GnuTLS: add debug warning for tls_dhparam ignore
[exim.git] / src / src / globals.c
index e8faa9c023b1a6db3edd608b56a0e44257730534..200b506f7548c7b7d4bcb09cb3140c4c9c566ebd 100644 (file)
@@ -3,6 +3,7 @@
 *************************************************/
 
 /* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* All the global variables are defined together in this one module, so
@@ -16,23 +17,23 @@ data blocks and hence have the opt_public flag set. */
 
 optionlist optionlist_auths[] = {
   { "client_condition", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, client_condition)) },
+                 OPT_OFF(auth_instance, client_condition) },
   { "client_set_id", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, set_client_id)) },
+                 OPT_OFF(auth_instance, set_client_id) },
   { "driver",        opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, driver_name)) },
+                 OPT_OFF(auth_instance, driver_name) },
   { "public_name",   opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, public_name)) },
+                 OPT_OFF(auth_instance, public_name) },
   { "server_advertise_condition", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, advertise_condition))},
+                 OPT_OFF(auth_instance, advertise_condition)},
   { "server_condition", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, server_condition)) },
+                 OPT_OFF(auth_instance, server_condition) },
   { "server_debug_print", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, server_debug_string)) },
+                 OPT_OFF(auth_instance, server_debug_string) },
   { "server_mail_auth_condition", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, mail_auth_condition)) },
+                 OPT_OFF(auth_instance, mail_auth_condition) },
   { "server_set_id", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, set_id)) }
+                 OPT_OFF(auth_instance, set_id) }
 };
 
 int     optionlist_auths_size = nelem(optionlist_auths);
@@ -89,6 +90,7 @@ uschar *redis_servers          = NULL;
 #endif
 
 #ifdef LOOKUP_SQLITE
+uschar *sqlite_dbfile         = NULL;
 int     sqlite_lock_timeout    = 5;
 #endif
 
@@ -96,56 +98,37 @@ int     sqlite_lock_timeout    = 5;
 BOOL    move_frozen_messages   = FALSE;
 #endif
 
+#ifdef ALLOW_INSECURE_TAINTED_DATA
+BOOL    allow_insecure_tainted_data = FALSE;
+#endif
+
 /* These variables are outside the #ifdef because it keeps the code less
 cluttered in several places (e.g. during logging) if we can always refer to
-them. Also, the tls_ variables are now always visible. */
+them. Also, the tls_ variables are now always visible.  Note that these are
+only used for smtp connections, not for service-daemon access. */
 
 tls_support tls_in = {
- .active =             -1,
- .bits =               0,
- .certificate_verified = FALSE,
-#ifdef SUPPORT_DANE
- .dane_verified =      FALSE,
- .tlsa_usage =         0,
-#endif
- .cipher =             NULL,
- .on_connect =         FALSE,
- .on_connect_ports =   NULL,
- .ourcert =            NULL,
- .peercert =           NULL,
- .peerdn =             NULL,
- .sni =                        NULL,
- .ocsp =               OCSP_NOT_REQ
+ .active =             {.sock = -1}
+ /* all other elements zero */
 };
 tls_support tls_out = {
- .active =             -1,
- .bits =               0,
- .certificate_verified = FALSE,
-#ifdef SUPPORT_DANE
- .dane_verified =      FALSE,
- .tlsa_usage =         0,
-#endif
- .cipher =             NULL,
- .on_connect =         FALSE,
- .on_connect_ports =   NULL,
- .ourcert =            NULL,
- .peercert =           NULL,
- .peerdn =             NULL,
- .sni =                        NULL,
- .ocsp =               OCSP_NOT_REQ
+ .active =             {.sock = -1},
+ /* all other elements zero */
 };
 
 uschar *dsn_envid              = NULL;
 int     dsn_ret                = 0;
-const pcre  *regex_DSN         = NULL;
+const pcre2_code  *regex_DSN         = NULL;
 uschar *dsn_advertise_hosts    = NULL;
 
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
 BOOL    gnutls_compat_mode     = FALSE;
 BOOL    gnutls_allow_auto_pkcs11 = FALSE;
+uschar *hosts_require_alpn     = NULL;
 uschar *openssl_options        = NULL;
-const pcre *regex_STARTTLS     = NULL;
+const pcre2_code *regex_STARTTLS     = NULL;
 uschar *tls_advertise_hosts    = US"*";
+uschar *tls_alpn              = US"smtp:esmtp";
 uschar *tls_certificate        = NULL;
 uschar *tls_crl                = NULL;
 /* This default matches NSS DH_MAX_P_BITS value at current time (2012), because
@@ -160,10 +143,15 @@ uschar *tls_ocsp_file          = NULL;
 uschar *tls_privatekey         = NULL;
 BOOL    tls_remember_esmtp     = FALSE;
 uschar *tls_require_ciphers    = NULL;
+# ifndef DISABLE_TLS_RESUME
+uschar *tls_resumption_hosts   = NULL;
+# endif
 uschar *tls_try_verify_hosts   = NULL;
 uschar *tls_verify_certificates= US"system";
 uschar *tls_verify_hosts       = NULL;
-#else  /*!SUPPORT_TLS*/
+int     tls_watch_fd          = -1;
+time_t  tls_watch_trigger_time = (time_t)0;
+#else  /*DISABLE_TLS*/
 uschar *tls_advertise_hosts    = NULL;
 #endif
 
@@ -171,11 +159,11 @@ uschar *tls_advertise_hosts    = NULL;
 /* Per Recipient Data Response variables */
 BOOL    prdr_enable            = FALSE;
 BOOL    prdr_requested         = FALSE;
-const pcre *regex_PRDR         = NULL;
+const pcre2_code *regex_PRDR         = NULL;
 #endif
 
 #ifdef SUPPORT_I18N
-const pcre *regex_UTF8         = NULL;
+const pcre2_code *regex_UTF8         = NULL;
 #endif
 
 /* Input-reading functions for messages, so we can use special ones for
@@ -183,16 +171,19 @@ incoming TCP/IP. The defaults use stdin. We never need these for any
 stand-alone tests. */
 
 #if !defined(STAND_ALONE) && !defined(MACRO_PREDEF)
-int (*lwr_receive_getc)(unsigned) = stdin_getc;
+int    (*lwr_receive_getc)(unsigned)   = stdin_getc;
 uschar * (*lwr_receive_getbuf)(unsigned *) = NULL;
-int (*lwr_receive_ungetc)(int) = stdin_ungetc;
-int (*receive_getc)(unsigned)  = stdin_getc;
-uschar * (*receive_getbuf)(unsigned *)  = NULL;
-void (*receive_get_cache)(void)= NULL;
-int (*receive_ungetc)(int)     = stdin_ungetc;
-int (*receive_feof)(void)      = stdin_feof;
-int (*receive_ferror)(void)    = stdin_ferror;
-BOOL (*receive_smtp_buffered)(void) = NULL;   /* Only used for SMTP */
+int    (*lwr_receive_ungetc)(int)      = stdin_ungetc;
+BOOL   (*lwr_receive_hasc)(void)       = stdin_hasc;
+
+int    (*receive_getc)(unsigned)       = stdin_getc;
+uschar * (*receive_getbuf)(unsigned *)         = NULL;
+void   (*receive_get_cache)(unsigned)  = NULL;
+BOOL   (*receive_hasc)(void)           = stdin_hasc;
+int    (*receive_ungetc)(int)          = stdin_ungetc;
+int    (*receive_feof)(void)           = stdin_feof;
+int    (*receive_ferror)(void)         = stdin_ferror;
+BOOL   (*receive_smtp_buffered)(void)  = NULL;   /* Only used for SMTP */
 #endif
 
 
@@ -222,7 +213,230 @@ const uschar **address_expansions[ADDRESS_EXPANSIONS_COUNT] = {
 
 int address_expansions_count = sizeof(address_expansions)/sizeof(uschar **);
 
