exim.git
8 years agoDefend against symlink attack by another process running as exim
Jeremy Harris [Thu, 22 Sep 2016 21:55:49 +0000 (22:55 +0100)]
Defend against symlink attack by another process running as exim

Reported-by:
http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/

8 years agoRouting: avoid doing the one_time replacement operation when a redirect leaves the...
Jeremy Harris [Thu, 22 Sep 2016 18:59:48 +0000 (19:59 +0100)]
Routing: avoid doing the one_time replacement operation when a redirect leaves the address unchanged

When done, in combination with a defer the retry would see the address as delivered, hence losing mail.

8 years agoRouting: for efficiency, avoid complexifying the "condition" string until the second...
Jeremy Harris [Thu, 22 Sep 2016 18:29:49 +0000 (19:29 +0100)]
Routing: for efficiency, avoid complexifying the "condition" string until the second is read from config

8 years agoACL: merge the tables used for codition/modifier decode
Jeremy Harris [Sun, 18 Sep 2016 21:47:22 +0000 (22:47 +0100)]
ACL: merge the tables used for codition/modifier decode

8 years ago ACL: bsearch for controls
Jeremy Harris [Sun, 18 Sep 2016 17:14:29 +0000 (18:14 +0100)]
ACL: bsearch for controls

8 years agotidying
Jeremy Harris [Thu, 15 Sep 2016 22:58:57 +0000 (23:58 +0100)]
tidying

8 years agoDocs: mention Perl manpages for PCRE. Bug 1881
Jeremy Harris [Thu, 15 Sep 2016 20:43:22 +0000 (21:43 +0100)]
Docs: mention Perl manpages for PCRE.  Bug 1881

8 years agoLogging: fix errno decodes
Jeremy Harris [Tue, 13 Sep 2016 22:49:09 +0000 (23:49 +0100)]
Logging: fix errno decodes

8 years agoAuth: fix error check in CRAM-MD5
Jeremy Harris [Tue, 13 Sep 2016 22:41:55 +0000 (23:41 +0100)]
Auth: fix error check in CRAM-MD5

8 years agotidying
Jeremy Harris [Wed, 7 Sep 2016 20:58:04 +0000 (21:58 +0100)]
tidying

8 years agoLog EHLO response on getting conn-close response for HELO. Bug 1832
Jeremy Harris [Sat, 10 Sep 2016 20:37:56 +0000 (21:37 +0100)]
Log EHLO response on getting conn-close response for HELO.  Bug 1832

8 years agoReduce space used by flags in smtp transport
Jeremy Harris [Sat, 10 Sep 2016 20:36:33 +0000 (21:36 +0100)]
Reduce space used by flags in smtp transport

8 years agoMake BOOL unsigned; fix resulting latent bugs
Jeremy Harris [Sun, 11 Sep 2016 12:30:45 +0000 (13:30 +0100)]
Make BOOL unsigned; fix resulting latent bugs

8 years agoCutthrough: option to reflect 4xx errors from target to initiator
Jeremy Harris [Sun, 4 Sep 2016 13:54:18 +0000 (14:54 +0100)]
Cutthrough: option to reflect 4xx errors from target to initiator

8 years agoTestsuite: missing output file
Jeremy Harris [Sun, 4 Sep 2016 13:46:42 +0000 (14:46 +0100)]
Testsuite: missing output file

8 years agoDocs: prettify code examples. Bug 1284
Jeremy Harris [Sat, 3 Sep 2016 12:43:33 +0000 (13:43 +0100)]
Docs: prettify code examples.   Bug 1284

8 years agoDocs: add note on strict DKIM verification
Jeremy Harris [Sat, 3 Sep 2016 12:33:57 +0000 (13:33 +0100)]
Docs: add note on strict DKIM verification

8 years agoTestsuite: fix GnuTLS OCSP testing
Jeremy Harris [Thu, 1 Sep 2016 20:08:32 +0000 (21:08 +0100)]
Testsuite: fix GnuTLS OCSP testing

8 years agoSupport "G" multiplier on integer configuration values
Jeremy Harris [Thu, 1 Sep 2016 18:20:11 +0000 (19:20 +0100)]
Support "G" multiplier on integer configuration values

8 years agoTestsuite: fix spool-space testcase for larger disks
Jeremy Harris [Thu, 1 Sep 2016 18:02:06 +0000 (19:02 +0100)]
Testsuite: fix spool-space testcase for larger disks

