ingress control
[exim.git] / src / src / globals.c
index 2f6b5fdda27e0a63bbb0973b8d22a027db58229e..cb93a019288801760ead6154477b358023c7938b 100644 (file)
@@ -1,10 +1,8 @@
-/* $Cambridge: exim/src/src/globals.c,v 1.27 2005/05/24 08:15:02 tom Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2005 */
+/* Copyright (c) University of Cambridge 1995 - 2014 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* All the global variables are defined together in this one module, so
@@ -13,31 +11,22 @@ that they are easy to find. */
 #include "exim.h"
 
 
-/* The OSF1 linker puts out a worrying warning if any sections contain no
-executable code. It says
-
-Warning: Linking some objects which contain exception information sections
-        and some which do not. This may cause fatal runtime exception handling
-        problems.
-
-As this may cause people to worry needlessly, include a dummy function here
-to stop the message from appearing. Make it reference itself to stop picky
-compilers complaining that it is unused, and put in a dummy argument to stop
-even pickier compilers complaining about infinite loops. */
-
-static void dummy(int x) { dummy(x-1); }
-
-
 /* Generic options for auths, all of which live inside auth_instance
 data blocks and hence have the opt_public flag set. */
 
 optionlist optionlist_auths[] = {
+  { "client_condition", opt_stringptr | opt_public,
+                 (void *)(offsetof(auth_instance, client_condition)) },
+  { "client_set_id", opt_stringptr | opt_public,
+                 (void *)(offsetof(auth_instance, set_client_id)) },
   { "driver",        opt_stringptr | opt_public,
                  (void *)(offsetof(auth_instance, driver_name)) },
   { "public_name",   opt_stringptr | opt_public,
                  (void *)(offsetof(auth_instance, public_name)) },
   { "server_advertise_condition", opt_stringptr | opt_public,
                  (void *)(offsetof(auth_instance, advertise_condition))},
+  { "server_condition", opt_stringptr | opt_public,
+                 (void *)(offsetof(auth_instance, server_condition)) },
   { "server_debug_print", opt_stringptr | opt_public,
                  (void *)(offsetof(auth_instance, server_debug_string)) },
   { "server_mail_auth_condition", opt_stringptr | opt_public,
@@ -71,8 +60,15 @@ uschar *ibase_servers          = NULL;
 #endif
 
 #ifdef LOOKUP_LDAP
+uschar *eldap_ca_cert_dir      = NULL;
+uschar *eldap_ca_cert_file     = NULL;
+uschar *eldap_cert_file        = NULL;
+uschar *eldap_cert_key         = NULL;
+uschar *eldap_cipher_suite     = NULL;
 uschar *eldap_default_servers  = NULL;
+uschar *eldap_require_cert     = NULL;
 int     eldap_version          = -1;
+BOOL    eldap_start_tls        = FALSE;
 #endif
 
 #ifdef LOOKUP_MYSQL
@@ -87,6 +83,14 @@ uschar *oracle_servers         = NULL;
 uschar *pgsql_servers          = NULL;
 #endif
 
+#ifdef EXPERIMENTAL_REDIS
+uschar *redis_servers          = NULL;
+#endif
+
+#ifdef LOOKUP_SQLITE
+int     sqlite_lock_timeout    = 5;
+#endif
+
 #ifdef SUPPORT_MOVE_FROZEN_MESSAGES
 BOOL    move_frozen_messages   = FALSE;
 #endif
@@ -95,28 +99,81 @@ BOOL    move_frozen_messages   = FALSE;
 cluttered in several places (e.g. during logging) if we can always refer to
 them. Also, the tls_ variables are now always visible. */
 
-BOOL    tls_active             = -1;
-BOOL    tls_certificate_verified = FALSE;
-uschar *tls_cipher             = NULL;
-BOOL    tls_on_connect         = FALSE;
-uschar *tls_on_connect_ports   = NULL;
-uschar *tls_peerdn             = NULL;
+tls_support tls_in = {
+ -1,   /* tls_active */
+ 0,    /* tls_bits */
+ FALSE,/* tls_certificate_verified */
+#ifdef EXPERIMENTAL_DANE
+ FALSE,/* dane_verified */
+ 0,    /* tlsa_usage */
+#endif
+ NULL, /* tls_cipher */
+ FALSE,/* tls_on_connect */
+ NULL, /* tls_on_connect_ports */
+ NULL, /* tls_ourcert */
+ NULL, /* tls_peercert */
+ NULL, /* tls_peerdn */
+ NULL, /* tls_sni */
+ 0     /* tls_ocsp */
+};
+tls_support tls_out = {
+ -1,   /* tls_active */
+ 0,    /* tls_bits */
+ FALSE,/* tls_certificate_verified */
+#ifdef EXPERIMENTAL_DANE
+ FALSE,/* dane_verified */
+ 0,    /* tlsa_usage */
+#endif
+ NULL, /* tls_cipher */
+ FALSE,/* tls_on_connect */
+ NULL, /* tls_on_connect_ports */
+ NULL, /* tls_ourcert */
+ NULL, /* tls_peercert */
+ NULL, /* tls_peerdn */
+ NULL, /* tls_sni */
+ 0     /* tls_ocsp */
+};
+
+uschar *dsn_envid              = NULL;
+int     dsn_ret                = 0;
+const pcre  *regex_DSN         = NULL;
+BOOL    smtp_use_dsn           = FALSE;
+uschar *dsn_advertise_hosts    = NULL;
 
