exim.git
5 years agoUnbreak build: crypto hdrs not in system includes
Phil Pennock [Wed, 19 Oct 2016 03:22:03 +0000 (23:22 -0400)]
Unbreak build: crypto hdrs not in system includes

If using pkg-config to get the paths for various packages and the crypto
library headers are not in the system headers, then the hash work broke
the Exim build by requiring the CFLAGS manipulation for _all_ builds,
not just the TLS libraries.

Shows up on MacOS where there's a system OpenSSL but not system OpenSSL
headers (because only SecureTransport is supported) and using
brew-installed OpenSSL.

I've also coded the fix for GnuTLS on the same basis, but that's
untested.

Fixes bug 1906

5 years agoAvoid pure-ACK TCP segments during command phase
Jeremy Harris [Tue, 18 Oct 2016 22:35:35 +0000 (23:35 +0100)]
Avoid pure-ACK TCP segments during command phase

5 years agoTestsuite: Check version of binary against current git revision
Heiko Schlittermann (HS12-RIPE) [Sun, 16 Oct 2016 22:14:55 +0000 (00:14 +0200)]
Testsuite: Check version of binary against current git revision

5 years agoTidying: coverity issues
Jeremy Harris [Sun, 16 Oct 2016 18:28:01 +0000 (19:28 +0100)]
Tidying: coverity issues

5 years agoFix sender-verify callout to not use trigger-message SIZE
Jeremy Harris [Sun, 16 Oct 2016 17:08:33 +0000 (18:08 +0100)]
Fix sender-verify callout to not use trigger-message SIZE

Broken-by: 9094b84b4cce
5 years agoTidying: coverity issues
Jeremy Harris [Sun, 16 Oct 2016 15:34:18 +0000 (16:34 +0100)]
Tidying: coverity issues

5 years agoQueuefile: avoid using buffered I/O - no point for a block-copy
Jeremy Harris [Sun, 16 Oct 2016 14:29:20 +0000 (15:29 +0100)]
Queuefile: avoid using buffered I/O - no point for a block-copy
and it meant (an admittedly ingnorable) Coverity whine about a FILE leak

Take the oppurtunity to constify a utility function

5 years agoTestsuite: revert some of the modernish Perl constructs
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 22:26:31 +0000 (00:26 +0200)]
Testsuite: revert some of the modernish Perl constructs

Solaris10 needs to be supported, they use Perl 5.8

5 years agoTestsuite: re-insert munge expression about size/inode
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 21:51:43 +0000 (23:51 +0200)]
Testsuite: re-insert munge expression about size/inode

5 years agoTestsuite: detect "hidden" IPs
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 21:01:36 +0000 (23:01 +0200)]
Testsuite: detect "hidden" IPs

`ifconfig -a` doesn't show all addresses, it skippes addresses that
do not have a label. `ip a` show even these.

Bonus: some small cosmetical changes to get a more modern Perl
style.

5 years agoTestsuite: stabilize disk space/inode munging
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 20:48:26 +0000 (22:48 +0200)]
Testsuite: stabilize disk space/inode munging

5 years agoTestsuite: add tests/munges for configure owner
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 20:52:23 +0000 (22:52 +0200)]
Testsuite: add tests/munges for configure owner

5 years agoInclude 'Configure owner' in -bV output
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 19:53:47 +0000 (21:53 +0200)]
Include 'Configure owner' in -bV output

5 years agoTestsuite: add clarification about the permissions of the trusted-configs file
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 13:38:21 +0000 (15:38 +0200)]
Testsuite: add clarification about the permissions of the trusted-configs file

5 years agotidying
Jeremy Harris [Sat, 1 Oct 2016 18:50:24 +0000 (19:50 +0100)]
tidying

5 years agoQueuefile: refactor
Jeremy Harris [Sat, 15 Oct 2016 19:29:30 +0000 (20:29 +0100)]
Queuefile: refactor

5 years agoTestsuite: for queuefile transport, avoid using named-queues as part of test
Jeremy Harris [Sat, 15 Oct 2016 17:56:16 +0000 (18:56 +0100)]
Testsuite: for queuefile transport, avoid using named-queues as part of test
Also avoid using aux-var as a testing temporary area

