Do not close the (main)_log, if we do not see a chance to open it again.
[exim.git] / src / src / globals.c
index 8dd8191efe7c308b78311621c8c9d5690da17711..9e68aaca81a065f0a178e9c63f5aad380fb894f2 100644 (file)
@@ -3,6 +3,7 @@
 *************************************************/
 
 /* Copyright (c) University of Cambridge 1995 - 2018 */
 *************************************************/
 
 /* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* All the global variables are defined together in this one module, so
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* All the global variables are defined together in this one module, so
@@ -16,23 +17,23 @@ data blocks and hence have the opt_public flag set. */
 
 optionlist optionlist_auths[] = {
   { "client_condition", opt_stringptr | opt_public,
 
 optionlist optionlist_auths[] = {
   { "client_condition", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, client_condition)) },
+                 OPT_OFF(auth_instance, client_condition) },
   { "client_set_id", opt_stringptr | opt_public,
   { "client_set_id", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, set_client_id)) },
+                 OPT_OFF(auth_instance, set_client_id) },
   { "driver",        opt_stringptr | opt_public,
   { "driver",        opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, driver_name)) },
+                 OPT_OFF(auth_instance, driver_name) },
   { "public_name",   opt_stringptr | opt_public,
   { "public_name",   opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, public_name)) },
+                 OPT_OFF(auth_instance, public_name) },
   { "server_advertise_condition", opt_stringptr | opt_public,
   { "server_advertise_condition", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, advertise_condition))},
+                 OPT_OFF(auth_instance, advertise_condition)},
   { "server_condition", opt_stringptr | opt_public,
   { "server_condition", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, server_condition)) },
+                 OPT_OFF(auth_instance, server_condition) },
   { "server_debug_print", opt_stringptr | opt_public,
   { "server_debug_print", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, server_debug_string)) },
+                 OPT_OFF(auth_instance, server_debug_string) },
   { "server_mail_auth_condition", opt_stringptr | opt_public,
   { "server_mail_auth_condition", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, mail_auth_condition)) },
+                 OPT_OFF(auth_instance, mail_auth_condition) },
   { "server_set_id", opt_stringptr | opt_public,
   { "server_set_id", opt_stringptr | opt_public,
-                 (void *)(offsetof(auth_instance, set_id)) }
+                 OPT_OFF(auth_instance, set_id) }
 };
 
 int     optionlist_auths_size = nelem(optionlist_auths);
 };
 
 int     optionlist_auths_size = nelem(optionlist_auths);
@@ -89,6 +90,7 @@ uschar *redis_servers          = NULL;
 #endif
 
 #ifdef LOOKUP_SQLITE
 #endif
 
 #ifdef LOOKUP_SQLITE
+uschar *sqlite_dbfile         = NULL;
 int     sqlite_lock_timeout    = 5;
 #endif
 
 int     sqlite_lock_timeout    = 5;
 #endif
 
@@ -96,44 +98,22 @@ int     sqlite_lock_timeout    = 5;
 BOOL    move_frozen_messages   = FALSE;
 #endif
 
 BOOL    move_frozen_messages   = FALSE;
 #endif
 
+#ifdef ALLOW_INSECURE_TAINTED_DATA
+BOOL    allow_insecure_tainted_data = FALSE;
+#endif
+
 /* These variables are outside the #ifdef because it keeps the code less
 cluttered in several places (e.g. during logging) if we can always refer to
 them. Also, the tls_ variables are now always visible.  Note that these are
 only used for smtp connections, not for service-daemon access. */
 
 tls_support tls_in = {
 /* These variables are outside the #ifdef because it keeps the code less
 cluttered in several places (e.g. during logging) if we can always refer to
 them. Also, the tls_ variables are now always visible.  Note that these are
 only used for smtp connections, not for service-daemon access. */
 
 tls_support tls_in = {
- .active =             {.sock = -1},
- .bits =               0,
- .certificate_verified = FALSE,
-#ifdef SUPPORT_DANE
- .dane_verified =      FALSE,
- .tlsa_usage =         0,
-#endif
- .cipher =             NULL,
- .on_connect =         FALSE,
- .on_connect_ports =   NULL,
- .ourcert =            NULL,
- .peercert =           NULL,
- .peerdn =             NULL,
- .sni =                        NULL,
- .ocsp =               OCSP_NOT_REQ
+ .active =             {.sock = -1}
+ /* all other elements zero */
 };
 tls_support tls_out = {
  .active =             {.sock = -1},
 };
 tls_support tls_out = {
  .active =             {.sock = -1},
- .bits =               0,
- .certificate_verified = FALSE,
-#ifdef SUPPORT_DANE
- .dane_verified =      FALSE,
- .tlsa_usage =         0,
-#endif
- .cipher =             NULL,
- .on_connect =         FALSE,
- .on_connect_ports =   NULL,
- .ourcert =            NULL,
- .peercert =           NULL,
- .peerdn =             NULL,
- .sni =                        NULL,
- .ocsp =               OCSP_NOT_REQ
+ /* all other elements zero */
 };
 
 uschar *dsn_envid              = NULL;
 };
 
 uschar *dsn_envid              = NULL;
@@ -141,7 +121,7 @@ int     dsn_ret                = 0;
 const pcre  *regex_DSN         = NULL;
 uschar *dsn_advertise_hosts    = NULL;
 
 const pcre  *regex_DSN         = NULL;
 uschar *dsn_advertise_hosts    = NULL;
 
