*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
/* All the global variables are defined together in this one module, so
#endif
#ifdef LOOKUP_SQLITE
+uschar *sqlite_dbfile = NULL;
int sqlite_lock_timeout = 5;
#endif
BOOL move_frozen_messages = FALSE;
#endif
+#ifdef ALLOW_INSECURE_TAINTED_DATA
+BOOL allow_insecure_tainted_data = FALSE;
+#endif
+
/* These variables are outside the #ifdef because it keeps the code less
cluttered in several places (e.g. during logging) if we can always refer to
them. Also, the tls_ variables are now always visible. Note that these are
.lc_local_part = NULL,
.local_part = NULL,
.prefix = NULL,
+ .prefix_v = NULL,
.suffix = NULL,
+ .suffix_v = NULL,
.domain = NULL,
.address_retry_key = NULL,
.domain_retry_key = NULL,
int connection_max_messages= -1;
uschar *continue_proxy_cipher = NULL;
+BOOL continue_proxy_dane = FALSE;
+uschar *continue_proxy_sni = NULL;
uschar *continue_hostname = NULL;
uschar *continue_host_address = NULL;
int continue_sequence = 1;
uschar *deliver_localpart_orig = NULL;
uschar *deliver_localpart_parent = NULL;
uschar *deliver_localpart_prefix = NULL;
+uschar *deliver_localpart_prefix_v = NULL;
uschar *deliver_localpart_suffix = NULL;
-uschar *deliver_localpart_verified = NULL;
+uschar *deliver_localpart_suffix_v = NULL;
uschar *deliver_out_buffer = NULL;
int deliver_queue_load_max = -1;
address_item *deliver_recipients = NULL;
uschar *dkim_signing_selector = NULL;
uschar *dkim_verify_hashes = US"sha256:sha512";
uschar *dkim_verify_keytypes = US"ed25519:rsa";
+uschar *dkim_verify_min_keysizes = US"rsa=1024 ed25519=250";
BOOL dkim_verify_minimal = FALSE;
uschar *dkim_verify_overall = NULL;
uschar *dkim_verify_signers = US"$dkim_signers";
Li_size_reject,
Li_skip_delivery,
Li_smtp_confirmation,
+#ifdef ALLOW_INSECURE_TAINTED_DATA
+ Li_tainted,
+#endif
Li_tls_certificate_verified,
Li_tls_cipher,
-1
BIT_TABLE(L, smtp_protocol_error),
BIT_TABLE(L, smtp_syntax_error),
BIT_TABLE(L, subject),
+#ifdef ALLOW_INSECURE_TAINTED_DATA
+ BIT_TABLE(L, tainted),
+#endif
BIT_TABLE(L, tls_certificate_verified),
BIT_TABLE(L, tls_cipher),
BIT_TABLE(L, tls_peerdn),
#endif
uid_t *never_users = NULL;
+uschar *notifier_socket = US"$spool_directory/" NOTIFIER_SOCKET_NAME ;
const int on = 1; /* for setsockopt */
const int off = 0;
uschar *process_info;
int process_info_len = 0;
uschar *process_log_path = NULL;
+const uschar *process_purpose = US"fresh-exec";
#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
uschar *hosts_proxy = NULL;
uschar *spf_received = NULL;
uschar *spf_result = NULL;
uschar *spf_smtp_comment = NULL;
+uschar *spf_smtp_comment_template
+ /* Used to be: "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}" */
+ = US"Please%_see%_http://www.open-spf.org/Why";
+
#endif
FILE *spool_data_file = NULL;