. w3m 0.5.2
- This is a text-oriented web brower. It is used to produce the ASCII form of
+ This is a text-oriented web browser. It is used to produce the ASCII form of
the Exim documentation (spec.txt) from a specially-created HTML format. It
seems to do a better job than lynx.
########################################################################
-# .PHONY doesn't work here, because it forces a rebuild of all dependend
+# .PHONY doesn't work here, because it forces a rebuild of all dependent
# targets, always. It sets the internal timestamp of its target to
# now().
# But it may happen that local_params does not change
# For now we can't rely on a perl >= 5.14 on
# the build sites, thus we throw away all unicode
-# awarness and do the matching byte by byte
+# awareness and do the matching byte by byte
binmode STDIN;
binmode STDOUT;
. Update the Copyright year (only) when changing content.
. /////////////////////////////////////////////////////////////////////////////
-.set previousversion "4.88"
+.set previousversion "4.89"
.include ./local_params
.set ACL "access control lists (ACLs)"
.set I " "
.macro copyyear
-2016
+2017
.endmacro
. /////////////////////////////////////////////////////////////////////////////
.section "Exim documentation" "SECID1"
. Keep this example change bar when updating the documentation!
+.new
.cindex "documentation"
This edition of the Exim specification applies to version &version() of Exim.
Substantive changes from the &previousversion; edition are marked in some
renditions of the document; this paragraph is so marked if the rendition is
capable of showing a change indicator.
+.wen
This document is very much a reference manual; it is not a tutorial. The reader
is expected to have some familiarity with the SMTP mail transfer protocol and
.row &_filter.txt_& "specification of the filter language"
.row &_Exim3.upgrade_& "upgrade notes from release 2 to release 3"
.row &_Exim4.upgrade_& "upgrade notes from release 3 to release 4"
+.row &_openssl.txt_& "installing a current OpenSSL release"
.endtable
The main specification and the specification of the filtering language are also
by Exim in conjunction with the &%-MC%& option. It signifies that the
remote host supports the ESMTP &_DSN_& extension.
-.vitem &%-MCG%&
+.vitem &%-MCG%&&~<&'queue&~name'&>
.oindex "&%-MCG%&"
This option is not intended for use by external callers. It is used internally
by Exim in conjunction with the &%-MC%& option. It signifies that an
-alternate queue is used, named by the following option.
+alternate queue is used, named by the following argument.
+
+.vitem &%-MCK%&
+.oindex "&%-MCK%&"
+This option is not intended for use by external callers. It is used internally
+by Exim in conjunction with the &%-MC%& option. It signifies that an
+remote host supports the ESMTP &_CHUNKING_& extension.
.vitem &%-MCP%&
.oindex "&%-MCP%&"
by Exim in conjunction with the &%-MC%& option, and passes on the fact that the
host to which Exim is connected supports TLS encryption.
+.new
+.vitem &%-MCt%&&~<&'IP&~address'&>&~<&'port'&>
+.oindex "&%-MCt%&"
+This option is not intended for use by external callers. It is used internally
+by Exim in conjunction with the &%-MC%& option, and passes on the fact that the
+connection is being proxied by a parent process for handling TLS encryption.
+The pair of arguments give the local address and port being proxied.
+.wen
+
.vitem &%-Mc%&&~<&'message&~id'&>&~<&'message&~id'&>&~...
.oindex "&%-Mc%&"
.cindex "hints database" "not overridden by &%-Mc%&"
For a periodic queue run (see below)
append to the name a slash and a time value.
-If other commandline options speicify an action, a &'-qG<name>'& option
+If other commandline options specify an action, a &'-qG<name>'& option
will specify a queue to operate on.
For example:
.code
exim -bp -qGquarantine
-mailq -qGquarantime
+mailq -qGquarantine
exim -qGoffpeak -Rf @special.domain.example
.endd
.endd
on a line by itself. Double quotes round the file name are optional. If you use
the first form, a configuration error occurs if the file does not exist; the
-second form does nothing for non-existent files. In all cases, an absolute file
+second form does nothing for non-existent files.
+The first form allows a relative name. It is resolved relative to
+the directory of the including file. For the second form an absolute file
name is required.
Includes may be nested to any depth, but remember that Exim reads its
process the lines of the included file as if they occurred inline where the
inclusion appears.
-Relative names are allowed with &`.include`&, and are resolved
-relative to the directory of the including file. For security reasons
-this is not allowed with &`.include_if_exists`&. To avoid confusion, it
-is strongly recommended to use absolute names only.
-
.section "Macros in the configuration file" "SECTmacrodefs"
.next
.cindex "Redis lookup type"
.cindex lookup Redis
-&(redis)&: The format of the query is an SQL statement that is passed to a
-Redis database. See section &<<SECTsql>>&.
+&(redis)&: The format of the query is either a simple get or simple set,
+passed to a Redis database. See section &<<SECTsql>>&.
.next
.cindex "sqlite lookup type"
The form if &"retry_VAL"& where VAL is an integer.
The default count is set by the main configuration option &%dns_retry%&.
-.cindex cacheing "of dns lookup"
+.cindex caching "of dns lookup"
.cindex TTL "of dns lookup"
.cindex DNS TTL
Dnsdb lookup results are cached within a single process (and its children).
waits for the lock to be released. In Exim, the default timeout is set
to 5 seconds, but it can be changed by means of the &%sqlite_lock_timeout%&
option.
+
+.section "More about Redis" "SECTredis"
+.cindex "lookup" "Redis"
+.cindex "redis lookup type"
+Redis is a non-SQL database. Commands are simple get and set.
+Examples:
+.code
+${lookup redis{set keyname ${quote_redis:objvalue plus}}}
+${lookup redis{get keyname}}
+.endd
+
.ecindex IIDfidalo1
.ecindex IIDfidalo2
.vitem "&*${certextract{*&<&'field'&>&*}{*&<&'certificate'&>&*}&&&
{*&<&'string2'&>&*}{*&<&'string3'&>&*}}*&"
-.cindex "expansion" "extracting cerificate fields"
+.cindex "expansion" "extracting certificate fields"
.cindex "&%certextract%&" "certificate fields"
.cindex "certificate" "extracting fields"
The <&'certificate'&> must be a variable of type certificate.
router or transport are not accessible.
For incoming SMTP messages, no header lines are visible in
-.new
ACLs that are obeyed before the data phase completes,
-.wen
because the header structure is not set up until the message is received.
They are visible in DKIM, PRDR and DATA ACLs.
Header lines that are added in a RCPT ACL (for example)
are saved until the message's incoming header lines are available, at which
point they are added.
-.new
When any of the above ACLs ar
-.wen
running, however, header lines added by earlier ACLs are visible.
Upper case and lower case letters are synonymous in header names. If the
.vitem "&*${readsocket{*&<&'name'&>&*}{*&<&'request'&>&*}&&&
- {*&<&'timeout'&>&*}{*&<&'eol&~string'&>&*}{*&<&'fail&~string'&>&*}}*&"
+ {*&<&'options'&>&*}{*&<&'eol&~string'&>&*}{*&<&'fail&~string'&>&*}}*&"
.cindex "expansion" "inserting from a socket"
.cindex "socket, use of in expansion"
.cindex "&%readsocket%& expansion item"
.code
${readsocket{/socket/name}{request string}{3s}}
.endd
+The third argument is a list of options, of which the first element is the timeout
+and must be present if the argument is given.
+Further elements are options of form &'name=value'&.
+One option type is currently recognised, defining whether (the default)
+or not a shutdown is done on the connection after sending the request.
+Example, to not do so (preferred, eg. by some webservers):
+.code
+${readsocket{/socket/name}{request string}{3s:shutdown=no}}
+.endd
A fourth argument allows you to change any newlines that are in the data
that is read, in the same way as for &%readfile%& (see above). This example
turns them into spaces:
.cindex "uid (user id)" "of originating user"
.cindex "sender" "uid"
.vindex "&$caller_uid$&"
-.vindex "&$originaltor_uid$&"
+.vindex "&$originator_uid$&"
The value of &$caller_uid$& that was set when the message was received. For
messages received via the command line, this is the uid of the sending user.
For messages received by SMTP over TCP/IP, this is normally the uid of the Exim
&$proxy_local_port$& &&&
&$proxy_session$&
These variables are only available when built with Proxy Protocol
-or Socks5 support
+or SOCKS5 support.
For details see chapter &<<SECTproxyInbound>>&.
.vitem &$prdr_requested$&
If you have changed &%host_lookup_order%& so that &`bydns`& is not the first
mechanism in the list, then this variable will be false.
+This requires that your system resolver library support EDNS0 (and that
+DNSSEC flags exist in the system headers). If the resolver silently drops
+all EDNS0 options, then this will have no effect. OpenBSD's asr resolver
+is known to currently ignore EDNS0, documented in CAVEATS of asr_run(3).
+
.vitem &$sender_host_name$&
.vindex "&$sender_host_name$&"
.vitem &$tls_in_ourcert$&
.vindex "&$tls_in_ourcert$&"
-.cindex certificate veriables
+.cindex certificate variables
This variable refers to the certificate presented to the peer of an
inbound connection when the message was received.
It is only useful as the argument of a
.oindex "&%perl_taintmode%&"
.cindex "Perl" "taintmode"
To provide more security executing Perl code via the embedded Perl
-interpeter, the &%perl_taintmode%& option can be set. This enables the
+interpreter, the &%perl_taintmode%& option can be set. This enables the
taint mode of the Perl interpreter. You are encouraged to set this
option to a true value. To avoid breaking existing installations, it
defaults to false.
.section "Miscellaneous" "SECID96"
.table2
.row &%bi_command%& "to run for &%-bi%& command line option"
+.row &%debug_store%& "do extra internal checks"
.row &%disable_ipv6%& "do no IPv6 processing"
.row &%keep_malformed%& "for broken files &-- should not happen"
.row &%localhost_number%& "for unique message ids in clusters"
.option acl_smtp_dkim main string&!! unset
.cindex DKIM "ACL for"
This option defines the ACL that is run for each DKIM signature
+(by default, or as specified in the dkim_verify_signers option)
of a received message.
See chapter &<<CHAPdkim>>& for further details.
There is a slight performance penalty for these checks.
Versions of Exim preceding 4.88 had these disabled by default;
-high-rate intallations confident they will never run out of resources
+high-rate installations confident they will never run out of resources
may wish to deliberately disable them.
.option chunking_advertise_hosts main "host list&!!" *
these hosts.
Hosts may use the BDAT command as an alternate to DATA.
+.option debug_store main boolean &`false`&
+.cindex debugging "memory corruption"
+.cindex memory debugging
+This option, when true, enables extra checking in Exim's internal memory
+management. For use when a memory corruption issue is being investigated,
+it should normally be left as default.
+
.option daemon_smtp_ports main string &`smtp`&
.cindex "port" "for daemon"
.cindex "TCP/IP" "setting listening ports"
.option dns_use_edns0 main integer -1
.cindex "DNS" "resolver options"
.cindex "DNS" "EDNS0"
+.cindex "DNS" "OpenBSD
If this option is set to a non-negative number then Exim will initialise the
DNS resolver library to either use or not use EDNS0 extensions, overriding
the system default. A value of 0 coerces EDNS0 off, a value of 1 coerces EDNS0
If the resolver library does not support EDNS0 then this option has no effect.
+OpenBSD's asr resolver routines are known to ignore the EDNS0 option; this
+means that DNSSEC will not work with Exim on that platform either, unless Exim
+is linked against an alternative DNS client library.
+
.option drop_cr main boolean false
This is an obsolete option that is now a no-op. It used to affect the way Exim
of SSL-on-connect.
In the event of failure to negotiate TLS, the action taken is controlled
by &%ldap_require_cert%&.
+This option is ignored for &`ldapi`& connections.
.option ldap_version main integer unset
.option smtputf8_advertise_hosts main "host list&!!" *
.cindex "SMTPUTF8" "advertising"
When Exim is built with support for internationalised mail names,
-the availability therof is advertised in
+the availability thereof is advertised in
response to EHLO only to those client hosts that match this option. See
chapter &<<CHAPi18n>>& for details of Exim's support for internationalisation.
appropriate &%system_filter_..._transport%& option(s) must be set, to define
which transports are to be used. Details of this facility are given in chapter
&<<CHAPsystemfilter>>&.
+A forced expansion failure results in no filter operation.
.option system_filter_directory_transport main string&!! unset
.option tls_eccurve main string&!! &`auto`&
.cindex TLS "EC cryptography"
-This option selects a EC curve for use by Exim.
+This option selects a EC curve for use by Exim when used with OpenSSL.
+It has no effect when Exim is used with GnuTLS.
After expansion it must contain a valid EC curve parameter, such as
&`prime256v1`&, &`secp384r1`&, or &`P-512`&. Consult your OpenSSL manual
.cindex "hints database" "transport concurrency control"
Exim implements this control by means of a hints database in which a record is
-incremented whenever a transport process is beaing created. The record
+incremented whenever a transport process is being created. The record
is decremented and possibly removed when the process terminates.
Obviously there is scope for
records to get left lying around if there is a system or program crash. To
&`\n`& to &`\r\n`& in &%message_suffix%&.
-.option path pipe string&!! "bin:/usr/bin"
-.new
+.option path pipe string&!! "/bin:/usr/bin"
This option is expanded and
-.wen
specifies the string that is set up in the PATH environment
variable of the subprocess.
If the &%command%& option does not yield an absolute path name, the command is
message on the same connection. See section &<<SECTmulmessam>>& for an
explanation of when this might be needed.
+.new
+.option hosts_noproxy_tls smtp "host list&!!" *
+.cindex "TLS" "passing connection"
+.cindex "multiple SMTP deliveries"
+.cindex "TLS" "multiple message deliveries"
+For any host that matches this list, a TLS session which has
+been started will not be passed to a new delivery process for sending another
+message on the same session.
+
+The traditional implementation closes down TLS and re-starts it in the new
+process, on the same open TCP connection, for each successive message
+sent. If permitted by this option a pipe to to the new process is set up
+instead, and the original process maintains the TLS connection and proxies
+the SMTP connection from and to the new process and any subsequents.
+The new process has no access to TLS information, so cannot include it in
+logging.
+.wen
+
+
.option hosts_override smtp boolean false
If this option is set and the &%hosts%& option is also set, any hosts that are
.cindex "RFC 3030" "CHUNKING"
This option provides a list of servers to which, provided they announce
CHUNKING support, Exim will attempt to use BDAT commands rather than DATA.
-BDAT will not be used in conjuction with a transport filter.
+BDAT will not be used in conjunction with a transport filter.
.option hosts_try_fastopen smtp "host list!!" unset
-.option "fast open, TCP" "enabling, in client"
-.option "TCP Fast Open" "enabling, in client"
-.option "RFC 7413" "TCP Fast Open"
+.cindex "fast open, TCP" "enabling, in client"
+.cindex "TCP Fast Open" "enabling, in client"
+.cindex "RFC 7413" "TCP Fast Open"
This option provides a list of servers to which, provided
the facility is supported by this system, Exim will attempt to
perform a TCP Fast Open.
deliver the message unauthenticated.
.endlist
+Note that the hostlist test for whether to do authentication can be
+confused if name-IP lookups change between the time the peer is decided
+on and the transport running. For example, with a manualroute
+router given a host name, and DNS "round-robin" use by that name: if
+the local resolver cache times out between the router and the transport
+running, the transport may get an IP for the name for its authentication
+check which does not match the connection peer IP.
+No authentication will then be done, despite the names being identical.
+
+For such cases use a separate transport which always authenticates.
+
.cindex "AUTH" "on MAIL command"
When Exim has authenticated itself to a remote server, it adds the AUTH
parameter to the MAIL commands it sends, if it has an authenticated sender for
.cindex "TLS" "configuring an Exim server"
When Exim has been built with TLS support, it advertises the availability of
the STARTTLS command to client hosts that match &%tls_advertise_hosts%&,
-but not to any others. The default value of this option is unset, which means
-that STARTTLS is not advertised at all. This default is chosen because you
-need to set some other options in order to make TLS available, and also it is
-sensible for systems that want to use TLS only as a client.
+but not to any others. The default value of this option is *, which means
+that STARTTLS is alway advertised. Set it to blank to never advertise;
+this is reasonble for systems that want to use TLS only as a client.
+
+If STARTTLS is to be used you
+need to set some other options in order to make TLS available.
If a client issues a STARTTLS command and there is some configuration
problem in the server, the command is rejected with a 454 error. If the client
attacks in the string (&`../`& or SQL), and ensuring that a valid filename
can always be referenced; it is important to remember that &$tls_in_sni$& is
arbitrary unverified data provided prior to authentication.
-Further, the initial cerificate is loaded before SNI is arrived, so
+Further, the initial certificate is loaded before SNI is arrived, so
an expansion for &%tls_certificate%& must have a default which is used
when &$tls_in_sni$& is empty.
remaining recipients. The &"discard"& return is not permitted for the
&%acl_smtp_predata%& ACL.
+If the ACL for VRFY returns &"accept"&, a recipient verify (without callout)
+is done on the address and the result determines the SMTP response.
+
.cindex "&[local_scan()]& function" "when all recipients discarded"
The &[local_scan()]& function is always run, even if there are no remaining
Cutthrough delivery is not supported via transport-filters or when DKIM signing
of outgoing messages is done, because it sends data to the ultimate destination
before the entire message has been received from the source.
-It is not supported for messages received with the SMTP PRDR option in use.
+It is not supported for messages received with the SMTP PRDR
+or CHUNKING
+options in use.
Should the ultimate destination system positively accept or reject the mail,
a corresponding indication is given to the source system and nothing is queued.
to the control; the default value is &"spool"& and the alternate value
&"pass"& copies an SMTP defer response from the target back to the initiator
and does not queue the message.
-Note that this is independent of any receipient verify conditions in the ACL.
+Note that this is independent of any recipient verify conditions in the ACL.
Delivery in this mode avoids the generation of a bounce mail to a
(possibly faked)
.cindex "&%verify%& ACL condition"
This is a variation of the previous option, in which a modified address is
verified as a sender.
+
+Note that '/' is legal in local-parts; if the address may have such
+(eg. is generated from the received message)
+they must be protected from the options parsing by doubling:
+.code
+verify = sender=${sg{${address:$h_sender:}}{/}{//}}
+.endd
.endlist
warn message = X-Warn: sending host is on dialups list
dnslists = dialups.mail-abuse.org
.endd
-.cindex cacheing "of dns lookup"
+.cindex caching "of dns lookup"
.cindex DNS TTL
DNS list lookups are cached by Exim for the duration of the SMTP session
(but limited by the DNS return TTL value),
and the outer dnsdb lookup finds the IP addresses for these hosts. The result
of expanding the condition might be something like this:
.code
-dnslists = sbl.spahmaus.org/<|192.168.2.3|192.168.5.6|...
+dnslists = sbl.spamhaus.org/<|192.168.2.3|192.168.5.6|...
.endd
Thus, this example checks whether or not the IP addresses of the sender
domain's mail servers are on the Spamhaus black list.
.endd
If you omit the argument, the default values show above are used.
+.new
+.vitem &%f-prot6d%&
+.cindex "virus scanners" "f-prot6d"
+The f-prot6d scanner is accessed using the FPSCAND protocol over TCP.
+One argument is taken, being a space-separated hostname and port number.
+For example:
+.code
+av_scanner = f-prot6d:localhost 10200
+.endd
+If you omit the argument, the default values show above are used.
+.wen
+
.vitem &%fsecure%&
.cindex "virus scanners" "F-Secure"
The F-Secure daemon scanner (&url(http://www.f-secure.com)) takes one
flagged with &`->`& instead of &`=>`&. When two or more messages are delivered
down a single SMTP connection, an asterisk follows the IP address in the log
lines for the second and subsequent messages.
+.new
+When two or more messages are delivered down a single TLS connection, the
+TLS-related information logged for the first message delivered
+(which may not be the earliest line in the log)
+will not be present in the log lines for the second and subsequent messages.
+.wen
.cindex "delivery" "cutthrough; logging"
.cindex "cutthrough" "logging"
&%proxy%&: The internal (closest to the system running Exim) IP address
of the proxy, tagged by PRX=, on the &"<="& line for a message accepted
on a proxied connection
-or the &"=>"& line for a message delivered on a proxied connection..
+or the &"=>"& line for a message delivered on a proxied connection.
See &<<SECTproxyInbound>>& for more information.
.next
.cindex "log" "incoming remote port"
.next
.cindex "log" "outgoing remote port"
.cindex "port" "logging outgoint remote"
-.cindex "TCP/IP" "logging ougtoing remote port"
+.cindex "TCP/IP" "logging outgoing remote port"
&%outgoing_port%&: The remote port number is added to delivery log lines (those
containing => tags) following the IP address.
The local port is also added if &%incoming_interface%& and
.next
.vindex "&$body_linecount$&"
If you change the number of lines in the file, the value of
-&$body_linecount$&, which is stored in the -H file, will be incorrect. At
-present, this value is not used by Exim, but there is no guarantee that this
-will always be the case.
+&$body_linecount$&, which is stored in the -H file, will be incorrect and can
+cause incomplete transmission of messages or undeliverable messages.
.next
If the message is in MIME format, you must take care not to break it.
.next
in Local/Makefile.
It was built on specifications from:
-http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
+(&url(http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt)).
That URL was revised in May 2014 to version 2 spec:
-http://git.1wt.eu/web?p=haproxy.git;a=commitdiff;h=afb768340c9d7e50d8e
+(&url(http://git.1wt.eu/web?p=haproxy.git;a=commitdiff;h=afb768340c9d7e50d8e)).
The purpose of this facility is so that an application load balancer,
such as HAProxy, can sit in front of several Exim servers
Use of a proxy is enabled by setting the &%hosts_proxy%&
main configuration option to a hostlist; connections from these
hosts will use Proxy Protocol.
+Exim supports both version 1 and version 2 of the Proxy Protocol and
+automatically determines which version is in use.
+
+The Proxy Protocol header is the first data received on a TCP connection
+and is inserted before any TLS-on-connect handshake from the client; Exim
+negotiates TLS between Exim-as-server and the remote client, not between
+Exim and the proxy server.
The following expansion variables are usable
(&"internal"& and &"external"& here refer to the interfaces
.display
&'proxy_external_address '& IP of host being proxied or IP of remote interface of proxy
&'proxy_external_port '& Port of host being proxied or Port on remote interface of proxy
-&'proxy_local_address '& IP of proxy server inbound or IP of local interface of proxy
-&'proxy_local_port '& Port of proxy server inbound or Port on local interface of proxy
-&'proxy_session '& boolean: SMTP connection via proxy
+&'proxy_local_address '& IP of proxy server inbound or IP of local interface of proxy
+&'proxy_local_port '& Port of proxy server inbound or Port on local interface of proxy
+&'proxy_session '& boolean: SMTP connection via proxy
.endd
If &$proxy_session$& is set but &$proxy_external_address$& is empty
there was a protocol error.
To include this it must be built with SUPPORT_I18N and the libidn library.
Standards supported are RFCs 2060, 5890, 6530 and 6533.
+If Exim is built with SUPPORT_I18N_2008 (in addition to SUPPORT_I18N, not
+instead of it) then IDNA2008 is supported; this adds an extra library
+requirement, upon libidn2.
+
.section "MTA operations" SECTi18nMTA
.cindex SMTPUTF8 "ESMTP option"
The main configuration option &%smtputf8_advertise_hosts%& specifies
An additional variable, &$event_data$&, is filled with information varying
with the event type:
.display
-&`msg:delivery `& smtp confirmation mssage
+&`msg:delivery `& smtp confirmation message
&`msg:rcpt:host:defer `& error string
&`msg:rcpt:defer `& error string
&`msg:host:defer `& error string
Furthermore, this quota mechanism is not 100% effective. It is
possible to have a situation where someone may go over quota. This
- quota implementation uses a deliverate trade-off. It is necessary to
+ quota implementation uses a deliberate trade-off. It is necessary to
use some form of locking in order to have a complete bulletproof quota
enforcement, but maildirs mail stores were explicitly designed to
avoid any kind of locking. This quota approach does not use locking,
quota recalculation ended up removing maildirsize due to a race
condition, so the caller may or may not get a file descriptor
together with the Maildir++ size.
- 4. If the numbers we got indicated that the Maidlir++ is over quota,
+ 4. If the numbers we got indicated that the Maildir++ is over quota,
some additional logic is in order: if we did not recalculate
maildirsize, if the numbers in maildirsize indicated that we are
over quota, then if maildirsize was more than one line long, or if
A means of communicating this is by use of a file with a mutually
agreed upon name. A binary semaphore can be passed by means of the
-existance or non-existance of that file, provided that there is an
+existence or non-existence of that file, provided that there is an
atomic means to create a file if and only if that file does not exist.
In C terms:
exclusive (provided there are no other shared users of the lock) and
to downgrade an exclusive lock to shared. It is important that at no
time is the lock ever removed; a process upgrading to exclusive must
-not relenquish its shared lock.
+not relinquish its shared lock.
Most commonly, the resources being locked are files. Shared
locks are particularly important with files; multiple simultaneous
From: @a,@b:c@d
-is syntactally invalid. Exim does not enforce this restriction.
+is syntactically invalid. Exim does not enforce this restriction.
1.6 Local parts [3.4.1]
[Multihomed host addresses should not be randomized.]
Exim does randomize a list of several addresses for a single host, because
-caching in resolvers will defeat the round-robinning that many namerservers
+caching in resolvers will defeat the round-robinning that many nameservers
use. (Note: this is not the same as randomizing equal-valued MX records. That
is required by the RFC.)
@copyright{} for copyright
-@minus{} is a slighly longer minus sign
+@minus{} is a slightly longer minus sign
Input file ends with .texinfo usually.
mark david mcCreary
"I use the syntax_errors_to feature to email a copy of the error message.
-It would be helpful to have the X-Failed-Receipients header in there,
-identifying which addreses(s) are the problem, so that I don't have to
+It would be helpful to have the X-Failed-Recipients header in there,
+identifying which address(es) are the problem, so that I don't have to
parse the body of the email message to figure out which addresses."
------------------------------------------------------------------------------
Is this really worth it? A per-transport value is also suggested - that would
mean remembering the value with each failed address and taking a minimum or
-a maximimum (which?).
+a maximum (which?).
------------------------------------------------------------------------------
(24) 21-Feb-02 ? A way of testing TLS using -bh
data transmitted for a non-delivery attempt.
------------------------------------------------------------------------------
-(69) 03-Jul-02 T Log selector to log whoson checs
+(69) 03-Jul-02 T Log selector to log whoson checks
Matt Bernstein
"I'd quite like a log_selector option which could spot you'd done a whoson
Peter A. Savitch
OpenLDAP 2.1 is going to be more popular (2.1.9 is available with many
-bug fixes). TLS-enabled LDAP is an interesting and usefull thing.
+bug fixes). TLS-enabled LDAP is an interesting and useful thing.
I can try to implement some things and send the patches, like with
ldapi.
See also 333.
------------------------------------------------------------------------------
-(214) 05-Nov-03 S Put the wild part of local part prefix/suffx in variables
+(214) 05-Nov-03 S Put the wild part of local part prefix/suffix in variables
Unfortunately, this isn't quite as trivial as it seems.
------------------------------------------------------------------------------
(292) 13-Aug-04 M Overall timeout for message reception
-A client could in priciple keep an SMTP connection open for a very long time by
+A client could in principle keep an SMTP connection open for a very long time by
trickling in data very slowly. Also, after message_size_limit is exceeded, Exim
continues to swallow the data (though it does not write it to disk) until the
end is reached. Again, the connection could be held open for a very long time.
This should be very simple to implement and will allow to make
some experiments and implement custom extensions, i.e. one to
known if remote client will redirect on 551 or not. Also the acl
-for unknown smpt command could be used for other purposes, like
-to dectect and react to some kiddies that send things like
+for unknown smtp command could be used for other purposes, like
+to detect and react to some kiddies that send things like
http://... on the smtp port.
------------------------------------------------------------------------------
--- HWM 355 ------------------------------------------------------------------
# We want to read the file paragraph by paragraph; Perl only does this if the
# separating lines are truly blank. Having been caught by lines containing
-# whitespace before, do a detrailing pass first.
+# whitespace before, do a de-trailing pass first.
open(IN, "$ARGV[0]") || die "can't open $ARGV[0] (preliminary)\n";
open(OUT, ">$ARGV[0]-$$") || die "can't open $ARGV[0]-$$\n";
next;
}
- # If a paragraph begins ==> it is a display which must remain verbatin
+ # If a paragraph begins ==> it is a display which must remain verbatim
# and not be reformatted. The flag gets turned into spaces.
if ($_ =~ /^==>/)
# We want to read the file paragraph by paragraph; Perl only does this if the
# separating lines are truly blank. Having been caught by lines containing
-# whitespace before, do a detrailing pass first.
+# whitespace before, do a de-trailing pass first.
open(IN, "$ARGV[0]") || die "can't open $ARGV[0] (preliminary)\n";
open(OUT, ">$ARGV[0]-$$") || die "can't open $ARGV[0]-$$\n";
next if /^\#\#/;
- # If a paragraph begins ==> it is a display which must remain verbatin
+ # If a paragraph begins ==> it is a display which must remain verbatim
# and not be reformatted. The flag gets turned into spaces.
if ($_ =~ /^==>/)
# We want to chop excessively long entries on either side. We can't set
# a fixed length because of the HTML control data. Call a function to
# add the given length to allow for HTML stuff. This is crude, but it
- # does roughtly the right thing.
+ # does roughly the right thing.
my($leftlen) = &setlen(70, $pretext);
my($rightlen) = &setlen(70, $posttext);
# "-". If we triple it in the menu it gets displayed OK, but building
# software complains about non-existent cross references etc.
- # I have gone for the horrid kludge of turning it into "-<hyhen>"
+ # I have gone for the horrid kludge of turning it into "-<hyphen>"
# in the menus and nodes.
# Exim 4 has added --help, which has the same problem.
This directory contains documentation files that are processed in some way in
order to make the documentation files that form part of Exim distributions. A
non-standard document processor (SGCAL) was used up to and including release
-4.50 of Exim to process the sources for the manual and filter docuement.
+4.50 of Exim to process the sources for the manual and filter document.
Subsequent documentation releases operate using DocBook input, so these files
are now historical relics. The FAQ source is still (June 2005) current, but may
be superseded in due course.
==> /usr/lib/sendmail -bz
- in some start-up script (e.g. \(/etc/init.d/mail)\) immedately before
+ in some start-up script (e.g. \(/etc/init.d/mail)\) immediately before
==> /usr/lib/sendmail -bd -q15m
with MX records pointing to \"localhost"\ (or other names with A records
that specify 127.0.0.1), which causes this behaviour. You can use the
\ignore_target_hosts\ option to get Exim to ignore these records. The
- default contiguration does this. For more discussion, see Q0319. For
+ default configuration does this. For more discussion, see Q0319. For
other cases:
(1) If the domain is meant to be handled as a local domain, there
to scan email messages at SMTP time. \^elspy^\ also includes a small
Python library with common mail-scanning tools, including an interface
to SpamAssassin and a simple but effective virus detector. You can
- optain \^elspy^\ from \?http://elspy.sourceforge.net/?\.
+ obtain \^elspy^\ from \?http://elspy.sourceforge.net/?\.
Q0511: Whenever my system filter uses a \mail\ command to send a message, I get
==> majordomo: |/local/mail/majordomo ...
then Exim has to be told what uid/gid to use for the delivery. This can
- be done either on the routerr that handles the address, or on the
+ be done either on the router that handles the address, or on the
transport that actually does the delivery. If a pipe is going to run a
setuid program, then it doesn't matter what uid Exim starts it out with,
and so the most straightforward thing is to put
Q0604: I want to use MMDF-style mailboxes. How can I get Exim to append the
- ctrl-A characters that separate indvidual emails?
+ ctrl-A characters that separate individual emails?
A0604: Set the \message_suffix\ option in the \%appendfile%\ transport. In fact,
for MMDF mailboxes you need a prefix as well as a suffix to get it
\use_crlf\ option on the \%pipe%\ transport (tmail prefers \"@\r@\n"\
terminations) message bodies started to vanish.
-A0606: You need to unset the \mesage_prefix\ option, or change it so that its
+A0606: You need to unset the \message_prefix\ option, or change it so that its
default \"@\n"\ terminator becomes \"@\r@\n"\. For example, the
transport could be:
but it is important to some people - especially if by some unfortunate
accident the lowercased word is something indecent.
- You can trivally force lower casing by means of the \"${lc:"\ operator.
+ You can trivially force lower casing by means of the \"${lc:"\ operator.
Instead of \"$domain"\ write \"${lc:$domain}"\.
==> headers add "New-Subject: SPAM: $h_subject:"
headers remove subject
- neaders add "Subject: $h_new-subject:"
+ headers add "Subject: $h_new-subject:"
headers remove new-subject
This trick works only in system filters, where the commands are obeyed
Change log file for Exim from version 4.21
--------------------------------------------
+------------------------------------------
This document describes *changes* to previous versions, that might
affect Exim's operation, with an unchanged configuration file. For new
options, and new features, see the NewStuff file next to this ChangeLog.
+
+Exim version 4.90
+-----------------
+
+JH/01 Rework error string handling in TLS interface so that the caller in
+ more cases is responsible for logging. This permits library-sourced
+ string to be attached to addresses during delivery, and collapses
+ pairs of long lines into single ones.
+
+PP/01 Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
+ during configuration. Wildcards are allowed and expanded.
+
+JH/02 Rework error string handling in DKIM to pass more info back to callers.
+ This permits better logging.
+
+JH/03 Rework the transport continued-connection mechanism: when TLS is active,
+ do not close it down and have the child transport start it up again on
+ the passed-on TCP connection. Instead, proxy the child (and any
+ subsequent ones) for TLS via a unix-domain socket channel. Logging is
+ affected: the continued delivery log lines do not have any DNSSEC, TLS
+ cipher, Certificate or OCSP information.
+
+JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of
+ identical IP addresses on different listening ports. Will also affect
+ "exiwhat" output.
+
+PP/02 Bug 2070: uClibc defines __GLIBC__ without providing glibc headers;
+ add noisy ifdef guards to special-case this sillyness.
+ Patch from Bernd Kuhls.
+
+
Exim version 4.89
--------------------
+-----------------
+
JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules
- than -2003 did; needs libidn2 in addition to linidn.
+ than -2003 did; needs libidn2 in addition to libidn.
JH/02 The path option on a pipe transport is now expanded before use.
+PP/01 GitHub PR 50: Do not call ldap_start_tls_s on ldapi:// connections.
+ Patch provided by "Björn", documentation fix added too.
+
+JH/03 Bug 2003: fix Proxy Protocol v2 handling: the address size field was
+ missing a wire-to-host endian conversion.
+
+JH/04 Bug 2004: fix CHUNKING in non-PIPELINEING mode. Chunk data following
+ close after a BDAT command line could be taken as a following command,
+ giving a synch failure. Fix by only checking for synch immediately
+ before acknowledging the chunk.
+
+PP/02 GitHub PR 52: many spelling fixes, which include fixing parsing of
+ no_require_dnssec option and creation of _HAVE_TRANSPORT_APPEND_MAILDIR
+ macro. Patches provided by Josh Soref.
+
+JH/05 Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
+ Previously we did not; the RFC seems ambiguous and VRFY is not listed
+ by IANA as a service extension. However, John Klensin suggests that we
+ should.
+
+JH/06 Bug 2017: Fix DKIM verification in -bh test mode. The data feed into
+ the dkim code may be unix-mode line endings rather than smtp wire-format
+ CRLF, so prepend a CR to any bare LF.
+
+JH/07 Rationalise the coding for callout smtp conversations and transport ones.
+ As a side-benfit, callouts can now use PIPELINING hence fewer round-trips.
+
+JH/08 Bug 2016: Fix DKIM verification vs. CHUNKING. Any BDAT commands after
+ the first were themselves being wrongly included in the feed into dkim
+ processing; with most chunk sizes in use this resulted in an incorrect
+ body hash calculated value.
+
+JH/09 Bug 2014: permit inclusion of a DKIM-Signature header in a received
+ DKIM signature block, for verification. Although advised against by
+ standards it is specifically not ruled illegal.
+
+JH/10 Bug 2025: Fix reception of (quoted) local-parts with embedded spaces.
+
+JH/11 Bug 2029: Fix crash in DKIM verification when a message signature block is
+ missing a body hash (the bh= tag).
+
+JH/12 Bug 2018: Re-order Proxy Protocol startup versus TLS-on-connect startup.
+ It seems that HAProxy sends the Proxy Protocol information in clear and
+ only then does a TLS startup, so do the same.
+
+JH/13 Bug 2027: Avoid attempting to use TCP Fast Open for non-transport client
+ TCP connections (such as for Spamd) unless the daemon successfully set
+ Fast Open mode on its listening sockets. This fixes breakage seen on
+ too-old kernels or those not configured for Fast Open, at the cost of
+ requiring both directions being enabled for TFO, and TFO never being used
+ by non-daemon-related Exim processes.
+
+JH/14 Bug 2000: Reject messages recieved with CHUNKING but with malformed line
+ endings, at least on the first header line. Try to canonify any that get
+ past that check, despite the cost.
+
+JH/15 Angle-bracket nesting (an error inserted by broken sendmails) levels are
+ now limited to an arbitrary five deep, while parsing addresses with the
+ strip_excess_angle_brackets option enabled.
+
+PP/03 Bug 2018: For Proxy Protocol and TLS-on-connect, do not over-read and
+ instead leave the unprompted TLS handshake in socket buffer for the
+ TLS library to consume.
+
+PP/04 Bug 2018: Also handle Proxy Protocol v2 safely.
+
+PP/05 FreeBSD compat: handle that Ports no longer create /usr/bin/perl
+
+JH/16 Drop variables when they go out of scope. Memory management drops a whole
+ region in one operation, for speed, and this leaves assigned pointers
+ dangling. Add checks run only under the testsuite which checks all
+ variables at a store-reset and panics on a dangling pointer; add code
+ explicitly nulling out all the variables discovered. Fixes one known
+ bug: a transport crash, where a dangling pointer for $sending_ip_address
+ originally assigned in a verify callout, is re-used.
+
+PP/06 Drop '.' from @INC in various Perl scripts.
+
+PP/07 Switch FreeBSD iconv to always use the base-system libc functions.
+
+PP/08 Reduce a number of compilation warnings under clang; building with
+ CC=clang CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses
+ should be warning-free.
+
+JH/17 Fix inbound CHUNKING when DKIM disabled at runtime.
+
+HS/01 Fix portability problems introduced by PP/08 for platforms where
+ realloc(NULL) is not equivalent to malloc() [SunOS et al].
+
+HS/02 Bug 1974: Fix missing line terminator on the last received BDAT
+ chunk. This allows us to accept broken chunked messages. We need a more
+ general solution here.
+
+PP/09 Wrote util/chunking_fixqueue_finalnewlines.pl to help recover
+ already-broken messages in the queue.
+
+JH/18 Bug 2061: Fix ${extract } corrupting an enclosing ${reduce } $value.
+
+JH/19 Fix reference counting bug in routing-generated-address tracking.
+
Exim version 4.88
-----------------
+
JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
supports it and a size is available (ie. the sending peer gave us one).
as one having no matching records. Previously we deferred the message
that needed the lookup.
-JH/17 Fakereject: previously logged as a norml message arrival "<="; now
+JH/17 Fakereject: previously logged as a normal message arrival "<="; now
distinguished as "(=".
JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work
JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops
after the data-go-ahead and data-ack. Patch from Jason Betts.
-JH/21 Bug 1846: Send DMARC forensic reports for reject and quaratine results,
+JH/21 Bug 1846: Send DMARC forensic reports for reject and quarantine results,
even for a "none" policy. Patch from Tony Meyer.
JH/22 Fix continued use of a connection for further deliveries. If a port was
fallback to "prime256v1".
JH/34 SECURITY: Use proper copy of DATA command in error message.
- Could leak key material. Remotely explaoitable. CVE-2016-9963.
+ Could leak key material. Remotely exploitable. CVE-2016-9963.
Exim version 4.87
-----------------
+
JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16
and 3.4.4 - once the server is enabled to respond to an OCSP request
it does even when not requested, resulting in a stapling non-aware
HS/02 Add the Exim version string to the process info. This way exiwhat
gives some more detail about the running daemon.
-JH/06 Bug 1395: time-limit cacheing of DNS lookups, to the TTL value. This may
+JH/06 Bug 1395: time-limit caching of DNS lookups, to the TTL value. This may
matter for fast-change records such as DNSBLs.
JH/07 Bug 1678: Always record an interface option value, if set, as part of a
JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now
defaults to "*" (all hosts). The variable is now available when not built
- with TLS, default unset, mainly to enable keeping the testuite sane.
+ with TLS, default unset, mainly to enable keeping the testsuite sane.
If a server certificate is not supplied (via tls_certificate) an error is
logged, and clients will find TLS connections fail on startup. Presumably
they will retry in-clear.
in transport context, after the attempt, and per-recipient. The latter type
is per host attempted. The event data is the error message, and the errno
information encodes the lookup type (A vs. MX) used for the (first) host,
- and the trailing two digits of the smtp 4xx reponse.
+ and the trailing two digits of the smtp 4xx response.
GF/01 Bug 1715: Fix for race condition in exicyclog, where exim could attempt
to write to mainlog (or rejectlog, paniclog) in the window between file
"pri" and "weight". Note that the previous implicit priority given by the
list order is no longer honoured.
-JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalisation
+JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalization
for DKIM processing.
JH/23 Move SOCKS5 support from Experimental to mainline, enabled for a build
extraction. Accept either.
-
Exim version 4.86
-----------------
+
JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
expanded.
HS/02 Bug 1575: exigrep falls back to autodetection of compressed
files if ZCAT_COMMAND is not executable.
-JH/26 Bug 1539: Add timout/retry options on dnsdb lookups.
+JH/26 Bug 1539: Add timeout/retry options on dnsdb lookups.
JH/27 Bug 286: Support SOA lookup in dnsdb lookups.
JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN.
Normally benign, it bites when the pair was led to by a CNAME;
- modern usage is to not canoicalize the domain to a CNAME target
+ modern usage is to not canonicalize the domain to a CNAME target
(and we were inconsistent anyway for A-only vs AAAA+A).
JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards.
Exim version 4.85
-----------------
+
TL/01 When running the test suite, the README says that variables such as
no_msglog_check are global and can be placed anywhere in a specific
test's script, however it was observed that placement needed to be near
with certificate use, exposed issues where response data items split
over buffer boundaries were not parsed properly. This eventually
resulted in duplicates being sent. This issue only became common enough
- to notice due to the introduction of conection certificate information,
+ to notice due to the introduction of connection certificate information,
the item size being so much larger. Found and fixed by Wolfgang Breyha.
JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed
JH/07 Add support for directories of certificates when compiled with a GnuTLS
version 3.3.6 or later.
-JH/08 Rename the TPDA expermimental facility to Event Actions. The #ifdef
+JH/08 Rename the TPDA experimental facility to Event Actions. The #ifdef
is EXPERIMENTAL_EVENT, the main-configuration and transport options
both become "event_action", the variables become $event_name, $event_data
and $event_defer_errno. There is a new variable $verify_mode, usable in
JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature.
-JH/16 Fix string representation of time values on 64bit time_t anchitectures.
+JH/16 Fix string representation of time values on 64bit time_t architectures.
Bug 1561.
JH/17 Fix a null-indirection in certextract expansions when a nondefault
return.
JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers.
- This was a regression intruduced in 4.83 by another bugfix.
+ This was a regression introduced in 4.83 by another bugfix.
JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled.
advertises the facility. If the client requests PRDR a new
acl_data_smtp_prdr ACL is called once for each recipient, after
the body content is received and before the acl_smtp_data ACL.
- The client is controlled by bolth of: a hosts_try_prdr option
+ The client is controlled by both of: a hosts_try_prdr option
on the smtp transport, and the server advertisement.
Default client logging of deliveries and rejections involving
PRDR are flagged with the string "PRDR".
JH/15 AUTH support on callouts (and hence cutthrough-deliveries).
Bugzilla 321, 823.
-TF/04 Added udpsend ACL modifer and hexquote expansion operator
+TF/04 Added udpsend ACL modifier and hexquote expansion operator
PP/21 Fix eximon continuous updating with timestamped log-files.
Broken in a format-string cleanup in 4.80, missed when I repaired the
diagnostics.
Report and patch from Dmitry Banschikov.
-PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options".
+PP/16 Removed "dont_insert_empty_fragments" from "openssl_options".
Removed SSL_clear() after SSL_new() which led to protocol negotiation
failures. We appear to now support TLS1.1+ with Exim.
has clearer semantics. The /leaky, /strict, and /readonly update modes
are mutually exclusive. The update mode is no longer included in the
database key; it just determines when the database is updated. (This
- means that when you upgrde Exim will forget old rate measurements.)
+ means that when you upgrade Exim will forget old rate measurements.)
Exim now checks that the per_* options are used with an update mode that
makes sense for the current ACL. For example, when Exim is processing a
Exim version 4.75
-----------------
-NM/01 Workround for PCRE version dependency in version reporting
+NM/01 Workaround for PCRE version dependency in version reporting
Bugzilla 1073
TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0.
variable declaration deep within a block. Bug and patch from
Dennis Davis.
-PP/15 lookups-Makefile IRIX compatibilty coercion.
+PP/15 lookups-Makefile IRIX compatibility coercion.
PP/16 Make DISABLE_DKIM build knob functional.
colons if the lookup type is iplsearch. This is not incompatible, because
previously such lookups could never work.
- The situation is now rather anomolous, since one *can* have colons in
+ The situation is now rather anomalous, since one *can* have colons in
ordinary lsearch keys. However, making the change in all cases is
incompatible and would probably break a number of configurations.
PH/20 Added hosts_avoid_pipelining to the smtp transport.
PH/21 Long custom messages for fakedefer and fakereject are now split up
- into multiline reponses in the same way that messages for "deny" and
+ into multiline responses in the same way that messages for "deny" and
other ACL rejections are.
PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep,
runs only) independently of the message's sender address. This meant
that, if the 4xx error was in fact related to the sender, a different
message to the same recipient with a different sender could confuse
- things. In particualar, this can happen when sending to a greylisting
+ things. In particular, this can happen when sending to a greylisting
server, but other circumstances could also provoke similar problems.
I have changed the default so that the retry time for these errors is now
based a combination of the sender and recipient addresses. This change
JJ/03 exipick.20061117.2, made header handling as similar to exim as possible
(added [br]h_ prefixes, implemented RFC2047 decoding. Fixed
- whitesspace changes from 4.64-PH/27
+ whitespace changes from 4.64-PH/27
JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to
match 4.64-PH/13
(a) Failures to set uid/gid, the current directory, or a process leader
in a subprocess such as that created by queryprogram now generate
- suitable debugging ouput when -d is set.
+ suitable debugging output when -d is set.
(b) The queryprogram router detects when it is not running as root,
outputs suitable debugging information if -d is set, and then runs
and most important:
o fixes a bug in processing the envelope test (when testing
- multiple envelope elements, the last element determinted the
+ multiple envelope elements, the last element determined the
result)
PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to
Auto-submitted: auto-generated
in the messages that it generates (bounce messages and others, such as
- warnings). In the case of bounce messages for non-SMTP mesages, there was
+ warnings). In the case of bounce messages for non-SMTP messages, there was
also a typo: it was using "Auto_submitted" (underscore instead of
hyphen). Since every message generated by Exim is necessarily in response
to another message, thes have all been changed to:
PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts
with the definition in sysexits.h (which is #included earlier).
Fortunately, Exim does not actually use EX_OK. The code used to try to
- preserve the sysexits.h value, by assumimg that macro definitions were
+ preserve the sysexits.h value, by assuming that macro definitions were
scanned for macro replacements. I have been disabused of this notion,
so now the code just undefines EX_OK before #including unistd.h.
SC/01 Eximstats: added -xls and the ability to specify output files
(patch written by Frank Heydlauf).
-SC/02 Eximstats: use FileHandles for outputing results.
+SC/02 Eximstats: use FileHandles for outputting results.
SC/03 Eximstats: allow any combination of xls, txt, and html output.
58. When a "warn" ACL statement has a log_message modifier, the message is
remembered, and not repeated. This is to avoid a lot of repetition when a
message has many recipients that cause the same warning to be written.
- Howewer, Exim was preserving the list of already written lines for an
+ However, Exim was preserving the list of already written lines for an
entire SMTP session, which doesn't seem right. The memory is now reset if a
new message is started.
the list was checked. (An example that provoked this was putting <; in the
middle of a list instead of at the start.) If this happened during a DATA
ACL check, a -D file could be left lying around. This kind of configuration
- error no longer causes Exim to die; instead it causes a defer errror. The
+ error no longer causes Exim to die; instead it causes a defer error. The
incident is still logged to the main and panic logs.
