conflict (X vs. HEADERS_MAXSIZE)
Jeremy Harris [Mon, 22 Aug 2016 11:34:21 +0000 (12:34 +0100)]
Testsuite: fix macro conflict (X vs. HEADERS_MAXSIZE)

8 years agotidying
Jeremy Harris [Sun, 21 Aug 2016 12:05:55 +0000 (13:05 +0100)]
tidying

8 years agoExpansions: more debug verbosity in expansion conditions
Jeremy Harris [Sun, 14 Aug 2016 20:00:46 +0000 (21:00 +0100)]
Expansions: more debug verbosity in expansion conditions

8 years agoTidying: coverity issues
Jeremy Harris [Fri, 12 Aug 2016 13:50:00 +0000 (14:50 +0100)]
Tidying: coverity issues

8 years agoTestsuite: rework timing of time-dependent testcase
Jeremy Harris [Fri, 19 Aug 2016 14:52:18 +0000 (15:52 +0100)]
Testsuite: rework timing of time-dependent testcase

8 years agoDelivery: fix transmission down an already-open connection, when
Jeremy Harris [Thu, 18 Aug 2016 20:27:55 +0000 (21:27 +0100)]
Delivery: fix transmission down an already-open connection, when
one of the group of addresses is unsuitable for it.  Bug 1874

Broken-by: 3070ceeeed05, fa41615da702.
8 years agoDelivery: same-host checking for transport runs should include port from address...
Jeremy Harris [Tue, 16 Aug 2016 15:26:31 +0000 (16:26 +0100)]
Delivery: same-host checking for transport runs should include port from address give by routing

8 years agotidying
Jeremy Harris [Wed, 17 Aug 2016 18:42:49 +0000 (19:42 +0100)]
tidying

8 years agoTestsuite: add progress detail to log of troublesome testcase
Jeremy Harris [Sun, 14 Aug 2016 21:19:59 +0000 (22:19 +0100)]
Testsuite: add progress detail to log of troublesome testcase

8 years agoDMARC: send forensic reports for reject & quarantine results, and "none" policy....
Tony Meyer [Sun, 14 Aug 2016 15:09:02 +0000 (16:09 +0100)]
DMARC: send forensic reports for reject & quarantine results, and "none" policy.  Bug 1846

8 years agoExpansions: new ${escape8bit:<string>} operator. Bug 1863
Jeremy Harris [Sun, 14 Aug 2016 14:11:04 +0000 (15:11 +0100)]
Expansions: new ${escape8bit:<string>} operator.  Bug 1863

8 years agoLMDB: introduce as Experimental. Bug 1856
Andrew Colin Kissa [Sun, 14 Aug 2016 12:45:08 +0000 (13:45 +0100)]
LMDB: introduce as Experimental.  Bug 1856

8 years agoACL: Ensure that acl_smtp_notquit is called for a conndrop between data-go-ahead...
Jasen Betts [Thu, 11 Aug 2016 22:31:57 +0000 (23:31 +0100)]
ACL: Ensure that acl_smtp_notquit is called for a conndrop between data-go-ahead and data-ack.
Bug 1872

8 years agoDefensive coding in ${run }
Jeremy Harris [Thu, 11 Aug 2016 19:22:37 +0000 (20:22 +0100)]
Defensive coding in ${run }

Bug 1870

8 years agotidying
Jeremy Harris [Thu, 11 Aug 2016 19:17:07 +0000 (20:17 +0100)]
tidying

Bug 1870

8 years agoTestsuite: missing output files
Jeremy Harris [Thu, 11 Aug 2016 11:48:50 +0000 (12:48 +0100)]
Testsuite: missing output files

8 years agoTestsuite: nail down hostname for CHUNKING test cases
Jeremy Harris [Tue, 9 Aug 2016 22:32:46 +0000 (23:32 +0100)]
Testsuite: nail down hostname for CHUNKING test cases