-/* General global variables */
+/******************************************************************************/
+/* General global variables.  Boolean flags are done as a group
+so that only one bit each is needed, packed, for all those we never
+need to take a pointer - and only a char for the rest.
+This means a struct, unfortunately since it clutters the sourcecode. */
+
+struct global_flags f =
+{
+       .acl_temp_details       = FALSE,
+       .active_local_from_check = FALSE,
+       .active_local_sender_retain = FALSE,
+       .address_test_mode      = FALSE,
+       .admin_user             = FALSE,
+       .allow_auth_unadvertised= FALSE,
+       .allow_unqualified_recipient = TRUE,    /* For local messages */
+       .allow_unqualified_sender = TRUE,       /* Reset for SMTP */
+       .authentication_local   = FALSE,
+
+       .background_daemon      = TRUE,
+       .bdat_readers_wanted    = FALSE,
+
+       .chunking_offered       = FALSE,
+       .config_changed         = FALSE,
+       .continue_more          = FALSE,
+
+       .daemon_listen          = FALSE,
+       .debug_daemon           = FALSE,
+       .deliver_firsttime      = FALSE,
+       .deliver_force          = FALSE,
+       .deliver_freeze         = FALSE,
+       .deliver_force_thaw     = FALSE,
+       .deliver_manual_thaw    = FALSE,
+       .deliver_selectstring_regex = FALSE,
+       .deliver_selectstring_sender_regex = FALSE,
+       .disable_callout_flush  = FALSE,
+       .disable_delay_flush    = FALSE,
+       .disable_logging        = FALSE,
+#ifndef DISABLE_DKIM
+       .dkim_disable_verify      = FALSE,
+       .dkim_init_done           = FALSE,
+#endif
+#ifdef SUPPORT_DMARC
+       .dmarc_has_been_checked  = FALSE,
+       .dmarc_disable_verify    = FALSE,
+       .dmarc_enable_forensic   = FALSE,
+#endif
+       .dont_deliver           = FALSE,
+       .dot_ends               = TRUE,
+
+       .enable_dollar_recipients = FALSE,
+       .expand_string_forcedfail = FALSE,
+
+       .filter_running         = FALSE,
+
+       .header_rewritten       = FALSE,
+       .helo_verified          = FALSE,
+       .helo_verify_failed     = FALSE,
+       .host_checking_callout  = FALSE,
+       .host_find_failed_syntax= FALSE,
+
+       .inetd_wait_mode        = FALSE,
+       .is_inetd               = FALSE,
+
+       .local_error_message    = FALSE,
+       .log_testing_mode       = FALSE,
+
+#ifdef WITH_CONTENT_SCAN
+       .no_mbox_unspool        = FALSE,
+#endif
+       .no_multiline_responses = FALSE,
+
+       .parse_allow_group      = FALSE,
+       .parse_found_group      = FALSE,
+       .pipelining_enable      = TRUE,
+#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
+       .proxy_session_failed   = FALSE,
+#endif
+
+       .queue_2stage           = FALSE,
+       .queue_only_policy      = FALSE,
+       .queue_run_first_delivery = FALSE,
+       .queue_run_force        = FALSE,
+       .queue_run_local        = FALSE,
+       .queue_running          = FALSE,
+       .queue_smtp             = FALSE,
+
+       .really_exim            = TRUE,
+       .receive_call_bombout   = FALSE,
+       .recipients_discarded   = FALSE,
+       .running_in_test_harness = FALSE,
+
+       .search_find_defer      = FALSE,
+       .sender_address_forced  = FALSE,
+       .sender_host_notsocket  = FALSE,
+       .sender_host_unknown    = FALSE,
+       .sender_local           = FALSE,
+       .sender_name_forced     = FALSE,
+       .sender_set_untrusted   = FALSE,
+       .smtp_authenticated     = FALSE,
+#ifndef DISABLE_PIPE_CONNECT
+       .smtp_in_early_pipe_advertised = FALSE,
+       .smtp_in_early_pipe_no_auth = FALSE,
+       .smtp_in_early_pipe_used = FALSE,
+#endif
+       .smtp_in_pipelining_advertised = FALSE,
+       .smtp_in_pipelining_used = FALSE,
+       .smtp_in_quit           = FALSE,
+       .spool_file_wireformat  = FALSE,
+       .submission_mode        = FALSE,
+       .suppress_local_fixups  = FALSE,
+       .suppress_local_fixups_default = FALSE,
+       .synchronous_delivery   = FALSE,
+       .system_filtering       = FALSE,
+
+       .taint_check_slow       = FALSE,
+       .testsuite_delays       = TRUE,
+       .tcp_fastopen_ok        = FALSE,
+       .tcp_in_fastopen        = FALSE,
+       .tcp_in_fastopen_data   = FALSE,
+       .tcp_in_fastopen_logged = FALSE,
+       .tcp_out_fastopen_logged= FALSE,
+       .timestamps_utc         = FALSE,
+       .transport_filter_timed_out = FALSE,
+       .trusted_caller         = FALSE,
+       .trusted_config         = TRUE,
+};
+
+/******************************************************************************/
+/* These are the flags which are either variables or mainsection options,
+so an address is needed for access, or are exported to local_scan. */
+
+BOOL    accept_8bitmime        = TRUE; /* deliberately not RFC compliant */
+BOOL    allow_domain_literals  = FALSE;
+BOOL    allow_mx_to_ip         = FALSE;
+BOOL    allow_utf8_domains     = FALSE;
+BOOL    authentication_failed  = FALSE;
+
+BOOL    bounce_return_body     = TRUE;
+BOOL    bounce_return_message  = TRUE;
+BOOL    check_rfc2047_length   = TRUE;
+BOOL    commandline_checks_require_admin = FALSE;
+
+#ifdef EXPERIMENTAL_DCC
+BOOL    dcc_direct_add_header  = FALSE;
+#endif
+BOOL    debug_store            = FALSE;
+BOOL    delivery_date_remove   = TRUE;
+BOOL    deliver_drop_privilege = FALSE;
+#ifdef ENABLE_DISABLE_FSYNC
+BOOL    disable_fsync          = FALSE;
+#endif
+BOOL    disable_ipv6           = FALSE;
+BOOL    dns_csa_use_reverse    = TRUE;
+BOOL    drop_cr                = FALSE;         /* No longer used */
+
+BOOL    envelope_to_remove     = TRUE;
+BOOL    exim_gid_set           = TRUE;          /* This gid is always set */
+BOOL    exim_uid_set           = TRUE;          /* This uid is always set */
+BOOL    extract_addresses_remove_arguments = TRUE;
+
+BOOL    host_checking          = FALSE;
+BOOL    host_lookup_deferred   = FALSE;
+BOOL    host_lookup_failed     = FALSE;
+BOOL    ignore_fromline_local  = FALSE;
+
+BOOL    local_from_check       = TRUE;
+BOOL    local_sender_retain    = FALSE;
+BOOL    log_timezone           = FALSE;
+BOOL    message_body_newlines  = FALSE;
+BOOL    message_logs           = TRUE;
+#ifdef SUPPORT_I18N
+BOOL    message_smtputf8       = FALSE;
+#endif
+BOOL    mua_wrapper            = FALSE;
+
+BOOL    preserve_message_logs  = FALSE;
+BOOL    print_topbitchars      = FALSE;
+BOOL    prod_requires_admin    = TRUE;
+#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
+BOOL    proxy_session          = FALSE;
+#endif
+
+#ifndef DISABLE_QUEUE_RAMP
+BOOL    queue_fast_ramp                = FALSE;
+#endif
+BOOL    queue_list_requires_admin = TRUE;
+BOOL    queue_only             = FALSE;
+BOOL    queue_only_load_latch  = TRUE;
+BOOL    queue_only_override    = TRUE;
+BOOL    queue_run_in_order     = FALSE;
+BOOL    recipients_max_reject  = FALSE;
+BOOL    return_path_remove     = TRUE;
+
+BOOL    smtp_batched_input     = FALSE;
+BOOL    sender_helo_dnssec     = FALSE;
+BOOL    sender_host_dnssec     = FALSE;
+BOOL    smtp_accept_keepalive  = TRUE;
+BOOL    smtp_check_spool_space = TRUE;
+BOOL    smtp_enforce_sync      = TRUE;
+BOOL    smtp_etrn_serialize    = TRUE;
+BOOL    smtp_input             = FALSE;
+BOOL    smtp_return_error_details = FALSE;
+#ifdef SUPPORT_SPF
+BOOL    spf_result_guessed     = FALSE;
+#endif
+BOOL    split_spool_directory  = FALSE;
+BOOL    spool_wireformat       = FALSE;
+#ifdef EXPERIMENTAL_SRS_ALT
+BOOL    srs_usehash            = TRUE;
+BOOL    srs_usetimestamp       = TRUE;
+#endif
+BOOL    strict_acl_vars        = FALSE;
+BOOL    strip_excess_angle_brackets = FALSE;
+BOOL    strip_trailing_dot     = FALSE;
+BOOL    syslog_duplication     = TRUE;
+BOOL    syslog_pid             = TRUE;
+BOOL    syslog_timestamp       = TRUE;
+BOOL    system_filter_gid_set  = FALSE;
+BOOL    system_filter_uid_set  = FALSE;
+
+BOOL    tcp_nodelay            = TRUE;
+BOOL    write_rejectlog        = TRUE;
+
+/******************************************************************************/
 
