. Update the Copyright year (only) when changing content.
. /////////////////////////////////////////////////////////////////////////////
-.set previousversion "4.94"
+.set previousversion "4.95"
.include ./local_params
.set ACL "access control lists (ACLs)"
.set drivernamemax "64"
.macro copyyear
-2020
+2021
.endmacro
. /////////////////////////////////////////////////////////////////////////////
</revision></revhistory>
<copyright><year>
.copyyear
- </year><holder>University of Cambridge</holder></copyright>
+ </year><holder>The Exim Maintainers</holder></copyright>
</bookinfo>
.literal off
.next
If the &%domains%& option is set, the domain of the address must be in the set
of domains that it defines.
-.new
.cindex "tainted data" "de-tainting"
A match verifies the variable &$domain$& (which carries tainted data)
and assigns an untainted value to the &$domain_data$& variable.
When an untainted value is wanted, use this option
rather than the generic &%condition%& option.
-.wen
.next
.vindex "&$local_part_prefix$&"
.cindex affix "router precondition"
If the &%local_parts%& option is set, the local part of the address must be in
the set of local parts that it defines.
-.new
A match verifies the variable &$local_part$& (which carries tainted data)
and assigns an untainted value to the &$local_part_data$& variable.
Such an untainted value is often needed in the transport.
When an untainted value is wanted, use this option
rather than the generic &%condition%& option.
-.wen
If &%local_part_prefix%& or
&%local_part_suffix%& is in use, the prefix or suffix is removed from the local
uses an expanded string to allow you to set up your own custom preconditions.
Expanded strings are described in chapter &<<CHAPexpand>>&.
-.new
Note that while using
this option for address matching technically works,
it does not set any de-tainted values.
for transport options.
Using the &%domains%& and &%local_parts%& options is usually the most
convenient way to obtain them.
-.wen
.endlist
by Exim in conjunction with the &%-MC%& option. It signifies that a
remote host supports the ESMTP &_CHUNKING_& extension.
-.new
.vitem &%-MCL%&
.oindex "&%-MCL%&"
This option is not intended for use by external callers. It is used internally
which Exim is connected advertised limits on numbers of mails, recipients or
recipient domains.
The limits are given by the following three arguments.
-.wen
.vitem &%-MCP%&
.oindex "&%-MCP%&"
by Exim in conjunction with the &%-MC%& option. It signifies that the server to
which Exim is connected supports pipelining.
-.new
.vitem &%-MCp%&
.oindex "&%-MCp%&"
This option is not intended for use by external callers. It is used internally
by Exim in conjunction with the &%-MC%& option. It signifies that the connection
t a remote server is via a SOCKS proxy, using addresses and ports given by
the following four arguments.
-.wen
.vitem &%-MCQ%&&~<&'process&~id'&>&~<&'pipe&~fd'&>
.oindex "&%-MCQ%&"
signals the final completion of the sequence of processes that are passing
messages through the same SMTP connection.
-.new
.vitem &%-MCq%&&~<&'recipient&~address'&>&~<&'size'&>
.oindex "&%-MCq%&"
This option is not intended for use by external callers. It is used internally
by Exim to implement quota checking for local users.
-.wen
.vitem &%-MCS%&
.oindex "&%-MCS%&"
by Exim in conjunction with the &%-MC%& option, and passes on the fact that the
host to which Exim is connected supports TLS encryption.
-.new
.vitem &%-MCr%&&~<&'SNI'&> &&&
&%-MCs%&&~<&'SNI'&>
.oindex "&%-MCs%&"
a TLS Server Name Indication was sent as part of the channel establishment.
The argument gives the SNI string.
The "r" variant indicates a DANE-verified connection.
-.wen
.vitem &%-MCt%&&~<&'IP&~address'&>&~<&'port'&>&~<&'cipher'&>
.oindex "&%-MCt%&"
in chapter &<<CHAPinterfaces>>&. When &%-oX%& is used to start a daemon, no pid
file is written unless &%-oP%& is also present to specify a pid filename.
-.new
.vitem &%-oY%&
.oindex &%-oY%&
.cindex "daemon notifier socket"
.next
obtaining a current queue size
.endlist
-.wen
.vitem &%-pd%&
.oindex "&%-pd%&"
first &%domains%& setting above generates the second setting, which therefore
causes a second lookup to occur.
-.new
The lookup type may optionally be followed by a comma
and a comma-separated list of options.
Each option is a &"name=value"& pair.
If this is given then the cache that Exim manages for lookup results
is not checked before doing the lookup.
The result of the lookup is still written to the cache.
-.wen
The rest of this chapter describes the different lookup types that are
available. Any of them can be used in any part of the configuration where a
IPv4, in dotted-quad form. (Exim converts IPv4-mapped IPv6 addresses to this
notation before executing the lookup.)
-.new
One option is supported, "ret=full", to request the return of the entire line
rather than omitting the key porttion.
Note however that the key portion will have been de-quoted.
-.wen
.next
.cindex lookup json
For elements of type string, the returned value is de-quoted.
-.new
.next
.cindex LMDB
.cindex lookup lmdb
You will need to separately create the LMDB database file,
possibly using the &"mdb_load"& utility.
-.wen
.next
of independent, short-lived processes, this caching applies only within a
single Exim process. There is no inter-process lookup caching facility.
+If an option &"cache=no_rd"& is used on the lookup then
+the cache is only written to, cached data is not used for the operation
+and a real lookup is done.
+
For single-key lookups, Exim keeps the relevant files open in case there is
another lookup that needs them. In some types of configuration this can lead to
many files being kept open for messages with many recipients. To avoid hitting
addition to the SQL query. An SQLite database is a single file, and there is no
daemon as in the other SQL databases.
-.new
.oindex &%sqlite_dbfile%&
There are two ways of
specifying the file.
lookup type word. The option is the word &"file"&, then an equals,
then the filename.
The filename in this case cannot contain whitespace or open-brace charachters.
-.wen
A deprecated method is available, prefixing the query with the filename
separated by white space.
A &%local_parts%& router option or &%local_parts%& ACL condition
will store a result in the &$local_part_data$& variable.
.vitem domains
-.new
A &%domains%& router option or &%domains%& ACL condition
will store a result in the &$domain_data$& variable.
-.wen
.vitem senders
A &%senders%& router option or &%senders%& ACL condition
will store a result in the &$sender_data$& variable.
.cindex "tainted data" "de-tainting"
The value will be untainted.
-.new
&*Note*&: If the data result of the lookup (as opposed to the key)
is empty, then this empty value is stored in &$domain_data$&.
The option to return the key for the lookup, as the value,
may be what is wanted.
-.wen
.next
.cindex "tainted data" definition
.cindex expansion "tainted data"
and expansion of data deriving from the sender (&"tainted data"&)
-.new
is not permitted (including acessing a file using a tainted name).
The main config option &%allow_insecure_tainted_data%& can be used as
mitigation during uprades to more secure configurations.
-.wen
-.new
Common ways of obtaining untainted equivalents of variables with
tainted values
.cindex "tainted data" "de-tainting"
or the password file,
or accessed via a DBMS.
Specific methods are indexed under &"de-tainting"&.
-.wen
You can use &`fail`& instead of {<&'string3'&>} as in a string extract.
-.new
.vitem &*${listquote{*&<&'separator'&>&*}{*&<&'string'&>&*}}*&
.cindex quoting "for list"
.cindex list quoting
An empty string is replaced with a single space.
This converts the string into a safe form for use as a list element,
in a list using the given separator.
-.wen
.vitem "&*${lookup&~{*&<&'key'&>&*}&~*&<&'search&~type'&>&*&~&&&
-.new
.vitem &*${srs_encode&~{*&<&'secret'&>&*}{*&<&'return&~path'&>&*}{*&<&'original&~domain'&>&*}}*&
SRS encoding. See SECT &<<SECTSRS>>& for details.
-.wen
and selects address-, domain-, host- or localpart- lists to search among respectively.
Otherwise all types are searched in an undefined order and the first
matching list is returned.
-.new
&*Note*&: Neither string-expansion of lists referenced by named-list syntax elements,
nor expansion of lookup elements, is done by the &%listnamed%& operator.
-.wen
.vitem &*${local_part:*&<&'string'&>&*}*&
The parsing correctly handles SMTPUTF8 Unicode in the string.
- .vitem &*${mask:*&<&'IP&~address'&>&*/*&<&'bit&~count'&>&*}*&
+ .vitem &*${mask:*&<&'IP&~address'&>&*/*&<&'bit&~count'&>&*}*& &&&
+ &*${mask_n:*&<&'IP&~address'&>&*/*&<&'bit&~count'&>&*}*&
.cindex "masked IP address"
.cindex "IP address" "masking"
.cindex "CIDR notation"
.code
${mask:10.111.131.206/28}
.endd
- returns the string &"10.111.131.192/28"&. Since this operation is expected to
- be mostly used for looking up masked addresses in files, the result for an IPv6
+ returns the string &"10.111.131.192/28"&.
+
+ Since this operation is expected to
+ be mostly used for looking up masked addresses in files, the
+ .new
+ normal
+ .wen
+ result for an IPv6
address uses dots to separate components instead of colons, because colon
terminates a key string in lsearch files. So, for example,
.code
.code
3ffe.ffff.836f.0a00.000a.0800.2000.0000/99
.endd
+ .new
+ If the optional form &*mask_n*& is used, IPv6 address result are instead
+ returned in normailsed form, using colons and with zero-compression.
+ .wen
Letters in IPv6 addresses are always output in lower case.
is done by calling the &[stat()]& function. The use of the &%exists%& test in
users' filter files may be locked out by the system administrator.
-.new
&*Note:*& Testing a path using this condition is not a sufficient way of
de-tainting it.
Consider using a dsearch lookup.
-.wen
.vitem &*first_delivery*&
.cindex "delivery" "first"
Case and collation order are defined per the system C locale.
-.new
.vitem &*inbound_srs&~{*&<&'local&~part'&>&*}{*&<&'secret'&>&*}*&
SRS decode. See SECT &<<SECTSRS>>& for details.
-.wen
.vitem &*inlist&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& &&&
You can use &$acl_verify_message$& during the expansion of the &%message%& or
&%log_message%& modifiers, to include information about the verification
failure.
-.new
&*Note*&: The variable is cleared at the end of processing the ACL verb.
-.wen
.vitem &$address_data$&
.vindex "&$address_data$&"
.vitem &$domain_data$&
.vindex "&$domain_data$&"
When the &%domains%& condition on a router
-.new
or an ACL
matches a domain
against a list, the match value is copied to &$domain_data$&.
This is an enhancement over previous versions of Exim, when it only
applied to the data read by a lookup.
For details on match values see section &<<SECTlistresults>>& et. al.
-.wen
If the router routes the
address to a transport, the value is available in that transport. If the
of the temporary file which is about to be renamed. It can be used to construct
a unique name for the file.
-.vitem &$interface_address$&
+.vitem &$interface_address$& &&&
+ &$interface_port$&
.vindex "&$interface_address$&"
-This is an obsolete name for &$received_ip_address$&.
-
-.vitem &$interface_port$&
.vindex "&$interface_port$&"
-This is an obsolete name for &$received_port$&.
+These are obsolete names for &$received_ip_address$& and &$received_port$&.
.vitem &$item$&
.vindex "&$item$&"
.vindex "&$local_part_data$&"
When the &%local_parts%& condition on a router or ACL
matches a local part list
-.new
the match value is copied to &$local_part_data$&.
This is an enhancement over previous versions of Exim, when it only
applied to the data read by a lookup.
For details on match values see section &<<SECTlistresults>>& et. al.
-.wen
The &%check_local_user%& router option also sets this variable.
This variable contains the number of bytes in the longest line that was
received as part of the message, not counting the line termination
character(s).
-It is not valid if the &%spool_files_wireformat%& option is used.
+It is not valid if the &%spool_wireformat%& option is used.