5 years agoNew: queuefile transport, under EXPERIMENTAL_QUEUEFILE
Andrew Colin Kissa [Sat, 15 Oct 2016 17:33:31 +0000 (18:33 +0100)]
New: queuefile transport, under EXPERIMENTAL_QUEUEFILE

5 years agoTestsuite: (named queues) add testcase for 3rd-party queue transfer
Jeremy Harris [Fri, 14 Oct 2016 12:57:01 +0000 (13:57 +0100)]
Testsuite: (named queues) add testcase for 3rd-party queue transfer

5 years agoDocs: add warning on SNI-dependent certfile expansion needing a good default
Jeremy Harris [Wed, 12 Oct 2016 12:40:19 +0000 (13:40 +0100)]
Docs: add warning on SNI-dependent certfile expansion needing a good default

5 years agoLazy-create builtin macros
Jeremy Harris [Mon, 10 Oct 2016 19:24:34 +0000 (20:24 +0100)]
Lazy-create builtin macros

By only filling out the internal macro representation for the builtin macros
when a config line includes an underscore followed by a letter which might be one
we should save startup effort on configs which never use a builtin.

5 years agoFix check for commandline macro definition
Jeremy Harris [Mon, 10 Oct 2016 13:20:30 +0000 (14:20 +0100)]
Fix check for commandline macro definition
Without this, mailq (done by unpriv user) and daemon SIGHUP handling fail

Broken-by: c0b9d3e87264
5 years agoDocs: add section on builtin macros
Jeremy Harris [Sun, 9 Oct 2016 13:14:57 +0000 (14:14 +0100)]
Docs: add section on builtin macros

5 years agoDH parameters update, new values & default exim-4_88_RC2
Phil Pennock [Sun, 29 May 2016 06:31:18 +0000 (02:31 -0400)]
DH parameters update, new values & default

* Add three new Exim-specific DH parameter constants; state provenance,
  but no way for others to verify; this is a signed commit, which is
  about as much as we can do for the truly paranoid: provide an audit
  trail.
* Add the RFC 7919 DH primes
  + No TLS feature negotiation, per 7919, but the DH primes can be used
    if folks so choose
* Fixed broken format string in util/gen_pkcs3.c
* Tried to make gen_pkcs3.c support q values.
  + Turns out, q doesn't affect the PEM and that's not a mistake in my
    initialisation; I've checked with a cryptographer, we're losing some
    server-side optimizations but not any security properties for our
    scenario.

Fixes: 1895

5 years agoFix callouts connection fallback from TLS to cleartext. Bug 1897
Jeremy Harris [Sat, 8 Oct 2016 18:21:41 +0000 (19:21 +0100)]
Fix callouts connection fallback from TLS to cleartext.  Bug 1897

5 years agoDocs: add another index entry for delay_warning
Jeremy Harris [Wed, 5 Oct 2016 12:03:01 +0000 (13:03 +0100)]
Docs: add another index entry for delay_warning

5 years agoTestsuite: for CHUNKING set sender name explicitly
Jeremy Harris [Mon, 3 Oct 2016 23:11:32 +0000 (00:11 +0100)]
Testsuite: for CHUNKING set sender name explicitly
for consistent chunk size on different platforms

5 years agoTestsuite: for CHUNKING rewrite sender name in headers to consistent value
Jeremy Harris [Mon, 3 Oct 2016 16:00:05 +0000 (17:00 +0100)]
Testsuite: for CHUNKING rewrite sender name in headers to consistent value
for consistent chunk size on different test platforms

5 years agoClose logfile after a while waiting for non-smtp input. Bug 1891
Jeremy Harris [Sun, 2 Oct 2016 18:58:19 +0000 (19:58 +0100)]
Close logfile after a while waiting for non-smtp input.  Bug 1891

5 years agoAvoid parsing cost for auto-macro creates
Jeremy Harris [Sun, 2 Oct 2016 16:39:18 +0000 (17:39 +0100)]
Avoid parsing cost for auto-macro creates