74. Buglet left over from Exim 3 conversion. The message "too many messages
systems (e.g. Solaris), it also passes back the IP address string as the
"host name". However, on others (e.g. Linux), it passes back an empty
string. Exim wasn't checking for this, and was changing the host name to an
- empty string, assuming it had been canonicized.
+ empty string, assuming it had been canonicalized.
5. Although rare, it is permitted to have more than one PTR record for a given
IP address. I thought that gethostbyaddr() or getipnodebyaddr() always gave
13. The install script calls Exim with "-C /dev/null" in order to find the
version number. If ALT_CONFIG_PREFIX was set, this caused an error message
- to be output. Howeve, since Exim outputs its version number before the
+ to be output. However, since Exim outputs its version number before the
error, it didn't break the script. It just looked ugly. I fixed this by
always allowing "-C /dev/null" if the caller is root.
34. Testing for a connection timeout using "timeout_connect" in the retry rules
did not work. The code looks as if it has *never* worked, though it appears
- to have been documented since at least releast 1.62. I have made it work.
+ to have been documented since at least release 1.62. I have made it work.
35. The "timeout_DNS" error in retry rules, also documented since at least
1.62, also never worked. As it isn't clear exactly what this means, and
16. Check for letters, digits, hyphens, and dots in the names of dnslist
domains, and warn by logging if others are found.
-17. At least on BSD, alignment is not guarenteed for the array of ifreq's
+17. At least on BSD, alignment is not guaranteed for the array of ifreq's
returned from GIFCONF when Exim is trying to find the list of interfaces on
a host. The code in os.c has been modified to copy each ifreq to an aligned
structure in all cases.
24. Ignore Sendmail's -Ooption=value command line item.
25. When execve() failed while trying to run a command in a pipe transport,
- Exim was returning EX_UNAVAILBLE (69) from the subprocess. However, this
+ Exim was returning EX_UNAVAILABLE (69) from the subprocess. However, this
could be confused with a return value of 69 from the command itself. This
has been changed to 127, the value the shell returns if it is asked to run
a non-existent command. The wording for the related log line suggests a
47. Change 50 for 4.20 was a heap of junk. I don't know what I was thinking
when I implemented it. It didn't allow for the fact that some option values
- may legitimatetly be negative (e.g. size_addition), and it didn't even do
+ may legitimately be negative (e.g. size_addition), and it didn't even do
the right test for positive values.
48. Domain names in DNS records are case-independent. Exim always looks them up
"standard" one afterwards.
(d) The setting of the SIGTERM handler while reading SMTP commands was done
- somwhat untidily. I have re-arranged the code.
+ somewhat untidily. I have re-arranged the code.
4. If the building process was interrupted during the MakeLinks script, a
subsequent run of 'make' gave misleading errors. I've made it a bit more
use in the forthcoming Sieve addition to Exim.
56. The behaviour of -t in the presence of Resent- headers has been changed,
- for compability with Sendmail and other MTAs. Previously, Exim gave an
+ for compatibility with Sendmail and other MTAs. Previously, Exim gave an
error, because it is not clear from RFC 2822 how this might be handled. It
turns out that MUAs don't seem to follow what RFC 2822 says, and any MUA
that uses -t with Resent- ensures that there is only one set of Resent-
was also null (empty passwords are permitted), there was an infinite loop.
An empty user name is not now passed to PAM; authentication is forcibly
failed instead. Also, if the end of the list of strings is reached, an
- empty string is passed back just once; a subequent call for data provokes
+ empty string is passed back just once; a subsequent call for data provokes
an error response.
39. If a reverse DNS lookup yields an empty string, treat it as if the lookup
69. The "more" and "unseen" generic router options can now be expanded strings.
-70. The "once_repeat" option in the autoreply tranport is now an expanded
+70. The "once_repeat" option in the autoreply transport is now an expanded
string.
71. If maildir_format is set on an appendfile transport that is referenced from
72. Fixed three bugs in ${readsocket:
(i) If the operation failed, and a failure string was given, "}}" was
- erroroneously added to it.
+ erroneously added to it.
(ii) If the operation succeeded, but a failure string was present, "}" was
added to the expanded data.
(iii) The alarm for the timeout was set with signal() instead of with
4. Change 4.11/30 below overlooked the case when an address gets a 4xx
response from a server. Because this isn't a host problem, the host does
not get delayed, and it gets tried every time the address is OK'd for
- routing, with the same reponse. However, if hosts_max_try is set, because
+ routing, with the same response. However, if hosts_max_try is set, because
not all the hosts were tried, the address does not time out. I've changed
things so that if there is a 4xx response to a RCPT command, the host in
question does not count towards hosts_max_try if the message is older than
observed that getipnodebyname() gives HOST_NOT_FOUND for names for which a
DNS lookup gives TRY_AGAIN. See also change 125 below.
-90. Minor rewording of ACL error for attemted header check after RCPT.
+90. Minor rewording of ACL error for attempted header check after RCPT.
91. When USE_GDBM was set, exim_dbmbuild wasn't working properly (still assumed
- NDBM compatibilify interface); similarly in dbmdb lookups when ownership
+ NDBM compatible interface); similarly in dbmdb lookups when ownership
was being tested.
92. If a Reply-To: header contained newlines and was used to generate
SMTP connection, a pipe file descriptor was accidentally left open. This
meant that if there was a long chain of such processes, the number of open
file descriptors increased by one for each process, and if there were
- sufficent, the limit of open descriptors could be reached, causing various
+ sufficient, the limit of open descriptors could be reached, causing various
problems.
8. When an address was being checked with -bt and the routing involved an
5. The way in which Exim scans its queue when split_spool_directory is set has
changed, but this shouldn't make any noticeable difference. See doc/NewStuff
-for defails.
+for details.
Upgrading from release 3.03
. The authenticate_hosts option has been renamed as hosts_try_auth. A new
option called hosts_require_auth has been added; if authentication fails for
one of these hosts, Exim does _not_ try to send unauthenticated. It defers
- instead. The deferal error is detectable in the retry rules, so this can be
+ instead. The deferral error is detectable in the retry rules, so this can be
turned into a hard failure if required.
The logging options that have been abolished are: log_all_parents,
log_arguments, log_incoming_port, log_interface, log_ip_options,
-log_level, log_queue_run_level, log_received_sender, log_received_rceipients,
+log_level, log_queue_run_level, log_received_sender, log_received_recipients,
log_rewrites, log_sender_on_delivery, log_smtp_confirmation,
log_smtp_connections, log_smtp_syntax_errors, log_subject, tls_log_cipher,
tls_log_peerdn.
. There's a new expansion feature for running commands:
- ${run{comand args}{yes}{no}}
+ ${run{command args}{yes}{no}}
Like all the other conditional items, the {yes} and {no} strings are
optional. Omitting both is equivalent to {$value}. The standard output of the
This file contains descriptions of new features that have been added to Exim.
Before a formal release, there may be quite a lot of detail so that people can
-test from the snapshots or the CVS before the documentation is updated. Once
+test from the snapshots or the Git before the documentation is updated. Once
the documentation is updated, this file is reduced to a short list.
+Version 4.90
+------------
+
+ 1. PKG_CONFIG_PATH can now be set in Local/Makefile;
+ wildcards will be expanded, values are collapsed.
+
+ 2. The ${readsocket } expansion now takes an option to not shutdown the
+ connection after sending the query string. The default remains to do so.
+
+ 3. An smtp transport option "hosts_noproxy_tls" to control whether multiple
+ deliveries on a single TCP connection can maintain a TLS connection
+ open. By default disabled for all hosts, doing so saves the cost of
+ making new TLS sessions, at the cost of having to proxy the data via
+ another process. Logging is also affected.
+
+ 4. A malware connection type for the FPSCAND protocol.
+
+
Version 4.89
------------
+ 1. Allow relative config file names for ".include"
+
+ 2. A main-section config option "debug_store" to control the checks on
+ variable locations during store-reset. Normally false but can be enabled
+ when a memory corrution issue is suspected on a production system.
+
Version 4.88
------------
12. OCSP stapling is now supported by default.
13. If built with the EXPERIMENTAL_DSN feature enabled, Exim will output
- Delivery Status Notification messages in MIME format, and negociate
+ Delivery Status Notification messages in MIME format, and negotiate
DSN features per RFC 3461.
ignored.
7. New cutthrough routing feature. Requested by a "control = cutthrough_delivery"
- ACL modifier; works for single-recipient mails which are recieved on and
+ ACL modifier; works for single-recipient mails which are received on and
deliverable via SMTP. Using the connection made for a recipient verify,
if requested before the verify, or a new one made for the purpose while
the inbound connection is still active. The bulk of the mail item is copied
direct from the inbound socket to the outbound (as well as the spool file).
When the source notifies the end of data, the data acceptance by the destination
- is negociated before the acceptance is sent to the source. If the destination
+ is negotiated before the acceptance is sent to the source. If the destination
does not accept the mail item, for example due to content-scanning, the item
is not accepted from the source and therefore there is no need to generate
a bounce mail. This is of benefit when providing a secondary-MX service.
The downside is that delays are under the control of the ultimate destination
system not your own.
- The Recieved-by: header on items delivered by cutthrough is generated
+ The Received-by: header on items delivered by cutthrough is generated
early in reception rather than at the end; this will affect any timestamp
included. The log line showing delivery is recorded before that showing
reception; it uses a new ">>" tag instead of "=>".
provided to the authentication method which failed. It is available
for use in subsequent ACL processing (typically quit or notquit ACLs).
-23. New ACL modifer "udpsend" can construct a UDP packet to send to a given
+23. New ACL modifier "udpsend" can construct a UDP packet to send to a given
UDP host and port.
24. New ${hexquote:..string..} expansion operator converts non-printable
acl_smtp_auth string* unset main 4.00
acl_smtp_connect string* unset main 4.11
acl_smtp_data string* unset main 4.00
-acl_smtp_data_prdr string* unset main 4.82 with expreimental_prdr
+acl_smtp_data_prdr string* unset main 4.82 with experimental_prdr
acl_smtp_dkim string* unset main 4.70 unless disable_dkim
acl_smtp_etrn string* unset main 4.00
acl_smtp_expn string* unset main 4.00
debug_print string* unset authenticators 4.00
unset routers 4.00
unset transports 2.00
+debug_store boolean false main 4.90
delay_after_cutoff boolean true smtp
delay_warning time list 24h main
delay_warning_condition string* + main 1.73
hosts_max_try integer 5 smtp 3.20
hosts_max_try_hardlimit integer 50 smtp 4.50
hosts_nopass_tls host list unset smtp 4.00
+hosts_noproxy_tls host list "*" smtp 4.90
hosts_override boolean false smtp 2.11
hosts_randomize boolean false manualroute 4.00
false smtp 3.14
EXIM_PERL optional
EXIM_USER mandatory user to use for Exim
EXIWHAT_EGREP_ARG system** to find Exim processes from ps
-EXIWHAT_KILL_SIGNAL system** -SIGUSER1 or numerical equivalent
+EXIWHAT_KILL_SIGNAL system** -SIGUSR1 or numerical equivalent
EXIWHAT_MULTIKILL_CMD system**
EXIWHAT_MULTIKILL_ARG system**
EXIWHAT_PS_ARG system** to list all processes
to compose messages. As a result, different implementations generate
different mails. The Exim Sieve implementation splits the reason into
header and body. It adds the header to the mail header and uses the body
-as mail body. Be aware, that other imlementations compose a multipart
+as mail body. Be aware, that other implementations compose a multipart
structure with the reason as only part. Both conform to the specification
(or lack thereof).
compatibility interface, or via its own native interface. There are two
advantages to doing the latter: (1) you don't run the risk of Exim's seeing the
"wrong" version of the ndbm.h header, as described above, and (2) the
-performace is better. It is therefore recommended that you set USE_DB=yes in an
+performance is better. It is therefore recommended that you set USE_DB=yes in an
appropriate Local/Makefile-xxx file. (If you are compiling for just one OS, it
can go in Local/Makefile itself.)
liable to incompatible change.
-Brightmail AntiSpam (BMI) suppport
+Brightmail AntiSpam (BMI) support
--------------------------------------------------------------
Brightmail AntiSpam is a commercial package. Please see
1) Adding support for BMI at compile time
To compile with BMI support, you need to link Exim against
- the Brighmail client SDK, consisting of a library
+ the Brightmail client SDK, consisting of a library
(libbmiclient_single.so) and a header file (bmi_api.h).
You'll also need to explicitly set a flag in the Makefile to
include BMI support in the Exim binary. Both can be achieved
A lookup expansion is also available. It takes an email
address as the key and an IP address as the database:
- $lookup (username@domain} spf {ip.ip.ip.ip}}
+ ${lookup {username@domain} spf {ip.ip.ip.ip}}
The lookup will return the same result strings as they can appear in
$spf_result (pass,fail,softfail,neutral,none,err_perm,err_temp).
Exiscan currently includes SRS support via Miles Wilton's
libsrs_alt library. The current version of the supported
-library is 0.5.
+library is 0.5, there are reports of 1.0 working.
In order to use SRS, you must get a copy of libsrs_alt from
-http://srs.mirtol.com/
+https://opsec.eu/src/srs/
+
+(not the original source, which has disappeared.)
Unpack the tarball, then refer to MTAs/README.EXIM
to proceed. You need to set
in your Local/Makefile.
+
DCC Support
--------------------------------------------------------------
Distributed Checksum Clearinghouse; http://www.rhyolite.com/dcc/
mout-xforward.gmx.net 82.165.159.12
mout.gmx.net 212.227.15.16
-Use a reasonable IP. eg. one the sending cluster acutally uses.
+Use a reasonable IP. eg. one the sending cluster actually uses.
DMARC Support
--------------------------------------------------------------
MX, A and TLSA records.
A TLSA lookup will be done if either of the above options match
-and the host-lookup succeded using dnssec.
+and the host-lookup succeeded using dnssec.
If a TLSA lookup is done and succeeds, a DANE-verified TLS connection
will be required for the host. If it does not, the host will not
be used; there is no fallback to non-DANE or non-TLS.
Example:
X-Exim-Diagnostic: X-str; SMTP error from remote mail server after RCPT TO:<d3@myhost.test.ex>: 550 hard error
Rationale:
- This string somtimes give extra information over the
+ This string sometimes give extra information over the
existing (already available) Diagnostic-Code field.
LMDB Lookup support
-------------------
LMDB is an ultra-fast, ultra-compact, crash-proof key-value embedded data store.
-It is modeled loosely on the BerkeleyDB API. You shoul read about the feature
+It is modeled loosely on the BerkeleyDB API. You should read about the feature
set as well as operation modes at https://symas.com/products/lightning-memory-mapped-database/
LMDB single key lookup support is provided by linking to the LMDB C library.
--- /dev/null
+OpenSSL
+=======
+
+The OpenSSL Project documents their supported releases at
+<https://www.openssl.org/policies/releasestrat.html>. The Exim
+Maintainers are unwilling to try to support Exim built with a
+version of a critical security library which is unmaintained.
+
+Thus as versions of OpenSSL become unsupported by OpenSSL, they become
+unsupported by Exim. Exim might build with older releases of OpenSSL,
+but that's risky behaviour.
+
+If your operating system vendor continues to ship an older version of
+OpenSSL and is diligently backporting security fixes, and they support
+Exim, then they will be backporting fixes to their packages of Exim too.
+If you wish to stick purely to packages of OpenSSL, then stick to
+packages of Exim too.
+
+If someone maintains "backports", that is worth exploring too.
+
+Note that a number of OSes use Exim with GnuTLS, not OpenSSL.
+
+Otherwise, assuming that your operating system has old OpenSSL, and you
+wish to use current Exim with OpenSSL, then you need to build and
+install your own, without interfering with the system libraries.
+Fortunately, this is easy.
+
+So this only applies if you build Exim yourself.
+
+
+Build
+-----
+
+Extract the current source of OpenSSL. Change into that directory.
+
+This assumes that `/opt/openssl` is not in use. If it is, pick
+something else. `/opt/exim/openssl` perhaps.
+
+ ./config --prefix=/opt/openssl --openssldir=/etc/ssl \
+ -L/opt/openssl/lib -Wl,-R/opt/openssl/lib \
+ enable-ssl-trace
+ make
+ make install
+
+You now have an installed OpenSSL under /opt/openssl which will not be
+used by any system programs.
+
+When you copy `src/EDITME` to `Local/Makefile` to make your build edits,
+choose the pkg-config approach in that file, but also tell Exim to add
+the relevant directory into the rpath stamped into the binary:
+
+ SUPPORT_TLS=yes
+ USE_OPENSSL_PC=openssl
+ EXTRALIBS_EXIM=-ldl -Wl,-rpath,/opt/openssl/lib
+
+The -ldl is needed by OpenSSL 1.1+ on Linux and is not needed on most
+other platforms.
+
+Then tell pkg-config how to find the configuration files for your new
+OpenSSL install, and build Exim:
+
+ export PKG_CONFIG_PATH=/opt/openssl/lib/pkgconfig
+ make
+ sudo make install
+
+(From Exim 4.89, you can put that `PKG_CONFIG_PATH` directly into
+ your `Local/Makefile` file.)
+
+
+Confirming
+----------
+
+Run:
+
+ exim -d-all+expand --version
+
+and look for the `Library version: OpenSSL:` lines.
+
+To look at the libraries _probably_ found by the linker, use:
+
+ ldd $(which exim) # most platforms
+ otool -L $(which exim) # MacOS
+
+although that does not correctly handle restrictions imposed upon
+executables which are setuid.
+
+If the `chrpath` package is installed, then:
+
+ chrpath -l $(which exim)
+
+will show the DT_RPATH stamped into the binary.
+
+Your `binutils` package should come with `readelf`, so an alternative
+is to run:
+
+ readelf -d $(which exim) | grep RPATH
+
+
+Very Advanced
+-------------
+
+You can not use $ORIGIN for portably packing OpenSSL in with Exim with
+normal Exim builds, because Exim is installed setuid which causes the
+runtime linker to ignore $ORIGIN in DT_RPATH.
+
+_If_ following the steps for a non-setuid Exim, _then_ you can use:
+
+ EXTRALIBS_EXIM=-ldl '-Wl,-rpath,$$ORIGIN/../lib'
+
+The doubled `$$` is needed for the make(1) layer and the quotes needed
+for the shell invoked by make(1) for calling the linker.
+
+Note that this is sufficiently far outside normal that the build-system
+doesn't support it by default; you'll want to drop a symlink to the lib
+directory into the Exim release top-level directory, so that lib exists
+as a sibling to the build-$platform directory.
+
# make sure this looks like a real release version
# which should (currently) be 4.xx[.y] or 4.xx[.y]_RCx
- unless ( $release =~ /^(?<release>(?<major>4\.\d\d)(?:\.(?<minor>\d+))?(?:_RC\d+)?)$/ ) {
+ unless ( $release =~ /^(?<release>(?<major>4\.\d\d)(?:\.(?<minor>\d+))?(?<rc>_RC\d+)?)$/ ) {
croak "The given version number does not look right - $release";
}
$context->{release} = $+{release};
$context->{major} = $+{major};
$context->{minor} = $+{minor};
+ $context->{candidatev} = $+{rc};
($context->{trelease} = $+{release}) =~ s/_RC\d+//;
}
# Thus we've to provide the version.sh, based on the info we have
# about the release. If reversion finds this, it doesn't try to find
# it's own way to get a valid version number from the git.
+ #
+ # 4.89 series: the logic here did not handle _RC<N> thus breaking RC
+ # status in versions. nb: candidatev in context should be same as $variant
+ # in local context.
+ my $stamp = $context->{minor} ? '_'.$context->{minor} : '';
+ $stamp .= $context->{candidatev} if $context->{candidatev};
+ #
open(my $v, '>', 'version.sh') or die "Can't open '>version.sh' $!\n";
print {$v} <<__;
# initial version automatically generated from $0
EXIM_RELEASE_VERSION=$context->{major}
-EXIM_VARIANT_VERSION=@{[$context->{minor}?'_'.$context->{minor}:'']}
+EXIM_VARIANT_VERSION=$stamp
EXIM_COMPILE_NUMBER=0
__
close($v);
# move generated documents from docbook stuff
foreach my $file (qw/exim.8 spec.txt filter.txt/) {
+ die "Empty file \"$file\"\n" if -z File::Spec->catfile( $old_docdir, $file );
move( File::Spec->catfile( $old_docdir, $file ), File::Spec->catfile( $new_docdir, $file ) );
}
}
}
+ # We ideally do not want local system user information in release tarballs;
+ # those are artifacts of use of tar for backups and have no place in
+ # software release packaging; if someone extracts as root, then they should
+ # get sane file ownerships.
+ my $ownership = "";
+ if (`tar --help 2>&1` =~ /^\s*--owner=/m) {
+ $ownership .= " --owner=$context->{tar_perms}{user} --group=$context->{tar_perms}{group}";
+ # on this GNU tar, --numeric-owner works during creation too
+ $ownership .= " --numeric-owner";
+ }
+
+ # See also environment variables set in main, tuning compression levels
+ my @COMPRESSIONS = (
+ # compressors-dict-key, file-extension, flags-as-string
+ [ "gzip", "gz", "--gzip" ],
+ [ "bzip2", "bz2", "--bzip2" ],
+ [ "lzip", "lz", "--lzip" ],
+ [ "xz", "xz", "--xz" ],
+ );
+
foreach my $dir ( glob( File::Spec->catdir( $pkgdirs, ( 'exim*-' . $context->{release} ) ) ) ) {
my $dirname = ( File::Spec->splitdir($dir) )[-1];
- if ($context->{compressors}{gzip}) {
- print "Creating: ${pkgs}/${dirname}.tar.gz\n" if ($verbose || $debug);
- system("$tar cf ${pkgs}/${dirname}.tar.gz --gzip -C ${pkgdirs} ${dirname}")
- }
- if ($context->{compressors}{bzip2}) {
- print "Creating: ${pkgs}/${dirname}.tar.bz2\n" if ($verbose || $debug);
- system("$tar cf ${pkgs}/${dirname}.tar.bz2 --bzip2 -C ${pkgdirs} ${dirname}")
- }
- if ($context->{compressors}{lzip}) {
- print "Creating: ${pkgs}/${dirname}.tar.lz\n" if ($verbose || $debug);
- system("$tar cf ${pkgs}/${dirname}.tar.lz --lzip -C ${pkgdirs} ${dirname}")
+ foreach my $comp (@COMPRESSIONS) {
+ my ($compkey, $extension, $flags) = @{$comp};
+ next unless $context->{compressors}{$compkey};
+ print "Creating: ${pkgs}/${dirname}.tar.${extension}\n" if ($verbose || $debug);
+ system("$tar cf ${pkgs}/${dirname}.tar.${extension} ${flags} ${ownership} -C ${pkgdirs} ${dirname}");
}
}
+
}
# ------------------------------------------------------------------
tmp_dir => File::Temp->newdir(),
webgen_base => "$FindBin::Bin/../../../exim-website",
tar_cmd => 'tar',
+ tar_perms => {
+ user => '0',
+ group => '0',
+ },
make_cmd => 'make',
compressors => {
gzip => 1,
bzip2 => 1,
+ xz => 1,
lzip => 0,
},
build_docs => 1,
my $delete;
my $cleanup = 1;
##$ENV{'PATH'} = '/opt/local/bin:' . $ENV{'PATH'};
+ # We are creating files for mass distribution, so work harder to make smaller files.
+ $ENV{'GZIP'} = '-9';
+ $ENV{'BZIP2'} = '-9';
+ # xz documents minimum file sizes for levels higher than -6 to be useful and each
+ # requires more RAM on the decompressing system. Exim tarball currently 24MiB so
+ # using -8.
+ $ENV{'XZ_DEFAULTS'} = '-8';
GetOptions(
'directory=s' => \$context->{directory},
'web!' => \$context->{web},
) and @ARGV == 1 or pod2usage;
+ umask(022);
get_and_check_version( shift, $context );
fix_paths_tar($context);
$context->{tag} = build_tag($context);
# A really dumb script for making a quick tarball of Exim
set -e
+trap 'test -n "$TMP_DIR" && rm -r "$TMP_DIR"' EXIT
-OWD=$(pwd -P)
+OLD_DIR=$(pwd)
+GIT_DIR=$(git rev-parse --show-toplevel)
+TMP_DIR=$(mktemp -d -t exim-quickrelease.XXXXXX)
-GWD=$(git rev-parse --git-dir)
-
-TWD=$(mktemp -d -t exim) || exit 1
-echo $TWD
-cd $TWD
-
-git clone $GWD
+cd $TMP_DIR
+git clone $GIT_DIR
cd exim/src/src
../scripts/reversion
-. version.sh
+. ./version.sh
EXIM=exim-${EXIM_RELEASE_VERSION}${EXIM_VARIANT_VERSION}
cd ../..
-mv src $EXIM
-tar cfz $EXIM.tar.gz $EXIM
-mv $EXIM src
-
-cd $OWD
-mv $TWD/exim/$EXIM.tar.gz .
-rm -rf $EXIM
+mv -v src $EXIM
+tar czf $EXIM.tar.gz $EXIM
+mv $EXIM.tar.gz $OLD_DIR
echo $EXIM.tar.gz
-#!/bin/sh
+#!/bin/sh -eu
+
+# gpg signs all *.tar.* files under the release directory.
+# Invoke from that dir, or let the script try to figure it out for you.
+
+# Key used is from env var EXIM_KEY; if git config finds user.signingkey, then
+# that is the default. You can set this per-repo with:
+# git config --local user.signingkey SOME_IDENTIFIER
#
-# gpg signs all *.tar.* files under a given directory
-# key used set from env var EXIM_KEY, script defaults that to Nigel's.
+# If not set in git config then you _MUST_ set the env var.
+
# woe betide the poor sod who does not use a gpg agent, so has
# to enter their password for every file...
+
+prog="$(basename "$0")"
+warn() { printf >&2 "%s: %s\n" "$prog" "$*" ; }
+
+: "${GPG_COMMAND:=gpg}"
+umask 022
+
+# We've always expected an explicit key for signing, instead of just using the
+# gnupg config. It make sense to honor the git config value. It makes sense
+# to honor env. But git doesn't allow specifying multiple subkeys, it only
+# passes one -u option.
+# UID specs explicitly allow whitespace in several formats.
+# We have one scalar value, we're sh, we're not going to try using an array.
#
+# So if you want to sign with multiple subkeys, then set it up with multiple
+# local-user directives in ~/.gnupg/gpg.conf & set EXIM_KEY=default in environ.
+
+if repo_signing_key="$(git config user.signingkey)"; then
+ : "${EXIM_KEY:=$repo_signing_key}"
+else
+ if [ ".${EXIM_KEY:-}" = "." ]; then
+ warn "no EXIM_KEY found, trusting local gpg config"
+ fi
+fi
+
+case "${EXIM_KEY:-default}" in
+default|DEFAULT)
+ gpg_sign() { ${GPG_COMMAND} --detach-sig --armor "${1:?}" ; }
+ ;;
+*)
+ gpg_sign() { ${GPG_COMMAND} --local-user "${EXIM_KEY}" --detach-sig --armor "${1:?}" ; }
+ ;;
+esac
+
+cd_to() { echo "Working in: $1"; cd "$1"; }
-dir=${1:?start directory}
+okay=false
+if [ -d ../../release-process ] && [ "${PWD##*/}" = "pkgs" ]; then
+ okay=true # we are in right dir
+elif [ -d release-process ]; then
+ b="$(find . -maxdepth 1 -name 'exim-packaging-*' | sort | tail -n 1)"
+ if [ ".$b" != "." ]; then
+ cd_to "$b/pkgs"
+ okay=true
+ fi
+fi
+if ! $okay; then
+ if [ -d "${1:?need a directory to look in}" ]; then
+ cd_to "$1"
+ shift
+ else
+ printf "%s: %s\n" >&2 "$(basename "$0")" "where should I be looking"
+ exit 1
+ fi
+fi
-: ${EXIM_KEY:=nigel@exim.org}
+# Assumes no whitespace (strictly, $IFS) in filenames, which we're okay with
+set $(find . -name '*.asc' -prune -o -type f -print | cut -c 3- | sort)
-find "$dir" \
- -type f -name '*.tar.*' \
- -exec gpg --local-user ${EXIM_KEY} --detach-sig --armor {} \;
+for FILE
+do
+ echo "Signing: $FILE"
+ gpg_sign "$FILE"
+done
--- /dev/null
+#!/bin/sh -eu
+
+okay=false
+if [ -d ../../release-process ] && [ "${PWD##*/}" = "pkgs" ]; then
+ okay=true # we are in right dir
+elif [ -d release-process ]; then
+ b="$(find . -maxdepth 1 -name 'exim-packaging-*' | sort | tail -n 1)"
+ if [ ".$b" != "." ]; then
+ cd "$b/pkgs"
+ okay=true
+ fi
+fi
+if ! $okay; then
+ if [ -d "${1:?need a directory to look in}" ]; then
+ cd "$1"
+ shift
+ else
+ printf "%s: %s\n" >&2 "$(basename "$0")" "where should I be looking"
+ exit 1
+ fi
+fi
+
+set $(find "${1:-.}" -name '*.asc' -prune -o -type f -print | cut -c 3- | sort)
+
+# stat(1) formats are non-portable BSD vs GNU
+perl -le 'print "SIZE($_)= @{[-s $_]}" foreach @ARGV' "$@"
+echo
+openssl dgst -sha256 "$@"
@cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS)
-# This pair for the convinience of of the Debian maintainers
+# This pair for the convenience of of the Debian maintainers
exim: Local/Makefile configure
@cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS) exim
utils: Local/Makefile configure
# This file is the basis of the main makefile for Exim and friends. The
# makefile at the top level arranges to build the main makefile by calling
# scripts/Configure-Makefile from within the build directory. This
-# concatentates the configuration settings from Local/Makefile and other,
+# concatenates the configuration settings from Local/Makefile and other,
# optional, Local/* files at the front of this file, to create Makefile in the
# build directory.
#
# Compile step for most of the exim modules. HDRS is a list of headers
-# which cause everthing to be rebuilt. PHDRS is the same, for the use
+# which cause everything to be rebuilt. PHDRS is the same, for the use
# of routers, transports, and authenticators. I can't find a way of doing this
# in one. This list is overkill, but it doesn't really take much time to
# rebuild Exim on a modern computer.
tod.o: $(HDRS) tod.c
transport.o: $(HDRS) transport.c
tree.o: $(HDRS) tree.c
-verify.o: $(HDRS) verify.c
+verify.o: $(HDRS) transports/smtp.h verify.c
dkim.o: $(HDRS) pdkim/pdkim.h dkim.c
# Dependencies for WITH_CONTENT_SCAN modules
test_dbfn: config.h dbfn.c dummies.o sa-globals.o sa-os.o store.o \
string.o tod.o version.o utf8.o
$(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c
+ $(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY store.c
$(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \
dummies.o sa-globals.o sa-os.o store.o string.o \
tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS)
- rm -f dbfn.o
+ rm -f dbfn.o store.o
test_host: config.h child.c host.c dns.c dummies.c sa-globals.o os.o \
store.o string.o tod.o tree.o
##################################################
-# The following is normaly set in local/Makefile.
+# The following is normally set in local/Makefile.
# Makefile.cygwin provides defaults with which the
# precompiled version is built
##################################################
#############################################################################
# The following definitions are relevant only when compiling the Exim monitor
-# program, which requires an X11 display. See the varible EXIM_MONITOR in
+# program, which requires an X11 display. See the variable EXIM_MONITOR in
# src/EDITME for how to suppress this compilation.
# X11 contains the location of the X11 libraries and include files.
STRIP_COMMAND=/usr/bin/strip
CHMOD_COMMAND=/bin/chmod
+# FreeBSD Ports no longer insert compatibility symlinks into /usr/bin for
+# scripting languages which traditionally have had them.
+PERL_COMMAND=/usr/local/bin/perl
+
HAVE_SA_LEN=YES
# crypt() is in a separate library
LIBS=-lcrypt -lm -lutil
-# Dynamicly loaded modules need to be built with -fPIC
+# Dynamically loaded modules need to be built with -fPIC
CFLAGS_DYNAMIC=-shared -rdynamic -fPIC
# FreeBSD always ships with Berkeley DB
and to avoid exec that cause loss of privilege
If not privileged and unable to chown,
we set the exim uid to our uid.
- If unprivileged and /var/spool/exim is writable and not runing as listening daemon,
+ If unprivileged and /var/spool/exim is writable and not running as listening daemon,
we fake all subsequent setuid. */
/* Get the system and admins uid from their sids */
typedef struct flock flock_t;
-/* default is non-const */
-#define ICONV_ARG2_TYPE const char **
+/* iconv arg2 type: libiconv in Ports uses "const char* * inbuf" and was
+ * traditionally the only approach available. The iconv functionality
+ * in libc is "char ** restrict src".
+ *
+ * <https://www.freebsd.org/doc/en/books/porters-handbook/using-iconv.html>
+ * says that libc has iconv since 2013, in 10-CURRENT. FreeBSD man-pages
+ * shows it included in 10.0-RELEASE. Writing this in 2017, 10.3 is the
+ * oldest supported release, so we should assume non-libiconv by default.
+ * (Actually, people still using old releases past EOL; we shouldn't support
+ * them but I don't want to deal with howls of complaints because we dare
+ * to not support the unsupported, so guard this on FreeBSD 10+)
+ *
+ * Thus we no longer override iconv.
+ *
+ * However, if libiconv is installed, and anything adds /usr/local/include
+ * to include-path (likely) then we'll get that. So define a variable
+ * which makes the libiconv try to not interfere with OS iconv.
+ */
+#if __FreeBSD__ >= 10
+# define LIBICONV_PLUG
+#endif
+/* for more specific version constraints, include <sys/param.h> and look at
+ * __FreeBSD_version */
/* End */
# define EXIM_HAVE_OPENAT
#endif
+#include <netinet/tcp.h> /* for TCP_FASTOPEN */
+#include <sys/socket.h> /* for MSG_FASTOPEN */
#if defined(TCP_FASTOPEN) && !defined(MSG_FASTOPEN)
# define MSG_FASTOPEN 0x20000000
#endif
#define OS_GETCWD
+#ifndef MIN
+# define MIN(a,b) (((a)<(b))?(a):(b))
+# define MAX(a,b) (((a)>(b))?(a):(b))
+#endif
+
/* End */
*) dsn_process switch removed
*) every router "processes" DSN by default
- *) there is no possibilty to "gag" DSN anymore since this violates RFC
+ *) there is no possibility to "gag" DSN anymore since this violates RFC
*) dsn_lasthop switch added for routers
*) if dsn_lasthop is set by a router it is handled as relaying to a
non DSN aware relay. success mails are sent if Exim successfully
that might affect a running system.
+Exim version 4.89
+-----------------
+
+ * SMTP CHUNKING in Exim 4.88 did not ensure that received mails had a final
+ newline; attempts to deliver such messages onwards to non-chunking hosts
+ would probably hang, as Exim does not insert the newline before a ".".
+ In 4.89, the newline is added upon receipt. For already-received messages
+ in your queue, try util/chunking_fixqueue_finalnewlines.pl
+ to walk the queue, fixing any affected messages. Note that because a
+ delivery attempt will be hanging, attempts to lock the messages for fixing
+ them will stall; stopping all queue-runners temporarily is recommended.
+
+ * OpenSSL: oldest supported release series is now 1.0.2, which is the oldest
+ supported by the OpenSSL project. If you can build Exim with an older
+ release series, congratulations. If you can't, then upgrade.
+ The file doc/openssl.txt contains instructions for installing a current
+ OpenSSL outside the system library paths and building Exim to use it.
+
+ * FreeBSD: we now always use the system iconv in libc, as all versions of
+ FreeBSD supported by the FreeBSD project provide this functionality.
+
+
Exim version 4.88
-----------------
3. Version 4.23 saves the contents of the ACL variables with the message, so
that they can be used later. If one of these variables contains a newline,
there will be a newline character in the spool that will not be interpreted
- correctely by a previous version of Exim. (Exim ignores keyed spool file
+ correctly by a previous version of Exim. (Exim ignores keyed spool file
items that it doesn't understand - precisely for this kind of problem - but
it expects them all to be on one line.)
}
/*
- * NOTE: This function really needs to recieve graphics exposure
+ * NOTE: This function really needs to receive graphics exposure
* events, but since this is not easily supported until R4 I am
* going to hold off until then.
*/
* used by all more than one of these dialogs.
*
* The following functions are the only non-static ones defined
- * in this module. They are located at the begining of the
+ * in this module. They are located at the beginning of the
* section that contains this dialog box that uses them.
*
* void _XawTextInsertFileAction(w, event, params, num_params);
*
* Note:
*
- * If the search was sucessful and the argument popdown is passed to
+ * If the search was successful and the argument popdown is passed to
* this action routine then the widget will automatically popdown the
* search widget.
*/
PopdownSearch(w, (XtPointer) tw->text.search, NULL);
}
-/* Function Name: PopdownSeach
+/* Function Name: PopdownSearch
* Description: Pops down the search widget and resets it.
* Arguments: w - *** NOT USED ***.
* closure - a pointer to the search structure.
* The parameter list contains one or two entries that may be the following.
*
* First Entry: The first entry is the direction to search by default.
- * This arguement must be specified and may have a value of
+ * This argument must be specified and may have a value of
* "left" or "right".
*
* Second Entry: This entry is optional and contains the value of the default
/* Function Name: DoSearch
* Description: Performs a search.
- * Arguments: search - the serach structure.
- * Returns: TRUE if sucessful.
+ * Arguments: search - the search structure.
+ * Returns: TRUE if successful.
*/
/* ARGSUSED */
*
* NOTE:
*
- * The function argument is passed the following arguements.
+ * The function argument is passed the following arguments.
*
* form - the from widget that is the dialog.
* ptr - the initial string for the dialog's text widget.
static int stripchart_count = 0; /* count stripcharts created */
static int *stripchart_delay; /* vector of delay counts */
static Widget *stripchart_label; /* vector of label widgets */
-static int *stripchart_last_total; /* vector of prevous values */
+static int *stripchart_last_total; /* vector of previous values */
static int *stripchart_max; /* vector of maxima */
static int *stripchart_middelay; /* vector of */
static int *stripchart_midmax; /* vector of */
mf=Makefile
mft=$mf-t
mftt=$mf-tt
+mftepcp=$mf-tepcp
+mftepcp2=$mf-tepcp2
look_mf=lookups/Makefile
look_mf_pre=${look_mf}.predynamic
# Ensure the temporary does not exist and start the new one by setting
# the OSTYPE and ARCHTYPE variables.
-rm -f $mft $mftt $look_mf-t
+rm -f $mft $mftt $mftepcp $mftepcp2 $look_mf-t
(echo "OSTYPE=$ostype"; echo "ARCHTYPE=$archtype"; echo "") > $mft || exit 1
# Now concatenate the files to the temporary file. Copy the files using sed to
| sed 's/^TMPDIR=/EXIM_&/' \
>> $mft || exit 1
+# handle PKG_CONFIG_PATH because we need it in our env, and we want to handle
+# wildcards; note that this logic means all setting _appends_ values, never
+# replacing; if that's a problem, we can revisit.
+sed -n "s/^[$st]*PKG_CONFIG_PATH[$st]*[+]*=[$st]*//p" $mft | \
+ sed "s/[$st]*\$//" >> $mftepcp
+if test -s ./$mftepcp
+then
+ # expand any wildcards and strip spaces, to make it a real PATH-like variable
+ ( IFS=":${IFS-$st}"; for P in `cat ./$mftepcp`; do echo "$P"; done ) | xargs | sed "s/[$st]/:/g" >./$mftepcp2
+ sed "s/^/PKG_CONFIG_PATH='/" < ./$mftepcp2 | sed "s/\$/'/" > ./$mftepcp
+ . ./$mftepcp
+ export PKG_CONFIG_PATH
+ egrep -v "^[$st]*PKG_CONFIG_PATH[$st]*=" ./$mft > ./$mftt
+ rm -f ./$mft
+ (
+ echo "# Collapsed PKG_CONFIG_PATH in build-prep:"
+ sed "s/'//g" ./$mftepcp
+ echo "# End of collapsed PKG_CONFIG_PATH"
+ echo ""
+ cat ./$mftt
+ ) > ./$mft
+ rm -f ./$mftt
+fi
+rm -f ./$mftepcp ./$mftepcp2
+
# handle pkg-config
# beware portability of extended regexps with sed.
-
egrep "^[$st]*(AUTH|LOOKUP)_[A-Z0-9_]*[$st]*=[$st]*" $mft | \
sed "s/[$st]*=/='/" | \
sed "s/\$/'/" > $mftt
echo "CFLAGS += $tls_include"
echo "LDFLAGS += $tls_libs"
else
- echo "CFLAGS += $(libgcrypt-config --cflags)"
- echo "LDFLAGS += $(libgcrypt-config --libs)"
+ echo "CFLAGS += `libgcrypt-config --cflags`"
+ echo "LDFLAGS += `libgcrypt-config --libs`"
fi
fi
fi
# least one type of lookup. You should consider whether you want to build
# the Exim monitor or not.
+# If you need to override how pkg-config finds configuration files for
+# installed software, then you can set that here; wildcards will be expanded.
+
+# PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig : /opt/*/lib/pkgconfig
+
#------------------------------------------------------------------------------
# These settings determine which individual router drivers are included in the
# That shim can set macros before .include'ing your main configuration file.
#
# As a strictly transient measure to ease migration to 4.73, the
-# WHITELIST_D_MACROS value definies a colon-separated list of macro-names
+# WHITELIST_D_MACROS value defines a colon-separated list of macro-names
# which are permitted to be overridden from the command-line which will be
# honoured by the Exim user. So these are macros that can persist to delivery
# time.
# AUTH_GSASL_PC=libgsasl
# AUTH_HEIMDAL_GSSAPI=yes
# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
+# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
# AUTH_PLAINTEXT=yes
# AUTH_SPA=yes
# AUTH_TLS=yes
+# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
+# requires multiple pkg-config files to work with Exim, so the second example
+# above is needed.
#------------------------------------------------------------------------------
# If you specified AUTH_CYRUS_SASL above, you should ensure that you have the
#
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
# as well.
+#
+# nb: FreeBSD as of 4.89 defines LIBICONV_PLUG to pick up the system iconv
+# more reliably. If you explicitly want the libiconv Port then as well
+# as adding -liconv you'll want to unset LIBICONV_PLUG. If you actually need
+# this, let us know, but for now the Exim Maintainers are assuming that this
+# is uncommon and so you'll need to edit OS/os.h-FreeBSD yourself to remove
+# the define.
#------------------------------------------------------------------------------
# Note that this option adds to the size of the Exim binary, because the
# dynamic loading library is not otherwise included.
+# If libreadline is not in the normal library paths, then because Exim is
+# setuid you'll need to ensure that the correct directory is stamped into
+# the binary so that dlopen will find it.
+# Eg, on macOS/Darwin with a third-party install of libreadline, perhaps:
+
+# EXTRALIBS_EXIM+=-Wl,-rpath,/usr/local/opt/readline/lib
+
#------------------------------------------------------------------------------
# Uncomment this setting to include IPv6 support.
/* Enable recursion between acl_check_internal() and acl_check_condition() */
-static int acl_check_wargs(int, address_item *, const uschar *, int, uschar **,
+static int acl_check_wargs(int, address_item *, const uschar *, uschar **,
uschar **);
/* Need to do a lookup */
HDEBUG(D_acl)
- debug_printf("looking up host name to force name/address consistency check\n");
+ debug_printf_indent("looking up host name to force name/address consistency check\n");
if ((rc = host_name_lookup()) != OK)
{
Arguments:
dnsa the DNS answer block
dnss a DNS scan block for us to use
- reset option specifing what portion to scan, as described above
+ reset option specifying what portion to scan, as described above
target the target hostname to use for matching RR names
Returns: CSA_OK successfully authorized
{
/* If the client IP address matches the target IP address, it's good! */
- DEBUG(D_acl) debug_printf("CSA target address is %s\n", da->address);
+ DEBUG(D_acl) debug_printf_indent("CSA target address is %s\n", da->address);
if (strcmpic(sender_host_address, da->address) == 0) return CSA_OK;
}
GETSHORT(port, p);
DEBUG(D_acl)
- debug_printf("CSA priority=%d weight=%d port=%d\n", priority, weight, port);
+ debug_printf_indent("CSA priority=%d weight=%d port=%d\n", priority, weight, port);
/* Check the CSA version number */
(void)dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
(DN_EXPAND_ARG4_TYPE)target, sizeof(target));
- DEBUG(D_acl) debug_printf("CSA target is %s\n", target);
+ DEBUG(D_acl) debug_printf_indent("CSA target is %s\n", target);
break;
}
*log_msgptr = *user_msgptr = string_sprintf("client SMTP authorization %s",
csa_reason_string[rc]);
csa_status = csa_status_string[rc];
- DEBUG(D_acl) debug_printf("CSA result %s\n", csa_status);
+ DEBUG(D_acl) debug_printf_indent("CSA result %s\n", csa_status);
return csa_return_code[rc];
case VERIFY_HDR_SYNTAX:
rc = sender_vaddr->special_action;
*basic_errno = sender_vaddr->basic_errno;
}
- HDEBUG(D_acl) debug_printf("using cached sender verify result\n");
+ HDEBUG(D_acl) debug_printf_indent("using cached sender verify result\n");
}
/* Do a new verification, and cache the result. The cache is used to avoid
rc = verify_address(sender_vaddr, NULL, verify_options, callout,
callout_overall, callout_connect, se_mailfrom, pm_mailfrom, &routed);
- HDEBUG(D_acl) debug_printf("----------- end verify ------------\n");
+ HDEBUG(D_acl) debug_printf_indent("----------- end verify ------------\n");
if (rc != OK)
*basic_errno = sender_vaddr->basic_errno;
DEBUG(D_acl)
{
if (Ustrcmp(sender_vaddr->address, verify_sender_address) != 0)
- debug_printf("sender %s verified ok as %s\n",
+ debug_printf_indent("sender %s verified ok as %s\n",
verify_sender_address, sender_vaddr->address);
else
- debug_printf("sender %s verified ok\n",
+ debug_printf_indent("sender %s verified ok\n",
verify_sender_address);
}
}
addr2 = *addr;
rc = verify_address(&addr2, NULL, verify_options|vopt_is_recipient, callout,
callout_overall, callout_connect, se_mailfrom, pm_mailfrom, NULL);
- HDEBUG(D_acl) debug_printf("----------- end verify ------------\n");
+ HDEBUG(D_acl) debug_printf_indent("----------- end verify ------------\n");
*basic_errno = addr2.basic_errno;
*log_msgptr = addr2.message;
if (rc == DEFER && (defer_ok ||
(callout_defer_ok && *basic_errno == ERRNO_CALLOUTDEFER)))
{
- HDEBUG(D_acl) debug_printf("verify defer overridden by %s\n",
+ HDEBUG(D_acl) debug_printf_indent("verify defer overridden by %s\n",
defer_ok? "defer_ok" : "callout_defer_ok");
rc = OK;
}
else if (strcmpic(ss, US"per_byte") == 0)
{
/* If we have not yet received the message data and there was no SIZE
- declaration on the MAIL comand, then it's safe to just use a value of
+ declaration on the MAIL command, then it's safe to just use a value of
zero and let the recorded rate decay as if nothing happened. */
RATE_SET(mode, PER_MAIL);
if (where > ACL_WHERE_NOTSMTP) badacl = TRUE;
key);
HDEBUG(D_acl)
- debug_printf("ratelimit condition count=%.0f %.1f/%s\n", count, limit, key);
+ debug_printf_indent("ratelimit condition count=%.0f %.1f/%s\n", count, limit, key);
/* See if we have already computed the rate by looking in the relevant tree.