.vitem &$message_age$&
.cindex "message" "age of"
also &$message_size$&, &$body_linecount$&, and &$body_zerocount$&.
If the spool file is wireformat
-(see the &%spool_files_wireformat%& main option)
+(see the &%spool_wireformat%& main option)
the CRLF line-terminators are included in the count.
.vitem &$message_exim_id$&
In the MAIL and RCPT ACLs, the value is zero because at that stage the
message has not yet been received.
-This variable is not valid if the &%spool_files_wireformat%& option is used.
+This variable is not valid if the &%spool_wireformat%& option is used.
.vitem &$message_size$&
.cindex "size" "of message"
built. The value is copied after recipient rewriting has happened, but before
the &[local_scan()]& function is run.
-.vitem &$received_ip_address$&
+.vitem &$received_ip_address$& &&&
+ &$received_port$&
.vindex "&$received_ip_address$&"
-As soon as an Exim server starts processing an incoming TCP/IP connection, this
-variable is set to the address of the local IP interface, and &$received_port$&
-is set to the local port number. (The remote IP address and port are in
+.vindex "&$received_port$&"
+As soon as an Exim server starts processing an incoming TCP/IP connection, these
+variables are set to the address and port on the local IP interface.
+(The remote IP address and port are in
&$sender_host_address$& and &$sender_host_port$&.) When testing with &%-bh%&,
the port value is -1 unless it has been set using the &%-oMi%& command line
option.
time.
For outbound connections see &$sending_ip_address$&.
-.vitem &$received_port$&
-.vindex "&$received_port$&"
-See &$received_ip_address$&.
-
.vitem &$received_protocol$&
.vindex "&$received_protocol$&"
When a message is being processed, this variable contains the name of the
which is not the leaf.
-.new
.vitem &$tls_in_resumption$& &&&
&$tls_out_resumption$&
.vindex &$tls_in_resumption$&
.vindex &$tls_out_resumption$&
.cindex TLS resumption
Observability for TLS session resumption. See &<<SECTresumption>>& for details.
-.wen
.vitem &$tls_in_sni$&
option to a true value. To avoid breaking existing installations, it
defaults to false.
-.new
&*Note*&: This is entirely separate from Exim's tainted-data tracking.
-.wen
.section "Calling Perl subroutines" "SECID86"
configuration). This &"magic string"& matches the domain literal form of all
the local host's IP addresses.
-.new
.option allow_insecure_tainted_data main boolean false
.cindex "de-tainting"
.oindex "allow_insecure_tainted_data"
message rejection) into warnings. This option is meant as mitigation only
and deprecated already today. Future releases of Exim may ignore it.
The &%taint%& log selector can be used to suppress even the warnings.
-.wen
If the &%smtp_connection%& log selector is not set, this option has no effect.
-.new
.option hosts_require_alpn main "host list&!!" unset
.cindex ALPN "require negotiation in server"
.cindex TLS ALPN
&*Note*&: prevention of fallback to in-clear connection is not
managed by this option, and should be done separately.
-.wen
.option hosts_proxy main "host list&!!" unset
If the platform supports Linux-style abstract socket names, the result
is used with a nul byte prefixed.
Otherwise,
-.new "if nonempty,"
it should be a full path name and use a directory accessible
to Exim.
-.new
If this option is set as empty,
or the command line &%-oY%& option is used, or
-.wen
the command line uses a &%-oX%& option and does not use &%-oP%&,
then a notifier socket is not created.
See also the &%hosts_pipe_connect%& smtp transport option.
-.new
The SMTP service extension keyword advertised is &"PIPE_CONNECT"&.
-.wen
.option prdr_enable main boolean false
&%queue_list_requires_admin%& and &%commandline_checks_require_admin%&.
-.new
.option proxy_protocol_timeout main time 3s
.cindex proxy "proxy protocol"
This option sets the timeout for proxy protocol negotiation.
For details see section &<<SECTproxyInbound>>&.
-.wen
.option qualify_domain main string "see below"
next queue run. See also &%hold_domains%& and &%queue_smtp_domains%&.
-.new
.option queue_fast_ramp main boolean false
.cindex "queue runner" "two phase"
.cindex "queue" "double scanning"
command line, may start parallel delivery processes during their first
phase. This will be done when a threshold number of messages have been
routed for a single host.
-.wen
.option queue_list_requires_admin main boolean true
response is given to subsequent MAIL commands. This limit is a safety
precaution against a client that goes mad (incidents of this type have been
seen).
-.new
The option is expanded after the HELO or EHLO is received
and may depend on values available at that time.
An empty or zero value after expansion removes the limit.
-.wen
.option smtp_accept_max_per_host main string&!! unset
is not required the &%tls_advertise_hosts%& option should be set empty.
-.new
.option tls_alpn main "string list&!!" "smtp : esmtp"
.cindex TLS "Application Layer Protocol Names"
.cindex TLS ALPN
and the client offers either more than
ALPN name or a name which does not match the list,
the TLS connection is declined.
-.wen
.option tls_certificate main "string list&!!" unset
&<<SECTtlssni>>& will be re-expanded.
If this option is unset or empty a self-signed certificate will be
-.new
used.
Under Linux this is generated at daemon startup; on other platforms it will be
generated fresh for every connection.
-.wen
.option tls_crl main string&!! unset
.cindex "TLS" "server certificate revocation list"
&<<SECTreqciphssl>>& and &<<SECTreqciphgnu>>&.
-.new
.option tls_resumption_hosts main "host list&!!" unset
.cindex TLS resumption
This option controls which connections to offer the TLS resumption feature.
See &<<SECTresumption>>& for details.
-.wen
.option tls_try_verify_hosts main "host list&!!" unset
provide data for a transport is: &%errors_to%&, &%headers_add%&,
&%headers_remove%&, &%transport%&.
-.new
The name of a router is limited to be &drivernamemax; ASCII characters long;
prior to Exim 4.95 names would be silently truncated at this length, but now
it is enforced.
-.wen
.option address_data routers string&!! unset
When a router runs, the strings are evaluated in order,
to create variables which are added to the set associated with
the address.
-.new
This is done immediately after all the preconditions, before the
evaluation of the &%address_data%& option.
-.wen
The variable is set with the expansion of the value.
The variables can be used by the router options
(not including any preconditions)
.scindex IIDgenoptra1 "generic options" "transport"
.scindex IIDgenoptra2 "options" "generic; for transports"
.scindex IIDgenoptra3 "transport" "generic options for"
-.new
The name of a transport is limited to be &drivernamemax; ASCII characters long;
prior to Exim 4.95 names would be silently truncated at this length, but now
it is enforced.
-.wen
The following generic options apply to all transports:
its removal from incoming messages, so that delivered messages can safely be
resent to other recipients.
+&*Note:*& If used on a transport handling multiple recipients
+(the smtp transport unless &%rcpt_max%& is 1, the appendfile, pipe or lmtp
+transport if &%batch_max%& is greater than 1)
+then information about Bcc recipients will be leaked.
+Doing so is generally not advised.
+
.option event_action transports string&!! unset
.cindex events
delivery, it applies to the top level directory, not the maildir directories
beneath.
-.new
The option must be set to one of the words &"anywhere"&, &"inhome"&, or
&"belowhome"&, or to an absolute path.
-.wen
In the second and third cases, a home directory must have been
set for the transport, and the file or directory being created must
by an &(appendfile)& transport called &%address_file%&. See also
&%file_must_exist%&.
-.new
In the fourth case,
the value given for this option must be an absolute path for an
existing directory.
.cindex "tainted data" "de-tainting"
If "belowhome" checking is used, the file or directory path
becomes de-tainted.
-.wen
.option directory appendfile string&!! unset
(see &%maildir_format%& and &%mailstore_format%&), and see section
&<<SECTopdir>>& for further details of this form of delivery.
-.new
The result of expansion must not be tainted, unless the &%create_file%& option
specifies a path.
-.wen
.option directory_file appendfile string&!! "see below"
&%use_fcntl_lock%&, &%use_flock_lock%&, or &%use_lockfile%& must be set with
&%file%&.
-.new
The result of expansion must not be tainted, unless the &%create_file%& option
specifies a path.
-.wen
.cindex "NFS" "lock file"
.cindex "locking files"
TLS session for any host that matches this list.
&%tls_verify_certificates%& should also be set for the transport.
-.new
.option hosts_require_alpn smtp "host list&!!" unset
.cindex ALPN "require negotiation in client"
.cindex TLS ALPN
&*Note*&: prevention of fallback to in-clear connection is not
managed by this option; see &%hosts_require_tls%&.
-.wen
.option hosts_require_dane smtp "host list&!!" unset
.cindex DANE "transport options"
This option provides a list of servers to which, provided they announce
authentication support, Exim will attempt to authenticate as a client when it
connects. If authentication fails
-.new
and &%hosts_require_auth%& permits,
-.wen
Exim will try to transfer the message unauthenticated.
See also chapter &<<CHAPSMTPAUTH>>& for details of authentication.
.option hosts_try_dane smtp "host list&!!" *
.cindex DANE "transport options"
.cindex DANE "attempting for certain servers"
-.new
If built with DANE support, Exim will look up a
TLSA record for any host matching the list,
If one is found and that lookup was DNSSEC-validated,
then Exim requires that a DANE-verified TLS connection is made for that host;
there will be no fallback to in-clear communication.
-.wen
See the &%dnssec_request_domains%& router and transport options.
See section &<<SECDANE>>&.
permits this. A value setting of zero disables the limit.
-.new
.option message_linelength_limit smtp integer 998
.cindex "line length" limit
This option sets the maximum line length, in bytes, that the transport
It is generally wise to also check in the data ACL so that messages
received via SMTP can be refused without producing a bounce.
-.wen
.option multi_domain smtp boolean&!! true
&$address_data$&, &$domain_data$&, &$local_part_data$&,
&$host$&, &$host_address$& and &$host_port$&.
-.new
If the connection is DANE-enabled then this option is ignored;
only messages having the domain used for the DANE TLSA lookup are
sent on the connection.
-.wen
.option port smtp string&!! "see below"
.cindex "port" "sending TCP/IP"
transport. For details see section &<<SECTproxySOCKS>>&.
-.new
.option tls_alpn smtp string&!! unset
.cindex TLS "Application Layer Protocol Names"
.cindex TLS ALPN
As of writing no value has been standardised for email use.
The authors suggest using &"smtp"&.
-.wen
ciphers is a preference order.
-.new
.option tls_resumption_hosts smtp "host list&!!" unset
.cindex TLS resumption
This option controls which connections to use the TLS resumption feature.
See &<<SECTresumption>>& for details.
-.wen
.cindex SNI "setting in client"
.vindex "&$tls_sni$&"
If this option is set
-.new
and the connection is not DANE-validated
-.wen
then it sets the $tls_out_sni variable and causes any
TLS session to pass this value as the Server Name Indication extension to
the remote side, which can be used by the remote side to select an appropriate
transfer of mail between servers that have no managerial connection with each
other.
-.new
The name of an authenticator is limited to be &drivernamemax; ASCII characters long;
prior to Exim 4.95 names would be silently truncated at this length, but now
it is enforced.
-.wen
.cindex "AUTH" "description of"
.cindex "ESMTP extensions" AUTH
.endd
The lack of colons means that the entire text is sent with the AUTH
command, with the circumflex characters converted to NULs.
-.new
Note that due to the ambiguity of parsing three consectutive circumflex characters
there is no way to provide a password having a leading circumflex.
-.wen
A similar example
The macro _HAVE_AUTH_GSASL_SCRAM_SHA_256 will be defined
when this happens.
-.new
To see the list of mechanisms supported by the library run Exim with "auth" debug
enabled and look for a line containing "GNU SASL supports".
Note however that some may not have been tested from Exim.
-.wen
.option client_authz gsasl string&!! unset
.option client_spassword gsasl string&!! unset
-.new
This option is only supported for library versions 1.9.1 and greater.
