exim.git
11 years agoFix numeric comparisons for 64b. Bug 1385
Jeremy Harris [Sun, 15 Sep 2013 15:41:40 +0000 (16:41 +0100)]
Fix numeric comparisons for 64b.  Bug 1385

11 years agoChangeLog is in chronological order within each release.
Phil Pennock [Wed, 4 Sep 2013 21:41:47 +0000 (14:41 -0700)]
ChangeLog is in chronological order within each release.

numbers are sequential, namespaced by users.

11 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Wed, 4 Sep 2013 20:13:57 +0000 (13:13 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

11 years agoMake sender/recipient search case-insensitive
Todd Lyons [Wed, 4 Sep 2013 20:12:54 +0000 (13:12 -0700)]
Make sender/recipient search case-insensitive

11 years agotls_dhparam size constraint suggestions.
Phil Pennock [Wed, 4 Sep 2013 17:58:51 +0000 (10:58 -0700)]
tls_dhparam size constraint suggestions.

Between NSS and Debian patching of older Exim releases, there's a narrow
range of values likely to interoperate well.  Document this.

11 years agoGnuTLS website moves
Phil Pennock [Sun, 1 Sep 2013 22:24:04 +0000 (15:24 -0700)]
GnuTLS website moves

11 years agoFix segfault in stdio with non-SMTP MIME ACL.
Phil Pennock [Wed, 31 Jul 2013 22:50:04 +0000 (18:50 -0400)]
Fix segfault in stdio with non-SMTP MIME ACL.

When injecting a message locally in non-SMTP mode, and with MIME ACLs
configured, if the ACL rejected the message, Exim would try to
`fprintf(NULL, "%s", the_message)`.  This fixes that.

Most ACLs are plumbed in SMTP-only and looking through the others in
receive.c, they all appear to be safely guarded, so it was just this one
that slipped through.

Crash report and assistance tracking down the root cause from Warren
Baker.

11 years agoFix debug output in ${acl }
Jeremy Harris [Sun, 21 Jul 2013 23:06:04 +0000 (00:06 +0100)]
Fix debug output in ${acl }

11 years agoMore tidying of ACL-config skip
Jeremy Harris [Sun, 21 Jul 2013 16:31:55 +0000 (17:31 +0100)]
More tidying of ACL-config skip

11 years agoRemove ACL-config skip so that ${acl } expansions work from queue-runs.
Jeremy Harris [Sun, 21 Jul 2013 11:50:53 +0000 (12:50 +0100)]
Remove ACL-config skip so that ${acl } expansions work from queue-runs.

Previously we skipped parsing the ACL section when not needed.  Now it is
potentially needed in all cases.  The skip was ~5% faster than a full parse
so probably not a large part of the exim process startup.

Fix up testsuite output files affected by the removal and add a regression test.

11 years agoAdd gdb history file to git ignore
Todd Lyons [Fri, 12 Jul 2013 17:04:12 +0000 (10:04 -0700)]
Add gdb history file to git ignore

11 years agoAdd test for ${hexquote:
Jeremy Harris [Tue, 2 Jul 2013 23:07:12 +0000 (00:07 +0100)]
Add test for ${hexquote:

11 years agoAdd notes and helper-script for OCSP
Jeremy Harris [Sun, 30 Jun 2013 14:50:35 +0000 (15:50 +0100)]
Add notes and helper-script for OCSP

11 years agoUse function macro instead of explicit arg cast.
Todd Lyons [Wed, 19 Jun 2013 21:55:03 +0000 (14:55 -0700)]
Use function macro instead of explicit arg cast.

11 years agoQuiet signedness compiler warnings.
Todd Lyons [Wed, 19 Jun 2013 16:36:11 +0000 (09:36 -0700)]
Quiet signedness compiler warnings.

11 years agoSupport safari_ecdhe_ecdsa_bug for openssl_options
Phil Pennock [Mon, 17 Jun 2013 01:32:11 +0000 (21:32 -0400)]
Support safari_ecdhe_ecdsa_bug for openssl_options

11 years agoGuard LDAP TLS usage against Solaris LDAP variant.
Phil Pennock [Mon, 10 Jun 2013 06:50:18 +0000 (02:50 -0400)]
Guard LDAP TLS usage against Solaris LDAP variant.