 header_line *acl_added_headers = NULL;
 tree_node *acl_anchor          = NULL;
@@ -262,7 +476,6 @@ uschar *acl_smtp_rcpt          = NULL;
 uschar *acl_smtp_starttls      = NULL;
 uschar *acl_smtp_vrfy          = NULL;
 
-BOOL    acl_temp_details       = FALSE;
 tree_node *acl_var_c           = NULL;
 tree_node *acl_var_m           = NULL;
 uschar *acl_verify_message     = NULL;
@@ -321,9 +534,6 @@ uschar *acl_wherecodes[]       = { US"550",     /* RCPT */
                                   US"0"        /* unknown; not relevant */
                                  };
 
-BOOL    active_local_from_check = FALSE;
-BOOL    active_local_sender_retain = FALSE;
-BOOL    accept_8bitmime        = TRUE; /* deliberately not RFC compliant */
 uschar *add_environment        = NULL;
 address_item  *addr_duplicate  = NULL;
 
@@ -346,7 +556,9 @@ address_item address_defaults = {
   .lc_local_part =     NULL,
   .local_part =                NULL,
   .prefix =            NULL,
+  .prefix_v =          NULL,
   .suffix =            NULL,
+  .suffix_v =          NULL,
   .domain =            NULL,
   .address_retry_key = NULL,
   .domain_retry_key =  NULL,
@@ -359,7 +571,7 @@ address_item address_defaults = {
   .return_filename =   NULL,
   .self_hostname =     NULL,
   .shadow_message =    NULL,
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
   .cipher =            NULL,
   .ourcert =           NULL,
   .peercert =          NULL,
@@ -383,7 +595,7 @@ address_item address_defaults = {
   .localpart_cache =   { 0 },                /* localpart_cache - ditto */
   .mode =              -1,
   .more_errno =                0,
-  .delivery_usec =     0,
+  .delivery_time =     {.tv_sec = 0, .tv_usec = 0},
   .basic_errno =       ERRNO_UNKNOWNERROR,
   .child_count =       0,
   .return_file =       -1,
@@ -396,7 +608,8 @@ address_item address_defaults = {
     .errors_address =  NULL,
     .extra_headers =   NULL,
     .remove_headers =  NULL,
-#ifdef EXPERIMENTAL_SRS
+    .variables =       NULL,
+#ifdef EXPERIMENTAL_SRS_ALT
     .srs_sender =      NULL,
 #endif
     .ignore_error =    FALSE,
@@ -410,17 +623,9 @@ address_item address_defaults = {
 
 uschar *address_file           = NULL;
 uschar *address_pipe           = NULL;
-BOOL    address_test_mode      = FALSE;
 tree_node *addresslist_anchor  = NULL;
 int     addresslist_count      = 0;
 gid_t  *admin_groups           = NULL;
-BOOL    admin_user             = FALSE;
-BOOL    allow_auth_unadvertised= FALSE;
-BOOL    allow_domain_literals  = FALSE;
-BOOL    allow_mx_to_ip         = FALSE;
-BOOL    allow_unqualified_recipient = TRUE;    /* For local messages */
-BOOL    allow_unqualified_sender = TRUE;       /* Reset for SMTP */
-BOOL    allow_utf8_domains     = FALSE;
 
 #ifdef EXPERIMENTAL_ARC
 struct arc_set *arc_received   = NULL;
@@ -433,7 +638,6 @@ const uschar *arc_state_reason      = NULL;
 uschar *authenticated_fail_id  = NULL;
 uschar *authenticated_id       = NULL;
 uschar *authenticated_sender   = NULL;
-BOOL    authentication_failed  = FALSE;
 auth_instance  *auths          = NULL;
 uschar *auth_advertise_hosts   = US"*";
 auth_instance auth_defaults    = {
@@ -457,15 +661,13 @@ auth_instance auth_defaults    = {
 
 uschar *auth_defer_msg         = US"reason not recorded";
 uschar *auth_defer_user_msg    = US"";
-uschar *auth_vars[AUTH_VARS];
+const uschar *auth_vars[AUTH_VARS];
 int     auto_thaw              = 0;
 #ifdef WITH_CONTENT_SCAN
-BOOL    av_failed              = FALSE;
+int     av_failed              = FALSE;        /* boolean but accessed as vtype_int*/
 uschar *av_scanner             = US"sophie:/var/run/sophie";  /* AV scanner */
 #endif
 
-BOOL    background_daemon      = TRUE;
-
 #if BASE_62 == 62
 uschar *base62_chars=
     US"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
@@ -492,9 +694,7 @@ int     body_zerocount         = 0;
 uschar *bounce_message_file    = NULL;
 uschar *bounce_message_text    = NULL;
 uschar *bounce_recipient       = NULL;
-BOOL    bounce_return_body     = TRUE;
 int     bounce_return_linesize_limit = 998;
-BOOL    bounce_return_message  = TRUE;
 int     bounce_return_size_limit = 100*1024;
 uschar *bounce_sender_authentication = NULL;
 
@@ -506,25 +706,25 @@ int     callout_cache_negative_expire = 2*60*60;
 uschar *callout_random_local_part = US"$primary_hostname-$tod_epoch-testing";
 uschar *check_dns_names_pattern= US"(?i)^(?>(?(1)\\.|())[^\\W](?>[a-z0-9/_-]*[^\\W])?)+(\\.?)$";
 int     check_log_inodes       = 100;
-int     check_log_space        = 10*1024;      /* 10K Kbyte == 10MB */
-BOOL    check_rfc2047_length   = TRUE;
+int_eximarith_t check_log_space = 10*1024;     /* 10K Kbyte == 10MB */
 int     check_spool_inodes     = 100;
-int     check_spool_space      = 10*1024;      /* 10K Kbyte == 10MB */
+int_eximarith_t check_spool_space = 10*1024;   /* 10K Kbyte == 10MB */
 
 uschar *chunking_advertise_hosts = US"*";
 unsigned chunking_datasize     = 0;
 unsigned chunking_data_left    = 0;
-BOOL    chunking_offered       = FALSE;
 chunking_state_t chunking_state= CHUNKING_NOT_OFFERED;
-const pcre *regex_CHUNKING     = NULL;
+const pcre2_code *regex_CHUNKING     = NULL;
+
+#ifdef EXPERIMENTAL_ESMTP_LIMITS
+const pcre2_code *regex_LIMITS        = NULL;
+#endif
 
 uschar *client_authenticator   = NULL;
 uschar *client_authenticated_id = NULL;
 uschar *client_authenticated_sender = NULL;
 int     clmacro_count          = 0;
 uschar *clmacros[MAX_CLMACROS];
-BOOL    commandline_checks_require_admin = FALSE;
-BOOL    config_changed         = FALSE;
 FILE   *config_file            = NULL;
 const uschar *config_filename  = NULL;
 int     config_lineno          = 0;
@@ -546,11 +746,17 @@ uid_t   config_uid             = 0;
 