8 years agoTidying: coverity issues
Jeremy Harris [Sat, 20 Aug 2016 16:52:15 +0000 (17:52 +0100)]
Tidying: coverity issues

8 years agoCHUNKING: after rejecting a pipelined SMTP command, flush any followon BDAT data
Jeremy Harris [Thu, 1 Sep 2016 17:25:58 +0000 (18:25 +0100)]
CHUNKING: after rejecting a pipelined SMTP command, flush any followon BDAT data

8 years agoAdd automatic macros for compile-time feature options
Jeremy Harris [Sun, 21 Aug 2016 22:44:06 +0000 (23:44 +0100)]
Add automatic macros for compile-time feature options

8 years agoTestsuite: fix macro conflict (X vs. HEADERS_MAXSIZE)
Jeremy Harris [Mon, 22 Aug 2016 11:34:21 +0000 (12:34 +0100)]
Testsuite: fix macro conflict (X vs. HEADERS_MAXSIZE)

8 years agotidying
Jeremy Harris [Sun, 21 Aug 2016 12:05:55 +0000 (13:05 +0100)]
tidying

8 years agoExpansions: more debug verbosity in expansion conditions
Jeremy Harris [Sun, 14 Aug 2016 20:00:46 +0000 (21:00 +0100)]
Expansions: more debug verbosity in expansion conditions

8 years agoTidying: coverity issues
Jeremy Harris [Fri, 12 Aug 2016 13:50:00 +0000 (14:50 +0100)]
Tidying: coverity issues

8 years agoTestsuite: rework timing of time-dependent testcase
Jeremy Harris [Fri, 19 Aug 2016 14:52:18 +0000 (15:52 +0100)]
Testsuite: rework timing of time-dependent testcase

8 years agoDelivery: fix transmission down an already-open connection, when
Jeremy Harris [Thu, 18 Aug 2016 20:27:55 +0000 (21:27 +0100)]
Delivery: fix transmission down an already-open connection, when
one of the group of addresses is unsuitable for it.  Bug 1874

Broken-by: 3070ceeeed05, fa41615da702.
8 years agoDelivery: same-host checking for transport runs should include port from address...
Jeremy Harris [Tue, 16 Aug 2016 15:26:31 +0000 (16:26 +0100)]
Delivery: same-host checking for transport runs should include port from address give by routing

8 years agotidying
Jeremy Harris [Wed, 17 Aug 2016 18:42:49 +0000 (19:42 +0100)]
tidying

8 years agoTestsuite: add progress detail to log of troublesome testcase
Jeremy Harris [Sun, 14 Aug 2016 21:19:59 +0000 (22:19 +0100)]
Testsuite: add progress detail to log of troublesome testcase

8 years agoDMARC: send forensic reports for reject & quarantine results, and "none" policy....
Tony Meyer [Sun, 14 Aug 2016 15:09:02 +0000 (16:09 +0100)]
DMARC: send forensic reports for reject & quarantine results, and "none" policy.  Bug 1846

8 years agoExpansions: new ${escape8bit:<string>} operator. Bug 1863
Jeremy Harris [Sun, 14 Aug 2016 14:11:04 +0000 (15:11 +0100)]
Expansions: new ${escape8bit:<string>} operator.  Bug 1863

8 years agoLMDB: introduce as Experimental. Bug 1856
Andrew Colin Kissa [Sun, 14 Aug 2016 12:45:08 +0000 (13:45 +0100)]
LMDB: introduce as Experimental.  Bug 1856

8 years agoACL: Ensure that acl_smtp_notquit is called for a conndrop between data-go-ahead...
Jasen Betts [Thu, 11 Aug 2016 22:31:57 +0000 (23:31 +0100)]
ACL: Ensure that acl_smtp_notquit is called for a conndrop between data-go-ahead and data-ack.
Bug 1872

8 years agoDefensive coding in ${run }
Jeremy Harris [Thu, 11 Aug 2016 19:22:37 +0000 (20:22 +0100)]
Defensive coding in ${run }

Bug 1870

8 years agotidying
Jeremy Harris [Thu, 11 Aug 2016 19:17:07 +0000 (20:17 +0100)]
tidying

Bug 1870

8 years agoTestsuite: missing output files
Jeremy Harris [Thu, 11 Aug 2016 11:48:50 +0000 (12:48 +0100)]
Testsuite: missing output files