PP/22
Report from Prashanth Katuri.

This variant ensures that if TLS won't be activated because of
compile-time guards, but was requested, then we at least debug-log _why_
we're not doing anything.

11 years agoFix eximon continuous updating with timestamped log-files.
Phil Pennock [Tue, 4 Jun 2013 21:34:36 +0000 (17:34 -0400)]
Fix eximon continuous updating with timestamped log-files.

Report and fix from Heiko Schlichting.

Fixes 1363.

11 years agoAdd doc comment on use of forany.
Jeremy Harris [Sat, 25 May 2013 19:49:46 +0000 (20:49 +0100)]
Add doc comment on use of forany.

11 years agoreadconf: clarify a retry rule parsing error message
Tony Finch [Fri, 24 May 2013 10:07:46 +0000 (11:07 +0100)]
readconf: clarify a retry rule parsing error message

Submitted by: Paul Osborne <paul.osborne@canterbury.ac.uk>

11 years agoDocumentation for udpsend and ${hexquote:
Tony Finch [Thu, 23 May 2013 15:58:32 +0000 (16:58 +0100)]
Documentation for udpsend and ${hexquote:

11 years agoThe udpsend ACL modifier.
Tony Finch [Fri, 12 Oct 2012 13:54:07 +0000 (14:54 +0100)]
The udpsend ACL modifier.

This is for reporting mailer activity without going via the log files.

11 years ago${hexquote: expansion operator
Tony Finch [Fri, 12 Oct 2012 13:52:28 +0000 (14:52 +0100)]
${hexquote: expansion operator

This converts octets outside the range 0x21-0x7E (the ASCII
graphic characters) to \xNN hex escapes.

11 years agoMerge branch 'callout_auth'
Jeremy Harris [Wed, 22 May 2013 17:49:49 +0000 (18:49 +0100)]
Merge branch 'callout_auth'

11 years agoLog AUTH info on cutthrough deliveries.
Jeremy Harris [Wed, 22 May 2013 00:09:08 +0000 (01:09 +0100)]
Log AUTH info on cutthrough deliveries.

11 years agoTypo in doc source.
Jeremy Harris [Tue, 21 May 2013 17:32:27 +0000 (18:32 +0100)]
Typo in doc source.

11 years agoSupport AUTH for verify-callout and cutthrough-delivery.
Jeremy Harris [Sun, 19 May 2013 17:14:50 +0000 (18:14 +0100)]
Support AUTH for verify-callout and cutthrough-delivery.

Refactored smtp transport to pull out AUTH-related routines so they could be
also called from the verify code.

Bugs 321, 823.

11 years agoAdd compile-time checks for various tables being in alphabetical order.
Jeremy Harris [Sun, 12 May 2013 21:31:36 +0000 (22:31 +0100)]
Add compile-time checks for various tables being in alphabetical order.

This is gross hackery and somewhat fragile.  A better method would
actuallyt compile the 'C' involved and check programmatically.

11 years agoFix dns_retry definition.
Todd Lyons [Wed, 8 May 2013 12:46:00 +0000 (05:46 -0700)]
Fix dns_retry definition.

Was placed in non-alphabetical order.

11 years agoSecurity considerations: running local commands
Phil Pennock [Mon, 6 May 2013 01:32:09 +0000 (21:32 -0400)]
Security considerations: running local commands

Call out the dangers of use_shell in the security considerations
chapter.

Call out a number of related dangers too.

11 years agoUse enum for cutthrough receive processing state.
Jeremy Harris [Sun, 21 Apr 2013 18:21:25 +0000 (19:21 +0100)]
Use enum for cutthrough receive processing state.

11 years agoDocument PRDR, OCSP & DMARC options in OptionLists file.
Jeremy Harris [Sun, 21 Apr 2013 17:59:06 +0000 (18:59 +0100)]
Document PRDR, OCSP & DMARC options in OptionLists file.

11 years agoAdd entry to Changelog.
Todd Lyons [Fri, 19 Apr 2013 21:21:40 +0000 (14:21 -0700)]
Add entry to Changelog.