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
 BOOL    gnutls_compat_mode     = FALSE;
 BOOL    gnutls_allow_auto_pkcs11 = FALSE;
 uschar *openssl_options        = NULL;
 BOOL    gnutls_compat_mode     = FALSE;
 BOOL    gnutls_allow_auto_pkcs11 = FALSE;
 uschar *openssl_options        = NULL;
@@ -161,15 +141,19 @@ uschar *tls_ocsp_file          = NULL;
 uschar *tls_privatekey         = NULL;
 BOOL    tls_remember_esmtp     = FALSE;
 uschar *tls_require_ciphers    = NULL;
 uschar *tls_privatekey         = NULL;
 BOOL    tls_remember_esmtp     = FALSE;
 uschar *tls_require_ciphers    = NULL;
-# ifdef EXPERIMENTAL_REQUIRETLS
-uschar  tls_requiretls         = 0;    /* REQUIRETLS_MSG etc. bit #defines */
-uschar *tls_advertise_requiretls = US"*";
-const pcre *regex_REQUIRETLS   = NULL;
+# ifndef DISABLE_TLS_RESUME
+uschar *tls_resumption_hosts   = NULL;
 # endif
 uschar *tls_try_verify_hosts   = NULL;
 # endif
 uschar *tls_try_verify_hosts   = NULL;
+#if defined(SUPPORT_SYSDEFAULT_CABUNDLE) || !defined(USE_GNUTLS)
 uschar *tls_verify_certificates= US"system";
 uschar *tls_verify_certificates= US"system";
+#else
+uschar *tls_verify_certificates= NULL;
+#endif
 uschar *tls_verify_hosts       = NULL;
 uschar *tls_verify_hosts       = NULL;
-#else  /*!SUPPORT_TLS*/
+int     tls_watch_fd          = -1;
+time_t  tls_watch_trigger_time = (time_t)0;
+#else  /*DISABLE_TLS*/
 uschar *tls_advertise_hosts    = NULL;
 #endif
 
 uschar *tls_advertise_hosts    = NULL;
 #endif
 
@@ -247,6 +231,7 @@ struct global_flags f =
        .authentication_local   = FALSE,
 
        .background_daemon      = TRUE,
        .authentication_local   = FALSE,
 
        .background_daemon      = TRUE,
+       .bdat_readers_wanted    = FALSE,
 
        .chunking_offered       = FALSE,
        .config_changed         = FALSE,
 
        .chunking_offered       = FALSE,
        .config_changed         = FALSE,
@@ -266,8 +251,9 @@ struct global_flags f =
        .disable_logging        = FALSE,
 #ifndef DISABLE_DKIM
        .dkim_disable_verify      = FALSE,
        .disable_logging        = FALSE,
 #ifndef DISABLE_DKIM
        .dkim_disable_verify      = FALSE,
+       .dkim_init_done           = FALSE,
 #endif
 #endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
        .dmarc_has_been_checked  = FALSE,
        .dmarc_disable_verify    = FALSE,
        .dmarc_enable_forensic   = FALSE,
        .dmarc_has_been_checked  = FALSE,
        .dmarc_disable_verify    = FALSE,
        .dmarc_enable_forensic   = FALSE,
@@ -325,8 +311,14 @@ struct global_flags f =
        .sender_name_forced     = FALSE,
        .sender_set_untrusted   = FALSE,
        .smtp_authenticated     = FALSE,
        .sender_name_forced     = FALSE,
        .sender_set_untrusted   = FALSE,
        .smtp_authenticated     = FALSE,
+#ifndef DISABLE_PIPE_CONNECT
+       .smtp_in_early_pipe_advertised = FALSE,
+       .smtp_in_early_pipe_no_auth = FALSE,
+       .smtp_in_early_pipe_used = FALSE,
+#endif
        .smtp_in_pipelining_advertised = FALSE,
        .smtp_in_pipelining_used = FALSE,
        .smtp_in_pipelining_advertised = FALSE,
        .smtp_in_pipelining_used = FALSE,
+       .smtp_in_quit           = FALSE,
        .spool_file_wireformat  = FALSE,
        .submission_mode        = FALSE,
        .suppress_local_fixups  = FALSE,
        .spool_file_wireformat  = FALSE,
        .submission_mode        = FALSE,
        .suppress_local_fixups  = FALSE,
@@ -334,8 +326,11 @@ struct global_flags f =
        .synchronous_delivery   = FALSE,
        .system_filtering       = FALSE,
 
        .synchronous_delivery   = FALSE,
        .system_filtering       = FALSE,
 
+       .taint_check_slow       = FALSE,
+       .testsuite_delays       = TRUE,
        .tcp_fastopen_ok        = FALSE,
        .tcp_in_fastopen        = FALSE,
        .tcp_fastopen_ok        = FALSE,
        .tcp_in_fastopen        = FALSE,
+       .tcp_in_fastopen_data   = FALSE,
        .tcp_in_fastopen_logged = FALSE,
        .tcp_out_fastopen_logged= FALSE,
        .timestamps_utc         = FALSE,
        .tcp_in_fastopen_logged = FALSE,
        .tcp_out_fastopen_logged= FALSE,
        .timestamps_utc         = FALSE,
@@ -399,6 +394,9 @@ BOOL    prod_requires_admin    = TRUE;
 BOOL    proxy_session          = FALSE;
 #endif
 