For per-connection rate limiting, store tree nodes and dbdata in the permanent
store_pool = old_pool;
sender_rate = string_sprintf("%.1f", dbd->rate);
HDEBUG(D_acl)
- debug_printf("ratelimit found pre-computed rate %s\n", sender_rate);
+ debug_printf_indent("ratelimit found pre-computed rate %s\n", sender_rate);
return rc;
}
{
store_pool = old_pool;
sender_rate = NULL;
- HDEBUG(D_acl) debug_printf("ratelimit database not available\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit database not available\n");
*log_msgptr = US"ratelimit database not available";
return DEFER;
}
if (dbdb != NULL)
{
/* Locate the basic ratelimit block inside the DB data. */
- HDEBUG(D_acl) debug_printf("ratelimit found key in database\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit found key in database\n");
dbd = &dbdb->dbd;
/* Forget the old Bloom filter if it is too old, so that we count each
if(unique != NULL && tv.tv_sec > dbdb->bloom_epoch + period)
{
- HDEBUG(D_acl) debug_printf("ratelimit discarding old Bloom filter\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit discarding old Bloom filter\n");
dbdb = NULL;
}
if(unique != NULL && dbdb_size < sizeof(*dbdb))
{
- HDEBUG(D_acl) debug_printf("ratelimit discarding undersize Bloom filter\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit discarding undersize Bloom filter\n");
dbdb = NULL;
}
}
if (unique == NULL)
{
/* No Bloom filter. This basic ratelimit block is initialized below. */
- HDEBUG(D_acl) debug_printf("ratelimit creating new rate data block\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit creating new rate data block\n");
dbdb_size = sizeof(*dbd);
dbdb = store_get(dbdb_size);
}
else
{
int extra;
- HDEBUG(D_acl) debug_printf("ratelimit creating new Bloom filter\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit creating new Bloom filter\n");
/* See the long comment below for an explanation of the magic number 2.
The filter has a minimum size in case the rate limit is very small;
/* Scan the bits corresponding to this event. A zero bit means we have
not seen it before. Ensure all bits are set to record this event. */
- HDEBUG(D_acl) debug_printf("ratelimit checking uniqueness of %s\n", unique);
+ HDEBUG(D_acl) debug_printf_indent("ratelimit checking uniqueness of %s\n", unique);
seen = TRUE;
for (n = 0; n < 8; n++, hash += hinc)
if (seen)
{
- HDEBUG(D_acl) debug_printf("ratelimit event found in Bloom filter\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit event found in Bloom filter\n");
count = 0.0;
}
else
- HDEBUG(D_acl) debug_printf("ratelimit event added to Bloom filter\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit event added to Bloom filter\n");
}
/* If there was no previous ratelimit data block for this key, initialize
if (dbd == NULL)
{
- HDEBUG(D_acl) debug_printf("ratelimit initializing new key's rate data\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit initializing new key's rate data\n");
dbd = &dbdb->dbd;
dbd->time_stamp = tv.tv_sec;
dbd->time_usec = tv.tv_usec;
size of the event per the period size, ignoring the lack of events outside
the current period and regardless of where the event falls in the period. So,
if the interval was so long that the calculated rate is unhelpfully small, we
- re-intialize the rate. In the absence of higher-rate bursts, the condition
+ re-initialize the rate. In the absence of higher-rate bursts, the condition
below is true if the interval is greater than the period. */
if (dbd->rate < count) dbd->rate = count;
if ((rc == FAIL && leaky) || strict)
{
dbfn_write(dbm, key, dbdb, dbdb_size);
- HDEBUG(D_acl) debug_printf("ratelimit db updated\n");
+ HDEBUG(D_acl) debug_printf_indent("ratelimit db updated\n");
}
else
{
- HDEBUG(D_acl) debug_printf("ratelimit db not updated: %s\n",
+ HDEBUG(D_acl) debug_printf_indent("ratelimit db not updated: %s\n",
readonly? "readonly mode" : "over the limit, but leaky");
}
sender_rate = string_sprintf("%.1f", dbd->rate);
HDEBUG(D_acl)
- debug_printf("ratelimit computed rate %s\n", sender_rate);
+ debug_printf_indent("ratelimit computed rate %s\n", sender_rate);
return rc;
}
}
HDEBUG(D_acl)
- debug_printf("udpsend [%s]:%d %s\n", h->address, portnum, arg);
+ debug_printf_indent("udpsend [%s]:%d %s\n", h->address, portnum, arg);
r = s = ip_connectedsocket(SOCK_DGRAM, h->address, portnum, portnum,
1, NULL, &errstr);
}
HDEBUG(D_acl)
- debug_printf("udpsend %d bytes\n", r);
+ debug_printf_indent("udpsend %d bytes\n", r);
return OK;
if (cb->type == ACLC_MESSAGE)
{
- HDEBUG(D_acl) debug_printf(" message: %s\n", cb->arg);
+ HDEBUG(D_acl) debug_printf_indent(" message: %s\n", cb->arg);
user_message = cb->arg;
continue;
}
if (cb->type == ACLC_LOG_MESSAGE)
{
- HDEBUG(D_acl) debug_printf("l_message: %s\n", cb->arg);
+ HDEBUG(D_acl) debug_printf_indent("l_message: %s\n", cb->arg);
log_message = cb->arg;
continue;
}
of them, but not for all, because expansion happens down in some lower level
checking functions in some cases. */
- if (conditions[cb->type].expand_at_top)
+ if (!conditions[cb->type].expand_at_top)
+ arg = cb->arg;
+ else if (!(arg = expand_string(cb->arg)))
{
- arg = expand_string(cb->arg);
- if (arg == NULL)
- {
- if (expand_string_forcedfail) continue;
- *log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s",
- cb->arg, expand_string_message);
- return search_find_defer? DEFER : ERROR;
- }
+ if (expand_string_forcedfail) continue;
+ *log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s",
+ cb->arg, expand_string_message);
+ return search_find_defer ? DEFER : ERROR;
}
- else arg = cb->arg;
/* Show condition, and expanded condition if it's different */
HDEBUG(D_acl)
{
int lhswidth = 0;
- debug_printf("check %s%s %n",
+ debug_printf_indent("check %s%s %n",
(!conditions[cb->type].is_modifier && cb->u.negated)? "!":"",
conditions[cb->type].name, &lhswidth);
"discard" verb. */
case ACLC_ACL:
- rc = acl_check_wargs(where, addr, arg, level+1, user_msgptr, log_msgptr);
+ rc = acl_check_wargs(where, addr, arg, user_msgptr, log_msgptr);
if (rc == DISCARD && verb != ACL_ACCEPT && verb != ACL_DISCARD)
{
*log_msgptr = string_sprintf("nested ACL returned \"discard\" for "
if (af < 0)
{
HDEBUG(D_acl)
- debug_printf("smtp input is probably not a socket [%s], not setting DSCP\n",
+ debug_printf_indent("smtp input is probably not a socket [%s], not setting DSCP\n",
strerror(errno));
break;
}
{
if (setsockopt(fd, level, optname, &value, sizeof(value)) < 0)
{
- HDEBUG(D_acl) debug_printf("failed to set input DSCP[%s]: %s\n",
+ HDEBUG(D_acl) debug_printf_indent("failed to set input DSCP[%s]: %s\n",
p+1, strerror(errno));
}
else
{
- HDEBUG(D_acl) debug_printf("set input DSCP to \"%s\"\n", p+1);
+ HDEBUG(D_acl) debug_printf_indent("set input DSCP to \"%s\"\n", p+1);
}
}
else
#ifdef EXPERIMENTAL_DCC
case ACLC_DCC:
{
- /* Seperate the regular expression and any optional parameters. */
+ /* Separate the regular expression and any optional parameters. */
const uschar * list = arg;
uschar *ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size);
/* Run the dcc backend. */
rc = dcc_process(&ss);
- /* Modify return code based upon the existance of options. */
+ /* Modify return code based upon the existence of options. */
while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER)
rc = FAIL; /* FAIL so that the message is passed to the next ACL */
}
else
{
- HDEBUG(D_acl) debug_printf("delay modifier requests %d-second delay\n",
+ HDEBUG(D_acl) debug_printf_indent("delay modifier requests %d-second delay\n",
delay);
if (host_checking)
{
HDEBUG(D_acl)
- debug_printf("delay skipped in -bh checking mode\n");
+ debug_printf_indent("delay skipped in -bh checking mode\n");
}
/* NOTE 1: Remember that we may be
n = 1;
}
if (poll(&p, n, delay*1000) > 0)
- HDEBUG(D_acl) debug_printf("delay cancelled by peer close\n");
+ HDEBUG(D_acl) debug_printf_indent("delay cancelled by peer close\n");
}
#else
/* It appears to be impossible to detect that a TCP/IP connection has
#ifdef WITH_CONTENT_SCAN
case ACLC_SPAM:
{
- /* Seperate the regular expression and any optional parameters. */
+ /* Separate the regular expression and any optional parameters. */
const uschar * list = arg;
uschar *ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size);
/* Run the spam backend. */
rc = spam(CUSS &ss);
- /* Modify return code based upon the existance of options. */
+ /* Modify return code based upon the existence of options. */
while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))
!= NULL) {
if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER)
where where called from
addr address item when called from RCPT; otherwise NULL
s the input string; NULL is the same as an empty ACL => DENY
- level the nesting level
user_msgptr where to put a user error (for SMTP response)
log_msgptr where to put a logging message (not for SMTP response)
*/
static int
-acl_check_internal(int where, address_item *addr, uschar *s, int level,
+acl_check_internal(int where, address_item *addr, uschar *s,
uschar **user_msgptr, uschar **log_msgptr)
{
int fd = -1;
/* Catch configuration loops */
-if (level > 20)
+if (acl_level > 20)
{
*log_msgptr = US"ACL nested too deep: possible loop";
return ERROR;
}
-if (s == NULL)
+if (!s)
{
- HDEBUG(D_acl) debug_printf("ACL is NULL: implicit DENY\n");
+ HDEBUG(D_acl) debug_printf_indent("ACL is NULL: implicit DENY\n");
return FAIL;
}
/* At top level, we expand the incoming string. At lower levels, it has already
been expanded as part of condition processing. */
-if (level == 0)
+if (acl_level == 0)
{
- ss = expand_string(s);
- if (ss == NULL)
+ if (!(ss = expand_string(s)))
{
if (expand_string_forcedfail) return OK;
*log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s", s,
acl = (acl_block *)(t->data.ptr);
if (acl == NULL)
{
- HDEBUG(D_acl) debug_printf("ACL \"%s\" is empty: implicit DENY\n", ss);
+ HDEBUG(D_acl) debug_printf_indent("ACL \"%s\" is empty: implicit DENY\n", ss);
return FAIL;
}
acl_name = string_sprintf("ACL \"%s\"", ss);
- HDEBUG(D_acl) debug_printf("using ACL \"%s\"\n", ss);
+ HDEBUG(D_acl) debug_printf_indent("using ACL \"%s\"\n", ss);
}
else if (*ss == '/')
(void)close(fd);
acl_name = string_sprintf("ACL \"%s\"", ss);
- HDEBUG(D_acl) debug_printf("read ACL from file %s\n", ss);
+ HDEBUG(D_acl) debug_printf_indent("read ACL from file %s\n", ss);
}
}
int cond;
int basic_errno = 0;
BOOL endpass_seen = FALSE;
- BOOL acl_quit_check = level == 0
+ BOOL acl_quit_check = acl_level == 0
&& (where == ACL_WHERE_QUIT || where == ACL_WHERE_NOTQUIT);
*log_msgptr = *user_msgptr = NULL;
acl_temp_details = FALSE;
- HDEBUG(D_acl) debug_printf("processing \"%s\"\n", verbs[acl->verb]);
+ HDEBUG(D_acl) debug_printf_indent("processing \"%s\"\n", verbs[acl->verb]);
/* Clear out any search error message from a previous check before testing
this condition. */
search_error_message = NULL;
- cond = acl_check_condition(acl->verb, acl->condition, where, addr, level,
+ cond = acl_check_condition(acl->verb, acl->condition, where, addr, acl_level,
&endpass_seen, user_msgptr, log_msgptr, &basic_errno);
/* Handle special returns: DEFER causes a return except on a WARN verb;
switch (cond)
{
case DEFER:
- HDEBUG(D_acl) debug_printf("%s: condition test deferred in %s\n", verbs[acl->verb], acl_name);
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test deferred in %s\n", verbs[acl->verb], acl_name);
if (basic_errno != ERRNO_CALLOUTDEFER)
{
if (search_error_message != NULL && *search_error_message != 0)
default: /* Paranoia */
case ERROR:
- HDEBUG(D_acl) debug_printf("%s: condition test error in %s\n", verbs[acl->verb], acl_name);
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test error in %s\n", verbs[acl->verb], acl_name);
return ERROR;
case OK:
- HDEBUG(D_acl) debug_printf("%s: condition test succeeded in %s\n",
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test succeeded in %s\n",
verbs[acl->verb], acl_name);
break;
case FAIL:
- HDEBUG(D_acl) debug_printf("%s: condition test failed in %s\n", verbs[acl->verb], acl_name);
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test failed in %s\n", verbs[acl->verb], acl_name);
break;
/* DISCARD and DROP can happen only from a nested ACL condition, and
DISCARD can happen only for an "accept" or "discard" verb. */
case DISCARD:
- HDEBUG(D_acl) debug_printf("%s: condition test yielded \"discard\" in %s\n",
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test yielded \"discard\" in %s\n",
verbs[acl->verb], acl_name);
break;
case FAIL_DROP:
- HDEBUG(D_acl) debug_printf("%s: condition test yielded \"drop\" in %s\n",
+ HDEBUG(D_acl) debug_printf_indent("%s: condition test yielded \"drop\" in %s\n",
verbs[acl->verb], acl_name);
break;
}
case ACL_ACCEPT:
if (cond == OK || cond == DISCARD)
{
- HDEBUG(D_acl) debug_printf("end of %s: ACCEPT\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: ACCEPT\n", acl_name);
return cond;
}
if (endpass_seen)
{
- HDEBUG(D_acl) debug_printf("accept: endpass encountered - denying access\n");
+ HDEBUG(D_acl) debug_printf_indent("accept: endpass encountered - denying access\n");
return cond;
}
break;
case ACL_DEFER:
if (cond == OK)
{
- HDEBUG(D_acl) debug_printf("end of %s: DEFER\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: DEFER\n", acl_name);
if (acl_quit_check) goto badquit;
acl_temp_details = TRUE;
return DEFER;
case ACL_DENY:
if (cond == OK)
{
- HDEBUG(D_acl) debug_printf("end of %s: DENY\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: DENY\n", acl_name);
if (acl_quit_check) goto badquit;
return FAIL;
}
case ACL_DISCARD:
if (cond == OK || cond == DISCARD)
{
- HDEBUG(D_acl) debug_printf("end of %s: DISCARD\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: DISCARD\n", acl_name);
if (acl_quit_check) goto badquit;
return DISCARD;
}
if (endpass_seen)
{
- HDEBUG(D_acl) debug_printf("discard: endpass encountered - denying access\n");
+ HDEBUG(D_acl) debug_printf_indent("discard: endpass encountered - denying access\n");
return cond;
}
break;
case ACL_DROP:
if (cond == OK)
{
- HDEBUG(D_acl) debug_printf("end of %s: DROP\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: DROP\n", acl_name);
if (acl_quit_check) goto badquit;
return FAIL_DROP;
}
case ACL_REQUIRE:
if (cond != OK)
{
- HDEBUG(D_acl) debug_printf("end of %s: not OK\n", acl_name);
+ HDEBUG(D_acl) debug_printf_indent("end of %s: not OK\n", acl_name);
if (acl_quit_check) goto badquit;
return cond;
}
/* We have reached the end of the ACL. This is an implicit DENY. */
-HDEBUG(D_acl) debug_printf("end of %s: implicit DENY\n", acl_name);
+HDEBUG(D_acl) debug_printf_indent("end of %s: implicit DENY\n", acl_name);
return FAIL;
badquit:
- *log_msgptr = string_sprintf("QUIT or not-QUIT teplevel ACL may not fail "
+ *log_msgptr = string_sprintf("QUIT or not-QUIT toplevel ACL may not fail "
"('%s' verb used incorrectly)", verbs[acl->verb]);
return ERROR;
}
the name of an ACL followed optionally by up to 9 space-separated arguments.
The name and args are separately expanded. Args go into $acl_arg globals. */
static int
-acl_check_wargs(int where, address_item *addr, const uschar *s, int level,
+acl_check_wargs(int where, address_item *addr, const uschar *s,
uschar **user_msgptr, uschar **log_msgptr)
{
uschar * tmp;
acl_arg[i++] = NULL;
}
-ret = acl_check_internal(where, addr, name, level, user_msgptr, log_msgptr);
+acl_level++;
+ret = acl_check_internal(where, addr, name, user_msgptr, log_msgptr);
+acl_level--;
acl_narg = sav_narg;
for (i = 0; i < 9; i++) acl_arg[i] = sav_arg[i];
{
address_item adb;
address_item *addr = NULL;
+int rc;
*user_msgptr = *log_msgptr = NULL;
sender_verified_failed = NULL;
addr->lc_local_part = deliver_localpart;
}
-return acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr);
+acl_level++;
+rc = acl_check_internal(where, addr, s, user_msgptr, log_msgptr);
+acl_level--;
+return rc;
}
}
acl_where = where;
-rc = acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr);
+acl_level = 0;
+rc = acl_check_internal(where, addr, s, user_msgptr, log_msgptr);
+acl_level = 0;
acl_where = ACL_WHERE_UNKNOWN;
/* Cutthrough - if requested,
if (*--s && isdigit(*s) && *--s && isdigit(*s)) *user_msgptr = s;
acl_temp_details = TRUE;
}
- else
+ else
{
- HDEBUG(D_acl) debug_printf("cutthrough defer; will spool\n");
+ HDEBUG(D_acl) debug_printf_indent("cutthrough defer; will spool\n");
rc = OK;
}
break;
*/
tree_node *
-acl_var_create(uschar *name)
+acl_var_create(uschar * name)
{
-tree_node *node, **root;
-root = (name[0] == 'c')? &acl_var_c : &acl_var_m;
-node = tree_search(*root, name);
-if (node == NULL)
+tree_node * node, ** root = name[0] == 'c' ? &acl_var_c : &acl_var_m;
+if (!(node = tree_search(*root, name)))
{
node = store_get(sizeof(tree_node) + Ustrlen(name));
Ustrcpy(node->name, name);
int auth_cram_md5_options_count =
sizeof(auth_cram_md5_options)/sizeof(optionlist);
-/* Default private options block for the contidion authentication method. */
+/* Default private options block for the condition authentication method. */
auth_cram_md5_options_block auth_cram_md5_option_defaults = {
NULL, /* server_secret */
/*************************************************
-* Peform the CRAM-MD5 algorithm *
+* Perform the CRAM-MD5 algorithm *
*************************************************/
/* The CRAM-MD5 algorithm is described in RFC 2195. It computes
uschar digest[16];
/* If expansion of either the secret or the user name failed, return CANCELLED
-or ERROR, as approriate. */
+or ERROR, as appropriate. */
if (!secret || !name)
{
int c;
int p = 0;
smtp_printf("334 %s\r\n", b64encode(challenge, challen));
-while ((c = receive_getc()) != '\n' && c != EOF)
+while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF)
{
if (p >= big_buffer_size - 1) return BAD64;
big_buffer[p++] = c;
int c;
int p = 0;
smtp_printf("334 %s\r\n", challenge);
-while ((c = receive_getc()) != '\n' && c != EOF)
+while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF)
{
if (p >= big_buffer_size - 1) return BAD64;
big_buffer[p++] = c;
/* Some auth mechanisms can ensure that both sides are talking withing the
same security context; for TLS, this means that even if a bad certificate
has been accepted, they remain MitM-proof because both sides must be within
- the same negotiated session; if someone is terminating one sesson and
+ the same negotiated session; if someone is terminating one session and
proxying data on within a second, authentication will fail.
We might not have this available, depending upon TLS implementation,
}
/* The first string is attached to the AUTH command; others are sent
- unembelished. */
+ unembellished. */
if (first)
{
int auth_spa_options_count =
sizeof(auth_spa_options)/sizeof(optionlist);
-/* Default private options block for the contidion authentication method. */
+/* Default private options block for the condition authentication method. */
auth_spa_options_block auth_spa_option_defaults = {
NULL, /* spa_password */
/* Child process: make the reading end of the pipe into the standard input and
close the writing end. If debugging, pass debug_fd as stderr. Then re-exec
-Exim with appropriat options. In the test harness, use -odi unless queue_only
+Exim with appropriate options. In the test harness, use -odi unless queue_only
is set, so that the bounce is fully delivered before returning. Failure is
signalled with EX_EXECFAILED (specified by CEE_EXEC_EXIT), but this shouldn't
occur. */
# libraries that Exim uses (e.g. LDAP) depend on specific environment settings.
# There are two lists: keep_environment for the variables we trust, and
# add_environment for variables we want to set to a specific value.
-# Note that TZ is handled separateley by the timezone runtime option
+# Note that TZ is handled separately by the timezone runtime option
# and TIMEZONE_DEFAULT buildtime option.
# keep_environment = ^LDAP
-#! PERL_COMMAND -w
+#! PERL_COMMAND
# This is a Perl script that reads an Exim run-time configuration file and
# checks for settings that were valid prior to release 3.00 but which were
# It is assumed that the input is a valid Exim configuration file.
+use warnings;
+BEGIN { pop @INC if $INC[-1] eq '.' };
##################################################
# Analyse one line #
-#! PERL_COMMAND -w
+#! PERL_COMMAND
# This is a Perl script that reads an Exim run-time configuration file for
# Exim 3. It makes what changes it can for Exim 4, and also output commentary
# It is assumed that the input is a valid Exim 3 configuration file.
+use warnings;
+BEGIN { pop @INC if $INC[-1] eq '.' };
# These are lists of main options which are abolished in Exim 4.
# The first contains options that are used to construct new options.
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions concerned with running Exim as a daemon */
} smtp_slot;
/* An empty slot for initializing (Standard C does not allow constructor
-expressions in assigments except as initializers in declarations). */
+expressions in assignments except as initializers in declarations). */
static smtp_slot empty_smtp_slot = { 0, NULL };
int other_host_count = 0; /* keep a count of non matches to optimise */
for (i = 0; i < smtp_accept_max; ++i)
- if (smtp_slots[i].host_address != NULL)
+ if (smtp_slots[i].host_address)
{
if (Ustrcmp(sender_host_address, smtp_slots[i].host_address) == 0)
host_accept_count++;
DEBUG(D_receive)
{
int i;
- if (sender_address != NULL)
+ if (sender_address)
debug_printf("Sender: %s\n", sender_address);
- if (recipients_list != NULL)
+ if (recipients_list)
{
debug_printf("Recipients:\n");
for (i = 0; i < recipients_count; i++)
/* Reclaim up the store used in accepting this message */
+ return_path = sender_address = NULL;
+ authenticated_sender = NULL;
+ sending_ip_address = NULL;
+ deliver_host_address = deliver_host =
+ deliver_domain_orig = deliver_localpart_orig = NULL;
+ dnslist_domain = dnslist_matched = NULL;
+ callout_address = NULL;
+#ifndef DISABLE_DKIM
+ dkim_cur_signer = NULL;
+#endif
+ acl_var_m = NULL;
store_reset(reset_point);
/* If queue_only is set or if there are too many incoming connections in
the incoming host address and an expanded active_hostname. */
log_close_all();
+interface_address =
+sender_host_address = NULL;
store_reset(reset_point);
sender_host_address = NULL;
}
/* If it's a listening daemon for which we are keeping track of individual
subprocesses, deal with an accepting process that has terminated. */
- if (smtp_slots != NULL)
+ if (smtp_slots)
{
for (i = 0; i < smtp_accept_max; i++)
- {
if (smtp_slots[i].pid == pid)
{
- if (smtp_slots[i].host_address != NULL)
+ if (smtp_slots[i].host_address)
store_free(smtp_slots[i].host_address);
smtp_slots[i] = empty_smtp_slot;
if (--smtp_accept_count < 0) smtp_accept_count = 0;
smtp_accept_count, (smtp_accept_count == 1)? "" : "es");
break;
}
- }
if (i < smtp_accept_max) continue; /* Found an accepting process */
}
}
/* Create a list of default SMTP ports, to be used if local_interfaces
- contains entries without explict ports. First count the number of ports, then
+ contains entries without explicit ports. First count the number of ports, then
build a translated list in a vector. */
list = daemon_smtp_port;
necessary for (some release of) USAGI Linux; other IP stacks fail at the
listen() stage instead. */
+#ifdef TCP_FASTOPEN
+ tcp_fastopen_ok = TRUE;
+#endif
for(;;)
{
uschar *msg, *addr;
#ifdef TCP_FASTOPEN
if (setsockopt(listen_sockets[sk], IPPROTO_TCP, TCP_FASTOPEN,
&smtp_connect_backlog, sizeof(smtp_connect_backlog)))
+ {
DEBUG(D_any) debug_printf("setsockopt FASTOPEN: %s\n", strerror(errno));
+ tcp_fastopen_ok = FALSE;
+ }
#endif
/* Start listening on the bound socket, establishing the maximum backlog of
}
else if (ipa->address[0] == 0)
(void)sprintf(CS p, " port %d (IPv4)", ipa->port);
+ else if ( i > 0
+ && host_is_tls_on_connect_port(ipa[-1].port) == (j > 0)
+ && Ustrcmp(ipa->address, ipa[-1].address) == 0
+ )
+ {
+ if (p[-1] == '}') p--;
+ while (isdigit(*--p)) ;
+ (void)sprintf(CS p+1, "%s%d,%d}", *p == ',' ? "" : "{",
+ ipa[-1].port, ipa->port);
+ }
else
(void)sprintf(CS p, " [%s]:%d", ipa->address, ipa->port);
while (*p != 0) p++;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
# define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
# define EXIM_HAVE_ASN1_MACROS
# define EXIM_OPAQUE_X509
#else
/*
* If the TA certificate is self-issued, or need not be, use it directly.
- * Otherwise, synthesize requisuite ancestors.
+ * Otherwise, synthesize requisite ancestors.
*/
if ( !wrap_to_root
|| X509_check_issued(tacert, tacert) == X509_V_OK)
{
if (grow_chain(dane, UNTRUSTED, ca))
{
- if (!X509_check_issued(ca, ca) == X509_V_OK)
+ if (X509_check_issued(ca, ca) != X509_V_OK)
{
/* Restart with issuer as subject */
cert = ca;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static void
run_once(volatile int * once, void (*init)(void))
{
/* DNSSEC support is also required */
# ifndef RES_USE_DNSSEC
-# error DANE support requires that the DNS reolver library supports DNSSEC
+# error DANE support requires that the DNS resolver library supports DNSSEC
# endif
# ifdef USE_GNUTLS
Originally, there was only one structure, used for both types. However, it got
expanded for domain records, so it got split. To make it possible for Exim to
handle the old type of record, we retain the old definition. The different
-kinds of record can be distinguised by their different lengths. */
+kinds of record can be distinguished by their different lengths. */
typedef struct {
time_t time_stamp;
}
}
- /* a blank line seperates header from body */
+ /* a blank line separates header from body */
Ustrncat(sendbuf, "\n", sizeof(sendbuf)-Ustrlen(sendbuf)-1);
flushbuffer(sockfd, sendbuf);
DEBUG(D_acl)
Arguments:
p tree node
- pos amount of indenting & vertical bars to pring
+ pos amount of indenting & vertical bars to print
barswitch if TRUE print | at the pos value
Returns: nothing
*************************************************/
/* There are two entries, one for use when being called directly from a
-function with a variable argument list.
+function with a variable argument list, one for prepending an indent.
If debug_pid is nonzero, print the pid at the start of each line. This is for
tidier output when running parallel remote deliveries with debugging turned on.
Must do the whole thing with a single printf and flush, as otherwise output may
get interleaved. Since some calls to debug_printf() don't end with newline,
-we save up the text until we do get the newline. */
+we save up the text until we do get the newline.
+Take care to not disturb errno. */
+
+
+/* Debug printf indented by ACL nest depth */
+void
+debug_printf_indent(const char * format, ...)
+{
+va_list ap;
+va_start(ap, format);
+debug_vprintf(acl_level + expand_level, format, ap);
+va_end(ap);
+}
void
debug_printf(const char *format, ...)
{
va_list ap;
va_start(ap, format);
-debug_vprintf(format, ap);
+debug_vprintf(0, format, ap);
va_end(ap);
}
void
-debug_vprintf(const char *format, va_list ap)
+debug_vprintf(int indent, const char *format, va_list ap)
{
-if (debug_file == NULL) return;
+int save_errno = errno;
+
+if (!debug_file) return;
/* Various things can be inserted at the start of a line. Don't use the
tod_stamp() function for the timestamp, because that will overwrite the
debug_prefix_length = debug_ptr - debug_buffer;
}
+if (indent > 0)
+ {
+ int i;
+ for (i = indent >> 2; i > 0; i--)
+ {
+ Ustrcpy(debug_ptr, " " UTF8_VERT_2DASH);
+ debug_ptr += 6; /* 3 spaces + 3 UTF-8 octets */
+ debug_prefix_length += 6;
+ }
+ Ustrncpy(debug_ptr, " ", indent &= 3);
+ debug_ptr += indent;
+ debug_prefix_length += indent;
+ }
+
/* Use the checked formatting routine to ensure that the buffer
does not overflow. Ensure there's space for a newline at the end. */
debug_ptr = debug_buffer;
debug_prefix_length = 0;
}
+errno = save_errno;
}
/* End of debug.c */
while (addr->parent)
{
addr = addr->parent;
- if ((addr->child_count -= 1) > 0) return; /* Incomplete parent */
+ if (--addr->child_count > 0) return; /* Incomplete parent */
address_done(addr, now);
/* Log the completion of all descendents only when there is no ancestor with
/* We start with just the local part for pipe, file, and reply deliveries, and
for successful local deliveries from routers that have the log_as_local flag
set. File deliveries from filters can be specified as non-absolute paths in
-cases where the transport is goin to complete the path. If there is an error
+cases where the transport is going to complete the path. If there is an error
before this happens (expansion failure) the local part will not be updated, and
so won't necessarily look like a path. Add extra text for this case. */
addr3 = store_get(sizeof(address_item));
*addr3 = *addr2;
addr3->next = NULL;
- addr3->shadow_message = (uschar *) &(addr2->shadow_message);
+ addr3->shadow_message = US &addr2->shadow_message;
addr3->transport = stp;
addr3->transport_return = DEFER;
addr3->return_filename = NULL;
addr3->return_file = -1;
*last = addr3;
- last = &(addr3->next);
+ last = &addr3->next;
}
/* If we found any addresses to shadow, run the delivery, and stick any
uschar *ptr = endptr;
uschar *msg = p->msg;
BOOL done = p->done;
-BOOL unfinished = TRUE;
+BOOL finished = FALSE;
/* minimum size to read is header size including id, subid and length */
int required = PIPE_HEADER_SIZE;
There will be only one read if we get all the available data (i.e. don't
fill the buffer completely). */
- if (remaining < required && unfinished)
+ if (remaining < required && !finished)
{
int len;
int available = big_buffer_size - remaining;
/* If the length is zero (eof or no-more-data), just process what we
already have. Note that if the process is still running and we have
read all the data in the pipe (but less that "available") then we
- won't read any more, as "unfinished" will get set FALSE. */
+ won't read any more, as "finished" will get set. */
endptr += len;
remaining += len;
- unfinished = len == available;
+ finished = len != available;
}
/* If we are at the end of the available data, exit the loop. */
}
DEBUG(D_deliver)
- debug_printf("header read id:%c,subid:%c,size:%s,required:%d,remaining:%d,unfinished:%d\n",
- id, subid, header+2, required, remaining, unfinished);
+ debug_printf("header read id:%c,subid:%c,size:%s,required:%d,remaining:%d,finished:%d\n",
+ id, subid, header+2, required, remaining, finished);
/* is there room for the dataset we want to read ? */
if (required > big_buffer_size - PIPE_HEADER_SIZE)
break;
}
- /* we wrote all datasets with atomic write() calls
- remaining < required only happens if big_buffer was too small
- to get all available data from pipe. unfinished has to be true
- as well. */
+ /* We wrote all datasets with atomic write() calls. Remaining < required only
+ happens if big_buffer was too small to get all available data from pipe;
+ finished has to be false as well. */
+
if (remaining < required)
{
- if (unfinished)
+ if (!finished)
continue;
msg = string_sprintf("failed to read pipe from transport process "
- "%d for transport %s: required size=%d > remaining size=%d and unfinished=false",
+ "%d for transport %s: required size=%d > remaining size=%d and finished=true",
pid, addr->transport->driver_name, required, remaining);
done = TRUE;
break;
}
- /* step behind the header */
+ /* Step past the header */
ptr += PIPE_HEADER_SIZE;
/* Handle each possible type of item, assuming the complete item is
{
#ifdef SUPPORT_SOCKS
case '2': /* proxy information; must arrive before A0 and applies to that addr XXX oops*/
- proxy_session = TRUE; /*XXX shouod this be cleared somewhere? */
+ proxy_session = TRUE; /*XXX should this be cleared somewhere? */
if (*ptr == 0)
ptr++;
else
) )
&& ( !multi_domain
|| ( (
- !tp->expand_multi_domain || (deliver_set_expansions(next), 1),
+ (void)(!tp->expand_multi_domain || ((void)deliver_set_expansions(next), 1)),
exp_bool(addr,
US"transport", next->transport->name, D_transport,
US"multi_domain", next->transport->multi_domain,
}
/* Now fork a subprocess to do the remote delivery, but before doing so,
- ensure that any cached resourses are released so as not to interfere with
+ ensure that any cached resources are released so as not to interfere with
what happens in the subprocess. */
search_tidyup();
address_item *new_parent = store_get(sizeof(address_item));
*new_parent = *addr;
addr->parent = new_parent;
+ new_parent->child_count = 1;
addr->address = new_address;
addr->unique = string_copy(new_address);
addr->domain = deliver_domain;
while (p)
{
- if (parent->child_count == SHRT_MAX)
+ if (parent->child_count == USHRT_MAX)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "system filter generated more "
- "than %d delivery addresses", SHRT_MAX);
+ "than %d delivery addresses", USHRT_MAX);
parent->child_count++;
p->parent = parent;
)
{
/* copy and relink address_item and send report with all of them at once later */
- address_item *addr_next;
- addr_next = addr_senddsn;
+ address_item * addr_next = addr_senddsn;
addr_senddsn = store_get(sizeof(address_item));
- memcpy(addr_senddsn, addr_dsntmp, sizeof(address_item));
+ *addr_senddsn = *addr_dsntmp;
addr_senddsn->next = addr_next;
}
else
/* Otherwise, handle the sending of a message. Find the error address for
the first address, then send a message that includes all failed addresses
that have the same error address. Note the bounce_recipient is a global so
- that it can be accesssed by $bounce_recipient while creating a customized
+ that it can be accessed by $bounce_recipient while creating a customized
error message. */
else
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", fname,
strerror(errno));
- /* Move the message off the spool if reqested */
+ /* Move the message off the spool if requested */
#ifdef SUPPORT_MOVE_FROZEN_MESSAGES
if (deliver_freeze && move_frozen_messages)
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge, 1995 - 2016 */
+/* Copyright (c) University of Cambridge, 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Code for DKIM support. Other DKIM relevant code is in
pdkim_ctx *dkim_verify_ctx = NULL;
pdkim_signature *dkim_signatures = NULL;
pdkim_signature *dkim_cur_sig = NULL;
+static const uschar * dkim_collect_error = NULL;
static int
dkim_exim_query_dns_txt(char *name, char *answer)
dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing);
dkim_collect_input = !!dkim_verify_ctx;
+dkim_collect_error = NULL;
/* Start feed up with any cached data */
receive_get_cache();
if ( dkim_collect_input
&& (rc = pdkim_feed(dkim_verify_ctx, CS data, len)) != PDKIM_OK)
{
+ dkim_collect_error = pdkim_errstr(rc);
log_write(0, LOG_MAIN,
- "DKIM: validation error: %.100s", pdkim_errstr(rc));
+ "DKIM: validation error: %.100s", dkim_collect_error);
dkim_collect_input = FALSE;
}
store_pool = dkim_verify_oldpool;
void
dkim_exim_verify_finish(void)
{
-pdkim_signature *sig = NULL;
-int dkim_signers_size = 0;
-int dkim_signers_ptr = 0;
-dkim_signers = NULL;
-int rc;
+pdkim_signature * sig = NULL;
+int dkim_signers_size = 0, dkim_signers_ptr = 0, rc;
+const uschar * errstr;
store_pool = POOL_PERM;
/* Delete eventual previous signature chain */
+dkim_signers = NULL;
dkim_signatures = NULL;
-/* If we have arrived here with dkim_collect_input == FALSE, it
-means there was a processing error somewhere along the way.
-Log the incident and disable futher verification. */
-
-if (!dkim_collect_input)
+if (dkim_collect_error)
{
log_write(0, LOG_MAIN,
- "DKIM: Error while running this message through validation,"
- " disabling signature verification.");
+ "DKIM: Error during validation, disabling signature verification: %.100s",
+ dkim_collect_error);
dkim_disable_verify = TRUE;
goto out;
}
/* Finish DKIM operation and fetch link to signatures chain */
-if ((rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures)) != PDKIM_OK)
+rc = pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures, &errstr);
+if (rc != PDKIM_OK)
{
- log_write(0, LOG_MAIN,
- "DKIM: validation error: %.100s", pdkim_errstr(rc));
+ log_write(0, LOG_MAIN, "DKIM: validation error: %.100s%s%s", pdkim_errstr(rc),
+ errstr ? ": " : "", errstr ? errstr : US"");
goto out;
}
for (sig = dkim_signatures; sig; sig = sig->next)
{
- int size = 0;
- int ptr = 0;
+ int size = 0, ptr = 0;
+ uschar * logmsg = NULL, * s;
/* Log a line for each signature */
- uschar *logmsg = string_append(NULL, &size, &ptr, 5,
- string_sprintf("d=%s s=%s c=%s/%s a=%s b=%d ",
- sig->domain,
- sig->selector,
- sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
- sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
- sig->algo == PDKIM_ALGO_RSA_SHA256
- ? "rsa-sha256"
- : sig->algo == PDKIM_ALGO_RSA_SHA1 ? "rsa-sha1" : "err",
- (int)sig->sigdata.len > -1 ? sig->sigdata.len * 8 : 0
- ),
-
- sig->identity ? string_sprintf("i=%s ", sig->identity) : US"",
- sig->created > 0 ? string_sprintf("t=%lu ", sig->created) : US"",
- sig->expires > 0 ? string_sprintf("x=%lu ", sig->expires) : US"",
- sig->bodylength > -1 ? string_sprintf("l=%lu ", sig->bodylength) : US""
- );
+ if (!(s = sig->domain)) s = US"<UNSET>";
+ logmsg = string_append(logmsg, &size, &ptr, 2, "d=", s);
+ if (!(s = sig->selector)) s = US"<UNSET>";
+ logmsg = string_append(logmsg, &size, &ptr, 2, " s=", s);
+ logmsg = string_append(logmsg, &size, &ptr, 7,
+ " c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
+ "/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
+ " a=", sig->algo == PDKIM_ALGO_RSA_SHA256
+ ? "rsa-sha256"
+ : sig->algo == PDKIM_ALGO_RSA_SHA1 ? "rsa-sha1" : "err",
+ string_sprintf(" b=%d",
+ (int)sig->sighash.len > -1 ? sig->sighash.len * 8 : 0));
+ if ((s= sig->identity)) string_append(logmsg, &size, &ptr, 2, " i=", s);
+ if (sig->created > 0) string_append(logmsg, &size, &ptr, 1,
+ string_sprintf(" t=%lu", sig->created));
+ if (sig->expires > 0) string_append(logmsg, &size, &ptr, 1,
+ string_sprintf(" x=%lu", sig->expires));
+ if (sig->bodylength > -1) string_append(logmsg, &size, &ptr, 1,
+ string_sprintf(" l=%lu", sig->bodylength));
switch (sig->verify_status)
{
case PDKIM_VERIFY_NONE:
- logmsg = string_append(logmsg, &size, &ptr, 1, "[not verified]");
+ logmsg = string_append(logmsg, &size, &ptr, 1, " [not verified]");
break;
case PDKIM_VERIFY_INVALID:
- logmsg = string_append(logmsg, &size, &ptr, 1, "[invalid - ");
+ logmsg = string_append(logmsg, &size, &ptr, 1, " [invalid - ");
switch (sig->verify_ext_status)
{
case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE:
case PDKIM_VERIFY_FAIL:
logmsg =
- string_append(logmsg, &size, &ptr, 1, "[verification failed - ");
+ string_append(logmsg, &size, &ptr, 1, " [verification failed - ");
switch (sig->verify_ext_status)
{
case PDKIM_VERIFY_FAIL_BODY:
case PDKIM_VERIFY_PASS:
logmsg =
- string_append(logmsg, &size, &ptr, 1, "[verification succeeded]");
+ string_append(logmsg, &size, &ptr, 1, " [verification succeeded]");
break;
}
/* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */
- dkim_signers = string_append(dkim_signers,
- &dkim_signers_size,
- &dkim_signers_ptr, 2, sig->domain, ":");
+ if (sig->domain)
+ dkim_signers = string_append_listele(dkim_signers, ':', sig->domain);
if (sig->identity)
- dkim_signers = string_append(dkim_signers,
- &dkim_signers_size,
- &dkim_signers_ptr, 2, sig->identity, ":");
+ dkim_signers = string_append_listele(dkim_signers, ':', sig->identity);
/* Process next signature */
}
-/* NULL-terminate and chop the last colon from the domain list */
-
-if (dkim_signers)
- {
- dkim_signers[dkim_signers_ptr] = '\0';
- if (Ustrlen(dkim_signers) > 0)
- dkim_signers[Ustrlen(dkim_signers) - 1] = '\0';
- }
-
out:
store_pool = dkim_verify_oldpool;
}
dkim_signing_domain = US sig->domain;
dkim_signing_selector = US sig->selector;
- dkim_key_length = sig->sigdata.len * 8;
+ dkim_key_length = sig->sighash.len * 8;
return;
}
}
uschar *
-dkim_exim_sign(int dkim_fd, struct ob_dkim * dkim)
+dkim_exim_sign(int dkim_fd, struct ob_dkim * dkim, const uschar ** errstr)
{
const uschar * dkim_domain;
int sep = 0;
if (dkim_private_key_expanded[0] == '/')
{
- int privkey_fd = 0;
+ int privkey_fd, off = 0, len;
/* Looks like a filename, load the private key. */
goto bad;
}
- if (read(privkey_fd, big_buffer, big_buffer_size - 2) < 0)
+ do
{
- log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s",
- dkim_private_key_expanded);
- goto bad;
+ if ((len = read(privkey_fd, big_buffer + off, big_buffer_size - 2 - off)) < 0)
+ {
+ (void) close(privkey_fd);
+ log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s",
+ dkim_private_key_expanded);
+ goto bad;
+ }
+ off += len;
}
+ while (len > 0);
(void) close(privkey_fd);
+ big_buffer[off] = '\0';
dkim_private_key_expanded = big_buffer;
}
- ctx = pdkim_init_sign( CS dkim_signing_domain,
- CS dkim_signing_selector,
- CS dkim_private_key_expanded,
- PDKIM_ALGO_RSA_SHA256,
- dkim->dot_stuffed);
+ if (!(ctx = pdkim_init_sign(CS dkim_signing_domain,
+ CS dkim_signing_selector,
+ CS dkim_private_key_expanded,
+ PDKIM_ALGO_RSA_SHA256,
+ dkim->dot_stuffed,
+ &dkim_exim_query_dns_txt,
+ errstr
+ )))
+ goto bad;
dkim_private_key_expanded[0] = '\0';
pdkim_set_optional(ctx,
CS dkim_sign_headers_expanded,
goto bad;
}
- if ((pdkim_rc = pdkim_feed_finish(ctx, &signature)) != PDKIM_OK)
+ if ((pdkim_rc = pdkim_feed_finish(ctx, &signature, errstr)) != PDKIM_OK)
goto pk_bad;
sigbuf = string_append(sigbuf, &sigsize, &sigptr, 2,
/* See the file NOTICE for conditions of use and distribution. */
void dkim_exim_init(void);
-uschar *dkim_exim_sign(int, struct ob_dkim *);
+uschar *dkim_exim_sign(int, struct ob_dkim *, const uschar **);
void dkim_exim_verify_init(BOOL);
void dkim_exim_verify_feed(uschar *, int);
void dkim_exim_verify_finish(void);
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions for interfacing with the DNS. */
Arguments:
dnsa pointer to dns answer block
dnss pointer to dns scan block
- reset option specifing what portion to scan, as described above
+ reset option specifying what portion to scan, as described above
Returns: next dns record, or NULL when no more
*/
if (reset != RESET_NEXT)
{
- TRACE debug_printf("%s: reset\n", __FUNCTION__);
dnss->rrcount = ntohs(h->qdcount);
+ TRACE debug_printf("%s: reset (Q rrcount %d)\n", __FUNCTION__, dnss->rrcount);
dnss->aptr = dnsa->answer + sizeof(HEADER);
/* Skip over questions; failure to expand the name just gives up */
/* Get the number of answer records. */
dnss->rrcount = ntohs(h->ancount);
+ TRACE debug_printf("%s: reset (A rrcount %d)\n", __FUNCTION__, dnss->rrcount);
/* Skip over answers if we want to look at the authority section. Also skip
the NS records (i.e. authority section) if wanting to look at the additional
{
TRACE debug_printf("%s: additional\n", __FUNCTION__);
dnss->rrcount += ntohs(h->nscount);
+ TRACE debug_printf("%s: reset (NS rrcount %d)\n", __FUNCTION__, dnss->rrcount);
}
if (reset == RESET_AUTHORITY || reset == RESET_ADDITIONAL)
}
dnss->rrcount = reset == RESET_AUTHORITY
? ntohs(h->nscount) : ntohs(h->arcount);
+ TRACE debug_printf("%s: reset (%s rrcount %d)\n", __FUNCTION__,
+ reset == RESET_AUTHORITY ? "NS" : "AR", dnss->rrcount);
}
TRACE debug_printf("%s: %d RRs to read\n", __FUNCTION__, dnss->rrcount);
}
return &dnss->srr;
null_return:
- TRACE debug_printf("%s: terminate (%d RRs left). Last op: %s\n",
- __FUNCTION__, dnss->rrcount, trace);
+ TRACE debug_printf("%s: terminate (%d RRs left). Last op: %s; errno %d %s\n",
+ __FUNCTION__, dnss->rrcount, trace, errno, strerror(errno));
dnss->rrcount = 0;
return NULL;
}
/* Extract the AUTHORITY information from the answer. If the answer isn't
-authoritive (AA not set), we do not extract anything.
+authoritative (AA not set), we do not extract anything.
-The AUTHORITIVE section contains NS records if the name in question was found,
+The AUTHORITY section contains NS records if the name in question was found,
it contains a SOA record otherwise. (This is just from experience and some
tests, is there some spec?)
/* We do not perform DNSSEC work ourselves; if the administrator has installed
a verifying resolver which sets AD as appropriate, though, we'll use that.
-(AD = Authentic Data, AA = Authoritive Answer)
+(AD = Authentic Data, AA = Authoritative Answer)
Argument: pointer to dns answer block
Returns: bool indicating presence of AD bit
if (h->ad) return TRUE;
-/* If the resolver we ask is authoritive for the domain in question, it
+/* If the resolver we ask is authoritative for the domain in question, it
* may not set the AD but the AA bit. If we explicitly trust
* the resolver for that domain (via a domainlist in dns_trust_aa),
* we return TRUE to indicate a secure answer.
/************************************************
* Check whether the AA bit is set *
* We need this to warn if we requested AD *
- * from an authoritive server *
+ * from an authoritative server *
************************************************/
BOOL
/* Call the resolver to look up the given domain name, using the given type,
and check the result. The error code TRY_AGAIN is documented as meaning "non-
-Authoritive Host not found, or SERVERFAIL". Sometimes there are badly set
+Authoritative Host not found, or SERVERFAIL". Sometimes there are badly set
up nameservers that produce this error continually, so there is the option of
providing a list of domains for which this is treated as a non-existent
host.