8 years agoDocs: more index entries for header lines
Jeremy Harris [Tue, 9 Aug 2016 16:46:41 +0000 (17:46 +0100)]
Docs: more index entries for header lines

8 years agoRadius: Fix authentication for Radius libraries that return REJECT_RC. Bug 1850
Leonhard Knauff [Mon, 8 Aug 2016 20:48:20 +0000 (21:48 +0100)]
Radius: Fix authentication for Radius libraries that return REJECT_RC.  Bug 1850

8 years agoDKIM: reduce memory usage (2nd go)
Jeremy Harris [Mon, 8 Aug 2016 20:07:55 +0000 (21:07 +0100)]
DKIM: reduce memory usage (2nd go)

8 years agoTestsuite: accept debug & testscript output sizes varying with testhost name
Jeremy Harris [Mon, 8 Aug 2016 15:26:14 +0000 (16:26 +0100)]
Testsuite: accept debug & testscript output sizes varying with testhost name

8 years agoTestsuite: account for change in debug
Jeremy Harris [Mon, 8 Aug 2016 13:30:44 +0000 (14:30 +0100)]
Testsuite: account for change in debug

Broken-by: fb6833e0a559
8 years agoCHUNKING/DKIM: fix handling of lines having a leading dot
Jeremy Harris [Sat, 6 Aug 2016 23:03:56 +0000 (00:03 +0100)]
CHUNKING/DKIM: fix handling of lines having a leading dot

8 years agoRevert "DKIM: reduce memory usage"
Jeremy Harris [Sun, 7 Aug 2016 22:19:02 +0000 (23:19 +0100)]
Revert "DKIM: reduce memory usage"

This reverts commit dea4897244b409bf91dc60a7e5e4b3d06f123dd6.
It appears to induce spurious behaviour, seen in the testsuite.  Possibly
the sha_hash update calls think the memory they are passed will still
be around later (eg. at sha_finish time)?   A pity, since currently
we are allocating for the entire message body - which could easily
be MB or (future) GB.

8 years agoCHUNKING: fix transmit with long headers
Jeremy Harris [Sun, 7 Aug 2016 14:14:59 +0000 (15:14 +0100)]
CHUNKING: fix transmit with long headers

When the buffer used for SMTP commands and message headers filled to flush
point, protocol sequencing was wrong.

8 years agoDKIM: reduce memory usage
Jeremy Harris [Sat, 6 Aug 2016 22:01:13 +0000 (23:01 +0100)]
DKIM: reduce memory usage

8 years agoRouting: in a dnslookup, fix fail_defer_domains to defer on missing MX record. Bug...
Jeremy Harris [Sat, 6 Aug 2016 17:28:18 +0000 (18:28 +0100)]
Routing: in a dnslookup, fix fail_defer_domains to defer on missing MX record.  Bug 1867

8 years agoFix DISABLE_DKIM build & test. Fix build on systems lacking MAX in standard includes.
Jeremy Harris [Sat, 6 Aug 2016 14:51:01 +0000 (15:51 +0100)]
Fix DISABLE_DKIM build & test.  Fix build on systems lacking MAX in standard includes.
Broken-by: 44bc8f0c2f35
8 years agoMerge branch 'CHUNKING'
Jeremy Harris [Sat, 6 Aug 2016 13:04:45 +0000 (14:04 +0100)]
Merge branch 'CHUNKING'

8 years agotidying
Jeremy Harris [Thu, 4 Aug 2016 23:26:23 +0000 (00:26 +0100)]
tidying

8 years agoDocs: add warning on non-ASCII results from SpamAssassin. Bug 1863
Jeremy Harris [Thu, 4 Aug 2016 19:31:20 +0000 (20:31 +0100)]
Docs: add warning on non-ASCII results from SpamAssassin.  Bug 1863

8 years agoMerge branch 'fakereject'
Jeremy Harris [Thu, 4 Aug 2016 14:26:05 +0000 (15:26 +0100)]
Merge branch 'fakereject'