5 years agoLogging: connection_reject log selector should apply also to the connect acl
Jeremy Harris [Sun, 2 Oct 2016 13:03:09 +0000 (14:03 +0100)]
Logging: connection_reject log selector should apply also to the connect acl

5 years agoFix mime ACL filename decode
Jeremy Harris [Fri, 30 Sep 2016 13:59:04 +0000 (14:59 +0100)]
Fix mime ACL filename decode

A latent bug (uninitialised memory referred to by $mime_decoded_filename)
uncovered by 40c90bca9f7e

5 years agoFix checking for -D option use
Jeremy Harris [Thu, 29 Sep 2016 22:18:54 +0000 (23:18 +0100)]
Fix checking for -D option use

Broken-by: c0b9d3e87264
5 years agoFeature macros should be uppercase
Jeremy Harris [Thu, 29 Sep 2016 21:56:02 +0000 (22:56 +0100)]
Feature macros should be uppercase

5 years agoDebug: fix openssl tls_close() debug output
Jeremy Harris [Thu, 29 Sep 2016 21:44:14 +0000 (22:44 +0100)]
Debug: fix openssl tls_close() debug output

5 years agoTestsuite: tidying
Jeremy Harris [Thu, 29 Sep 2016 20:25:47 +0000 (21:25 +0100)]
Testsuite: tidying

5 years agoRefactor driver feature-macro generation to be driven by existing tables
Jeremy Harris [Wed, 28 Sep 2016 21:24:00 +0000 (22:24 +0100)]
Refactor driver feature-macro generation to be driven by existing tables

Would like to do lookup drivers too but unsure about dyn-linked variants

5 years agoDefault to filesystem space/inode checking enabled
Jeremy Harris [Wed, 28 Sep 2016 18:41:08 +0000 (19:41 +0100)]
Default to filesystem space/inode checking enabled

5 years agoDrain socket to get clean TCP FINs
Jeremy Harris [Tue, 27 Sep 2016 22:23:52 +0000 (23:23 +0100)]
Drain socket to get clean TCP FINs

5 years agoAdd automatic macros for config-file options. Bug 1819
Jeremy Harris [Sun, 25 Sep 2016 21:59:36 +0000 (22:59 +0100)]
Add automatic macros for config-file options.  Bug 1819

5 years agoDocs: fix quotes
Jeremy Harris [Sat, 24 Sep 2016 16:59:51 +0000 (17:59 +0100)]
Docs: fix quotes

5 years agoDelivery: fix memory leak
Jeremy Harris [Sat, 24 Sep 2016 16:11:19 +0000 (17:11 +0100)]
Delivery: fix memory leak

5 years agoDoc: add clarification for DKIM example exim-4_88_RC1
Jeremy Harris [Fri, 23 Sep 2016 08:24:16 +0000 (09:24 +0100)]
Doc: add clarification for DKIM example

5 years agoDefend against symlink attack by another process running as exim
Jeremy Harris [Thu, 22 Sep 2016 21:55:49 +0000 (22:55 +0100)]
Defend against symlink attack by another process running as exim

Reported-by:
http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/

5 years agoRouting: avoid doing the one_time replacement operation when a redirect leaves the...
Jeremy Harris [Thu, 22 Sep 2016 18:59:48 +0000 (19:59 +0100)]
Routing: avoid doing the one_time replacement operation when a redirect leaves the address unchanged

When done, in combination with a defer the retry would see the address as delivered, hence losing mail.

