exim.git
3 years agoGnuTLS: fix to ignore timeout on unrelated callout connection. Bug 2174
Jeremy Harris [Sat, 27 Jan 2018 15:03:01 +0000 (15:03 +0000)]
GnuTLS: fix to ignore timeout on unrelated callout connection.  Bug 2174

3 years agoCutthrough: fix for port-number defined by router. Bug 2229
Jeremy Harris [Fri, 26 Jan 2018 18:40:41 +0000 (18:40 +0000)]
Cutthrough: fix for port-number defined by router.  Bug 2229

3 years agoCutthrough: fix multi-message initiating connections. Bug 2230
Jeremy Harris [Thu, 25 Jan 2018 21:27:00 +0000 (21:27 +0000)]
Cutthrough: fix multi-message initiating connections.  Bug 2230

3 years agoDKIM: use string-allocate facilities for DNS lookup
Jeremy Harris [Sun, 21 Jan 2018 14:51:45 +0000 (14:51 +0000)]
DKIM: use string-allocate facilities for DNS lookup

3 years agoUse bitfield macros for acl-where
Jeremy Harris [Sat, 20 Jan 2018 17:55:51 +0000 (17:55 +0000)]
Use bitfield macros for acl-where

3 years agoDocs: Update DKIM section with RFC 8301 requirements
Jeremy Harris [Sat, 20 Jan 2018 13:13:52 +0000 (13:13 +0000)]
Docs: Update DKIM section with RFC 8301 requirements

3 years agoTestsuite: munge output for platform variances in postgres server binary location
Jeremy Harris [Thu, 18 Jan 2018 11:58:10 +0000 (11:58 +0000)]
Testsuite: munge output for platform variances in postgres server binary location

3 years agoTestsuite: Try harder to locate the tools
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Jan 2018 21:55:15 +0000 (22:55 +0100)]
Testsuite: Try harder to locate the tools

3 years agoTestsuite: Use cp+chmod instead of install
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Jan 2018 16:34:15 +0000 (17:34 +0100)]
Testsuite: Use cp+chmod instead of install

On Solaris, install doesn't seem to behave as expected.
(Or, it has different installs and we call the wrong one)

3 years agoTestsuite: Use more force to find postgresql binaries
Heiko Schlittermann (HS12-RIPE) [Wed, 17 Jan 2018 23:43:40 +0000 (00:43 +0100)]
Testsuite: Use more force to find postgresql binaries

3 years agoTestsuite: interlock Postgres server startup
Jeremy Harris [Wed, 17 Jan 2018 20:23:31 +0000 (20:23 +0000)]
Testsuite: interlock Postgres server startup

3 years agoDB: show the Berkeley DB runtime library version, for "-d -bV"
Jeremy Harris [Wed, 17 Jan 2018 11:46:01 +0000 (11:46 +0000)]
DB: show the Berkeley DB runtime library version, for "-d -bV"

3 years agoTestsuite: MySQL portability
Jeremy Harris [Tue, 16 Jan 2018 23:14:49 +0000 (23:14 +0000)]
Testsuite: MySQL portability

Community-mysql has no mysqld-safe script, and mysqld has varying locations.

3 years agoLogging: Receive duration on <= lines. Bug 353
Jeremy Harris [Tue, 16 Jan 2018 21:31:28 +0000 (21:31 +0000)]
Logging: Receive duration on <= lines.  Bug 353

3 years agoTestsuite: MySQL portability
Jeremy Harris [Tue, 16 Jan 2018 17:04:14 +0000 (17:04 +0000)]
Testsuite: MySQL portability

Pre-version-10.1.3 MariaDB has no "IF NOT EXISTS" on "CREATE USER"

3 years agoFix %D string expansion to not use millisec
Heiko Schlittermann (HS12-RIPE) [Tue, 16 Jan 2018 15:06:24 +0000 (16:06 +0100)]
Fix %D string expansion to not use millisec

log_selector +millisec should not change the expansion of %D
(used in log_file_path and maybe other places)