}
#endif
-/* If configured, check the hygene of the name passed to lookup. Otherwise,
+/* If configured, check the hygiene of the name passed to lookup. Otherwise,
although DNS lookups may give REFUSED at the lower level, some resolvers
turn this into TRY_AGAIN, which is silly. Give a NOMATCH return, since such
domains cannot be in the DNS. The check is now done by a regular expression;
}
if (pcre_exec(regex_check_dns_names, NULL, CCS checkname, Ustrlen(checkname),
- 0, PCRE_EOPT, ovector, sizeof(ovector)/sizeof(int)) < 0)
+ 0, PCRE_EOPT, ovector, nelem(ovector)) < 0)
{
DEBUG(D_dns)
debug_printf("DNS name syntax check failed: %s (%s)\n", name,
domains, and interfaces to a fake nameserver for certain special zones. */
dnsa->answerlen = running_in_test_harness
- ? fakens_search(name, type, dnsa->answer, MAXPACKET)
- : res_search(CCS name, C_IN, type, dnsa->answer, MAXPACKET);
+ ? fakens_search(name, type, dnsa->answer, sizeof(dnsa->answer))
+ : res_search(CCS name, C_IN, type, dnsa->answer, sizeof(dnsa->answer));
-if (dnsa->answerlen > MAXPACKET)
+if (dnsa->answerlen > (int) sizeof(dnsa->answer))
{
- DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) resulted in overlong packet (size %d), truncating to %d.\n",
- name, dns_text_type(type), dnsa->answerlen, MAXPACKET);
- dnsa->answerlen = MAXPACKET;
+ DEBUG(D_dns) debug_printf("DNS lookup of %s (%s) resulted in overlong packet"
+ " (size %d), truncating to %u.\n",
+ name, dns_text_type(type), dnsa->answerlen, (unsigned int) sizeof(dnsa->answer));
+ dnsa->answerlen = sizeof(dnsa->answer);
}
if (dnsa->answerlen < 0) switch (h_errno)
static int lookup_list_init_done = 0;
-/* Table of information about all possible authentication mechamisms. All
+/* Table of information about all possible authentication mechanisms. All
entries are always present if any mechanism is declared, but the functions are
set to NULL for those that are not compiled into the binary. */
# Now do the job. First remove the files that have "fallen off the bottom".
# Look for both the compressed and uncompressed forms.
-if [ $keep -lt 10 ]; then keept=0$keep; else keept=$keep; fi;
+if [ $keep -lt 10 ]; then rotation=0$keep; else rotation=$keep; fi;
-if [ -f $mainlog.$keept ]; then $rm $mainlog.$keept; fi;
-if [ -f $mainlog.$keept.$suffix ]; then $rm $mainlog.$keept.$suffix; fi;
+if [ -f $mainlog.$rotation ]; then $rm $mainlog.$rotation; fi;
+if [ -f $mainlog.$rotation.$suffix ]; then $rm $mainlog.$rotation.$suffix; fi;
-if [ -f $rejectlog.$keept ]; then $rm $rejectlog.$keept; fi;
-if [ -f $rejectlog.$keept.$suffix ]; then $rm $rejectlog.$keept.$suffix; fi;
+if [ -f $rejectlog.$rotation ]; then $rm $rejectlog.$rotation; fi;
+if [ -f $rejectlog.$rotation.$suffix ]; then $rm $rejectlog.$rotation.$suffix; fi;
-if [ -f $paniclog.$keept ]; then $rm $paniclog.$keept; fi;
-if [ -f $paniclog.$keept.$suffix ]; then $rm $paniclog.$keept.$suffix; fi;
+if [ -f $paniclog.$rotation ]; then $rm $paniclog.$rotation; fi;
+if [ -f $paniclog.$rotation.$suffix ]; then $rm $paniclog.$rotation.$suffix; fi;
# Now rename all the previous old files by increasing their numbers by 1.
# When the number is less than 10, insert a leading zero.
-#! PERL_COMMAND -w
+#! PERL_COMMAND
+use warnings;
use strict;
+BEGIN { pop @INC if $INC[-1] eq '.' };
# Copyright (c) 2007-2015 University of Cambridge.
# See the file NOTICE for conditions of use and distribution.
{
if ($filename =~ /\.(?:$ext)$/)
{
- # Just die if compressor not found; if this occurrs in the middle of
+ # Just die if compressor not found; if this occurs in the middle of
# two valid files with a lot of matches, error could easily be missed.
die("Didn't find $ext decompressor for $filename\n")
if ($compressors->{$ext}->{bin} eq '');
#include "exim.h"
-#ifdef __GLIBC__
+#if defined(__GLIBC__) && !defined(__UCLIBC__)
# include <gnu/libc-version.h>
#endif
/* Exim uses a time + a pid to generate a unique identifier in two places: its
message IDs, and in file names for maildir deliveries. Because some OS now
re-use pids within the same second, sub-second times are now being used.
-However, for absolute certaintly, we must ensure the clock has ticked before
+However, for absolute certainty, we must ensure the clock has ticked before
allowing the relevant process to complete. At the time of implementation of
this code (February 2003), the speed of processors is such that the clock will
invariably have ticked already by the time a process has done its job. This
fprintf(f, "Compiler: <unknown>\n");
#endif
-#ifdef __GLIBC__
+#if defined(__GLIBC__) && !defined(__UCLIBC__)
fprintf(f, "Library version: Glibc: Compile: %d.%d\n",
__GLIBC__, __GLIBC_MINOR__);
if (__GLIBC_PREREQ(2, 1))
exim_usage(uschar *progname)
{
-/* Handle specific program invocation varients */
+/* Handle specific program invocation variants */
if (Ustrcmp(progname, US"-mailq") == 0)
{
fprintf(stderr,
break;
}
- /* An option consistion of -- terminates the options */
+ /* An option consisting of -- terminates the options */
if (Ustrcmp(arg, "--") == 0)
{
#ifdef ALT_CONFIG_PREFIX
int sep = 0;
int len = Ustrlen(ALT_CONFIG_PREFIX);
- uschar *list = argrest;
+ const uschar *list = argrest;
uschar *filename;
while((filename = string_nextinlist(&list, &sep, big_buffer,
big_buffer_size)) != NULL)
return EXIT_FAILURE;
}
- /* Set up $sending_ip_address and $sending_port */
+ /* Set up $sending_ip_address and $sending_port, unless proxied */
- if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock),
- &size) == 0)
- sending_ip_address = host_ntoa(-1, &interface_sock, NULL,
- &sending_port);
- else
- {
- fprintf(stderr, "exim: getsockname() failed after -MC option: %s\n",
- strerror(errno));
- return EXIT_FAILURE;
- }
+ if (!continue_proxy)
+ if (getsockname(fileno(stdin), (struct sockaddr *)(&interface_sock),
+ &size) == 0)
+ sending_ip_address = host_ntoa(-1, &interface_sock, NULL,
+ &sending_port);
+ else
+ {
+ fprintf(stderr, "exim: getsockname() failed after -MC option: %s\n",
+ strerror(errno));
+ return EXIT_FAILURE;
+ }
if (running_in_test_harness) millisleep(500);
break;
else if (*argrest == 'C' && argrest[1] && !argrest[2])
{
- switch(argrest[1])
+ switch(argrest[1])
{
/* -MCA: set the smtp_authenticated flag; this is useful only when it
precedes -MC (see above). The flag indicates that the host to which
case 'S': smtp_peer_options |= PEER_OFFERED_SIZE; break;
#ifdef SUPPORT_TLS
+ /* -MCt: similar to -MCT below but the connection is still open
+ via a proxy proces which handles the TLS context and coding.
+ Require two arguments for the proxied local address and port. */
+
+ case 't': continue_proxy = TRUE;
+ if (++i < argc) sending_ip_address = argv[i];
+ else badarg = TRUE;
+ if (++i < argc) sending_port = (int)(Uatol(argv[i]));
+ else badarg = TRUE;
+ /*FALLTHROUGH*/
+
/* -MCT: set the tls_offered flag; this is useful only when it
precedes -MC (see above). The flag indicates that the host to which
Exim is connected has offered TLS support. */
}
else
{
+ int old_pool = store_pool;
+ store_pool = POOL_PERM;
received_protocol = string_copyn(argrest, hn - argrest);
+ store_pool = old_pool;
sender_host_name = hn + 1;
}
}
verify_get_ident(1413);
}
- /* In case the given address is a non-canonical IPv6 address, canonicize
+ /* In case the given address is a non-canonical IPv6 address, canonicalize
it. The code works for both IPv4 and IPv6, as it happens. */
size = host_aton(sender_host_address, x);
if (smtp_start_session())
{
- reset_point = store_get(0);
- for (;;)
+ for (reset_point = store_get(0); ; store_reset(reset_point))
{
- store_reset(reset_point);
if (smtp_setup_msg() <= 0) break;
if (!receive_msg(FALSE)) break;
+
+ return_path = sender_address = NULL;
+ dnslist_domain = dnslist_matched = NULL;
+#ifndef DISABLE_DKIM
+ dkim_cur_signer = NULL;
+#endif
+ acl_var_m = NULL;
+ deliver_localpart_orig = NULL;
+ deliver_domain_orig = NULL;
+ callout_address = sending_ip_address = NULL;
+ sender_rate = sender_rate_limit = sender_rate_period = NULL;
}
smtp_log_no_mail();
}
}
else
{
- if (received_protocol == NULL)
+ int old_pool = store_pool;
+ store_pool = POOL_PERM;
+ if (!received_protocol)
received_protocol = string_sprintf("local%s", called_as);
+ store_pool = old_pool;
set_process_info("accepting a local non-SMTP message from <%s>",
sender_address);
}
of Linux (where SIG_IGN does work) that are picky. If, having set SIG_IGN, a
process then calls waitpid(), a grumble is written to the system log, because
this is logically inconsistent. In other words, it doesn't like the paranoia.
-As a consequenc of this, the waitpid() below is now excluded if we are sure
+As a consequence of this, the waitpid() below is now excluded if we are sure
that SIG_IGN works. */
if (!synchronous_delivery)
while (more)
{
- store_reset(reset_point);
message_id[0] = 0;
/* Handle the SMTP case; call smtp_setup_mst() to deal with the initial SMTP
more = receive_msg(extract_recipients);
if (message_id[0] == 0)
{
- if (more) continue;
+ if (more) goto moreloop;
smtp_log_no_mail(); /* Log no mail if configured */
exim_exit(EXIT_FAILURE);
}
if (!receive_timeout)
{
- struct timeval t = { 30*60, 0 }; /* 30 minutess */
+ struct timeval t = { 30*60, 0 }; /* 30 minutes */
fd_set r;
FD_ZERO(&r); FD_SET(0, &r);
#ifndef SIG_IGN_WORKS
while (waitpid(-1, NULL, WNOHANG) > 0);
#endif
+
+moreloop:
+ return_path = sender_address = NULL;
+ authenticated_sender = NULL;
+ deliver_localpart_orig = NULL;
+ deliver_domain_orig = NULL;
+ deliver_host = deliver_host_address = NULL;
+ dnslist_domain = dnslist_matched = NULL;
+#ifdef WITH_CONTENT_SCAN
+ malware_name = NULL;
+#endif
+ callout_address = NULL;
+ sending_ip_address = NULL;
+ acl_var_m = NULL;
+ { int i; for(i=0; i<REGEX_VARS; i++) regex_vars[i] = NULL; }
+
+ store_reset(reset_point);
}
exim_exit(EXIT_SUCCESS); /* Never returns */
PERL_COMMAND - $exim_path $args <<'End'
+BEGIN { pop @INC if $INC[-1] eq '.' };
use FileHandle;
use IPC::Open2;
-#!PERL_COMMAND -w
+#!PERL_COMMAND
# Copyright (c) 2001-2016 University of Cambridge.
# See the file NOTICE for conditions of use and distribution.
# 2001-10-21 Removed -domain flag and added -bydomain, -byhost, and -byemail.
# We now generate our main parsing subroutine as an eval statement
# which improves performance dramatically when not all the results
-# are required. We also cache the last timestamp to time convertion.
+# are required. We also cache the last timestamp to time conversion.
#
# NOTE: 'Top 50 destinations by (message count|volume)' lines are
# now 'Top N (host|email|domain) destinations by (message count|volume)'
# in HTML output. Also added code to convert them back with -merge.
# Fixed timestamp offsets to convert to seconds rather than minutes.
# Updated -merge to work with output files using timezones.
-# Added cacheing to speed up the calculation of timezone offsets.
+# Added caching to speed up the calculation of timezone offsets.
#
# 2003-02-07 V1.25 Steve Campbell
# Optimised the usage of mktime() in the seconds subroutine.
# Bernard Massot.
#
# 2003-06-03 V1.28 John Newman
-# Added in the ability to skip over the parsing and evaulation of
+# Added in the ability to skip over the parsing and evaluation of
# specific transports as passed to eximstats via the new "-nt/.../"
# command line argument. This new switch allows the viewing of
# not more accurate statistics but more applicable statistics when
# Added -xls and the ability to specify output files.
#
# 2005-04-29 V1.38 Steve Campbell
-# Use FileHandles for outputing results.
+# Use FileHandles for outputting results.
# Allow any combination of xls, txt, and html output.
# Fixed display of large numbers with -nvr option
# Fixed merging of reports with empty tables.
=cut
+use warnings;
use integer;
+BEGIN { pop @INC if $INC[-1] eq '.' };
use strict;
use IO::File;
use vars qw($total_received_data $total_received_data_gigs $total_received_count);
use vars qw($total_delivered_data $total_delivered_data_gigs $total_delivered_messages $total_delivered_addresses);
use vars qw(%timestamp2time); #Hash of timestamp => time.
-use vars qw($last_timestamp $last_time); #The last time convertion done.
-use vars qw($last_date $date_seconds); #The last date convertion done.
-use vars qw($last_offset $offset_seconds); #The last time offset convertion done.
+use vars qw($last_timestamp $last_time); #The last time conversion done.
+use vars qw($last_date $date_seconds); #The last date conversion done.
+use vars qw($last_offset $offset_seconds); #The last time offset conversion done.
use vars qw($localtime_offset);
use vars qw($i); #General loop counter.
use vars qw($debug); #Debug mode?
use vars qw(%rejected_count_by_ip %rejected_count_by_reason);
use vars qw(%temporarily_rejected_count_by_ip %temporarily_rejected_count_by_reason);
-#For use in Speadsheed::WriteExcel
+#For use in Spreadsheet::WriteExcel
use vars qw($workbook $ws_global $ws_relayed $ws_errors);
use vars qw($row $col $row_hist $col_hist);
use vars qw($run_hist);
else {
# We don't want any rounding to be done.
# and we don't need broken formatted output which on one hand avoids numbers from
- # being interpreted as string by Spreadsheed Calculators, on the other hand
+ # being interpreted as string by Spreadsheet Calculators, on the other hand
# breaks if more than 4 digits! -> flexible length instead of fixed length
# Format the return value at the output routine! -fh
#$rounded = sprintf("%d", ($g * $gig) + $x);
}
my $time = $date_seconds + ($5 * 3600) + ($6 * 60) + $7;
- # SC. Use cacheing. Also note we want seconds not minutes.
+ # SC. Use caching. Also note we want seconds not minutes.
#my($this_offset) = ($10 * 60 + $11) * ($9 . "1") if defined $8;
if (defined $8 && ($8 ne $last_offset)) {
$last_offset = $8;
# Create a dummy hash entry for the key if required.
# Note that setting the dummy_hash value sets it for both href2 &
- # href3. Also note that currently we are guarenteed to have a real
+ # href3. Also note that currently we are guaranteed to have a real
# value for href3 if a real value for href2 exists so don't need to
# test for it as well.
$dummy_hash{$key} = 0 unless exists $href2->{$key};
if ($messages > 0) {
@content = ($total_aref->[0], '', $messages, '');
- #Count the number of distict IPs for the Hosts column.
+ #Count the number of distinct IPs for the Hosts column.
push(@content,scalar(keys %{$total_aref->[1]})) if $do_sender{Host};
#These rows do not have entries for the following columns (if specified)
#
# add_to_totals(\%totals,\@keys,$values);
#
-# Given a line of space seperated values, add them into the provided hash using @keys
+# Given a line of space separated values, add them into the provided hash using @keys
# as the hash keys.
#
# If the value contains a '%', then the value is set rather than added. Otherwise, we
#
# line_to_hash(\%hash,\@keys,$line);
#
-# Given a line of space seperated values, set them into the provided hash
+# Given a line of space separated values, set them into the provided hash
# using @keys as the hash keys.
#######################################################################
sub line_to_hash {
# until we've got all of the argument.
#
# This isn't perfect as all white space gets reduced to one space,
-# but it's as good as we can get! If it's esential that spacing
+# but it's as good as we can get! If it's essential that spacing
# be preserved precisely, then you get that by not using shell
# variables.
#######################################################################
#######################################################################
# @rcpt_times = parse_time_list($string);
#
-# Parse a comma seperated list of time values in seconds given by
+# Parse a comma separated list of time values in seconds given by
# the user and fill an array.
#
# Return a default list if $string is undefined.
perl - $exim_path "$eximmacdef" $argone $spool_directory $qualify_domain $config <<'End'
+ # We don't import anything, but guard against future changes which do
+ BEGIN { pop @INC if $INC[-1] eq '.' };
+
# Name the arguments
$exim = $ARGV[0];
# http://www.exim.org/eximwiki/ToolExipickManPage
use strict;
+BEGIN { pop @INC if $INC[-1] eq '.' };
use Getopt::Long;
my($p_name) = $0 =~ m|/?([^/]+)$|;
'show-tests' => \$G::show_tests # display tests as applied to each message
) || exit(1);
-# if both freeze and thaw specified, only thaw as it is less desctructive
+# if both freeze and thaw specified, only thaw as it is less destructive
$G::freeze = undef if ($G::freeze && $G::thaw);
freeze_start() if ($G::freeze);
thaw_start() if ($G::thaw);
$i += 2;
}
}
- elsif ($ow[$i] =~ /\s/) { # whitspace is illegal
+ elsif ($ow[$i] =~ /\s/) { # whitespace is illegal
$e = 1;
last;
}
=item --input-dir <inputname>
-Set the name of the directory under the spool directory. By defaut this is "input". If this starts with '/', the value of --spool is ignored. See also --finput.
+Set the name of the directory under the spool directory. By default this is "input". If this starts with '/', the value of --spool is ignored. See also --finput.
=item -l
# Version 1.2
use strict;
+BEGIN { pop @INC if $INC[-1] eq '.' };
use Getopt::Std;
# Have this variable point to your exim binary.
}
sub collect() {
- open(QUEUE,"$exim $eargs |") or die("Error openning pipe: $!\n");
+ open(QUEUE,"$exim $eargs |") or die("Error opening pipe: $!\n");
while(<QUEUE>) {
chomp();
my $line = $_;
-#! PERL_COMMAND -w
+#! PERL_COMMAND
# Mail Queue Summary
# Christoph Lameter, 21 May 1997
# typo. Fix provided by Chris Liddiard.
# November 2006 by Jori Hamalainen
# Added feature to separate frozen and bounced messages from queue
-# Adedd feature to list queue per source - destination pair
+# Added feature to list queue per source - destination pair
# Changed regexps to compile once to very minor speed optimization
# Short circuit for empty lines
#
# Slightly modified sub from eximstats
+use warnings;
+BEGIN { pop @INC if $INC[-1] eq '.' };
+
sub print_volume_rounded {
my($x) = pop @_;
if ($x < 10000)
(standard crypt does 25 rounds). It then crypts the next 8 characters,
or an empty block if the password is less than 9 characters, using a
20-round version of crypt and the same salt as was used for the first
-block. Charaters after the first 16 are ignored. It always generates
+block. Characters after the first 16 are ignored. It always generates
a 16-byte hash, which is expressed together with the salt as a string
of 24 base 64 digits. Here are some links to peruse:
size += ilen + comma + 1; /* +1 for the newline */
- /* Second pass - concatentate the data, up to a maximum. Note that
+ /* Second pass - concatenate the data, up to a maximum. Note that
the loop stops when size hits the limit. */
if (i != 0)
+
/*************************************************
* Read and expand substrings *
*************************************************/
}
DEBUG(D_expand)
- debug_printf("expanding: acl: %s arg: %s%s\n",
+ debug_printf_indent("expanding: acl: %s arg: %s%s\n",
sub[0],
acl_narg>0 ? acl_arg[0] : US"<none>",
acl_narg>1 ? " +more" : "");
{
num[i] = 0;
DEBUG(D_expand)
- debug_printf("empty string cast to zero for numerical comparison\n");
+ debug_printf_indent("empty string cast to zero for numerical comparison\n");
}
else
{
uschar *save_iterate_item = iterate_item;
int (*compare)(const uschar *, const uschar *);
- DEBUG(D_expand) debug_printf("condition: %s\n", name);
+ DEBUG(D_expand) debug_printf_indent("condition: %s\n", name);
tempcond = FALSE;
compare = cond_type == ECOND_INLISTI
int sep = 0;
uschar *save_iterate_item = iterate_item;
- DEBUG(D_expand) debug_printf("condition: %s\n", name);
+ DEBUG(D_expand) debug_printf_indent("condition: %s\n", name);
while (isspace(*s)) s++;
if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
list = sub[0];
while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
{
- DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
+ DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, iterate_item);
if (!eval_condition(sub[1], resetok, &tempcond))
{
expand_string_message = string_sprintf("%s inside \"%s\" condition",
iterate_item = save_iterate_item;
return NULL;
}
- DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", name,
+ DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", name,
tempcond? "true":"false");
if (yield != NULL) *yield = (tempcond == testfor);
}
}
DEBUG(D_expand)
- debug_printf("considering %s: %s\n", ourname, len ? t : US"<empty>");
+ debug_printf_indent("considering %s: %s\n", ourname, len ? t : US"<empty>");
/* logic for the lax case from expand_check_condition(), which also does
expands, and the logic is both short and stable enough that there should
be no maintenance burden from replicating it. */
"value \"%s\"", t);
return NULL;
}
- DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", ourname,
+ DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname,
boolvalue? "true":"false");
if (yield != NULL) *yield = (boolvalue == testfor);
return s;
while (isspace(*s)) s++;
if (*s == '}')
{
- if (!skipping)
- if (type[0] == 'i')
- {
- if (yes) *yieldptr = string_catn(*yieldptr, sizeptr, ptrptr, US"true", 4);
- }
- else
- {
- if (yes && lookup_value)
- *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value);
- lookup_value = save_lookup;
- }
+ if (type[0] == 'i')
+ {
+ if (yes && !skipping)
+ *yieldptr = string_catn(*yieldptr, sizeptr, ptrptr, US"true", 4);
+ }
+ else
+ {
+ if (yes && lookup_value && !skipping)
+ *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value);
+ lookup_value = save_lookup;
+ }
s++;
goto RETURN;
}
hash_source = string_cat(hash_source, &size, &offset, address);
hash_source[offset] = '\0';
-DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
+DEBUG(D_expand) debug_printf_indent("prvs: hash source is '%s'\n", hash_source);
memset(innerkey, 0x36, 64);
memset(outerkey, 0x5c, 64);
/* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
* a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
* is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
- * -N*M is INT_MIN will yielf INT_MIN.
+ * -N*M is INT_MIN will yield INT_MIN.
* Since we don't support floating point, this is somewhat simpler.
* Ideally, we'd return an error, but since we overflow for all other
* arithmetic, consistency suggests otherwise, but what's the correct value
We use an internal routine recursively to handle embedded substrings. The
external function follows. The yield is NULL if the expansion failed, and there
are two cases: if something collapsed syntactically, or if "fail" was given
-as the action on a lookup failure. These can be distinguised by looking at the
+as the action on a lookup failure. These can be distinguished by looking at the
variable expand_string_forcedfail, which is TRUE in the latter case.
The skipping flag is set true when expanding a substring that isn't actually
int save_expand_nlength[EXPAND_MAXN+1];
BOOL resetok = TRUE;
+expand_level++;
DEBUG(D_expand)
- debug_printf("%s: %s\n", skipping ? " scanning" : "considering", string);
+ debug_printf_indent(UTF8_DOWN_RIGHT "%s: %s\n",
+ skipping
+ ? UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ "scanning"
+ : "considering",
+ string);
expand_string_forcedfail = FALSE;
expand_string_message = US"";
case OK:
case FAIL:
DEBUG(D_expand)
- debug_printf("acl expansion yield: %s\n", user_msg);
+ debug_printf_indent("acl expansion yield: %s\n", user_msg);
if (user_msg)
yield = string_cat(yield, &size, &ptr, user_msg);
continue;
if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
DEBUG(D_expand)
- debug_printf(" condition: %.*s\n result: %s\n",
- (int)(next_s - s), s,
- cond ? "true" : "false");
+ {
+ debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ
+ "condition: %.*s\n",
+ (int)(next_s - s), s);
+ debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ
+ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
+ "result: %s\n",
+ cond ? "true" : "false");
+ }
s = next_s;
uschar *hash = string_copyn(expand_nstring[3],expand_nlength[3]);
uschar *domain = string_copyn(expand_nstring[5],expand_nlength[5]);
- DEBUG(D_expand) debug_printf("prvscheck localpart: %s\n", local_part);
- DEBUG(D_expand) debug_printf("prvscheck key number: %s\n", key_num);
- DEBUG(D_expand) debug_printf("prvscheck daystamp: %s\n", daystamp);
- DEBUG(D_expand) debug_printf("prvscheck hash: %s\n", hash);
- DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
+ DEBUG(D_expand) debug_printf_indent("prvscheck localpart: %s\n", local_part);
+ DEBUG(D_expand) debug_printf_indent("prvscheck key number: %s\n", key_num);
+ DEBUG(D_expand) debug_printf_indent("prvscheck daystamp: %s\n", daystamp);
+ DEBUG(D_expand) debug_printf_indent("prvscheck hash: %s\n", hash);
+ DEBUG(D_expand) debug_printf_indent("prvscheck domain: %s\n", domain);
/* Set up expansion variables */
prvscheck_address = string_cat (NULL, &mysize, &myptr, local_part);
goto EXPAND_FAILED;
}
- DEBUG(D_expand) debug_printf("prvscheck: received hash is %s\n", hash);
- DEBUG(D_expand) debug_printf("prvscheck: own hash is %s\n", p);
+ DEBUG(D_expand) debug_printf_indent("prvscheck: received hash is %s\n", hash);
+ DEBUG(D_expand) debug_printf_indent("prvscheck: own hash is %s\n", p);
if (Ustrcmp(p,hash) == 0)
{
if (iexpire >= inow)
{
prvscheck_result = US"1";
- DEBUG(D_expand) debug_printf("prvscheck: success, $pvrs_result set to 1\n");
+ DEBUG(D_expand) debug_printf_indent("prvscheck: success, $pvrs_result set to 1\n");
}
else
{
prvscheck_result = NULL;
- DEBUG(D_expand) debug_printf("prvscheck: signature expired, $pvrs_result unset\n");
+ DEBUG(D_expand) debug_printf_indent("prvscheck: signature expired, $pvrs_result unset\n");
}
}
else
{
prvscheck_result = NULL;
- DEBUG(D_expand) debug_printf("prvscheck: hash failure, $pvrs_result unset\n");
+ DEBUG(D_expand) debug_printf_indent("prvscheck: hash failure, $pvrs_result unset\n");
}
/* Now expand the final argument. We leave this till now so that
struct sockaddr_un sockun; /* don't call this "sun" ! */
uschar *arg;
uschar *sub_arg[4];
+ BOOL do_shutdown = TRUE;
- if ((expand_forbid & RDO_READSOCK) != 0)
+ if (expand_forbid & RDO_READSOCK)
{
expand_string_message = US"socket insertions are not permitted";
goto EXPAND_FAILED;
case 3: goto EXPAND_FAILED;
}
- /* Sort out timeout, if given */
+ /* Sort out timeout, if given. The second arg is a list with the first element
+ being a time value. Any more are options of form "name=value". Currently the
+ only option recognised is "shutdown". */
- if (sub_arg[2] != NULL)
+ if (sub_arg[2])
{
- timeout = readconf_readtime(sub_arg[2], 0, FALSE);
- if (timeout < 0)
+ const uschar * list = sub_arg[2];
+ uschar * item;
+ int sep = 0;
+
+ item = string_nextinlist(&list, &sep, NULL, 0);
+ if ((timeout = readconf_readtime(item, 0, FALSE)) < 0)
{
- expand_string_message = string_sprintf("bad time value %s",
- sub_arg[2]);
+ expand_string_message = string_sprintf("bad time value %s", item);
goto EXPAND_FAILED;
}
+
+ while ((item = string_nextinlist(&list, &sep, NULL, 0)))
+ if (Ustrncmp(item, US"shutdown=", 9) == 0)
+ if (Ustrcmp(item + 9, US"no") == 0)
+ do_shutdown = FALSE;
}
else sub_arg[3] = NULL; /* No eol if no timeout */
port = ntohs(service_info->s_port);
}
- if ((fd = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
- timeout, NULL, &expand_string_message)) < 0)
+ fd = ip_connectedsocket(SOCK_STREAM, server_name, port, port,
+ timeout, NULL, &expand_string_message);
+ callout_address = NULL;
+ if (fd < 0)
goto SOCK_FAIL;
}
}
}
- DEBUG(D_expand) debug_printf("connected to socket %s\n", sub_arg[0]);
+ DEBUG(D_expand) debug_printf_indent("connected to socket %s\n", sub_arg[0]);
/* Allow sequencing of test actions */
if (running_in_test_harness) millisleep(100);
if (sub_arg[1][0] != 0)
{
int len = Ustrlen(sub_arg[1]);
- DEBUG(D_expand) debug_printf("writing \"%s\" to socket\n",
+ DEBUG(D_expand) debug_printf_indent("writing \"%s\" to socket\n",
sub_arg[1]);
if (write(fd, sub_arg[1], len) != len)
{
recognise that it is their turn to do some work. Just in case some
system doesn't have this function, make it conditional. */
- #ifdef SHUT_WR
- shutdown(fd, SHUT_WR);
- #endif
+#ifdef SHUT_WR
+ if (do_shutdown) shutdown(fd, SHUT_WR);
+#endif
if (running_in_test_harness) millisleep(100);
while (isspace(*s)) s++;
}
- readsock_done:
+ READSOCK_DONE:
if (*s++ != '}')
{
expand_string_message = US"missing '}' closing readsocket";
socket, or timeout on reading. If another substring follows, expand and
use it. Otherwise, those conditions give expand errors. */
- SOCK_FAIL:
+ SOCK_FAIL:
if (*s != '{') goto EXPAND_FAILED;
DEBUG(D_any) debug_printf("%s\n", expand_string_message);
if (!(arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok)))
goto EXPAND_FAILED_CURLY;
}
while (isspace(*s)) s++;
- goto readsock_done;
+ goto READSOCK_DONE;
}
/* Handle "run" to execute a program. */
/* While skipping we cannot rely on the data for expansions being
available (eg. $item) hence cannot decide on numeric vs. keyed.
- Read a maximum of 5 arguments (inclding the yes/no) */
+ Read a maximum of 5 arguments (including the yes/no) */
if (skipping)
{
processing for real, we perform the iteration. */
if (skipping) continue;
- while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)) != NULL)
+ while ((iterate_item = string_nextinlist(&list, &sep, NULL, 0)))
{
*outsep = (uschar)sep; /* Separator as a string */
- DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, iterate_item);
+ DEBUG(D_expand) debug_printf_indent("%s: $item = '%s' $value = '%s'\n",
+ name, iterate_item, lookup_value);
if (item_type == EITEM_FILTER)
{
expand_string_message, name);
goto EXPAND_FAILED;
}
- DEBUG(D_expand) debug_printf("%s: condition is %s\n", name,
+ DEBUG(D_expand) debug_printf_indent("%s: condition is %s\n", name,
condresult? "true":"false");
if (condresult)
temp = iterate_item; /* TRUE => include this item */
uschar * newkeylist = NULL;
uschar * srcfield;
- DEBUG(D_expand) debug_printf("%s: $item = \"%s\"\n", name, srcitem);
+ DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, srcitem);
/* extract field for comparisons */
iterate_item = srcitem;
/* build and run condition string */
expr = string_sprintf("%s{%s}{%s}", cmp, srcfield, dstfield);
- DEBUG(D_expand) debug_printf("%s: cond = \"%s\"\n", name, expr);
+ DEBUG(D_expand) debug_printf_indent("%s: cond = \"%s\"\n", name, expr);
if (!eval_condition(expr, &resetok, &before))
{
expand_string_message = string_sprintf("comparison in sort: %s",
dstlist = newlist;
dstkeylist = newkeylist;
- DEBUG(D_expand) debug_printf("%s: dstlist = \"%s\"\n", name, dstlist);
- DEBUG(D_expand) debug_printf("%s: dstkeylist = \"%s\"\n", name, dstkeylist);
+ DEBUG(D_expand) debug_printf_indent("%s: dstlist = \"%s\"\n", name, dstlist);
+ DEBUG(D_expand) debug_printf_indent("%s: dstkeylist = \"%s\"\n", name, dstkeylist);
}
if (dstlist)
blob b;
char st[3];
- exim_sha_init(&h, HASH_SHA256);
+ if (!exim_sha_init(&h, HASH_SHA256))
+ {
+ expand_string_message = US"unrecognised sha256 variant";
+ goto EXPAND_FAILED;
+ }
exim_sha_update(&h, sub, Ustrlen(sub));
exim_sha_finish(&h, &b);
while (b.len-- > 0)
: Ustrcmp(arg, "512") == 0 ? HASH_SHA3_512
: HASH_BADTYPE;
- if (m == HASH_BADTYPE)
+ if (m == HASH_BADTYPE || !exim_sha_init(&h, m))
{
expand_string_message = US"unrecognised sha3 variant";
goto EXPAND_FAILED;
}
- exim_sha_init(&h, m);
exim_sha_update(&h, sub, Ustrlen(sub));
exim_sha_finish(&h, &b);
while (b.len-- > 0)
case EOP_LOCAL_PART:
case EOP_DOMAIN:
{
- uschar *error;
+ uschar * error;
int start, end, domain;
- uschar *t = parse_extract_address(sub, &error, &start, &end, &domain,
+ uschar * t = parse_extract_address(sub, &error, &start, &end, &domain,
FALSE);
- if (t != NULL)
- {
+ if (t)
if (c != EOP_DOMAIN)
{
if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
domain += start;
yield = string_catn(yield, &size, &ptr, sub+domain, end-domain);
}
- }
continue;
}
goto EXPAND_FAILED;
}
yield = string_cat(yield, &size, &ptr, s);
- DEBUG(D_expand) debug_printf("yield: '%s'\n", yield);
+ DEBUG(D_expand) debug_printf_indent("yield: '%s'\n", yield);
continue;
}
DEBUG(D_expand)
{
- debug_printf(" expanding: %.*s\n result: %s\n", (int)(s - string), string,
+ debug_printf_indent(UTF8_VERT_RIGHT UTF8_HORIZ UTF8_HORIZ
+ "expanding: %.*s\n",
+ (int)(s - string), string);
+ debug_printf_indent("%s"
+ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
+ "result: %s\n",
+ skipping ? UTF8_VERT_RIGHT : UTF8_UP_RIGHT,
yield);
- if (skipping) debug_printf(" skipping: result is not used\n");
+ if (skipping)
+ debug_printf_indent(UTF8_UP_RIGHT UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
+ "skipping: result is not used\n");
}
+expand_level--;
return yield;
/* This is the failure exit: easiest to program with a goto. We still need
if (left != NULL) *left = s;
DEBUG(D_expand)
{
- debug_printf("failed to expand: %s\n", string);
- debug_printf(" error message: %s\n", expand_string_message);
- if (expand_string_forcedfail) debug_printf("failure was forced\n");
+ debug_printf_indent(UTF8_VERT_RIGHT "failed to expand: %s\n",
+ string);
+ debug_printf_indent("%s" UTF8_HORIZ UTF8_HORIZ UTF8_HORIZ
+ "error message: %s\n",
+ expand_string_forcedfail ? UTF8_VERT_RIGHT : UTF8_UP_RIGHT,
+ expand_string_message);
+ if (expand_string_forcedfail)
+ debug_printf_indent(UTF8_UP_RIGHT "failure was forced\n");
}
if (resetok_p) *resetok_p = resetok;
+expand_level--;
return NULL;
}
if (*s == '\0')
{
DEBUG(D_expand)
- debug_printf("treating blank string as number 0\n");
+ debug_printf_indent("treating blank string as number 0\n");
return 0;
}
}
+/*************************************************
+* Error-checking for testsuite *
+*************************************************/
+typedef struct {
+ const char * filename;
+ int linenumber;
+ uschar * region_start;
+ uschar * region_end;
+ const uschar *var_name;
+ const uschar *var_data;
+} err_ctx;
+
+static void
+assert_variable_notin(uschar * var_name, uschar * var_data, void * ctx)
+{
+err_ctx * e = ctx;
+if (var_data >= e->region_start && var_data < e->region_end)
+ {
+ e->var_name = CUS var_name;
+ e->var_data = CUS var_data;
+ }
+}
+
+void
+assert_no_variables(void * ptr, int len, const char * filename, int linenumber)
+{
+err_ctx e = {filename, linenumber, ptr, US ptr + len, NULL };
+int i;
+var_entry * v;
+
+/* check acl_ variables */
+tree_walk(acl_var_c, assert_variable_notin, &e);
+tree_walk(acl_var_m, assert_variable_notin, &e);
+
+/* check auth<n> variables */
+for (i = 0; i < AUTH_VARS; i++) if (auth_vars[i])
+ assert_variable_notin(US"auth<n>", auth_vars[i], &e);
+
+/* check regex<n> variables */
+for (i = 0; i < REGEX_VARS; i++) if (regex_vars[i])
+ assert_variable_notin(US"regex<n>", regex_vars[i], &e);
+
+/* check known-name variables */
+for (v = var_table; v < var_table + var_table_size; v++)
+ if (v->type == vtype_stringptr)
+ assert_variable_notin(US v->name, *(USS v->value), &e);
+
+if (e.var_name)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "live variable '%s' destroyed by reset_store at %s:%d\n- value '%.64s'",
+ e.var_name, e.filename, e.linenumber, e.var_data);
+}
+
+
/*************************************************
**************************************************
/*************************************************
-* Ouput the current indent *
+* Output the current indent *
*************************************************/
static void
* Read a list of commands *
*************************************************/
-/* If condional is TRUE, the list must be terminated
+/* If conditional is TRUE, the list must be terminated
by the words "else" or "endif".
Arguments:
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
extern uschar * tls_cert_fprt_sha256(void *);
extern int tls_client_start(int, host_item *, address_item *,
- transport_instance *
+ transport_instance *,
# ifdef EXPERIMENTAL_DANE
- , dns_answer *
+ dns_answer *,
# endif
- );
+ uschar **);
extern void tls_close(BOOL, BOOL);
extern int tls_export_cert(uschar *, size_t, void *);
extern int tls_feof(void);
extern int tls_ferror(void);
extern void tls_free_cert(void **);
-extern int tls_getc(void);
+extern int tls_getc(unsigned);
extern void tls_get_cache(void);
extern int tls_import_cert(const uschar *, void **);
extern int tls_read(BOOL, uschar *, size_t);
-extern int tls_server_start(const uschar *);
+extern int tls_server_start(const uschar *, uschar **);
extern BOOL tls_smtp_buffered(void);
extern int tls_ungetc(int);
extern int tls_write(BOOL, const uschar *, size_t);
extern tree_node *acl_var_create(uschar *);
extern void acl_var_write(uschar *, uschar *, void *);
+extern void assert_no_variables(void *, int, const char *, int);
extern int auth_call_pam(const uschar *, uschar **);
extern int auth_call_pwcheck(uschar *, uschar **);
extern int auth_call_radius(const uschar *, uschar **);
extern int auth_check_serv_cond(auth_instance *);
extern int auth_check_some_cond(auth_instance *, uschar *, uschar *, int);
+
extern int auth_get_data(uschar **, uschar *, int);
extern int auth_get_no64_data(uschar **, uschar *);
extern uschar *auth_xtextencode(uschar *, int);
extern uschar *b64encode(uschar *, int);
extern int b64decode(uschar *, uschar **);
-extern int bdat_getc(void);
+extern int bdat_getc(unsigned);
+extern int bdat_ungetc(int);
+extern void bdat_flush_data(void);
+
extern void bits_clear(unsigned int *, size_t, int *);
extern void bits_set(unsigned int *, size_t, int *);
extern void debug_logging_stop(void);
extern void debug_print_argv(const uschar **);
extern void debug_print_ids(uschar *);
+extern void debug_printf_indent(const char *, ...) PRINTF_FUNCTION(1,2);
extern void debug_print_string(uschar *);
extern void debug_print_tree(tree_node *);
-extern void debug_vprintf(const char *, va_list);
+extern void debug_vprintf(int, const char *, va_list);
extern void decode_bits(unsigned int *, size_t, int *,
uschar *, bit_table *, int, uschar *, int);
extern address_item *deliver_make_addr(uschar *, BOOL);
extern BOOL directory_make(const uschar *, const uschar *, int, BOOL);
#ifndef DISABLE_DKIM
extern BOOL dkim_transport_write_message(int, transport_ctx *,
- struct ob_dkim *);
+ struct ob_dkim *, const uschar ** errstr);
#endif
extern dns_address *dns_address_from_rr(dns_answer *, dns_record *);
extern int dns_basic_lookup(dns_answer *, const uschar *, int);
extern uschar *event_raise(uschar *, const uschar *, uschar *);
extern void msg_event_raise(const uschar *, const address_item *);
#endif
-extern uschar ehlo_response(uschar *, size_t, uschar);
extern const uschar * exim_errstr(int);
extern void exim_exit(int);
extern void exim_nullstd(void);
extern BOOL smtp_get_interface(uschar *, int, address_item *,
uschar **, uschar *);
extern BOOL smtp_get_port(uschar *, address_item *, int *, uschar *);
-extern int smtp_getc(void);
+extern int smtp_getc(unsigned);
extern void smtp_get_cache(void);
extern int smtp_handle_acl_fail(int, int, uschar *, uschar *);
extern void smtp_log_no_mail(void);
extern int spool_open_temp(uschar *);
extern int spool_read_header(uschar *, BOOL, BOOL);
extern int spool_write_header(uschar *, int, uschar **);
-extern int stdin_getc(void);
+extern int stdin_getc(unsigned);
extern int stdin_feof(void);
extern int stdin_ferror(void);
extern int stdin_ungetc(int);
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* All the global variables are defined together in this one module, so
stand-alone tests. */
#ifndef STAND_ALONE
-int (*lwr_receive_getc)(void) = stdin_getc;
+int (*lwr_receive_getc)(unsigned) = stdin_getc;
int (*lwr_receive_ungetc)(int) = stdin_ungetc;
-int (*receive_getc)(void) = stdin_getc;
+int (*receive_getc)(unsigned) = stdin_getc;
void (*receive_get_cache)(void)= NULL;
int (*receive_ungetc)(int) = stdin_ungetc;
int (*receive_feof)(void) = stdin_feof;
NULL, NULL, NULL, NULL};
int acl_narg = 0;
+int acl_level = 0;
+
uschar *acl_not_smtp = NULL;
#ifdef WITH_CONTENT_SCAN
uschar *acl_not_smtp_mime = NULL;
uschar *continue_host_address = NULL;
BOOL continue_more = FALSE;
int continue_sequence = 1;
+BOOL continue_proxy = FALSE;
uschar *continue_transport = NULL;
uschar *csa_status = NULL;
int debug_options_count = nelem(debug_options);
unsigned int debug_selector = 0;
+BOOL debug_store = FALSE;
int delay_warning[DELAY_WARNING_SIZE] = { DELAY_WARNING_SIZE, 1, 24*60*60 };
uschar *delay_warning_condition=
US"${if or {"
int errors_sender_rc = EXIT_FAILURE;
#ifndef DISABLE_EVENT
uschar *event_action = NULL; /* expansion for delivery events */
-uschar *event_data = NULL; /* auxilary data variable for event */
+uschar *event_data = NULL; /* auxiliary data variable for event */
int event_defer_errno = 0;
const uschar *event_name = NULL; /* event name variable */
#endif
"\0<---------------Space to patch exim_path->";
uid_t exim_uid = EXIM_UID;
BOOL exim_uid_set = TRUE; /* This uid is always set */
+int expand_level = 0; /* Nesting depth, indent for debug */
int expand_forbid = 0;
int expand_nlength[EXPAND_MAXN+1];
int expand_nmax = -1;
BOOL system_filter_uid_set = FALSE;
BOOL system_filtering = FALSE;
+BOOL tcp_fastopen_ok = FALSE;
BOOL tcp_nodelay = TRUE;
#ifdef USE_TCP_WRAPPERS
uschar *tcp_wrappers_daemon_name = US TCP_WRAPPERS_DAEMON_NAME;
uschar *verify_mode = NULL;
uschar *version_copyright =
- US"Copyright (c) University of Cambridge, 1995 - 2016\n"
- "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2016";
+ US"Copyright (c) University of Cambridge, 1995 - 2017\n"
+ "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017";
uschar *version_date = US"?";
uschar *version_cnumber = US"????";
uschar *version_string = US"?";
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Almost all the global variables are defined together in this one header, so
/* Input-reading functions for messages, so we can use special ones for
incoming TCP/IP. */
-extern int (*lwr_receive_getc)(void);
+extern int (*lwr_receive_getc)(unsigned);
extern int (*lwr_receive_ungetc)(int);
-extern int (*receive_getc)(void);
+extern int (*receive_getc)(unsigned);
extern void (*receive_get_cache)(void);
extern int (*receive_ungetc)(int);
extern int (*receive_feof)(void);
extern tree_node *acl_anchor; /* Tree of named ACLs */
extern uschar *acl_arg[9]; /* Argument to ACL call */
extern int acl_narg; /* Number of arguments to ACL call */
+extern int acl_level; /* Nesting depth and debug indent */
extern uschar *acl_not_smtp; /* ACL run for non-SMTP messages */
#ifdef WITH_CONTENT_SCAN
extern uschar *acl_not_smtp_mime; /* For MIME parts of ditto */
extern uschar *continue_host_address; /* IP address for ditto */
extern BOOL continue_more; /* Flag more addresses waiting */
extern int continue_sequence; /* Sequence num for continued delivery */
+extern BOOL continue_proxy; /* Continued delivery is proxied for TLS */
extern uschar *continue_transport; /* Transport for continued delivery */
extern uschar *csa_status; /* Client SMTP Authorization result */
typedef struct {
unsigned delivery:1; /* When to attempt */
- unsigned defer_pass:1; /* Pass 4xx to caller rather than spoolling */
+ unsigned defer_pass:1; /* Pass 4xx to caller rather than spooling */
int fd; /* Open connection */
int nrcpt; /* Count of addresses */
uschar * interface; /* (address of) */
extern int debug_notall[]; /* Debug options excluded from +all */
extern bit_table debug_options[]; /* Table of debug options */
extern int debug_options_count; /* Size of table */
+extern BOOL debug_store; /* Do extra checks on store_reset */
extern int delay_warning[]; /* Times between warnings */
extern uschar *delay_warning_condition; /* Condition string for warnings */
extern BOOL delivery_date_remove; /* Remove delivery-date headers */
extern const uschar *exim_sieve_extension_list[]; /* list of sieve extensions */
extern uid_t exim_uid; /* Non-root uid for exim */
extern BOOL exim_uid_set; /* TRUE if exim_uid set */
+extern int expand_level; /* Nesting depth; indent for debug */
extern int expand_forbid; /* RDO flags for forbidding things */
extern int expand_nlength[]; /* Lengths of numbered strings */
extern int expand_nmax; /* Max numerical value */
extern BOOL queue_only_policy; /* ACL or local_scan wants queue_only */
extern BOOL queue_run_in_order; /* As opposed to random */
extern uschar *queue_run_max; /* Max queue runners */
-extern BOOL queue_smtp; /* Disable all immediate STMP (-odqs)*/
+extern BOOL queue_smtp; /* Disable all immediate SMTP (-odqs)*/
extern uschar *queue_smtp_domains; /* Ditto, for these domains */
extern unsigned int random_seed; /* Seed for random numbers */
extern int sending_port; /* Port of outgoing interface */
extern SIGNAL_BOOL sigalrm_seen; /* Flag for sigalrm_handler */
extern uschar **sighup_argv; /* Args for re-execing after SIGHUP */
-extern int slow_lookup_log; /* Log DNS lookups taking loger than N millisecs */
+extern int slow_lookup_log; /* Log DNS lookups taking longer than N millisecs */
extern int smtp_accept_count; /* Count of connections */
extern BOOL smtp_accept_keepalive; /* Set keepalive on incoming */
extern int smtp_accept_max; /* Max SMTP connections */
extern BOOL system_filter_uid_set; /* TRUE if uid set */
extern BOOL system_filtering; /* TRUE when running system filter */
+extern BOOL tcp_fastopen_ok; /* appears to be supported by kernel */
extern BOOL tcp_nodelay; /* Controls TCP_NODELAY on daemon */
#ifdef USE_TCP_WRAPPERS
extern uschar *tcp_wrappers_daemon_name; /* tcpwrappers daemon lookup name */
sha1;
#endif /*STAND_ALONE*/
-
+#include <assert.h>
/******************************************************************************/
#ifdef SHA_OPENSSL
-void
+BOOL
exim_sha_init(hctx * h, hashmethod m)
{
switch (h->method = m)
{
case HASH_SHA1: h->hashlen = 20; SHA1_Init (&h->u.sha1); break;
case HASH_SHA256: h->hashlen = 32; SHA256_Init(&h->u.sha2); break;
- default: h->hashlen = 0; break;
+ default: h->hashlen = 0; return FALSE;
}
+return TRUE;
}
{
case HASH_SHA1: SHA1_Update (&h->u.sha1, data, len); break;
case HASH_SHA256: SHA256_Update(&h->u.sha2, data, len); break;
+ /* should be blocked by init not handling these, but be explicit to
+ * guard against accidents later (and hush up clang -Wswitch) */
+ default: assert(0);
}
}
{
case HASH_SHA1: SHA1_Final (b->data, &h->u.sha1); break;
case HASH_SHA256: SHA256_Final(b->data, &h->u.sha2); break;
+ default: assert(0);
}
}
#elif defined(SHA_GNUTLS)
/******************************************************************************/
-void
+BOOL
exim_sha_init(hctx * h, hashmethod m)
{
switch (h->method = m)
#ifdef EXIM_HAVE_SHA3
case HASH_SHA3_256: h->hashlen = 32; gnutls_hash_init(&h->sha, GNUTLS_DIG_SHA3_256); break;
#endif
- default: h->hashlen = 0; break;
+ default: h->hashlen = 0; return FALSE;
}
+return TRUE;
}
#elif defined(SHA_GCRYPT)
/******************************************************************************/
-void
+BOOL
exim_sha_init(hctx * h, hashmethod m)
{
switch (h->method = m)
{
case HASH_SHA1: h->hashlen = 20; gcry_md_open(&h->sha, GCRY_MD_SHA1, 0); break;
case HASH_SHA256: h->hashlen = 32; gcry_md_open(&h->sha, GCRY_MD_SHA256, 0); break;
- default: h->hashlen = 0; break;
+ default: h->hashlen = 0; return FALSE;
}
+return TRUE;
}
#elif defined(SHA_POLARSSL)
/******************************************************************************/
-void
+BOOL
exim_sha_init(hctx * h, hashmethod m)
{
switch (h->method = m)
{
case HASH_SHA1: h->hashlen = 20; sha1_starts(&h->u.sha1); break;
case HASH_SHA256: h->hashlen = 32; sha2_starts(&h->u.sha2, 0); break;
- default: h->hashlen = 0; break;
+ default: h->hashlen = 0; return FALSE;
}
+return TRUE;
}
# ifdef notdef
-void
+BOOL
exim_sha_init(hctx * h, hashmethod m)
{
h->hashlen = 20;
native_sha1_start(&h->sha1);
+return TRUE;
}
void
sha1_start(hctx * h)
{
-exim_sha_init(h, HASH_SHA1);
+(void) exim_sha_init(h, HASH_SHA1);
}
void
} hctx;
-extern void exim_sha_init(hctx *, hashmethod);
+extern BOOL exim_sha_init(hctx *, hashmethod);
extern void exim_sha_update(hctx *, const uschar *a, int);
extern void exim_sha_finish(hctx *, blob *);
extern int exim_sha_hashlen(hctx *);
hptr = &header_list;
/* header_list->text can be NULL if we get here between when the new
- received header is allocated and when it is acutally filled in. We want
+ received header is allocated and when it is actually filled in. We want
that header to be first, so skip it for now. */
if (header_list->text == NULL)
{
int len = Ustrlen(name);
- /* Find the first non-deleted header witht the correct name. */
+ /* Find the first non-deleted header with the correct name. */
for (hptr = &header_list; (h = *hptr) != NULL; hptr = &(h->next))
{
/* If HELO/EHLO was followed by an IP literal, it's messy because of two
features of IPv6. Firstly, there's the "IPv6:" prefix (Exim is liberal and
doesn't require this, for historical reasons). Secondly, IPv6 addresses may not
-be given in canonical form, so we have to canonicize them before comparing. As
+be given in canonical form, so we have to canonicalize them before comparing. As
it happens, the code works for both IPv4 and IPv6. */
else if (sender_helo_name[0] == '[' &&
FAIL if no host name can be found
DEFER if a temporary error was encountered
-The variable host_lookup_msg is set to an empty string on sucess, or to a
+The variable host_lookup_msg is set to an empty string on success, or to a
reason for the failure otherwise, in a form suitable for tagging onto an error
message, and also host_lookup_failed is set TRUE if the lookup failed. If there
was a defer, host_lookup_deferred is set TRUE.
save_hostname = sender_host_name; /* Save for error messages */
aliases = sender_host_aliases;
-for (hname = sender_host_name; hname != NULL; hname = *aliases++)
+for (hname = sender_host_name; hname; hname = *aliases++)
{
int rc;
BOOL ok = FALSE;
h.dnssec == DS_YES ? "DNSSEC verified (AD)" : "unverified");
if (h.dnssec != DS_YES) sender_host_dnssec = FALSE;
- for (hh = &h; hh != NULL; hh = hh->next)
+ for (hh = &h; hh; hh = hh->next)
if (host_is_in_net(hh->address, sender_host_address, 0))
{
HDEBUG(D_host_lookup) debug_printf(" %s OK\n", hh->address);
Returns: HOST_FIND_FAILED couldn't find A record
HOST_FIND_AGAIN try again later
+ HOST_FIND_SECURITY dnssec required but not acheived
HOST_FOUND found AAAA and/or A record(s)
HOST_IGNORED found, but all IPs ignored
*/
dns_record *rr;
host_item *thishostlast = NULL; /* Indicates not yet filled in anything */
BOOL v6_find_again = FALSE;
+BOOL dnssec_fail = FALSE;
int i;
/* If allow_ip is set, a name which is an IP address returns that value
{
if (dnssec_require)
{
- log_write(L_host_lookup_failed, LOG_MAIN,
- "dnssec fail on %s for %.256s",
+ dnssec_fail = TRUE;
+ DEBUG(D_host_lookup) debug_printf("dnssec fail on %s for %.256s",
i>0 ? "AAAA" : "A", host->name);
continue;
}
}
}
-/* Control gets here only if the econdookup (the A record) succeeded.