The macro _HAVE_AUTH_GSASL_SCRAM_S_KEY will be defined when this is so.
-.wen
If a SCRAM mechanism is being used and this option is set
and correctly sized
Note that this value will depend on the salt and iteration-count
supplied by the server.
The option is expanded before use.
-.new
During the expansion &$auth1$& is set with the client username,
&$auth2$& with the iteration count, and
&$auth3$& with the salt.
plus the calculated salted password value value in &$auth4$&,
during the expansion of the &%client_set_id%& option.
A side-effect of this expansion can be used to prime the cache.
-.wen
.option server_channelbinding gsasl boolean false
. Do not plan to rely upon this feature for security, ever, without consulting
. with a subject matter expert (a cryptographic engineer).
-.new
This option was deprecated in previous releases due to doubts over
the "Triple Handshake" vulnerability.
Exim takes suitable precausions (requiring Extended Master Secret if TLS
Session Resumption was used) for safety.
-.wen
.option server_hostname gsasl string&!! "see below"
This should be documented with the feature. If the documentation does not
explicitly state that the feature is infeasible in the other TLS
implementation, then patches are welcome.
-.new
.next
The output from "exim -bV" will show which (if any) support was included
in the build.
Also, the macro "_HAVE_OPENSSL" or "_HAVE_GNUTLS" will be defined.
-.wen
.endlist
.endd
-.new
.section "Caching of static server configuration items" "SECTserverTLScache"
.cindex certificate caching
.cindex privatekey caching
Caching of the system Certificate Authorities bundle can
save siginificant time and processing on every TLS connection
accepted by Exim.
-.wen
The &%tls_verify_cert_hostnames%& option lists hosts for which additional
name checks are made on the server certificate.
-.new
The match against this list is, as per other Exim usage, the
IP for the host. That is most closely associated with the
name on the DNS A (or AAAA) record for the host.
However, the name that needs to be in the certificate
is the one at the head of any CNAME chain leading to the A record.
-.wen
The option defaults to always checking.
The &(smtp)& transport has two OCSP-related options:
-.new
.section "Caching of static client configuration items" "SECTclientTLScache"
.cindex certificate caching
.cindex privatekey caching
Caching of the system Certificate Authorities bundle can
save siginificant time and processing on every TLS connection
initiated by Exim.
-.wen
only point of caution. The &$tls_out_sni$& variable will be set to this string
for the lifetime of the client connection (including during authentication).
-.new
If DANE validated the connection attempt then the value of the &%tls_sni%& option
is forced to the domain part of the recipient address.
-.wen
Except during SMTP client sessions, if &$tls_in_sni$& is set then it is a string
received from a client.
0.5.10. (Its presence predates the current API which Exim uses, so if Exim
built, then you have SNI support).
-.new
.cindex TLS ALPN
.cindex ALPN "general information"
.cindex TLS "Application Layer Protocol Names"
This feature is available when Exim is built with
OpenSSL 1.1.0 or later or GnuTLS 3.2.0 or later;
the macro _HAVE_TLS_ALPN will be defined when this is so.
-.wen
.ecindex IIDencsmtp2
-.new
.section "TLS Resumption" "SECTresumption"
.cindex TLS resumption
TLS Session Resumption for TLS 1.2 and TLS 1.3 connections can be used (defined
.endlist
.endlist
-.wen
.section DANE "SECDANE"
response.
.vindex "&$acl_verify_message$&"
-.new
While the text is being expanded, the &$acl_verify_message$& variable
contains any message previously set.
Afterwards, &$acl_verify_message$& is cleared.
-.wen
If &%message%& is used on a statement that verifies an address, the message
specified overrides any message that is generated by the verification process.
non-SMTP ACLs. It causes the incoming message to be scanned for a match with
any of the regular expressions. For details, see chapter &<<CHAPexiscan>>&.
+ .new
+ .vitem &*seen&~=&~*&<&'parameters'&>
+ .cindex "&%sseen%& ACL condition"
+ This condition can be used to test if a situation has been previously met,
+ for example for greylisting.
+ Details are given in section &<<SECTseen>>&.
+ .wen
+
.vitem &*sender_domains&~=&~*&<&'domain&~list'&>
.cindex "&%sender_domains%& ACL condition"
.cindex "sender" "ACL checking"
different values. Some DNS lists may return more than one address record;
see section &<<SECThanmuldnsrec>>& for details of how they are checked.
-.new
Values returned by a properly running DBSBL should be in the 127.0.0.0/8
range. If a DNSBL operator loses control of the domain, lookups on it
may start returning other addresses. Because of this, Exim now ignores
returned values outside the 127/8 region.
-.wen
.section "Variables set from DNS lists" "SECID204"
dnslists = <; dnsbl.example.com/<|$acl_m_addrslist
.endd
+
+ .new
+ .section "Previously seen user and hosts" "SECTseen"
+ .cindex "&%sseen%& ACL condition"
+ .cindex greylisting
+ The &%seen%& ACL condition can be used to test whether a
+ situation has been previously met.
+ It uses a hints database to record a timestamp against a key.
+ host. The syntax of the condition is:
+ .display
+ &`seen =`& <&'time interval'&> &`/`& <&'options'&>
+ .endd
+
+ For example,
+ .code
+ defer seen = -5m / key=${sender_host_address}_$local_part@$domain
+ .endd
+ in a RCPT ACL will implement simple greylisting.
+
+ The parameters for the condition
+ are an interval followed, slash-separated, by a list of options.
+ The interval is taken as an offset before the current time,
+ and used for the test.
+ If the interval is preceded by a minus sign then the condition returns
+ whether a record is found which is before the test time.
+ Otherwise, the condition returns whether one is found which is since the
+ test time.
+
+ Options are read in order with later ones overriding earlier ones.
+
+ The default key is &$sender_host_address$&.
+ An explicit key can be set using a &%key=value%& option.
+
+ If a &%readonly%& option is given then
+ no record create or update is done.
+ If a &%write%& option is given then
+ a record create or update is always done.
+ An update is done if the test is for &"since"&.
+
+ Creates and updates are marked with the current time.
+
+ Finally, a &"before"& test which succeeds, and for which the record
+ is old enough, will be refreshed with a timestamp of the test time.
+ This can prevent tidying of the database from removing the entry.
+ The interval for this is, by default, 10 days.
+ An explicit interval can be set using a
+ &%refresh=value%& option.
+
+ Note that &"seen"& should be added to the list of hints databases
+ for maintenance if this ACL condition is used.
+ .wen
+
+
.section "Rate limiting incoming messages" "SECTratelimiting"
.cindex "rate limiting" "client sending"
.cindex "limiting client sending rates"
immediately after a successful redirection. By default, if a redirection
generates just one address, that address is also verified. See further
discussion in section &<<SECTredirwhilveri>>&.
-.new
.next
If the &%quota%& option is specified for recipient verify,
successful routing to an appendfile transport is followed by a call into
No actual delivery is done, but verification will succeed if the quota
is sufficient for the message (if the sender gave a message size) or
not already exceeded (otherwise).
-.wen
.endlist
.cindex "verifying address" "differentiating failures"
&%recipient%&: The RCPT command in a callout was rejected.
.next
&%postmaster%&: The postmaster check in a callout was rejected.
-.new
.next
&%quota%&: The quota check for a local recipient did non pass.
.endlist
-.new
.section "Quota caching" "SECTquotacache"
.cindex "hints database" "quota cache"
.cindex "quota" "cache, description of"
.vitem &*no_cache*&
Set both positive and negative lifetimes to zero.
-.wen
.section "Sender address verification reporting" "SECTsenaddver"
.cindex "verifying" "suppressing error details"
.vlist
.vitem &*int&~body_linecount*&
This variable contains the number of lines in the message's body.
-It is not valid if the &%spool_files_wireformat%& option is used.
+It is not valid if the &%spool_wireformat%& option is used.
.vitem &*int&~body_zerocount*&
This variable contains the number of binary zero bytes in the message's body.
-It is not valid if the &%spool_files_wireformat%& option is used.
+It is not valid if the &%spool_wireformat%& option is used.
.vitem &*unsigned&~int&~debug_selector*&
This variable is set to zero when no debugging is taking place. Otherwise, it
.vitem &*header_line&~*header_last*&
A pointer to the last of the header lines.
- .vitem &*uschar&~*headers_charset*&
+ .new
+ .vitem &*const&~uschar&~*headers_charset*&
The value of the &%headers_charset%& configuration option.
+ .wen
.vitem &*BOOL&~host_checking*&
This variable is TRUE during a host checking session that is initiated by the
lists_post:
driver = redirect
domains = lists.example
- senders = ${if exists {/usr/lists/$local_part}\
- {lsearch;/usr/lists/$local_part}{*}}
+ local_parts = ${lookup {$local_part} dsearch,filter=file,ret=full {/usr/lists}}
+ senders = ${if exists {$local_part_data} {lsearch;$local_part_data}{*}}
file = ${lookup {$local_part} dsearch,ret=full {/usr/lists}}
forbid_pipe
forbid_file
SMTP RCPT commands in one transaction) the second and subsequent addresses are
flagged with &`->`& instead of &`=>`&. When two or more messages are delivered
down a single SMTP connection, an asterisk follows the
-.new
remote IP address (and port if enabled)
-.wen
in the log lines for the second and subsequent messages.
When two or more messages are delivered down a single TLS connection, the
DNS and some TLS-related information logged for the first message delivered
followed by a colon and the port number. The local interface and port are also
added to other SMTP log lines, for example, &"SMTP connection from"&, to
rejection lines, and (despite the name) to outgoing
-.new
&"=>"&, &"->"&, &"=="& and &"**"& lines.
-.wen
The latter can be disabled by turning off the &%outgoing_interface%& option.
.next
.cindex log "incoming proxy address"
.next
.cindex "log" "TLS resumption"
.cindex "TLS" "logging session resumption"
-.new
&%tls_resumption%&: When a message is sent or received over an encrypted
connection and the TLS session resumed one used on a previous TCP connection,
an asterisk is appended to the X= cipher field in the log line.
-.wen
.next
.cindex "log" "TLS SNI"
.cindex "TLS" "logging SNI"
.next
&'ratelimit'&: the data for implementing the ratelimit ACL condition
.next
-.new
&'tls'&: TLS session resumption data
-.wen
.next
&'misc'&: other hints data
.endlist
.section "exim_dumpdb" "SECTdumpdb"
.cindex "&'exim_dumpdb'&"
The entire contents of a database are written to the standard output by the
- &'exim_dumpdb'& program, which has no options or arguments other than the
- spool and database names. For example, to dump the retry database:
+ &'exim_dumpdb'& program,
+ .new
+ taking as arguments the spool and database names.
+ An option &'-z'& may be given to regest times in UTC;
+ otherwise times are in the local timezone.
+ .wen
+ For example, to dump the retry database:
.code
exim_dumpdb /var/spool/exim retry
.endd
.cindex "&'exim_fixdb'&"
The &'exim_fixdb'& program is a utility for interactively modifying databases.
Its main use is for testing Exim, but it might also be occasionally useful for
- getting round problems in a live system. It has no options, and its interface
+ getting round problems in a live system. Its interface
is somewhat crude. On entry, it prompts for input with a right angle-bracket. A
key of a database record can then be entered, and the data for that record is
displayed.
sequence of digit pairs for year, month, day, hour, and minute. Colons can be
used as optional separators.
+ .new
+ Both displayed and input times are in the local timezone by default.
+ If an option &'-z'& is used on the command line, displayed times
+ are in UTC.
+ .wen
+
If the option is empty after expansion, DKIM signing is not done for this domain,
and no error will result even if &%dkim_strict%& is set.
-.new
To do, for example, dual-signing with RSA and EC keys
this could be be used:
.code
dkim_selector = ec_sel : rsa_sel
dkim_private_key = KEYS_DIR/$dkim_selector
.endd
-.wen
.option dkim_private_key smtp string&!! unset
This sets the private key to use.