8 years agoTestsuite: nail down hostname for CHUNKING test cases
Jeremy Harris [Tue, 9 Aug 2016 22:32:46 +0000 (23:32 +0100)]
Testsuite: nail down hostname for CHUNKING test cases

8 years agoDocs: more index entries for header lines
Jeremy Harris [Tue, 9 Aug 2016 16:46:41 +0000 (17:46 +0100)]
Docs: more index entries for header lines

8 years agoRadius: Fix authentication for Radius libraries that return REJECT_RC. Bug 1850
Leonhard Knauff [Mon, 8 Aug 2016 20:48:20 +0000 (21:48 +0100)]
Radius: Fix authentication for Radius libraries that return REJECT_RC.  Bug 1850

8 years agoDKIM: reduce memory usage (2nd go)
Jeremy Harris [Mon, 8 Aug 2016 20:07:55 +0000 (21:07 +0100)]
DKIM: reduce memory usage (2nd go)

8 years agoTestsuite: accept debug & testscript output sizes varying with testhost name
Jeremy Harris [Mon, 8 Aug 2016 15:26:14 +0000 (16:26 +0100)]
Testsuite: accept debug & testscript output sizes varying with testhost name

8 years agoTestsuite: account for change in debug
Jeremy Harris [Mon, 8 Aug 2016 13:30:44 +0000 (14:30 +0100)]
Testsuite: account for change in debug

Broken-by: fb6833e0a559
8 years agoCHUNKING/DKIM: fix handling of lines having a leading dot
Jeremy Harris [Sat, 6 Aug 2016 23:03:56 +0000 (00:03 +0100)]
CHUNKING/DKIM: fix handling of lines having a leading dot

8 years agoRevert "DKIM: reduce memory usage"
Jeremy Harris [Sun, 7 Aug 2016 22:19:02 +0000 (23:19 +0100)]
Revert "DKIM: reduce memory usage"

This reverts commit dea4897244b409bf91dc60a7e5e4b3d06f123dd6.
It appears to induce spurious behaviour, seen in the testsuite.  Possibly
the sha_hash update calls think the memory they are passed will still
be around later (eg. at sha_finish time)?   A pity, since currently
we are allocating for the entire message body - which could easily
be MB or (future) GB.

8 years agoCHUNKING: fix transmit with long headers
Jeremy Harris [Sun, 7 Aug 2016 14:14:59 +0000 (15:14 +0100)]
CHUNKING: fix transmit with long headers

When the buffer used for SMTP commands and message headers filled to flush
point, protocol sequencing was wrong.

8 years agoDKIM: reduce memory usage
Jeremy Harris [Sat, 6 Aug 2016 22:01:13 +0000 (23:01 +0100)]
DKIM: reduce memory usage

8 years agoRouting: in a dnslookup, fix fail_defer_domains to defer on missing MX record. Bug...
Jeremy Harris [Sat, 6 Aug 2016 17:28:18 +0000 (18:28 +0100)]
Routing: in a dnslookup, fix fail_defer_domains to defer on missing MX record.  Bug 1867

8 years agoFix DISABLE_DKIM build & test. Fix build on systems lacking MAX in standard includes.
Jeremy Harris [Sat, 6 Aug 2016 14:51:01 +0000 (15:51 +0100)]
Fix DISABLE_DKIM build & test.  Fix build on systems lacking MAX in standard includes.
Broken-by: 44bc8f0c2f35
8 years agoMerge branch 'CHUNKING'
Jeremy Harris [Sat, 6 Aug 2016 13:04:45 +0000 (14:04 +0100)]
Merge branch 'CHUNKING'

8 years agotidying
Jeremy Harris [Thu, 4 Aug 2016 23:26:23 +0000 (00:26 +0100)]
tidying

8 years agoDocs: add warning on non-ASCII results from SpamAssassin. Bug 1863
Jeremy Harris [Thu, 4 Aug 2016 19:31:20 +0000 (20:31 +0100)]
Docs: add warning on non-ASCII results from SpamAssassin.  Bug 1863

8 years agoMerge branch 'fakereject'
Jeremy Harris [Thu, 4 Aug 2016 14:26:05 +0000 (15:26 +0100)]
Merge branch 'fakereject'