 #ifdef SUPPORT_TLS
+BOOL    gnutls_compat_mode     = FALSE;
+BOOL    gnutls_allow_auto_pkcs11 = FALSE;
+uschar *gnutls_require_mac     = NULL;
+uschar *gnutls_require_kx      = NULL;
+uschar *gnutls_require_proto   = NULL;
+uschar *openssl_options        = NULL;
 const pcre *regex_STARTTLS     = NULL;
 uschar *tls_advertise_hosts    = NULL;    /* This is deliberate */
 uschar *tls_certificate        = NULL;
 uschar *tls_crl                = NULL;
+/* This default matches NSS DH_MAX_P_BITS value at current time (2012), because
+that's the interop problem which has been observed: GnuTLS suggesting a higher
+bit-count as "NORMAL" (2432) and Thunderbird dropping connection. */
+int     tls_dh_max_bits        = 2236;
 uschar *tls_dhparam            = NULL;
+#ifndef DISABLE_OCSP
+uschar *tls_ocsp_file          = NULL;
+#endif
 BOOL    tls_offered            = FALSE;
 uschar *tls_privatekey         = NULL;
 BOOL    tls_remember_esmtp     = FALSE;
 uschar *tls_require_ciphers    = NULL;
 uschar *tls_try_verify_hosts   = NULL;
-uschar *tls_verify_certificates= NULL;
+uschar *tls_verify_certificates= US"system";
 uschar *tls_verify_hosts       = NULL;
 #endif
 
+#ifndef DISABLE_PRDR
+/* Per Recipient Data Response variables */
+BOOL    prdr_enable            = FALSE;
+BOOL    prdr_requested         = FALSE;
+const pcre *regex_PRDR         = NULL;
+#endif
 
 /* Input-reading functions for messages, so we can use special ones for
 incoming TCP/IP. The defaults use stdin. We never need these for any
@@ -127,6 +184,7 @@ int (*receive_getc)(void)      = stdin_getc;
 int (*receive_ungetc)(int)     = stdin_ungetc;
 int (*receive_feof)(void)      = stdin_feof;
 int (*receive_ferror)(void)    = stdin_ferror;
+BOOL (*receive_smtp_buffered)(void) = NULL;   /* Only used for SMTP */
 #endif
 
 
@@ -134,38 +192,51 @@ int (*receive_ferror)(void)    = stdin_ferror;
 when verifying one address while routing/verifying another. We have to have
 the size explicit, because it is referenced from more than one module. */
 
-uschar **address_expansions[ADDRESS_EXPANSIONS_COUNT] = {
-  &deliver_address_data,
-  &deliver_domain,
-  &deliver_domain_data,
-  &deliver_domain_orig,
-  &deliver_domain_parent,
-  &deliver_localpart,
-  &deliver_localpart_data,
-  &deliver_localpart_orig,
-  &deliver_localpart_parent,
-  &deliver_localpart_prefix,
-  &deliver_localpart_suffix,
-  (uschar **)(&deliver_recipients),
-  &deliver_host,
-  &deliver_home,
-  &address_file,
-  &address_pipe,
-  &self_hostname,
+const uschar **address_expansions[ADDRESS_EXPANSIONS_COUNT] = {
+  CUSS &deliver_address_data,
+  CUSS &deliver_domain,
+  CUSS &deliver_domain_data,
+  CUSS &deliver_domain_orig,
+  CUSS &deliver_domain_parent,
+  CUSS &deliver_localpart,
+  CUSS &deliver_localpart_data,
+  CUSS &deliver_localpart_orig,
+  CUSS &deliver_localpart_parent,
+  CUSS &deliver_localpart_prefix,
+  CUSS &deliver_localpart_suffix,
+  CUSS (uschar **)(&deliver_recipients),
+  CUSS &deliver_host,
+  CUSS &deliver_home,
+  CUSS &address_file,
+  CUSS &address_pipe,
+  CUSS &self_hostname,
   NULL };
 
 int address_expansions_count = sizeof(address_expansions)/sizeof(uschar **);
 
 /* General global variables */
 
+header_line *acl_added_headers = NULL;
 tree_node *acl_anchor          = NULL;
+uschar *acl_arg[9]             = {NULL, NULL, NULL, NULL, NULL,
+                                  NULL, NULL, NULL, NULL};
+int     acl_narg               = 0;
+
 uschar *acl_not_smtp           = NULL;
 #ifdef WITH_CONTENT_SCAN
 uschar *acl_not_smtp_mime      = NULL;
 #endif
+uschar *acl_not_smtp_start     = NULL;
+uschar *acl_removed_headers    = NULL;
 uschar *acl_smtp_auth          = NULL;
 uschar *acl_smtp_connect       = NULL;
 uschar *acl_smtp_data          = NULL;
+#ifndef DISABLE_PRDR
+uschar *acl_smtp_data_prdr     = US"accept";
+#endif
+#ifndef DISABLE_DKIM
+uschar *acl_smtp_dkim          = NULL;
+#endif
 uschar *acl_smtp_etrn          = NULL;
 uschar *acl_smtp_expn          = NULL;
 uschar *acl_smtp_helo          = NULL;
@@ -174,15 +245,17 @@ uschar *acl_smtp_mailauth      = NULL;
 #ifdef WITH_CONTENT_SCAN
 uschar *acl_smtp_mime          = NULL;
 #endif
+uschar *acl_smtp_notquit       = NULL;
 uschar *acl_smtp_predata       = NULL;
 uschar *acl_smtp_quit          = NULL;
 uschar *acl_smtp_rcpt          = NULL;
 uschar *acl_smtp_starttls      = NULL;
 uschar *acl_smtp_vrfy          = NULL;
+
 BOOL    acl_temp_details       = FALSE;
-uschar *acl_var[ACL_C_MAX+ACL_M_MAX];
+tree_node *acl_var_c           = NULL;
+tree_node *acl_var_m           = NULL;
 uschar *acl_verify_message     = NULL;
-header_line *acl_warn_headers  = NULL;
 string_item *acl_warn_logged   = NULL;
 