+/* Control gets here only if the second lookup (the A record) succeeded.
However, the address may not be filled in if it was ignored. */
-return host->address ? HOST_FOUND : HOST_IGNORED;
+return host->address
+ ? HOST_FOUND
+ : dnssec_fail
+ ? HOST_FIND_SECURITY
+ : HOST_IGNORED;
}
if there was a syntax error,
host_find_failed_syntax is set.
HOST_FIND_AGAIN Could not resolve at this time
+ HOST_FIND_SECURITY dnsssec required but not acheived
HOST_FOUND Host found
HOST_FOUND_LOCAL The lowest MX record points to this
machine, if MX records were found, or
records. On DNS failures, we give the "try again" error unless the domain is
listed as one for which we continue. */
-if (rc != DNS_SUCCEED && (whichrrs & HOST_FIND_BY_MX) != 0)
+if (rc != DNS_SUCCEED && whichrrs & HOST_FIND_BY_MX)
{
ind_type = T_MX;
dnssec = DS_UNK;
rc = dns_lookup_timerwrap(&dnsa, host->name, ind_type, fully_qualified_name);
DEBUG(D_dns)
- if ((dnssec_request || dnssec_require)
- & !dns_is_secure(&dnsa)
- & dns_is_aa(&dnsa))
+ if ( (dnssec_request || dnssec_require)
+ && !dns_is_secure(&dnsa)
+ && dns_is_aa(&dnsa))
debug_printf("DNS lookup of %.256s (MX) requested AD, but got AA\n", host->name);
if (dnssec_request)
- {
if (dns_is_secure(&dnsa))
{
DEBUG(D_host_lookup) debug_printf("%s MX DNSSEC\n", host->name);
{
dnssec = DS_NO; lookup_dnssec_authenticated = US"no";
}
- }
switch (rc)
{
case DNS_SUCCEED:
if (!dnssec_require || dns_is_secure(&dnsa))
break;
- log_write(L_host_lookup_failed, LOG_MAIN,
- "dnssec fail on MX for %.256s", host->name);
+ DEBUG(D_host_lookup)
+ debug_printf("dnssec fail on MX for %.256s", host->name);
+#ifndef STAND_ALONE
+ if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL,
+ MCL_DOMAIN, TRUE, NULL) != OK)
+ { yield = HOST_FIND_SECURITY; goto out; }
+#endif
rc = DNS_FAIL;
/*FALLTHROUGH*/
case DNS_FAIL:
case DNS_AGAIN:
- #ifndef STAND_ALONE
+#ifndef STAND_ALONE
if (match_isinlist(host->name, CUSS &mx_fail_domains, 0, NULL, NULL,
MCL_DOMAIN, TRUE, NULL) != OK)
- #endif
+#endif
{ yield = HOST_FIND_AGAIN; goto out; }
DEBUG(D_host_lookup) debug_printf("DNS_%s treated as DNS_NODATA "
"(domain in mx_fail_domains)\n", (rc == DNS_FAIL)? "FAIL":"AGAIN");
if (rc != HOST_FOUND)
{
h->status = hstatus_unusable;
- if (rc == HOST_FIND_AGAIN)
+ switch (rc)
{
- yield = rc;
- h->why = hwhy_deferred;
+ case HOST_FIND_AGAIN:
+ yield = rc; h->why = hwhy_deferred; break;
+ case HOST_FIND_SECURITY:
+ yield = rc; h->why = hwhy_insecure; break;
+ case HOST_IGNORED:
+ h->why = hwhy_ignored; break;
+ default:
+ h->why = hwhy_failed; break;
}
- else
- h->why = rc == HOST_IGNORED ? hwhy_ignored : hwhy_failed;
}
}
exist. If we end up with just a single, ignored host, flatten its fields as if
nothing was found. */
-if (ignore_target_hosts != NULL)
+if (ignore_target_hosts)
{
host_item *prev = NULL;
for (h = host; h != last->next; h = h->next)
addresses of a multihomed host, but that should not matter. */
#if HAVE_IPV6
-if (h != last && !disable_ipv6)
+if (h != last && !disable_ipv6) for (h = host; h != last; h = h->next)
{
- for (h = host; h != last; h = h->next)
- {
- host_item temp;
- host_item *next = h->next;
- if (h->mx != next->mx || /* If next is different MX */
- h->address == NULL || /* OR this one is unset */
- Ustrchr(h->address, ':') != NULL || /* OR this one is IPv6 */
- (next->address != NULL &&
- Ustrchr(next->address, ':') == NULL)) /* OR next is IPv4 */
- continue; /* move on to next */
- temp = *h; /* otherwise, swap */
- temp.next = next->next;
- *h = *next;
- h->next = next;
- *next = temp;
- }
+ host_item temp;
+ host_item *next = h->next;
+
+ if (h->mx != next->mx || /* If next is different MX */
+ h->address == NULL || /* OR this one is unset */
+ Ustrchr(h->address, ':') != NULL || /* OR this one is IPv6 */
+ (next->address != NULL &&
+ Ustrchr(next->address, ':') == NULL)) /* OR next is IPv4 */
+ continue; /* move on to next */
+ temp = *h; /* otherwise, swap */
+ temp.next = next->next;
+ *h = *next;
+ h->next = next;
+ *next = temp;
}
#endif
debug_printf("host_find_bydns yield = %s (%d); returned hosts:\n",
(yield == HOST_FOUND)? "HOST_FOUND" :
(yield == HOST_FOUND_LOCAL)? "HOST_FOUND_LOCAL" :
+ (yield == HOST_FIND_SECURITY)? "HOST_FIND_SECURITY" :
(yield == HOST_FIND_AGAIN)? "HOST_FIND_AGAIN" :
(yield == HOST_FIND_FAILED)? "HOST_FIND_FAILED" : "?",
yield);
else if (Ustrcmp(buffer, "request_dnssec") == 0) request_dnssec = TRUE;
else if (Ustrcmp(buffer, "no_request_dnssec") == 0) request_dnssec = FALSE;
else if (Ustrcmp(buffer, "require_dnssec") == 0) require_dnssec = TRUE;
- else if (Ustrcmp(buffer, "no_reqiret_dnssec") == 0) require_dnssec = FALSE;
+ else if (Ustrcmp(buffer, "no_require_dnssec") == 0) require_dnssec = FALSE;
else if (Ustrcmp(buffer, "test_harness") == 0)
running_in_test_harness = !running_in_test_harness;
else if (Ustrcmp(buffer, "ipv6") == 0) disable_ipv6 = !disable_ipv6;
: host_find_bydns(&h, NULL, flags, US"smtp", NULL, NULL,
&d, &fully_qualified_name, NULL);
- if (rc == HOST_FIND_FAILED) printf("Failed\n");
- else if (rc == HOST_FIND_AGAIN) printf("Again\n");
- else if (rc == HOST_FOUND_LOCAL) printf("Local\n");
+ switch (rc)
+ {
+ case HOST_FIND_FAILED: printf("Failed\n"); break;
+ case HOST_FIND_AGAIN: printf("Again\n"); break;
+ case HOST_FIND_SECURITY: printf("Security\n"); break;
+ case HOST_FOUND_LOCAL: printf("Local\n"); break;
+ }
}
printf("\n> ");
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions for doing things with sockets. With the advent of IPv6 this has
got messier, so that it's worth pulling out the code into separate functions
-that other parts of Exim can call, expecially as there are now several
+that other parts of Exim can call, especially as there are now several
different places in the code where sockets are used. */
host_item shost;
host_item *h;
int af = 0, fd, fd4 = -1, fd6 = -1;
+BOOL fastopen = tcp_fastopen_ok && type == SOCK_STREAM;
shost.next = NULL;
shost.address = NULL;
}
for(port = portlo; port <= porthi; port++)
- if (ip_connect(fd, af, h->address, port, timeout, type == SOCK_STREAM) == 0)
+ if (ip_connect(fd, af, h->address, port, timeout, fastopen) == 0)
{
if (fd != fd6) close(fd6);
if (fd != fd4) close(fd4);
/* Entries in lists options are in this form. */
typedef struct {
- const char *name;
+ const char *name; /* should have been uschar but too late now */
int type;
void *value;
} optionlist;
denied.
Avoid actually writing to the logs when exim is called with -bv or -bt to
-test an address, but take other actions, such as panicing.
+test an address, but take other actions, such as panicking.
In Exim proper, the buffer for building the message is got at start-up, so that
nothing gets done if it can't be got. However, some functions that are also
int, /* length of key or query */
uschar **, /* for returning answer */
uschar **, /* for error message */
- uint *); /* cache TTL, sconds */
+ uint *); /* cache TTL, seconds */
void (*close)( /* close function */
void *); /* handle */
void (*tidy)(void); /* tidy function */
* cdb.[ch] it does *not* link against an external cdb library.
*
*
- * There are 2 varients included within this code. One uses MMAP and
+ * There are 2 variants included within this code. One uses MMAP and
* should give better performance especially for multiple lookups on a
* modern machine. The other is the default implementation which is
* used in the case where the MMAP fails or if MMAP was not compiled
/*
* cdb_bread()
- * Internal function to parse 4 byte number (endian independant) */
+ * Internal function to parse 4 byte number (endian independent) */
static uint32
cdb_unpack(uschar *buf)
while (tend > keystring && isspace(tend[-1])) tend--;
len = tend - keystring;
- for (i = 0; i < sizeof(type_names)/sizeof(uschar *); i++)
- {
+ for (i = 0; i < nelem(type_names); i++)
if (len == Ustrlen(type_names[i]) &&
strncmpic(keystring, US type_names[i], len) == 0)
{
type = type_values[i];
break;
}
- }
- if (i >= sizeof(type_names)/sizeof(uschar *))
+ if (i >= nelem(type_names))
{
*errmsg = US"unsupported DNS record type";
return DEFER;
}
} /* Loop for list of returned records */
- /* Loop for set of A-lookupu types */
+ /* Loop for set of A-lookup types */
} while (type == T_ADDRESSES && searchtype != T_A);
} /* Loop for list of domains */
if (stmth != NULL)
isc_dsql_free_statement(status, &stmth, DSQL_drop);
-/* Non-NULL result indicates a sucessful result */
+/* Non-NULL result indicates a successful result */
if (result != NULL) {
*resultptr = result;
/* See the file NOTICE for conditions of use and distribution. */
/* Many thanks to Stuart Lynne for contributing the original code for this
-driver. Further contibutions from Michael Haardt, Brian Candler, Barry
+driver. Further contributions from Michael Haardt, Brian Candler, Barry
Pederson, Peter Savitch and Christian Kellner. Particular thanks to Brian for
researching how to handle the different kinds of error. */
{
DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
(lcp->bound)? "re-" : "", user, password);
- if (eldap_start_tls && !lcp->is_start_tls_called)
+ if (eldap_start_tls && !lcp->is_start_tls_called && !ldapi)
{
#if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS)
/* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this.
if ((ret = mdb_env_open(db_env, CS filename, MDB_NOSUBDIR|MDB_RDONLY, 0660)))
{
- errstr = US"open environment";
+ errstr = string_sprintf("open environment with %s", filename);
goto bad;
}
if (mysql_result != NULL) mysql_free_result(mysql_result);
-/* Non-NULL result indicates a sucessful result */
+/* Non-NULL result indicates a successful result */
if (result != NULL)
{
ORACLE_EXIT_NO_VALS:
-/* Non-NULL result indicates a sucessful result */
+/* Non-NULL result indicates a successful result */
if (result != NULL)
{
hide pgsql_servers = (/tmp/.s.PGSQL.5432)/db/user/password[:<nextserver>]
We enclose the path name in parentheses so that its slashes aren't visually
-confused with the delimeters for the other pgsql_server settings.
+confused with the delimiters for the other pgsql_server settings.
For TCP/IP connections, the server is a host name and optional port (with a
colon separator).
if (pg_result != NULL) PQclear(pg_result);
-/* Non-NULL result indicates a sucessful result */
+/* Non-NULL result indicates a successful result */
if (result != NULL)
{
if (redis_reply) freeReplyObject(redis_reply);
-/* Non-NULL result indicates a sucessful result */
+/* Non-NULL result indicates a successful result */
if (result)
{
#define BIT_TEST(s,z,n) (((s)[BITWORD(n)] & BITMASK(n)) != 0)
/* Used in globals.c for initializing bit_table structures. T will be either
-D or L correspondong to the debug and log selector bits declared below. */
+D or L corresponding to the debug and log selector bits declared below. */
#define BIT_TABLE(T,name) { US #name, T##i_##name }
/* Reasons why a host is unusable (for clearer log messages) */
-enum { hwhy_unknown, hwhy_retry, hwhy_failed, hwhy_deferred, hwhy_ignored };
+enum { hwhy_unknown, hwhy_retry, hwhy_insecure, hwhy_failed, hwhy_deferred,
+ hwhy_ignored };
/* Domain lookup types for routers */
enum {
HOST_FIND_FAILED, /* failed to find the host */
HOST_FIND_AGAIN, /* could not resolve at this time */
+ HOST_FIND_SECURITY, /* dnssec required but not acheived */
HOST_FOUND, /* found host */
HOST_FOUND_LOCAL, /* found, but MX points to local host */
HOST_IGNORED /* found but ignored - used internally only */
#define topt_add_delivery_date 0x002
#define topt_add_envelope_to 0x004
#define topt_use_crlf 0x008 /* Terminate lines with CRLF */
-#define topt_end_dot 0x010 /* Send terminting dot line */
+#define topt_end_dot 0x010 /* Send terminating dot line */
#define topt_no_headers 0x020 /* Omit headers */
#define topt_no_body 0x040 /* Omit body */
#define topt_escape_headers 0x080 /* Apply escape check to headers */
#define PEER_OFFERED_SIZE BIT(6)
#define PEER_OFFERED_CHUNKING BIT(7)
+/* Argument for *_getc */
+
+#define GETC_BUFFER_UNLIMITED UINT_MAX
+
+/* UTF-8 chars for line-drawing */
+
+#define UTF8_DOWN_RIGHT "\xE2\x94\x8c"
+#define UTF8_HORIZ "\xE2\x94\x80"
+#define UTF8_VERT_RIGHT "\xE2\x94\x9C"
+#define UTF8_UP_RIGHT "\xE2\x94\x94"
+#define UTF8_VERT_2DASH "\xE2\x95\x8E"
+
+
/* End of macros.h */
#ifdef WITH_CONTENT_SCAN
typedef enum {M_FPROTD, M_DRWEB, M_AVES, M_FSEC, M_KAVD, M_CMDL,
- M_SOPHIE, M_CLAMD, M_SOCK, M_MKSD, M_AVAST} scanner_t;
+ M_SOPHIE, M_CLAMD, M_SOCK, M_MKSD, M_AVAST, M_FPROT6D} scanner_t;
typedef enum {MC_NONE, MC_TCP, MC_UNIX, MC_STRM} contype_t;
static struct scan
{
{ M_SOCK, US"sock", US"/tmp/malware.sock", MC_STRM },
{ M_MKSD, US"mksd", NULL, MC_NONE },
{ M_AVAST, US"avast", US"/var/run/avast/scan.sock", MC_STRM },
+ { M_FPROT6D, US"f-prot6d", US"localhost 10200", MC_TCP },
{ -1, NULL, NULL, MC_NONE } /* end-marker */
};
static const pcre * ava_re_clean = NULL;
static const pcre * ava_re_virus = NULL;
+static const uschar * fprot6d_re_error_str = US "^\\d+\\s<(.+?)>$";
+static const uschar * fprot6d_re_virus_str = US "^\\d+\\s<infected:\\s+(.+?)>\\s+.+$";
+static const pcre * fprot6d_re_error = NULL;
+static const pcre * fprot6d_re_virus = NULL;
+
/******************************************************************************/
}
if (!ok)
{
- DEBUG(D_acl) debug_printf("Malware scan: read %s (%s)\n",
+ DEBUG(D_acl) debug_printf_indent("Malware scan: read %s (%s)\n",
rcv==0 ? "EOF" : "error", strerror(errno));
return rcv==0 ? -1 : -2;
}
*p = '\0';
-DEBUG(D_acl) debug_printf("Malware scan: read '%s'\n", buffer);
+DEBUG(D_acl) debug_printf_indent("Malware scan: read '%s'\n", buffer);
return p - buffer;
}
expand_string_message));
DEBUG(D_acl)
- debug_printf("Expanded av_scanner global: %s\n", av_scanner_work);
+ debug_printf_indent("Expanded av_scanner global: %s\n", av_scanner_work);
/* disable result caching in this case */
malware_name = NULL;
malware_ok = FALSE;
break;
switch(scanent->conn)
{
- case MC_TCP: sock = ip_tcpsocket(scanner_options, &errstr, 5); break;
- case MC_UNIX: sock = ip_unixsocket(scanner_options, &errstr); break;
+ case MC_TCP: sock = ip_tcpsocket(scanner_options, &errstr, 5); break;
+ case MC_UNIX: sock = ip_unixsocket(scanner_options, &errstr); break;
case MC_STRM: sock = ip_streamsocket(scanner_options, &errstr, 5); break;
default: /* compiler quietening */ break;
}
return m_errlog_defer(scanent, CUS callout_address, errstr);
break;
}
- DEBUG(D_acl) debug_printf("Malware scan: %s tmo %s\n", scanner_name, readconf_printtime(timeout));
+ DEBUG(D_acl) debug_printf_indent("Malware scan: %s tmo %s\n", scanner_name, readconf_printtime(timeout));
switch (scanent->scancode)
{
par_count++;
}
scanrequest = string_sprintf("%s HTTP/1.0\r\n\r\n", scanrequest);
- DEBUG(D_acl) debug_printf("Malware scan: issuing %s: %s\n",
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s: %s\n",
scanner_name, scanrequest);
/* send scan request */
drweb_slen = htonl(fsize);
lseek(drweb_fd, 0, SEEK_SET);
- DEBUG(D_acl) debug_printf("Malware scan: issuing %s remote scan [%s]\n",
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s remote scan [%s]\n",
scanner_name, scanner_options);
/* send scan request */
{
drweb_slen = htonl(Ustrlen(eml_filename));
- DEBUG(D_acl) debug_printf("Malware scan: issuing %s local scan [%s]\n",
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s local scan [%s]\n",
scanner_name, scanner_options);
/* send scan request */
eml_filename);
/* and send it */
- DEBUG(D_acl) debug_printf("Malware scan: issuing %s %s\n",
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s %s\n",
scanner_name, buf);
if (m_sock_send(sock, buf, Ustrlen(buf), &errstr) < 0)
return m_errlog_defer(scanent, CUS callout_address, errstr);
malware_name = NULL;
- DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan [%s]\n",
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s scan [%s]\n",
scanner_name, scanner_options);
/* pass options */
memset(av_buffer, 0, sizeof(av_buffer));
if (p)
*p = '\0';
- DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan [%s]\n",
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s scan [%s]\n",
scanner_name, scanner_options);
/* send scan request */
US"reported 'kavdaemon damaged' (code 7).", sock);
}
- /* code 8 is not handled, since it is ambigous. It appears mostly on
+ /* code 8 is not handled, since it is ambiguous. It appears mostly on
bounces where part of a file has been cut off */
/* "virus found" return codes (2-4) */
/* redirect STDERR too */
commandline = string_sprintf("%s 2>&1", commandline);
- DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan [%s]\n",
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s scan [%s]\n",
scanner_name, commandline);
/* store exims signal handlers */
if ((p = Ustrrchr(file_name, '/')))
*p = '\0';
- DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan [%s]\n",
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s scan [%s]\n",
scanner_name, scanner_options);
if ( write(sock, file_name, Ustrlen(file_name)) < 0
int i = random_number( num_servers );
clamd_address * cd = cv[i];
- DEBUG(D_acl) debug_printf("trying server name %s, port %u\n",
+ DEBUG(D_acl) debug_printf_indent("trying server name %s, port %u\n",
cd->hostspec, cd->tcp_port);
/* Lookup the host. This is to ensure that we connect to the same IP
* that port on a second connection; then in the scan-method-neutral
* part, read the response back on the original connection. */
- DEBUG(D_acl) debug_printf(
+ DEBUG(D_acl) debug_printf_indent(
"Malware scan: issuing %s old-style remote scan (PORT)\n",
scanner_name);
chunks, <n> a 4-byte number (network order), terminated by a zero-length
chunk. */
- DEBUG(D_acl) debug_printf(
+ DEBUG(D_acl) debug_printf_indent(
"Malware scan: issuing %s new-style remote scan (zINSTREAM)\n",
scanner_name);
/* Pass the string to ClamAV (7 = "SCAN \n" + \0) */
file_name = string_sprintf("SCAN %s\n", eml_filename);
- DEBUG(D_acl) debug_printf(
+ DEBUG(D_acl) debug_printf_indent(
"Malware scan: issuing %s local-path scan [%s]\n",
scanner_name, scanner_options);
p = av_buffer + Ustrlen(av_buffer) - 1;
if (*p == '\n') *p = '\0';
- DEBUG(D_acl) debug_printf("Malware response: %s\n", av_buffer);
+ DEBUG(D_acl) debug_printf_indent("Malware response: %s\n", av_buffer);
while (isspace(*--p) && (p > av_buffer))
*p = '\0';
*p = '\0';
}
malware_name = string_copy(vname);
- DEBUG(D_acl) debug_printf("Malware found, name \"%s\"\n", malware_name);
+ DEBUG(D_acl) debug_printf_indent("Malware found, name \"%s\"\n", malware_name);
}
else if (Ustrcmp(result_tag, "ERROR") == 0)
{
/* Everything should be OK */
malware_name = NULL;
- DEBUG(D_acl) debug_printf("Malware not found\n");
+ DEBUG(D_acl) debug_printf_indent("Malware not found\n");
}
else
malware_name = NULL;
- DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan\n", scanner_name);
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s scan\n", scanner_name);
if ((retval = mksd_scan_packed(scanent, sock, eml_filename, tmo)) != OK)
{
int slen = Ustrlen(buf);
if (slen >= 1)
{
- DEBUG(D_acl) debug_printf("got from avast: %s\n", buf);
+ DEBUG(D_acl) debug_printf_indent("got from avast: %s\n", buf);
switch (avast_stage)
{
case AVA_HELO:
sock);
default: break;
}
+ break;
}
+
+ case M_FPROT6D: /* "f-prot6d" scanner type ----------------------------------- */
+ {
+ int bread;
+ uschar * e;
+ uschar * linebuffer;
+ uschar * scanrequest;
+ uschar av_buffer[1024];
+
+ if ((!fprot6d_re_virus && !(fprot6d_re_virus = m_pcre_compile(fprot6d_re_virus_str, &errstr)))
+ || (!fprot6d_re_error && !(fprot6d_re_error = m_pcre_compile(fprot6d_re_error_str, &errstr))))
+ return malware_errlog_defer(errstr);
+
+ scanrequest = string_sprintf("SCAN FILE %s\n", eml_filename);
+ DEBUG(D_acl) debug_printf_indent("Malware scan: issuing %s: %s\n",
+ scanner_name, scanrequest);
+
+ if (m_sock_send(sock, scanrequest, Ustrlen(scanrequest), &errstr) < 0)
+ return m_errlog_defer(scanent, CUS callout_address, errstr);
+
+ bread = ip_recv(sock, av_buffer, sizeof(av_buffer), tmo-time(NULL));
+
+ if (bread <= 0)
+ return m_errlog_defer_3(scanent, CUS callout_address,
+ string_sprintf("unable to read from socket (%s)", strerror(errno)),
+ sock);
+
+ if (bread == sizeof(av_buffer))
+ return m_errlog_defer_3(scanent, CUS callout_address,
+ US"buffer too small", sock);
+
+ av_buffer[bread] = '\0';
+ linebuffer = string_copy(av_buffer);
+
+ m_sock_send(sock, US"QUIT\n", 5, 0);
+
+ if ((e = m_pcre_exec(fprot6d_re_error, linebuffer)))
+ return m_errlog_defer_3(scanent, CUS callout_address,
+ string_sprintf("scanner reported error (%s)", e), sock);
+
+ if (!(malware_name = m_pcre_exec(fprot6d_re_virus, linebuffer)))
+ malware_name = NULL;
+
break;
+ } /* f-prot6d */
} /* scanner type switch */
if (sock >= 0)
/* match virus name against pattern (caseless ------->----------v) */
if (malware_name && regex_match_and_setup(re, malware_name, 0, -1))
{
- DEBUG(D_acl) debug_printf(
+ DEBUG(D_acl) debug_printf_indent(
"Matched regex to malware [%s] [%s]\n", malware_re, malware_name);
return OK;
}
ava_re_clean = regex_must_compile(ava_re_clean_str, FALSE, TRUE);
if (!ava_re_virus)
ava_re_virus = regex_must_compile(ava_re_virus_str, FALSE, TRUE);
+if (!fprot6d_re_error)
+ fprot6d_re_error = regex_must_compile(fprot6d_re_error_str, FALSE, TRUE);
+if (!fprot6d_re_virus)
+ fprot6d_re_virus = regex_must_compile(fprot6d_re_virus_str, FALSE, TRUE);
}
#endif /*WITH_CONTENT_SCAN*/
uschar * val = NULL;
int size = 0, ptr = 0;
-/* debug_printf(" considering paramval '%s'\n", s); */
+/* debug_printf_indent(" considering paramval '%s'\n", s); */
while (*s && *s != ';') /* ; terminates */
if (*s == '"')
if (!fgets(CS header, MIME_MAX_HEADER_SIZE, f))
{
/* Hit EOF or read error. Ugh. */
- DEBUG(D_acl) debug_printf("MIME: Hit EOF ...\n");
+ DEBUG(D_acl) debug_printf_indent("MIME: Hit EOF ...\n");
return rc;
}
if (Ustrncmp((header+2+Ustrlen(context->boundary)), "--", 2) == 0)
{
/* END boundary found */
- DEBUG(D_acl) debug_printf("MIME: End boundary found %s\n",
+ DEBUG(D_acl) debug_printf_indent("MIME: End boundary found %s\n",
context->boundary);
return rc;
}
- DEBUG(D_acl) debug_printf("MIME: Next part with boundary %s\n",
+ DEBUG(D_acl) debug_printf_indent("MIME: Next part with boundary %s\n",
context->boundary);
break;
}
for (q = p; *q != ';' && *q; q++) ;
*mh->value = string_copynlc(p, q-p);
- DEBUG(D_acl) debug_printf("MIME: found %s header, value is '%s'\n",
+ DEBUG(D_acl) debug_printf_indent("MIME: found %s header, value is '%s'\n",
mh->name, *mh->value);
if (*(p = q)) p++; /* jump past the ; */
{
mime_parameter * mp;
- DEBUG(D_acl) debug_printf("MIME: considering paramlist '%s'\n", p);
+ DEBUG(D_acl) debug_printf_indent("MIME: considering paramlist '%s'\n", p);
if ( !mime_filename
&& strncmpic(CUS"content-disposition:", header, 20) == 0
else
p = q;
- DEBUG(D_acl) debug_printf("MIME: charset %s fname '%s'\n",
+ DEBUG(D_acl) debug_printf_indent("MIME: charset %s fname '%s'\n",
mime_filename_charset ? mime_filename_charset : US"<NULL>", p);
temp_string = rfc2231_to_2047(p, mime_filename_charset, &slen);
- DEBUG(D_acl) debug_printf("MIME: 2047-name %s\n", temp_string);
+ DEBUG(D_acl) debug_printf_indent("MIME: 2047-name %s\n", temp_string);
temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ',
NULL, &err_msg);
- DEBUG(D_acl) debug_printf("MIME: plain-name %s\n", temp_string);
+ DEBUG(D_acl) debug_printf_indent("MIME: plain-name %s\n", temp_string);
size = Ustrlen(temp_string);
? rfc2047_decode(q, check_rfc2047_length, NULL, 32, NULL,
&dummy_errstr)
: NULL;
- DEBUG(D_acl) debug_printf(
+ DEBUG(D_acl) debug_printf_indent(
"MIME: found %s parameter in %s header, value '%s'\n",
mp->name, mh->name, *mp->value);
{
if (decoding_failed) mime_filename = mime_fname_rfc2231;
- DEBUG(D_acl) debug_printf(
+ DEBUG(D_acl) debug_printf_indent(
"MIME: found %s parameter in %s header, value is '%s'\n",
"filename", mh->name, mime_filename);
}
(Ustrncmp(mime_content_type,"multipart",9) == 0) )
{
DEBUG(D_acl)
- debug_printf("MIME: Entering multipart recursion, boundary '%s'\n",
+ debug_printf_indent("MIME: Entering multipart recursion, boundary '%s'\n",
nested_context.boundary);
nested_context.context =
if (!size) size = PATH_MAX;
if (!b && !(b = malloc(size))) return NULL;
if (!(b = getcwd(b, size))) return NULL;
-return realloc(b, strlen(b) + 1);
+return buffer ? buffer : realloc(b, strlen(b) + 1);
}
#endif
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions for parsing addresses */
make it possible to ignore comments at the end of compound items.
Argument: current character pointer
-Regurns: new character pointer
+Returns: new character pointer
*/
static uschar *
while (*s != '<' && (!parse_allow_group || *s != ':'))
{
s = read_local_part(s, t, errorptr, FALSE);
- if (*errorptr != NULL)
+ if (*errorptr)
{
*errorptr = string_sprintf("%s (expected word or \"<\")", *errorptr);
goto PARSE_FAILED;
used after reading a preceding phrase.