11 years agoRemove static from local variable declaration.
Todd Lyons [Tue, 16 Apr 2013 20:25:59 +0000 (13:25 -0700)]
Remove static from local variable declaration.

11 years agoFix history file logging to use correct variables
Todd Lyons [Tue, 9 Apr 2013 19:41:50 +0000 (12:41 -0700)]
Fix history file logging to use correct variables

Remove SPF domain synthesis, just use HELO.

11 years agoWithhold TLD load error if not defined in conf
Todd Lyons [Mon, 8 Apr 2013 17:13:28 +0000 (10:13 -0700)]
Withhold TLD load error if not defined in conf

11 years agoMove DKIM endif.
Todd Lyons [Fri, 5 Apr 2013 17:45:55 +0000 (10:45 -0700)]
Move DKIM endif.

Fix a few cosmetic differences.

11 years agoDMARC documentation and license
Todd Lyons [Mon, 1 Apr 2013 18:36:30 +0000 (11:36 -0700)]
DMARC documentation and license

11 years agoDMARC support by opendmarc libs
Todd Lyons [Mon, 1 Apr 2013 18:33:08 +0000 (11:33 -0700)]
DMARC support by opendmarc libs

11 years agoFix runtest -CONTINUE to work everywhere
Todd Lyons [Mon, 8 Apr 2013 17:20:46 +0000 (10:20 -0700)]
Fix runtest -CONTINUE to work everywhere

Changes the $more variable to just cat the changes to STDOUT and not
  pipe it through less or more.

11 years agoDrop mistakenly-added test config
Jeremy Harris [Sun, 7 Apr 2013 16:22:49 +0000 (17:22 +0100)]
Drop mistakenly-added test config

11 years agoMerge branch 'ocsp_staple_rollup'
Jeremy Harris [Sun, 7 Apr 2013 16:09:10 +0000 (17:09 +0100)]
Merge branch 'ocsp_staple_rollup'

* ocsp_staple_rollup:
  tidying
  OCSP-stapling enhancement and testing.

11 years agoUpdate testsuite case 0390 for force_command addition to pipe transport
root [Sun, 7 Apr 2013 13:47:44 +0000 (14:47 +0100)]
Update testsuite case 0390 for force_command addition to pipe transport

11 years agoFix -p doc mention of Perl -pd conflict.
Phil Pennock [Wed, 3 Apr 2013 13:50:32 +0000 (09:50 -0400)]
Fix -p doc mention of Perl -pd conflict.

Reported by Heiko Schlichting.
fixes 1345

11 years agoEnsure OpenSSL entropy state reset across forks.
Phil Pennock [Tue, 2 Apr 2013 16:37:03 +0000 (12:37 -0400)]
Ensure OpenSSL entropy state reset across forks.

Note that this function is never going to be called pre-fork unless the
admin is doing something highly unusual with ${randint:..} in a context
evaluated in the listening daemon.  Other forks should result in a
re-exec(), thus resetting state.

Nonetheless, be more cautious, explicitly reset state.

Fix per PostgreSQL.

PS: why does OpenSSL not document RAND_cleanup() on the same page as all
    the other entropy pool maintenance functions?

11 years agoClean & integrate force_command.
Phil Pennock [Tue, 2 Apr 2013 01:24:14 +0000 (21:24 -0400)]
Clean & integrate force_command.

Work by J. Nick Koston, for cPanel, Inc.

11 years agotidying
Jeremy Harris [Mon, 1 Apr 2013 21:25:45 +0000 (22:25 +0100)]
tidying

11 years agoAdd the force_command option to the pipe transport
J. Nick Koston [Sat, 30 Mar 2013 07:22:53 +0000 (02:22 -0500)]
Add the force_command option to the pipe transport

Normally when a router redirects an address directly to a pipe command
the command option on the transport is ignored.  If force_command
is set, the command option will expanded and used. This is especially
useful for forcing a wrapper or additional argument to be added to the
command.

11 years agoOCSP-stapling enhancement and testing.
Jeremy Harris [Sun, 24 Mar 2013 21:49:12 +0000 (21:49 +0000)]
OCSP-stapling enhancement and testing.