 /* Names of SMTP places for use in ACL error messages, and corresponding SMTP
@@ -192,7 +265,11 @@ uschar *acl_wherenames[]       = { US"RCPT",
                                    US"MAIL",
                                    US"PREDATA",
                                    US"MIME",
+                                   US"DKIM",
                                    US"DATA",
+#ifndef DISABLE_PRDR
+                                   US"PRDR",
+#endif
                                    US"non-SMTP",
                                    US"AUTH",
                                    US"connection",
@@ -200,31 +277,44 @@ uschar *acl_wherenames[]       = { US"RCPT",
                                    US"EXPN",
                                    US"EHLO or HELO",
                                    US"MAILAUTH",
+                                   US"non-SMTP-start",
+                                   US"NOTQUIT",
                                    US"QUIT",
                                    US"STARTTLS",
-                                   US"VRFY"
+                                   US"VRFY",
+                                  US"delivery",
+                                  US"unknown"
                                  };
 
-int     acl_wherecodes[]       = { 550,     /* RCPT */
-                                   550,     /* MAIL */
-                                   550,     /* PREDATA */
-                                   550,     /* MIME */
-                                   550,     /* DATA */
-                                   0,       /* not SMTP; not relevant */
-                                   503,     /* AUTH */
-                                   550,     /* connect */
-                                   458,     /* ETRN */
-                                   550,     /* EXPN */
-                                   550,     /* HELO/EHLO */
-                                   0,       /* MAILAUTH; not relevant */
-                                   0,       /* QUIT; not relevant */
-                                   550,     /* STARTTLS */
-                                   252      /* VRFY */
+uschar *acl_wherecodes[]       = { US"550",     /* RCPT */
+                                   US"550",     /* MAIL */
+                                   US"550",     /* PREDATA */
+                                   US"550",     /* MIME */
+                                   US"550",     /* DKIM */
+                                   US"550",     /* DATA */
+#ifndef DISABLE_PRDR
+                                   US"550",    /* RCPT PRDR */
+#endif
+                                   US"0",       /* not SMTP; not relevant */
+                                   US"503",     /* AUTH */
+                                   US"550",     /* connect */
+                                   US"458",     /* ETRN */
+                                   US"550",     /* EXPN */
+                                   US"550",     /* HELO/EHLO */
+                                   US"0",       /* MAILAUTH; not relevant */
+                                   US"0",       /* not SMTP; not relevant */
+                                   US"0",       /* NOTQUIT; not relevant */
+                                   US"0",       /* QUIT; not relevant */
+                                   US"550",     /* STARTTLS */
+                                   US"252",     /* VRFY */
+                                  US"0",       /* delivery; not relevant */
+                                  US"0"        /* unknown; not relevant */
                                  };
 
 BOOL    active_local_from_check = FALSE;
 BOOL    active_local_sender_retain = FALSE;
-BOOL    accept_8bitmime        = FALSE;
+int     body_8bitmime = 0;
+BOOL    accept_8bitmime        = TRUE; /* deliberately not RFC compliant */
 address_item  *addr_duplicate  = NULL;
 
 address_item address_defaults = {
@@ -261,8 +351,17 @@ address_item address_defaults = {
   NULL,                 /* shadow_message */
   #ifdef SUPPORT_TLS
   NULL,                 /* cipher */
+  NULL,                        /* ourcert */
+  NULL,                        /* peercert */
   NULL,                 /* peerdn */
+  OCSP_NOT_REQ,         /* ocsp */
   #endif
+  NULL,                        /* authenticator */
+  NULL,                        /* auth_id */
+  NULL,                        /* auth_sndr */
+  NULL,                 /* dsn_orcpt */
+  0,                    /* dsn_flags */
+  0,                    /* dsn_aware */
   (uid_t)(-1),          /* uid */
   (gid_t)(-1),          /* gid */
   0,                    /* flags */
@@ -295,11 +394,13 @@ tree_node *addresslist_anchor  = NULL;
 int     addresslist_count      = 0;
 gid_t  *admin_groups           = NULL;
 BOOL    admin_user             = FALSE;
+BOOL    allow_auth_unadvertised= FALSE;
 BOOL    allow_domain_literals  = FALSE;
 BOOL    allow_mx_to_ip         = FALSE;
 BOOL    allow_unqualified_recipient = TRUE;    /* For local messages */
 BOOL    allow_unqualified_sender = TRUE;       /* Reset for SMTP */
 BOOL    allow_utf8_domains     = FALSE;
+uschar *authenticated_fail_id  = NULL;
 uschar *authenticated_id       = NULL;
 uschar *authenticated_sender   = NULL;
 BOOL    authentication_failed  = FALSE;
@@ -312,10 +413,13 @@ auth_instance auth_defaults    = {
     NULL,                      /* private options block pointer */
     NULL,                      /* driver_name */
     NULL,                      /* advertise_condition */
+    NULL,                      /* client_condition */
     NULL,                      /* public_name */
     NULL,                      /* set_id */
+    NULL,                      /* set_client_id */
     NULL,                      /* server_mail_auth_condition */
     NULL,                      /* server_debug_string */
+    NULL,                      /* server_condition */
     FALSE,                     /* client */
     FALSE,                     /* server */
     FALSE                      /* advertised */
@@ -323,14 +427,22 @@ auth_instance auth_defaults    = {
 
 uschar *auth_defer_msg         = US"reason not recorded";
 uschar *auth_defer_user_msg    = US"";
+uschar *auth_vars[AUTH_VARS];
 int     auto_thaw              = 0;
 #ifdef WITH_CONTENT_SCAN
+BOOL    av_failed              = FALSE;
 uschar *av_scanner             = US"sophie:/var/run/sophie";  /* AV scanner */
 #endif
 