.section "SRS (Sender Rewriting Scheme)" SECTSRS
.cindex SRS "sender rewriting scheme"
-.new
SRS can be used to modify sender addresses when forwarding so that
SPF verification does not object to them.
It operates by encoding the original envelope sender in a new
.endd
-.wen
affect Exim's operation, with an unchanged configuration file. For new
options, and new features, see the NewStuff file next to this ChangeLog.
+ Since 4.95
+ ----------
+
+ JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from
+ after reception to before a subsequence reception. This should
+ mean slightly faster delivery, and also confirmation of reception
+ to senders.
+
+ JH/02 Move from using the pcre library to pcre2. The former is no longer
+ being developed or supported (by the original developer).
+
+ JH/03 Constification work in the filters module required a major version
+ bump for the local-scan API. Specifically, the "headers_charset"
+ global which is visible via the API is now const and may therefore
+ not be modified by local-scan code.
+
Exim version 4.95
-----------------
JH/58 GnuTLS: Fix certextract expansion. If a second modifier after a tag
modifier was given, a loop resulted.
+JH/59 DKIM: Fix small-message verification under TLS with chunking. If a
+ pipelined SMTP command followed the BDAT LAST then it would be
+ incorrectly treated as part of the message body, causing a verification
+ fail.
+
+JH/60 Bug 2805: Fix logging of domain-literals in Message_ID: headers. They
+ require looser validation rules than those for 821-level addresses,
+ which only permit IP addresses.
+
Exim version 4.94
-----------------
test from the snapshots or the Git before the documentation is updated. Once
the documentation is updated, this file is reduced to a short list.
+ Version 4.96
+ ------------
+
+ 1. A new ACL condition: seen. Records/tests a timestamp against a key.
+
+ 2. A variant of the "mask" expansion operator to give normalised IPv6.
+
+ 3. UTC output option for exim_dumpdb, exim_fixdb
+
+
Version 4.95
------------
18. TLS ALPN handling. By default, refuse TLS connections that try to specify
a non-smtp (eg. http) use. Options for customising.
+19. Support for MacOS (darwin) has been dropped.
+
Version 4.94
------------
#include "exim.h"
+#ifndef MACRO_PREDEF
/* Default callout timeout */
[ACL_WARN] = BIT(OK)
};
+#endif
+
/* ACL condition and modifier codes - keep in step with the table that
follows.
down. */
ACLC_REGEX,
#endif
ACLC_REMOVE_HEADER,
+ ACLC_SEEN,
ACLC_SENDER_DOMAINS,
ACLC_SENDERS,
ACLC_SET,
ACL_BIT_MIME | ACL_BIT_NOTSMTP |
ACL_BIT_NOTSMTP_START),
},
+ [ACLC_SEEN] = { US"seen", TRUE, FALSE, 0 },
[ACLC_SENDER_DOMAINS] = { US"sender_domains", FALSE, FALSE,
ACL_BIT_AUTH | ACL_BIT_CONNECT |
ACL_BIT_HELO |
};
+#ifdef MACRO_PREDEF
+# include "macro_predef.h"
+void
+features_acl(void)
+{
+for (condition_def * c = conditions; c < conditions + nelem(conditions); c++)
+ {
+ uschar buf[64], * p, * s;
+ int n = sprintf(CS buf, "_ACL_%s_", c->is_modifier ? "MOD" : "COND");
+ for (p = buf + n, s = c->name; *s; s++) *p++ = toupper(*s);
+ *p = '\0';
+ builtin_macro_create(buf);
+ }
+}
+#endif
+
+
+#ifndef MACRO_PREDEF
/* Return values from decode_control(); used as index so keep in step
with the controls_list table that follows! */
+ /*************************************************
+ * Handle a check for previously-seen *
+ *************************************************/
+
+ /*
+ ACL clauses like: seen = -5m / key=$foo / readonly
+
+ Return is true for condition-true - but the semantics
+ depend heavily on the actual use-case.
+
+ Negative times test for seen-before, positive for seen-more-recently-than
+ (the given interval before current time).
+
+ All are subject to history not having been cleaned from the DB.
+
+ Default for seen-before is to create if not present, and to
+ update if older than 10d (with the seen-test time).
+ Default for seen-since is to always create or update.
+
+ Options:
+ key=value. Default key is $sender_host_address
+ readonly
+ write
+ refresh=<interval>: update an existing DB entry older than given
+ amount. Default refresh lacking this option is 10d.
+ The update sets the record timestamp to the seen-test time.
+
+ XXX do we need separate nocreate, noupdate controls?
+
+ Arguments:
+ arg the option string for seen=
+ where ACL_WHERE_xxxx indicating which ACL this is
+ log_msgptr for error messages
+
+ Returns: OK - Condition is true
+ FAIL - Condition is false
+ DEFER - Problem opening history database
+ ERROR - Syntax error in options
+ */
+
+ static int
+ acl_seen(const uschar * arg, int where, uschar ** log_msgptr)
+ {
+ enum { SEEN_DEFAULT, SEEN_READONLY, SEEN_WRITE };
+
+ const uschar * list = arg;
+ int slash = '/', equal = '=', interval, mode = SEEN_DEFAULT, yield = FAIL;
+ BOOL before;
+ int refresh = 10 * 24 * 60 * 60; /* 10 days */
+ const uschar * ele, * key = sender_host_address;
+ open_db dbblock, * dbm;
+ dbdata_seen * dbd;
+ time_t now;
+
+ /* Parse the first element, the time-relation. */
+
+ if (!(ele = string_nextinlist(&list, &slash, NULL, 0)))
+ goto badparse;
+ if ((before = *ele == '-'))
+ ele++;
+ if ((interval = readconf_readtime(ele, 0, FALSE)) < 0)
+ goto badparse;
+
+ /* Remaining elements are options */
+
+ while ((ele = string_nextinlist(&list, &slash, NULL, 0)))
+ if (Ustrncmp(ele, "key=", 4) == 0)
+ key = ele + 4;
+ else if (Ustrcmp(ele, "readonly") == 0)
+ mode = SEEN_READONLY;
+ else if (Ustrcmp(ele, "write") == 0)
+ mode = SEEN_WRITE;
+ else if (Ustrncmp(ele, "refresh=", 8) == 0)
+ {
+ if ((refresh = readconf_readtime(ele + 8, 0, FALSE)) < 0)
+ goto badparse;
+ }
+ else
+ goto badopt;
+
+ if (!(dbm = dbfn_open(US"seen", O_RDWR, &dbblock, TRUE, TRUE)))
+ {
+ HDEBUG(D_acl) debug_printf_indent("database for 'seen' not available\n");
+ *log_msgptr = US"database for 'seen' not available";
+ return DEFER;
+ }
+
+ dbd = dbfn_read_with_length(dbm, key, NULL);
+ now = time(NULL);
+ if (dbd) /* an existing record */
+ {
+ time_t diff = now - dbd->time_stamp; /* time since the record was written */
+
+ if (before ? diff >= interval : diff < interval)
+ yield = OK;
+
+ if (mode == SEEN_READONLY)
+ { HDEBUG(D_acl) debug_printf_indent("seen db not written (readonly)\n"); }
+ else if (mode == SEEN_WRITE || !before)
+ {
+ dbd->time_stamp = now;
+ dbfn_write(dbm, key, dbd, sizeof(*dbd));
+ HDEBUG(D_acl) debug_printf_indent("seen db written (update)\n");
+ }
+ else if (diff >= refresh)
+ {
+ dbd->time_stamp = now - interval;
+ dbfn_write(dbm, key, dbd, sizeof(*dbd));
+ HDEBUG(D_acl) debug_printf_indent("seen db written (refresh)\n");
+ }
+ }
+ else
+ { /* No record found, yield always FAIL */
+ if (mode != SEEN_READONLY)
+ {
+ dbdata_seen d = {.time_stamp = now};
+ dbfn_write(dbm, key, &d, sizeof(*dbd));
+ HDEBUG(D_acl) debug_printf_indent("seen db written (create)\n");
+ }
+ else
+ HDEBUG(D_acl) debug_printf_indent("seen db not written (readonly)\n");
+ }
+
+ dbfn_close(dbm);
+ return yield;
+
+
+ badparse:
+ *log_msgptr = string_sprintf("failed to parse '%s'", arg);
+ return ERROR;
+ badopt:
+ *log_msgptr = string_sprintf("unrecognised option '%s' in '%s'", ele, arg);
+ return ERROR;
+ }
+
+
+
/*************************************************
* The udpsend ACL modifier *
*************************************************/
setup_remove_header(arg);
break;
+ case ACLC_SEEN:
+ rc = acl_seen(arg, where, log_msgptr);
+ break;
+
case ACLC_SENDER_DOMAINS:
{
uschar *sdomain;
fprintf(f, "-acl%c %s %d\n%s\n", name[0], name+1, Ustrlen(value), value);
}
+#endif /* !MACRO_PREDEF */
/* vi: aw ai sw=2
*/
/* End of acl.c */
extern void tls_free_cert(void **);
extern int tls_getc(unsigned);
extern uschar *tls_getbuf(unsigned *);
-extern void tls_get_cache(void);
+extern void tls_get_cache(unsigned);
extern BOOL tls_import_cert(const uschar *, void **);
extern BOOL tls_is_name_for_cert(const uschar *, void *);
# ifdef USE_OPENSSL
extern const uschar *parse_find_at(const uschar *);
extern const uschar *parse_fix_phrase(const uschar *, int);
extern const uschar *parse_message_id(const uschar *, uschar **, uschar **);
- extern const uschar *parse_quote_2047(const uschar *, int, uschar *, BOOL);
+ extern const uschar *parse_quote_2047(const uschar *, int, const uschar *,
+ BOOL);
extern const uschar *parse_date_time(const uschar *str, time_t *t);
extern void priv_drop_temp(const uid_t, const gid_t);
extern void priv_restore(void);
#ifdef WITH_CONTENT_SCAN
extern int regex(const uschar **);
#endif
- extern BOOL regex_match_and_setup(const pcre *, const uschar *, int, int);
- extern const pcre *regex_must_compile(const uschar *, BOOL, BOOL);
+ extern BOOL regex_match(const pcre2_code *, const uschar *, int, uschar **);
+ extern BOOL regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
+ extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
extern void retry_add_item(address_item *, uschar *, int);
extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL,
uschar **, uschar **);
extern const uschar *rewrite_one(const uschar *, int, BOOL *, BOOL, uschar *,
rewrite_rule *);
extern void rewrite_test(const uschar *);
- extern uschar *rfc2047_decode2(uschar *, BOOL, uschar *, int, int *, int *,
- uschar **);
+ extern uschar *rfc2047_decode2(uschar *, BOOL, const uschar *, int, int *,
+ int *, uschar **);
extern int route_address(address_item *, address_item **, address_item **,
address_item **, address_item **, int);
