only used for smtp connections, not for service-daemon access. */
tls_support tls_in = {
- .active = {.sock = -1},
- .bits = 0,
- .certificate_verified = FALSE,
-#ifdef SUPPORT_DANE
- .dane_verified = FALSE,
- .tlsa_usage = 0,
-#endif
- .cipher = NULL,
- .on_connect = FALSE,
- .on_connect_ports = NULL,
- .ourcert = NULL,
- .peercert = NULL,
- .peerdn = NULL,
- .sni = NULL,
- .ocsp = OCSP_NOT_REQ
+ .active = {.sock = -1}
+ /* all other elements zero */
};
tls_support tls_out = {
.active = {.sock = -1},
- .bits = 0,
- .certificate_verified = FALSE,
-#ifdef SUPPORT_DANE
- .dane_verified = FALSE,
- .tlsa_usage = 0,
-#endif
- .cipher = NULL,
- .on_connect = FALSE,
- .on_connect_ports = NULL,
- .ourcert = NULL,
- .peercert = NULL,
- .peerdn = NULL,
- .sni = NULL,
- .ocsp = OCSP_NOT_REQ
+ /* all other elements zero */
};
uschar *dsn_envid = NULL;
const pcre *regex_DSN = NULL;
uschar *dsn_advertise_hosts = NULL;
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
BOOL gnutls_compat_mode = FALSE;
BOOL gnutls_allow_auto_pkcs11 = FALSE;
uschar *openssl_options = NULL;
uschar *tls_privatekey = NULL;
BOOL tls_remember_esmtp = FALSE;
uschar *tls_require_ciphers = NULL;
-# ifdef EXPERIMENTAL_REQUIRETLS
-uschar tls_requiretls = 0; /* REQUIRETLS_MSG etc. bit #defines */
-uschar *tls_advertise_requiretls = US"*";
-const pcre *regex_REQUIRETLS = NULL;
+# ifdef EXPERIMENTAL_TLS_RESUME
+uschar *tls_resumption_hosts = NULL;
# endif
uschar *tls_try_verify_hosts = NULL;
uschar *tls_verify_certificates= US"system";
uschar *tls_verify_hosts = NULL;
-#else /*!SUPPORT_TLS*/
+#else /*DISABLE_TLS*/
uschar *tls_advertise_hosts = NULL;
#endif
.disable_logging = FALSE,
#ifndef DISABLE_DKIM
.dkim_disable_verify = FALSE,
+ .dkim_init_done = FALSE,
#endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
.dmarc_has_been_checked = FALSE,
.dmarc_disable_verify = FALSE,
.dmarc_enable_forensic = FALSE,
.sender_name_forced = FALSE,
.sender_set_untrusted = FALSE,
.smtp_authenticated = FALSE,
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifndef DISABLE_PIPE_CONNECT
.smtp_in_early_pipe_advertised = FALSE,
.smtp_in_early_pipe_no_auth = FALSE,
.smtp_in_early_pipe_used = FALSE,
.synchronous_delivery = FALSE,
.system_filtering = FALSE,
+ .taint_check_slow = FALSE,
.tcp_fastopen_ok = FALSE,
.tcp_in_fastopen = FALSE,
.tcp_in_fastopen_data = FALSE,
.return_filename = NULL,
.self_hostname = NULL,
.shadow_message = NULL,
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
.cipher = NULL,
.ourcert = NULL,
.peercert = NULL,
.localpart_cache = { 0 }, /* localpart_cache - ditto */
.mode = -1,
.more_errno = 0,
- .delivery_usec = 0,
+ .delivery_time = {.tv_sec = 0, .tv_usec = 0},
.basic_errno = ERRNO_UNKNOWNERROR,
.child_count = 0,
.return_file = -1,
.errors_address = NULL,
.extra_headers = NULL,
.remove_headers = NULL,
+ .variables = NULL,
#ifdef EXPERIMENTAL_SRS
.srs_sender = NULL,
#endif
uschar *deliver_localpart_parent = NULL;
uschar *deliver_localpart_prefix = NULL;
uschar *deliver_localpart_suffix = NULL;
+uschar *deliver_localpart_verified = NULL;
uschar *deliver_out_buffer = NULL;
int deliver_queue_load_max = -1;
address_item *deliver_recipients = NULL;