There are a lot of broken sendmails out there that put additional pairs of <>
-round <route-addr>s. If strip_excess_angle_brackets is set, allow any number of
-them, as long as they match. */
+round <route-addr>s. If strip_excess_angle_brackets is set, allow a limited
+number of them, as long as they match. */
if (*s == '<')
{
int bracket_count = 1;
s++;
- if (strip_excess_angle_brackets)
- while (*s == '<') { bracket_count++; s++; }
+ if (strip_excess_angle_brackets) while (*s == '<')
+ {
+ if(bracket_count++ > 5) FAILED(US"angle-brackets nested too deep");
+ s++;
+ }
t = yield;
startptr = s;
if (*s == '@')
{
s = read_route(s, t, errorptr);
- if (*errorptr != NULL) goto PARSE_FAILED;
+ if (*errorptr) goto PARSE_FAILED;
*t = 0; /* Ensure route is ignored - probably overkill */
source_routed = TRUE;
}
else
{
s = read_addr_spec(s, t, '>', errorptr, &domainptr);
- if (*errorptr != NULL) goto PARSE_FAILED;
+ if (*errorptr) goto PARSE_FAILED;
*domain = domainptr - yield;
if (source_routed && *domain == 0)
FAILED(US"domain missing in source-routed address");
if (*errorptr != NULL) goto PARSE_FAILED;
while (bracket_count-- > 0) if (*s++ != '>')
{
- *errorptr = (s[-1] == 0)? US"'>' missing at end of address" :
- string_sprintf("malformed address: %.32s may not follow %.*s",
- s-1, s - (uschar *)mailbox - 1, mailbox);
+ *errorptr = s[-1] == 0
+ ? US"'>' missing at end of address"
+ : string_sprintf("malformed address: %.32s may not follow %.*s",
+ s-1, s - (uschar *)mailbox - 1, mailbox);
goto PARSE_FAILED;
}
* PDKIM - a RFC4871 (DKIM) implementation
*
* Copyright (C) 2009 - 2016 Tom Kistner <tom@duncanthrax.net>
- * Copyright (C) 2016 Jeremy Harris <jgh@exim.org>
+ * Copyright (C) 2016 - 2017 Jeremy Harris <jgh@exim.org>
*
* http://duncanthrax.net/pdkim/
*
}
}
-const char *
+const uschar *
pdkim_errstr(int status)
{
switch(status)
{
- case PDKIM_OK: return "OK";
- case PDKIM_FAIL: return "FAIL";
- case PDKIM_ERR_RSA_PRIVKEY: return "RSA_PRIVKEY";
- case PDKIM_ERR_RSA_SIGNING: return "RSA SIGNING";
- case PDKIM_ERR_LONG_LINE: return "RSA_LONG_LINE";
- case PDKIM_ERR_BUFFER_TOO_SMALL: return "BUFFER_TOO_SMALL";
- case PDKIM_SIGN_PRIVKEY_WRAP: return "PRIVKEY_WRAP";
- case PDKIM_SIGN_PRIVKEY_B64D: return "PRIVKEY_B64D";
+ case PDKIM_OK: return US"OK";
+ case PDKIM_FAIL: return US"FAIL";
+ case PDKIM_ERR_RSA_PRIVKEY: return US"RSA_PRIVKEY";
+ case PDKIM_ERR_RSA_SIGNING: return US"RSA SIGNING";
+ case PDKIM_ERR_LONG_LINE: return US"RSA_LONG_LINE";
+ case PDKIM_ERR_BUFFER_TOO_SMALL: return US"BUFFER_TOO_SMALL";
+ case PDKIM_SIGN_PRIVKEY_WRAP: return US"PRIVKEY_WRAP";
+ case PDKIM_SIGN_PRIVKEY_B64D: return US"PRIVKEY_B64D";
default: return "(unknown)";
}
}
pdkim_hexprint(const uschar *data, int len)
{
int i;
-for (i = 0 ; i < len; i++) debug_printf("%02x", data[i]);
+if (data) for (i = 0 ; i < len; i++) debug_printf("%02x", data[i]);
+else debug_printf("<NULL>");
debug_printf("\n");
}
static pdkim_signature *
pdkim_parse_sig_header(pdkim_ctx *ctx, uschar * raw_hdr)
{
-pdkim_signature *sig ;
+pdkim_signature * sig;
uschar *p, *q;
uschar * cur_tag = NULL; int ts = 0, tl = 0;
uschar * cur_val = NULL; int vs = 0, vl = 0;
switch (*cur_tag)
{
case 'b':
- if (cur_tag[1] == 'h')
- pdkim_decode_base64(cur_val, &sig->bodyhash);
- else
- pdkim_decode_base64(cur_val, &sig->sigdata);
+ pdkim_decode_base64(cur_val,
+ cur_tag[1] == 'h' ? &sig->bodyhash : &sig->sighash);
break;
case 'v':
/* We only support version 1, and that is currently the
"PDKIM >> Raw signature w/o b= tag value >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
pdkim_quoteprint(US sig->rawsig_no_b_val, Ustrlen(sig->rawsig_no_b_val));
debug_printf(
- "PDKIM >> Sig size: %4u bits\n", (unsigned) sig->sigdata.len*8);
+ "PDKIM >> Sig size: %4u bits\n", (unsigned) sig->sighash.len*8);
debug_printf(
"PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
}
-exim_sha_init(&sig->body_hash, sig->algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256);
+if (!exim_sha_init(&sig->body_hash_ctx,
+ sig->algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256))
+ {
+ DEBUG(D_acl) debug_printf("PDKIM: hash init internal error\n");
+ return NULL;
+ }
return sig;
}
/* -------------------------------------------------------------------------- */
static int
-pdkim_update_bodyhash(pdkim_ctx *ctx, const char *data, int len)
+pdkim_update_bodyhash(pdkim_ctx * ctx, const char * data, int len)
{
-pdkim_signature *sig = ctx->sig;
-/* Cache relaxed version of data */
-uschar *relaxed_data = NULL;
-int relaxed_len = 0;
+pdkim_signature * sig;
+uschar * relaxed_data = NULL; /* Cache relaxed version of data */
+int relaxed_len = 0;
/* Traverse all signatures, updating their hashes. */
-while (sig)
+for (sig = ctx->sig; sig; sig = sig->next)
{
/* Defaults to simple canon (no further treatment necessary) */
const uschar *canon_data = CUS data;
if (canon_len > 0)
{
- exim_sha_update(&sig->body_hash, CUS canon_data, canon_len);
+ exim_sha_update(&sig->body_hash_ctx, CUS canon_data, canon_len);
sig->signed_body_bytes += canon_len;
DEBUG(D_acl) pdkim_quoteprint(canon_data, canon_len);
}
-
- sig = sig->next;
}
if (relaxed_data) store_free(relaxed_data);
{ /* Finish hashes */
blob bh;
- exim_sha_finish(&sig->body_hash, &bh);
+ exim_sha_finish(&sig->body_hash_ctx, &bh);
DEBUG(D_acl)
{
sig->bodylength = -1;
}
- /* VERIFICATION --------------------------------------------------------- */
else
- {
- /* Compare bodyhash */
- if (memcmp(bh.data, sig->bodyhash.data, bh.len) == 0)
+ /* VERIFICATION --------------------------------------------------------- */
+ /* Be careful that the header sig included a bodyash */
+
+ if (sig->bodyhash.data && memcmp(bh.data, sig->bodyhash.data, bh.len) == 0)
{
DEBUG(D_acl) debug_printf("PDKIM [%s] Body hash verified OK\n", sig->domain);
}
DEBUG(D_acl)
{
debug_printf("PDKIM [%s] Body hash signature from headers: ", sig->domain);
- pdkim_hexprint(sig->bodyhash.data,
- exim_sha_hashlen(&sig->body_hash));
+ pdkim_hexprint(sig->bodyhash.data, sig->bodyhash.len);
debug_printf("PDKIM [%s] Body hash did NOT verify\n", sig->domain);
}
sig->verify_status = PDKIM_VERIFY_FAIL;
sig->verify_ext_status = PDKIM_VERIFY_FAIL_BODY;
}
- }
}
}
/* Terminate on EOD marker */
if (ctx->flags & PDKIM_DOT_TERM)
{
- if ( memcmp(p, ".\r\n", 3) == 0)
+ if (memcmp(p, ".\r\n", 3) == 0)
return pdkim_body_complete(ctx);
/* Unstuff dots */
#define DKIM_SIGNATURE_HEADERNAME "DKIM-Signature:"
static int
-pdkim_header_complete(pdkim_ctx *ctx)
+pdkim_header_complete(pdkim_ctx * ctx)
{
+pdkim_signature * sig, * last_sig;
+
/* Special case: The last header can have an extra \r appended */
if ( (ctx->cur_header_len > 1) &&
(ctx->cur_header[(ctx->cur_header_len)-1] == '\r') )
--ctx->cur_header_len;
ctx->cur_header[ctx->cur_header_len] = '\0';
-ctx->num_headers++;
-if (ctx->num_headers > PDKIM_MAX_HEADERS) goto BAIL;
+if (++ctx->num_headers > PDKIM_MAX_HEADERS) goto BAIL;
/* SIGNING -------------------------------------------------------------- */
if (ctx->flags & PDKIM_MODE_SIGN)
- {
- pdkim_signature *sig;
-
for (sig = ctx->sig; sig; sig = sig->next) /* Traverse all signatures */
/* Add header to the signed headers list (in reverse order) */
sig->headers = pdkim_prepend_stringlist(sig->headers,
ctx->cur_header);
- }
/* VERIFICATION ----------------------------------------------------------- */
/* DKIM-Signature: headers are added to the verification list */
else
{
+#ifdef notdef
+ DEBUG(D_acl)
+ {
+ debug_printf("PDKIM >> raw hdr: ");
+ pdkim_quoteprint(CUS ctx->cur_header, ctx->cur_header_len);
+ }
+#endif
if (strncasecmp(CCS ctx->cur_header,
DKIM_SIGNATURE_HEADERNAME,
Ustrlen(DKIM_SIGNATURE_HEADERNAME)) == 0)
{
- pdkim_signature *new_sig;
+ /* Create and chain new signature block. We could error-check for all
+ required tags here, but prefer to create the internal sig and expicitly
+ fail verification of it later. */
- /* Create and chain new signature block */
DEBUG(D_acl) debug_printf(
"PDKIM >> Found sig, trying to parse >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
- if ((new_sig = pdkim_parse_sig_header(ctx, ctx->cur_header)))
+ sig = pdkim_parse_sig_header(ctx, ctx->cur_header);
+
+ if (!(last_sig = ctx->sig))
+ ctx->sig = sig;
+ else
{
- pdkim_signature *last_sig = ctx->sig;
- if (!last_sig)
- ctx->sig = new_sig;
- else
- {
- while (last_sig->next) last_sig = last_sig->next;
- last_sig->next = new_sig;
- }
+ while (last_sig->next) last_sig = last_sig->next;
+ last_sig->next = sig;
}
- else
- DEBUG(D_acl) debug_printf(
- "Error while parsing signature header\n"
- "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
}
- /* every other header is stored for signature verification */
- else
- ctx->headers = pdkim_prepend_stringlist(ctx->headers, ctx->cur_header);
+ /* all headers are stored for signature verification */
+ ctx->headers = pdkim_prepend_stringlist(ctx->headers, ctx->cur_header);
}
BAIL:
-*ctx->cur_header = '\0';
-ctx->cur_header_len = 0; /* leave buffer for reuse */
+ctx->cur_header[ctx->cur_header_len = 0] = '\0'; /* leave buffer for reuse */
return PDKIM_OK;
}
DLLEXPORT int
pdkim_feed(pdkim_ctx *ctx, char *data, int len)
{
-int p;
+int p, rc;
/* Alternate EOD signal, used in non-dotstuffing mode */
if (!data)
if (ctx->flags & PDKIM_PAST_HDRS)
{
+ if (c == '\n' && !(ctx->flags & PDKIM_SEEN_CR)) /* emulate the CR */
+ {
+ ctx->linebuf[ctx->linebuf_offset++] = '\r';
+ if (ctx->linebuf_offset == PDKIM_MAX_BODY_LINE_LEN-1)
+ return PDKIM_ERR_LONG_LINE;
+ }
+
/* Processing body byte */
ctx->linebuf[ctx->linebuf_offset++] = c;
- if (c == '\n')
+ if (c == '\r')
+ ctx->flags |= PDKIM_SEEN_CR;
+ else if (c == '\n')
{
- int rc = pdkim_bodyline_complete(ctx); /* End of line */
- if (rc != PDKIM_OK) return rc;
+ ctx->flags &= ~PDKIM_SEEN_CR;
+ if ((rc = pdkim_bodyline_complete(ctx)) != PDKIM_OK)
+ return rc;
}
- if (ctx->linebuf_offset == (PDKIM_MAX_BODY_LINE_LEN-1))
+
+ if (ctx->linebuf_offset == PDKIM_MAX_BODY_LINE_LEN-1)
return PDKIM_ERR_LONG_LINE;
}
else
{
/* Processing header byte */
- if (c != '\r')
+ if (c == '\r')
+ ctx->flags |= PDKIM_SEEN_CR;
+ else if (c == '\n')
{
- if (c == '\n')
- {
- if (ctx->flags & PDKIM_SEEN_LF)
- {
- int rc = pdkim_header_complete(ctx); /* Seen last header line */
- if (rc != PDKIM_OK) return rc;
+ if (!(ctx->flags & PDKIM_SEEN_CR)) /* emulate the CR */
+ ctx->cur_header = string_catn(ctx->cur_header, &ctx->cur_header_size,
+ &ctx->cur_header_len, CUS "\r", 1);
- ctx->flags = ctx->flags & ~PDKIM_SEEN_LF | PDKIM_PAST_HDRS;
- DEBUG(D_acl) debug_printf(
- "PDKIM >> Body data for hash, canonicalized >>>>>>>>>>>>>>>>>>>>>>\n");
- continue;
- }
- else
- ctx->flags |= PDKIM_SEEN_LF;
- }
- else if (ctx->flags & PDKIM_SEEN_LF)
- {
- if (!(c == '\t' || c == ' '))
- {
- int rc = pdkim_header_complete(ctx); /* End of header */
- if (rc != PDKIM_OK) return rc;
- }
- ctx->flags &= ~PDKIM_SEEN_LF;
+ if (ctx->flags & PDKIM_SEEN_LF) /* Seen last header line */
+ {
+ if ((rc = pdkim_header_complete(ctx)) != PDKIM_OK)
+ return rc;
+
+ ctx->flags = (ctx->flags & ~(PDKIM_SEEN_LF|PDKIM_SEEN_CR)) | PDKIM_PAST_HDRS;
+ DEBUG(D_acl) debug_printf(
+ "PDKIM >> Body data for hash, canonicalized >>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
+ continue;
}
+ else
+ ctx->flags = (ctx->flags & ~PDKIM_SEEN_CR) | PDKIM_SEEN_LF;
+ }
+ else if (ctx->flags & PDKIM_SEEN_LF)
+ {
+ if (!(c == '\t' || c == ' ')) /* End of header */
+ if ((rc = pdkim_header_complete(ctx)) != PDKIM_OK)
+ return rc;
+ ctx->flags &= ~PDKIM_SEEN_LF;
}
if (ctx->cur_header_len < PDKIM_MAX_HEADER_LEN)
}
/* Preliminary or final version? */
-base64_b = final ? pdkim_encode_base64(&sig->sigdata) : US"";
+base64_b = final ? pdkim_encode_base64(&sig->sighash) : US"";
hdr = pdkim_headcat(&col, hdr, &hdr_size, &hdr_len, US";", US"b=", base64_b);
/* add trailing semicolon: I'm not sure if this is actually needed */
}
+/* -------------------------------------------------------------------------- */
+
+static pdkim_pubkey *
+pdkim_key_from_dns(pdkim_ctx * ctx, pdkim_signature * sig, ev_ctx * vctx,
+ const uschar ** errstr)
+{
+uschar * dns_txt_name, * dns_txt_reply;
+pdkim_pubkey * p;
+
+/* Fetch public key for signing domain, from DNS */
+
+dns_txt_name = string_sprintf("%s._domainkey.%s.", sig->selector, sig->domain);
+
+dns_txt_reply = store_get(PDKIM_DNS_TXT_MAX_RECLEN);
+memset(dns_txt_reply, 0, PDKIM_DNS_TXT_MAX_RECLEN);
+
+if ( ctx->dns_txt_callback(CS dns_txt_name, CS dns_txt_reply) != PDKIM_OK
+ || dns_txt_reply[0] == '\0'
+ )
+ {
+ sig->verify_status = PDKIM_VERIFY_INVALID;
+ sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE;
+ return NULL;
+ }
+
+DEBUG(D_acl)
+ {
+ debug_printf(
+ "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"
+ " Raw record: ");
+ pdkim_quoteprint(CUS dns_txt_reply, Ustrlen(dns_txt_reply));
+ }
+
+if ( !(p = pdkim_parse_pubkey_record(ctx, CUS dns_txt_reply))
+ || (Ustrcmp(p->srvtype, "*") != 0 && Ustrcmp(p->srvtype, "email") != 0)
+ )
+ {
+ sig->verify_status = PDKIM_VERIFY_INVALID;
+ sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD;
+
+ DEBUG(D_acl)
+ {
+ if (p)
+ debug_printf(" Invalid public key service type '%s'\n", p->srvtype);
+ else
+ debug_printf(" Error while parsing public key record\n");
+ debug_printf(
+ "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+ }
+ return NULL;
+ }
+
+DEBUG(D_acl) debug_printf(
+ "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+
+/* Import public key */
+if ((*errstr = exim_rsa_verify_init(&p->key, vctx)))
+ {
+ DEBUG(D_acl) debug_printf("verify_init: %s\n", *errstr);
+ sig->verify_status = PDKIM_VERIFY_INVALID;
+ sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_IMPORT;
+ return NULL;
+ }
+
+return p;
+}
+
+
/* -------------------------------------------------------------------------- */
DLLEXPORT int
-pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatures)
+pdkim_feed_finish(pdkim_ctx * ctx, pdkim_signature ** return_signatures,
+ const uschar ** err)
{
pdkim_signature *sig = ctx->sig;
hdata.data = NULL;
hdata.len = 0;
- exim_sha_init(&hhash_ctx, is_sha1 ? HASH_SHA1 : HASH_SHA256);
+ if (!exim_sha_init(&hhash_ctx, is_sha1 ? HASH_SHA1 : HASH_SHA256))
+ {
+ DEBUG(D_acl) debug_printf("PDKIM: hask setup internal error\n");
+ break;
+ }
DEBUG(D_acl) debug_printf(
"PDKIM >> Header data for hash, canonicalized, in sequence >>>>>>>>>>>>>>\n");
if (ctx->flags & PDKIM_MODE_SIGN)
{
es_ctx sctx;
- const uschar * errstr;
/* Import private key */
- if ((errstr = exim_rsa_signing_init(US sig->rsa_privkey, &sctx)))
+ if ((*err = exim_rsa_signing_init(US sig->rsa_privkey, &sctx)))
{
- DEBUG(D_acl) debug_printf("signing_init: %s\n", errstr);
+ DEBUG(D_acl) debug_printf("signing_init: %s\n", *err);
return PDKIM_ERR_RSA_PRIVKEY;
}
hdata = hhash;
#endif
- if ((errstr = exim_rsa_sign(&sctx, is_sha1, &hdata, &sig->sigdata)))
+ if ((*err = exim_rsa_sign(&sctx, is_sha1, &hdata, &sig->sighash)))
{
- DEBUG(D_acl) debug_printf("signing: %s\n", errstr);
+ DEBUG(D_acl) debug_printf("signing: %s\n", *err);
return PDKIM_ERR_RSA_SIGNING;
}
DEBUG(D_acl)
{
debug_printf( "PDKIM [%s] b computed: ", sig->domain);
- pdkim_hexprint(sig->sigdata.data, sig->sigdata.len);
+ pdkim_hexprint(sig->sighash.data, sig->sighash.len);
}
sig->signature_header = pdkim_create_header(sig, TRUE);
else
{
ev_ctx vctx;
- const uschar * errstr;
pdkim_pubkey * p;
- uschar *dns_txt_name, *dns_txt_reply;
-
/* Make sure we have all required signature tags */
if (!( sig->domain && *sig->domain
&& sig->selector && *sig->selector
&& sig->headernames && *sig->headernames
&& sig->bodyhash.data
- && sig->sigdata.data
+ && sig->sighash.data
&& sig->algo > -1
&& sig->version
) )
goto NEXT_VERIFY;
}
- /* Fetch public key for signing domain, from DNS */
-
- dns_txt_name = string_sprintf("%s._domainkey.%s.",
- sig->selector, sig->domain);
-
- dns_txt_reply = store_get(PDKIM_DNS_TXT_MAX_RECLEN);
- memset(dns_txt_reply, 0, PDKIM_DNS_TXT_MAX_RECLEN);
-
- if ( ctx->dns_txt_callback(CS dns_txt_name, CS dns_txt_reply) != PDKIM_OK
- || dns_txt_reply[0] == '\0')
- {
- sig->verify_status = PDKIM_VERIFY_INVALID;
- sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE;
- goto NEXT_VERIFY;
- }
-
- DEBUG(D_acl)
- {
- debug_printf(
- "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"
- " Raw record: ");
- pdkim_quoteprint(CUS dns_txt_reply, Ustrlen(dns_txt_reply));
- }
-
- if ( !(p = pdkim_parse_pubkey_record(ctx, CUS dns_txt_reply))
- || (Ustrcmp(p->srvtype, "*") != 0 && Ustrcmp(p->srvtype, "email") != 0)
- )
- {
- sig->verify_status = PDKIM_VERIFY_INVALID;
- sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD;
-
- DEBUG(D_acl)
- {
- if (p)
- debug_printf(" Invalid public key service type '%s'\n", p->srvtype);
- else
- debug_printf(" Error while parsing public key record\n");
- debug_printf(
- "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
- }
+ if (!(sig->pubkey = pdkim_key_from_dns(ctx, sig, &vctx, err)))
goto NEXT_VERIFY;
- }
- sig->pubkey = p;
-
- DEBUG(D_acl) debug_printf(
- "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
-
- /* Import public key */
- if ((errstr = exim_rsa_verify_init(&sig->pubkey->key, &vctx)))
- {
- DEBUG(D_acl) debug_printf("verify_init: %s\n", errstr);
- sig->verify_status = PDKIM_VERIFY_INVALID;
- sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_IMPORT;
- goto NEXT_VERIFY;
- }
/* Check the signature */
- if ((errstr = exim_rsa_verify(&vctx, is_sha1, &hhash, &sig->sigdata)))
+ if ((*err = exim_rsa_verify(&vctx, is_sha1, &hhash, &sig->sighash)))
{
- DEBUG(D_acl) debug_printf("headers verify: %s\n", errstr);
+ DEBUG(D_acl) debug_printf("headers verify: %s\n", *err);
sig->verify_status = PDKIM_VERIFY_FAIL;
sig->verify_ext_status = PDKIM_VERIFY_FAIL_MESSAGE;
goto NEXT_VERIFY;
}
- /* We have a winner! (if bodydhash was correct earlier) */
+ /* We have a winner! (if bodyhash was correct earlier) */
if (sig->verify_status == PDKIM_VERIFY_NONE)
sig->verify_status = PDKIM_VERIFY_PASS;
/* -------------------------------------------------------------------------- */
DLLEXPORT pdkim_ctx *
-pdkim_init_sign(char *domain, char *selector, char *rsa_privkey, int algo,
- BOOL dot_stuffed)
+pdkim_init_sign(char * domain, char * selector, char * rsa_privkey, int algo,
+ BOOL dot_stuffed, int(*dns_txt_callback)(char *, char *),
+ const uschar ** errstr)
{
-pdkim_ctx *ctx;
-pdkim_signature *sig;
+pdkim_ctx * ctx;
+pdkim_signature * sig;
if (!domain || !selector || !rsa_privkey)
return NULL;
-ctx = store_get(sizeof(pdkim_ctx));
+ctx = store_get(sizeof(pdkim_ctx) + PDKIM_MAX_BODY_LINE_LEN + sizeof(pdkim_signature));
memset(ctx, 0, sizeof(pdkim_ctx));
ctx->flags = dot_stuffed ? PDKIM_MODE_SIGN | PDKIM_DOT_TERM : PDKIM_MODE_SIGN;
-ctx->linebuf = store_get(PDKIM_MAX_BODY_LINE_LEN);
+ctx->linebuf = CS (ctx+1);
-sig = store_get(sizeof(pdkim_signature));
+DEBUG(D_acl) ctx->dns_txt_callback = dns_txt_callback;
+
+sig = (pdkim_signature *)(ctx->linebuf + PDKIM_MAX_BODY_LINE_LEN);
memset(sig, 0, sizeof(pdkim_signature));
sig->bodylength = -1;
sig->rsa_privkey = string_copy(US rsa_privkey);
sig->algo = algo;
-exim_sha_init(&sig->body_hash, algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256);
+if (!exim_sha_init(&sig->body_hash_ctx,
+ algo == PDKIM_ALGO_RSA_SHA1 ? HASH_SHA1 : HASH_SHA256))
+ {
+ DEBUG(D_acl) debug_printf("PDKIM: hash setup internal error\n");
+ return NULL;
+ }
+
+DEBUG(D_acl)
+ {
+ pdkim_signature s = *sig;
+ ev_ctx vctx;
+
+ debug_printf("PDKIM (checking verify key)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+ if (!pdkim_key_from_dns(ctx, &s, &vctx, errstr))
+ debug_printf("WARNING: bad dkim key in dns\n");
+ debug_printf("PDKIM (finished checking verify key)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+ }
return ctx;
}
* PDKIM - a RFC4871 (DKIM) implementation
*
* Copyright (C) 2009 - 2012 Tom Kistner <tom@duncanthrax.net>
- * Copyright (c) Jeremy Harris 2016
+ * Copyright (c) 2016 - 2017 Jeremy Harris
*
* http://duncanthrax.net/pdkim/
*
uschar *copiedheaders;
/* (b=) Raw signature data, along with its length in bytes */
- blob sigdata;
+ blob sighash;
/* (bh=) Raw body hash data, along with its length in bytes */
blob bodyhash;
/* Properties below this point are used internally only ------------- */
/* Per-signature helper variables ----------------------------------- */
- hctx body_hash;
+ hctx body_hash_ctx;
unsigned long signed_body_bytes; /* How many body bytes we hashed */
pdkim_stringlist *headers; /* Raw headers included in the sig */
#define PDKIM_MODE_SIGN BIT(0) /* if unset, mode==verify */
#define PDKIM_DOT_TERM BIT(1) /* dot termination and unstuffing */
-#define PDKIM_SEEN_LF BIT(2)
-#define PDKIM_SEEN_EOD BIT(3)
+#define PDKIM_SEEN_CR BIT(2)
+#define PDKIM_SEEN_LF BIT(3)
#define PDKIM_PAST_HDRS BIT(4)
+#define PDKIM_SEEN_EOD BIT(5)
unsigned flags;
/* One (signing) or several chained (verification) signatures */
void pdkim_init (void);
DLLEXPORT
-pdkim_ctx *pdkim_init_sign (char *, char *, char *, int, BOOL);
+pdkim_ctx *pdkim_init_sign (char *, char *, char *, int,
+ BOOL, int(*)(char *, char *), const uschar **);
DLLEXPORT
pdkim_ctx *pdkim_init_verify (int(*)(char *, char *), BOOL);
DLLEXPORT
int pdkim_feed (pdkim_ctx *, char *, int);
DLLEXPORT
-int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **);
+int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **, const uschar **);
DLLEXPORT
void pdkim_free_ctx (pdkim_ctx *);
-const char * pdkim_errstr(int);
+const uschar * pdkim_errstr(int);
#ifdef __cplusplus
}
int taglen;
long tag, len;
-/* debug_printf("as_tag: %02x %02x %02x %02x\n",
+/* debug_printf_indent("as_tag: %02x %02x %02x %02x\n",
der->data[0], der->data[1], der->data[2], der->data[3]); */
if ((rc = asn1_get_tag_der(der->data++, der->len--, &tag_class, &taglen, &tag))
return ASN1_DER_ERROR;
if (alen) *alen = len;
-/* debug_printf("as_tag: tlen %d dlen %d\n", taglen, (int)len); */
+/* debug_printf_indent("as_tag: tlen %d dlen %d\n", taglen, (int)len); */
der->data += taglen;
der->len -= taglen;
)
return s1;
-DEBUG(D_acl) debug_printf("rsa_signing_init:\n");
+DEBUG(D_acl) debug_printf_indent("rsa_signing_init:\n");
{
uschar * s;
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->n);
- debug_printf(" N : %s\n", s);
+ debug_printf_indent(" N : %s\n", s);
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->e);
- debug_printf(" E : %s\n", s);
+ debug_printf_indent(" E : %s\n", s);
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->d);
- debug_printf(" D : %s\n", s);
+ debug_printf_indent(" D : %s\n", s);
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->p);
- debug_printf(" P : %s\n", s);
+ debug_printf_indent(" P : %s\n", s);
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->q);
- debug_printf(" Q : %s\n", s);
+ debug_printf_indent(" Q : %s\n", s);
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->dp);
- debug_printf(" DP: %s\n", s);
+ debug_printf_indent(" DP: %s\n", s);
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->dq);
- debug_printf(" DQ: %s\n", s);
+ debug_printf_indent(" DQ: %s\n", s);
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->qp);
- debug_printf(" QP: %s\n", s);
+ debug_printf_indent(" QP: %s\n", s);
}
return NULL;
{
uschar * s;
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, m_sig);
- debug_printf(" SG: %s\n", s);
+ debug_printf_indent(" SG: %s\n", s);
}
gerr = gcry_mpi_print(GCRYMPI_FMT_USG, sig->data, SIGSPACE, &sig->len, m_sig);
if (gerr)
{
- debug_printf("signature conversion from MPI to buffer failed\n");
+ debug_printf_indent("signature conversion from MPI to buffer failed\n");
return US gcry_strerror(gerr);
}
#undef SIGSPACE
)
return errstr;
-DEBUG(D_acl) debug_printf("rsa_verify_init:\n");
+DEBUG(D_acl) debug_printf_indent("rsa_verify_init:\n");
{
uschar * s;
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, verify_ctx->n);
- debug_printf(" N : %s\n", s);
+ debug_printf_indent(" N : %s\n", s);
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, verify_ctx->e);
- debug_printf(" E : %s\n", s);
+ debug_printf_indent(" E : %s\n", s);
}
return NULL;
gerr = gcry_pk_verify (s_sig, s_hash, s_pkey))
)
{
- DEBUG(D_acl) debug_printf("verify: error in stage '%s'\n", stage);
+ DEBUG(D_acl) debug_printf_indent("verify: error in stage '%s'\n", stage);
return US gcry_strerror(gerr);
}
-/* Routines with knowlege of spool layout */
+/* Routines with knowledge of spool layout */
#ifndef COMPILE_UTILITY
static void
When the first argument of queue_get_spool_list() is 0, it scans the top
directory, fills in subdirs, and sets subcount. The order of the directories is
then randomized after the first time through, before they are scanned in
-subsqeuent iterations.
+subsequent iterations.
When the first argument of queue_get_spool_list() is -1 (for queue_run_in_
order), it scans all directories and makes a single message list. */
/* Recover store used when reading the header */
+ received_protocol = NULL;
+ sender_address = sender_ident = NULL;
+ authenticated_id = authenticated_sender = NULL;
store_reset(reset_point2);
if (!wanted) continue; /* With next message */
}
/* Now scan the chain and print information, resetting store used
each time. */
-reset_point = store_get(0);
-
-for (; f != NULL; f = f->next)
+for (reset_point = store_get(0); f; f = f->next)
{
int rc, save_errno;
int size = 0;
BOOL env_read;
- store_reset(reset_point);
message_size = 0;
message_subdir[0] = f->dir_uschar;
rc = spool_read_header(f->text, FALSE, count <= 0);
- if (rc == spool_read_notopen && errno == ENOENT && count <= 0) continue;
+ if (rc == spool_read_notopen && errno == ENOENT && count <= 0) goto next;
save_errno = errno;
env_read = (rc == spool_read_OK || rc == spool_read_hdrerror);
/* Collect delivered addresses from any J file */
fname[ptr] = 'J';
- jread = Ufopen(fname, "rb");
- if (jread != NULL)
+ if ((jread = Ufopen(fname, "rb")))
{
while (Ufgets(big_buffer, big_buffer_size, jread) != NULL)
{
fprintf(stdout, "%s ", string_format_size(size, big_buffer));
for (i = 0; i < 16; i++) fputc(f->text[i], stdout);
- if (env_read && sender_address != NULL)
+ if (env_read && sender_address)
{
printf(" <%s>", sender_address);
if (sender_set_untrusted) printf(" (%s)", originator_login);
if (rc != spool_read_hdrerror)
{
printf("\n\n");
- continue;
+ goto next;
}
}
printf("\n");
- if (recipients_list != NULL)
+ if (recipients_list)
{
for (i = 0; i < recipients_count; i++)
{
if (!delivered || option != 1)
printf(" %s %s\n", (delivered != NULL)? "D":" ",
recipients_list[i].address);
- if (delivered != NULL) delivered->data.val = TRUE;
+ if (delivered) delivered->data.val = TRUE;
}
- if (option == 2 && tree_nonrecipients != NULL)
+ if (option == 2 && tree_nonrecipients)
queue_list_extras(tree_nonrecipients);
printf("\n");
}
+
+next:
+ received_protocol = NULL;
+ sender_fullhost = sender_helo_name =
+ sender_rcvhost = sender_host_address = sender_address = sender_ident = NULL;
+ sender_host_authenticated = authenticated_sender = authenticated_id = NULL;
+ interface_address = NULL;
+ acl_var_m = NULL;
+
+ store_reset(reset_point);
}
}
/* Read the contents of any syntax error blocks if we have a pointer */
-if (eblockp != NULL)
+if (eblockp)
{
- uschar *s;
error_block *e;
- error_block **p = eblockp;
- for (;;)
+ error_block **p;
+ for (p = eblockp; ; p = &e->next)
{
+ uschar *s;
if (!rda_read_string(fd, &s)) goto DISASTER;
- if (s == NULL) break;
+ if (!s) break;
e = store_get(sizeof(error_block));
e->next = NULL;
e->text1 = s;
if (!rda_read_string(fd, &s)) goto DISASTER;
e->text2 = s;
*p = e;
- p = &(e->next);
}
}
while (hn < n)
{
hn++;
- h = h->next;
- if (h == NULL) goto DISASTER_NO_HEADER;
+ if (!(h = h->next)) goto DISASTER_NO_HEADER;
}
h->type = htype_old;
}
uschar *s;
int type;
if (!rda_read_string(fd, &s)) goto DISASTER;
- if (s == NULL) break;
+ if (!s) break;
if (read(fd, &type, sizeof(type)) != sizeof(type)) goto DISASTER;
header_add(type, "%s", s);
}
{ "dccifd_address", opt_stringptr, &dccifd_address },
{ "dccifd_options", opt_stringptr, &dccifd_options },
#endif
+ { "debug_store", opt_bool, &debug_store },
{ "delay_warning", opt_timelist, &delay_warning },
{ "delay_warning_condition", opt_stringptr, &delay_warning_condition },
{ "deliver_drop_privilege", opt_bool, &deliver_drop_privilege },
{ "dns_retry", opt_int, &dns_retry },
{ "dns_trust_aa", opt_stringptr, &dns_trust_aa },
{ "dns_use_edns0", opt_int, &dns_use_edns0 },
- /* This option is now a no-op, retained for compability */
+ /* This option is now a no-op, retained for compatibility */
{ "drop_cr", opt_bool, &drop_cr },
/*********************************************************/
{ "dsn_advertise_hosts", opt_stringptr, &dsn_advertise_hosts },
#ifdef TRANSPORT_APPENDFILE
# ifdef SUPPORT_MAILDIR
- macro_create(US"_HAVE_TRANSPORT_APPEND_MAILDR", US"y", FALSE, TRUE);
+ macro_create(US"_HAVE_TRANSPORT_APPEND_MAILDIR", US"y", FALSE, TRUE);
# endif
# ifdef SUPPORT_MAILSTORE
macro_create(US"_HAVE_TRANSPORT_APPEND_MAILSTORE", US"y", FALSE, TRUE);
macros that have substrings are always discovered first during
expansion. */
-for (i = 0; i < nopt; i++) if (*(s = opts[i].name) && *s != '*')
+for (i = 0; i < nopt; i++) if (*(s = US opts[i].name) && *s != '*')
if (group)
macro_create(string_sprintf("_OPT_%T_%T_%T", section, group, s), US"y", FALSE, TRUE);
else
"configuration file %s", ss);
config_filename = string_copy(ss);
- config_directory = string_copyn(ss, (const uschar*) strrchr(ss, '/') - ss);
+ config_directory = string_copyn(ss, CUstrrchr(ss, '/') - ss);
config_lineno = 0;
continue;
}
/* We get a coverity error here for using count, as it derived
from the tainted buffer pointed to by s, as parsed by sscanf().
- By the definition of sscanf we must be aceessing between start
+ By the definition of sscanf we must be accessing between start
and end of s (assuming it is nul-terminated...) so ignore the error. */
/* coverity[tainted_data] */
if (s[count] == '.')
exim_setugid(exim_uid, exim_gid, FALSE,
US"calling tls_validate_require_cipher");
- errmsg = tls_validate_require_cipher();
- if (errmsg)
- {
+ if ((errmsg = tls_validate_require_cipher()))
log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
"tls_require_ciphers invalid: %s", errmsg);
- }
fflush(NULL);
_exit(0);
}
config_main_filename is the name shown by -bP. Failure to open a configuration
file is a serious disaster. */
-if (config_file != NULL)
+if (config_file)
{
- uschar *slash = Ustrrchr(filename, '/');
+ uschar *last_slash = Ustrrchr(filename, '/');
config_filename = config_main_filename = string_copy(filename);
- /* the config_main_directory we need for the $config_dir expansion.
+ /* The config_main_directory we need for the $config_dir expansion.
+ config_main_filename we need for $config_file expansion.
And config_dir is the directory of the current configuration, used for
relative .includes. We do need to know it's name, as we change our working
directory later. */
if (filename[0] == '/')
- config_main_directory = slash > filename ? string_copyn(filename, slash - filename) : US"/";
+ config_main_directory = last_slash == filename ? US"/" : string_copyn(filename, last_slash - filename);
else
{
/* relative configuration file name: working dir + / + basename(filename) */
- char buf[PATH_MAX];
+ uschar buf[PATH_MAX];
int offset = 0;
int size = 0;
- const uschar *p = Ustrrchr(filename, '/');
- if (getcwd(buf, PATH_MAX) == NULL)
+ if (os_getcwd(buf, PATH_MAX) == NULL)
{
perror("exim: getcwd");
exit(EXIT_FAILURE);
/* If the dir does not end with a "/", append one */
if (config_main_directory[offset-1] != '/')
- string_cat(config_main_directory, &size, &offset, US"/");
+ config_main_directory = string_catn(config_main_directory, &size, &offset, US"/", 1);
/* If the config file contains a "/", extract the directory part */
- if (p)
- string_catn(config_main_directory, &size, &offset, filename, p - filename);
+ if (last_slash)
+ config_main_directory = string_catn(config_main_directory, &size, &offset, filename, last_slash - filename);
+
+ config_main_directory[offset] = '\0';
}
config_directory = config_main_directory;
}
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Code for receiving a message and setting up spool files. */
static int data_fd = -1;
static uschar *spool_name = US"";
+enum CH_STATE {LF_SEEN, MID_LINE, CR_SEEN};
/*************************************************
changing the pointer variables.) */
int
-stdin_getc(void)
+stdin_getc(unsigned lim)
{
return getc(stdin);
}
{
register int last_ch = '\n';
- for (; (ch = (receive_getc)()) != EOF; last_ch = ch)
+ for (; (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF; last_ch = ch)
{
if (ch == 0) body_zerocount++;
if (last_ch == '\r' && ch != '\n')
ch_state = 1;
-while ((ch = (receive_getc)()) != EOF)
+while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF)
{
if (ch == 0) body_zerocount++;
switch (ch_state)
int ch;
int linelength = 0;
-while ((ch = (receive_getc)()) != EOF)
+while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF)
{
if (ch == 0) body_zerocount++;
switch (ch_state)
/* Variant of the above read_message_data_smtp() specialised for RFC 3030
-CHUNKING. We assume that the incoming has proper CRLF, so only have to scan
-for and strip CR. On the downside there are more protocol reasons to stop.
+CHUNKING. Accept input lines separated by either CRLF or CR or LF and write
+LF-delimited spoolfile. Until we have wireformat spoolfiles, we need the
+body_linecount accounting for proper re-expansion for the wire, so use
+a cut-down version of the state-machine above; we don't need to do leading-dot
+detection and unstuffing.
Arguments:
- fout a FILE to which to write the message; NULL if skipping
+ fout a FILE to which to write the message; NULL if skipping;
+ must be open for both writing and reading.
Returns: One of the END_xxx values indicating why it stopped reading
*/
static int
read_message_bdat_smtp(FILE *fout)
{
-int ch;
-int linelength = 0;
+int linelength = 0, ch;
+enum CH_STATE ch_state = LF_SEEN;
+BOOL fix_nl = FALSE;
-for (;;) switch (ch = bdat_getc())
+for(;;)
{
- case EOF: return END_EOF;
- case EOD: return END_DOT;
- case ERR: return END_PROTOCOL;
+ switch ((ch = (bdat_getc)(GETC_BUFFER_UNLIMITED)))
+ {
+ case EOF: return END_EOF;
+ case ERR: return END_PROTOCOL;
+ case EOD:
+ /* Nothing to get from the sender anymore. We check the last
+ character written to the spool.
+
+ RFC 3030 states, that BDAT chunks are normal text, terminated by CRLF.
+ If we would be strict, we would refuse such broken messages.
+ But we are liberal, so we fix it. It would be easy just to append
+ the "\n" to the spool.
+
+ But there are some more things (line counting, message size calculation and such),
+ that would need to be duplicated here. So we simply do some ungetc
+ trickery.
+ */
+ if (fout)
+ {
+ if (fseek(fout, -1, SEEK_CUR) < 0) return END_PROTOCOL;
+ if (fgetc(fout) == '\n') return END_DOT;
+ }
- case '\r':
- body_linecount++;
- if (linelength > max_received_linelength)
- max_received_linelength = linelength;
- linelength = -1;
- break;
+ if (linelength == -1) /* \r already seen (see below) */
+ {
+ DEBUG(D_receive) debug_printf("Add missing LF\n");
+ bdat_ungetc('\n');
+ continue;
+ }
+ DEBUG(D_receive) debug_printf("Add missing CRLF\n");
+ bdat_ungetc('\r'); /* not even \r was seen */
+ fix_nl = TRUE;
- case 0:
- body_zerocount++;
- /*FALLTHROUGH*/
- default:
- message_size++;
- linelength++;
- if (fout)
- {
- if (fputc(ch, fout) == EOF) return END_WERROR;
- if (message_size > thismessage_size_limit) return END_SIZE;
- }
-#ifdef notyet
- if(ch == '\n')
- (void) cutthrough_put_nl();
- else
- {
- uschar c = ch;
- (void) cutthrough_puts(&c, 1);
- }
-#endif
- break;
+ continue;
+ case '\0': body_zerocount++; break;
+ }
+ switch (ch_state)
+ {
+ case LF_SEEN: /* After LF or CRLF */
+ ch_state = MID_LINE;
+ /* fall through to handle as normal uschar. */
+
+ case MID_LINE: /* Mid-line state */
+ if (ch == '\n')
+ {
+ ch_state = LF_SEEN;
+ body_linecount++;
+ if (linelength > max_received_linelength)
+ max_received_linelength = linelength;
+ linelength = -1;
+ }
+ else if (ch == '\r')
+ {
+ ch_state = CR_SEEN;
+ if (fix_nl) bdat_ungetc('\n');
+ continue; /* don't write CR */
+ }
+ break;
+
+ case CR_SEEN: /* After (unwritten) CR */
+ body_linecount++;
+ if (linelength > max_received_linelength)
+ max_received_linelength = linelength;
+ linelength = -1;
+ if (ch == '\n')
+ ch_state = LF_SEEN;
+ else
+ {
+ message_size++;
+ if (fout && fputc('\n', fout) == EOF) return END_WERROR;
+ (void) cutthrough_put_nl();
+ if (ch == '\r') continue; /* don't write CR */
+ ch_state = MID_LINE;
+ }
+ break;
+ }
+
+ /* Add the character to the spool file, unless skipping */
+
+ message_size++;
+ linelength++;
+ if (fout)
+ {
+ if (fputc(ch, fout) == EOF) return END_WERROR;
+ if (message_size > thismessage_size_limit) return END_SIZE;
+ }
+ if(ch == '\n')
+ (void) cutthrough_put_nl();
+ else
+ {
+ uschar c = ch;
+ (void) cutthrough_puts(&c, 1);
+ }
}
/*NOTREACHED*/
}
if (acl_removed_headers != NULL)
{
- DEBUG(D_receive|D_acl) debug_printf(">>Headers removed by %s ACL:\n", acl_name);
+ DEBUG(D_receive|D_acl) debug_printf_indent(">>Headers removed by %s ACL:\n", acl_name);
for (h = header_list; h != NULL; h = h->next) if (h->type != htype_old)
{
if (header_testname(h, s, Ustrlen(s), FALSE))
{
h->type = htype_old;
- DEBUG(D_receive|D_acl) debug_printf(" %s", h->text);
+ DEBUG(D_receive|D_acl) debug_printf_indent(" %s", h->text);
}
}
acl_removed_headers = NULL;
- DEBUG(D_receive|D_acl) debug_printf(">>\n");
+ DEBUG(D_receive|D_acl) debug_printf_indent(">>\n");
}
if (acl_added_headers == NULL) return;
-DEBUG(D_receive|D_acl) debug_printf(">>Headers added by %s ACL:\n", acl_name);
+DEBUG(D_receive|D_acl) debug_printf_indent(">>Headers added by %s ACL:\n", acl_name);
for (h = acl_added_headers; h != NULL; h = next)
{
case htype_add_top:
h->next = header_list;
header_list = h;
- DEBUG(D_receive|D_acl) debug_printf(" (at top)");
+ DEBUG(D_receive|D_acl) debug_printf_indent(" (at top)");
break;
case htype_add_rec:
}
h->next = last_received->next;
last_received->next = h;
- DEBUG(D_receive|D_acl) debug_printf(" (after Received:)");
+ DEBUG(D_receive|D_acl) debug_printf_indent(" (after Received:)");
break;
case htype_add_rfc:
of all headers. Our current header must follow it. */
h->next = last_received->next;
last_received->next = h;
- DEBUG(D_receive|D_acl) debug_printf(" (before any non-Received: or Resent-*: header)");
+ DEBUG(D_receive|D_acl) debug_printf_indent(" (before any non-Received: or Resent-*: header)");
break;
default:
h->type = header_checkname(h, FALSE);
if (h->type >= 'a') h->type = htype_other;
- DEBUG(D_receive|D_acl) debug_printf(" %s", header_last->text);
+ DEBUG(D_receive|D_acl) debug_printf_indent(" %s", header_last->text);
}
acl_added_headers = NULL;
-DEBUG(D_receive|D_acl) debug_printf(">>\n");
+DEBUG(D_receive|D_acl) debug_printf_indent(">>\n");
}
{
(void) string_format(rfc822_file_path, sizeof(rfc822_file_path),
"%s/scan/%s/%s", spool_directory, message_id, entry->d_name);
- debug_printf("RFC822 attachment detected: running MIME ACL for '%s'\n",
+ DEBUG(D_receive) debug_printf("RFC822 attachment detected: running MIME ACL for '%s'\n",
rfc822_file_path);
break;
}
for (;;)
{
- int ch = (receive_getc)();
+ int ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
/* If we hit EOF on a SMTP connection, it's an error, since incoming
SMTP must have a correct "." terminator. */
if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
{
- ch = (receive_getc)();
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (ch == '\r')
{
- ch = (receive_getc)();
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (ch != '\n')
{
receive_ungetc(ch);
if (ch == '\r')
{
- ch = (receive_getc)();
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (ch == '\n')
{
if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
if (ch != EOF)
{
- int nextch = (receive_getc)();
+ int nextch = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (nextch == ' ' || nextch == '\t')
{
next->text[ptr++] = nextch;
}
}
+ /* Reject CHUNKING messages that do not CRLF their first header line */
+
+ if (!first_line_ended_crlf && chunking_state > CHUNKING_OFFERED)
+ {
+ log_write(L_size_reject, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: "
+ "Non-CRLF-terminated header, under CHUNKING: message abandoned",
+ sender_address,
+ sender_fullhost ? " H=" : "", sender_fullhost ? sender_fullhost : US"",
+ sender_ident ? " U=" : "", sender_ident ? sender_ident : US"");
+ smtp_printf("552 Message header not CRLF terminated\r\n");
+ bdat_flush_data();
+ smtp_reply = US"";
+ goto TIDYUP; /* Skip to end of function */
+ }
+
/* The line has been handled. If we have hit EOF, break out of the loop,
indicating no pending data line. */
DEBUG(D_receive)
{
debug_printf(">>Headers received:\n");
- for (h = header_list->next; h != NULL; h = h->next)
+ for (h = header_list->next; h; h = h->next)
debug_printf("%s", h->text);
debug_printf("\n");
}
/* Scan the headers to identify them. Some are merely marked for later
processing; some are dealt with here. */
-for (h = header_list->next; h != NULL; h = h->next)
+for (h = header_list->next; h; h = h->next)
{
BOOL is_resent = strncmpic(h->text, US"resent-", 7) == 0;
if (is_resent) contains_resent_headers = TRUE;
/* Now scan the headers */
- for (h = header_list->next; h != NULL; h = h->next)
+ for (h = header_list->next; h; h = h->next)
{
if ((h->type == htype_to || h->type == htype_cc || h->type == htype_bcc) &&
(!contains_resent_headers || strncmpic(h->text, US"resent-", 7) == 0))
documented as happening *after* recipient addresses are taken from the headers
by the -t command line option. An added Sender: gets rewritten here. */
-for (h = header_list->next; h != NULL; h = h->next)
+for (h = header_list->next; h; h = h->next)
{
header_line *newh = rewrite_header(h, NULL, NULL, global_rewrite_rules,
rewrite_existflags, TRUE);
- if (newh != NULL) h = newh;
+ if (newh) h = newh;
}
}
#endif
-/* Update the timstamp in our Received: header to account for any time taken by
+/* Update the timestamp in our Received: header to account for any time taken by
an ACL or by local_scan(). The new time is the time that all reception
processing is complete. */
macro to simplify the coding. We log the arrival of a new message while the
file is still locked, just in case the machine is *really* fast, and delivers
it first! Include any message id that is in the message - since the syntax of a
-message id is actually an addr-spec, we can use the parse routine to canonicize
+message id is actually an addr-spec, we can use the parse routine to canonicalize
it. */
size = 256;
if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0)
{
- int c = (receive_getc)();
+ int c = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (c != EOF) (receive_ungetc)(c); else
{
smtp_notquit_exit(US"connection-lost", NULL, NULL);
Send dot onward. If accepted, wipe the spooled files, log as delivered and accept
the sender's dot (below).
- If rejected: copy response to sender, wipe the spooled files, log approriately.
+ If rejected: copy response to sender, wipe the spooled files, log appropriately.
If temp-reject: normally accept to sender, keep the spooled file - unless defer=pass
in which case pass temp-reject back to initiator and dump the files.
pid = fork();
/* If fork() fails, reinstate the original error and behave as if
- this block of code were not present. This is the same behavious as happens
+ this block of code were not present. This is the same behaviour as happens
when Exim is not running as root at this point. */
if (pid < 0)
rc = -1;
}
- /* Handle error returns from stat() or route_check_access(). The EACESS error
+ /* Handle error returns from stat() or route_check_access(). The EACCES error
is handled specially. At present, we can force it to be treated as
non-existence. Write the code so that it will be easy to add forcing for
existence if required later. */
}
/* Skip if the sender condition is not met. We leave this one till after the
-local user check so that $home is set - enabling the possiblity of letting
+local user check so that $home is set - enabling the possibility of letting
individual recipients specify lists of acceptable/unacceptable senders. */
if ((rc = route_check_dls(r->name, US"senders", r->senders, NULL,
doesn't have some kind of indication as to why it has failed.
Arguments:
- s the group namd or textual form of the numerical gid
+ s the group name or textual form of the numerical gid
return_gid return the gid via this address
Returns: TRUE if the group was found; FALSE otherwise
by this router, even if it was different to the current address.
Just in case someone does put it into a loop (possible with redirection
- continally adding to an address, for example), put a long stop counter on
+ continually adding to an address, for example), put a long stop counter on
the number of parents. */
for (parent = addr->parent; parent; parent = parent->parent)
DISCARD the address was discarded (:blackhole: or "seen finish")
- FAIL the address was not routed; do not pass to any subseqent
+ FAIL the address was not routed; do not pass to any subsequent
routers, i.e. cause routing to fail.
DEFER retry this address later.
/* Deferral returns forthwith, and anything other than failure breaks the
loop. */
+ if (rc == HOST_FIND_SECURITY)
+ {
+ addr->message = US"host lookup done insecurely";
+ return DEFER;
+ }
if (rc == HOST_FIND_AGAIN)
{
if (rblock->pass_on_timeout)
copyflag(new_addr, addr, af_propagate);
new_addr->prop = addr->prop;
-if (addr->child_count == SHRT_MAX)
+if (addr->child_count == USHRT_MAX)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d "
- "child addresses for <%s>", rblock->name, SHRT_MAX, addr->address);
+ "child addresses for <%s>", rblock->name, USHRT_MAX, addr->address);
addr->child_count++;
new_addr->next = *addr_new;
*addr_new = new_addr;
next->next = *addr_new;
*addr_new = next;
- if (addr->child_count == SHRT_MAX)
+ if (addr->child_count == USHRT_MAX)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d "
- "child addresses for <%s>", rblock->name, SHRT_MAX, addr->address);
+ "child addresses for <%s>", rblock->name, USHRT_MAX, addr->address);
addr->child_count++;
DEBUG(D_route)
next->parent = addr;
orflag(next, addr, af_ignore_error);
next->start_router = rblock->redirect_router;
- if (addr->child_count == SHRT_MAX)
+ if (addr->child_count == USHRT_MAX)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s router generated more than %d "
- "child addresses for <%s>", rblock->name, SHRT_MAX, addr->address);
+ "child addresses for <%s>", rblock->name, USHRT_MAX, addr->address);
addr->child_count++;
next->next = *addr_new;
addr->address = address;
addr->unique = string_copy(address);
addr->parent = parent;
+parent->child_count = 1;
addr->next = *addr_new;
*addr_new = addr;
/* Temporary failure defers, unless pass_on_timeout is set */
+ if (rc == HOST_FIND_SECURITY)
+ {
+ addr->message = string_sprintf("host lookup for %s done insecurely" , h->name);
+ addr->basic_errno = ERRNO_DNSDEFER;
+ return DEFER;
+ }
if (rc == HOST_FIND_AGAIN)
{
if (rblock->pass_on_timeout)
}
/* If nothing has been matched, but the option to look for "*@" is set, try
-replacing everthing to the left of @ by *. After a match, the wild part
+replacing everything to the left of @ by *. After a match, the wild part
is set to the string to the left of the @. */
if (yield == NULL && (starflags & SEARCH_STARAT) != 0)
message.character=US"Notification";
message.length=Ustrlen(message.character);
}
- /* Allocation is larger than neccessary, but enough even for split MIME words */
+ /* Allocation is larger than necessary, but enough even for split MIME words */
buffer_capacity=32+4*message.length;
buffer=store_get(buffer_capacity);
if (message.length!=-1) fprintf(f,"Subject: %s\n",parse_quote_2047(message.character, message.length, US"utf-8", buffer, buffer_capacity, TRUE));
addr->reply->from = expand_string(US"$local_part@$domain");
else
addr->reply->from = from.character;
- /* Allocation is larger than neccessary, but enough even for split MIME words */
+ /* Allocation is larger than necessary, but enough even for split MIME words */
buffer_capacity=32+4*subject.length;
buffer=store_get(buffer_capacity);
/* deconst cast safe as we pass in a non-const item */
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions for handling an incoming SMTP call. */
we need room to handle large base64-encoded AUTHs for GSSAPI.
*/
-#define smtp_cmd_buffer_size 16384
+#define SMTP_CMD_BUFFER_SIZE 16384
/* Size of buffer for reading SMTP incoming packets */
-#define in_buffer_size 8192
+#define IN_BUFFER_SIZE 8192
/* Structure for SMTP command list */
MAIL_CMD, RCPT_CMD, RSET_CMD,
+ /* This is a dummy to identify the non-sync commands when not pipelining */
+
+ NON_SYNC_CMD_NON_PIPELINING,
+
/* RFC3030 section 2: "After all MAIL and RCPT responses are collected and
processed the message is sent using a series of BDAT commands"
implies that BDAT should be synchronized. However, we see Google, at least,
sending MAIL,RCPT,BDAT-LAST in a single packet, clearly not waiting for
- processing of the RPCT response(s). We shall do the same, and not require
- synch for BDAT. */
+ processing of the RCPT response(s). We shall do the same, and not require
+ synch for BDAT. Worse, as the chunk may (very likely will) follow the
+ command-header in the same packet we cannot do the usual "is there any
+ follow-on data after the command line" even for non-pipeline mode.
+ So we'll need an explicit check after reading the expected chunk amount
+ when non-pipe, before sending the ACK. */
BDAT_CMD,
- /* This is a dummy to identify the non-sync commands when not pipelining */
-
- NON_SYNC_CMD_NON_PIPELINING,
-
/* I have been unable to find a statement about the use of pipelining
with AUTH, so to be on the safe side it is here, though I kind of feel
it should be up there with the synchronized commands. */
/* forward declarations */
-int bdat_ungetc(int ch);
-static int smtp_read_command(BOOL check_sync);
+static int smtp_read_command(BOOL check_sync, unsigned buffer_lim);
static int synprot_error(int type, int code, uschar *data, uschar *errmess);
static void smtp_quit_handler(uschar **, uschar **);
static void smtp_rset_handler(void);
+/*************************************************
+* Recheck synchronization *
+*************************************************/
+
+/* Synchronization checks can never be perfect because a packet may be on its
+way but not arrived when the check is done. Such checks can in any case only be
+done when TLS is not in use. Normally, the checks happen when commands are
+read: Exim ensures that there is no more input in the input buffer. In normal
+cases, the response to the command will be fast, and there is no further check.
+
+However, for some commands an ACL is run, and that can include delays. In those
+cases, it is useful to do another check on the input just before sending the
+response. This also applies at the start of a connection. This function does
+that check by means of the select() function, as long as the facility is not
+disabled or inappropriate. A failure of select() is ignored.
+
+When there is unwanted input, we read it so that it appears in the log of the
+error.
+
+Arguments: none
+Returns: TRUE if all is well; FALSE if there is input pending
+*/
+
+static BOOL
+check_sync(void)
+{
+int fd, rc;
+fd_set fds;
+struct timeval tzero;
+
+if (!smtp_enforce_sync || sender_host_address == NULL ||
+ sender_host_notsocket || tls_in.active >= 0)
+ return TRUE;
+
+fd = fileno(smtp_in);
+FD_ZERO(&fds);
+FD_SET(fd, &fds);
+tzero.tv_sec = 0;
+tzero.tv_usec = 0;
+rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero);
+
+if (rc <= 0) return TRUE; /* Not ready to read */
+rc = smtp_getc(GETC_BUFFER_UNLIMITED);
+if (rc < 0) return TRUE; /* End of file or error */
+
+smtp_ungetc(rc);
+rc = smtp_inend - smtp_inptr;
+if (rc > 150) rc = 150;
+smtp_inptr[rc] = 0;
+return FALSE;
+}
+
+
+
+/*************************************************
+* Log incomplete transactions *
+*************************************************/
+
+/* This function is called after a transaction has been aborted by RSET, QUIT,
+connection drops or other errors. It logs the envelope information received
+so far in order to preserve address verification attempts.
+
+Argument: string to indicate what aborted the transaction
+Returns: nothing
+*/
+
+static void
+incomplete_transaction_log(uschar *what)
+{
+if (sender_address == NULL || /* No transaction in progress */
+ !LOGGING(smtp_incomplete_transaction))
+ return;
+
+/* Build list of recipients for logging */
+
+if (recipients_count > 0)
+ {
+ int i;
+ raw_recipients = store_get(recipients_count * sizeof(uschar *));
+ for (i = 0; i < recipients_count; i++)
+ raw_recipients[i] = recipients_list[i].address;
+ raw_recipients_count = recipients_count;
+ }
+
+log_write(L_smtp_incomplete_transaction, LOG_MAIN|LOG_SENDER|LOG_RECIPIENTS,
+ "%s incomplete transaction (%s)", host_and_ident(TRUE), what);
+}
+
+
+
+
/*************************************************
* SMTP version of getc() *
*************************************************/
/* This gets the next byte from the SMTP input buffer. If the buffer is empty,
it flushes the output, and refills the buffer, with a timeout. The signal
handler is set appropriately by the calling function. This function is not used
-after a connection has negotated itself into an TLS/SSL state.
+after a connection has negotiated itself into an TLS/SSL state.
-Arguments: none
+Arguments: lim Maximum amount to read/buffer
Returns: the next character or EOF
*/
int
-smtp_getc(void)
+smtp_getc(unsigned lim)
{
if (smtp_inptr >= smtp_inend)
{
if (!smtp_out) return EOF;
fflush(smtp_out);
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
- rc = read(fileno(smtp_in), smtp_inbuffer, in_buffer_size);
+
+ /* Limit amount read, so non-message data is not fed to DKIM */
+
+ rc = read(fileno(smtp_in), smtp_inbuffer, MIN(IN_BUFFER_SIZE, lim));
save_errno = errno;
alarm(0);
if (rc <= 0)
Placed here due to the correlation with the above smtp_getc(), which it wraps,
and also by the need to do smtp command/response handling.