(cherry picked from commit d2fe8622a815e36bf66b04eb772d5ec0ba8e13af)

3 years agoDKIM: DNS records having no v= tag are acceptable. Bug 2207
Jeremy Harris [Sun, 14 Jan 2018 18:40:50 +0000 (18:40 +0000)]
DKIM: DNS records having no v= tag are acceptable.  Bug 2207

Broken-by c73a4d073e

3 years agoTestsuite: MySQL portability
Jeremy Harris [Sun, 14 Jan 2018 15:02:28 +0000 (15:02 +0000)]
Testsuite: MySQL portability

3 years agoTestsuite: wait for MySQL DB startup before inserting data
Jeremy Harris [Sun, 14 Jan 2018 14:51:36 +0000 (14:51 +0000)]
Testsuite: wait for MySQL DB startup before inserting data

3 years agoLookups: fix mysql lookup returns for no-data "queries",
Jeremy Harris [Sat, 13 Jan 2018 18:11:21 +0000 (18:11 +0000)]
Lookups: fix mysql lookup returns for no-data "queries",
when the number of rows affected is returned.  Bug 2223

Broken-by: acec9514b1
Also enhance the testsuite mysql testcase to be standalone and move to standard-run set
and add a specific testcase for this bug.

Testcase working on Fedora at least - we'll see what happens on other platforms
where executable locaation may vary.

3 years agoDocs: SPF no longer Experimental
Jeremy Harris [Sat, 13 Jan 2018 18:07:10 +0000 (18:07 +0000)]
Docs: SPF no longer Experimental

3 years agoOpenSSL: fix OCSP stapling under DANE
Jeremy Harris [Sun, 7 Jan 2018 22:18:55 +0000 (22:18 +0000)]
OpenSSL: fix OCSP stapling under DANE

3 years agoOpenSSL: better debug info for OCSP
Jeremy Harris [Sun, 7 Jan 2018 20:24:46 +0000 (20:24 +0000)]
OpenSSL: better debug info for OCSP

3 years agoDKIM: permit dkim_private_key to override dkim_strict on signing. Bug 2220
Jeremy Harris [Sun, 7 Jan 2018 15:03:25 +0000 (15:03 +0000)]
DKIM: permit dkim_private_key to override dkim_strict on signing.  Bug 2220

3 years agoLogging: disable the verbose DKIM verification line by default; add a tag to <= lines.
Jeremy Harris [Sat, 6 Jan 2018 14:48:35 +0000 (14:48 +0000)]
Logging: disable the verbose DKIM verification line by default; add a tag to <= lines.
New log_selector controls "dkim" and "dkim_verbose".

3 years agoSPF: promote from Experimental to mainline status
Jeremy Harris [Fri, 5 Jan 2018 13:33:42 +0000 (13:33 +0000)]
SPF: promote from Experimental to mainline status

3 years agoDocs: remove extraneous options from variables index
Jeremy Harris [Fri, 5 Jan 2018 13:48:08 +0000 (13:48 +0000)]
Docs: remove extraneous options from variables index

3 years agotidying
Jeremy Harris [Tue, 2 Jan 2018 14:29:29 +0000 (14:29 +0000)]
tidying

3 years agoTestsuite: Better platform portability by searching for Postgres server binaries
Jeremy Harris [Wed, 3 Jan 2018 15:11:48 +0000 (15:11 +0000)]
Testsuite:  Better platform portability by searching for Postgres server binaries

3 years agoTestsuite: SPF testcases. Bug 1789
Jeremy Harris [Tue, 2 Jan 2018 19:57:15 +0000 (19:57 +0000)]
Testsuite: SPF testcases.  Bug 1789

3 years agocoding standards
Jeremy Harris [Tue, 2 Jan 2018 14:29:45 +0000 (14:29 +0000)]
coding standards

3 years agoDocs: remove mention of the ClamAV "STREAM" method
Jeremy Harris [Mon, 1 Jan 2018 18:08:15 +0000 (18:08 +0000)]
Docs: remove mention of the ClamAV "STREAM" method