 int     connection_max_messages= -1;
 uschar *continue_proxy_cipher  = NULL;
+BOOL    continue_proxy_dane    = FALSE;
+uschar *continue_proxy_sni     = NULL;
 uschar *continue_hostname      = NULL;
 uschar *continue_host_address  = NULL;
-BOOL    continue_more          = FALSE;
 int     continue_sequence      = 1;
 uschar *continue_transport     = NULL;
+#ifdef EXPERIMENTAL_ESMTP_LIMITS
+unsigned continue_limit_mail   = 0;
+unsigned continue_limit_rcpt   = 0;
+unsigned continue_limit_rcptdom= 0;
+#endif
 
 uschar *csa_status             = NULL;
 cut_t   cutthrough = {
@@ -558,31 +764,31 @@ cut_t   cutthrough = {
   .delivery =          FALSE,                          /* when to attempt */
   .defer_pass =                FALSE,                          /* on defer: spool locally */
   .is_tls =            FALSE,                          /* not a TLS conn yet */
-  .fd =                        -1,                             /* open connection */
+  .cctx =              {.sock = -1},                   /* open connection */
   .nrcpt =             0,                              /* number of addresses */
 };
 
-BOOL    daemon_listen          = FALSE;
+int    daemon_notifier_fd     = -1;
 uschar *daemon_smtp_port       = US"smtp";
 int     daemon_startup_retries = 9;
 int     daemon_startup_sleep   = 30;
 
 #ifdef EXPERIMENTAL_DCC
-BOOL    dcc_direct_add_header  = FALSE;
 uschar *dcc_header             = NULL;
 uschar *dcc_result             = NULL;
 uschar *dccifd_address         = US"/usr/local/dcc/var/dccifd";
 uschar *dccifd_options         = US"header";
 #endif
 
-BOOL    debug_daemon           = FALSE;
 int     debug_fd               = -1;
 FILE   *debug_file             = NULL;
 int     debug_notall[]         = {
   Di_memory,
+  Di_noutf8,
   -1
 };
-bit_table debug_options[]      = { /* must be in alphabetical order */
+bit_table debug_options[]      = { /* must be in alphabetical order and use
+                                only the enum values from macro.h */
   BIT_TABLE(D, acl),
   BIT_TABLE(D, all),
   BIT_TABLE(D, auth),
@@ -601,6 +807,7 @@ bit_table debug_options[]      = { /* must be in alphabetical order */
   BIT_TABLE(D, local_scan),
   BIT_TABLE(D, lookup),
   BIT_TABLE(D, memory),
+  BIT_TABLE(D, noutf8),
   BIT_TABLE(D, pid),
   BIT_TABLE(D, process_info),
   BIT_TABLE(D, queue_run),
@@ -618,7 +825,6 @@ bit_table debug_options[]      = { /* must be in alphabetical order */
 int     debug_options_count    = nelem(debug_options);
 
 unsigned int debug_selector    = 0;
-BOOL    debug_store            = FALSE;
 int     delay_warning[DELAY_WARNING_SIZE] = { DELAY_WARNING_SIZE, 1, 24*60*60 };
 uschar *delay_warning_condition=
   US"${if or {"
@@ -626,17 +832,12 @@ uschar *delay_warning_condition=
             "{ match{$h_precedence:}{(?i)bulk|list|junk} }"
             "{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }"
             "} {no}{yes}}";
-BOOL    delivery_date_remove   = TRUE;
 uschar *deliver_address_data   = NULL;
 int     deliver_datafile       = -1;
 const uschar *deliver_domain   = NULL;
 uschar *deliver_domain_data    = NULL;
 const uschar *deliver_domain_orig = NULL;
 const uschar *deliver_domain_parent = NULL;
-BOOL    deliver_drop_privilege = FALSE;
-BOOL    deliver_firsttime      = FALSE;
-BOOL    deliver_force          = FALSE;
-BOOL    deliver_freeze         = FALSE;
 time_t  deliver_frozen_at      = 0;
 uschar *deliver_home           = NULL;
 const uschar *deliver_host     = NULL;
@@ -649,40 +850,33 @@ uschar *deliver_localpart_data = NULL;
 uschar *deliver_localpart_orig = NULL;
 uschar *deliver_localpart_parent = NULL;
 uschar *deliver_localpart_prefix = NULL;
+uschar *deliver_localpart_prefix_v = NULL;
 uschar *deliver_localpart_suffix = NULL;
-BOOL    deliver_force_thaw     = FALSE;
-BOOL    deliver_manual_thaw    = FALSE;
+uschar *deliver_localpart_suffix_v = NULL;
 uschar *deliver_out_buffer     = NULL;
 int     deliver_queue_load_max = -1;
 address_item  *deliver_recipients = NULL;
 uschar *deliver_selectstring   = NULL;
-BOOL    deliver_selectstring_regex = FALSE;
 uschar *deliver_selectstring_sender = NULL;
-BOOL    deliver_selectstring_sender_regex = FALSE;
-BOOL    disable_callout_flush  = FALSE;
-BOOL    disable_delay_flush    = FALSE;
-#ifdef ENABLE_DISABLE_FSYNC
-BOOL    disable_fsync          = FALSE;
-#endif
-BOOL    disable_ipv6           = FALSE;
-BOOL    disable_logging        = FALSE;
 
 #ifndef DISABLE_DKIM
-BOOL    dkim_collect_input       = FALSE;
+unsigned dkim_collect_input      = 0;
 uschar *dkim_cur_signer          = NULL;
-BOOL    dkim_disable_verify      = FALSE;
 int     dkim_key_length          = 0;
+void   *dkim_signatures                 = NULL;
 uschar *dkim_signers             = NULL;
 uschar *dkim_signing_domain      = NULL;
 uschar *dkim_signing_selector    = NULL;
+uschar *dkim_verify_hashes       = US"sha256:sha512";
+uschar *dkim_verify_keytypes     = US"ed25519:rsa";
+uschar *dkim_verify_min_keysizes = US"rsa=1024 ed25519=250";
+BOOL   dkim_verify_minimal      = FALSE;
 uschar *dkim_verify_overall      = NULL;
 uschar *dkim_verify_signers      = US"$dkim_signers";
 uschar *dkim_verify_status      = NULL;
 uschar *dkim_verify_reason      = NULL;
 #endif
-#ifdef EXPERIMENTAL_DMARC
-BOOL    dmarc_has_been_checked  = FALSE;
-uschar *dmarc_ar_header         = NULL;
+#ifdef SUPPORT_DMARC
 uschar *dmarc_domain_policy     = NULL;
 uschar *dmarc_forensic_sender   = NULL;
 uschar *dmarc_history_file      = NULL;
@@ -690,13 +884,11 @@ uschar *dmarc_status            = NULL;
 uschar *dmarc_status_text       = NULL;
 uschar *dmarc_tld_file          = NULL;
 uschar *dmarc_used_domain       = NULL;
-BOOL    dmarc_disable_verify    = FALSE;
-BOOL    dmarc_enable_forensic   = FALSE;
 #endif
 
 uschar *dns_again_means_nonexist = NULL;
 int     dns_csa_search_limit   = 5;
-BOOL    dns_csa_use_reverse    = TRUE;
+int    dns_cname_loops        = 1;
 #ifdef SUPPORT_DANE
 int     dns_dane_ok            = -1;
 #endif
@@ -712,13 +904,8 @@ uschar *dnslist_text           = NULL;
 uschar *dnslist_value          = NULL;
 tree_node *domainlist_anchor   = NULL;
 int     domainlist_count       = 0;
-BOOL    dont_deliver           = FALSE;
-BOOL    dot_ends               = TRUE;
-BOOL    drop_cr                = FALSE;         /* No longer used */
 uschar *dsn_from               = US DEFAULT_DSN_FROM;
 