 BOOL    proxy_session          = FALSE;
 #endif
 
+#ifndef DISABLE_QUEUE_RAMP
+BOOL    queue_fast_ramp                = FALSE;
+#endif
 BOOL    queue_list_requires_admin = TRUE;
 BOOL    queue_only             = FALSE;
 BOOL    queue_only_load_latch  = TRUE;
 BOOL    queue_list_requires_admin = TRUE;
 BOOL    queue_only             = FALSE;
 BOOL    queue_only_load_latch  = TRUE;
@@ -421,7 +419,7 @@ BOOL    spf_result_guessed     = FALSE;
 #endif
 BOOL    split_spool_directory  = FALSE;
 BOOL    spool_wireformat       = FALSE;
 #endif
 BOOL    split_spool_directory  = FALSE;
 BOOL    spool_wireformat       = FALSE;
-#ifdef EXPERIMENTAL_SRS
+#ifdef EXPERIMENTAL_SRS_ALT
 BOOL    srs_usehash            = TRUE;
 BOOL    srs_usetimestamp       = TRUE;
 #endif
 BOOL    srs_usehash            = TRUE;
 BOOL    srs_usetimestamp       = TRUE;
 #endif
@@ -557,7 +555,9 @@ address_item address_defaults = {
   .lc_local_part =     NULL,
   .local_part =                NULL,
   .prefix =            NULL,
   .lc_local_part =     NULL,
   .local_part =                NULL,
   .prefix =            NULL,
+  .prefix_v =          NULL,
   .suffix =            NULL,
   .suffix =            NULL,
+  .suffix_v =          NULL,
   .domain =            NULL,
   .address_retry_key = NULL,
   .domain_retry_key =  NULL,
   .domain =            NULL,
   .address_retry_key = NULL,
   .domain_retry_key =  NULL,
@@ -570,7 +570,7 @@ address_item address_defaults = {
   .return_filename =   NULL,
   .self_hostname =     NULL,
   .shadow_message =    NULL,
   .return_filename =   NULL,
   .self_hostname =     NULL,
   .shadow_message =    NULL,
-#ifdef SUPPORT_TLS
+#ifndef DISABLE_TLS
   .cipher =            NULL,
   .ourcert =           NULL,
   .peercert =          NULL,
   .cipher =            NULL,
   .ourcert =           NULL,
   .peercert =          NULL,
@@ -594,7 +594,7 @@ address_item address_defaults = {
   .localpart_cache =   { 0 },                /* localpart_cache - ditto */
   .mode =              -1,
   .more_errno =                0,
   .localpart_cache =   { 0 },                /* localpart_cache - ditto */
   .mode =              -1,
   .more_errno =                0,
-  .delivery_usec =     0,
+  .delivery_time =     {.tv_sec = 0, .tv_usec = 0},
   .basic_errno =       ERRNO_UNKNOWNERROR,
   .child_count =       0,
   .return_file =       -1,
   .basic_errno =       ERRNO_UNKNOWNERROR,
   .child_count =       0,
   .return_file =       -1,
@@ -607,7 +607,8 @@ address_item address_defaults = {
     .errors_address =  NULL,
     .extra_headers =   NULL,
     .remove_headers =  NULL,
     .errors_address =  NULL,
     .extra_headers =   NULL,
     .remove_headers =  NULL,
-#ifdef EXPERIMENTAL_SRS
+    .variables =       NULL,
+#ifdef EXPERIMENTAL_SRS_ALT
     .srs_sender =      NULL,
 #endif
     .ignore_error =    FALSE,
     .srs_sender =      NULL,
 #endif
     .ignore_error =    FALSE,
@@ -714,6 +715,10 @@ unsigned chunking_data_left    = 0;
 chunking_state_t chunking_state= CHUNKING_NOT_OFFERED;
 const pcre *regex_CHUNKING     = NULL;
 
 chunking_state_t chunking_state= CHUNKING_NOT_OFFERED;
 const pcre *regex_CHUNKING     = NULL;
 
+#ifdef EXPERIMENTAL_ESMTP_LIMITS
+const pcre *regex_LIMITS        = NULL;
+#endif
+
 uschar *client_authenticator   = NULL;
 uschar *client_authenticated_id = NULL;
 uschar *client_authenticated_sender = NULL;
 uschar *client_authenticator   = NULL;
 uschar *client_authenticated_id = NULL;
 uschar *client_authenticated_sender = NULL;
@@ -740,10 +745,17 @@ uid_t   config_uid             = 0;
 
 int     connection_max_messages= -1;
 uschar *continue_proxy_cipher  = NULL;
 
 int     connection_max_messages= -1;
 uschar *continue_proxy_cipher  = NULL;
+BOOL    continue_proxy_dane    = FALSE;
+uschar *continue_proxy_sni     = NULL;
 uschar *continue_hostname      = NULL;
 uschar *continue_host_address  = NULL;
 int     continue_sequence      = 1;
 uschar *continue_transport     = NULL;
 uschar *continue_hostname      = NULL;
 uschar *continue_host_address  = NULL;
 int     continue_sequence      = 1;
 uschar *continue_transport     = NULL;
+#ifdef EXPERIMENTAL_ESMTP_LIMITS
+unsigned continue_limit_mail   = 0;
+unsigned continue_limit_rcpt   = 0;
+unsigned continue_limit_rcptdom= 0;
+#endif
 
 uschar *csa_status             = NULL;
 cut_t   cutthrough = {
 
 uschar *csa_status             = NULL;
 cut_t   cutthrough = {
@@ -755,6 +767,7 @@ cut_t   cutthrough = {
   .nrcpt =             0,                              /* number of addresses */
 };
 