extern int route_check_prefix(const uschar *, const uschar *, unsigned *);
extern BOOL smtp_get_port(uschar *, address_item *, int *, uschar *);
extern int smtp_getc(unsigned);
extern uschar *smtp_getbuf(unsigned *);
-extern void smtp_get_cache(void);
+extern void smtp_get_cache(unsigned);
extern int smtp_handle_acl_fail(int, int, uschar *, uschar *);
extern void smtp_log_no_mail(void);
extern void smtp_message_code(uschar **, int *, uschar **, uschar **, BOOL);
uschar *dsn_envid = NULL;
int dsn_ret = 0;
- const pcre *regex_DSN = NULL;
+ const pcre2_code *regex_DSN = NULL;
uschar *dsn_advertise_hosts = NULL;
#ifndef DISABLE_TLS
BOOL gnutls_allow_auto_pkcs11 = FALSE;
uschar *hosts_require_alpn = NULL;
uschar *openssl_options = NULL;
- const pcre *regex_STARTTLS = NULL;
+ const pcre2_code *regex_STARTTLS = NULL;
uschar *tls_advertise_hosts = US"*";
uschar *tls_alpn = US"smtp:esmtp";
uschar *tls_certificate = NULL;
/* Per Recipient Data Response variables */
BOOL prdr_enable = FALSE;
BOOL prdr_requested = FALSE;
- const pcre *regex_PRDR = NULL;
+ const pcre2_code *regex_PRDR = NULL;
#endif
#ifdef SUPPORT_I18N
- const pcre *regex_UTF8 = NULL;
+ const pcre2_code *regex_UTF8 = NULL;
#endif
/* Input-reading functions for messages, so we can use special ones for
int (*lwr_receive_ungetc)(int) = stdin_ungetc;
int (*receive_getc)(unsigned) = stdin_getc;
uschar * (*receive_getbuf)(unsigned *) = NULL;
-void (*receive_get_cache)(void)= NULL;
+void (*receive_get_cache)(unsigned) = NULL;
int (*receive_ungetc)(int) = stdin_ungetc;
int (*receive_feof)(void) = stdin_feof;
int (*receive_ferror)(void) = stdin_ferror;
uschar *auth_defer_msg = US"reason not recorded";
uschar *auth_defer_user_msg = US"";
- uschar *auth_vars[AUTH_VARS];
+ const uschar *auth_vars[AUTH_VARS];
int auto_thaw = 0;
#ifdef WITH_CONTENT_SCAN
int av_failed = FALSE; /* boolean but accessed as vtype_int*/
unsigned chunking_datasize = 0;
unsigned chunking_data_left = 0;
chunking_state_t chunking_state= CHUNKING_NOT_OFFERED;
- const pcre *regex_CHUNKING = NULL;
+ const pcre2_code *regex_CHUNKING = NULL;
#ifdef EXPERIMENTAL_ESMTP_LIMITS
- const pcre *regex_LIMITS = NULL;
+ const pcre2_code *regex_LIMITS = NULL;
#endif
uschar *client_authenticator = NULL;
int expand_forbid = 0;
int expand_nlength[EXPAND_MAXN+1];
int expand_nmax = -1;
- uschar *expand_nstring[EXPAND_MAXN+1];
+ const uschar *expand_nstring[EXPAND_MAXN+1];
uschar *expand_string_message;
uschar *extra_local_interfaces = NULL;
volatile sig_atomic_t had_command_sigterm = 0;
volatile sig_atomic_t had_data_timeout = 0;
volatile sig_atomic_t had_data_sigint = 0;
- uschar *headers_charset = US HEADERS_CHARSET;
+ const uschar *headers_charset = US HEADERS_CHARSET;
int header_insert_maxlen = 64 * 1024;
header_line *header_last = NULL;
header_line *header_list = NULL;
uschar *message_id;
uschar *message_id_domain = NULL;
uschar *message_id_text = NULL;
- struct timeval message_id_tv = { 0, 0 };
uschar message_id_option[MESSAGE_ID_LENGTH + 3];
uschar *message_id_external;
int message_linecount = 0;
uschar *override_local_interfaces = NULL;
uschar *override_pid_file_path = NULL;
+ pcre2_general_context * pcre_gen_ctx = NULL;
+ pcre2_compile_context * pcre_cmp_ctx = NULL;
+ pcre2_match_context * pcre_mtc_ctx = NULL;
+
uschar *percent_hack_domains = NULL;
uschar *pid_file_path = US PID_FILE_PATH
"\0<--------------Space to patch pid_file_path->";
recipient_item *recipients_list = NULL;
int recipients_list_max = 0;
int recipients_max = 50000;
- const pcre *regex_AUTH = NULL;
- const pcre *regex_check_dns_names = NULL;
- const pcre *regex_From = NULL;
- const pcre *regex_IGNOREQUOTA = NULL;
- const pcre *regex_PIPELINING = NULL;
- const pcre *regex_SIZE = NULL;
+ const pcre2_code *regex_AUTH = NULL;
+ const pcre2_code *regex_check_dns_names = NULL;
+ const pcre2_code *regex_From = NULL;
+ const pcre2_code *regex_IGNOREQUOTA = NULL;
+ const pcre2_code *regex_PIPELINING = NULL;
+ const pcre2_code *regex_SIZE = NULL;
#ifndef DISABLE_PIPE_CONNECT
- const pcre *regex_EARLY_PIPE = NULL;
+ const pcre2_code *regex_EARLY_PIPE = NULL;
#endif
- const pcre *regex_ismsgid = NULL;
- const pcre *regex_smtp_code = NULL;
- uschar *regex_vars[REGEX_VARS];
+ const pcre2_code *regex_ismsgid = NULL;
+ const pcre2_code *regex_smtp_code = NULL;
+ const uschar *regex_vars[REGEX_VARS];
#ifdef WHITELIST_D_MACROS
- const pcre *regex_whitelisted_macro = NULL;
+ const pcre2_code *regex_whitelisted_macro = NULL;
#endif
#ifdef WITH_CONTENT_SCAN
uschar *regex_match_string = NULL;
extern BOOL gnutls_allow_auto_pkcs11; /* Let GnuTLS autoload PKCS11 modules */
extern uschar *hosts_require_alpn; /* Mandatory ALPN successful nogitiation */
extern uschar *openssl_options; /* OpenSSL compatibility options */
- extern const pcre *regex_STARTTLS; /* For recognizing STARTTLS settings */
+ extern const pcre2_code *regex_STARTTLS; /* For recognizing STARTTLS settings */
extern uschar *tls_alpn; /* ALPN names acceptable */
extern uschar *tls_certificate; /* Certificate file */
extern uschar *tls_crl; /* CRL File */
extern uschar *dsn_envid; /* DSN envid string */
extern int dsn_ret; /* DSN ret type*/
- extern const pcre *regex_DSN; /* For recognizing DSN settings */
+ extern const pcre2_code *regex_DSN; /* For recognizing DSN settings */
extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */
/* Input-reading functions for messages, so we can use special ones for
extern int (*lwr_receive_ungetc)(int);
extern int (*receive_getc)(unsigned);
extern uschar * (*receive_getbuf)(unsigned *);
-extern void (*receive_get_cache)(void);
+extern void (*receive_get_cache)(unsigned);
extern int (*receive_ungetc)(int);
extern int (*receive_feof)(void);
extern int (*receive_ferror)(void);
extern uschar *acl_smtp_data; /* ACL run after DATA received */
#ifndef DISABLE_PRDR
extern uschar *acl_smtp_data_prdr; /* ACL run after DATA received if in PRDR mode*/
- const extern pcre *regex_PRDR; /* For recognizing PRDR settings */
+ const extern pcre2_code *regex_PRDR; /* For recognizing PRDR settings */
#endif
#ifndef DISABLE_DKIM
extern uschar *acl_smtp_dkim; /* ACL run for DKIM signatures / domains */
extern auth_instance auth_defaults; /* Default values */
extern uschar *auth_defer_msg; /* Error message for log */
extern uschar *auth_defer_user_msg; /* Error message for user */
- extern uschar *auth_vars[]; /* $authn variables */
+ extern const uschar *auth_vars[]; /* $authn variables */
extern int auto_thaw; /* Auto-thaw interval */
#ifdef WITH_CONTENT_SCAN
extern int av_failed; /* TRUE if the AV process failed */
extern int expand_forbid; /* RDO flags for forbidding things */
extern int expand_nlength[]; /* Lengths of numbered strings */
extern int expand_nmax; /* Max numerical value */
- extern uschar *expand_nstring[]; /* Numbered strings */
+ extern const uschar *expand_nstring[]; /* Numbered strings */
extern BOOL extract_addresses_remove_arguments; /* Controls -t behaviour */
extern uschar *extra_local_interfaces; /* Local, non-listen interfaces */
extern uschar *message_id_external; /* External form of following */
extern uschar *message_id_domain; /* Expanded to form domain-part of message_id */
extern uschar *message_id_text; /* Expanded to form message_id */
- extern struct timeval message_id_tv; /* Time used to create last message_id */
extern int message_linecount; /* As it says */
extern BOOL message_logs; /* TRUE to write message logs */
extern int message_size; /* Size of message */
#ifdef SUPPORT_I18N
extern BOOL message_smtputf8; /* Internationalized mail handling */
extern int message_utf8_downconvert; /* convert from utf8 */
- const extern pcre *regex_UTF8; /* For recognizing SMTPUTF8 settings */
+ const extern pcre2_code *regex_UTF8; /* For recognizing SMTPUTF8 settings */
#endif
extern uschar message_subdir[]; /* Subdirectory for messages */
extern uschar *message_reference; /* Reference for error messages */
extern uschar *override_local_interfaces; /* Value of -oX argument */
extern uschar *override_pid_file_path; /* Value of -oP argument */
+ extern pcre2_general_context * pcre_gen_ctx; /* pcre memory management */
+ extern pcre2_compile_context * pcre_cmp_ctx;
+ extern pcre2_match_context * pcre_mtc_ctx;
+
extern uschar *percent_hack_domains; /* Local domains for which '% operates */
extern uschar *pid_file_path; /* For writing daemon pids */
#ifndef DISABLE_PIPE_CONNECT
extern int recipients_list_max; /* Maximum number fitting in list */
extern int recipients_max; /* Max permitted */
extern BOOL recipients_max_reject; /* If TRUE, reject whole message */
- extern const pcre *regex_AUTH; /* For recognizing AUTH settings */
- extern const pcre *regex_check_dns_names; /* For DNS name checking */
- extern const pcre *regex_From; /* For recognizing "From_" lines */
- extern const pcre *regex_CHUNKING; /* For recognizing CHUNKING (RFC 3030) */
- extern const pcre *regex_IGNOREQUOTA; /* For recognizing IGNOREQUOTA (LMTP) */
+ extern const pcre2_code *regex_AUTH; /* For recognizing AUTH settings */
+ extern const pcre2_code *regex_check_dns_names; /* For DNS name checking */
+ extern const pcre2_code *regex_From; /* For recognizing "From_" lines */
+ extern const pcre2_code *regex_CHUNKING; /* For recognizing CHUNKING (RFC 3030) */
+ extern const pcre2_code *regex_IGNOREQUOTA; /* For recognizing IGNOREQUOTA (LMTP) */
#ifdef EXPERIMENTAL_ESMTP_LIMITS
- extern const pcre *regex_LIMITS; /* For recognizing LIMITS */