8 years agoLogging: visibility of fakereject
Jeremy Harris [Tue, 19 Jul 2016 22:53:35 +0000 (23:53 +0100)]
Logging: visibility of fakereject

8 years agoDKIM: log error on overlong input line
Jeremy Harris [Thu, 4 Aug 2016 12:26:27 +0000 (13:26 +0100)]
DKIM: log error on overlong input line

8 years agoNamed queues: Add queue name to "queued by ACL" log line
Jeremy Harris [Wed, 20 Jul 2016 11:40:28 +0000 (12:40 +0100)]
Named queues: Add queue name to "queued by ACL" log line

8 years agoDANE: treat a TLSA response having only non-TLSA records the same as a no-match response
Jeremy Harris [Wed, 3 Aug 2016 10:32:32 +0000 (11:32 +0100)]
DANE: treat a TLSA response having only non-TLSA records the same as a no-match response

8 years agopass advertised facility to continued-transport process
Jeremy Harris [Tue, 2 Aug 2016 11:10:41 +0000 (12:10 +0100)]
pass advertised facility to continued-transport process

8 years agotransmit logging
Jeremy Harris [Tue, 2 Aug 2016 09:53:06 +0000 (10:53 +0100)]
transmit logging

8 years agotestcases for PRDR
Jeremy Harris [Mon, 1 Aug 2016 23:24:00 +0000 (00:24 +0100)]
testcases for PRDR

8 years agotestcases for TLS
Jeremy Harris [Mon, 1 Aug 2016 21:39:20 +0000 (22:39 +0100)]
testcases for TLS

8 years agoreceive docs
Jeremy Harris [Mon, 1 Aug 2016 20:56:00 +0000 (21:56 +0100)]
receive docs

8 years agoreceive with DKIM
Jeremy Harris [Mon, 1 Aug 2016 17:38:22 +0000 (18:38 +0100)]
receive with DKIM

8 years agotransmit with DKIM
Jeremy Harris [Mon, 1 Aug 2016 14:01:15 +0000 (15:01 +0100)]
transmit with DKIM

8 years agobasic & pipelined transmit testcases
Jeremy Harris [Sat, 30 Jul 2016 15:29:22 +0000 (16:29 +0100)]
basic & pipelined transmit testcases

8 years agoCallback into smtp transport for BDAT commands
Jeremy Harris [Thu, 28 Jul 2016 21:41:17 +0000 (22:41 +0100)]
Callback into smtp transport for BDAT commands

8 years agotidying
Jeremy Harris [Tue, 26 Jul 2016 18:44:08 +0000 (19:44 +0100)]
tidying

8 years agofeed need for BDAT down to write_chunk()
Jeremy Harris [Sun, 24 Jul 2016 13:18:57 +0000 (14:18 +0100)]
feed need for BDAT down to write_chunk()

8 years agotidying: dkim output buffer
Jeremy Harris [Thu, 21 Jul 2016 13:38:48 +0000 (14:38 +0100)]
tidying: dkim output buffer

8 years agotidying: dkim output function args
Jeremy Harris [Wed, 20 Jul 2016 16:56:40 +0000 (17:56 +0100)]
tidying: dkim output function args

8 years agotransmit peer capability recognition
Jeremy Harris [Wed, 20 Jul 2016 15:49:24 +0000 (16:49 +0100)]
transmit peer capability recognition

8 years agoreceive flow processing
Jeremy Harris [Wed, 13 Jul 2016 20:28:18 +0000 (21:28 +0100)]
receive flow processing

8 years agoFix $body_linecount for empty lines
Jeremy Harris [Sun, 31 Jul 2016 14:46:51 +0000 (15:46 +0100)]
Fix $body_linecount for empty lines

8 years agoLogging: Fix logging of errors under PIPELINING
Jeremy Harris [Sun, 31 Jul 2016 14:14:51 +0000 (15:14 +0100)]
Logging: Fix logging of errors under PIPELINING

8 years agoExpansions: shortcut hmac expansion during syntax-check phase
Jeremy Harris [Sat, 30 Jul 2016 14:46:26 +0000 (15:46 +0100)]
Expansions: shortcut hmac expansion during syntax-check phase

8 years agoExpansions: add operators base32, base32d
Jeremy Harris [Mon, 15 Feb 2016 15:42:21 +0000 (15:42 +0000)]
Expansions: add operators base32, base32d

8 years agoDocs: minor clarifications
Jeremy Harris [Wed, 27 Jul 2016 16:14:05 +0000 (17:14 +0100)]
Docs: minor clarifications

8 years agoUnbreak transport-filters & bounce-generation.
Jeremy Harris [Wed, 27 Jul 2016 16:12:23 +0000 (17:12 +0100)]
Unbreak transport-filters & bounce-generation.