-BOOL    enable_dollar_recipients = FALSE;
-BOOL    envelope_to_remove     = TRUE;
 int     errno_quota            = ERRNO_QUOTA;
 uschar *errors_copy            = NULL;
 int     error_handling         = ERRORS_SENDER;
@@ -733,19 +920,15 @@ const uschar *event_name         = NULL;  /* event name variable */
 
 
 gid_t   exim_gid               = EXIM_GID;
-BOOL    exim_gid_set           = TRUE;          /* This gid is always set */
 uschar *exim_path              = US BIN_DIRECTORY "/exim"
                         "\0<---------------Space to patch exim_path->";
 uid_t   exim_uid               = EXIM_UID;
-BOOL    exim_uid_set           = TRUE;          /* This uid is always set */
 int     expand_level          = 0;             /* Nesting depth, indent for debug */
 int     expand_forbid          = 0;
 int     expand_nlength[EXPAND_MAXN+1];
 int     expand_nmax            = -1;
-uschar *expand_nstring[EXPAND_MAXN+1];
-BOOL    expand_string_forcedfail = FALSE;
+const uschar *expand_nstring[EXPAND_MAXN+1];
 uschar *expand_string_message;
-BOOL    extract_addresses_remove_arguments = TRUE;
 uschar *extra_local_interfaces = NULL;
 
 int     fake_response          = OK;
@@ -754,7 +937,6 @@ uschar *fake_response_text     = US"Your message has been rejected but is "
                                    "legitimate message, it may still be "
                                    "delivered to the target recipient(s).";
 int     filter_n[FILTER_VARIABLE_COUNT];
-BOOL    filter_running         = FALSE;
 int     filter_sn[FILTER_VARIABLE_COUNT];
 int     filter_test            = FTEST_NONE;
 uschar *filter_test_sfile      = NULL;
@@ -770,7 +952,11 @@ uschar *gecos_name             = NULL;
 uschar *gecos_pattern          = NULL;
 rewrite_rule  *global_rewrite_rules = NULL;
 
-uschar *headers_charset        = US HEADERS_CHARSET;
+volatile sig_atomic_t had_command_timeout = 0;
+volatile sig_atomic_t had_command_sigterm = 0;
+volatile sig_atomic_t had_data_timeout    = 0;
+volatile sig_atomic_t had_data_sigint     = 0;
+const uschar *headers_charset  = US HEADERS_CHARSET;
 int     header_insert_maxlen   = 64 * 1024;
 header_line  *header_last      = NULL;
 header_line  *header_list      = NULL;
@@ -796,23 +982,15 @@ header_name header_names[] = {
 
 int header_names_size          = nelem(header_names);
 
-BOOL    header_rewritten       = FALSE;
 uschar *helo_accept_junk_hosts = NULL;
 uschar *helo_allow_chars       = US"";
 uschar *helo_lookup_domains    = US"@ : @[]";
 uschar *helo_try_verify_hosts  = NULL;
-BOOL    helo_verified          = FALSE;
-BOOL    helo_verify_failed     = FALSE;
 uschar *helo_verify_hosts      = NULL;
 const uschar *hex_digits       = CUS"0123456789abcdef";
 uschar *hold_domains           = NULL;
-BOOL    host_checking          = FALSE;
-BOOL    host_checking_callout  = FALSE;
 uschar *host_data              = NULL;
-BOOL    host_find_failed_syntax= FALSE;
 uschar *host_lookup            = NULL;
-BOOL    host_lookup_deferred   = FALSE;
-BOOL    host_lookup_failed     = FALSE;
 uschar *host_lookup_order      = US"bydns:byaddr";
 uschar *host_lookup_msg        = US"";
 int     host_number            = 0;
@@ -821,17 +999,15 @@ uschar *host_reject_connection = NULL;
 tree_node *hostlist_anchor     = NULL;
 int     hostlist_count         = 0;
 uschar *hosts_treat_as_local   = NULL;
+uschar *hosts_require_helo     = US"*";
 uschar *hosts_connection_nolog = NULL;
 
 int     ignore_bounce_errors_after = 10*7*24*60*60;  /* 10 weeks */
-BOOL    ignore_fromline_local  = FALSE;
 uschar *ignore_fromline_hosts  = NULL;
-BOOL    inetd_wait_mode        = FALSE;
 int     inetd_wait_timeout     = -1;
 uschar *initial_cwd            = NULL;
 uschar *interface_address      = NULL;
 int     interface_port         = -1;
-BOOL    is_inetd               = FALSE;
 uschar *iterate_item           = NULL;
 
 int     journal_fd             = -1;
@@ -841,9 +1017,10 @@ uschar *keep_environment       = NULL;
 int     keep_malformed         = 4*24*60*60;    /* 4 days */
 
 uschar *eldap_dn               = NULL;
+#ifdef EXPERIMENTAL_ESMTP_LIMITS
+uschar *limits_advertise_hosts = US"*";
+#endif
 int     load_average           = -2;
-BOOL    local_error_message    = FALSE;
-BOOL    local_from_check       = TRUE;
 uschar *local_from_prefix      = NULL;
 uschar *local_from_suffix      = NULL;
 
@@ -853,9 +1030,10 @@ uschar *local_interfaces       = US"<; ::0 ; 0.0.0.0";
 uschar *local_interfaces       = US"0.0.0.0";
 #endif
 
+#ifdef HAVE_LOCAL_SCAN
 uschar *local_scan_data        = NULL;
 int     local_scan_timeout     = 5*60;
-BOOL    local_sender_retain    = FALSE;
+#endif
 gid_t   local_user_gid         = (gid_t)(-1);
 uid_t   local_user_uid         = (uid_t)(-1);
 
@@ -873,13 +1051,18 @@ int     log_default[]          = { /* for initializing log_selector */
   Li_host_lookup_failed,
   Li_lost_incoming_connection,
   Li_outgoing_interface, /* see d_log_interface in deliver.c */
+  Li_msg_id,
   Li_queue_run,
+  Li_queue_time_exclusive,
   Li_rejected_header,
   Li_retry_defer,
   Li_sender_verify_fail,
   Li_size_reject,
   Li_skip_delivery,
   Li_smtp_confirmation,
+#ifdef ALLOW_INSECURE_TAINTED_DATA
+  Li_tainted,
+#endif
   Li_tls_certificate_verified,
   Li_tls_cipher,
   -1
@@ -891,7 +1074,8 @@ uschar *log_file_path          = US LOG_FILE_PATH
 int     log_notall[]           = {
   -1
 };
-bit_table log_options[]        = { /* must be in alphabetical order */
+bit_table log_options[]        = { /* must be in alphabetical order,
+                               with definitions from enum logbit. */
   BIT_TABLE(L, 8bitmime),
   BIT_TABLE(L, acl_warn_skipped),
   BIT_TABLE(L, address_rewrite),
@@ -915,14 +1099,19 @@ bit_table log_options[]        = { /* must be in alphabetical order */
   BIT_TABLE(L, incoming_port),
   BIT_TABLE(L, lost_incoming_connection),
   BIT_TABLE(L, millisec),
+  BIT_TABLE(L, msg_id),
+  BIT_TABLE(L, msg_id_created),
   BIT_TABLE(L, outgoing_interface),
   BIT_TABLE(L, outgoing_port),
   BIT_TABLE(L, pid),
+  BIT_TABLE(L, pipelining),
+  BIT_TABLE(L, protocol_detail),
 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
   BIT_TABLE(L, proxy),
 #endif
   BIT_TABLE(L, queue_run),
   BIT_TABLE(L, queue_time),
+  BIT_TABLE(L, queue_time_exclusive),
   BIT_TABLE(L, queue_time_overall),
   BIT_TABLE(L, receive_time),
   BIT_TABLE(L, received_recipients),
@@ -943,9 +1132,13 @@ bit_table log_options[]        = { /* must be in alphabetical order */
   BIT_TABLE(L, smtp_protocol_error),
   BIT_TABLE(L, smtp_syntax_error),
   BIT_TABLE(L, subject),
+#ifdef ALLOW_INSECURE_TAINTED_DATA
+  BIT_TABLE(L, tainted),
+#endif
   BIT_TABLE(L, tls_certificate_verified),
   BIT_TABLE(L, tls_cipher),
   BIT_TABLE(L, tls_peerdn),
+  BIT_TABLE(L, tls_resumption),
   BIT_TABLE(L, tls_sni),
   BIT_TABLE(L, unknown_in_list),
 };
@@ -955,8 +1148,6 @@ int     log_reject_target      = 0;
 unsigned int log_selector[log_selector_size]; /* initialized in main() */
 uschar *log_selector_string    = NULL;
 FILE   *log_stderr             = NULL;
-BOOL    log_testing_mode       = FALSE;
-BOOL    log_timezone           = FALSE;
 uschar *login_sender_address   = NULL;
 uschar *lookup_dnssec_authenticated = NULL;
 int     lookup_open_max        = 25;
@@ -972,7 +1163,6 @@ int     max_username_length    = 0;
 int     message_age            = 0;
 uschar *message_body           = NULL;
 uschar *message_body_end       = NULL;
-BOOL    message_body_newlines  = FALSE;
 int     message_body_size      = 0;
 int     message_body_visible   = 500;
 int     message_ended          = END_NOTSTARTED;
@@ -980,15 +1170,12 @@ uschar *message_headers        = NULL;
 uschar *message_id;
 uschar *message_id_domain      = NULL;
 uschar *message_id_text        = NULL;
-struct timeval message_id_tv   = { 0, 0 };
 uschar  message_id_option[MESSAGE_ID_LENGTH + 3];
 uschar *message_id_external;
 int     message_linecount      = 0;
-BOOL    message_logs           = TRUE;
 int     message_size           = 0;
 uschar *message_size_limit     = US"50M";
 #ifdef SUPPORT_I18N
-BOOL    message_smtputf8       = FALSE;
 int     message_utf8_downconvert = 0;  /* -1 ifneeded; 0 never; 1 always */
 #endif
 uschar  message_subdir[2]      = { 0, 0 };
@@ -1014,13 +1201,8 @@ int     mime_is_rfc822         = 0;
 int     mime_part_count        = -1;
 #endif
 