5 years agoRouting: for efficiency, avoid complexifying the "condition" string until the second...
Jeremy Harris [Thu, 22 Sep 2016 18:29:49 +0000 (19:29 +0100)]
Routing: for efficiency, avoid complexifying the "condition" string until the second is read from config

5 years agoACL: merge the tables used for codition/modifier decode
Jeremy Harris [Sun, 18 Sep 2016 21:47:22 +0000 (22:47 +0100)]
ACL: merge the tables used for codition/modifier decode

5 years ago ACL: bsearch for controls
Jeremy Harris [Sun, 18 Sep 2016 17:14:29 +0000 (18:14 +0100)]
ACL: bsearch for controls

5 years agotidying
Jeremy Harris [Thu, 15 Sep 2016 22:58:57 +0000 (23:58 +0100)]
tidying

5 years agoDocs: mention Perl manpages for PCRE. Bug 1881
Jeremy Harris [Thu, 15 Sep 2016 20:43:22 +0000 (21:43 +0100)]
Docs: mention Perl manpages for PCRE.  Bug 1881

5 years agoLogging: fix errno decodes
Jeremy Harris [Tue, 13 Sep 2016 22:49:09 +0000 (23:49 +0100)]
Logging: fix errno decodes

5 years agoAuth: fix error check in CRAM-MD5
Jeremy Harris [Tue, 13 Sep 2016 22:41:55 +0000 (23:41 +0100)]
Auth: fix error check in CRAM-MD5

5 years agotidying
Jeremy Harris [Wed, 7 Sep 2016 20:58:04 +0000 (21:58 +0100)]
tidying

5 years agoLog EHLO response on getting conn-close response for HELO. Bug 1832
Jeremy Harris [Sat, 10 Sep 2016 20:37:56 +0000 (21:37 +0100)]
Log EHLO response on getting conn-close response for HELO.  Bug 1832

5 years agoReduce space used by flags in smtp transport
Jeremy Harris [Sat, 10 Sep 2016 20:36:33 +0000 (21:36 +0100)]
Reduce space used by flags in smtp transport

5 years agoMake BOOL unsigned; fix resulting latent bugs
Jeremy Harris [Sun, 11 Sep 2016 12:30:45 +0000 (13:30 +0100)]
Make BOOL unsigned; fix resulting latent bugs

5 years agoCutthrough: option to reflect 4xx errors from target to initiator
Jeremy Harris [Sun, 4 Sep 2016 13:54:18 +0000 (14:54 +0100)]
Cutthrough: option to reflect 4xx errors from target to initiator

5 years agoTestsuite: missing output file
Jeremy Harris [Sun, 4 Sep 2016 13:46:42 +0000 (14:46 +0100)]
Testsuite: missing output file

5 years agoDocs: prettify code examples. Bug 1284
Jeremy Harris [Sat, 3 Sep 2016 12:43:33 +0000 (13:43 +0100)]
Docs: prettify code examples.   Bug 1284

5 years agoDocs: add note on strict DKIM verification
Jeremy Harris [Sat, 3 Sep 2016 12:33:57 +0000 (13:33 +0100)]
Docs: add note on strict DKIM verification

5 years agoTestsuite: fix GnuTLS OCSP testing
Jeremy Harris [Thu, 1 Sep 2016 20:08:32 +0000 (21:08 +0100)]
Testsuite: fix GnuTLS OCSP testing

5 years agoSupport "G" multiplier on integer configuration values
Jeremy Harris [Thu, 1 Sep 2016 18:20:11 +0000 (19:20 +0100)]
Support "G" multiplier on integer configuration values

5 years agoTestsuite: fix spool-space testcase for larger disks
Jeremy Harris [Thu, 1 Sep 2016 18:02:06 +0000 (19:02 +0100)]
Testsuite: fix spool-space testcase for larger disks

5 years agoTidying: coverity issues
Jeremy Harris [Sat, 20 Aug 2016 16:52:15 +0000 (17:52 +0100)]
Tidying: coverity issues

5 years agoCHUNKING: after rejecting a pipelined SMTP command, flush any followon BDAT data
Jeremy Harris [Thu, 1 Sep 2016 17:25:58 +0000 (18:25 +0100)]
CHUNKING: after rejecting a pipelined SMTP command, flush any followon BDAT data

5 years agoAdd automatic macros for compile-time feature options
Jeremy Harris [Sun, 21 Aug 2016 22:44:06 +0000 (23:44 +0100)]
Add automatic macros for compile-time feature options