 BOOL    background_daemon      = TRUE;
+
+#if BASE_62 == 62
 uschar *base62_chars=
     US"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+#else
+uschar *base62_chars= US"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+#endif
+
 uschar *bi_command             = NULL;
 uschar *big_buffer             = NULL;
 int     big_buffer_size        = BIG_BUFFER_SIZE;
@@ -359,11 +471,15 @@ int     callout_cache_domain_negative_expire = 3*60*60;
 int     callout_cache_positive_expire = 24*60*60;
 int     callout_cache_negative_expire = 2*60*60;
 uschar *callout_random_local_part = US"$primary_hostname-$tod_epoch-testing";
-uschar *check_dns_names_pattern= US"(?i)^(?>(?(1)\\.|())[^\\W_](?>[a-z0-9-]*[^\\W_])?)+$";
+uschar *check_dns_names_pattern= US"(?i)^(?>(?(1)\\.|())[^\\W](?>[a-z0-9/_-]*[^\\W])?)+(\\.?)$";
 int     check_log_inodes       = 0;
 int     check_log_space        = 0;
+BOOL    check_rfc2047_length   = TRUE;
 int     check_spool_inodes     = 0;
 int     check_spool_space      = 0;
+uschar *client_authenticator  = NULL;
+uschar *client_authenticated_id = NULL;
+uschar *client_authenticated_sender = NULL;
 int     clmacro_count          = 0;
 uschar *clmacros[MAX_CLMACROS];
 BOOL    config_changed         = FALSE;
@@ -376,6 +492,7 @@ gid_t   config_gid             = CONFIGURE_GROUP;
 uschar *config_main_filelist   = US CONFIGURE_FILE
                          "\0<-----------Space to patch configure_filename->";
 uschar *config_main_filename   = NULL;
+uschar *config_main_directory  = NULL;
 
 #ifdef CONFIGURE_OWNER
 uid_t   config_uid             = CONFIGURE_OWNER;
@@ -389,9 +506,25 @@ int     continue_sequence      = 1;
 uschar *continue_transport     = NULL;
 
 uschar *csa_status             = NULL;
+cut_t   cutthrough = {
+  FALSE,                               /* delivery: when to attempt */
+  -1,                                  /* fd: open connection */
+  0,                                   /* nrcpt: number of addresses */
+};
 
 BOOL    daemon_listen          = FALSE;
 uschar *daemon_smtp_port       = US"smtp";
+int     daemon_startup_retries = 9;
+int     daemon_startup_sleep   = 30;
+
+#ifdef EXPERIMENTAL_DCC
+BOOL    dcc_direct_add_header  = FALSE;
+uschar *dcc_header             = NULL;
+uschar *dcc_result             = NULL;
+uschar *dccifd_address         = US"/usr/local/dcc/var/dccifd";
+uschar *dccifd_options         = US"header";
+#endif
+
 BOOL    debug_daemon           = FALSE;
 int     debug_fd               = -1;
 FILE   *debug_file             = NULL;
@@ -431,22 +564,28 @@ bit_table debug_options[]      = {
 int     debug_options_count    = sizeof(debug_options)/sizeof(bit_table);
 unsigned int debug_selector    = 0;
 int     delay_warning[DELAY_WARNING_SIZE] = { DELAY_WARNING_SIZE, 1, 24*60*60 };
-uschar *delay_warning_condition= US"${if match{$h_precedence:}{(?i)bulk|list|junk}{no}{yes}}";
+uschar *delay_warning_condition=
+  US"${if or {"
+            "{ !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} }"
+            "{ match{$h_precedence:}{(?i)bulk|list|junk} }"
+            "{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }"
+            "} {no}{yes}}";
 BOOL    delivery_date_remove   = TRUE;
 uschar *deliver_address_data   = NULL;
 int     deliver_datafile       = -1;
-uschar *deliver_domain         = NULL;
+const uschar *deliver_domain   = NULL;
 uschar *deliver_domain_data    = NULL;
-uschar *deliver_domain_orig    = NULL;
-uschar *deliver_domain_parent  = NULL;
+const uschar *deliver_domain_orig = NULL;
+const uschar *deliver_domain_parent = NULL;
 BOOL    deliver_drop_privilege = FALSE;
 BOOL    deliver_firsttime      = FALSE;
 BOOL    deliver_force          = FALSE;
 BOOL    deliver_freeze         = FALSE;
-int     deliver_frozen_at      = 0;
+time_t  deliver_frozen_at      = 0;
 uschar *deliver_home           = NULL;
-uschar *deliver_host           = NULL;
-uschar *deliver_host_address   = NULL;
+const uschar *deliver_host     = NULL;
+const uschar *deliver_host_address = NULL;
+int     deliver_host_port      = 0;
 uschar *deliver_in_buffer      = NULL;
 ino_t   deliver_inode          = 0;
 uschar *deliver_localpart      = NULL;
@@ -469,21 +608,50 @@ int     demime_errorlevel      = 0;
 int     demime_ok              = 0;
 uschar *demime_reason          = NULL;
 #endif
+BOOL    disable_callout_flush  = FALSE;
+BOOL    disable_delay_flush    = FALSE;
+#ifdef ENABLE_DISABLE_FSYNC
+BOOL    disable_fsync          = FALSE;
+#endif
+BOOL    disable_ipv6           = FALSE;
 BOOL    disable_logging        = FALSE;
 