   .nrcpt =             0,                              /* number of addresses */
 };
 
+int    daemon_notifier_fd     = -1;
 uschar *daemon_smtp_port       = US"smtp";
 int     daemon_startup_retries = 9;
 int     daemon_startup_sleep   = 30;
 uschar *daemon_smtp_port       = US"smtp";
 int     daemon_startup_retries = 9;
 int     daemon_startup_sleep   = 30;
@@ -836,7 +849,9 @@ uschar *deliver_localpart_data = NULL;
 uschar *deliver_localpart_orig = NULL;
 uschar *deliver_localpart_parent = NULL;
 uschar *deliver_localpart_prefix = NULL;
 uschar *deliver_localpart_orig = NULL;
 uschar *deliver_localpart_parent = NULL;
 uschar *deliver_localpart_prefix = NULL;
+uschar *deliver_localpart_prefix_v = NULL;
 uschar *deliver_localpart_suffix = NULL;
 uschar *deliver_localpart_suffix = NULL;
+uschar *deliver_localpart_suffix_v = NULL;
 uschar *deliver_out_buffer     = NULL;
 int     deliver_queue_load_max = -1;
 address_item  *deliver_recipients = NULL;
 uschar *deliver_out_buffer     = NULL;
 int     deliver_queue_load_max = -1;
 address_item  *deliver_recipients = NULL;
@@ -851,12 +866,16 @@ void   *dkim_signatures            = NULL;
 uschar *dkim_signers             = NULL;
 uschar *dkim_signing_domain      = NULL;
 uschar *dkim_signing_selector    = NULL;
 uschar *dkim_signers             = NULL;
 uschar *dkim_signing_domain      = NULL;
 uschar *dkim_signing_selector    = NULL;
+uschar *dkim_verify_hashes       = US"sha256:sha512";
+uschar *dkim_verify_keytypes     = US"ed25519:rsa";
+uschar *dkim_verify_min_keysizes = US"rsa=1024 ed25519=250";
+BOOL   dkim_verify_minimal      = FALSE;
 uschar *dkim_verify_overall      = NULL;
 uschar *dkim_verify_signers      = US"$dkim_signers";
 uschar *dkim_verify_status      = NULL;
 uschar *dkim_verify_reason      = NULL;
 #endif
 uschar *dkim_verify_overall      = NULL;
 uschar *dkim_verify_signers      = US"$dkim_signers";
 uschar *dkim_verify_status      = NULL;
 uschar *dkim_verify_reason      = NULL;
 #endif
-#ifdef EXPERIMENTAL_DMARC
+#ifdef SUPPORT_DMARC
 uschar *dmarc_domain_policy     = NULL;
 uschar *dmarc_forensic_sender   = NULL;
 uschar *dmarc_history_file      = NULL;
 uschar *dmarc_domain_policy     = NULL;
 uschar *dmarc_forensic_sender   = NULL;
 uschar *dmarc_history_file      = NULL;
@@ -979,6 +998,7 @@ uschar *host_reject_connection = NULL;
 tree_node *hostlist_anchor     = NULL;
 int     hostlist_count         = 0;
 uschar *hosts_treat_as_local   = NULL;
 tree_node *hostlist_anchor     = NULL;
 int     hostlist_count         = 0;
 uschar *hosts_treat_as_local   = NULL;
+uschar *hosts_require_helo     = US"*";
 uschar *hosts_connection_nolog = NULL;
 
 int     ignore_bounce_errors_after = 10*7*24*60*60;  /* 10 weeks */
 uschar *hosts_connection_nolog = NULL;
 
 int     ignore_bounce_errors_after = 10*7*24*60*60;  /* 10 weeks */
@@ -996,6 +1016,9 @@ uschar *keep_environment       = NULL;
 int     keep_malformed         = 4*24*60*60;    /* 4 days */
 
 uschar *eldap_dn               = NULL;
 int     keep_malformed         = 4*24*60*60;    /* 4 days */
 