Server:
  Honor environment variable as well as running_in_test_harness in permitting bogus staplings
  Update server tests
  Add "-ocsp" option to client-ssl.
  Server side: add verification of stapled status.
  First cut server-mode ocsp testing.
  Fix some uninitialized ocsp-related data.

Client (new):
  Verify stapling using only the chain that verified the server cert, not any acceptable chain.
  Add check for multiple responses in a stapling, which is not handled
  Refuse verification on expired and revoking staplings.
  Handle OCSP client refusal on lack of stapling from server.
  More fixing in client OCSP: use the server cert signing chain to verify the OCSP info.
  Add transport hosts_require_ocsp option.
  Log stapling responses.
  Start on tests for client-side.

Testing support:
    Add CRL generation code and documentation update
    Initial CA & certificate set for testing.

BUGFIX:
    Once a single OCSP response has been extracted the validation
    routine return code is no longer about the structure, but the actual
    returned OCSP status.

11 years agoRename dns_use_dnssec to dns_dnssec_ok.
Phil Pennock [Sat, 23 Mar 2013 23:46:22 +0000 (19:46 -0400)]
Rename dns_use_dnssec to dns_dnssec_ok.

This per Tony's suggestion; this makes it clearer that we are merely
setting resolver flags, not performing validation ourselves.

Well, clearer to those who understand DNSSEC.  For everyone else,
they'll still be dependent upon a forthcoming new chapter to the
Specification.

11 years agoOpenSSL fix empty tls_verify_certificates.
Phil Pennock [Wed, 13 Mar 2013 23:48:22 +0000 (19:48 -0400)]
OpenSSL fix empty tls_verify_certificates.

New behaviour matches GnuTLS handling, and is documented.

Previously, a tls_verify_certificates expansion forced failure was the
only portable way to avoid setting this option.  Now, an empty string is
equivalent.

11 years agoGuard smtp_user_msg() with EXPERIMENTAL_PRDR check.
Phil Pennock [Mon, 11 Mar 2013 20:03:39 +0000 (16:03 -0400)]
Guard smtp_user_msg() with EXPERIMENTAL_PRDR check.

Resolves:

    gcc receive.c
    receive.c:520: warning: 'smtp_user_msg' defined but not used

11 years agoconfigure.default handle IPv6 localhost better.
Phil Pennock [Mon, 11 Mar 2013 18:18:23 +0000 (14:18 -0400)]
configure.default handle IPv6 localhost better.

Base patch by Alain Williams.
Tweaked, to avoid putting an IPv6-dependency into the default
uncommented form, and some rewording.

Bugzilla 880.
GitHub PR #1.

11 years agoDocument the last change in ChangeLog
Phil Pennock [Mon, 11 Mar 2013 18:10:03 +0000 (14:10 -0400)]
Document the last change in ChangeLog

11 years agoHandle recursion better, caused by ACLs.
Phil Pennock [Tue, 5 Mar 2013 21:59:49 +0000 (16:59 -0500)]
Handle recursion better, caused by ACLs.

Issue debugged by Todd Lyons, this fix from me.

11 years agoBug 1339: DCC update (Wolfgang Breyha)
Jeremy Harris [Sat, 16 Feb 2013 15:21:17 +0000 (15:21 +0000)]
Bug 1339: DCC update (Wolfgang Breyha)

11 years agoAdd a few temp doc items to ignore
Todd Lyons [Fri, 15 Feb 2013 16:52:32 +0000 (08:52 -0800)]
Add a few temp doc items to ignore

11 years agotls_out.sni fix for ancient-OpenSSL #ifdef branch
Phil Pennock [Sun, 3 Feb 2013 05:12:13 +0000 (00:12 -0500)]
tls_out.sni fix for ancient-OpenSSL #ifdef branch

11 years agoPRDR support, if compiled with EXPERIMENTAL_PRDR
Jeremy Harris [Sat, 26 Jan 2013 23:21:37 +0000 (23:21 +0000)]
PRDR support, if compiled with EXPERIMENTAL_PRDR

11 years agoUpdate eximstats to watch out for senders sending 'HELO [IpAddr]'
Steve Campbell [Mon, 14 Jan 2013 23:00:11 +0000 (23:00 +0000)]
Update eximstats to watch out for senders sending 'HELO [IpAddr]'

11 years agoFix GNU Hurd interface IPv6 address detection.
Phil Pennock [Mon, 14 Jan 2013 19:05:25 +0000 (14:05 -0500)]
Fix GNU Hurd interface IPv6 address detection.