3 years agoContent scan: Remove support for the 7-year deprecated ClamAV "STREAM" method
Jeremy Harris [Mon, 1 Jan 2018 17:41:56 +0000 (17:41 +0000)]
Content scan:  Remove support for the 7-year deprecated ClamAV "STREAM" method

3 years agoContent scan: Disable "aveserver", "kavdaemon" and "mksd" in the template makefile...
Jeremy Harris [Mon, 1 Jan 2018 17:28:46 +0000 (17:28 +0000)]
Content scan:  Disable "aveserver", "kavdaemon" and "mksd" in the template makefile.  Bugs 1143, 1594

3 years agoFeature macros, show-supported and build-time selection for malware interfaces
Jeremy Harris [Mon, 1 Jan 2018 13:14:41 +0000 (13:14 +0000)]
Feature macros, show-supported and build-time selection for malware interfaces

3 years agorefactor show-supported coding
Jeremy Harris [Mon, 1 Jan 2018 13:47:26 +0000 (13:47 +0000)]
refactor show-supported coding

3 years agotidying
Jeremy Harris [Sat, 30 Dec 2017 15:32:57 +0000 (15:32 +0000)]
tidying

3 years agoEnable header_syntax verify in the example config
Jeremy Harris [Sun, 31 Dec 2017 11:12:50 +0000 (11:12 +0000)]
Enable header_syntax verify in the example config

3 years agoMIME ACL: fix SMTP response for non-accept result of the ACL. Bug 2214.
Jeremy Harris [Sat, 30 Dec 2017 13:55:54 +0000 (13:55 +0000)]
MIME ACL: fix SMTP response for non-accept result of the ACL.  Bug 2214.

As far as I can see this was broken back in 2013, f4c1088 for 4.82

3 years agoFix issue with continued-connections when the DNS shifts unreliably
Jeremy Harris [Wed, 27 Dec 2017 23:32:02 +0000 (23:32 +0000)]
Fix issue with continued-connections when the DNS shifts unreliably

3 years agoFix crash associated with dnsdb lookup done from DKIM ACL. Bug 2215
Jeremy Harris [Thu, 28 Dec 2017 20:09:05 +0000 (20:09 +0000)]
Fix crash associated with dnsdb lookup done from DKIM ACL.  Bug 2215

Broken-by: cc55f4208e
3 years agoUse common routine for building tagstring for dns-fail cache
Jeremy Harris [Thu, 28 Dec 2017 21:28:01 +0000 (21:28 +0000)]
Use common routine for building tagstring for dns-fail cache

3 years agoDebug: enhance output from smtp transport entry
Jeremy Harris [Wed, 27 Dec 2017 17:22:26 +0000 (17:22 +0000)]
Debug: enhance output from smtp transport entry

3 years agoDKIM: tighter checking while parsing signature headers. Bug 2217
Jeremy Harris [Thu, 28 Dec 2017 20:51:28 +0000 (20:51 +0000)]
DKIM: tighter checking while parsing signature headers.  Bug 2217

3 years agoCheck ARGV before subscripting it
Geraint Edwards [Thu, 28 Dec 2017 15:53:51 +0000 (15:53 +0000)]
Check ARGV before subscripting it

3 years agoTesttsuite: output changes resulting
Jeremy Harris [Wed, 27 Dec 2017 14:10:44 +0000 (14:10 +0000)]
Testtsuite: output changes resulting

3 years agoTestsuite: better portability of postgresq test vs. postgresql versions
Jeremy Harris [Wed, 27 Dec 2017 11:11:17 +0000 (11:11 +0000)]
Testsuite: better portability of postgresq test vs. postgresql versions

3 years agoLookups: fix pgsql multiple-row, single-column return
Jeremy Harris [Sun, 24 Dec 2017 16:42:04 +0000 (16:42 +0000)]
Lookups: fix pgsql multiple-row, single-column return

Report & fix from James <list@xdrv.co.uk>; additional tidying and testcase by JGH