 uschar *eldap_dn               = NULL;
+#ifdef EXPERIMENTAL_ESMTP_LIMITS
+uschar *limits_advertise_hosts = US"*";
+#endif
 int     load_average           = -2;
 uschar *local_from_prefix      = NULL;
 uschar *local_from_suffix      = NULL;
 int     load_average           = -2;
 uschar *local_from_prefix      = NULL;
 uschar *local_from_suffix      = NULL;
@@ -1027,13 +1050,18 @@ int     log_default[]          = { /* for initializing log_selector */
   Li_host_lookup_failed,
   Li_lost_incoming_connection,
   Li_outgoing_interface, /* see d_log_interface in deliver.c */
   Li_host_lookup_failed,
   Li_lost_incoming_connection,
   Li_outgoing_interface, /* see d_log_interface in deliver.c */
+  Li_msg_id,
   Li_queue_run,
   Li_queue_run,
+  Li_queue_time_exclusive,
   Li_rejected_header,
   Li_retry_defer,
   Li_sender_verify_fail,
   Li_size_reject,
   Li_skip_delivery,
   Li_smtp_confirmation,
   Li_rejected_header,
   Li_retry_defer,
   Li_sender_verify_fail,
   Li_size_reject,
   Li_skip_delivery,
   Li_smtp_confirmation,
+#ifdef ALLOW_INSECURE_TAINTED_DATA
+  Li_tainted,
+#endif
   Li_tls_certificate_verified,
   Li_tls_cipher,
   -1
   Li_tls_certificate_verified,
   Li_tls_cipher,
   -1
@@ -1045,7 +1073,8 @@ uschar *log_file_path          = US LOG_FILE_PATH
 int     log_notall[]           = {
   -1
 };
 int     log_notall[]           = {
   -1
 };
-bit_table log_options[]        = { /* must be in alphabetical order */
+bit_table log_options[]        = { /* must be in alphabetical order,
+                               with definitions from enum logbit. */
   BIT_TABLE(L, 8bitmime),
   BIT_TABLE(L, acl_warn_skipped),
   BIT_TABLE(L, address_rewrite),
   BIT_TABLE(L, 8bitmime),
   BIT_TABLE(L, acl_warn_skipped),
   BIT_TABLE(L, address_rewrite),
@@ -1069,15 +1098,19 @@ bit_table log_options[]        = { /* must be in alphabetical order */
   BIT_TABLE(L, incoming_port),
   BIT_TABLE(L, lost_incoming_connection),
   BIT_TABLE(L, millisec),
   BIT_TABLE(L, incoming_port),
   BIT_TABLE(L, lost_incoming_connection),
   BIT_TABLE(L, millisec),
+  BIT_TABLE(L, msg_id),
+  BIT_TABLE(L, msg_id_created),
   BIT_TABLE(L, outgoing_interface),
   BIT_TABLE(L, outgoing_port),
   BIT_TABLE(L, pid),
   BIT_TABLE(L, pipelining),
   BIT_TABLE(L, outgoing_interface),
   BIT_TABLE(L, outgoing_port),
   BIT_TABLE(L, pid),
   BIT_TABLE(L, pipelining),
+  BIT_TABLE(L, protocol_detail),
 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
   BIT_TABLE(L, proxy),
 #endif
   BIT_TABLE(L, queue_run),
   BIT_TABLE(L, queue_time),
 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
   BIT_TABLE(L, proxy),
 #endif
   BIT_TABLE(L, queue_run),
   BIT_TABLE(L, queue_time),
+  BIT_TABLE(L, queue_time_exclusive),
   BIT_TABLE(L, queue_time_overall),
   BIT_TABLE(L, receive_time),
   BIT_TABLE(L, received_recipients),
   BIT_TABLE(L, queue_time_overall),
   BIT_TABLE(L, receive_time),
   BIT_TABLE(L, received_recipients),
@@ -1098,9 +1131,13 @@ bit_table log_options[]        = { /* must be in alphabetical order */
   BIT_TABLE(L, smtp_protocol_error),
   BIT_TABLE(L, smtp_syntax_error),
   BIT_TABLE(L, subject),
   BIT_TABLE(L, smtp_protocol_error),
   BIT_TABLE(L, smtp_syntax_error),
   BIT_TABLE(L, subject),
+#ifdef ALLOW_INSECURE_TAINTED_DATA
+  BIT_TABLE(L, tainted),
+#endif
   BIT_TABLE(L, tls_certificate_verified),
   BIT_TABLE(L, tls_cipher),
   BIT_TABLE(L, tls_peerdn),
   BIT_TABLE(L, tls_certificate_verified),
   BIT_TABLE(L, tls_cipher),
   BIT_TABLE(L, tls_peerdn),
+  BIT_TABLE(L, tls_resumption),
   BIT_TABLE(L, tls_sni),
   BIT_TABLE(L, unknown_in_list),
 };
   BIT_TABLE(L, tls_sni),
   BIT_TABLE(L, unknown_in_list),
 };
@@ -1165,6 +1202,7 @@ int     mime_part_count        = -1;
 #endif
 
 uid_t  *never_users            = NULL;
 #endif
 
 uid_t  *never_users            = NULL;
+uschar *notifier_socket        = US"$spool_directory/" NOTIFIER_SOCKET_NAME ;
 
 const int on                   = 1;    /* for setsockopt */
 const int off                  = 0;
 
 const int on                   = 1;    /* for setsockopt */
 const int off                  = 0;
@@ -1180,11 +1218,15 @@ uschar *override_pid_file_path = NULL;
 uschar *percent_hack_domains   = NULL;
 uschar *pid_file_path          = US PID_FILE_PATH
                            "\0<--------------Space to patch pid_file_path->";
 uschar *percent_hack_domains   = NULL;
 uschar *pid_file_path          = US PID_FILE_PATH
                            "\0<--------------Space to patch pid_file_path->";
+#ifndef DISABLE_PIPE_CONNECT
+uschar *pipe_connect_advertise_hosts = US"*";
+#endif
 uschar *pipelining_advertise_hosts = US"*";
 uschar *primary_hostname       = NULL;
 uschar *pipelining_advertise_hosts = US"*";
 uschar *primary_hostname       = NULL;
-uschar  process_info[PROCESS_INFO_SIZE];
+uschar *process_info;
 int     process_info_len       = 0;
 uschar *process_log_path       = NULL;
 int     process_info_len       = 0;
 uschar *process_log_path       = NULL;
+const uschar *process_purpose  = US"fresh-exec";
 
 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
 uschar *hosts_proxy            = NULL;
 