8 years agoLogging: visibility of fakereject
Jeremy Harris [Tue, 19 Jul 2016 22:53:35 +0000 (23:53 +0100)]
Logging: visibility of fakereject

8 years agoDKIM: log error on overlong input line
Jeremy Harris [Thu, 4 Aug 2016 12:26:27 +0000 (13:26 +0100)]
DKIM: log error on overlong input line

8 years agoNamed queues: Add queue name to "queued by ACL" log line
Jeremy Harris [Wed, 20 Jul 2016 11:40:28 +0000 (12:40 +0100)]
Named queues: Add queue name to "queued by ACL" log line

8 years agoDANE: treat a TLSA response having only non-TLSA records the same as a no-match response
Jeremy Harris [Wed, 3 Aug 2016 10:32:32 +0000 (11:32 +0100)]
DANE: treat a TLSA response having only non-TLSA records the same as a no-match response

8 years agopass advertised facility to continued-transport process
Jeremy Harris [Tue, 2 Aug 2016 11:10:41 +0000 (12:10 +0100)]
pass advertised facility to continued-transport process

8 years agotransmit logging
Jeremy Harris [Tue, 2 Aug 2016 09:53:06 +0000 (10:53 +0100)]
transmit logging

8 years agotestcases for PRDR
Jeremy Harris [Mon, 1 Aug 2016 23:24:00 +0000 (00:24 +0100)]
testcases for PRDR

8 years agotestcases for TLS
Jeremy Harris [Mon, 1 Aug 2016 21:39:20 +0000 (22:39 +0100)]
testcases for TLS

8 years agoreceive docs
Jeremy Harris [Mon, 1 Aug 2016 20:56:00 +0000 (21:56 +0100)]
receive docs

8 years agoreceive with DKIM
Jeremy Harris [Mon, 1 Aug 2016 17:38:22 +0000 (18:38 +0100)]
receive with DKIM

8 years agotransmit with DKIM
Jeremy Harris [Mon, 1 Aug 2016 14:01:15 +0000 (15:01 +0100)]
transmit with DKIM

8 years agobasic & pipelined transmit testcases
Jeremy Harris [Sat, 30 Jul 2016 15:29:22 +0000 (16:29 +0100)]
basic & pipelined transmit testcases

8 years agoCallback into smtp transport for BDAT commands
Jeremy Harris [Thu, 28 Jul 2016 21:41:17 +0000 (22:41 +0100)]
Callback into smtp transport for BDAT commands

8 years agotidying
Jeremy Harris [Tue, 26 Jul 2016 18:44:08 +0000 (19:44 +0100)]
tidying

8 years agofeed need for BDAT down to write_chunk()
Jeremy Harris [Sun, 24 Jul 2016 13:18:57 +0000 (14:18 +0100)]
feed need for BDAT down to write_chunk()

8 years agotidying: dkim output buffer
Jeremy Harris [Thu, 21 Jul 2016 13:38:48 +0000 (14:38 +0100)]
tidying: dkim output buffer

8 years agotidying: dkim output function args
Jeremy Harris [Wed, 20 Jul 2016 16:56:40 +0000 (17:56 +0100)]
tidying: dkim output function args

8 years agotransmit peer capability recognition
Jeremy Harris [Wed, 20 Jul 2016 15:49:24 +0000 (16:49 +0100)]
transmit peer capability recognition

8 years agoreceive flow processing
Jeremy Harris [Wed, 13 Jul 2016 20:28:18 +0000 (21:28 +0100)]
receive flow processing

8 years agoFix $body_linecount for empty lines
Jeremy Harris [Sun, 31 Jul 2016 14:46:51 +0000 (15:46 +0100)]
Fix $body_linecount for empty lines

8 years agoLogging: Fix logging of errors under PIPELINING
Jeremy Harris [Sun, 31 Jul 2016 14:14:51 +0000 (15:14 +0100)]
Logging: Fix logging of errors under PIPELINING