Broken-by: acec9514b1
3 years agoTestsuite: shift pgsql tests to the standard-run set
Jeremy Harris [Sun, 24 Dec 2017 20:46:56 +0000 (20:46 +0000)]
Testsuite: shift pgsql tests to the standard-run set

3 years agoTestsuite: convert posgreql testing to standalone
Jeremy Harris [Sun, 24 Dec 2017 20:35:24 +0000 (20:35 +0000)]
Testsuite: convert posgreql testing to standalone

3 years agoDelivery: remove restriction on dirname length on having to create directories. ...
Jeremy Harris [Sat, 23 Dec 2017 17:46:10 +0000 (17:46 +0000)]
Delivery: remove restriction on dirname length on having to create directories.  Bug 2213

3 years agoDANE/GnuTLS: split verification of mixed sets of TLSA records by usage
Jeremy Harris [Fri, 22 Dec 2017 17:19:37 +0000 (17:19 +0000)]
DANE/GnuTLS: split verification of mixed sets of TLSA records by usage

This is because we cannot do the required CA-anchor and names checks for TA-mode
and not for EE-mode, without knowing which usage TLSA was used.

3 years agoConstification
Jeremy Harris [Fri, 22 Dec 2017 11:34:20 +0000 (11:34 +0000)]
Constification

3 years agoFix const issue in nisplus lookup
Jeremy Harris [Fri, 22 Dec 2017 10:25:56 +0000 (10:25 +0000)]
Fix const issue in nisplus lookup

3 years agoFix build of nisplus lookup
Andreas Piesk [Fri, 22 Dec 2017 10:05:02 +0000 (10:05 +0000)]
Fix build of nisplus lookup

3 years agoexim: regularize exim -bI:help output
Josh Soref [Thu, 14 Dec 2017 04:25:04 +0000 (04:25 +0000)]
exim: regularize exim -bI:help output

3 years agoexiwhat: use RM_COMMAND
tv [Wed, 20 Dec 2017 22:59:50 +0000 (23:59 +0100)]
exiwhat: use RM_COMMAND

3 years agoDANE/GnuTLS: filter TLSA records for usability
Jeremy Harris [Wed, 20 Dec 2017 23:12:07 +0000 (23:12 +0000)]
DANE/GnuTLS: filter TLSA records for usability

3 years agoDANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode
Jeremy Harris [Wed, 20 Dec 2017 21:14:06 +0000 (21:14 +0000)]
DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode

Not quite right for a mixed TA+EE set of TLSA records, but better than always-enforcing

3 years agoACL: Disallow '/' characters in queue names specified for "queue="
Jeremy Harris [Wed, 20 Dec 2017 11:34:47 +0000 (11:34 +0000)]
ACL: Disallow '/' characters in queue names specified for "queue="

3 years agoMerge branch '4.next'
Jeremy Harris [Tue, 19 Dec 2017 22:14:18 +0000 (22:14 +0000)]
Merge branch '4.next'

3 years agoDocs: clean for next release
Jeremy Harris [Tue, 19 Dec 2017 21:54:37 +0000 (21:54 +0000)]
Docs: clean for next release

3 years agoFix nossl build
Jeremy Harris [Tue, 19 Dec 2017 16:27:44 +0000 (16:27 +0000)]
Fix nossl build

3 years agoDANE: support under GnuTLS. Bug 1523
Jeremy Harris [Tue, 19 Dec 2017 15:06:49 +0000 (15:06 +0000)]
DANE: support under GnuTLS.  Bug 1523

GnuTLS version 3.0.0 onwards; still Experimental

3 years agoTestsuite: move CRL testcases away from using SHA1-signed certs
Jeremy Harris [Mon, 18 Dec 2017 15:38:54 +0000 (15:38 +0000)]
Testsuite: move CRL testcases away from using SHA1-signed certs

3 years agoTestsuite: output changes arising
Jeremy Harris [Sat, 16 Dec 2017 20:52:54 +0000 (20:52 +0000)]
Testsuite: output changes arising