 #if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
 uschar *hosts_proxy            = NULL;
@@ -1192,6 +1234,7 @@ uschar *proxy_external_address = NULL;
 int     proxy_external_port    = 0;
 uschar *proxy_local_address    = NULL;
 int     proxy_local_port       = 0;
 int     proxy_external_port    = 0;
 uschar *proxy_local_address    = NULL;
 int     proxy_local_port       = 0;
+int     proxy_protocol_timeout = 3;
 #endif
 
 uschar *prvscheck_address      = NULL;
 #endif
 
 uschar *prvscheck_address      = NULL;
@@ -1204,14 +1247,17 @@ uschar *qualify_domain_sender  = NULL;
 uschar *queue_domains          = NULL;
 int     queue_interval         = -1;
 uschar *queue_name             = US"";
 uschar *queue_domains          = NULL;
 int     queue_interval         = -1;
 uschar *queue_name             = US"";
+uschar *queue_name_dest        = NULL;
 uschar *queue_only_file        = NULL;
 int     queue_only_load        = -1;
 uschar *queue_run_max          = US"5";
 pid_t   queue_run_pid          = (pid_t)0;
 int     queue_run_pipe         = -1;
 uschar *queue_only_file        = NULL;
 int     queue_only_load        = -1;
 uschar *queue_run_max          = US"5";
 pid_t   queue_run_pid          = (pid_t)0;
 int     queue_run_pipe         = -1;
+unsigned queue_size            = 0;
+time_t  queue_size_next        = 0;
 uschar *queue_smtp_domains     = NULL;
 
 uschar *queue_smtp_domains     = NULL;
 
-unsigned int random_seed       = 0;
+uint32_t random_seed          = 0;
 tree_node *ratelimiters_cmd    = NULL;
 tree_node *ratelimiters_conn   = NULL;
 tree_node *ratelimiters_mail   = NULL;
 tree_node *ratelimiters_cmd    = NULL;
 tree_node *ratelimiters_conn   = NULL;
 tree_node *ratelimiters_mail   = NULL;
@@ -1237,13 +1283,14 @@ date  will be automatically added on the end. */
 uschar *received_header_text   = US
      "Received: "
      "${if def:sender_rcvhost {from $sender_rcvhost\n\t}"
 uschar *received_header_text   = US
      "Received: "
      "${if def:sender_rcvhost {from $sender_rcvhost\n\t}"
-     "{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}"
-     "${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
+       "{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}"
+         "${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
      "by $primary_hostname "
      "by $primary_hostname "
-     "${if def:received_protocol {with $received_protocol}} "
-     #ifdef SUPPORT_TLS
-     "${if def:tls_cipher {($tls_cipher)\n\t}}"
-     #endif
+     "${if def:received_protocol {with $received_protocol }}"
+#ifndef DISABLE_TLS
+     "${if def:tls_in_ver        { ($tls_in_ver)}}"
+     "${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}"
+#endif
      "(Exim $version_number)\n\t"
      "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
      "id $message_exim_id"
      "(Exim $version_number)\n\t"
      "${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
      "id $message_exim_id"
@@ -1253,20 +1300,23 @@ uschar *received_header_text   = US
 int     received_headers_max   = 30;
 uschar *received_protocol      = NULL;
 struct timeval received_time   = { 0, 0 };
 int     received_headers_max   = 30;
 uschar *received_protocol      = NULL;
 struct timeval received_time   = { 0, 0 };
-struct timeval received_time_taken = { 0, 0 };
+struct timeval received_time_complete = { 0, 0 };
 uschar *recipient_data         = NULL;
 uschar *recipient_unqualified_hosts = NULL;
 uschar *recipient_verify_failure = NULL;
 int     recipients_count       = 0;
 recipient_item  *recipients_list = NULL;
 int     recipients_list_max    = 0;
 uschar *recipient_data         = NULL;
 uschar *recipient_unqualified_hosts = NULL;
 uschar *recipient_verify_failure = NULL;
 int     recipients_count       = 0;
 recipient_item  *recipients_list = NULL;
 int     recipients_list_max    = 0;
-int     recipients_max         = 0;
+int     recipients_max         = 50000;
 const pcre *regex_AUTH         = NULL;
 const pcre *regex_check_dns_names = NULL;
 const pcre *regex_From         = NULL;
 const pcre *regex_IGNOREQUOTA  = NULL;
 const pcre *regex_PIPELINING   = NULL;
 const pcre *regex_SIZE         = NULL;
 const pcre *regex_AUTH         = NULL;
 const pcre *regex_check_dns_names = NULL;
 const pcre *regex_From         = NULL;
 const pcre *regex_IGNOREQUOTA  = NULL;
 const pcre *regex_PIPELINING   = NULL;
 const pcre *regex_SIZE         = NULL;
+#ifndef DISABLE_PIPE_CONNECT
+const pcre *regex_EARLY_PIPE   = NULL;
+#endif
 const pcre *regex_ismsgid      = NULL;
 const pcre *regex_smtp_code    = NULL;
 uschar *regex_vars[REGEX_VARS];
 const pcre *regex_ismsgid      = NULL;
 const pcre *regex_smtp_code    = NULL;
 uschar *regex_vars[REGEX_VARS];
@@ -1351,6 +1401,7 @@ router_instance  router_defaults = {
     .retry_use_local_part =    TRUE_UNSET,
     .same_domain_copy_routing =        FALSE,
     .self_rewrite =            FALSE,
     .retry_use_local_part =    TRUE_UNSET,
     .same_domain_copy_routing =        FALSE,
     .self_rewrite =            FALSE,
+    .set =                     NULL,
     .suffix_optional =         FALSE,
     .verify_only =             FALSE,
     .verify_recipient =                TRUE,
     .suffix_optional =         FALSE,
     .verify_only =             FALSE,
     .verify_recipient =                TRUE,
@@ -1368,10 +1419,11 @@ router_instance  router_defaults = {
     .pass_router =             NULL,
     .redirect_router =         NULL,
 