-Arguments: none
+Arguments: lim (ignored)
Returns: the next character or ERR, EOD or EOF
*/
int
-bdat_getc(void)
+bdat_getc(unsigned lim)
{
uschar * user_msg = NULL;
uschar * log_msg;
for(;;)
{
- if (chunking_data_left-- > 0)
- return lwr_receive_getc();
+#ifndef DISABLE_DKIM
+ BOOL dkim_save;
+#endif
+
+ if (chunking_data_left > 0)
+ return lwr_receive_getc(chunking_data_left--);
receive_getc = lwr_receive_getc;
receive_ungetc = lwr_receive_ungetc;
+#ifndef DISABLE_DKIM
+ dkim_save = dkim_collect_input;
+ dkim_collect_input = FALSE;
+#endif
+
+ /* Unless PIPELINING was offered, there should be no next command
+ until after we ack that chunk */
+
+ if (!pipelining_advertised && !check_sync())
+ {
+ incomplete_transaction_log(US"sync failure");
+ log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol synchronization error "
+ "(next input sent too soon: pipelining was not advertised): "
+ "rejected \"%s\" %s next input=\"%s\"",
+ smtp_cmd_buffer, host_and_ident(TRUE),
+ string_printing(smtp_inptr));
+ (void) synprot_error(L_smtp_protocol_error, 554, NULL,
+ US"SMTP synchronization error");
+ goto repeat_until_rset;
+ }
/* If not the last, ack the received chunk. The last response is delayed
until after the data ACL decides on it */
return EOD;
}
- chunking_state = CHUNKING_OFFERED;
smtp_printf("250 %u byte chunk received\r\n", chunking_datasize);
+ chunking_state = CHUNKING_OFFERED;
+ DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state);
/* Expect another BDAT cmd from input. RFC 3030 says nothing about
QUIT, RSET or NOOP but handling them seems obvious */
next_cmd:
- switch(smtp_read_command(TRUE))
+ switch(smtp_read_command(TRUE, 1))
{
default:
(void) synprot_error(L_smtp_protocol_error, 503, NULL,
US"only BDAT permissible after non-LAST BDAT");
repeat_until_rset:
- switch(smtp_read_command(TRUE))
+ switch(smtp_read_command(TRUE, 1))
{
case QUIT_CMD: smtp_quit_handler(&user_msg, &log_msg); /*FALLTHROUGH */
case EOF_CMD: return EOF;
chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0
? CHUNKING_LAST : CHUNKING_ACTIVE;
chunking_data_left = chunking_datasize;
+ DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
+ (int)chunking_state, chunking_data_left);
if (chunking_datasize == 0)
if (chunking_state == CHUNKING_LAST)
receive_getc = bdat_getc;
receive_ungetc = bdat_ungetc;
+#ifndef DISABLE_DKIM
+ dkim_collect_input = dkim_save;
+#endif
break; /* to top of main loop */
}
}
}
}
-static void
+void
bdat_flush_data(void)
{
-while (chunking_data_left-- > 0)
- if (lwr_receive_getc() < 0)
+while (chunking_data_left > 0)
+ if (lwr_receive_getc(chunking_data_left--) < 0)
break;
receive_getc = lwr_receive_getc;
receive_ungetc = lwr_receive_ungetc;
if (chunking_state != CHUNKING_LAST)
+ {
chunking_state = CHUNKING_OFFERED;
+ DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state);
+ }
}
* Check if host is required proxy host *
*************************************************/
/* The function determines if inbound host will be a regular smtp host
-or if it is configured that it must use Proxy Protocol.
+or if it is configured that it must use Proxy Protocol. A local
+connection cannot.
Arguments: none
Returns: bool
check_proxy_protocol_host()
{
int rc;
-/* Cannot configure local connection as a proxy inbound */
-if (sender_host_address == NULL) return proxy_session;
-rc = verify_check_this_host(CUSS &hosts_proxy, NULL, NULL,
- sender_host_address, NULL);
-if (rc == OK)
+if ( sender_host_address
+ && (rc = verify_check_this_host(CUSS &hosts_proxy, NULL, NULL,
+ sender_host_address, NULL)) == OK)
{
DEBUG(D_receive)
debug_printf("Detected proxy protocol configured host\n");
}
+/*************************************************
+* Read data until newline or end of buffer *
+*************************************************/
+/* While SMTP is server-speaks-first, TLS is client-speaks-first, so we can't
+read an entire buffer and assume there will be nothing past a proxy protocol
+header. Our approach normally is to use stdio, but again that relies upon
+"STARTTLS\r\n" and a server response before the client starts TLS handshake, or
+reading _nothing_ before client TLS handshake. So we don't want to use the
+usual buffering reads which may read enough to block TLS starting.
+
+So unfortunately we're down to "read one byte at a time, with a syscall each,
+and expect a little overhead", for all proxy-opened connections which are v1,
+just to handle the TLS-on-connect case. Since SSL functions wrap the
+underlying fd, we can't assume that we can feed them any already-read content.
+
+We need to know where to read to, the max capacity, and we'll read until we
+get a CR and one more character. Let the caller scream if it's CR+!LF.
+
+Return the amount read.
+*/
+
+static int
+swallow_until_crlf(int fd, uschar *base, int already, int capacity)
+{
+uschar *to = base + already;
+uschar *cr;
+int have = 0;
+int ret;
+int last = 0;
+
+/* For "PROXY UNKNOWN\r\n" we, at time of writing, expect to have read
+up through the \r; for the _normal_ case, we haven't yet seen the \r. */
+
+cr = memchr(base, '\r', already);
+if (cr != NULL)
+ {
+ if ((cr - base) < already - 1)
+ {
+ /* \r and presumed \n already within what we have; probably not
+ actually proxy protocol, but abort cleanly. */
+ return 0;
+ }
+ /* \r is last character read, just need one more. */
+ last = 1;
+ }
+
+while (capacity > 0)
+ {
+ do { ret = recv(fd, to, 1, 0); } while (ret == -1 && errno == EINTR);
+ if (ret == -1)
+ return -1;
+ have++;
+ if (last)
+ return have;
+ if (*to == '\r')
+ last = 1;
+ capacity--;
+ to++;
+ }
+
+/* reached end without having room for a final newline, abort */
+errno = EOVERFLOW;
+return -1;
+}
+
/*************************************************
* Setup host for proxy protocol *
*************************************************/
Returns: Boolean success
*/
-static BOOL
+static void
setup_proxy_protocol_host()
{
union {
char tmpip6[INET6_ADDRSTRLEN];
struct sockaddr_in6 tmpaddr6;
+/* We can't read "all data until end" because while SMTP is
+server-speaks-first, the TLS handshake is client-speaks-first, so for
+TLS-on-connect ports the proxy protocol header will usually be immediately
+followed by a TLS handshake, and with N TLS libraries, we can't reliably
+reinject data for reading by those. So instead we first read "enough to be
+safely read within the header, and figure out how much more to read".
+For v1 we will later read to the end-of-line, for v2 we will read based upon
+the stated length.
+
+The v2 sig is 12 octets, and another 4 gets us the length, so we know how much
+data is needed total. For v1, where the line looks like:
+PROXY TCPn L3src L3dest SrcPort DestPort \r\n
+
+However, for v1 there's also `PROXY UNKNOWN\r\n` which is only 15 octets.
+We seem to support that. So, if we read 14 octets then we can tell if we're
+v2 or v1. If we're v1, we can continue reading as normal.
+
+If we're v2, we can't slurp up the entire header. We need the length in the
+15th & 16th octets, then to read everything after that.
+
+So to safely handle v1 and v2, with client-sent-first supported correctly,
+we have to do a minimum of 3 read calls, not 1. Eww.
+*/
+
+#define PROXY_INITIAL_READ 14
+#define PROXY_V2_HEADER_SIZE 16
+#if PROXY_INITIAL_READ > PROXY_V2_HEADER_SIZE
+# error Code bug in sizes of data to read for proxy usage
+#endif
+
int get_ok = 0;
int size, ret;
int fd = fileno(smtp_in);
const char v2sig[12] = "\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A";
-uschar *iptype; /* To display debug info */
+uschar * iptype; /* To display debug info */
struct timeval tv;
struct timeval tvtmp;
socklen_t vslen = sizeof(struct timeval);
+BOOL yield = FALSE;
/* Save current socket timeout values */
get_ok = getsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS &tvtmp, &vslen);
tv.tv_sec = PROXY_NEGOTIATION_TIMEOUT_SEC;
tv.tv_usec = PROXY_NEGOTIATION_TIMEOUT_USEC;
if (setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, CS &tv, sizeof(tv)) < 0)
- return FALSE;
+ goto bad;
do
{
/* The inbound host was declared to be a Proxy Protocol host, so
- don't do a PEEK into the data, actually slurp it up. */
- ret = recv(fd, &hdr, sizeof(hdr), 0);
+ don't do a PEEK into the data, actually slurp up enough to be
+ "safe". Can't take it all because TLS-on-connect clients follow
+ immediately with TLS handshake. */
+ ret = recv(fd, &hdr, PROXY_INITIAL_READ, 0);
}
while (ret == -1 && errno == EINTR);
if (ret == -1)
goto proxyfail;
-if (ret >= 16 &&
- memcmp(&hdr.v2, v2sig, 12) == 0)
+/* For v2, handle reading the length, and then the rest. */
+if ((ret == PROXY_INITIAL_READ) && (memcmp(&hdr.v2, v2sig, sizeof(v2sig)) == 0))
{
- uint8_t ver, cmd;
+ int retmore;
+ uint8_t ver;
+
+ /* First get the length fields. */
+ do
+ {
+ retmore = recv(fd, (uschar*)&hdr + ret, PROXY_V2_HEADER_SIZE - PROXY_INITIAL_READ, 0);
+ } while (retmore == -1 && errno == EINTR);
+ if (retmore == -1)
+ goto proxyfail;
+ ret += retmore;
- /* May 2014: haproxy combined the version and command into one byte to
- allow two full bytes for the length field in order to proxy SSL
- connections. SSL Proxy is not supported in this version of Exim, but
- must still seperate values here. */
ver = (hdr.v2.ver_cmd & 0xf0) >> 4;
- cmd = (hdr.v2.ver_cmd & 0x0f);
+
+ /* May 2014: haproxy combined the version and command into one byte to
+ allow two full bytes for the length field in order to proxy SSL
+ connections. SSL Proxy is not supported in this version of Exim, but
+ must still separate values here. */
if (ver != 0x02)
{
DEBUG(D_receive) debug_printf("Invalid Proxy Protocol version: %d\n", ver);
goto proxyfail;
}
- DEBUG(D_receive) debug_printf("Detected PROXYv2 header\n");
+
/* The v2 header will always be 16 bytes per the spec. */
- size = 16 + hdr.v2.len;
- if (ret < size)
+ size = 16 + ntohs(hdr.v2.len);
+ DEBUG(D_receive) debug_printf("Detected PROXYv2 header, size %d (limit %d)\n",
+ size, (int)sizeof(hdr));
+
+ /* We should now have 16 octets (PROXY_V2_HEADER_SIZE), and we know the total
+ amount that we need. Double-check that the size is not unreasonable, then
+ get the rest. */
+ if (size > sizeof(hdr))
{
- DEBUG(D_receive) debug_printf("Truncated or too large PROXYv2 header (%d/%d)\n",
- ret, size);
+ DEBUG(D_receive) debug_printf("PROXYv2 header size unreasonably large; security attack?\n");
goto proxyfail;
}
+
+ do
+ {
+ do
+ {
+ retmore = recv(fd, (uschar*)&hdr + ret, size-ret, 0);
+ } while (retmore == -1 && errno == EINTR);
+ if (retmore == -1)
+ goto proxyfail;
+ ret += retmore;
+ DEBUG(D_receive) debug_printf("PROXYv2: have %d/%d required octets\n", ret, size);
+ } while (ret < size);
+
+ } /* end scope for getting rest of data for v2 */
+
+/* At this point: if PROXYv2, we've read the exact size required for all data;
+if PROXYv1 then we've read "less than required for any valid line" and should
+read the rest". */
+
+if (ret >= 16 && memcmp(&hdr.v2, v2sig, 12) == 0)
+ {
+ uint8_t cmd = (hdr.v2.ver_cmd & 0x0f);
+
switch (cmd)
{
case 0x01: /* PROXY command */
case 0x11: /* TCPv4 address type */
iptype = US"IPv4";
tmpaddr.sin_addr.s_addr = hdr.v2.addr.ip4.src_addr;
- inet_ntop(AF_INET, &(tmpaddr.sin_addr), (char *)&tmpip, sizeof(tmpip));
- if (!string_is_ip_address(US tmpip,NULL))
+ inet_ntop(AF_INET, &tmpaddr.sin_addr, CS &tmpip, sizeof(tmpip));
+ if (!string_is_ip_address(US tmpip, NULL))
{
DEBUG(D_receive) debug_printf("Invalid %s source IP\n", iptype);
goto proxyfail;
sender_host_port = tmpport;
/* Save dest ip/port */
tmpaddr.sin_addr.s_addr = hdr.v2.addr.ip4.dst_addr;
- inet_ntop(AF_INET, &(tmpaddr.sin_addr), (char *)&tmpip, sizeof(tmpip));
- if (!string_is_ip_address(US tmpip,NULL))
+ inet_ntop(AF_INET, &tmpaddr.sin_addr, CS &tmpip, sizeof(tmpip));
+ if (!string_is_ip_address(US tmpip, NULL))
{
DEBUG(D_receive) debug_printf("Invalid %s dest port\n", iptype);
goto proxyfail;
case 0x21: /* TCPv6 address type */
iptype = US"IPv6";
memmove(tmpaddr6.sin6_addr.s6_addr, hdr.v2.addr.ip6.src_addr, 16);
- inet_ntop(AF_INET6, &(tmpaddr6.sin6_addr), (char *)&tmpip6, sizeof(tmpip6));
- if (!string_is_ip_address(US tmpip6,NULL))
+ inet_ntop(AF_INET6, &tmpaddr6.sin6_addr, CS &tmpip6, sizeof(tmpip6));
+ if (!string_is_ip_address(US tmpip6, NULL))
{
DEBUG(D_receive) debug_printf("Invalid %s source IP\n", iptype);
goto proxyfail;
sender_host_port = tmpport;
/* Save dest ip/port */
memmove(tmpaddr6.sin6_addr.s6_addr, hdr.v2.addr.ip6.dst_addr, 16);
- inet_ntop(AF_INET6, &(tmpaddr6.sin6_addr), (char *)&tmpip6, sizeof(tmpip6));
- if (!string_is_ip_address(US tmpip6,NULL))
+ inet_ntop(AF_INET6, &tmpaddr6.sin6_addr, CS &tmpip6, sizeof(tmpip6));
+ if (!string_is_ip_address(US tmpip6, NULL))
{
DEBUG(D_receive) debug_printf("Invalid %s dest port\n", iptype);
goto proxyfail;
break;
case 0x00: /* LOCAL command */
/* Keep local connection address for LOCAL */
+ iptype = US"local";
break;
default:
DEBUG(D_receive)
goto proxyfail;
}
}
-else if (ret >= 8 &&
- memcmp(hdr.v1.line, "PROXY", 5) == 0)
+else if (ret >= 8 && memcmp(hdr.v1.line, "PROXY", 5) == 0)
{
- uschar *p = string_copy(hdr.v1.line);
- uschar *end = memchr(p, '\r', ret - 1);
+ uschar *p;
+ uschar *end;
uschar *sp; /* Utility variables follow */
int tmp_port;
+ int r2;
char *endc;
- if (!end || end[1] != '\n')
+ /* get the rest of the line */
+ r2 = swallow_until_crlf(fd, (uschar*)&hdr, ret, sizeof(hdr)-ret);
+ if (r2 == -1)
+ goto proxyfail;
+ ret += r2;
+
+ p = string_copy(hdr.v1.line);
+ end = memchr(p, '\r', ret - 1);
+
+ if (!end || (end == (uschar*)&hdr + ret) || end[1] != '\n')
{
DEBUG(D_receive) debug_printf("Partial or invalid PROXY header\n");
goto proxyfail;
}
*end = '\0'; /* Terminate the string */
- size = end + 2 - hdr.v1.line; /* Skip header + CRLF */
+ size = end + 2 - p; /* Skip header + CRLF */
DEBUG(D_receive) debug_printf("Detected PROXYv1 header\n");
+ DEBUG(D_receive) debug_printf("Bytes read not within PROXY header: %d\n", ret - size);
/* Step through the string looking for the required fields. Ensure
- strict adherance to required formatting, exit for any error. */
+ strict adherence to required formatting, exit for any error. */
p += 5;
if (!isspace(*(p++)))
{
goto proxyfail;
}
*sp = '\0';
- if(!string_is_ip_address(p,NULL))
+ if(!string_is_ip_address(p, NULL))
{
DEBUG(D_receive)
debug_printf("Proxied src arg is not an %s address\n", iptype);
goto proxyfail;
}
*sp = '\0';
- if(!string_is_ip_address(p,NULL))
+ if(!string_is_ip_address(p, NULL))
{
DEBUG(D_receive)
debug_printf("Proxy dest arg is not an %s address\n", iptype);
goto proxyfail;
}
*sp = '\0';
- tmp_port = strtol(CCS p,&endc,10);
+ tmp_port = strtol(CCS p, &endc, 10);
if (*endc || tmp_port == 0)
{
DEBUG(D_receive)
DEBUG(D_receive) debug_printf("Did not find proxy dest port\n");
goto proxyfail;
}
- tmp_port = strtol(CCS p,&endc,10);
+ tmp_port = strtol(CCS p, &endc, 10);
if (*endc || tmp_port == 0)
{
DEBUG(D_receive)
}
proxy_external_port = tmp_port;
/* Already checked for /r /n above. Good V1 header received. */
- goto done;
}
else
{
/* Wrong protocol */
DEBUG(D_receive) debug_printf("Invalid proxy protocol version negotiation\n");
+ (void) swallow_until_crlf(fd, (uschar*)&hdr, ret, sizeof(hdr)-ret);
goto proxyfail;
}
+done:
+ DEBUG(D_receive)
+ debug_printf("Valid %s sender from Proxy Protocol header\n", iptype);
+ yield = proxy_session;
+
+/* Don't flush any potential buffer contents. Any input on proxyfail
+should cause a synchronization failure */
+
proxyfail:
-restore_socket_timeout(fd, get_ok, &tvtmp, vslen);
-/* Don't flush any potential buffer contents. Any input should cause a
- synchronization failure */
-return FALSE;
+ restore_socket_timeout(fd, get_ok, &tvtmp, vslen);
-done:
-restore_socket_timeout(fd, get_ok, &tvtmp, vslen);
-DEBUG(D_receive)
- debug_printf("Valid %s sender from Proxy Protocol header\n", iptype);
-return proxy_session;
+bad:
+ if (yield)
+ {
+ sender_host_name = NULL;
+ (void) host_name_lookup();
+ host_build_sender_fullhost();
+ }
+ else
+ {
+ proxy_session_failed = TRUE;
+ DEBUG(D_receive)
+ debug_printf("Failure to extract proxied host, only QUIT allowed\n");
+ }
+
+return;
}
#endif
return when it runs.
Arguments:
- check_sync if TRUE, check synchronization rules if global option is TRUE
+ check_sync if TRUE, check synchronization rules if global option is TRUE
+ buffer_lim maximum to buffer in lower layer
Returns: a code identifying the command (enumerated above)
*/
static int
-smtp_read_command(BOOL check_sync)
+smtp_read_command(BOOL check_sync, unsigned buffer_lim)
{
int c;
int ptr = 0;
os_non_restarting_signal(SIGALRM, command_timeout_handler);
-while ((c = (receive_getc)()) != '\n' && c != EOF)
+while ((c = (receive_getc)(buffer_lim)) != '\n' && c != EOF)
{
- if (ptr >= smtp_cmd_buffer_size)
+ if (ptr >= SMTP_CMD_BUFFER_SIZE)
{
os_non_restarting_signal(SIGALRM, sigalrm_handler);
return OTHER_CMD;
for (p = cmd_list; p < cmd_list_end; p++)
{
- #ifdef SUPPORT_PROXY
+#ifdef SUPPORT_PROXY
/* Only allow QUIT command if Proxy Protocol parsing failed */
- if (proxy_session && proxy_session_failed)
- {
- if (p->cmd != QUIT_CMD)
- continue;
- }
- #endif
+ if (proxy_session && proxy_session_failed && p->cmd != QUIT_CMD)
+ continue;
+#endif
if ( p->len
&& strncmpic(smtp_cmd_buffer, US p->name, p->len) == 0
&& ( smtp_cmd_buffer[p->len-1] == ':' /* "mail from:" or "rcpt to:" */
-/*************************************************
-* Recheck synchronization *
-*************************************************/
-
-/* Synchronization checks can never be perfect because a packet may be on its
-way but not arrived when the check is done. Such checks can in any case only be
-done when TLS is not in use. Normally, the checks happen when commands are
-read: Exim ensures that there is no more input in the input buffer. In normal
-cases, the response to the command will be fast, and there is no further check.
-
-However, for some commands an ACL is run, and that can include delays. In those
-cases, it is useful to do another check on the input just before sending the
-response. This also applies at the start of a connection. This function does
-that check by means of the select() function, as long as the facility is not
-disabled or inappropriate. A failure of select() is ignored.
-
-When there is unwanted input, we read it so that it appears in the log of the
-error.
-
-Arguments: none
-Returns: TRUE if all is well; FALSE if there is input pending
-*/
-
-static BOOL
-check_sync(void)
-{
-int fd, rc;
-fd_set fds;
-struct timeval tzero;
-
-if (!smtp_enforce_sync || sender_host_address == NULL ||
- sender_host_notsocket || tls_in.active >= 0)
- return TRUE;
-
-fd = fileno(smtp_in);
-FD_ZERO(&fds);
-FD_SET(fd, &fds);
-tzero.tv_sec = 0;
-tzero.tv_usec = 0;
-rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero);
-
-if (rc <= 0) return TRUE; /* Not ready to read */
-rc = smtp_getc();
-if (rc < 0) return TRUE; /* End of file or error */
-
-smtp_ungetc(rc);
-rc = smtp_inend - smtp_inptr;
-if (rc > 150) rc = 150;
-smtp_inptr[rc] = 0;
-return FALSE;
-}
-
-
-
/*************************************************
* Forced closedown of call *
*************************************************/
receive_swallow_smtp();
smtp_printf("421 %s\r\n", message);
-for (;;) switch(smtp_read_command(FALSE))
+for (;;) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
{
case EOF_CMD:
return;
/* Check the format of a HELO line. The data for HELO/EHLO is supposed to be
the domain name of the sending host, or an ip literal in square brackets. The
-arrgument is placed in sender_helo_name, which is in malloc store, because it
+argument is placed in sender_helo_name, which is in malloc store, because it
must persist over multiple incoming messages. If helo_accept_junk is set, this
host is permitted to send any old junk (needed for some broken hosts).
Otherwise, helo_allow_chars can be used for rogue characters in general
uschar *v = smtp_cmd_data + Ustrlen(smtp_cmd_data) - 1;
while (isspace(*v)) v--;
v[1] = 0;
-while (v > smtp_cmd_data && *v != '=' && !isspace(*v)) v--;
+while (v > smtp_cmd_data && *v != '=' && !isspace(*v))
+ {
+ /* Take care to not stop at a space embedded in a quoted local-part */
+
+ if (*v == '"') do v--; while (*v != '"' && v > smtp_cmd_data+1);
+ v--;
+ }
n = v;
if (*v == '=')
static void
smtp_reset(void *reset_point)
{
-store_reset(reset_point);
recipients_list = NULL;
rcpt_count = rcpt_defer_count = rcpt_fail_count =
raw_recipients_count = recipients_count = recipients_list_max = 0;
suppress_local_fixups = suppress_local_fixups_default; /* Can be set by ACL */
active_local_from_check = local_from_check; /* Can be set by ACL */
active_local_sender_retain = local_sender_retain; /* Can be set by ACL */
-sender_address = NULL;
+sending_ip_address = NULL;
+return_path = sender_address = NULL;
+sender_data = NULL; /* Can be set by ACL */
+deliver_localpart_orig = NULL;
+deliver_domain_orig = NULL;
+callout_address = NULL;
submission_name = NULL; /* Can be set by ACL */
raw_sender = NULL; /* After SMTP rewrite, before qualifying */
sender_address_unrewritten = NULL; /* Set only after verify rewrite */
bmi_run = 0;
bmi_verdicts = NULL;
#endif
+dnslist_domain = dnslist_matched = NULL;
#ifndef DISABLE_DKIM
dkim_signers = NULL;
dkim_disable_verify = FALSE;
#endif
dsn_ret = 0;
dsn_envid = NULL;
+deliver_host = deliver_host_address = NULL; /* Can be set by ACL */
#ifndef DISABLE_PRDR
prdr_requested = FALSE;
#endif
not the first message in an SMTP session and the previous message caused them
to be referenced in an ACL. */
-if (message_body != NULL)
+if (message_body)
{
store_free(message_body);
message_body = NULL;
}
-if (message_body_end != NULL)
+if (message_body_end)
{
store_free(message_body_end);
message_body_end = NULL;
repetition in the same message, but it seems right to repeat them for different
messages. */
-while (acl_warn_logged != NULL)
+while (acl_warn_logged)
{
string_item *this = acl_warn_logged;
acl_warn_logged = acl_warn_logged->next;
store_free(this);
}
+store_reset(reset_point);
}
uschar *recipient = NULL;
int start, end, sender_domain, recipient_domain;
- switch(smtp_read_command(FALSE))
+ switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
{
/* The HELO/EHLO commands set sender_address_helo if they have
valid data; otherwise they are ignored, except that they do
+static BOOL
+smtp_log_tls_fail(uschar * errstr)
+{
+uschar * conn_info = smtp_get_connection_info();
+
+if (Ustrncmp(conn_info, US"SMTP ", 5) == 0) conn_info += 5;
+/* I'd like to get separated H= here, but too hard for now */
+
+log_write(0, LOG_MAIN, "TLS error on %s %s", conn_info, errstr);
+return FALSE;
+}
+
+
/*************************************************
* Start an SMTP session *
*************************************************/
/* Allow for trailing 0 in the command and data buffers. */
-if (!(smtp_cmd_buffer = US malloc(2*smtp_cmd_buffer_size + 2)))
+if (!(smtp_cmd_buffer = US malloc(2*SMTP_CMD_BUFFER_SIZE + 2)))
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
"malloc() failed for SMTP command buffer");
smtp_cmd_buffer[0] = 0;
-smtp_data_buffer = smtp_cmd_buffer + smtp_cmd_buffer_size + 1;
+smtp_data_buffer = smtp_cmd_buffer + SMTP_CMD_BUFFER_SIZE + 1;
/* For batched input, the protocol setting can be overridden from the
command line by a trusted caller. */
/* Set up the buffer for inputting using direct read() calls, and arrange to
call the local functions instead of the standard C ones. */
-if (!(smtp_inbuffer = (uschar *)malloc(in_buffer_size)))
+if (!(smtp_inbuffer = (uschar *)malloc(IN_BUFFER_SIZE)))
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP input buffer");
receive_getc = smtp_getc;
"bad value for smtp_receive_timeout: '%s'", exp ? exp : US"");
}
- /* Start up TLS if tls_on_connect is set. This is for supporting the legacy
- smtps port for use with older style SSL MTAs. */
-
- #ifdef SUPPORT_TLS
- if (tls_in.on_connect && tls_server_start(tls_require_ciphers) != OK)
- return FALSE;
- #endif
-
/* Test for explicit connection rejection */
if (verify_check_host(&host_reject_connection) == OK)
value of errno is 0 or ENOENT (which happens if /etc/hosts.{allow,deny} does
not exist). */
- #ifdef USE_TCP_WRAPPERS
+#ifdef USE_TCP_WRAPPERS
errno = 0;
- tcp_wrappers_name = expand_string(tcp_wrappers_daemon_name);
- if (tcp_wrappers_name == NULL)
- {
+ if (!(tcp_wrappers_name = expand_string(tcp_wrappers_daemon_name)))
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" "
"(tcp_wrappers_name) failed: %s", string_printing(tcp_wrappers_name),
expand_string_message);
- }
+
if (!hosts_ctl(tcp_wrappers_name,
- (sender_host_name == NULL)? STRING_UNKNOWN : CS sender_host_name,
- (sender_host_address == NULL)? STRING_UNKNOWN : CS sender_host_address,
- (sender_ident == NULL)? STRING_UNKNOWN : CS sender_ident))
+ sender_host_name ? CS sender_host_name : STRING_UNKNOWN,
+ sender_host_address ? CS sender_host_address : STRING_UNKNOWN,
+ sender_ident ? CS sender_ident : STRING_UNKNOWN))
{
if (errno == 0 || errno == ENOENT)
{
}
return FALSE;
}
- #endif
+#endif
/* Check for reserved slots. The value of smtp_accept_count has already been
incremented to include this process. */
if (smtp_batched_input) return TRUE;
-#ifdef SUPPORT_PROXY
/* If valid Proxy Protocol source is connecting, set up session.
* Failure will not allow any SMTP function other than QUIT. */
+
+#ifdef SUPPORT_PROXY
proxy_session = FALSE;
proxy_session_failed = FALSE;
if (check_proxy_protocol_host())
- if (!setup_proxy_protocol_host())
- {
- proxy_session_failed = TRUE;
- DEBUG(D_receive)
- debug_printf("Failure to extract proxied host, only QUIT allowed\n");
- }
- else
- {
- sender_host_name = NULL;
- (void)host_name_lookup();
- host_build_sender_fullhost();
- }
+ setup_proxy_protocol_host();
#endif
-/* Run the ACL if it exists */
+ /* Start up TLS if tls_on_connect is set. This is for supporting the legacy
+ smtps port for use with older style SSL MTAs. */
+
+#ifdef SUPPORT_TLS
+ if (tls_in.on_connect && tls_server_start(tls_require_ciphers, &user_msg) != OK)
+ return smtp_log_tls_fail(user_msg);
+#endif
+
+/* Run the connect ACL if it exists */
user_msg = NULL;
if (acl_smtp_connect)
-/*************************************************
-* Log incomplete transactions *
-*************************************************/
-
-/* This function is called after a transaction has been aborted by RSET, QUIT,
-connection drops or other errors. It logs the envelope information received
-so far in order to preserve address verification attempts.
-
-Argument: string to indicate what aborted the transaction
-Returns: nothing
-*/
-
-static void
-incomplete_transaction_log(uschar *what)
-{
-if (sender_address == NULL || /* No transaction in progress */
- !LOGGING(smtp_incomplete_transaction))
- return;
-
-/* Build list of recipients for logging */
-
-if (recipients_count > 0)
- {
- int i;
- raw_recipients = store_get(recipients_count * sizeof(uschar *));
- for (i = 0; i < recipients_count; i++)
- raw_recipients[i] = recipients_list[i].address;
- raw_recipients_count = recipients_count;
- }
-
-log_write(L_smtp_incomplete_transaction, LOG_MAIN|LOG_SENDER|LOG_RECIPIENTS,
- "%s incomplete transaction (%s)", host_and_ident(TRUE), what);
-}
-
-
-
-
/*************************************************
* Send SMTP response, possibly multiline *
*************************************************/
failures, but not defers. However, always log it for defer, and log it for fail
unless the sender_verify_fail log selector has been turned off. */
-if (sender_verified_failed != NULL &&
+if (sender_verified_failed &&
!testflag(sender_verified_failed, af_sverify_told))
{
BOOL save_rcpt_in_progress = rcpt_in_progress;
(sender_verified_failed->message == NULL)? US"" :
string_sprintf(": %s", sender_verified_failed->message));
- if (rc == FAIL && sender_verified_failed->user_message != NULL)
+ if (rc == FAIL && sender_verified_failed->user_message)
smtp_respond(smtp_code, codelen, FALSE, string_sprintf(
testflag(sender_verified_failed, af_verify_pmfail)?
"Postmaster verification failed while checking <%s>\n%s\n"
passed to this function.
In case things go wrong while processing this function, causing an error that
-may re-enter this funtion, there is a recursion check.
+may re-enter this function, there is a recursion check.
Arguments:
reason What $smtp_notquit_reason will be set to in the ACL;
US &off, sizeof(off));
#endif
- switch(smtp_read_command(TRUE))
+ switch(smtp_read_command(TRUE, GETC_BUFFER_UNLIMITED))
{
/* The AUTH command is not permitted to occur inside a transaction, and may
occur successfully only once per connection. Actually, that isn't quite
dsn_advertised = TRUE;
}
- /* Advertise ETRN if there's an ACL checking whether a host is
- permitted to issue it; a check is made when any host actually tries. */
+ /* Advertise ETRN/VRFY/EXPN if there's are ACL checking whether a host is
+ permitted to issue them; a check is made when any host actually tries. */
- if (acl_smtp_etrn != NULL)
+ if (acl_smtp_etrn)
{
s = string_catn(s, &size, &ptr, smtp_code, 3);
s = string_catn(s, &size, &ptr, US"-ETRN\r\n", 7);
}
-
- /* Advertise EXPN if there's an ACL checking whether a host is
- permitted to issue it; a check is made when any host actually tries. */
-
- if (acl_smtp_expn != NULL)
+ if (acl_smtp_vrfy)
+ {
+ s = string_catn(s, &size, &ptr, smtp_code, 3);
+ s = string_catn(s, &size, &ptr, US"-VRFY\r\n", 7);
+ }
+ if (acl_smtp_expn)
{
s = string_catn(s, &size, &ptr, smtp_code, 3);
s = string_catn(s, &size, &ptr, US"-EXPN\r\n", 7);
case ENV_MAIL_OPT_UTF8:
if (smtputf8_advertised)
{
+ int old_pool = store_pool;
+
DEBUG(D_receive) debug_printf("smtputf8 requested\n");
message_smtputf8 = allow_utf8_domains = TRUE;
+ store_pool = POOL_PERM;
received_protocol = string_sprintf("utf8%s", received_protocol);
+ store_pool = old_pool;
}
break;
#endif
friends now makes it absolutely clear that it means *mailbox*. Consequently
we must always qualify this address, regardless. */
- if (recipient_domain == 0)
+ if (!recipient_domain)
if (!(recipient_domain = qualify_recipient(&recipient, smtp_cmd_data,
US"recipient")))
{
chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0
? CHUNKING_LAST : CHUNKING_ACTIVE;
chunking_data_left = chunking_datasize;
+ DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
+ (int)chunking_state, chunking_data_left);
lwr_receive_getc = receive_getc;
lwr_receive_ungetc = receive_ungetc;
receive_getc = bdat_getc;
receive_ungetc = bdat_ungetc;
- DEBUG(D_any)
- debug_printf("chunking state %d\n", (int)chunking_state);
goto DATA_BDAT;
}
break;
}
- if (recipient_domain == 0)
+ if (!recipient_domain)
if (!(recipient_domain = qualify_recipient(&address, smtp_cmd_data,
US"verify")))
break;
/* RFC 2487 is not clear on when this command may be sent, though it
does state that all information previously obtained from the client
- must be discarded if a TLS session is started. It seems reasonble to
+ must be discarded if a TLS session is started. It seems reasonable to
do an implied RSET when STARTTLS is received. */
incomplete_transaction_log(US"STARTTLS");
/* and if TLS is already active, tls_server_start() should fail */
}
- /* There is nothing we value in the input buffer and if TLS is succesfully
+ /* There is nothing we value in the input buffer and if TLS is successfully
negotiated, we won't use this buffer again; if TLS fails, we'll just read
fresh content into it. The buffer contains arbitrary content from an
untrusted remote source; eg: NOOP <shellcode>\r\nSTARTTLS\r\n
It seems safest to just wipe away the content rather than leave it as a
target to jump to. */
- memset(smtp_inbuffer, 0, in_buffer_size);
+ memset(smtp_inbuffer, 0, IN_BUFFER_SIZE);
/* Attempt to start up a TLS session, and if successful, discard all
knowledge that was obtained previously. At least, that's what the RFC says,
We must allow for an extra EHLO command and an extra AUTH command after
STARTTLS that don't add to the nonmail command count. */
- if ((rc = tls_server_start(tls_require_ciphers)) == OK)
+ s = NULL;
+ if ((rc = tls_server_start(tls_require_ciphers, &s)) == OK)
{
if (!tls_remember_esmtp)
helo_seen = esmtp = auth_advertised = pipelining_advertised = FALSE;
DEBUG(D_tls) debug_printf("TLS active\n");
break; /* Successful STARTTLS */
}
+ else
+ (void) smtp_log_tls_fail(s);
/* Some local configuration problem was discovered before actually trying
to do a TLS handshake; give a temporary error. */
- else if (rc == DEFER)
+ if (rc == DEFER)
{
smtp_printf("454 TLS currently unavailable\r\n");
break;
set, but we must still reject all incoming commands. */
DEBUG(D_tls) debug_printf("TLS failed to start\n");
- while (done <= 0) switch(smtp_read_command(FALSE))
+ while (done <= 0) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
{
case EOF_CMD:
log_write(L_smtp_connection, LOG_MAIN, "%s closed by EOF",
case BADSYN_CMD:
SYNC_FAILURE:
- if (smtp_inend >= smtp_inbuffer + in_buffer_size)
- smtp_inend = smtp_inbuffer + in_buffer_size - 1;
+ if (smtp_inend >= smtp_inbuffer + IN_BUFFER_SIZE)
+ smtp_inend = smtp_inbuffer + IN_BUFFER_SIZE - 1;
c = smtp_inend - smtp_inptr;
if (c > 150) c = 150;
smtp_inptr[c] = 0;
if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, US &on, sizeof(on)))
HDEBUG(D_transport|D_acl|D_v)
- debug_printf("failed to set NODELAY: %s ", strerror(errno));
+ debug_printf_indent("failed to set NODELAY: %s ", strerror(errno));
/* Set DSCP value, if we can. For now, if we fail to set the value, we don't
bomb out, just log it and continue in default traffic class. */
if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
{
HDEBUG(D_transport|D_acl|D_v)
- debug_printf("DSCP \"%s\"=%x ", dscp, dscp_value);
+ debug_printf_indent("DSCP \"%s\"=%x ", dscp, dscp_value);
if (setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)) < 0)
HDEBUG(D_transport|D_acl|D_v)
- debug_printf("failed to set DSCP: %s ", strerror(errno));
+ debug_printf_indent("failed to set DSCP: %s ", strerror(errno));
/* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the
option for both; ignore failures here */
if (host_af == AF_INET6 &&
{
save_errno = errno;
HDEBUG(D_transport|D_acl|D_v)
- debug_printf("unable to bind outgoing SMTP call to %s: %s", interface,
+ debug_printf_indent("unable to bind outgoing SMTP call to %s: %s", interface,
strerror(errno));
}
{
HDEBUG(D_transport|D_acl|D_v)
{
- debug_printf("failed: %s", CUstrerror(save_errno));
+ debug_printf_indent("failed: %s", CUstrerror(save_errno));
if (save_errno == ETIMEDOUT)
debug_printf(" (timeout=%s)", readconf_printtime(timeout));
debug_printf("\n");
{
union sockaddr_46 interface_sock;
EXIM_SOCKLEN_T size = sizeof(interface_sock);
- HDEBUG(D_transport|D_acl|D_v) debug_printf("connected\n");
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent("connected\n");
if (getsockname(sock, (struct sockaddr *)(&interface_sock), &size) == 0)
sending_ip_address = host_ntoa(-1, &interface_sock, NULL, &sending_port);
else
if (host->port != PORT_NONE)
{
HDEBUG(D_transport|D_acl|D_v)
- debug_printf("Transport port=%d replaced by host-specific port=%d\n", port,
+ debug_printf_indent("Transport port=%d replaced by host-specific port=%d\n", port,
host->port);
port = host->port;
}
#ifdef SUPPORT_SOCKS
if (ob->socks_proxy) s = string_sprintf("%svia proxy ", s);
#endif
- debug_printf("Connecting to %s %s%s... ", host->name, callout_address, s);
+ debug_printf_indent("Connecting to %s %s%s... ", host->name, callout_address, s);
}
/* Create and connect the socket */
int rc;
int n = outblock->ptr - outblock->buffer;
-HDEBUG(D_transport|D_acl) debug_printf("cmd buf flush %d bytes\n", n);
+HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes\n", n);
#ifdef SUPPORT_TLS
if (tls_out.active == outblock->sock)
rc = tls_write(FALSE, outblock->buffer, n);
if (rc <= 0)
{
- HDEBUG(D_transport|D_acl) debug_printf("send failed: %s\n", strerror(errno));
+ HDEBUG(D_transport|D_acl) debug_printf_indent("send failed: %s\n", strerror(errno));
return FALSE;
}
while (*p != 0) *p++ = '*';
}
- HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> %s\n", big_buffer);
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> %s\n", big_buffer);
}
if (!noflush)
/* Need to read a new input packet. */
- rc = ip_recv(sock, inblock->buffer, inblock->buffersize, timeout);
- if (rc <= 0) break;
+ if((rc = ip_recv(sock, inblock->buffer, inblock->buffersize, timeout)) <= 0)
+ {
+ if (!errno)
+ DEBUG(D_deliver|D_transport|D_acl) debug_printf_indent(" SMTP(closed)<<\n");
+ break;
+ }
/* Another block of data has been successfully read. Set up the pointers
and let the loop continue. */
ptrend = inblock->ptrend = inblock->buffer + rc;
ptr = inblock->buffer;
- DEBUG(D_transport|D_acl) debug_printf("read response data: size=%d\n", rc);
+ DEBUG(D_transport|D_acl) debug_printf_indent("read response data: size=%d\n", rc);
}
/* Get here if there has been some kind of recv() error; errno is set, but we
errno = 0; /* Ensure errno starts out zero */
-/* This is a loop to read and concatentate the lines that make up a multi-line
+/* This is a loop to read and concatenate the lines that make up a multi-line
response. */
for (;;)
return FALSE;
HDEBUG(D_transport|D_acl|D_v)
- debug_printf(" %s %s\n", (ptr == buffer)? "SMTP<<" : " ", ptr);
+ debug_printf_indent(" %s %s\n", (ptr == buffer)? "SMTP<<" : " ", ptr);
/* Check the format of the response: it must start with three digits; if
these are followed by a space or end of line, the response is complete. If
else
spamd_address_work = spamd_address;
-DEBUG(D_acl) debug_printf("spamd: addrlist '%s'\n", spamd_address_work);
+DEBUG(D_acl) debug_printf_indent("spamd: addrlist '%s'\n", spamd_address_work);
/* check if previous spamd_address was expanded and has changed. dump cached results if so */
if ( spam_ok
unsigned args;
uschar * s;
- DEBUG(D_acl) debug_printf("spamd: addr entry '%s'\n", address);
+ DEBUG(D_acl) debug_printf_indent("spamd: addr entry '%s'\n", address);
sd = (spamd_address_container *)store_get(sizeof(spamd_address_container));
for (sublist = address, args = 0, spamd_param_init(sd);
args++
)
{
- DEBUG(D_acl) debug_printf("spamd: addr parm '%s'\n", s);
+ DEBUG(D_acl) debug_printf_indent("spamd: addr parm '%s'\n", s);
switch (args)
{
case 0: sd->hostspec = s;
{
uschar * errstr;
- DEBUG(D_acl) debug_printf("spamd: trying server %s\n", sd->hostspec);
+ DEBUG(D_acl) debug_printf_indent("spamd: trying server %s\n", sd->hostspec);
for (;;)
{
|| sd->retry <= 0
)
break;
- DEBUG(D_acl) debug_printf("spamd: server %s: retry conn\n", sd->hostspec);
+ DEBUG(D_acl) debug_printf_indent("spamd: server %s: retry conn\n", sd->hostspec);
while (sd->retry > 0) sd->retry = sleep(sd->retry);
}
if (spamd_sock >= 0)
}
/* now send the file */
-/* spamd sometimes accepts conections but doesn't read data off
+/* spamd sometimes accepts connections but doesn't read data off
* the connection. We make the file descriptor non-blocking so
* that the write will only write sufficient data without blocking
- * and we poll the desciptor to make sure that we can write without
+ * and we poll the descriptor to make sure that we can write without
* blocking. Short writes are gracefully handled and if the whole
- * trasaction takes too long it is aborted.
+ * transaction takes too long it is aborted.
* Note: poll() is not supported in OSX 10.2 and is reported to be
* broken in more recent versions (up to 10.4).
*/
Returns: spool_read_OK success
spool_read_notopen open failed
spool_read_enverror error in the envelope portion
- spool_read_hdrdrror error in the header portion
+ spool_read_hdrerror error in the header portion
*/
int
#endif /* NEED_SYNC_DIRECTORY */
/* Return the number of characters in the headers, which is the file size, less
-the prelimary stuff, less the additional count fields on the headers. */
+the preliminary stuff, less the additional count fields on the headers. */
DEBUG(D_receive) debug_printf("Size of headers = %d\n",
(int)(statbuf.st_size - size_correction));
{
int length = (size <= STORE_BLOCK_SIZE)? STORE_BLOCK_SIZE : size;
int mlength = length + ALIGNED_SIZEOF_STOREBLOCK;
- storeblock *newblock = NULL;
+ storeblock * newblock = NULL;
/* Sometimes store_reset() may leave a block for us; check if we can use it */
- if (current_block[store_pool] != NULL &&
- current_block[store_pool]->next != NULL)
+ if ( (newblock = current_block[store_pool])
+ && (newblock = newblock->next)
+ && newblock->length < length
+ )
{
- newblock = current_block[store_pool]->next;
- if (newblock->length < length)
- {
- /* Give up on this block, because it's too small */
- store_free(newblock);
- newblock = NULL;
- }
+ /* Give up on this block, because it's too small */
+ store_free(newblock);
+ newblock = NULL;
}
/* If there was no free block, get a new one */
- if (newblock == NULL)
+ if (!newblock)
{
pool_malloc += mlength; /* Used in pools */
nonpool_malloc -= mlength; /* Exclude from overall total */
newblock = store_malloc(mlength);
newblock->next = NULL;
newblock->length = length;
- if (chainbase[store_pool] == NULL) chainbase[store_pool] = newblock;
- else current_block[store_pool]->next = newblock;
+ if (!chainbase[store_pool])
+ chainbase[store_pool] = newblock;
+ else
+ current_block[store_pool]->next = newblock;
}
current_block[store_pool] = newblock;
yield_length[store_pool] = newblock->length;
next_yield[store_pool] =
- (void *)((char *)current_block[store_pool] + ALIGNED_SIZEOF_STOREBLOCK);
+ (void *)(CS current_block[store_pool] + ALIGNED_SIZEOF_STOREBLOCK);
(void) VALGRIND_MAKE_MEM_NOACCESS(next_yield[store_pool], yield_length[store_pool]);
}
void
store_reset_3(void *ptr, const char *filename, int linenumber)
{
-storeblock *bb;
-storeblock *b = current_block[store_pool];
-char *bc = (char *)b + ALIGNED_SIZEOF_STOREBLOCK;
+storeblock * bb;
+storeblock * b = current_block[store_pool];
+char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
int newlength;
/* Last store operation was not a get */
/* See if the place is in the current block - as it often will be. Otherwise,
search for the block in which it lies. */
-if ((char *)ptr < bc || (char *)ptr > bc + b->length)
+if (CS ptr < bc || CS ptr > bc + b->length)
{
- for (b = chainbase[store_pool]; b != NULL; b = b->next)
+ for (b = chainbase[store_pool]; b; b = b->next)
{
- bc = (char *)b + ALIGNED_SIZEOF_STOREBLOCK;
- if ((char *)ptr >= bc && (char *)ptr <= bc + b->length) break;
+ bc = CS b + ALIGNED_SIZEOF_STOREBLOCK;
+ if (CS ptr >= bc && CS ptr <= bc + b->length) break;
}
- if (b == NULL)
+ if (!b)
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "internal error: store_reset(%p) "
"failed: pool=%d %-14s %4d", ptr, store_pool, filename, linenumber);
}
/* Back up, rounding to the alignment if necessary. When testing, flatten
the released memory. */
-newlength = bc + b->length - (char *)ptr;
+newlength = bc + b->length - CS ptr;
#ifndef COMPILE_UTILITY
-if (running_in_test_harness)
+if (running_in_test_harness || debug_store)
{
- (void) VALGRIND_MAKE_MEM_DEFINED(ptr, newlength);
- memset(ptr, 0xF0, newlength);
+ assert_no_variables(ptr, newlength, filename, linenumber);
+ if (running_in_test_harness)
+ {
+ (void) VALGRIND_MAKE_MEM_DEFINED(ptr, newlength);
+ memset(ptr, 0xF0, newlength);
+ }
}
#endif
(void) VALGRIND_MAKE_MEM_NOACCESS(ptr, newlength);
yield_length[store_pool] = newlength - (newlength % alignment);
-next_yield[store_pool] = (char *)ptr + (newlength % alignment);
+next_yield[store_pool] = CS ptr + (newlength % alignment);
current_block[store_pool] = b;
/* Free any subsequent block. Do NOT free the first successor, if our
flapping memory. However, keep this block only when it has the default size. */
if (yield_length[store_pool] < STOREPOOL_MIN_SIZE &&
- b->next != NULL &&
+ b->next &&
b->next->length == STORE_BLOCK_SIZE)
{
b = b->next;
- (void) VALGRIND_MAKE_MEM_NOACCESS((char *)b + ALIGNED_SIZEOF_STOREBLOCK,
+#ifndef COMPILE_UTILITY
+ if (running_in_test_harness || debug_store)
+ assert_no_variables(b, b->length + ALIGNED_SIZEOF_STOREBLOCK,
+ filename, linenumber);
+#endif
+ (void) VALGRIND_MAKE_MEM_NOACCESS(CS b + ALIGNED_SIZEOF_STOREBLOCK,
b->length - ALIGNED_SIZEOF_STOREBLOCK);
}
bb = b->next;
b->next = NULL;
-while (bb != NULL)
+while ((b = bb))
{
- b = bb;
+#ifndef COMPILE_UTILITY
+ if (running_in_test_harness || debug_store)
+ assert_no_variables(b, b->length + ALIGNED_SIZEOF_STOREBLOCK,
+ filename, linenumber);
+#endif
bb = bb->next;
pool_malloc -= b->length + ALIGNED_SIZEOF_STOREBLOCK;
store_free_3(b, filename, linenumber);
ss = store_get(length + nonprintcount * 3 + 1);
-/* Copy everying, escaping non printers. */
+/* Copy everything, escaping non printers. */
t = s;
tt = ss;
************************************************/
/* This function is used to build a list, returning
an allocated null-terminated growable string. The
-given element has any embedded seperator characters
+given element has any embedded separator characters
doubled.