5 years agoTestsuite: fix macro conflict (X vs. HEADERS_MAXSIZE)
Jeremy Harris [Mon, 22 Aug 2016 11:34:21 +0000 (12:34 +0100)]
Testsuite: fix macro conflict (X vs. HEADERS_MAXSIZE)

5 years agotidying
Jeremy Harris [Sun, 21 Aug 2016 12:05:55 +0000 (13:05 +0100)]
tidying

5 years agoExpansions: more debug verbosity in expansion conditions
Jeremy Harris [Sun, 14 Aug 2016 20:00:46 +0000 (21:00 +0100)]
Expansions: more debug verbosity in expansion conditions

5 years agoTidying: coverity issues
Jeremy Harris [Fri, 12 Aug 2016 13:50:00 +0000 (14:50 +0100)]
Tidying: coverity issues

5 years agoTestsuite: rework timing of time-dependent testcase
Jeremy Harris [Fri, 19 Aug 2016 14:52:18 +0000 (15:52 +0100)]
Testsuite: rework timing of time-dependent testcase

5 years agoDelivery: fix transmission down an already-open connection, when
Jeremy Harris [Thu, 18 Aug 2016 20:27:55 +0000 (21:27 +0100)]
Delivery: fix transmission down an already-open connection, when
one of the group of addresses is unsuitable for it.  Bug 1874

Broken-by: 3070ceeeed05, fa41615da702.
5 years agoDelivery: same-host checking for transport runs should include port from address...
Jeremy Harris [Tue, 16 Aug 2016 15:26:31 +0000 (16:26 +0100)]
Delivery: same-host checking for transport runs should include port from address give by routing

5 years agotidying
Jeremy Harris [Wed, 17 Aug 2016 18:42:49 +0000 (19:42 +0100)]
tidying

5 years agoTestsuite: add progress detail to log of troublesome testcase
Jeremy Harris [Sun, 14 Aug 2016 21:19:59 +0000 (22:19 +0100)]
Testsuite: add progress detail to log of troublesome testcase

5 years agoDMARC: send forensic reports for reject & quarantine results, and "none" policy....
Tony Meyer [Sun, 14 Aug 2016 15:09:02 +0000 (16:09 +0100)]
DMARC: send forensic reports for reject & quarantine results, and "none" policy.  Bug 1846

5 years agoExpansions: new ${escape8bit:<string>} operator. Bug 1863
Jeremy Harris [Sun, 14 Aug 2016 14:11:04 +0000 (15:11 +0100)]
Expansions: new ${escape8bit:<string>} operator.  Bug 1863

5 years agoLMDB: introduce as Experimental. Bug 1856
Andrew Colin Kissa [Sun, 14 Aug 2016 12:45:08 +0000 (13:45 +0100)]
LMDB: introduce as Experimental.  Bug 1856

5 years agoACL: Ensure that acl_smtp_notquit is called for a conndrop between data-go-ahead...
Jasen Betts [Thu, 11 Aug 2016 22:31:57 +0000 (23:31 +0100)]
ACL: Ensure that acl_smtp_notquit is called for a conndrop between data-go-ahead and data-ack.
Bug 1872

5 years agoDefensive coding in ${run }
Jeremy Harris [Thu, 11 Aug 2016 19:22:37 +0000 (20:22 +0100)]
Defensive coding in ${run }

Bug 1870

5 years agotidying
Jeremy Harris [Thu, 11 Aug 2016 19:17:07 +0000 (20:17 +0100)]
tidying

Bug 1870

5 years agoTestsuite: missing output files
Jeremy Harris [Thu, 11 Aug 2016 11:48:50 +0000 (12:48 +0100)]
Testsuite: missing output files

5 years agoTestsuite: nail down hostname for CHUNKING test cases
Jeremy Harris [Tue, 9 Aug 2016 22:32:46 +0000 (23:32 +0100)]
Testsuite: nail down hostname for CHUNKING test cases

5 years agoDocs: more index entries for header lines
Jeremy Harris [Tue, 9 Aug 2016 16:46:41 +0000 (17:46 +0100)]
Docs: more index entries for header lines