uschar *dkim_signers = NULL;
uschar *dkim_signing_domain = NULL;
uschar *dkim_signing_selector = NULL;
+uschar *dkim_verify_hashes = US"sha256:sha512";
+uschar *dkim_verify_keytypes = US"ed25519:rsa";
+BOOL dkim_verify_minimal = FALSE;
uschar *dkim_verify_overall = NULL;
uschar *dkim_verify_signers = US"$dkim_signers";
uschar *dkim_verify_status = NULL;
uschar *dkim_verify_reason = NULL;
#endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
uschar *dmarc_domain_policy = NULL;
uschar *dmarc_forensic_sender = NULL;
uschar *dmarc_history_file = NULL;
int log_notall[] = {
-1
};
-bit_table log_options[] = { /* must be in alphabetical order */
+bit_table log_options[] = { /* must be in alphabetical order,
+ with definitions from enum logbit. */
BIT_TABLE(L, 8bitmime),
BIT_TABLE(L, acl_warn_skipped),
BIT_TABLE(L, address_rewrite),
BIT_TABLE(L, tls_certificate_verified),
BIT_TABLE(L, tls_cipher),
BIT_TABLE(L, tls_peerdn),
+ BIT_TABLE(L, tls_resumption),
BIT_TABLE(L, tls_sni),
BIT_TABLE(L, unknown_in_list),
};
uschar *percent_hack_domains = NULL;
uschar *pid_file_path = US PID_FILE_PATH
"\0<--------------Space to patch pid_file_path->";
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifndef DISABLE_PIPE_CONNECT
uschar *pipe_connect_advertise_hosts = US"*";
#endif
uschar *pipelining_advertise_hosts = US"*";
uschar *primary_hostname = NULL;
-uschar process_info[PROCESS_INFO_SIZE];
+uschar *process_info;
int process_info_len = 0;
uschar *process_log_path = NULL;
uschar *queue_domains = NULL;
int queue_interval = -1;
uschar *queue_name = US"";
+uschar *queue_name_dest = NULL;
uschar *queue_only_file = NULL;
int queue_only_load = -1;
uschar *queue_run_max = US"5";
"${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
"by $primary_hostname "
"${if def:received_protocol {with $received_protocol }}"
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
+ "${if def:tls_in_ver { ($tls_in_ver)}}"
"${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}"
#endif
"(Exim $version_number)\n\t"
const pcre *regex_IGNOREQUOTA = NULL;
const pcre *regex_PIPELINING = NULL;
const pcre *regex_SIZE = NULL;
-#ifdef EXPERIMENTAL_PIPE_CONNECT
+#ifndef DISABLE_PIPE_CONNECT
const pcre *regex_EARLY_PIPE = NULL;
#endif
const pcre *regex_ismsgid = NULL;
.retry_use_local_part = TRUE_UNSET,
.same_domain_copy_routing = FALSE,
.self_rewrite = FALSE,
+ .set = NULL,
.suffix_optional = FALSE,
.verify_only = FALSE,
.verify_recipient = TRUE,
.pass_router = NULL,
.redirect_router = NULL,
- .dnssec = { NULL, NULL }, /* dnssec_domains {require,request} */
+ .dnssec = { .request= US"*", .require=NULL },
};
uschar *router_name = NULL;
+tree_node *router_var = NULL;
ip_address_item *running_interfaces = NULL;
uschar *srs_secrets = NULL;
uschar *srs_status = NULL;
#endif
+#ifdef EXPERIMENTAL_SRS_NATIVE
+uschar *srs_recipient = NULL;
+#endif
int string_datestamp_offset= -1;
int string_datestamp_length= 0;
int string_datestamp_type = -1;
int test_harness_load_avg = 0;
int thismessage_size_limit = 0;
int timeout_frozen_after = 0;
+#ifdef MEASURE_TIMING
+struct timeval timestamp_startup;
+#endif
transport_instance *transports = NULL;