-#ifdef EXPERIMENTAL_DOMAINKEYS
-uschar *dk_signing_domain      = NULL;
-uschar *dk_signing_selector    = NULL;
-int     dk_do_verify           = 0;
+#ifndef DISABLE_DKIM
+uschar *dkim_cur_signer          = NULL;
+uschar *dkim_signers             = NULL;
+uschar *dkim_signing_domain      = NULL;
+uschar *dkim_signing_selector    = NULL;
+uschar *dkim_verify_signers      = US"$dkim_signers";
+BOOL    dkim_collect_input       = FALSE;
+BOOL    dkim_disable_verify      = FALSE;
+#endif
+#ifdef EXPERIMENTAL_DMARC
+BOOL    dmarc_has_been_checked  = FALSE;
+uschar *dmarc_ar_header         = NULL;
+uschar *dmarc_domain_policy     = NULL;
+uschar *dmarc_forensic_sender   = NULL;
+uschar *dmarc_history_file      = NULL;
+uschar *dmarc_status            = NULL;
+uschar *dmarc_status_text       = NULL;
+uschar *dmarc_tld_file          = NULL;
+uschar *dmarc_used_domain       = NULL;
+BOOL    dmarc_disable_verify    = FALSE;
+BOOL    dmarc_enable_forensic   = FALSE;
 #endif
 
 uschar *dns_again_means_nonexist = NULL;
 int     dns_csa_search_limit   = 5;
 BOOL    dns_csa_use_reverse    = TRUE;
+#ifdef EXPERIMENTAL_DANE
+int     dns_dane_ok            = -1;
+#endif
 uschar *dns_ipv4_lookup        = NULL;
 int     dns_retrans            = 0;
 int     dns_retry              = 0;
+int     dns_dnssec_ok          = -1; /* <0 = not coerced */
+int     dns_use_edns0          = -1; /* <0 = not coerced */
 uschar *dnslist_domain         = NULL;
+uschar *dnslist_matched        = NULL;
 uschar *dnslist_text           = NULL;
 uschar *dnslist_value          = NULL;
 tree_node *domainlist_anchor   = NULL;
@@ -491,6 +659,7 @@ int     domainlist_count       = 0;
 BOOL    dont_deliver           = FALSE;
 BOOL    dot_ends               = TRUE;
 BOOL    drop_cr                = FALSE;         /* No longer used */
+uschar *dsn_from               = US DEFAULT_DSN_FROM;
 
 BOOL    enable_dollar_recipients = FALSE;
 BOOL    envelope_to_remove     = TRUE;
@@ -499,6 +668,13 @@ uschar *errors_copy            = NULL;
 int     error_handling         = ERRORS_SENDER;
 uschar *errors_reply_to        = NULL;
 int     errors_sender_rc       = EXIT_FAILURE;
+#ifdef EXPERIMENTAL_EVENT
+uschar *event_action             = NULL;       /* expansion for delivery events */
+uschar *event_data               = NULL;       /* auxilary data variable for event */
+int     event_defer_errno        = 0;
+const uschar *event_name         = NULL;       /* event name variable */
+#endif
+
 
 gid_t   exim_gid               = EXIM_GID;
 BOOL    exim_gid_set           = TRUE;          /* This gid is always set */
@@ -516,7 +692,10 @@ BOOL    extract_addresses_remove_arguments = TRUE;
 uschar *extra_local_interfaces = NULL;
 
 int     fake_response          = OK;
-uschar *fake_response_text     = US"Your message has been rejected but is being kept for evaluation.\nIf it was a legitimate message, it may still be delivered to the target recipient(s).";
+uschar *fake_response_text     = US"Your message has been rejected but is "
+                                   "being kept for evaluation.\nIf it was a "
+                                   "legitimate message, it may still be "
+                                   "delivered to the target recipient(s).";
 int     filter_n[FILTER_VARIABLE_COUNT];
 BOOL    filter_running         = FALSE;
 int     filter_sn[FILTER_VARIABLE_COUNT];
@@ -530,6 +709,7 @@ uschar *found_extension        = NULL;
 #endif
 uid_t   fixed_never_users[]    = { FIXED_NEVER_USERS };
 uschar *freeze_tell            = NULL;
+uschar *freeze_tell_config     = NULL;
 uschar *fudged_queue_times     = US"";
 
 uschar *gecos_name             = NULL;
@@ -567,8 +747,9 @@ uschar *helo_allow_chars       = US"";
 uschar *helo_lookup_domains    = US"@ : @[]";
 uschar *helo_try_verify_hosts  = NULL;
 BOOL    helo_verified          = FALSE;
+BOOL    helo_verify_failed     = FALSE;
 uschar *helo_verify_hosts      = NULL;
-uschar *hex_digits             = US"0123456789abcdef";
+const uschar *hex_digits       = CUS"0123456789abcdef";
 uschar *hold_domains           = NULL;
 BOOL    host_checking          = FALSE;
 BOOL    host_checking_callout  = FALSE;
@@ -590,9 +771,12 @@ uschar *hosts_connection_nolog = NULL;
 int     ignore_bounce_errors_after = 10*7*24*60*60;  /* 10 weeks */
 BOOL    ignore_fromline_local  = FALSE;
 uschar *ignore_fromline_hosts  = NULL;
+BOOL    inetd_wait_mode        = FALSE;
+int     inetd_wait_timeout     = -1;
 uschar *interface_address      = NULL;
 int     interface_port         = -1;
 BOOL    is_inetd               = FALSE;
+uschar *iterate_item           = NULL;
 
 int     journal_fd             = -1;
 
@@ -627,12 +811,16 @@ uschar *log_file_path          = US LOG_FILE_PATH
 /* Those log options with L_xxx identifiers have values less than 0x800000 and
 are the ones that get put into log_write_selector. They can be used in calls to
 log_write() to test for the bit. The options with LX_xxx identifiers have
-values greater than 0x80000000 and are put int log_extra_selector (without the
+values greater than 0x80000000 and are put into log_extra_selector (without the
 top bit). They are never used in calls to log_write(), but are tested
 independently. This separation became necessary when the number of log
 selectors was getting close to filling a 32-bit word. */
 