     .pass_router =             NULL,
     .redirect_router =         NULL,
 
-    .dnssec =                  { NULL, NULL },            /* dnssec_domains {require,request} */
+    .dnssec =                   { .request= US"*", .require=NULL },
 };
 
 uschar *router_name            = NULL;
 };
 
 uschar *router_name            = NULL;
+tree_node *router_var         = NULL;
 
 ip_address_item *running_interfaces = NULL;
 
 
 ip_address_item *running_interfaces = NULL;
 
@@ -1424,12 +1476,13 @@ int     smtp_accept_count      = 0;
 int     smtp_accept_max        = 20;
 int     smtp_accept_max_nonmail= 10;
 uschar *smtp_accept_max_nonmail_hosts = US"*";
 int     smtp_accept_max        = 20;
 int     smtp_accept_max_nonmail= 10;
 uschar *smtp_accept_max_nonmail_hosts = US"*";
-int     smtp_accept_max_per_connection = 1000;
+uschar *smtp_accept_max_per_connection = US"1000";
 uschar *smtp_accept_max_per_host = NULL;
 int     smtp_accept_queue      = 0;
 int     smtp_accept_queue_per_connection = 10;
 int     smtp_accept_reserve    = 0;
 uschar *smtp_active_hostname   = NULL;
 uschar *smtp_accept_max_per_host = NULL;
 int     smtp_accept_queue      = 0;
 int     smtp_accept_queue_per_connection = 10;
 int     smtp_accept_reserve    = 0;
 uschar *smtp_active_hostname   = NULL;
+int    smtp_backlog_monitor   = 0;
 uschar *smtp_banner            = US"$smtp_active_hostname ESMTP "
                              "Exim $version_number $tod_full"
                              "\0<---------------Space to patch smtp_banner->";
 uschar *smtp_banner            = US"$smtp_active_hostname ESMTP "
                              "Exim $version_number $tod_full"
                              "\0<---------------Space to patch smtp_banner->";
@@ -1442,13 +1495,17 @@ int     smtp_connect_backlog   = 20;
 double  smtp_delay_mail        = 0.0;
 double  smtp_delay_rcpt        = 0.0;
 FILE   *smtp_in                = NULL;
 double  smtp_delay_mail        = 0.0;
 double  smtp_delay_rcpt        = 0.0;
 FILE   *smtp_in                = NULL;
+int     smtp_listen_backlog    = 0;
 int     smtp_load_reserve      = -1;
 int     smtp_mailcmd_count     = 0;
 int     smtp_load_reserve      = -1;
 int     smtp_mailcmd_count     = 0;
+int     smtp_mailcmd_max       = -1;
 FILE   *smtp_out               = NULL;
 uschar *smtp_etrn_command      = NULL;
 int     smtp_max_synprot_errors= 3;
 int     smtp_max_unknown_commands = 3;
 uschar *smtp_notquit_reason    = NULL;
 FILE   *smtp_out               = NULL;
 uschar *smtp_etrn_command      = NULL;
 int     smtp_max_synprot_errors= 3;
 int     smtp_max_unknown_commands = 3;
 uschar *smtp_notquit_reason    = NULL;
+unsigned smtp_peer_options     = 0;
+unsigned smtp_peer_options_wrap= 0;
 uschar *smtp_ratelimit_hosts   = NULL;
 uschar *smtp_ratelimit_mail    = NULL;
 uschar *smtp_ratelimit_rcpt    = NULL;
 uschar *smtp_ratelimit_hosts   = NULL;
 uschar *smtp_ratelimit_mail    = NULL;
 uschar *smtp_ratelimit_rcpt    = NULL;
@@ -1464,8 +1521,6 @@ int     smtp_rlr_base          = 0;
 double  smtp_rlr_factor        = 0.0;
 int     smtp_rlr_limit         = 0;
 int     smtp_rlr_threshold     = INT_MAX;
 double  smtp_rlr_factor        = 0.0;
 int     smtp_rlr_limit         = 0;
 int     smtp_rlr_threshold     = INT_MAX;
-unsigned smtp_peer_options     = 0;
-unsigned smtp_peer_options_wrap= 0;
 #ifdef SUPPORT_I18N
 uschar *smtputf8_advertise_hosts = US"*";      /* overridden under test-harness */
 #endif
 #ifdef SUPPORT_I18N
 uschar *smtputf8_advertise_hosts = US"*";      /* overridden under test-harness */
 #endif
@@ -1484,12 +1539,16 @@ uschar *spf_header_comment     = NULL;
 uschar *spf_received           = NULL;
 uschar *spf_result             = NULL;
 uschar *spf_smtp_comment       = NULL;
 uschar *spf_received           = NULL;
 uschar *spf_result             = NULL;
 uschar *spf_smtp_comment       = NULL;
+uschar *spf_smtp_comment_template
+                    /* Used to be: "Please%_see%_http://www.open-spf.org/Why?id=%{S}&ip=%{C}&receiver=%{R}" */
+                               = US"Please%_see%_http://www.open-spf.org/Why";
+
 #endif
 
 FILE   *spool_data_file               = NULL;
 uschar *spool_directory        = US SPOOL_DIRECTORY
                            "\0<--------------Space to patch spool_directory->";
 #endif
 