Define SIOCGIFCONF_GIVES_ADDR in OS/os.h-GNU

Fixes 1331.

11 years agoTypo & nit fixes.
Phil Pennock [Mon, 7 Jan 2013 06:01:30 +0000 (01:01 -0500)]
Typo & nit fixes.

JH has made more changes than he realised.  New second JH/11 to JH/13.

11 years agoRestrict lifetime of $router_name and $transport_name. Bug 308.
Jeremy Harris [Tue, 25 Dec 2012 22:16:29 +0000 (22:16 +0000)]
Restrict lifetime of $router_name and $transport_name. Bug 308.

The router name is explicitly nulled after the router exits;
the transport name is set only in the subprocess it runs in.

11 years agoAdd $router_name and $transport_name variables. Bug 308.
Jeremy Harris [Sat, 6 Oct 2012 22:20:08 +0000 (23:20 +0100)]
Add $router_name and $transport_name variables.  Bug 308.

11 years agogen_pkcs3: add comment explaining rationale
Phil Pennock [Sun, 23 Dec 2012 19:23:01 +0000 (14:23 -0500)]
gen_pkcs3: add comment explaining rationale

Wondering why you wrote some code and having to grep the source code to find out,
in the same year that you wrote it, is generally a sign of missing information.

Fixed.

11 years agoTypo fixes (experimental-spec)
Phil Pennock [Sun, 23 Dec 2012 19:05:40 +0000 (14:05 -0500)]
Typo fixes (experimental-spec)

11 years agoUpdate testsuite (gnutls) outputs to match 6822b9.
Jeremy Harris [Sun, 23 Dec 2012 19:13:41 +0000 (19:13 +0000)]
Update testsuite (gnutls) outputs to match 6822b9.

11 years agoAdd notification of OCSP-stapling facility inclusion.
Jeremy Harris [Sun, 23 Dec 2012 16:18:16 +0000 (16:18 +0000)]
Add notification of OCSP-stapling facility inclusion.

11 years agoGnuTLS-FAQ: typo fixes & glitch re standard primes
Phil Pennock [Thu, 20 Dec 2012 22:42:34 +0000 (17:42 -0500)]
GnuTLS-FAQ: typo fixes & glitch re standard primes

Mostly typos.

Was one instance of "which a future release of Exim will probably support"
which should already have been "which Exim now supports". Doh. Fixed
too.

11 years agoInitialise OCSP-related pointers before use.
Jeremy Harris [Tue, 18 Dec 2012 16:36:27 +0000 (16:36 +0000)]
Initialise OCSP-related pointers before use.

11 years agoDocument scripts/lookups-Makefile for new lookups.
Phil Pennock [Wed, 12 Dec 2012 01:18:22 +0000 (20:18 -0500)]
Document scripts/lookups-Makefile for new lookups.

Missing step for adding a new lookup noticed by Paul Gamble.

11 years agoOCSP/SNI: set correct callback.
Phil Pennock [Mon, 10 Dec 2012 00:23:06 +0000 (19:23 -0500)]
OCSP/SNI: set correct callback.

Caught by Jeremy; was wrong in (my) original commit, the dual-TLS work
had just renamed the variables and theoretically made it more visible.
I still missed it.

The server_sni context initialisation was setting the OCSP status
callback context parameter back on the original server_ctx instead of
the new server_sni context.

I guess OCSP and SNI aren't being used together in Exim much yet.

11 years agoFix tests 5400, 5401, 5410, 5420 to work under any user.
Jeremy Harris [Sun, 9 Dec 2012 14:27:37 +0000 (14:27 +0000)]
Fix tests 5400, 5401, 5410, 5420 to work under any user.

11 years agoNote build fixes in ChangeLog
Tony Finch [Fri, 7 Dec 2012 18:13:38 +0000 (18:13 +0000)]
Note build fixes in ChangeLog

11 years agoAvoid unnecessary rebuilds of lookup helper functions.
Tony Finch [Fri, 7 Dec 2012 18:06:47 +0000 (18:06 +0000)]
Avoid unnecessary rebuilds of lookup helper functions.