Broken-by: 6b46ecc6a8f5
8 years agotidying
Jeremy Harris [Tue, 26 Jul 2016 18:44:08 +0000 (19:44 +0100)]
tidying

8 years agoDocs: add caution on spamd_address
Jeremy Harris [Mon, 25 Jul 2016 14:18:23 +0000 (15:18 +0100)]
Docs: add caution on spamd_address

8 years agodebug: prettify expansion condition trace output
Jeremy Harris [Mon, 25 Jul 2016 14:17:02 +0000 (15:17 +0100)]
debug: prettify expansion condition trace output

8 years agorecive smtp command
Jeremy Harris [Mon, 11 Jul 2016 22:36:45 +0000 (23:36 +0100)]
recive smtp command

8 years agofeature advertise
Jeremy Harris [Mon, 11 Jul 2016 10:55:34 +0000 (11:55 +0100)]
feature advertise

8 years agotidying
Jeremy Harris [Sun, 24 Jul 2016 15:29:11 +0000 (16:29 +0100)]
tidying

8 years agoDKIM: error verification on missing tags. Bug 1853
mrgus [Thu, 14 Jul 2016 23:37:54 +0000 (00:37 +0100)]
DKIM: error verification on missing tags.  Bug 1853

8 years agotestsuite: abstract out common conf settings
Jeremy Harris [Mon, 11 Jul 2016 11:02:12 +0000 (12:02 +0100)]
testsuite: abstract out common conf settings

8 years agoCutthrough: expand transport dkim_domain option when testing for dkim signing
Jeremy Harris [Sun, 10 Jul 2016 13:20:03 +0000 (14:20 +0100)]
Cutthrough: expand transport dkim_domain option when testing for dkim signing

8 years agoCutthrough: disable on >1 addr from routing, and on verify option success_on_redirect
Jeremy Harris [Fri, 8 Jul 2016 17:49:10 +0000 (18:49 +0100)]
Cutthrough: disable on >1 addr from routing, and on verify option success_on_redirect

8 years agoCutthrough: avoid use of callout result cache
Jeremy Harris [Thu, 7 Jul 2016 22:20:04 +0000 (23:20 +0100)]
Cutthrough: avoid use of callout result cache

The connection always needs to be made, and no result
need be cached after verify either.

8 years agoTestsuite: cutthrough vs. callout cache
Jeremy Harris [Thu, 7 Jul 2016 20:51:13 +0000 (21:51 +0100)]
Testsuite: cutthrough vs. callout cache

8 years agotidying
Jeremy Harris [Thu, 7 Jul 2016 19:48:53 +0000 (20:48 +0100)]
tidying

8 years agoDocs: Fix Typo
Heiko Schlittermann (HS12-RIPE) [Thu, 23 Jun 2016 07:07:33 +0000 (09:07 +0200)]
Docs: Fix Typo

8 years agotidying
Jeremy Harris [Fri, 17 Jun 2016 19:25:18 +0000 (20:25 +0100)]
tidying

8 years agoSafety check in deliver_split_address()
Jeremy Harris [Sun, 12 Jun 2016 22:12:55 +0000 (23:12 +0100)]
Safety check in deliver_split_address()

8 years agoRouting: fix $verify_mode to be usable in routers
Jeremy Harris [Sun, 12 Jun 2016 17:56:18 +0000 (18:56 +0100)]
Routing: fix $verify_mode to be usable in routers

8 years agoDocs: fix typoes for dnssec_require_domains. Bug 1842
Jeremy Harris [Sat, 4 Jun 2016 10:03:14 +0000 (11:03 +0100)]
Docs: fix typoes for dnssec_require_domains.  Bug 1842

8 years agoTidying: coverity issues
Jeremy Harris [Fri, 3 Jun 2016 16:43:38 +0000 (17:43 +0100)]
Tidying: coverity issues

8 years agodoc tweaks
Jeremy Harris [Thu, 26 May 2016 15:20:49 +0000 (16:20 +0100)]
doc tweaks