 FILE   *spool_data_file               = NULL;
 uschar *spool_directory        = US SPOOL_DIRECTORY
                            "\0<--------------Space to patch spool_directory->";
-#ifdef EXPERIMENTAL_SRS
+#ifdef EXPERIMENTAL_SRS_ALT
 uschar *srs_config             = NULL;
 uschar *srs_db_address         = NULL;
 uschar *srs_db_key             = NULL;
 uschar *srs_config             = NULL;
 uschar *srs_db_address         = NULL;
 uschar *srs_db_key             = NULL;
@@ -1502,11 +1561,14 @@ uschar *srs_recipient          = NULL;
 uschar *srs_secrets            = NULL;
 uschar *srs_status             = NULL;
 #endif
 uschar *srs_secrets            = NULL;
 uschar *srs_status             = NULL;
 #endif
+#ifdef SUPPORT_SRS
+uschar *srs_recipient          = NULL;
+#endif
 int     string_datestamp_offset= -1;
 int     string_datestamp_length= 0;
 int     string_datestamp_type  = -1;
 int     string_datestamp_offset= -1;
 int     string_datestamp_length= 0;
 int     string_datestamp_type  = -1;
-uschar *submission_domain      = NULL;
-uschar *submission_name        = NULL;
+const uschar *submission_domain = NULL;
+const uschar *submission_name  = NULL;
 int     syslog_facility        = LOG_MAIL;
 uschar *syslog_processname     = US"exim";
 uschar *system_filter          = NULL;
 int     syslog_facility        = LOG_MAIL;
 uschar *syslog_processname     = US"exim";
 uschar *system_filter          = NULL;
@@ -1527,64 +1589,23 @@ uschar *tcp_wrappers_daemon_name = US TCP_WRAPPERS_DAEMON_NAME;
 int     test_harness_load_avg  = 0;
 int     thismessage_size_limit = 0;
 int     timeout_frozen_after   = 0;
 int     test_harness_load_avg  = 0;
 int     thismessage_size_limit = 0;
 int     timeout_frozen_after   = 0;
+#ifdef MEASURE_TIMING
+struct timeval timestamp_startup;
+#endif
 
 transport_instance  *transports = NULL;
 
 transport_instance  transport_defaults = {
 
 transport_instance  *transports = NULL;
 
 transport_instance  transport_defaults = {
-    .next =                    NULL,
-    .name =                    NULL,
-    .info =                    NULL,
-    .options_block =           NULL,
-    .driver_name =             NULL,
-    .setup =                   NULL,
+    /* All non-mentioned elements zero/NULL/FALSE */
     .batch_max =               1,
     .batch_max =               1,
-    .batch_id =                        NULL,
-    .home_dir =                        NULL,
-    .current_dir =             NULL,
-    .expand_multi_domain =     NULL,
     .multi_domain =            TRUE,
     .multi_domain =            TRUE,
-    .overrides_hosts =         FALSE,
     .max_addresses =           100,
     .connection_max_messages = 500,
     .max_addresses =           100,
     .connection_max_messages = 500,
-    .deliver_as_creator =      FALSE,
-    .disable_logging =         FALSE,
-    .initgroups =              FALSE,
-    .uid_set =                 FALSE,
-    .gid_set =                 FALSE,
     .uid =                     (uid_t)(-1),
     .gid =                     (gid_t)(-1),
     .uid =                     (uid_t)(-1),
     .gid =                     (gid_t)(-1),
-    .expand_uid =              NULL,
-    .expand_gid =              NULL,
-    .warn_message =            NULL,
-    .shadow =                  NULL,
-    .shadow_condition =                NULL,
-    .filter_command =          NULL,
-    .add_headers =             NULL,
-    .remove_headers =          NULL,
-    .return_path =             NULL,
-    .debug_string =            NULL,
-    .max_parallel =            NULL,
-    .message_size_limit =      NULL,
-    .headers_rewrite =         NULL,
-    .rewrite_rules =           NULL,
-    .rewrite_existflags =      0,
     .filter_timeout =          300,
     .filter_timeout =          300,
-    .body_only =               FALSE,
-    .delivery_date_add =       FALSE,
-    .envelope_to_add =         FALSE,
-    .headers_only =            FALSE,
-    .rcpt_include_affixes =    FALSE,
-    .return_path_add =         FALSE,
-    .return_output =           FALSE,
-    .return_fail_output =      FALSE,
-    .log_output =              FALSE,
-    .log_fail_output =         FALSE,
-    .log_defer_output =                FALSE,
     .retry_use_local_part =    TRUE_UNSET,     /* retry_use_local_part: BOOL, but set neither
                                                 1 nor 0 so can detect unset */
     .retry_use_local_part =    TRUE_UNSET,     /* retry_use_local_part: BOOL, but set neither
                                                 1 nor 0 so can detect unset */
-#ifndef DISABLE_EVENT
-   .event_action =             NULL
-#endif
 };
 
 int     transport_count;
 };
 
 int     transport_count;
@@ -1635,7 +1656,7 @@ uschar *uucp_from_sender       = US"$1";
 uschar *verify_mode           = NULL;
 uschar *version_copyright      =
  US"Copyright (c) University of Cambridge, 1995 - 2018\n"
 uschar *verify_mode           = NULL;
 uschar *version_copyright      =
  US"Copyright (c) University of Cambridge, 1995 - 2018\n"
-   "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018";
+   "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2020";
 uschar *version_date           = US"?";
 uschar *version_cnumber        = US"????";
 uschar *version_string         = US"?";
 uschar *version_date           = US"?";
 uschar *version_cnumber        = US"????";
 uschar *version_string         = US"?";