-BOOL    mua_wrapper            = FALSE;
-
 uid_t  *never_users            = NULL;
-#ifdef WITH_CONTENT_SCAN
-BOOL    no_mbox_unspool        = FALSE;
-#endif
-BOOL    no_multiline_responses = FALSE;
+uschar *notifier_socket        = US"$spool_directory/" NOTIFIER_SOCKET_NAME ;
 
 const int on                   = 1;    /* for setsockopt */
 const int off                  = 0;
@@ -1033,29 +1215,30 @@ uid_t   originator_uid;
 uschar *override_local_interfaces = NULL;
 uschar *override_pid_file_path = NULL;
 
-BOOL    parse_allow_group      = FALSE;
-BOOL    parse_found_group      = FALSE;
+pcre2_general_context * pcre_gen_ctx = NULL;
+pcre2_compile_context * pcre_cmp_ctx = NULL;
+pcre2_match_context * pcre_mtc_ctx = NULL;
+
 uschar *percent_hack_domains   = NULL;
 uschar *pid_file_path          = US PID_FILE_PATH
                            "\0<--------------Space to patch pid_file_path->";
-BOOL    pipelining_enable      = TRUE;
+#ifndef DISABLE_PIPE_CONNECT
+uschar *pipe_connect_advertise_hosts = US"*";
+#endif
 uschar *pipelining_advertise_hosts = US"*";
-BOOL    preserve_message_logs  = FALSE;
 uschar *primary_hostname       = NULL;
-BOOL    print_topbitchars      = FALSE;
-uschar  process_info[PROCESS_INFO_SIZE];
+uschar *process_info;
 int     process_info_len       = 0;
 uschar *process_log_path       = NULL;
-BOOL    prod_requires_admin    = TRUE;
+const uschar *process_purpose  = US"fresh-exec";
 
 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
-uschar *hosts_proxy            = US"";
-uschar *proxy_external_address = US"";
+uschar *hosts_proxy            = NULL;
+uschar *proxy_external_address = NULL;
 int     proxy_external_port    = 0;
-uschar *proxy_local_address    = US"";
+uschar *proxy_local_address    = NULL;
 int     proxy_local_port       = 0;
-BOOL    proxy_session          = FALSE;
-BOOL    proxy_session_failed   = FALSE;
+int     proxy_protocol_timeout = 3;
 #endif
 
 uschar *prvscheck_address      = NULL;
@@ -1065,29 +1248,20 @@ uschar *prvscheck_result       = NULL;
 
 const uschar *qualify_domain_recipient = NULL;
 uschar *qualify_domain_sender  = NULL;
-BOOL    queue_2stage           = FALSE;
 uschar *queue_domains          = NULL;
 int     queue_interval         = -1;
-BOOL    queue_list_requires_admin = TRUE;
 uschar *queue_name             = US"";
-BOOL    queue_only             = FALSE;
+uschar *queue_name_dest        = NULL;
 uschar *queue_only_file        = NULL;
 int     queue_only_load        = -1;
-BOOL    queue_only_load_latch  = TRUE;
-BOOL    queue_only_override    = TRUE;
-BOOL    queue_only_policy      = FALSE;
-BOOL    queue_run_first_delivery = FALSE;
-BOOL    queue_run_force        = FALSE;
-BOOL    queue_run_in_order     = FALSE;
-BOOL    queue_run_local        = FALSE;
 uschar *queue_run_max          = US"5";
 pid_t   queue_run_pid          = (pid_t)0;
 int     queue_run_pipe         = -1;
-BOOL    queue_running          = FALSE;
-BOOL    queue_smtp             = FALSE;
+unsigned queue_size            = 0;
+time_t  queue_size_next        = 0;
 uschar *queue_smtp_domains     = NULL;
 
-unsigned int random_seed       = 0;
+uint32_t random_seed          = 0;
 tree_node *ratelimiters_cmd    = NULL;
 tree_node *ratelimiters_conn   = NULL;
 tree_node *ratelimiters_mail   = NULL;
@@ -1101,8 +1275,6 @@ int     rcpt_fail_count        = 0;
 int     rcpt_defer_count       = 0;
 gid_t   real_gid;
 uid_t   real_uid;
-BOOL    really_exim            = TRUE;
-BOOL    receive_call_bombout   = FALSE;
 int     receive_linecount      = 0;
 int     receive_messagecount   = 0;
 int     receive_timeout        = 0;
@@ -1115,13 +1287,14 @@ date  will be automatically added on the end. */
 uschar *received_header_text   = US
      "Received: "
      "${if def:sender_rcvhost {from $sender_rcvhost\n\t}"
-     "{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}"
-     "${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
+       "{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}"
+         "${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
      "by $primary_hostname "
-     "${if def:received_protocol {with $received_protocol}} "
-     #ifdef SUPPORT_TLS
-     "${if def:tls_cipher {($tls_cipher)\n\t}}"
-     #endif
+     "${if def:received_protocol {with $received_protocol }}"
+#ifndef DISABLE_TLS
+     "${if def:tls_in_ver        { ($tls_in_ver)}}"
+     "${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}"
+#endif
      "(Exim $version_number)\n\t"
      "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
      "id $message_exim_id"
@@ -1131,27 +1304,28 @@ uschar *received_header_text   = US
 int     received_headers_max   = 30;
 uschar *received_protocol      = NULL;
 struct timeval received_time   = { 0, 0 };
-struct timeval received_time_taken = { 0, 0 };
+struct timeval received_time_complete = { 0, 0 };
 uschar *recipient_data         = NULL;
 uschar *recipient_unqualified_hosts = NULL;
 uschar *recipient_verify_failure = NULL;
 int     recipients_count       = 0;
-BOOL    recipients_discarded   = FALSE;
 recipient_item  *recipients_list = NULL;
 int     recipients_list_max    = 0;
-int     recipients_max         = 0;
-BOOL    recipients_max_reject  = FALSE;
-const pcre *regex_AUTH         = NULL;
-const pcre *regex_check_dns_names = NULL;
-const pcre *regex_From         = NULL;
-const pcre *regex_IGNOREQUOTA  = NULL;
-const pcre *regex_PIPELINING   = NULL;
-const pcre *regex_SIZE         = NULL;
-const pcre *regex_ismsgid      = NULL;
-const pcre *regex_smtp_code    = NULL;
-uschar *regex_vars[REGEX_VARS];
+int     recipients_max         = 50000;
+const pcre2_code *regex_AUTH         = NULL;
+const pcre2_code *regex_check_dns_names = NULL;
+const pcre2_code *regex_From         = NULL;
+const pcre2_code *regex_IGNOREQUOTA  = NULL;
+const pcre2_code *regex_PIPELINING   = NULL;
+const pcre2_code *regex_SIZE         = NULL;
+#ifndef DISABLE_PIPE_CONNECT
+const pcre2_code *regex_EARLY_PIPE   = NULL;
+#endif
+const pcre2_code *regex_ismsgid      = NULL;
+const pcre2_code *regex_smtp_code    = NULL;
+const uschar *regex_vars[REGEX_VARS];
 #ifdef WHITELIST_D_MACROS
-const pcre *regex_whitelisted_macro = NULL;
+const pcre2_code *regex_whitelisted_macro = NULL;
 #endif
 #ifdef WITH_CONTENT_SCAN
 uschar *regex_match_string     = NULL;
@@ -1164,11 +1338,9 @@ int     retry_interval_max     = 24*60*60;
 int     retry_maximum_timeout  = 0;        /* set from retry config */
 retry_config  *retries         = NULL;
 uschar *return_path            = NULL;
-BOOL    return_path_remove     = TRUE;
 int     rewrite_existflags     = 0;
 uschar *rfc1413_hosts          = US"@[]";
 int     rfc1413_query_timeout  = 0;
-/* BOOL    rfc821_domains         = FALSE;  <<< on the way out */
 uid_t   root_gid               = ROOT_GID;
 uid_t   root_uid               = ROOT_UID;
 
