JH/01 Support list of dkim results in the dkim_status ACL condition, making
it more usable in the data ACL.
-JH/02 Handle error on close of the spool data file during reception. Previously
- This was only logged, on the assumption that errors would be seen for
- a previous fflush(). However, a fuse filesystem has been reported as
- showing this an error for the fclose(). The spool is now in an uncertain
- state, and we have logged and responded acceptance. Change this to
- respond with a temp-reject, wipe spoolfiles, and log the error detail.
+JH/02 Bug 3040: Handle error on close of the spool data file during reception.
+ Previously This was only logged, on the assumption that errors would be
+ seen for a previous fflush(). However, a fuse filesystem has been
+ reported as showing this an error for the fclose(). The spool is now in
+ an uncertain state, and we have logged and responded acceptance. Change
+ this to respond with a temp-reject, wipe spoolfiles, and log the error
+ detail.
+
+JH/03 Bug 3030: fix handling of DNS servfail respons for DANE TLSA. When hit
+ during a recipient verify callout, a QUIT command was attempted on the
+ now-closed callout channel, causing a paniclog entry.
Exim version 4.97
sx->conn_args.interface = interface;
sx->helo_data = tf->helo_data;
sx->conn_args.tblock = addr->transport;
- sx->conn_args.sock = -1;
+ sx->cctx.sock = sx->conn_args.sock = -1;
sx->verify = TRUE;
tls_retry_connection:
/* Ensure no cutthrough on multiple verifies that were incompatible */
if (options & vopt_callout_recipsender)
cancel_cutthrough_connection(TRUE, US"not usable for cutthrough");
- if (sx->send_quit)
+ if (sx->send_quit && sx->cctx.sock >= 0)
if (smtp_write_command(sx, SCMD_FLUSH, "QUIT\r\n") != -1)
/* Wait a short time for response, and discard it */
smtp_read_response(sx, sx->buffer, sizeof(sx->buffer), '2', 1);
--- /dev/null
+# Exim test configuration 5801
+# DANE common
+
+SERVER=
+
+.include DIR/aux-var/tls_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept verify = recipient/callout
+
+log_selector = +received_recipients +tls_certificate_verified +tls_sni
+
+queue_run_in_order
+
+tls_advertise_hosts = *
+.ifdef _HAVE_GNUTLS
+# needed to force generation
+tls_dhparam = historic
+.endif
+
+CDIR1 = DIR/aux-fixed/exim-ca/example.net/server1.example.net
+CDIR2 = DIR/aux-fixed/exim-ca/example.com/server1.example.com
+
+
+tls_certificate = CDIR2/fullchain.pem
+tls_privatekey = CDIR2/server1.example.com.unlocked.key
+
+# ----- Routers -----
+
+begin routers
+
+client:
+ driver = dnslookup
+ condition = ${if eq {SERVER}{}}
+ dnssec_request_domains = *
+ self = send
+ transport = send_to_server
+ errors_to = ""
+
+server:
+ driver = redirect
+ data = :blackhole:
+
+
+# ----- Transports -----
+
+begin transports
+
+send_to_server:
+ driver = smtp
+ allow_localhost
+ port = PORT_D
+ hosts_try_fastopen = :
+
+ hosts_try_dane = *
+ tls_verify_certificates =
+
+
+
+# ----- Retry -----
+
+
+begin retry
+
+* * F,5d,10s
+
+
+# End
DNSSEC _1225._tcp.danemixed TLSA 2 0 1 0d643c1ebcdf2cb83634e0c2f5102c1e268983401c9f4d8711d60b44d7fb7a3e
DNSSEC TLSA 3 1 1 8276000000000000000000000000000000000000000000000000000000000000
+; have the TLSA lookup, only, return SERVFAIL
+;
+DNSSEC daneservfail A 127.0.0.1
+DNSSEC _1225._tcp.daneservfail CNAME test.again.dns.
+
; ------- Testing delays ------------
DELAY=500 delay500 A HOSTIPV4
--- /dev/null
+# DANE Rverify, TLSA SERVFAIL
+#
+exim -odf -bs
+HELO test
+MAIL FROM:<CALLER@test.ex>
+RCPT TO:<t@daneservfail.test.ex>
+QUIT
+****
git://git.exim.org / exim.git / commitdiff