5 years agoRadius: Fix authentication for Radius libraries that return REJECT_RC. Bug 1850
Leonhard Knauff [Mon, 8 Aug 2016 20:48:20 +0000 (21:48 +0100)]
Radius: Fix authentication for Radius libraries that return REJECT_RC.  Bug 1850

5 years agoDKIM: reduce memory usage (2nd go)
Jeremy Harris [Mon, 8 Aug 2016 20:07:55 +0000 (21:07 +0100)]
DKIM: reduce memory usage (2nd go)

5 years agoTestsuite: accept debug & testscript output sizes varying with testhost name
Jeremy Harris [Mon, 8 Aug 2016 15:26:14 +0000 (16:26 +0100)]
Testsuite: accept debug & testscript output sizes varying with testhost name

5 years agoTestsuite: account for change in debug
Jeremy Harris [Mon, 8 Aug 2016 13:30:44 +0000 (14:30 +0100)]
Testsuite: account for change in debug

Broken-by: fb6833e0a559
5 years agoCHUNKING/DKIM: fix handling of lines having a leading dot
Jeremy Harris [Sat, 6 Aug 2016 23:03:56 +0000 (00:03 +0100)]
CHUNKING/DKIM: fix handling of lines having a leading dot

5 years agoRevert "DKIM: reduce memory usage"
Jeremy Harris [Sun, 7 Aug 2016 22:19:02 +0000 (23:19 +0100)]
Revert "DKIM: reduce memory usage"

This reverts commit dea4897244b409bf91dc60a7e5e4b3d06f123dd6.
It appears to induce spurious behaviour, seen in the testsuite.  Possibly
the sha_hash update calls think the memory they are passed will still
be around later (eg. at sha_finish time)?   A pity, since currently
we are allocating for the entire message body - which could easily
be MB or (future) GB.

5 years agoCHUNKING: fix transmit with long headers
Jeremy Harris [Sun, 7 Aug 2016 14:14:59 +0000 (15:14 +0100)]
CHUNKING: fix transmit with long headers

When the buffer used for SMTP commands and message headers filled to flush
point, protocol sequencing was wrong.

5 years agoDKIM: reduce memory usage
Jeremy Harris [Sat, 6 Aug 2016 22:01:13 +0000 (23:01 +0100)]
DKIM: reduce memory usage

5 years agoRouting: in a dnslookup, fix fail_defer_domains to defer on missing MX record. Bug...
Jeremy Harris [Sat, 6 Aug 2016 17:28:18 +0000 (18:28 +0100)]
Routing: in a dnslookup, fix fail_defer_domains to defer on missing MX record.  Bug 1867

5 years agoFix DISABLE_DKIM build & test. Fix build on systems lacking MAX in standard includes.
Jeremy Harris [Sat, 6 Aug 2016 14:51:01 +0000 (15:51 +0100)]
Fix DISABLE_DKIM build & test.  Fix build on systems lacking MAX in standard includes.
Broken-by: 44bc8f0c2f35
5 years agoMerge branch 'CHUNKING'
Jeremy Harris [Sat, 6 Aug 2016 13:04:45 +0000 (14:04 +0100)]
Merge branch 'CHUNKING'

5 years agotidying
Jeremy Harris [Thu, 4 Aug 2016 23:26:23 +0000 (00:26 +0100)]
tidying

5 years agoDocs: add warning on non-ASCII results from SpamAssassin. Bug 1863
Jeremy Harris [Thu, 4 Aug 2016 19:31:20 +0000 (20:31 +0100)]
Docs: add warning on non-ASCII results from SpamAssassin.  Bug 1863

5 years agoMerge branch 'fakereject'
Jeremy Harris [Thu, 4 Aug 2016 14:26:05 +0000 (15:26 +0100)]
Merge branch 'fakereject'

5 years agoLogging: visibility of fakereject
Jeremy Harris [Tue, 19 Jul 2016 22:53:35 +0000 (23:53 +0100)]
Logging: visibility of fakereject

5 years agoDKIM: log error on overlong input line
Jeremy Harris [Thu, 4 Aug 2016 12:26:27 +0000 (13:26 +0100)]
DKIM: log error on overlong input line