+/* Note that this list must be in alphabetical order. */
+
 bit_table log_options[]        = {
+  { US"8bitmime",                     LX_8bitmime },
+  { US"acl_warn_skipped",             LX_acl_warn_skipped },
   { US"address_rewrite",              L_address_rewrite },
   { US"all",                          L_all },
   { US"all_parents",                  L_all_parents },
@@ -649,6 +837,10 @@ bit_table log_options[]        = {
   { US"incoming_port",                LX_incoming_port },
   { US"lost_incoming_connection",     L_lost_incoming_connection },
   { US"outgoing_port",                LX_outgoing_port },
+  { US"pid",                          LX_pid },
+#ifdef EXPERIMENTAL_PROXY
+  { US"proxy",                        LX_proxy },
+#endif
   { US"queue_run",                    L_queue_run },
   { US"queue_time",                   LX_queue_time },
   { US"queue_time_overall",           LX_queue_time_overall },
@@ -659,26 +851,33 @@ bit_table log_options[]        = {
   { US"retry_defer",                  L_retry_defer },
   { US"return_path_on_delivery",      LX_return_path_on_delivery },
   { US"sender_on_delivery",           LX_sender_on_delivery },
+  { US"sender_verify_fail",           LX_sender_verify_fail },
   { US"size_reject",                  L_size_reject },
   { US"skip_delivery",                L_skip_delivery },
   { US"smtp_confirmation",            LX_smtp_confirmation },
   { US"smtp_connection",              L_smtp_connection },
   { US"smtp_incomplete_transaction",  L_smtp_incomplete_transaction },
+  { US"smtp_mailauth",                LX_smtp_mailauth },
+  { US"smtp_no_mail",                 LX_smtp_no_mail },
   { US"smtp_protocol_error",          L_smtp_protocol_error },
   { US"smtp_syntax_error",            L_smtp_syntax_error },
   { US"subject",                      LX_subject },
   { US"tls_certificate_verified",     LX_tls_certificate_verified },
   { US"tls_cipher",                   LX_tls_cipher },
-  { US"tls_peerdn",                   LX_tls_peerdn }
+  { US"tls_peerdn",                   LX_tls_peerdn },
+  { US"tls_sni",                      LX_tls_sni },
+  { US"unknown_in_list",              LX_unknown_in_list }
 };
 
 int     log_options_count      = sizeof(log_options)/sizeof(bit_table);
-unsigned int log_write_selector= L_default;
+int     log_reject_target      = 0;
 uschar *log_selector_string    = NULL;
 FILE   *log_stderr             = NULL;
 BOOL    log_testing_mode       = FALSE;
 BOOL    log_timezone           = FALSE;
+unsigned int log_write_selector= L_default;
 uschar *login_sender_address   = NULL;
+uschar *lookup_dnssec_authenticated = NULL;
 int     lookup_open_max        = 25;
 uschar *lookup_value           = NULL;
 
@@ -687,10 +886,12 @@ uschar *mailstore_basename     = NULL;
 #ifdef WITH_CONTENT_SCAN
 uschar *malware_name           = NULL;  /* Virus Name */
 #endif
+int     max_received_linelength= 0;
 int     max_username_length    = 0;
 int     message_age            = 0;
 uschar *message_body           = NULL;
 uschar *message_body_end       = NULL;
+BOOL    message_body_newlines  = FALSE;
 int     message_body_size      = 0;
 int     message_body_visible   = 500;
 int     message_ended          = END_NOTSTARTED;
@@ -705,13 +906,16 @@ int     message_linecount      = 0;
 BOOL    message_logs           = TRUE;
 int     message_size           = 0;
 uschar *message_size_limit     = US"50M";
+#ifdef EXPERIMENTAL_INTERNATIONAL
+BOOL    message_smtputf8       = FALSE;
+#endif
 uschar  message_subdir[2]      = { 0, 0 };
 uschar *message_reference      = NULL;
 
 /* MIME ACL expandables */
 #ifdef WITH_CONTENT_SCAN
 int     mime_anomaly_level     = 0;
-uschar *mime_anomaly_text      = NULL;
+const uschar *mime_anomaly_text      = NULL;
 uschar *mime_boundary          = NULL;
 uschar *mime_charset           = NULL;
 uschar *mime_content_description = NULL;
@@ -749,15 +953,32 @@ BOOL    parse_found_group      = FALSE;
 uschar *percent_hack_domains   = NULL;
 uschar *pid_file_path          = US PID_FILE_PATH
                            "\0<--------------Space to patch pid_file_path->";
+BOOL    pipelining_enable      = TRUE;
 uschar *pipelining_advertise_hosts = US"*";
 BOOL    preserve_message_logs  = FALSE;
 uschar *primary_hostname       = NULL;
 BOOL    print_topbitchars      = FALSE;
 uschar  process_info[PROCESS_INFO_SIZE];
+int     process_info_len       = 0;
 uschar *process_log_path       = NULL;
 BOOL    prod_requires_admin    = TRUE;
 
-uschar *qualify_domain_recipient = NULL;
+#ifdef EXPERIMENTAL_PROXY
+uschar *proxy_host_address     = US"";
+int     proxy_host_port        = 0;
+uschar *proxy_required_hosts   = US"";
+BOOL    proxy_session          = FALSE;
+BOOL    proxy_session_failed   = FALSE;
+uschar *proxy_target_address   = US"";
+int     proxy_target_port      = 0;
+#endif
+
+uschar *prvscheck_address      = NULL;
+uschar *prvscheck_keynum       = NULL;
+uschar *prvscheck_result       = NULL;
+
+
+const uschar *qualify_domain_recipient = NULL;
 uschar *qualify_domain_sender  = NULL;
 BOOL    queue_2stage           = FALSE;
 uschar *queue_domains          = NULL;
@@ -766,6 +987,7 @@ BOOL    queue_list_requires_admin = TRUE;
 BOOL    queue_only             = FALSE;
 uschar *queue_only_file        = NULL;
 int     queue_only_load        = -1;
+BOOL    queue_only_load_latch  = TRUE;
 BOOL    queue_only_override    = TRUE;
 BOOL    queue_only_policy      = FALSE;
 BOOL    queue_run_first_delivery = FALSE;
@@ -780,6 +1002,7 @@ BOOL    queue_smtp             = FALSE;
 uschar *queue_smtp_domains     = NULL;
 