@@ -1233,6 +1405,7 @@ router_instance  router_defaults = {
     .retry_use_local_part =    TRUE_UNSET,
     .same_domain_copy_routing =        FALSE,
     .self_rewrite =            FALSE,
+    .set =                     NULL,
     .suffix_optional =         FALSE,
     .verify_only =             FALSE,
     .verify_recipient =                TRUE,
@@ -1250,13 +1423,13 @@ router_instance  router_defaults = {
     .pass_router =             NULL,
     .redirect_router =         NULL,
 
-    .dnssec =                  { NULL, NULL },            /* dnssec_domains {require,request} */
+    .dnssec =                   { .request= US"*", .require=NULL },
 };
 
 uschar *router_name            = NULL;
+tree_node *router_var         = NULL;
 
 ip_address_item *running_interfaces = NULL;
-BOOL    running_in_test_harness = FALSE;
 
 /* This is a weird one. The following string gets patched in the binary by the
 script that sets up a copy of Exim for running in the test harness. It seems
@@ -1271,64 +1444,52 @@ uschar *running_status         = US">>>running<<<" "\0EXTRA";
 int     runrc                  = 0;
 
 uschar *search_error_message   = NULL;
-BOOL    search_find_defer      = FALSE;
 uschar *self_hostname          = NULL;
 uschar *sender_address         = NULL;
 unsigned int sender_address_cache[(MAX_NAMED_LIST * 2)/32];
 uschar *sender_address_data    = NULL;
-BOOL    sender_address_forced  = FALSE;
 uschar *sender_address_unrewritten = NULL;
 uschar *sender_data            = NULL;
 unsigned int sender_domain_cache[(MAX_NAMED_LIST * 2)/32];
 uschar *sender_fullhost        = NULL;
-BOOL    sender_helo_dnssec     = FALSE;
 uschar *sender_helo_name       = NULL;
 uschar **sender_host_aliases   = &no_aliases;
 uschar *sender_host_address    = NULL;
 uschar *sender_host_authenticated = NULL;
 uschar *sender_host_auth_pubname  = NULL;
 unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32];
-BOOL    sender_host_dnssec     = FALSE;
 uschar *sender_host_name       = NULL;
 int     sender_host_port       = 0;
-BOOL    sender_host_notsocket  = FALSE;
-BOOL    sender_host_unknown    = FALSE;
 uschar *sender_ident           = NULL;
-BOOL    sender_local           = FALSE;
-BOOL    sender_name_forced     = FALSE;
 uschar *sender_rate            = NULL;
 uschar *sender_rate_limit      = NULL;
 uschar *sender_rate_period     = NULL;
 uschar *sender_rcvhost         = NULL;
-BOOL    sender_set_untrusted   = FALSE;
 uschar *sender_unqualified_hosts = NULL;
 uschar *sender_verify_failure = NULL;
 address_item *sender_verified_list  = NULL;
 address_item *sender_verified_failed = NULL;
 int     sender_verified_rc     = -1;
-BOOL    sender_verified_responded = FALSE;
 uschar *sending_ip_address     = NULL;
 int     sending_port           = -1;
 SIGNAL_BOOL sigalrm_seen       = FALSE;
+const uschar *sigalarm_setter  = NULL;
 uschar **sighup_argv           = NULL;
 int     slow_lookup_log        = 0;    /* millisecs, zero disables */
 int     smtp_accept_count      = 0;
-BOOL    smtp_accept_keepalive  = TRUE;
 int     smtp_accept_max        = 20;
 int     smtp_accept_max_nonmail= 10;
 uschar *smtp_accept_max_nonmail_hosts = US"*";
-int     smtp_accept_max_per_connection = 1000;
+uschar *smtp_accept_max_per_connection = US"1000";
 uschar *smtp_accept_max_per_host = NULL;
 int     smtp_accept_queue      = 0;
 int     smtp_accept_queue_per_connection = 10;
 int     smtp_accept_reserve    = 0;
 uschar *smtp_active_hostname   = NULL;
-BOOL    smtp_authenticated     = FALSE;
+int    smtp_backlog_monitor   = 0;
 uschar *smtp_banner            = US"$smtp_active_hostname ESMTP "
                              "Exim $version_number $tod_full"
                              "\0<---------------Space to patch smtp_banner->";
-BOOL    smtp_batched_input     = FALSE;
-BOOL    smtp_check_spool_space = TRUE;
 int     smtp_ch_index          = 0;
 uschar *smtp_cmd_argument      = NULL;
 uschar *smtp_cmd_buffer        = NULL;
@@ -1337,17 +1498,18 @@ uschar  smtp_connection_had[SMTP_HBUFF_SIZE];
 int     smtp_connect_backlog   = 20;
 double  smtp_delay_mail        = 0.0;
 double  smtp_delay_rcpt        = 0.0;
-BOOL    smtp_enforce_sync      = TRUE;
 FILE   *smtp_in                = NULL;
-BOOL    smtp_input             = FALSE;
+int     smtp_listen_backlog    = 0;
 int     smtp_load_reserve      = -1;
 int     smtp_mailcmd_count     = 0;
+int     smtp_mailcmd_max       = -1;
 FILE   *smtp_out               = NULL;
 uschar *smtp_etrn_command      = NULL;
-BOOL    smtp_etrn_serialize    = TRUE;
 int     smtp_max_synprot_errors= 3;
 int     smtp_max_unknown_commands = 3;
 uschar *smtp_notquit_reason    = NULL;
+unsigned smtp_peer_options     = 0;
+unsigned smtp_peer_options_wrap= 0;
 uschar *smtp_ratelimit_hosts   = NULL;
 uschar *smtp_ratelimit_mail    = NULL;
 uschar *smtp_ratelimit_rcpt    = NULL;
@@ -1355,7 +1517,6 @@ uschar *smtp_read_error        = US"";
 int     smtp_receive_timeout   = 5*60;
 uschar *smtp_receive_timeout_s = NULL;
 uschar *smtp_reserve_hosts     = NULL;
-BOOL    smtp_return_error_details = FALSE;
 int     smtp_rlm_base          = 0;
 double  smtp_rlm_factor        = 0.0;
 int     smtp_rlm_limit         = 0;
@@ -1364,8 +1525,6 @@ int     smtp_rlr_base          = 0;
 double  smtp_rlr_factor        = 0.0;
 int     smtp_rlr_limit         = 0;
 int     smtp_rlr_threshold     = INT_MAX;
-unsigned smtp_peer_options     = 0;
-unsigned smtp_peer_options_wrap= 0;
 #ifdef SUPPORT_I18N
 uschar *smtputf8_advertise_hosts = US"*";      /* overridden under test-harness */
 #endif
@@ -1384,14 +1543,16 @@ uschar *spf_header_comment     = NULL;
 uschar *spf_received           = NULL;
 uschar *spf_result             = NULL;
 uschar *spf_smtp_comment       = NULL;
+uschar *spf_smtp_comment_template
+                    /* Used to be: "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}" */
+                               = US"Please%_see%_http://www.open-spf.org/Why";
+
 #endif
 