3 years agoTestsuite: regenerate certs tree
Jeremy Harris [Sat, 16 Dec 2017 20:49:28 +0000 (20:49 +0000)]
Testsuite: regenerate certs tree

3 years agoTestsuite: restore generation of OCSP status for EC certs
Jeremy Harris [Sat, 16 Dec 2017 20:45:18 +0000 (20:45 +0000)]
Testsuite: restore generation of OCSP status for EC certs

Broken-by: 854586e149
3 years agoTestsuite: do not bother with cert hostnames when testing OCSP
Jeremy Harris [Sat, 16 Dec 2017 20:41:27 +0000 (20:41 +0000)]
Testsuite: do not bother with cert hostnames when testing OCSP

3 years agoTestsuite: restore lost dns config for DKIM extra-txt-records testcase
Jeremy Harris [Sat, 16 Dec 2017 19:45:30 +0000 (19:45 +0000)]
Testsuite: restore lost dns config for DKIM extra-txt-records testcase

Broken-by: 854586e149
3 years agoTestsuite output changes arising
Jeremy Harris [Sat, 16 Dec 2017 14:17:13 +0000 (14:17 +0000)]
Testsuite output changes arising

Broken-by: 854586e149
3 years agoDANE: fix type-2xx TLSA under older OpenSSL versions Bug 2198
Viktor Dukhovni [Fri, 1 Dec 2017 22:13:19 +0000 (22:13 +0000)]
DANE: fix type-2xx TLSA under older OpenSSL versions  Bug 2198
OpenSSL 1.0.1t is known bad.  1.0.2 and 1.1.0 are apparently ok.

3 years agoTestsuite: testcase for Bug 2198
Jeremy Harris [Sat, 16 Dec 2017 02:05:13 +0000 (02:05 +0000)]
Testsuite: testcase for Bug 2198

3 years agoCHUNKING: flush input stream after message-fatal error detection. Bug 2201 exim-4_90 exim-4_90_RC4
Jeremy Harris [Tue, 12 Dec 2017 21:52:33 +0000 (21:52 +0000)]
CHUNKING: flush input stream after message-fatal error detection.  Bug 2201

3 years agoTestsuite: regen TLSA records, to match cert tree
Jeremy Harris [Sat, 9 Dec 2017 15:05:14 +0000 (15:05 +0000)]
Testsuite: regen TLSA records, to match cert tree

3 years agoTestsuite: regen TLSA records, to match cert tree
Jeremy Harris [Sat, 9 Dec 2017 14:57:38 +0000 (14:57 +0000)]
Testsuite: regen TLSA records, to match cert tree

3 years agoopenssl guidance: install shared libraries too
Phil Pennock [Fri, 8 Dec 2017 19:21:45 +0000 (14:21 -0500)]
openssl guidance: install shared libraries too

3 years agotidying
Jeremy Harris [Tue, 5 Dec 2017 20:55:19 +0000 (20:55 +0000)]
tidying

3 years agoAdd compile-time guard against BDB library version 6
Jeremy Harris [Fri, 8 Dec 2017 12:55:25 +0000 (12:55 +0000)]
Add compile-time guard against BDB library version 6

3 years agoFix non-OCSP OpenSSL build
Jeremy Harris [Mon, 4 Dec 2017 14:32:44 +0000 (14:32 +0000)]
Fix non-OCSP OpenSSL build

Issue found by: Frank Elsner

3 years agoDocs: amend warning on on lack of multiple-OCSP-proof support
Jeremy Harris [Sun, 3 Dec 2017 23:57:11 +0000 (23:57 +0000)]
Docs: amend warning on on lack of multiple-OCSP-proof support

3 years agoGnuTLS: multiple server certs, OCSP stapling. Bug 2092
Jeremy Harris [Sun, 3 Dec 2017 22:40:43 +0000 (22:40 +0000)]
GnuTLS: multiple server certs, OCSP stapling.  Bug 2092