+ extern const pcre2_code *regex_LIMITS; /* For recognizing LIMITS */
#endif
- extern const pcre *regex_PIPELINING; /* For recognizing PIPELINING */
- extern const pcre *regex_SIZE; /* For recognizing SIZE settings */
+ extern const pcre2_code *regex_PIPELINING; /* For recognizing PIPELINING */
+ extern const pcre2_code *regex_SIZE; /* For recognizing SIZE settings */
#ifndef DISABLE_PIPE_CONNECT
- extern const pcre *regex_EARLY_PIPE; /* For recognizing PIPE_CONNCT */
+ extern const pcre2_code *regex_EARLY_PIPE; /* For recognizing PIPE_CONNCT */
#endif
- extern const pcre *regex_ismsgid; /* Compiled r.e. for message it */
- extern const pcre *regex_smtp_code; /* For recognizing SMTP codes */
- extern uschar *regex_vars[]; /* $regexN variables */
+ extern const pcre2_code *regex_ismsgid; /* Compiled r.e. for message ID */
+ extern const pcre2_code *regex_smtp_code; /* For recognizing SMTP codes */
+ extern const uschar *regex_vars[]; /* $regexN variables */
#ifdef WHITELIST_D_MACROS
- extern const pcre *regex_whitelisted_macro; /* For -D macro values */
+ extern const pcre2_code *regex_whitelisted_macro; /* For -D macro values */
#endif
#ifdef WITH_CONTENT_SCAN
extern uschar *regex_match_string; /* regex that matched a line (regex ACL condition) */
#define MALWARE_TIMEOUT 120 /* default timeout, seconds */
static const uschar * malware_regex_default = US ".+";
- static const pcre * malware_default_re = NULL;
+ static const pcre2_code * malware_default_re = NULL;
#ifndef DISABLE_MAL_CLAM
# define DERR_BAD_CALL (1<<15) /* wrong command */
static const uschar * drweb_re_str = US "infected\\swith\\s*(.+?)$";
- static const pcre * drweb_re = NULL;
+ static const pcre2_code * drweb_re = NULL;
#endif
#ifndef DISABLE_MAL_FSECURE
static const uschar * fsec_re_str = US "\\S{0,5}INFECTED\\t[^\\t]*\\t([^\\t]+)\\t\\S*$";
- static const pcre * fsec_re = NULL;
+ static const pcre2_code * fsec_re = NULL;
#endif
#ifndef DISABLE_MAL_KAV
static const uschar * kav_re_sus_str = US "suspicion:\\s*(.+?)\\s*$";
static const uschar * kav_re_inf_str = US "infected:\\s*(.+?)\\s*$";
- static const pcre * kav_re_sus = NULL;
- static const pcre * kav_re_inf = NULL;
+ static const pcre2_code * kav_re_sus = NULL;
+ static const pcre2_code * kav_re_inf = NULL;
#endif
#ifndef DISABLE_MAL_AVAST
static const uschar * ava_re_clean_str = US "(?!\\\\)\\t\\[\\+\\]";
static const uschar * ava_re_virus_str = US "(?!\\\\)\\t\\[L\\]\\d+\\.0\\t0\\s(.*)";
static const uschar * ava_re_error_str = US "(?!\\\\)\\t\\[E\\]\\d+\\.0\\tError\\s\\d+\\s(.*)";
- static const pcre * ava_re_clean = NULL;
- static const pcre * ava_re_virus = NULL;
- static const pcre * ava_re_error = NULL;
+ static const pcre2_code * ava_re_clean = NULL;
+ static const pcre2_code * ava_re_virus = NULL;
+ static const pcre2_code * ava_re_error = NULL;
#endif
#ifndef DISABLE_MAL_FFROT6D
static const uschar * fprot6d_re_error_str = US "^\\d+\\s<(.+?)>$";
static const uschar * fprot6d_re_virus_str = US "^\\d+\\s<infected:\\s+(.+?)>\\s+.+$";
- static const pcre * fprot6d_re_error = NULL;
- static const pcre * fprot6d_re_virus = NULL;
+ static const pcre2_code * fprot6d_re_error = NULL;
+ static const pcre2_code * fprot6d_re_virus = NULL;
#endif
return sock;
}
- static const pcre *
+ static const pcre2_code *
m_pcre_compile(const uschar * re, uschar ** errstr)
{
- const uschar * rerror;
- int roffset;
- const pcre * cre;
+ int err;
+ PCRE2_SIZE roffset;
+ const pcre2_code * cre;
- if (!(cre = pcre_compile(CS re, PCRE_COPT, CCSS &rerror, &roffset, NULL)))
- *errstr= string_sprintf("regular expression error in '%s': %s at offset %d",
- re, rerror, roffset);
+ if (!(cre = pcre2_compile((PCRE2_SPTR)re, PCRE2_ZERO_TERMINATED,
+ PCRE_COPT, &err, &roffset, pcre_cmp_ctx)))
+ {
+ uschar errbuf[128];
+ pcre2_get_error_message(err, errbuf, sizeof(errbuf));
+ *errstr= string_sprintf("regular expression error in '%s': %s at offset %ld",
+ re, errbuf, (long)roffset);
+ }
return cre;
}
uschar *
- m_pcre_exec(const pcre * cre, uschar * text)
+ m_pcre_exec(const pcre2_code * cre, uschar * text)
{
- int ovector[10*3];
- int i = pcre_exec(cre, NULL, CS text, Ustrlen(text), 0, 0,
- ovector, nelem(ovector));
- uschar * substr = NULL;
+ pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx);
+ int i = pcre2_match(cre, text, PCRE2_ZERO_TERMINATED, 0, 0, md, pcre_mtc_ctx);
+ PCRE2_UCHAR * substr = NULL;
+ PCRE2_SIZE slen;
+
if (i >= 2) /* Got it */
- pcre_get_substring(CS text, ovector, i, 1, CCSS &substr);
- return substr;
+ pcre2_substring_get_bynumber(md, 1, &substr, &slen);
+ return US substr;
}
- static const pcre *
+ static const pcre2_code *
m_pcre_nextinlist(const uschar ** list, int * sep,
char * listerr, uschar ** errstr)
{
const uschar * list_ele;
- const pcre * cre = NULL;
+ const pcre2_code * cre = NULL;
if (!(list_ele = string_nextinlist(list, sep, NULL, 0)))
*errstr = US listerr;
uschar *scanner_name;
unsigned long mbox_size;
FILE *mbox_file;
- const pcre *re;
+ const pcre2_code *re;
uschar * errstr;
struct scan * scanent;
const uschar * scanner_options;
/* read and concatenate virus names into one string */
for (int i = 0; i < drweb_vnum; i++)
{
- int ovector[10*3];
+ pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx);
/* read the size of report */
if (!recv_len(malware_daemon_ctx.sock, &drweb_slen, sizeof(drweb_slen), tmo))
tmpbuf[drweb_slen] = '\0';
/* try matcher on the line, grab substring */
- result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0,
- ovector, nelem(ovector));
+ result = pcre2_match(drweb_re, (PCRE2_SPTR)tmpbuf, PCRE2_ZERO_TERMINATED,
+ 0, 0, md, pcre_mtc_ctx);
if (result >= 2)
{
- const char * pre_malware_nb;
-
- pcre_get_substring(CS tmpbuf, ovector, result, 1, &pre_malware_nb);
+ PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md);
if (i==0) /* the first name we just copy to malware_name */
- g = string_cat(NULL, US pre_malware_nb);
+ g = string_catn(NULL, US ovec[2], ovec[3] - ovec[2]);
- /*XXX could be string_append_listele? */
else /* concatenate each new virus name to previous */
- g = string_append(g, 2, "/", pre_malware_nb);
-
- pcre_free_substring(pre_malware_nb);
+ {
+ g = string_catn(g, US"/", 1);
+ g = string_catn(g, US ovec[2], ovec[3] - ovec[2]);
+ }
}
}
malware_name = string_from_gstring(g);
int kav_rc;
unsigned long kav_reportlen;
int bread;
- const pcre *kav_re;
+ const pcre2_code *kav_re;
uschar *p;
/* get current date and time, build scan request */
case M_CMDL: /* "cmdline" scanner type ---------------------------------- */
{
const uschar *cmdline_scanner = scanner_options;
- const pcre *cmdline_trigger_re;
- const pcre *cmdline_regex_re;
+ const pcre2_code *cmdline_trigger_re;
+ const pcre2_code *cmdline_regex_re;
uschar * file_name;
uschar * commandline;
void (*eximsigchld)(int);
if (!use_scan_command)
{ cmd_str.data = US"zINSTREAM"; cmd_str.len = 10; }
else
- cmd_str.data = string_sprintf("SCAN %s\n%n", eml_filename, &cmd_str.len);
+ {
+ int n;
+ cmd_str.data = string_sprintf("SCAN %s\n%n", eml_filename, &n);
+ cmd_str.len = n; /* .len is a size_t */
+ }
/* We have some network servers specified */
if (num_servers)
if (*p) ++p;
/* colon in returned output? */
- if(!(p = Ustrchr(av_buffer,':')))
+ if (!(p = Ustrchr(av_buffer,':')))
return m_panic_defer(scanent, CUS callout_address, string_sprintf(
"ClamAV returned malformed result (missing colon): %s",
av_buffer));
uschar * linebuffer;
uschar * sockline_scanner;
uschar sockline_scanner_default[] = "%s\n";
- const pcre *sockline_trig_re;
- const pcre *sockline_name_re;
+ const pcre2_code *sockline_trig_re;
+ const pcre2_code *sockline_name_re;
/* find scanner command line */
if ( (sockline_scanner = string_nextinlist(&av_scanner_work, &sep,
if (malware_name) /* Nothing else matters, just read on */
break;
- if (pcre_exec(ava_re_clean, NULL, CS buf, slen, 0, 0, NULL, 0) == 0)
+ if (regex_match(ava_re_clean, buf, slen, NULL))
break;
if ((malware_name = m_pcre_exec(ava_re_virus, buf)))
break;
}
}
- else if (pcre_exec(ava_re_error, NULL, CS buf, slen, 0, 0, NULL, 0) == 0)
+ else if (regex_match(ava_re_error, buf, slen, NULL))
{
log_write(0, LOG_MAIN, "internal scanner error (ignored): %s", buf);
break;
if (pattern[0] == '^')
{
- const pcre * re = regex_must_compile(pattern, cb->caseless, FALSE);
+ const pcre2_code * re = regex_must_compile(pattern, cb->caseless, FALSE);
if (expand_setup < 0
- ? pcre_exec(re, NULL, CCS s, Ustrlen(s), 0, PCRE_EOPT, NULL, 0) < 0
+ ? !regex_match(re, s, -1, NULL)
: !regex_match_and_setup(re, s, 0, expand_setup)
)
return FAIL;
/* For an unnamed list, use the expanded version in comments */
#define LIST_LIMIT_PR 2048
-HDEBUG(D_any) if (!ot)
+HDEBUG(D_any) if (!ot)
{
int n, m;
gstring * g = string_fmt_append(NULL, "%s in \"%n%.*s%n\"",
patterns.) Otherwise just the domain is lower cases. A magic item "+caseful" in
the list can be used to restore a caseful copy of the local part from the
original address.
-Limit the subject address size to avoid mem-exhastion attacks. The size chosen
+Limit the subject address size to avoid mem-exhaustion attacks. The size chosen
is historical (we used to use big_buffer here). */
if ((len = Ustrlen(address)) > BIG_BUFFER_SIZE) len = BIG_BUFFER_SIZE;
in []. Make sure the output is set to the null string if there is a syntax
error as well as if there is no domain at all.
+Optionally, msg_id domain literals ( printable-ascii enclosed in [] )
+are permitted.