 unsigned int random_seed       = 0;
+tree_node *ratelimiters_cmd    = NULL;
 tree_node *ratelimiters_conn   = NULL;
 tree_node *ratelimiters_mail   = NULL;
 uschar *raw_active_hostname    = NULL;
@@ -814,7 +1037,8 @@ uschar *received_header_text   = US
      "${if def:tls_cipher {($tls_cipher)\n\t}}"
      #endif
      "(Exim $version_number)\n\t"
-     "id $message_id"
+     "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
+     "id $message_exim_id"
      "${if def:received_for {\n\tfor $received_for}}"
      "\0<---------------Space to patch received_header_text->";
 
@@ -833,9 +1057,14 @@ BOOL    recipients_max_reject  = FALSE;
 const pcre *regex_AUTH         = NULL;
 const pcre *regex_check_dns_names = NULL;
 const pcre *regex_From         = NULL;
+const pcre *regex_IGNOREQUOTA  = NULL;
 const pcre *regex_PIPELINING   = NULL;
 const pcre *regex_SIZE         = NULL;
+const pcre *regex_smtp_code    = NULL;
 const pcre *regex_ismsgid      = NULL;
+#ifdef WHITELIST_D_MACROS
+const pcre *regex_whitelisted_macro = NULL;
+#endif
 #ifdef WITH_CONTENT_SCAN
 uschar *regex_match_string     = NULL;
 #endif
@@ -849,9 +1078,10 @@ retry_config  *retries         = NULL;
 uschar *return_path            = NULL;
 BOOL    return_path_remove     = TRUE;
 int     rewrite_existflags     = 0;
-uschar *rfc1413_hosts          = US"*";
-int     rfc1413_query_timeout  = 30;
+uschar *rfc1413_hosts          = US"@[]";
+int     rfc1413_query_timeout  = 0;
 /* BOOL    rfc821_domains         = FALSE;  <<< on the way out */
+uid_t   root_gid               = ROOT_GID;
 uid_t   root_uid               = ROOT_UID;
 
 router_instance  *routers  = NULL;
@@ -921,6 +1151,7 @@ router_instance  router_defaults = {
     TRUE,                      /* verify_sender */
     FALSE,                     /* uid_set */
     FALSE,                     /* unseen */
+    FALSE,                     /* dsn_lasthop */
 
     self_freeze,               /* self_code */
     (uid_t)(-1),               /* uid */
@@ -932,6 +1163,8 @@ router_instance  router_defaults = {
     NULL                       /* redirect_router */
 };
 
+uschar *router_name            = NULL;
+
 ip_address_item *running_interfaces = NULL;
 BOOL    running_in_test_harness = FALSE;
 
@@ -940,7 +1173,7 @@ script that sets up a copy of Exim for running in the test harness. It seems
 that compilers are now clever, and share constant strings if they can.
 Elsewhere in Exim the string "<" is used. The compiler optimization seems to
 make use of the end of this string in order to save space. So the patching then
-wrecks this. We default this optimization by adding some additional characters
+wrecks this. We defeat this optimization by adding some additional characters
 onto the end of the string. */
 
 uschar *running_status         = US">>>running<<<" "\0EXTRA";
@@ -963,12 +1196,14 @@ uschar **sender_host_aliases   = &no_aliases;
 uschar *sender_host_address    = NULL;
 uschar *sender_host_authenticated = NULL;
 unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32];
+BOOL    sender_host_dnssec     = FALSE;
 uschar *sender_host_name       = NULL;
 int     sender_host_port       = 0;
 BOOL    sender_host_notsocket  = FALSE;
 BOOL    sender_host_unknown    = FALSE;
 uschar *sender_ident           = NULL;
 BOOL    sender_local           = FALSE;
+BOOL    sender_name_forced     = FALSE;
 uschar *sender_rate            = NULL;
 uschar *sender_rate_limit      = NULL;
 uschar *sender_rate_period     = NULL;
@@ -980,7 +1215,9 @@ address_item *sender_verified_list  = NULL;
 address_item *sender_verified_failed = NULL;
 int     sender_verified_rc     = -1;
 BOOL    sender_verified_responded = FALSE;
-volatile  BOOL sigalrm_seen    = FALSE;
+uschar *sending_ip_address     = NULL;
+int     sending_port           = -1;
+SIGNAL_BOOL sigalrm_seen       = FALSE;
 uschar **sighup_argv           = NULL;
 int     smtp_accept_count      = 0;
 BOOL    smtp_accept_keepalive  = TRUE;
@@ -999,7 +1236,11 @@ uschar *smtp_banner            = US"$smtp_active_hostname ESMTP "
                              "\0<---------------Space to patch smtp_banner->";
 BOOL    smtp_batched_input     = FALSE;
 BOOL    smtp_check_spool_space = TRUE;
-uschar *smtp_command_argument  = NULL;
+int     smtp_ch_index          = 0;
+uschar *smtp_cmd_argument      = NULL;
+uschar *smtp_cmd_buffer        = NULL;
+time_t  smtp_connection_start  = 0;
+uschar  smtp_connection_had[SMTP_HBUFF_SIZE];
 int     smtp_connect_backlog   = 20;
 double  smtp_delay_mail        = 0.0;
 double  smtp_delay_rcpt        = 0.0;
@@ -1013,11 +1254,13 @@ uschar *smtp_etrn_command      = NULL;
 BOOL    smtp_etrn_serialize    = TRUE;
 int     smtp_max_synprot_errors= 3;
 int     smtp_max_unknown_commands = 3;
+uschar *smtp_notquit_reason    = NULL;
 uschar *smtp_ratelimit_hosts   = NULL;
 uschar *smtp_ratelimit_mail    = NULL;
 uschar *smtp_ratelimit_rcpt    = NULL;
 uschar *smtp_read_error        = US"";
 int     smtp_receive_timeout   = 5*60;
+uschar *smtp_receive_timeout_s = NULL;
 uschar *smtp_reserve_hosts     = NULL;
 BOOL    smtp_return_error_details = FALSE;
 int     smtp_rlm_base          = 0;
@@ -1030,15 +1273,20 @@ int     smtp_rlr_limit         = 0;
 int     smtp_rlr_threshold     = INT_MAX;
 BOOL    smtp_use_pipelining    = FALSE;
 BOOL    smtp_use_size          = FALSE;
+#ifdef EXPERIMENTAL_INTERNATIONAL
+uschar *smtputf8_advertise_hosts = US"*";
+#endif
 