-BOOL    split_spool_directory  = FALSE;
+FILE   *spool_data_file               = NULL;
 uschar *spool_directory        = US SPOOL_DIRECTORY
                            "\0<--------------Space to patch spool_directory->";
-BOOL    spool_file_wireformat  = FALSE;
-BOOL    spool_wireformat       = FALSE;
-#ifdef EXPERIMENTAL_SRS
+#ifdef EXPERIMENTAL_SRS_ALT
 uschar *srs_config             = NULL;
 uschar *srs_db_address         = NULL;
 uschar *srs_db_key             = NULL;
@@ -1403,26 +1564,17 @@ uschar *srs_orig_sender        = NULL;
 uschar *srs_recipient          = NULL;
 uschar *srs_secrets            = NULL;
 uschar *srs_status             = NULL;
-BOOL    srs_usehash            = TRUE;
-BOOL    srs_usetimestamp       = TRUE;
 #endif
-BOOL    strict_acl_vars        = FALSE;
+#ifdef SUPPORT_SRS
+uschar *srs_recipient          = NULL;
+#endif
 int     string_datestamp_offset= -1;
 int     string_datestamp_length= 0;
 int     string_datestamp_type  = -1;
-BOOL    strip_excess_angle_brackets = FALSE;
-BOOL    strip_trailing_dot     = FALSE;
-uschar *submission_domain      = NULL;
-BOOL    submission_mode        = FALSE;
-uschar *submission_name        = NULL;
-BOOL    suppress_local_fixups  = FALSE;
-BOOL    suppress_local_fixups_default = FALSE;
-BOOL    synchronous_delivery   = FALSE;
-BOOL    syslog_duplication     = TRUE;
+const uschar *submission_domain = NULL;
+const uschar *submission_name  = NULL;
 int     syslog_facility        = LOG_MAIL;
-BOOL    syslog_pid             = TRUE;
 uschar *syslog_processname     = US"exim";
-BOOL    syslog_timestamp       = TRUE;
 uschar *system_filter          = NULL;
 
 uschar *system_filter_directory_transport = NULL;
@@ -1431,83 +1583,33 @@ uschar *system_filter_pipe_transport = NULL;
 uschar *system_filter_reply_transport = NULL;
 
 gid_t   system_filter_gid      = 0;
-BOOL    system_filter_gid_set  = FALSE;
 uid_t   system_filter_uid      = (uid_t)-1;
-BOOL    system_filter_uid_set  = FALSE;
-BOOL    system_filtering       = FALSE;
 
-BOOL    tcp_fastopen_ok        = FALSE;
 blob   tcp_fastopen_nodata    = { .data = NULL, .len = 0 };
-BOOL    tcp_in_fastopen        = FALSE;
-BOOL    tcp_in_fastopen_logged = FALSE;
-BOOL    tcp_nodelay            = TRUE;
-int     tcp_out_fastopen       = 0;
-BOOL    tcp_out_fastopen_logged= FALSE;
+tfo_state_t tcp_out_fastopen   = TFO_NOT_USED;
 #ifdef USE_TCP_WRAPPERS
 uschar *tcp_wrappers_daemon_name = US TCP_WRAPPERS_DAEMON_NAME;
 #endif
 int     test_harness_load_avg  = 0;
 int     thismessage_size_limit = 0;
 int     timeout_frozen_after   = 0;
-BOOL    timestamps_utc         = FALSE;
+#ifdef MEASURE_TIMING
+struct timeval timestamp_startup;
+#endif
 
 transport_instance  *transports = NULL;
 
 transport_instance  transport_defaults = {
-    .next =                    NULL,
-    .name =                    NULL,
-    .info =                    NULL,
-    .options_block =           NULL,
-    .driver_name =             NULL,
-    .setup =                   NULL,
+    /* All non-mentioned elements zero/NULL/FALSE */
     .batch_max =               1,
-    .batch_id =                        NULL,
-    .home_dir =                        NULL,
-    .current_dir =             NULL,
-    .expand_multi_domain =     NULL,
     .multi_domain =            TRUE,
-    .overrides_hosts =         FALSE,
     .max_addresses =           100,
     .connection_max_messages = 500,
-    .deliver_as_creator =      FALSE,
-    .disable_logging =         FALSE,
-    .initgroups =              FALSE,
-    .uid_set =                 FALSE,
-    .gid_set =                 FALSE,
     .uid =                     (uid_t)(-1),
     .gid =                     (gid_t)(-1),
-    .expand_uid =              NULL,
-    .expand_gid =              NULL,
-    .warn_message =            NULL,
-    .shadow =                  NULL,
-    .shadow_condition =                NULL,
-    .filter_command =          NULL,
-    .add_headers =             NULL,
-    .remove_headers =          NULL,
-    .return_path =             NULL,
-    .debug_string =            NULL,
-    .max_parallel =            NULL,
-    .message_size_limit =      NULL,
-    .headers_rewrite =         NULL,
-    .rewrite_rules =           NULL,
-    .rewrite_existflags =      0,
     .filter_timeout =          300,
-    .body_only =               FALSE,
-    .delivery_date_add =       FALSE,
-    .envelope_to_add =         FALSE,
-    .headers_only =            FALSE,
-    .rcpt_include_affixes =    FALSE,
-    .return_path_add =         FALSE,
-    .return_output =           FALSE,
-    .return_fail_output =      FALSE,
-    .log_output =              FALSE,
-    .log_fail_output =         FALSE,
-    .log_defer_output =                FALSE,
     .retry_use_local_part =    TRUE_UNSET,     /* retry_use_local_part: BOOL, but set neither
                                                 1 nor 0 so can detect unset */
-#ifndef DISABLE_EVENT
-   .event_action =             NULL
-#endif
 };
 
 int     transport_count;
@@ -1515,7 +1617,6 @@ uschar *transport_name          = NULL;
 int     transport_newlines;
 const uschar **transport_filter_argv  = NULL;
 int     transport_filter_timeout;
-BOOL    transport_filter_timed_out = FALSE;
 int     transport_write_timeout= 0;
 
 tree_node  *tree_dns_fails     = NULL;
@@ -1523,8 +1624,6 @@ tree_node  *tree_duplicates    = NULL;
 tree_node  *tree_nonrecipients = NULL;
 tree_node  *tree_unusable      = NULL;
 
-BOOL    trusted_caller         = FALSE;
-BOOL    trusted_config         = TRUE;
 gid_t  *trusted_groups         = NULL;
 uid_t  *trusted_users          = NULL;
 uschar *timezone_string        = US TIMEZONE_DEFAULT;
@@ -1561,7 +1660,7 @@ uschar *uucp_from_sender       = US"$1";
 uschar *verify_mode           = NULL;
 uschar *version_copyright      =
  US"Copyright (c) University of Cambridge, 1995 - 2018\n"
-   "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017";
+   "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2020";
 uschar *version_date           = US"?";
 uschar *version_cnumber        = US"????";
 uschar *version_string         = US"?";
@@ -1570,7 +1669,6 @@ uschar *warn_message_file      = NULL;
 int     warning_count          = 0;
 uschar *warnmsg_delay          = NULL;
 uschar *warnmsg_recipients     = NULL;
-BOOL    write_rejectlog        = TRUE;
 
 
 /*  End of globals.c */