+
Arguments:
s current character pointer
t where to put the domain
+ msg_id_literals flag for relaxed domain-literal processing
errorptr put error message here on failure (*t will be 0 on exit)
Returns: new character pointer
*/
static const uschar *
-read_domain(const uschar *s, uschar *t, uschar **errorptr)
+read_domain(const uschar *s, uschar *t, BOOL msg_id_literals, uschar **errorptr)
{
uschar *tt = t;
s = skip_comment(s);
t += 5;
s += 5;
}
- while (*s == '.' || *s == ':' || isxdigit(*s)) *t++ = *s++;
+
+ if (msg_id_literals)
+ while (*s >= 33 && *s <= 90 || *s >= 94 && *s <= 126) *t++ = *s++;
+ else
+ while (*s == '.' || *s == ':' || isxdigit(*s)) *t++ = *s++;
if (*s == ']') *t++ = *s++; else
{
*tt = 0;
}
- if (!allow_domain_literals)
+ if (!allow_domain_literals && !msg_id_literals)
{
*errorptr = US"domain literals not allowed";
*tt = 0;
while (*s == '@')
{
*t++ = '@';
- s = read_domain(s+1, t, errorptr);
+ s = read_domain(s+1, t, FALSE, errorptr);
if (*t == 0) return s;
t += Ustrlen((const uschar *)t);
if (*s != ',') break;
t += Ustrlen((const uschar *)t);
*t++ = *s++;
*domainptr = t;
- s = read_domain(s, t, errorptr);
+ s = read_domain(s, t, FALSE, errorptr);
}
return s;
}
{
if (*s == 0 || *s == ';')
{
- if (*t == 0) FAILED(US"empty address");
+ if (!*t) FAILED(US"empty address");
endptr = last_comment_position;
goto PARSE_SUCCEEDED; /* Bare local part */
}
}
endptr = s;
- if (*errorptr != NULL) goto PARSE_FAILED;
+ if (*errorptr) goto PARSE_FAILED;
while (bracket_count-- > 0) if (*s++ != '>')
{
*errorptr = s[-1] == 0
not enclosed in <> as well, which is indicated by an empty first local
part preceding '@'. The source routing is, however, ignored. */
-else if (*t == 0)
+else if (!*t)
{
uschar *domainptr = yield;
s = read_route(s, t, errorptr);
- if (*errorptr != NULL) goto PARSE_FAILED;
+ if (*errorptr) goto PARSE_FAILED;
*t = 0; /* Ensure route is ignored - probably overkill */
s = read_addr_spec(s, t, 0, errorptr, &domainptr);
- if (*errorptr != NULL) goto PARSE_FAILED;
+ if (*errorptr) goto PARSE_FAILED;
*domain = domainptr - yield;
endptr = last_comment_position;
if (*domain == 0) FAILED(US"domain missing in source-routed address");
t += Ustrlen((const uschar *)t);
*t++ = *s++;
*domain = t - yield;
- s = read_domain(s, t, errorptr);
- if (*t == 0) goto PARSE_FAILED;
+ s = read_domain(s, t, TRUE, errorptr);
+ if (!*t) goto PARSE_FAILED;
endptr = last_comment_position;
}
move it back past white space if necessary. */
PARSE_SUCCEEDED:
-if (*s != 0)
+if (*s)
{
if (f.parse_found_group && *s == ';')
{
*/
const uschar *
- parse_quote_2047(const uschar *string, int len, uschar *charset, BOOL fold)
+ parse_quote_2047(const uschar *string, int len, const uschar *charset,
+ BOOL fold)
{
const uschar * s = string;
int hlen, l;
int error_rc = error_handling == ERRORS_SENDER
? errors_sender_rc : EXIT_FAILURE;
int header_size = 256;
- int id_resolution = 0;
-int start, end, domain;
int had_zero = 0;
int prevlines_length = 0;
+ const int id_resolution = BASE_62 == 62 ? 5000 : 10000;
int ptr = 0;
uschar *timestamp;
int tslen;
+ /* Time of creation of message_id */
+
+ static struct timeval message_id_tv = { 0, 0 };
+
/* Release any open files that might have been cached while preparing to
accept the message - e.g. by verifying addresses - because reading a message
if (sender_host_address) dmarc_init(); /* initialize libopendmarc */
#endif
+ /* In SMTP sessions we may receive several messages in one connection. Before
+ each subsequent one, we wait for the clock to tick at the level of message-id
+ granularity.
+ This is so that the combination of time+pid is unique, even on systems where the
+ pid can be re-used within our time interval. We can't shorten the interval
+ without re-designing the message-id. See comments above where the message id is
+ created. This is Something For The Future.
+ Do this wait any time we have previously created a message-id, even if we
+ rejected the message. This gives unique IDs for logging done by ACLs.
+ The initial timestamp must have been obtained via exim_gettime() to avoid
+ issues on Linux with suspend/resume. */
+
+ if (message_id_tv.tv_sec)
+ {
+ message_id_tv.tv_usec = (message_id_tv.tv_usec/id_resolution) * id_resolution;
+ exim_wait_tick(&message_id_tv, id_resolution);
+ }
+
/* Remember the time of reception. Exim uses time+pid for uniqueness of message
ids, and fractions of a second are required. See the comments that precede the
message id creation below.
We use a routine that if possible uses a monotonic clock, and can be used again
after reception for the tick-wait even under the Linux non-Posix behaviour. */
- exim_gettime(&message_id_tv);
+ else
+ exim_gettime(&message_id_tv);
/* For other uses of the received time we can operate with granularity of one
second, and for that we use the global variable received_time. This is for
Ustrncpy(message_id + 7, string_base62((long int)getpid()), 6);
/* Deal with the case where the host number is set. The value of the number was
- checked when it was read, to ensure it isn't too big. The timing granularity is
- left in id_resolution so that an appropriate wait can be done after receiving
- the message, if necessary (we hope it won't be). */
+ checked when it was read, to ensure it isn't too big. */
if (host_number_string)
- {
- id_resolution = BASE_62 == 62 ? 5000 : 10000;
sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s",
string_base62((long int)(
host_number * (1000000/id_resolution) +
message_id_tv.tv_usec/id_resolution)) + 4);
- }
/* Host number not set: final field is just the fractional time at an
appropriate resolution. */
else
- {
- id_resolution = BASE_62 == 62 ? 500 : 1000;
sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s",
string_base62((long int)(message_id_tv.tv_usec/id_resolution)) + 4);
- }
/* Add the current message id onto the current process info string if
it will fit. */
uschar * old_id;
BOOL save_allow_domain_literals = allow_domain_literals;
allow_domain_literals = TRUE;
+ int start, end, domain;
+
old_id = parse_extract_address(Ustrchr(msgid_header->text, ':') + 1,
&errmsg, &start, &end, &domain, FALSE);
allow_domain_literals = save_allow_domain_literals;
TIDYUP:
- /* In SMTP sessions we may receive several messages in one connection. After
- each one, we wait for the clock to tick at the level of message-id granularity.
- This is so that the combination of time+pid is unique, even on systems where the
- pid can be re-used within our time interval. We can't shorten the interval
- without re-designing the message-id. See comments above where the message id is
- created. This is Something For The Future.
- Do this wait any time we have created a message-id, even if we rejected the
- message. This gives unique IDs for logging done by ACLs.
- The initial timestamp must have been obtained via exim_gettime() to avoid
- issues on Linux with suspend/resume.
- It would be Nicer to only pause before a follow-on message. */
-
- if (id_resolution != 0)
- {
- message_id_tv.tv_usec = (message_id_tv.tv_usec/id_resolution) * id_resolution;
- exim_wait_tick(&message_id_tv, id_resolution);
- id_resolution = 0;
- }
-
-
process_info[process_info_len] = 0; /* Remove message id */
if (spool_data_file && cutthrough_done == NOT_TRIED)
{
}
void
-smtp_get_cache(void)
+smtp_get_cache(unsigned lim)
{
#ifndef DISABLE_DKIM
int n = smtp_inend - smtp_inptr;
-if (chunking_state == CHUNKING_LAST && chunking_data_left < n)
- n = chunking_data_left;
+if (n > lim)
+ n = lim;
if (n > 0)
dkim_exim_verify_feed(smtp_inptr, n);
#endif
if (chunking_state == CHUNKING_LAST)
{
#ifndef DISABLE_DKIM
+ dkim_collect_input = dkim_save;
dkim_exim_verify_feed(NULL, 0); /* notify EOD */
+ dkim_collect_input = 0;
#endif
return EOD;
}
smtp_message_code(uschar **code, int *codelen, uschar **msg, uschar **log_msg,
BOOL check_valid)
{
- int n;
- int ovector[3];
+ uschar * match;
+ int len;
- if (!msg || !*msg) return;
-
- if ((n = pcre_exec(regex_smtp_code, NULL, CS *msg, Ustrlen(*msg), 0,
- PCRE_EOPT, ovector, sizeof(ovector)/sizeof(int))) < 0) return;
+ if (!msg || !*msg || !regex_match(regex_smtp_code, *msg, -1, &match))
+ return;
+ len = Ustrlen(match);
if (check_valid && (*msg)[0] != (*code)[0])
{
log_write(0, LOG_MAIN|LOG_PANIC, "configured error code starts with "
"incorrect digit (expected %c) in \"%s\"", (*code)[0], *msg);
- if (log_msg != NULL && *log_msg == *msg)
- *log_msg = string_sprintf("%s %s", *code, *log_msg + ovector[1]);
+ if (log_msg && *log_msg == *msg)
+ *log_msg = string_sprintf("%s %s", *code, *log_msg + len);
}
else
{
*code = *msg;
- *codelen = ovector[1]; /* Includes final space */
+ *codelen = len; /* Includes final space */
}
- *msg += ovector[1]; /* Chop the code off the message */
+ *msg += len; /* Chop the code off the message */
return;
}
tls_server_clienthello_ext(void * ctx, unsigned tls_id,
const uschar * data, unsigned size)
{
-/* https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */
+/* The values for tls_id are documented here:
+https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */
switch (tls_id)
{
case 5: /* Status Request */
if ((rc = creds_load_pristring(state, p, &errpos)))
return tls_error_gnu(state, string_sprintf(
"gnutls_priority_init(%s) failed at offset %ld, \"%.6s..\"",
- p, errpos - CS p, errpos),
+ p, (long)(errpos - CS p), errpos),
rc, errstr);
}
else
}
+/* Get up to the given number of bytes from any cached data, and feed to dkim. */
void
-tls_get_cache(void)
+tls_get_cache(unsigned lim)
{
#ifndef DISABLE_DKIM
exim_gnutls_state_st * state = &state_server;
int n = state->xfer_buffer_hwm - state->xfer_buffer_lwm;
+if (n > lim)
+ n = lim;
if (n > 0)
dkim_exim_verify_feed(state->xfer_buffer+state->xfer_buffer_lwm, n);
#endif
rc = gnutls_priority_init(&priority_cache, CS expciphers, &errpos);
validate_check_rc(string_sprintf(
"gnutls_priority_init(%s) failed at offset %ld, \"%.8s..\"",
- expciphers, errpos - CS expciphers, errpos));
+ expciphers, (long)(errpos - CS expciphers), errpos));
#undef return_deinit
#undef validate_check_rc
else if (Ustrcmp(s, "inhome") == 0) val = create_inhome;
else
log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
- "invalid value given for \"file_create\" for the %s transport: '%s'",
+ "invalid value given for \"create_file\" for the %s transport: '%s'",
tblock->name, s);
ob->create_file = val;
}
Arguments:
dirname the name of the directory
countptr where to add the file count (because this function recurses)
- regex a compiled regex to get the size from a name
+ re a compiled regex to get the size from a name
Returns: the sum of the sizes of the stattable files
zero if the directory cannot be opened
*/
off_t
- check_dir_size(const uschar * dirname, int *countptr, const pcre *regex)
+ check_dir_size(const uschar * dirname, int * countptr, const pcre2_code * re)
{
DIR *dir;
off_t sum = 0;
/* If there's a regex, try to find the size using it */
- if (regex)
+ if (re)
{
- int ovector[6];
- if (pcre_exec(regex, NULL, CS name, Ustrlen(name), 0, 0, ovector,6) >= 2)
+ pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx);
+ int rc = pcre2_match(re, (PCRE2_SPTR)name, PCRE2_ZERO_TERMINATED,
+ 0, 0, md, pcre_mtc_ctx);
+ PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md);
+ if ( rc >= 0
+ && (rc = pcre2_get_ovector_count(md)) >= 2)
{
uschar *endptr;
- off_t size = (off_t)Ustrtod(name + ovector[2], &endptr);
- if (endptr == name + ovector[3])
+ off_t size = (off_t)Ustrtod(name + ovec[2], &endptr);
+ if (endptr == name + ovec[3])
{
sum += size;
DEBUG(D_transport)
if ((statbuf.st_mode & S_IFMT) == S_IFREG)
sum += statbuf.st_size / statbuf.st_nlink;
else if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
- sum += check_dir_size(path, &count, regex);
+ sum += check_dir_size(path, &count, re);
}
closedir(dir);
else
{
uschar *check_path; /* Default quota check path */
- const pcre *regex = NULL; /* Regex for file size from file name */
+ const pcre2_code * re = NULL; /* Regex for file size from file name */
if (!check_creation(string_sprintf("%s/any", path),
ob->create_file, deliver_dir))
if (ob->quota_value > 0 || THRESHOLD_CHECK || ob->maildir_use_size_file)
{
- const uschar *error;
- int offset;
+ PCRE2_SIZE offset;
+ int err;
/* Compile the regex if there is one. */
if (ob->quota_size_regex)
{
- if (!(regex = pcre_compile(CS ob->quota_size_regex, PCRE_COPT,
- CCSS &error, &offset, NULL)))
+ if (!(re = pcre2_compile((PCRE2_SPTR)ob->quota_size_regex,
+ PCRE2_ZERO_TERMINATED, PCRE_COPT, &err, &offset, pcre_cmp_ctx)))
{
+ uschar errbuf[128];
+ pcre2_get_error_message(err, errbuf, sizeof(errbuf));
addr->message = string_sprintf("appendfile: regular expression "
- "error: %s at offset %d while compiling %s", error, offset,
+ "error: %s at offset %ld while compiling %s", errbuf, (long)offset,
ob->quota_size_regex);
return FALSE;
}
#ifdef SUPPORT_MAILDIR
if (ob->maildir_use_size_file)
{
- const pcre *dir_regex = NULL;
- const uschar *error;
- int offset;
+ const pcre2_code * dir_regex = NULL;
+ PCRE2_SIZE offset;
+ int err;
if (ob->maildir_dir_regex)
{
int check_path_len = Ustrlen(check_path);
- if (!(dir_regex = pcre_compile(CS ob->maildir_dir_regex, PCRE_COPT,
- CCSS &error, &offset, NULL)))
+ if (!(dir_regex = pcre2_compile((PCRE2_SPTR)ob->maildir_dir_regex,
+ PCRE2_ZERO_TERMINATED, PCRE_COPT, &err, &offset, pcre_cmp_ctx)))
{
+ uschar errbuf[128];
+ pcre2_get_error_message(err, errbuf, sizeof(errbuf));
addr->message = string_sprintf("appendfile: regular expression "
- "error: %s at offset %d while compiling %s", error, offset,
+ "error: %s at offset %ld while compiling %s", errbuf, (long)offset,
ob->maildir_dir_regex);
return FALSE;
}
uschar *s = path + check_path_len;
while (*s == '/') s++;
s = *s ? string_sprintf("%s/new", s) : US"new";
- if (pcre_exec(dir_regex, NULL, CS s, Ustrlen(s), 0, 0, NULL, 0) < 0)
+ if (!regex_match(dir_regex, s, -1, NULL))
{
disable_quota = TRUE;
DEBUG(D_transport) debug_printf("delivery directory does not match "
off_t size;
int filecount;
- if ((maildirsize_fd = maildir_ensure_sizefile(check_path, ob, regex, dir_regex,
+ if ((maildirsize_fd = maildir_ensure_sizefile(check_path, ob, re, dir_regex,
&size, &filecount)) == -1)
{
addr->basic_errno = errno;
* (void)unlink(CS string_sprintf("%s/maildirsize", check_path));
* if (THRESHOLD_CHECK)
* mailbox_size = maildir_compute_size(check_path, &mailbox_filecount, &old_latest,
- * regex, dir_regex, FALSE);
+ * re, dir_regex, FALSE);
* }
*/
int filecount = 0;
DEBUG(D_transport)
debug_printf("quota checks on directory %s\n", check_path);
- size = check_dir_size(check_path, &filecount, regex);
+ size = check_dir_size(check_path, &filecount, re);
if (mailbox_size < 0) mailbox_size = size;
if (mailbox_filecount < 0) mailbox_filecount = filecount;
}
void
smtp_deliver_init(void)
{
- if (!regex_PIPELINING) regex_PIPELINING =
- regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE);
-
- if (!regex_SIZE) regex_SIZE =
- regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE);
-
- if (!regex_AUTH) regex_AUTH =
- regex_must_compile(AUTHS_REGEX, FALSE, TRUE);
+ struct list
+ {
+ const pcre2_code ** re;
+ const uschar * string;
+ } list[] =
+ {
+ { ®ex_AUTH, AUTHS_REGEX },
+ { ®ex_CHUNKING, US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)" },
+ { ®ex_DSN, US"\\n250[\\s\\-]DSN(\\s|\\n|$)" },
+ { ®ex_IGNOREQUOTA, US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)" },
+ { ®ex_PIPELINING, US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)" },
+ { ®ex_SIZE, US"\\n250[\\s\\-]SIZE(\\s|\\n|$)" },
#ifndef DISABLE_TLS
- if (!regex_STARTTLS) regex_STARTTLS =
- regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
+ { ®ex_STARTTLS, US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)" },
#endif
-
- if (!regex_CHUNKING) regex_CHUNKING =
- regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)", FALSE, TRUE);
-
#ifndef DISABLE_PRDR
- if (!regex_PRDR) regex_PRDR =
- regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE);
+ { ®ex_PRDR, US"\\n250[\\s\\-]PRDR(\\s|\\n|$)" },
#endif
-
#ifdef SUPPORT_I18N
- if (!regex_UTF8) regex_UTF8 =
- regex_must_compile(US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE);
+ { ®ex_UTF8, US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)" },
#endif
-
- if (!regex_DSN) regex_DSN =
- regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE);
-
- if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA =
- regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE);
-
#ifndef DISABLE_PIPE_CONNECT
- if (!regex_EARLY_PIPE) regex_EARLY_PIPE =
- regex_must_compile(US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)", FALSE, TRUE);
+ { ®ex_EARLY_PIPE, US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)" },
#endif
-
#ifdef EXPERIMENTAL_ESMTP_LIMITS
- if (!regex_LIMITS) regex_LIMITS =
- regex_must_compile(US"\\n250[\\s\\-]LIMITS\\s", FALSE, TRUE);
+ { ®ex_LIMITS, US"\\n250[\\s\\-]LIMITS\\s" },
#endif
+ };
+
+ for (struct list * l = list; l < list + nelem(list); l++)
+ if (!*l->re)
+ *l->re = regex_must_compile(l->string, FALSE, TRUE);
}
static void
ehlo_response_limits_read(smtp_context * sx)
{
- int ovec[3]; /* results vector for a main-match only */
+ uschar * match;
/* matches up to just after the first space after the keyword */
- if (pcre_exec(regex_LIMITS, NULL, CS sx->buffer, Ustrlen(sx->buffer),
- 0, PCRE_EOPT, ovec, nelem(ovec)) >= 0)
- for (const uschar * s = sx->buffer + ovec[1]; *s; )
+ if (regex_match(regex_LIMITS, sx->buffer, -1, &match))
+ for (const uschar * s = sx->buffer + Ustrlen(match); *s; )
{
while (isspace(*s)) s++;
if (*s == '\n') break;
static unsigned
ehlo_response(uschar * buf, unsigned checks)
{
- size_t bsize = Ustrlen(buf);
+ PCRE2_SIZE bsize = Ustrlen(buf);
+ pcre2_match_data * md = pcre2_match_data_create(1, pcre_gen_ctx);
/* debug_printf("%s: check for 0x%04x\n", __FUNCTION__, checks); */
#ifndef DISABLE_TLS
if ( checks & OPTION_TLS
- && pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
+ && pcre2_match(regex_STARTTLS,
+ (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
#endif
checks &= ~OPTION_TLS;
if ( checks & OPTION_IGNQ
- && pcre_exec(regex_IGNOREQUOTA, NULL, CS buf, bsize, 0,
- PCRE_EOPT, NULL, 0) < 0)
+ && pcre2_match(regex_IGNOREQUOTA,
+ (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
checks &= ~OPTION_IGNQ;
if ( checks & OPTION_CHUNKING
- && pcre_exec(regex_CHUNKING, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
+ && pcre2_match(regex_CHUNKING,
+ (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
checks &= ~OPTION_CHUNKING;
#ifndef DISABLE_PRDR
if ( checks & OPTION_PRDR
- && pcre_exec(regex_PRDR, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
+ && pcre2_match(regex_PRDR,
+ (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
#endif
checks &= ~OPTION_PRDR;
#ifdef SUPPORT_I18N
if ( checks & OPTION_UTF8
- && pcre_exec(regex_UTF8, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
+ && pcre2_match(regex_UTF8,
+ (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
#endif
checks &= ~OPTION_UTF8;
if ( checks & OPTION_DSN
- && pcre_exec(regex_DSN, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
+ && pcre2_match(regex_DSN,
+ (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
checks &= ~OPTION_DSN;
if ( checks & OPTION_PIPE
- && pcre_exec(regex_PIPELINING, NULL, CS buf, bsize, 0,
- PCRE_EOPT, NULL, 0) < 0)
+ && pcre2_match(regex_PIPELINING,
+ (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
checks &= ~OPTION_PIPE;
if ( checks & OPTION_SIZE
- && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
+ && pcre2_match(regex_SIZE,
+ (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
checks &= ~OPTION_SIZE;
#ifndef DISABLE_PIPE_CONNECT
if ( checks & OPTION_EARLY_PIPE
- && pcre_exec(regex_EARLY_PIPE, NULL, CS buf, bsize, 0,
- PCRE_EOPT, NULL, 0) < 0)
+ && pcre2_match(regex_EARLY_PIPE,
+ (PCRE2_SPTR)buf, bsize, 0, PCRE_EOPT, md, pcre_mtc_ctx) < 0)
#endif
checks &= ~OPTION_EARLY_PIPE;
+ pcre2_match_data_free(md);
/* debug_printf("%s: found 0x%04x\n", __FUNCTION__, checks); */
return checks;
}
SEND_FAILED:
code = '4';
- message = US string_sprintf("send() to %s [%s] failed: %s",
+ message = US string_sprintf("smtp send to %s [%s] failed: %s",
sx->conn_args.host->name, sx->conn_args.host->address, strerror(errno));
sx->send_quit = FALSE;
yield = DEFER;
{
save_errno = errno;
code = '4';
- message = string_sprintf("send() to %s [%s] failed: %s",
+ message = string_sprintf("smtp send to %s [%s] failed: %s",
host->name, host->address, message ? message : US strerror(save_errno));
sx->send_quit = FALSE;
goto FAILED;
message_error = Ustrncmp(smtp_command,"end ",4) == 0;
break;
+#ifndef DISABLE_DKIM
+ case EACCES:
+ /* DKIM signing failure: avoid thinking we pipelined quit,
+ just abandon the message and close the socket. */
+
+ message_error = FALSE;
+# ifndef DISABLE_TLS
+ if (sx->cctx.tls_ctx)
+ {
+ tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT);
+ sx->cctx.tls_ctx = NULL;
+ }
+# endif
+ break;
+#endif
default:
message_error = FALSE;
break;
if (sx->send_rset)
if (! (sx->ok = smtp_write_command(sx, SCMD_FLUSH, "RSET\r\n") >= 0))
{
- msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
+ msg = US string_sprintf("smtp send to %s [%s] failed: %s", host->name,
host->address, strerror(errno));
sx->send_quit = FALSE;
}
mask: ${mask:192.168.10.206}
mask: ${mask:a.b.c.d}
mask: ${mask:2a00:2:3:4:5:6:7:8/79}
+mask: ${mask:2a00:2:3:4:5:6:7:8/128}
+mask: ${mask:2a00:2:3:4:5:6:7:8/129}
+ mask_n: ${mask_n:2a00:2:3:4:5:6:7:8/79}
ipv6denorm: ${ipv6denorm:::1}
ipv6denorm: ${ipv6denorm:fe00::1}
ipv6denorm: ${ipv6denorm:192.168.0.1}
> Failed: missing mask value in "192.168.10.206"
> Failed: "a.b.c.d" is not an IP address
> mask: 2a00.0002.0003.0004.0004.0000.0000.0000/79
+> mask: 2a00.0002.0003.0004.0005.0006.0007.0008/128
+> Failed: mask value too big in "2a00:2:3:4:5:6:7:8/129"
+ > mask_n: 2a00:2:3:4:4::/79
> ipv6denorm: 0000:0000:0000:0000:0000:0000:0000:0001
> ipv6denorm: fe00:0000:0000:0000:0000:0000:0000:0001
> ipv6denorm: 0000:0000:0000:0000:0000:ffff:c0a8:0001
git://git.exim.org / exim.git / commitdiff