11 years agoAvoid spurious rebuilds of the dynamic lookups Makefile.
Tony Finch [Fri, 7 Dec 2012 17:44:42 +0000 (17:44 +0000)]
Avoid spurious rebuilds of the dynamic lookups Makefile.

This was noticable when re-building as a non-privileged user
after installing as root; lookups/Makefile had been rebuilt
by root and when it was rebuilt again by the unprivileged user
`mv` demanded confirmation before overwriting the file.

11 years agoFix tests 5401 and 5410 when not run under a user named eximtest.
Tony Finch [Fri, 7 Dec 2012 15:49:31 +0000 (15:49 +0000)]
Fix tests 5401 and 5410 when not run under a user named eximtest.

11 years agoFix test 5400 when not run under a user named eximtest.
Tony Finch [Fri, 7 Dec 2012 15:45:00 +0000 (15:45 +0000)]
Fix test 5400 when not run under a user named eximtest.

11 years agoA safer version of the check for gecos expansion.
Tony Finch [Fri, 7 Dec 2012 11:52:09 +0000 (11:52 +0000)]
A safer version of the check for gecos expansion.

11 years agoMore test updates following the retry fix.
Tony Finch [Fri, 7 Dec 2012 11:49:15 +0000 (11:49 +0000)]
More test updates following the retry fix.

Most of these are due to the changes in the logging of
ultimate timeout checks.

Test 0548 is more meaningfully affected. The test originally
failed to spot that the recipient-specific deferrals pushed
past the ultimate retry timeout.

11 years agoUpdate test 0357 following the retry fix.
Tony Finch [Thu, 6 Dec 2012 20:19:45 +0000 (20:19 +0000)]
Update test 0357 following the retry fix.

11 years agoMake gecos expansion work with test 0412 as well as 0254.
Tony Finch [Thu, 6 Dec 2012 20:16:39 +0000 (20:16 +0000)]
Make gecos expansion work with test 0412 as well as 0254.

11 years agoAdded DCC entry to Changelog as GF/01 (2nd attempt)
Graeme Fowler [Thu, 6 Dec 2012 20:04:21 +0000 (20:04 +0000)]
Added DCC entry to Changelog as GF/01 (2nd attempt)

11 years agoRevert "Added DCC entry to Changelog as GF/01"
Graeme Fowler [Thu, 6 Dec 2012 20:02:02 +0000 (20:02 +0000)]
Revert "Added DCC entry to Changelog as GF/01"

This reverts commit fee685ddb4cb1a995556b5cc35df907ae7a8ad62.

11 years agoAdded DCC entry to Changelog as GF/01
Graeme Fowler [Thu, 6 Dec 2012 19:59:51 +0000 (19:59 +0000)]
Added DCC entry to Changelog as GF/01

11 years agoFix my earlier "fix" for intermittently deliverable recipients.
Tony Finch [Thu, 6 Dec 2012 19:28:27 +0000 (19:28 +0000)]
Fix my earlier "fix" for intermittently deliverable recipients.

Only do the ultimate address timeout check if there is an address
retry record and there is not a domain retry record; this implies
that previous attempts to handle the address had the retry_use_local_parts
option turned on. We use this as an approximation for the destination
being like a local delivery, as in LMTP.

11 years agoCorrect gecos expansion when From: is a prefix of the username.
Tony Finch [Thu, 6 Dec 2012 19:11:28 +0000 (19:11 +0000)]
Correct gecos expansion when From: is a prefix of the username.

Test 0254 submits a message to Exim with the header

  Resent-From: f

When I ran the test suite under the user fanf2, Exim expanded
the header to contain my full name, whereas it should have added
a Resent-Sender: header. It erroneously treats any prefix of the
username as equal to the username.

This change corrects that bug.

11 years agoExplain the 3 SSL_CTX we have
Phil Pennock [Sun, 2 Dec 2012 23:55:49 +0000 (18:55 -0500)]
Explain the 3 SSL_CTX we have

11 years agoFix eximon build.
Jeremy Harris [Sun, 2 Dec 2012 18:47:28 +0000 (18:47 +0000)]
Fix eximon build.