3 years agoTestsuite: regen certs trees, now with OCSP response for one EC cert
Jeremy Harris [Sun, 3 Dec 2017 23:54:13 +0000 (23:54 +0000)]
Testsuite: regen certs trees, now with OCSP response for one EC cert

3 years agoDocs: clarify smtp transport tls_verify_certificates option
Jeremy Harris [Sun, 3 Dec 2017 20:36:12 +0000 (20:36 +0000)]
Docs: clarify smtp transport tls_verify_certificates option

3 years agoDKIM: Ignore non-DKIM TXT records in DNS response. Bug 2207
Heiko Schlittermann (HS12-RIPE) [Sun, 3 Dec 2017 17:17:43 +0000 (18:17 +0100)]
DKIM: Ignore non-DKIM TXT records in DNS response. Bug 2207

3 years agoFix initialiser in smtp transport
Jeremy Harris [Sat, 2 Dec 2017 21:11:46 +0000 (21:11 +0000)]
Fix initialiser in smtp transport

Broken-by: 838d897c8e
3 years agoDocs: add notes on lack of multiple-OCSP-proof support
Jeremy Harris [Sat, 2 Dec 2017 20:10:18 +0000 (20:10 +0000)]
Docs: add notes on lack of multiple-OCSP-proof support

This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation

3 years agoChange log update
Jeremy Harris [Tue, 28 Nov 2017 20:44:14 +0000 (20:44 +0000)]
Change log update

3 years agoChunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201
Heiko Schlittermann (HS12-RIPE) [Mon, 27 Nov 2017 21:42:33 +0000 (22:42 +0100)]
Chunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201

3 years agoLogging: fix log line for local_scan() rejection
Jeremy Harris [Sun, 26 Nov 2017 15:28:26 +0000 (15:28 +0000)]
Logging: fix log line for local_scan() rejection

3 years agoDKIM: fix tolerating spaces round tag values
Jeremy Harris [Sun, 26 Nov 2017 15:26:42 +0000 (15:26 +0000)]
DKIM: fix tolerating spaces round tag values

3 years agoFix filename length check in mime-handling
Jeremy Harris [Sun, 26 Nov 2017 15:22:38 +0000 (15:22 +0000)]
Fix filename length check in mime-handling

3 years agotidying
Jeremy Harris [Sun, 26 Nov 2017 15:20:04 +0000 (15:20 +0000)]
tidying

3 years agoFix initialiser in smtp transport
Jeremy Harris [Sat, 2 Dec 2017 21:11:46 +0000 (21:11 +0000)]
Fix initialiser in smtp transport

Broken-by: 838d897c8e
3 years agoDocs: add notes on lack of multiple-OCSP-proof support
Jeremy Harris [Sat, 2 Dec 2017 20:10:18 +0000 (20:10 +0000)]
Docs: add notes on lack of multiple-OCSP-proof support

This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation

3 years agoDebug: fix coding in dnssec reporting. Bug 2205
Jeremy Harris [Fri, 1 Dec 2017 22:43:19 +0000 (22:43 +0000)]
Debug: fix coding in dnssec reporting.  Bug 2205

3 years agoTLS: avoid calling smtp_auth_acl on client cert when no tls authenticator is configured
Jeremy Harris [Wed, 29 Nov 2017 23:22:34 +0000 (23:22 +0000)]
TLS: avoid calling smtp_auth_acl on client cert when no tls authenticator is configured

3 years agoTLS: Fix excessive calling of smtp_auth_acl under AUTH_TLS. Bug 2203
Jeremy Harris [Wed, 29 Nov 2017 22:18:18 +0000 (22:18 +0000)]
TLS: Fix excessive calling of smtp_auth_acl under AUTH_TLS.  Bug 2203

3 years agoChange log update exim-4_90_RC3
Jeremy Harris [Tue, 28 Nov 2017 20:44:14 +0000 (20:44 +0000)]
Change log update

3 years agoChunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201
Heiko Schlittermann (HS12-RIPE) [Mon, 27 Nov 2017 21:42:33 +0000 (22:42 +0100)]
Chunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201