 #ifdef WITH_CONTENT_SCAN
 uschar *spamd_address          = US"127.0.0.1 783";
 uschar *spam_bar               = NULL;
 uschar *spam_report            = NULL;
+uschar *spam_action            = NULL;
 uschar *spam_score             = NULL;
 uschar *spam_score_int         = NULL;
 #endif
 #ifdef EXPERIMENTAL_SPF
+uschar *spf_guess              = US"v=spf1 a/24 mx/24 ptr ?all";
 uschar *spf_header_comment     = NULL;
 uschar *spf_received           = NULL;
 uschar *spf_result             = NULL;
@@ -1063,11 +1311,17 @@ uschar *srs_status             = NULL;
 BOOL    srs_usehash            = TRUE;
 BOOL    srs_usetimestamp       = TRUE;
 #endif
+BOOL    strict_acl_vars        = FALSE;
 int     string_datestamp_offset= -1;
+int     string_datestamp_length= 0;
+int     string_datestamp_type  = -1;
 BOOL    strip_excess_angle_brackets = FALSE;
 BOOL    strip_trailing_dot     = FALSE;
 uschar *submission_domain      = NULL;
 BOOL    submission_mode        = FALSE;
+uschar *submission_name        = NULL;
+BOOL    suppress_local_fixups  = FALSE;
+BOOL    suppress_local_fixups_default = FALSE;
 BOOL    synchronous_delivery   = FALSE;
 BOOL    syslog_duplication     = TRUE;
 int     syslog_facility        = LOG_MAIL;
@@ -1082,11 +1336,15 @@ uschar *system_filter_reply_transport = NULL;
 
 gid_t   system_filter_gid      = 0;
 BOOL    system_filter_gid_set  = FALSE;
-uid_t   system_filter_uid      = 0;
+uid_t   system_filter_uid      = (uid_t)-1;
 BOOL    system_filter_uid_set  = FALSE;
 BOOL    system_filtering       = FALSE;
 
 BOOL    tcp_nodelay            = TRUE;
+#ifdef USE_TCP_WRAPPERS
+uschar *tcp_wrappers_daemon_name = US TCP_WRAPPERS_DAEMON_NAME;
+#endif
+int     test_harness_load_avg  = 0;
 int     thismessage_size_limit = 0;
 int     timeout_frozen_after   = 0;
 BOOL    timestamps_utc         = FALSE;
@@ -1104,6 +1362,7 @@ transport_instance  transport_defaults = {
     NULL,                     /* batch_id */
     NULL,                     /* home_dir */
     NULL,                     /* current_dir */
+    NULL,                     /* expand-multi-domain */
     TRUE,                     /* multi-domain */
     FALSE,                    /* overrides_hosts */
     100,                      /* max_addresses */
@@ -1143,10 +1402,15 @@ transport_instance  transport_defaults = {
     FALSE,                    /* log_defer_output */
     TRUE_UNSET                /* retry_use_local_part: BOOL, but set neither
                                  1 nor 0 so can detect unset */
+#ifdef EXPERIMENTAL_EVENT
+   ,NULL                     /* event_action */
+#endif
 };
 
 int     transport_count;
-uschar **transport_filter_argv  = NULL;
+uschar *transport_name          = NULL;
+int     transport_newlines;
+const uschar **transport_filter_argv  = NULL;
 int     transport_filter_timeout;
 BOOL    transport_filter_timed_out = FALSE;
 int     transport_write_timeout= 0;
@@ -1157,6 +1421,7 @@ tree_node  *tree_nonrecipients = NULL;
 tree_node  *tree_unusable      = NULL;
 
 BOOL    trusted_caller         = FALSE;
+BOOL    trusted_config         = TRUE;
 gid_t  *trusted_groups         = NULL;
 uid_t  *trusted_users          = NULL;
 uschar *timezone_string        = US TIMEZONE_DEFAULT;
@@ -1190,16 +1455,19 @@ uschar *uucp_from_pattern      = US
 
 uschar *uucp_from_sender       = US"$1";
 
-uschar *warn_message_file      = NULL;
-uschar *warnmsg_delay          = NULL;
-uschar *warnmsg_recipients     = NULL;
-BOOL    write_rejectlog        = TRUE;
-
-uschar *version_copyright      = US"Copyright (c) University of Cambridge 2005";
+uschar *verify_mode           = NULL;
+uschar *version_copyright      =
+ US"Copyright (c) University of Cambridge, 1995 - 2014\n"
+   "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014";
 uschar *version_date           = US"?";
 uschar *version_cnumber        = US"????";
 uschar *version_string         = US"?";
 
+uschar *warn_message_file      = NULL;
 int     warning_count          = 0;
+uschar *warnmsg_delay          = NULL;
+uschar *warnmsg_recipients     = NULL;
+BOOL    write_rejectlog        = TRUE;
+
 
 /*  End of globals.c */