11 years agoAdd retry timeout fix to ChangeLog
Tony Finch [Fri, 30 Nov 2012 16:01:00 +0000 (16:01 +0000)]
Add retry timeout fix to ChangeLog

11 years agoFix ultimate retry timeouts for intermittently deliverable recipients.
Tony Finch [Thu, 29 Nov 2012 18:39:52 +0000 (18:39 +0000)]
Fix ultimate retry timeouts for intermittently deliverable recipients.

When a queue runner is handling a message, Exim first routes the
recipient addresses, during which it prunes them based on the retry
hints database. After that it attempts to deliver the message to
any remaining recipients. It then updates the hints database using
the retry rules.

So if a recipient address works intermittently, it can get repeatedly
deferred at routing time. The retry hints record remains fresh so the
address never reaches the final cutoff time.

This is a fairly common occurrence when a user is bumping up against
their storage quota. Exim had some logic in its local delivery code
to deal with this. However it did not apply to per-recipient defers
in remote deliveries, e.g. over LMTP to a separate IMAP message store.

This commit adds a proper retry rule check during routing so that
the final cutoff time is checked against the message's age. I also
took the opportunity to unify three very similar blocks of code.

I suspect this new check makes the old local delivery cutoff check
redundant, but I have not verified this so I left the code in place.

12 years agoUse new .copyyear macro
Phil Pennock [Tue, 27 Nov 2012 01:07:48 +0000 (20:07 -0500)]
Use new .copyyear macro

12 years agoRevert copyright years to manual-update. Bug 1318.
Jeremy Harris [Sun, 25 Nov 2012 14:22:42 +0000 (14:22 +0000)]
Revert copyright years to manual-update.  Bug 1318.

12 years agoInsert version number and date into documentation at build time. Bug 1318.
Jeremy Harris [Sat, 24 Nov 2012 22:51:55 +0000 (22:51 +0000)]
Insert version number and date into documentation at build time.  Bug 1318.

Write a temp file with macro definitions from the makefile, and include it
from the doc sources.  Pass the version to make from the perl script.

It is still needed to manually update the previous-version number and
changebar indicators (.new/.wen) manually.

12 years agoDCC debug and logging tidy
Graeme Fowler [Fri, 23 Nov 2012 09:39:42 +0000 (09:39 +0000)]
DCC debug and logging tidy

12 years agoFix merge problem.
Jeremy Harris [Fri, 23 Nov 2012 01:33:31 +0000 (01:33 +0000)]
Fix merge problem.

12 years agoCheck syscall return values.
Jeremy Harris [Fri, 23 Nov 2012 00:52:43 +0000 (00:52 +0000)]
Check syscall return values.

Mostly just compiler-quietening rather than intelligent error-handling.
This deals with complaints of "attribute warn_unused_result" during an rpm
build for SL6 (probably for Fedora also).

12 years agoFix 64b build.
Jeremy Harris [Sat, 17 Nov 2012 21:47:26 +0000 (21:47 +0000)]
Fix 64b build.

12 years agoDovecot: robustness; better msg on missing mech.
Phil Pennock [Tue, 20 Nov 2012 04:44:33 +0000 (23:44 -0500)]
Dovecot: robustness; better msg on missing mech.

If the dovecot protocol response doesn't include the MECH message for
the SMTP AUTH protocol the client has requested, that's not a protocol
failure, don't log it as such.  Instead, explicitly log that it didn't
advertise the mechanism we're looking for.  This lets administrators fix
either their Exim or their Dovecot configurations.

Also: make the Dovecot handling more resistant to bad data from the auth
server; handle too many fields with debug-log message to explain what's
going on, permit lines of 8192 length per spec and detect if the line is
too long, so that we can fail auth instead of becoming unsynchronised.

Stop using the CUID from the server as the AUTH id counter.  They're
different, by my reading of the spec.

TESTED: works against Dovecot 2.1.10.

Thanks to Brady Catherman for reporting the problem with diagnosis.

12 years agoMore compiler quietening.
Jeremy Harris [Sun, 18 Nov 2012 17:03:38 +0000 (17:03 +0000)]
More compiler quietening.