Arguments:
list points to the start of the list that is being built, or NULL
if this is a new list that has no contents yet
- sep list seperator charactoer
- ele new lement to be appended to the list
+ sep list separator character
+ ele new element to be appended to the list
Returns: pointer to the start of the list, changed if copied for expansion.
*/
/* items below only used with option topt_use_bdat */
tpt_chunk_cmd_cb chunk_cb; /* per-datachunk callback */
- struct smtp_inblock * inblock;
- struct smtp_outblock * outblock;
- host_item * host;
- struct address_item * first_addr;
- struct address_item **sync_addr;
- BOOL pending_MAIL;
- BOOL pending_BDAT;
- BOOL good_RCPT;
- BOOL * completed_address;
- int cmd_count;
- uschar * buffer;
+ void * smtp_context;
} transport_ctx;
/* (may need to hold a timestamp) */
short int basic_errno; /* status after failure */
- short int child_count; /* number of child addresses */
+ unsigned short child_count; /* number of child addresses */
short int return_file; /* fileno of return data file */
short int special_action; /* ( used when when deferred or failed */
/* ( also */
The code herein is a revamp of GnuTLS integration using the current APIs; the
original tls-gnu.c was based on a patch which was contributed by Nikos
-Mavroyanopoulos. The revamp is partially a rewrite, partially cut&paste as
+Mavrogiannopoulos. The revamp is partially a rewrite, partially cut&paste as
appropriate.
APIs current as of GnuTLS 2.12.18; note that the GnuTLS manual is for GnuTLS 3,
#endif
#define exim_gnutls_err_check(Label) do { \
- if (rc != GNUTLS_E_SUCCESS) { return tls_error((Label), gnutls_strerror(rc), host); } } while (0)
+ if (rc != GNUTLS_E_SUCCESS) \
+ return tls_error((Label), gnutls_strerror(rc), host, errstr); \
+ } while (0)
-#define expand_check_tlsvar(Varname) expand_check(state->Varname, US #Varname, &state->exp_##Varname)
+#define expand_check_tlsvar(Varname, errstr) \
+ expand_check(state->Varname, US #Varname, &state->exp_##Varname, errstr)
#if GNUTLS_VERSION_NUMBER >= 0x020c00
# define HAVE_GNUTLS_SESSION_CHANNEL_BINDING
usually obtained from gnutls_strerror()
host NULL if setting up a server;
the connected host if setting up a client
+ errstr pointer to returned error string
Returns: OK/DEFER/FAIL
*/
static int
-tls_error(const uschar *prefix, const char *msg, const host_item *host)
+tls_error(const uschar *prefix, const char *msg, const host_item *host,
+ uschar ** errstr)
{
-if (host)
- {
- log_write(0, LOG_MAIN, "H=%s [%s] TLS error on connection (%s)%s%s",
- host->name, host->address, prefix, msg ? ": " : "", msg ? msg : "");
- return FAIL;
- }
-else
- {
- uschar *conn_info = smtp_get_connection_info();
- if (Ustrncmp(conn_info, US"SMTP ", 5) == 0)
- conn_info += 5;
- /* I'd like to get separated H= here, but too hard for now */
- log_write(0, LOG_MAIN, "TLS error on %s (%s)%s%s",
- conn_info, prefix, msg ? ": " : "", msg ? msg : "");
- return DEFER;
- }
+if (errstr)
+ *errstr = string_sprintf("(%s)%s%s", prefix, msg ? ": " : "", msg ? msg : "");
+return host ? FAIL : DEFER;
}
static void
record_io_error(exim_gnutls_state_st *state, int rc, uschar *when, uschar *text)
{
-const char *msg;
+const char * msg;
+uschar * errstr;
if (rc == GNUTLS_E_FATAL_ALERT_RECEIVED)
msg = CS string_sprintf("%s: %s", US gnutls_strerror(rc),
else
msg = gnutls_strerror(rc);
-tls_error(when, msg, state->host);
+(void) tls_error(when, msg, state->host, &errstr);
+
+if (state->host)
+ log_write(0, LOG_MAIN, "H=%s [%s] TLS error on connection %s",
+ state->host->name, state->host->address, errstr);
+else
+ {
+ uschar * conn_info = smtp_get_connection_info();
+ if (Ustrncmp(conn_info, US"SMTP ", 5) == 0) conn_info += 5;
+ /* I'd like to get separated H= here, but too hard for now */
+ log_write(0, LOG_MAIN, "TLS error on %s %s", conn_info, errstr);
+ }
}
*/
static int
-init_server_dh(void)
+init_server_dh(uschar ** errstr)
{
int fd, rc;
unsigned int dh_bits;
m.data = NULL;
m.size = 0;
-if (!expand_check(tls_dhparam, US"tls_dhparam", &exp_tls_dhparam))
+if (!expand_check(tls_dhparam, US"tls_dhparam", &exp_tls_dhparam, errstr))
return DEFER;
if (!exp_tls_dhparam)
else if (exp_tls_dhparam[0] != '/')
{
if (!(m.data = US std_dh_prime_named(exp_tls_dhparam)))
- return tls_error(US"No standard prime named", CS exp_tls_dhparam, NULL);
+ return tls_error(US"No standard prime named", CS exp_tls_dhparam, NULL, errstr);
m.size = Ustrlen(m.data);
}
else
different filename and ensure we have sufficient bits. */
dh_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL);
if (!dh_bits)
- return tls_error(US"gnutls_sec_param_to_pk_bits() failed", NULL, NULL);
+ return tls_error(US"gnutls_sec_param_to_pk_bits() failed", NULL, NULL, errstr);
DEBUG(D_tls)
debug_printf("GnuTLS tells us that for D-H PK, NORMAL is %d bits.\n",
dh_bits);
{
if (!string_format(filename_buf, sizeof(filename_buf),
"%s/gnutls-params-%d", spool_directory, dh_bits))
- return tls_error(US"overlong filename", NULL, NULL);
+ return tls_error(US"overlong filename", NULL, NULL, errstr);
filename = filename_buf;
}
{
saved_errno = errno;
(void)close(fd);
- return tls_error(US"TLS cache stat failed", strerror(saved_errno), NULL);
+ return tls_error(US"TLS cache stat failed", strerror(saved_errno), NULL, errstr);
}
if (!S_ISREG(statbuf.st_mode))
{
(void)close(fd);
- return tls_error(US"TLS cache not a file", NULL, NULL);
+ return tls_error(US"TLS cache not a file", NULL, NULL, errstr);
}
if (!(fp = fdopen(fd, "rb")))
{
saved_errno = errno;
(void)close(fd);
return tls_error(US"fdopen(TLS cache stat fd) failed",
- strerror(saved_errno), NULL);
+ strerror(saved_errno), NULL, errstr);
}
m.size = statbuf.st_size;
if (!(m.data = malloc(m.size)))
{
fclose(fp);
- return tls_error(US"malloc failed", strerror(errno), NULL);
+ return tls_error(US"malloc failed", strerror(errno), NULL, errstr);
}
if (!(sz = fread(m.data, m.size, 1, fp)))
{
saved_errno = errno;
fclose(fp);
free(m.data);
- return tls_error(US"fread failed", strerror(saved_errno), NULL);
+ return tls_error(US"fread failed", strerror(saved_errno), NULL, errstr);
}
fclose(fp);
}
else
return tls_error(string_open_failed(errno, "\"%s\" for reading", filename),
- NULL, NULL);
+ NULL, NULL, errstr);
/* If ret < 0, either the cache file does not exist, or the data it contains
is not useful. One particular case of this is when upgrading from an older
if ((PATH_MAX - Ustrlen(filename)) < 10)
return tls_error(US"Filename too long to generate replacement",
- CS filename, NULL);
+ CS filename, NULL, errstr);
temp_fn = string_copy(US "%s.XXXXXXX");
if ((fd = mkstemp(CS temp_fn)) < 0) /* modifies temp_fn */
- return tls_error(US"Unable to open temp file", strerror(errno), NULL);
+ return tls_error(US"Unable to open temp file", strerror(errno), NULL, errstr);
(void)fchown(fd, exim_uid, exim_gid); /* Probably not necessary */
/* GnuTLS overshoots!
exim_gnutls_err_check(US"gnutls_dh_params_export_pkcs3(NULL) sizing");
m.size = sz;
if (!(m.data = malloc(m.size)))
- return tls_error(US"memory allocation failed", strerror(errno), NULL);
+ return tls_error(US"memory allocation failed", strerror(errno), NULL, errstr);
/* this will return a size 1 less than the allocation size above */
rc = gnutls_dh_params_export_pkcs3(dh_server_params, GNUTLS_X509_FMT_PEM,
{
free(m.data);
return tls_error(US"TLS cache write D-H params failed",
- strerror(errno), NULL);
+ strerror(errno), NULL, errstr);
}
free(m.data);
if ((sz = write_to_fd_buf(fd, US"\n", 1)) != 1)
return tls_error(US"TLS cache write D-H params final newline failed",
- strerror(errno), NULL);
+ strerror(errno), NULL, errstr);
if ((rc = close(fd)))
- return tls_error(US"TLS cache write close() failed", strerror(errno), NULL);
+ return tls_error(US"TLS cache write close() failed", strerror(errno), NULL, errstr);
if (Urename(temp_fn, filename) < 0)
return tls_error(string_sprintf("failed to rename \"%s\" as \"%s\"",
- temp_fn, filename), strerror(errno), NULL);
+ temp_fn, filename), strerror(errno), NULL, errstr);
DEBUG(D_tls) debug_printf("wrote D-H parameters to file \"%s\"\n", filename);
}
/* Create and install a selfsigned certificate, for use in server mode */
static int
-tls_install_selfsign(exim_gnutls_state_st * state)
+tls_install_selfsign(exim_gnutls_state_st * state, uschar ** errstr)
{
gnutls_x509_crt_t cert = NULL;
time_t now;
return rc;
err:
- rc = tls_error(where, gnutls_strerror(rc), NULL);
+ rc = tls_error(where, gnutls_strerror(rc), NULL, errstr);
goto out;
}
Arguments:
state exim_gnutls_state_st *
+ errstr error string pointer
Returns: OK/DEFER/FAIL
*/
static int
-tls_expand_session_files(exim_gnutls_state_st *state)
+tls_expand_session_files(exim_gnutls_state_st *state, uschar ** errstr)
{
struct stat statbuf;
int rc;
/* check if we at least have a certificate, before doing expensive
D-H generation. */
-if (!expand_check_tlsvar(tls_certificate))
+if (!expand_check_tlsvar(tls_certificate, errstr))
return DEFER;
/* certificate is mandatory in server, optional in client */
|| !*state->exp_tls_certificate
)
if (!host)
- return tls_install_selfsign(state);
+ return tls_install_selfsign(state, errstr);
else
DEBUG(D_tls) debug_printf("TLS: no client certificate specified; okay\n");
-if (state->tls_privatekey && !expand_check_tlsvar(tls_privatekey))
+if (state->tls_privatekey && !expand_check_tlsvar(tls_privatekey, errstr))
return DEFER;
/* tls_privatekey is optional, defaulting to same file as certificate */
else
{
if (!expand_check(tls_ocsp_file, US"tls_ocsp_file",
- &state->exp_tls_ocsp_file))
+ &state->exp_tls_ocsp_file, errstr))
return DEFER;
/* Use the full callback method for stapling just to get observability.
if (state->tls_verify_certificates && *state->tls_verify_certificates)
{
- if (!expand_check_tlsvar(tls_verify_certificates))
+ if (!expand_check_tlsvar(tls_verify_certificates, errstr))
return DEFER;
#ifndef SUPPORT_SYSDEFAULT_CABUNDLE
if (Ustrcmp(state->exp_tls_verify_certificates, "system") == 0)
state->exp_tls_verify_certificates = NULL;
#endif
if (state->tls_crl && *state->tls_crl)
- if (!expand_check_tlsvar(tls_crl))
+ if (!expand_check_tlsvar(tls_crl, errstr))
return DEFER;
if (!(state->exp_tls_verify_certificates &&
Arguments:
state exim_gnutls_state_st *
+ errstr error string pointer
Returns: OK/DEFER/FAIL
*/
static int
-tls_set_remaining_x509(exim_gnutls_state_st *state)
+tls_set_remaining_x509(exim_gnutls_state_st *state, uschar ** errstr)
{
int rc;
const host_item *host = state->host; /* macro should be reconsidered? */
{
if (!dh_server_params)
{
- rc = init_server_dh();
+ rc = init_server_dh(errstr);
if (rc != OK) return rc;
}
gnutls_certificate_set_dh_params(state->x509_cred, dh_server_params);
crl CRL file
require_ciphers tls_require_ciphers setting
caller_state returned state-info structure
+ errstr error string pointer
Returns: OK/DEFER/FAIL
*/
const uschar *cas,
const uschar *crl,
const uschar *require_ciphers,
- exim_gnutls_state_st **caller_state)
+ exim_gnutls_state_st **caller_state,
+ uschar ** errstr)
{
exim_gnutls_state_st *state;
int rc;
DEBUG(D_tls)
debug_printf("Expanding various TLS configuration options for session credentials.\n");
-rc = tls_expand_session_files(state);
-if (rc != OK) return rc;
+if ((rc = tls_expand_session_files(state, errstr)) != OK) return rc;
/* These are all other parts of the x509_cred handling, since SNI in GnuTLS
requires a new structure afterwards. */
-rc = tls_set_remaining_x509(state);
-if (rc != OK) return rc;
+if ((rc = tls_set_remaining_x509(state, errstr)) != OK) return rc;
/* set SNI in client, only */
if (host)
{
- if (!expand_check(sni, US"tls_out_sni", &state->tlsp->sni))
+ if (!expand_check(sni, US"tls_out_sni", &state->tlsp->sni, errstr))
return DEFER;
if (state->tlsp->sni && *state->tlsp->sni)
{
if (state->tls_require_ciphers && *state->tls_require_ciphers)
{
- if (!expand_check_tlsvar(tls_require_ciphers))
+ if (!expand_check_tlsvar(tls_require_ciphers, errstr))
return DEFER;
if (state->exp_tls_require_ciphers && *state->exp_tls_require_ciphers)
{
Arguments:
state exim_gnutls_state_st *
+ errstr pointer to error string
Returns: OK/DEFER/FAIL
*/
static int
-peer_status(exim_gnutls_state_st *state)
+peer_status(exim_gnutls_state_st *state, uschar ** errstr)
{
uschar cipherbuf[256];
const gnutls_datum_t *cert_list;
cert_list, cert_list_size);
if (state->verify_requirement >= VERIFY_REQUIRED)
return tls_error(US"certificate verification failed",
- "no certificate received from peer", state->host);
+ "no certificate received from peer", state->host, errstr);
return OK;
}
debug_printf("TLS: peer cert not X.509 but instead \"%s\"\n", ctn);
if (state->verify_requirement >= VERIFY_REQUIRED)
return tls_error(US"certificate verification not possible, unhandled type",
- ctn, state->host);
+ ctn, state->host, errstr);
return OK;
}
DEBUG(D_tls) debug_printf("TLS: peer cert problem: %s: %s\n", \
(Label), gnutls_strerror(rc)); \
if (state->verify_requirement >= VERIFY_REQUIRED) \
- return tls_error((Label), gnutls_strerror(rc), state->host); \
+ return tls_error((Label), gnutls_strerror(rc), state->host, errstr); \
return OK; \
} \
} while (0)
Arguments:
state exim_gnutls_state_st *
- error where to put an error message
+ errstr where to put an error message
Returns:
FALSE if the session should be rejected
*/
static BOOL
-verify_certificate(exim_gnutls_state_st *state, const char **error)
+verify_certificate(exim_gnutls_state_st *state, uschar ** errstr)
{
int rc;
unsigned int verify;
-*error = NULL;
+*errstr = NULL;
-if ((rc = peer_status(state)) != OK)
+if ((rc = peer_status(state, errstr)) != OK)
{
verify = GNUTLS_CERT_INVALID;
- *error = "certificate not supplied";
+ *errstr = US"certificate not supplied";
}
else
rc = gnutls_certificate_verify_peers2(state->session, &verify);
)
{
state->peer_cert_verified = FALSE;
- if (!*error)
- *error = verify & GNUTLS_CERT_REVOKED
- ? "certificate revoked" : "certificate invalid";
+ if (!*errstr)
+ *errstr = verify & GNUTLS_CERT_REVOKED
+ ? US"certificate revoked" : US"certificate invalid";
DEBUG(D_tls)
debug_printf("TLS certificate verification failed (%s): peerdn=\"%s\"\n",
- *error, state->peerdn ? state->peerdn : US"<unset>");
+ *errstr, state->peerdn ? state->peerdn : US"<unset>");
if (state->verify_requirement >= VERIFY_REQUIRED)
{
exim_gnutls_state_st *state = &state_server;
unsigned int sni_type;
int rc, old_pool;
+uschar * dummy_errstr;
rc = gnutls_server_name_get(session, sni_name, &data_len, &sni_type, 0);
if (rc != GNUTLS_E_SUCCESS)
else
debug_printf("TLS failure: gnutls_server_name_get(): %s [%d]\n",
gnutls_strerror(rc), rc);
- };
+ }
return 0;
}
if (!state->trigger_sni_changes)
return 0;
-rc = tls_expand_session_files(state);
-if (rc != OK)
+if ((rc = tls_expand_session_files(state, &dummy_errstr)) != OK)
{
/* If the setup of certs/etc failed before handshake, TLS would not have
been offered. The best we can do now is abort. */
return GNUTLS_E_APPLICATION_ERROR_MIN;
}
-rc = tls_set_remaining_x509(state);
+rc = tls_set_remaining_x509(state, &dummy_errstr);
if (rc != OK) return GNUTLS_E_APPLICATION_ERROR_MIN;
return 0;
Arguments:
require_ciphers list of allowed ciphers or NULL
+ errstr pointer to error string
Returns: OK on success
DEFER for errors before the start of the negotiation
- FAIL for errors during the negotation; the server can't
+ FAIL for errors during the negotiation; the server can't
continue running.
*/
int
-tls_server_start(const uschar *require_ciphers)
+tls_server_start(const uschar * require_ciphers, uschar ** errstr)
{
int rc;
-const char *error;
-exim_gnutls_state_st *state = NULL;
+exim_gnutls_state_st * state = NULL;
/* Check for previous activation */
if (tls_in.active >= 0)
{
- tls_error(US"STARTTLS received after TLS started", "", NULL);
+ tls_error(US"STARTTLS received after TLS started", "", NULL, errstr);
smtp_printf("554 Already in TLS\r\n");
return FAIL;
}
DEBUG(D_tls) debug_printf("initialising GnuTLS as a server\n");
-rc = tls_init(NULL, tls_certificate, tls_privatekey,
+if ((rc = tls_init(NULL, tls_certificate, tls_privatekey,
NULL, tls_verify_certificates, tls_crl,
- require_ciphers, &state);
-if (rc != OK) return rc;
+ require_ciphers, &state, errstr)) != OK) return rc;
/* If this is a host for which certificate verification is mandatory or
optional, set up appropriately. */
if (sigalrm_seen)
{
- tls_error(US"gnutls_handshake", "timed out", NULL);
+ tls_error(US"gnutls_handshake", "timed out", NULL, errstr);
gnutls_db_remove_session(state->session);
}
else
{
- tls_error(US"gnutls_handshake", gnutls_strerror(rc), NULL);
+ tls_error(US"gnutls_handshake", gnutls_strerror(rc), NULL, errstr);
(void) gnutls_alert_send_appropriate(state->session, rc);
gnutls_deinit(state->session);
gnutls_certificate_free_credentials(state->x509_cred);
/* Verify after the fact */
if ( state->verify_requirement != VERIFY_NONE
- && !verify_certificate(state, &error))
+ && !verify_certificate(state, errstr))
{
if (state->verify_requirement != VERIFY_OPTIONAL)
{
- tls_error(US"certificate verification failed", error, NULL);
+ (void) tls_error(US"certificate verification failed", *errstr, NULL, errstr);
return FAIL;
}
DEBUG(D_tls)
debug_printf("TLS: continuing on only because verification was optional, after: %s\n",
- error);
+ *errstr);
}
/* Figure out peer DN, and if authenticated, etc. */
-if ((rc = peer_status(state)) != OK) return rc;
+if ((rc = peer_status(state, NULL)) != OK) return rc;
/* Sets various Exim expansion variables; always safe within server */
addr the first address (not used)
tb transport (always smtp)
+ errstr error string pointer
+
Returns: OK/DEFER/FAIL (because using common functions),
but for a client, DEFER and FAIL have the same meaning
*/
int
tls_client_start(int fd, host_item *host,
address_item *addr ARG_UNUSED,
- transport_instance *tb
+ transport_instance * tb,
#ifdef EXPERIMENTAL_DANE
- , dns_answer * unused_tlsa_dnsa
+ dns_answer * tlsa_dnsa ARG_UNUSED,
#endif
- )
+ uschar ** errstr)
{
smtp_transport_options_block *ob =
(smtp_transport_options_block *)tb->options_block;
int rc;
-const char *error;
exim_gnutls_state_st *state = NULL;
#ifndef DISABLE_OCSP
BOOL require_ocsp =
if ((rc = tls_init(host, ob->tls_certificate, ob->tls_privatekey,
ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl,
- ob->tls_require_ciphers, &state)) != OK)
+ ob->tls_require_ciphers, &state, errstr)) != OK)
return rc;
{
if ((rc = gnutls_ocsp_status_request_enable_client(state->session,
NULL, 0, NULL)) != OK)
return tls_error(US"cert-status-req",
- gnutls_strerror(rc), state->host);
+ gnutls_strerror(rc), state->host, errstr);
tls_out.ocsp = OCSP_NOT_RESP;
}
#endif
if (sigalrm_seen)
{
gnutls_alert_send(state->session, GNUTLS_AL_FATAL, GNUTLS_A_USER_CANCELED);
- return tls_error(US"gnutls_handshake", "timed out", state->host);
+ return tls_error(US"gnutls_handshake", "timed out", state->host, errstr);
}
else
- return tls_error(US"gnutls_handshake", gnutls_strerror(rc), state->host);
+ return tls_error(US"gnutls_handshake", gnutls_strerror(rc), state->host, errstr);
DEBUG(D_tls) debug_printf("gnutls_handshake was successful\n");
/* Verify late */
if (state->verify_requirement != VERIFY_NONE &&
- !verify_certificate(state, &error))
- return tls_error(US"certificate verification failed", error, state->host);
+ !verify_certificate(state, errstr))
+ return tls_error(US"certificate verification failed", *errstr, state->host, errstr);
#ifndef DISABLE_OCSP
if (require_ocsp)
gnutls_free(printed.data);
}
else
- (void) tls_error(US"ocsp decode", gnutls_strerror(rc), state->host);
+ (void) tls_error(US"ocsp decode", gnutls_strerror(rc), state->host, errstr);
}
if (gnutls_ocsp_status_request_is_checked(state->session, 0) == 0)
{
tls_out.ocsp = OCSP_FAILED;
- return tls_error(US"certificate status check failed", NULL, state->host);
+ return tls_error(US"certificate status check failed", NULL, state->host, errstr);
}
DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
tls_out.ocsp = OCSP_VFIED;
/* Figure out peer DN, and if authenticated, etc. */
-if ((rc = peer_status(state)) != OK)
+if ((rc = peer_status(state, errstr)) != OK)
return rc;
/* Sets various Exim expansion variables; may need to adjust for ACL callouts */
gnutls_global_deinit();
exim_gnutls_base_init_done = FALSE;
}
-
}
This feeds DKIM and should be used for all message-body reads.
-Arguments: none
+Arguments: lim Maximum amount to read/bufffer
Returns: the next character or EOF
*/
int
-tls_getc(void)
+tls_getc(unsigned lim)
{
exim_gnutls_state_st *state = &state_server;
if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm)
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
inbytes = gnutls_record_recv(state->session, state->xfer_buffer,
- ssl_xfer_buffer_size);
+ MIN(ssl_xfer_buffer_size, lim));
alarm(0);
/* Timeouts do not get this far; see command_timeout_handler().
state->tlsp->peercert = NULL;
state->tlsp->peerdn = NULL;
- return smtp_getc();
+ return smtp_getc(lim);
}
/* Handle genuine errors */
uschar *expciphers = NULL;
gnutls_priority_t priority_cache;
const char *errpos;
+uschar * dummy_errstr;
#define validate_check_rc(Label) do { \
if (rc != GNUTLS_E_SUCCESS) { if (exim_gnutls_base_init_done) gnutls_global_deinit(); \
if (!(tls_require_ciphers && *tls_require_ciphers))
return_deinit(NULL);
-if (!expand_check(tls_require_ciphers, US"tls_require_ciphers", &expciphers))
+if (!expand_check(tls_require_ciphers, US"tls_require_ciphers", &expciphers,
+ &dummy_errstr))
return_deinit(US"failed to expand tls_require_ciphers");
if (!(expciphers && *expciphers))
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Portions Copyright (c) The OpenSSL Project 1999 */
static int
setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional,
- int (*cert_vfy_cb)(int, X509_STORE_CTX *) );
+ int (*cert_vfy_cb)(int, X509_STORE_CTX *), uschar ** errstr );
/* Callbacks */
#ifdef EXIM_HAVE_OPENSSL_TLSEXT
host NULL if setting up a server;
the connected host if setting up a client
msg error message or NULL if we should ask OpenSSL
+ errstr pointer to output error message
Returns: OK/DEFER/FAIL
*/
static int
-tls_error(uschar * prefix, const host_item * host, uschar * msg)
+tls_error(uschar * prefix, const host_item * host, uschar * msg, uschar ** errstr)
{
if (!msg)
{
ERR_error_string(ERR_get_error(), ssl_errstring);
- msg = (uschar *)ssl_errstring;
+ msg = US ssl_errstring;
}
-if (host)
- {
- log_write(0, LOG_MAIN, "H=%s [%s] TLS error on connection (%s): %s",
- host->name, host->address, prefix, msg);
- return FAIL;
- }
-else
- {
- uschar *conn_info = smtp_get_connection_info();
- if (Ustrncmp(conn_info, US"SMTP ", 5) == 0)
- conn_info += 5;
- /* I'd like to get separated H= here, but too hard for now */
- log_write(0, LOG_MAIN, "TLS error on %s (%s): %s",
- conn_info, prefix, msg);
- return DEFER;
- }
+if (errstr) *errstr = string_sprintf("(%s): %s", prefix, msg);
+return host ? FAIL : DEFER;
}
if (rc < 0)
{
log_write(0, LOG_MAIN, "[%s] SSL verify error: internal error",
- tlsp == &tls_out ? deliver_host_address : sender_host_address);
+ deliver_host_address);
name = NULL;
}
break;
{
X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
uschar dn[256];
-#ifndef DISABLE_EVENT
int depth = X509_STORE_CTX_get_error_depth(x509ctx);
+#ifndef DISABLE_EVENT
BOOL dummy_called, optional = FALSE;
#endif
sctx The current SSL CTX (inbound or outbound)
dhparam DH parameter file or fixed parameter identity string
host connected host, if client; NULL if server
+ errstr error string pointer
Returns: TRUE if OK (nothing to set up, or setup worked)
*/
static BOOL
-init_dh(SSL_CTX *sctx, uschar *dhparam, const host_item *host)
+init_dh(SSL_CTX *sctx, uschar *dhparam, const host_item *host, uschar ** errstr)
{
BIO *bio;
DH *dh;
uschar *dhexpanded;
const char *pem;
-if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded))
+if (!expand_check(dhparam, US"tls_dhparam", &dhexpanded, errstr))
return FALSE;
if (!dhexpanded || !*dhexpanded)
if (!(bio = BIO_new_file(CS dhexpanded, "r")))
{
tls_error(string_sprintf("could not read dhparams file %s", dhexpanded),
- host, US strerror(errno));
+ host, US strerror(errno), errstr);
return FALSE;
}
}
if (!(pem = std_dh_prime_named(dhexpanded)))
{
tls_error(string_sprintf("Unknown standard DH prime \"%s\"", dhexpanded),
- host, US strerror(errno));
+ host, US strerror(errno), errstr);
return FALSE;
}
bio = BIO_new_mem_buf(CS pem, -1);
{
BIO_free(bio);
tls_error(string_sprintf("Could not read tls_dhparams \"%s\"", dhexpanded),
- host, NULL);
+ host, NULL, errstr);
return FALSE;
}
Arguments:
sctx The current SSL CTX (inbound or outbound)
host connected host, if client; NULL if server
+ errstr error string pointer
Returns: TRUE if OK (nothing to set up, or setup worked)
*/
static BOOL
-init_ecdh(SSL_CTX * sctx, host_item * host)
+init_ecdh(SSL_CTX * sctx, host_item * host, uschar ** errstr)
{
#ifdef OPENSSL_NO_ECDH
return TRUE;
return TRUE;
# else
-if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve))
+if (!expand_check(tls_eccurve, US"tls_eccurve", &exp_curve, errstr))
return FALSE;
if (!exp_curve || !*exp_curve)
return TRUE;
/* "auto" needs to be handled carefully.
- * OpenSSL < 1.0.2: we do not select anything, but fallback to primve256v1
+ * OpenSSL < 1.0.2: we do not select anything, but fallback to prime256v1
* OpenSSL < 1.1.0: we have to call SSL_CTX_set_ecdh_auto
- * (openss/ssl.h defines SSL_CTRL_SET_ECDH_AUTO)
+ * (openssl/ssl.h defines SSL_CTRL_SET_ECDH_AUTO)
* OpenSSL >= 1.1.0: we do not set anything, the libray does autoselection
* https://github.com/openssl/openssl/commit/fe6ef2472db933f01b59cad82aa925736935984b
*/
# endif
)
{
- tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'",
- exp_curve),
- host, NULL);
+ tls_error(string_sprintf("Unknown curve name tls_eccurve '%s'", exp_curve),
+ host, NULL, errstr);
return FALSE;
}
if (!(ecdh = EC_KEY_new_by_curve_name(nid)))
{
- tls_error(US"Unable to create ec curve", host, NULL);
+ tls_error(US"Unable to create ec curve", host, NULL, errstr);
return FALSE;
}
not to the stability of the interface. */
if ((rv = SSL_CTX_set_tmp_ecdh(sctx, ecdh) == 0))
- tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL);
+ tls_error(string_sprintf("Error enabling '%s' curve", exp_curve), host, NULL, errstr);
else
DEBUG(D_tls) debug_printf("ECDH: enabled '%s' curve\n", exp_curve);
OCSP_NOSIGS OCSP_NOVERIFY OCSP_NOCHAIN OCSP_NOCHECKS OCSP_NOEXPLICIT
OCSP_TRUSTOTHER OCSP_NOINTERN */
-/* This does a full verify on the OCSP proof before we load it for serviing
+/* This does a full verify on the OCSP proof before we load it for serving
up; possibly overkill - just date-checks might be nice enough.
OCSP_basic_verify takes a "store" arg, but does not
We do not free the stack since it could be needed a second time for
SNI handling.
-Seperately we might try to replace using OCSP_basic_verify() - which seems to not
+Separately we might try to replace using OCSP_basic_verify() - which seems to not
be a public interface into the OpenSSL library (there's no manual entry) -
But what with? We also use OCSP_basic_verify in the client stapling callback.
-And there we NEED it; we miust verify that status... unless the
+And there we NEED it; we must verify that status... unless the
library does it for us anyway? */
if ((i = OCSP_basic_verify(basic_response, sk, NULL, verify_flags)) < 0)
/* Create and install a selfsigned certificate, for use in server mode */
static int
-tls_install_selfsign(SSL_CTX * sctx)
+tls_install_selfsign(SSL_CTX * sctx, uschar ** errstr)
{
X509 * x509 = NULL;
EVP_PKEY * pkey;
if (!(rsa = RSA_generate_key(1024, RSA_F4, NULL, NULL)))
goto err;
-where = US"assiging pkey";
+where = US"assigning pkey";
if (!EVP_PKEY_assign_RSA(pkey, rsa))
goto err;
return OK;
err:
- (void) tls_error(where, NULL, NULL);
+ (void) tls_error(where, NULL, NULL, errstr);
if (x509) X509_free(x509);
if (pkey) EVP_PKEY_free(pkey);
return DEFER;
Arguments:
sctx the SSL_CTX* to update
cbinfo various parts of session state
+ errstr error string pointer
Returns: OK/DEFER/FAIL
*/
static int
-tls_expand_session_files(SSL_CTX *sctx, tls_ext_ctx_cb *cbinfo)
+tls_expand_session_files(SSL_CTX *sctx, tls_ext_ctx_cb *cbinfo,
+ uschar ** errstr)
{
uschar *expanded;
if (cbinfo->host) /* client */
return OK;
/* server */
- if (tls_install_selfsign(sctx) != OK)
+ if (tls_install_selfsign(sctx, errstr) != OK)
return DEFER;
}
else
)
reexpand_tls_files_for_sni = TRUE;
- if (!expand_check(cbinfo->certificate, US"tls_certificate", &expanded))
+ if (!expand_check(cbinfo->certificate, US"tls_certificate", &expanded, errstr))
return DEFER;
if (expanded != NULL)
if (!SSL_CTX_use_certificate_chain_file(sctx, CS expanded))
return tls_error(string_sprintf(
"SSL_CTX_use_certificate_chain_file file=%s", expanded),
- cbinfo->host, NULL);
+ cbinfo->host, NULL, errstr);
}
if (cbinfo->privatekey != NULL &&
- !expand_check(cbinfo->privatekey, US"tls_privatekey", &expanded))
+ !expand_check(cbinfo->privatekey, US"tls_privatekey", &expanded, errstr))
return DEFER;
/* If expansion was forced to fail, key_expanded will be NULL. If the result
DEBUG(D_tls) debug_printf("tls_privatekey file %s\n", expanded);
if (!SSL_CTX_use_PrivateKey_file(sctx, CS expanded, SSL_FILETYPE_PEM))
return tls_error(string_sprintf(
- "SSL_CTX_use_PrivateKey_file file=%s", expanded), cbinfo->host, NULL);
+ "SSL_CTX_use_PrivateKey_file file=%s", expanded), cbinfo->host, NULL, errstr);
}
}
#ifndef DISABLE_OCSP
if (cbinfo->is_server && cbinfo->u_ocsp.server.file)
{
- if (!expand_check(cbinfo->u_ocsp.server.file, US"tls_ocsp_file", &expanded))
+ if (!expand_check(cbinfo->u_ocsp.server.file, US"tls_ocsp_file", &expanded, errstr))
return DEFER;
if (expanded && *expanded)
tls_ext_ctx_cb *cbinfo = (tls_ext_ctx_cb *) arg;
int rc;
int old_pool = store_pool;
+uschar * dummy_errstr;
if (!servername)
return SSL_TLSEXT_ERR_OK;
SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb);
SSL_CTX_set_tlsext_servername_arg(server_sni, cbinfo);
-if ( !init_dh(server_sni, cbinfo->dhparam, NULL)
- || !init_ecdh(server_sni, NULL)
+if ( !init_dh(server_sni, cbinfo->dhparam, NULL, &dummy_errstr)
+ || !init_ecdh(server_sni, NULL, &dummy_errstr)
)
return SSL_TLSEXT_ERR_NOACK;
#endif
if ((rc = setup_certs(server_sni, tls_verify_certificates, tls_crl, NULL, FALSE,
- verify_callback_server)) != OK)
+ verify_callback_server, &dummy_errstr)) != OK)
return SSL_TLSEXT_ERR_NOACK;
/* do this after setup_certs, because this can require the certs for verifying
OCSP information. */
-if ((rc = tls_expand_session_files(server_sni, cbinfo)) != OK)
+if ((rc = tls_expand_session_files(server_sni, cbinfo, &dummy_errstr)) != OK)
return SSL_TLSEXT_ERR_NOACK;
DEBUG(D_tls) debug_printf("Switching SSL context.\n");
ocsp_file file of stapling info (server); flag for require ocsp (client)
addr address if client; NULL if server (for some randomness)
cbp place to put allocated callback context
+ errstr error string pointer
Returns: OK/DEFER/FAIL
*/
#ifndef DISABLE_OCSP
uschar *ocsp_file,
#endif
- address_item *addr, tls_ext_ctx_cb ** cbp)
+ address_item *addr, tls_ext_ctx_cb ** cbp, uschar ** errstr)
{
long init_options;
int rc;
*ctxp = SSL_CTX_new(host ? SSLv23_client_method() : SSLv23_server_method());
-if (!*ctxp) return tls_error(US"SSL_CTX_new", host, NULL);
+if (!*ctxp) return tls_error(US"SSL_CTX_new", host, NULL, errstr);
/* It turns out that we need to seed the random number generator this early in
order to get the full complement of ciphers to work. It took me roughly a day
if (!RAND_status())
return tls_error(US"RAND_status", host,
- US"unable to seed random number generator");
+ US"unable to seed random number generator", errstr);
}
/* Set up the information callback, which outputs if debugging is at a suitable
okay = tls_openssl_options_parse(openssl_options, &init_options);
if (!okay)
- return tls_error(US"openssl_options parsing failed", host, NULL);
+ return tls_error(US"openssl_options parsing failed", host, NULL, errstr);
if (init_options)
{
DEBUG(D_tls) debug_printf("setting SSL CTX options: %#lx\n", init_options);
if (!(SSL_CTX_set_options(*ctxp, init_options)))
return tls_error(string_sprintf(
- "SSL_CTX_set_option(%#lx)", init_options), host, NULL);
+ "SSL_CTX_set_option(%#lx)", init_options), host, NULL, errstr);
}
else
DEBUG(D_tls) debug_printf("no SSL CTX options to set\n");
/* Initialize with DH parameters if supplied */
/* Initialize ECDH temp key parameter selection */
-if ( !init_dh(*ctxp, dhparam, host)
- || !init_ecdh(*ctxp, host)
+if ( !init_dh(*ctxp, dhparam, host, errstr)
+ || !init_ecdh(*ctxp, host, errstr)
)
return DEFER;
/* Set up certificate and key (and perhaps OCSP info) */
-if ((rc = tls_expand_session_files(*ctxp, cbinfo)) != OK)
+if ((rc = tls_expand_session_files(*ctxp, cbinfo, errstr)) != OK)
return rc;
/* If we need to handle SNI or OCSP, do so */
optional TRUE if called from a server for a host in tls_try_verify_hosts;
otherwise passed as FALSE
cert_vfy_cb Callback function for certificate verification
+ errstr error string pointer
Returns: OK/DEFER/FAIL
*/
static int
setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional,
- int (*cert_vfy_cb)(int, X509_STORE_CTX *) )
+ int (*cert_vfy_cb)(int, X509_STORE_CTX *), uschar ** errstr)
{
uschar *expcerts, *expcrl;
-if (!expand_check(certs, US"tls_verify_certificates", &expcerts))
+if (!expand_check(certs, US"tls_verify_certificates", &expcerts, errstr))
return DEFER;
if (expcerts && *expcerts)
CA bundle. Then add the ones specified in the config, if any. */
if (!SSL_CTX_set_default_verify_paths(sctx))
- return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL);
+ return tls_error(US"SSL_CTX_set_default_verify_paths", host, NULL, errstr);
if (Ustrcmp(expcerts, "system") != 0)
{
if ( (!file || statbuf.st_size > 0)
&& !SSL_CTX_load_verify_locations(sctx, CS file, CS dir))
- return tls_error(US"SSL_CTX_load_verify_locations", host, NULL);
+ return tls_error(US"SSL_CTX_load_verify_locations", host, NULL, errstr);
/* Load the list of CAs for which we will accept certs, for sending
to the client. This is only for the one-file tls_verify_certificates
variant.
If a list isn't loaded into the server, but
some verify locations are set, the server end appears to make
- a wildcard reqest for client certs.
+ a wildcard request for client certs.
Meanwhile, the client library as default behaviour *ignores* the list
we send over the wire - see man SSL_CTX_set_client_cert_cb.
Because of this, and that the dir variant is likely only used for
OpenSSL will then handle the verify against CA certs and CRLs by
itself in the verify callback." */
- if (!expand_check(crl, US"tls_crl", &expcrl)) return DEFER;
+ if (!expand_check(crl, US"tls_crl", &expcrl, errstr)) return DEFER;
if (expcrl && *expcrl)
{
struct stat statbufcrl;
DEBUG(D_tls) debug_printf("SSL CRL value is a file %s\n", file);
}
if (X509_STORE_load_locations(cvstore, CS file, CS dir) == 0)
- return tls_error(US"X509_STORE_load_locations", host, NULL);
+ return tls_error(US"X509_STORE_load_locations", host, NULL, errstr);
/* setting the flags to check against the complete crl chain */
Arguments:
require_ciphers allowed ciphers
+ errstr pointer to error message
Returns: OK on success
DEFER for errors before the start of the negotiation
- FAIL for errors during the negotation; the server can't
+ FAIL for errors during the negotiation; the server can't
continue running.
*/
int
-tls_server_start(const uschar *require_ciphers)
+tls_server_start(const uschar * require_ciphers, uschar ** errstr)
{
int rc;
-uschar *expciphers;
-tls_ext_ctx_cb *cbinfo;
+uschar * expciphers;
+tls_ext_ctx_cb * cbinfo;
static uschar peerdn[256];
static uschar cipherbuf[256];
if (tls_in.active >= 0)
{
- tls_error(US"STARTTLS received after TLS started", NULL, US"");
+ tls_error(US"STARTTLS received after TLS started", NULL, US"", errstr);
smtp_printf("554 Already in TLS\r\n");
return FAIL;
}
#ifndef DISABLE_OCSP
tls_ocsp_file,
#endif
- NULL, &server_static_cbinfo);
+ NULL, &server_static_cbinfo, errstr);
if (rc != OK) return rc;
cbinfo = server_static_cbinfo;
-if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers))
+if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers, errstr))
return FAIL;
/* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
while (*s != 0) { if (*s == '_') *s = '-'; s++; }
DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);
if (!SSL_CTX_set_cipher_list(server_ctx, CS expciphers))
- return tls_error(US"SSL_CTX_set_cipher_list", NULL, NULL);
+ return tls_error(US"SSL_CTX_set_cipher_list", NULL, NULL, errstr);
cbinfo->server_cipher_list = expciphers;
}
if (verify_check_host(&tls_verify_hosts) == OK)
{
rc = setup_certs(server_ctx, tls_verify_certificates, tls_crl, NULL,
- FALSE, verify_callback_server);
+ FALSE, verify_callback_server, errstr);
if (rc != OK) return rc;
server_verify_optional = FALSE;
}
else if (verify_check_host(&tls_try_verify_hosts) == OK)
{
rc = setup_certs(server_ctx, tls_verify_certificates, tls_crl, NULL,
- TRUE, verify_callback_server);
+ TRUE, verify_callback_server, errstr);
if (rc != OK) return rc;
server_verify_optional = TRUE;
}
/* Prepare for new connection */
-if (!(server_ssl = SSL_new(server_ctx))) return tls_error(US"SSL_new", NULL, NULL);
+if (!(server_ssl = SSL_new(server_ctx)))
+ return tls_error(US"SSL_new", NULL, NULL, errstr);
/* Warning: we used to SSL_clear(ssl) here, it was removed.
*
if (rc <= 0)
{
- tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL);
- if (ERR_get_error() == 0)
- log_write(0, LOG_MAIN,
- "TLS client disconnected cleanly (rejected our certificate?)");
+ (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
return FAIL;
}
static int
tls_client_basic_ctx_init(SSL_CTX * ctx,
- host_item * host, smtp_transport_options_block * ob, tls_ext_ctx_cb * cbinfo
- )
+ host_item * host, smtp_transport_options_block * ob, tls_ext_ctx_cb * cbinfo,
+ uschar ** errstr)
{
int rc;
/* stick to the old behaviour for compatibility if tls_verify_certificates is
return OK;
if ((rc = setup_certs(ctx, ob->tls_verify_certificates,
- ob->tls_crl, host, client_verify_optional, verify_callback_client)) != OK)
+ ob->tls_crl, host, client_verify_optional, verify_callback_client,
+ errstr)) != OK)
return rc;
if (verify_check_given_host(&ob->tls_verify_cert_hostnames, host) == OK)
#ifdef EXPERIMENTAL_DANE
static int
-dane_tlsa_load(SSL * ssl, host_item * host, dns_answer * dnsa)
+dane_tlsa_load(SSL * ssl, host_item * host, dns_answer * dnsa, uschar ** errstr)
{
dns_record * rr;
dns_scan dnss;
int found = 0;
if (DANESSL_init(ssl, NULL, hostnames) != 1)
- return tls_error(US"hostnames load", host, NULL);
+ return tls_error(US"hostnames load", host, NULL, errstr);
for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
rr;
switch (DANESSL_add_tlsa(ssl, usage, selector, mdname, p, rr->size - 3))
{
default:
- return tls_error(US"tlsa load", host, NULL);
+ return tls_error(US"tlsa load", host, NULL, errstr);
case 0: /* action not taken */
case 1: break;
}
addr the first address
tb transport (always smtp)
tlsa_dnsa tlsa lookup, if DANE, else null
+ errstr error string pointer
Returns: OK on success
FAIL otherwise - note that tls_error() will not give DEFER
int
tls_client_start(int fd, host_item *host, address_item *addr,
- transport_instance *tb
+ transport_instance * tb,
#ifdef EXPERIMENTAL_DANE
- , dns_answer * tlsa_dnsa
+ dns_answer * tlsa_dnsa,
#endif
- )
+ uschar ** errstr)
{
smtp_transport_options_block * ob =
(smtp_transport_options_block *)tb->options_block;
#ifndef DISABLE_OCSP
(void *)(long)request_ocsp,
#endif
- addr, &client_static_cbinfo);
+ addr, &client_static_cbinfo, errstr);
if (rc != OK) return rc;
tls_out.certificate_verified = FALSE;
client_verify_callback_called = FALSE;
if (!expand_check(ob->tls_require_ciphers, US"tls_require_ciphers",
- &expciphers))
+ &expciphers, errstr))
return FAIL;
/* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
are separated by underscores. So that I can use either form in my tests, and
also for general convenience, we turn underscores into hyphens here. */
-if (expciphers != NULL)
+if (expciphers)
{
uschar *s = expciphers;
- while (*s != 0) { if (*s == '_') *s = '-'; s++; }
+ while (*s) { if (*s == '_') *s = '-'; s++; }
DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);
if (!SSL_CTX_set_cipher_list(client_ctx, CS expciphers))
- return tls_error(US"SSL_CTX_set_cipher_list", host, NULL);
+ return tls_error(US"SSL_CTX_set_cipher_list", host, NULL, errstr);
}
#ifdef EXPERIMENTAL_DANE
verify_callback_client_dane);
if (!DANESSL_library_init())
- return tls_error(US"library init", host, NULL);
+ return tls_error(US"library init", host, NULL, errstr);
if (DANESSL_CTX_init(client_ctx) <= 0)
- return tls_error(US"context init", host, NULL);
+ return tls_error(US"context init", host, NULL, errstr);
}
else
#endif
- if ((rc = tls_client_basic_ctx_init(client_ctx, host, ob, client_static_cbinfo))
- != OK)
+ if ((rc = tls_client_basic_ctx_init(client_ctx, host, ob,
+ client_static_cbinfo, errstr)) != OK)
return rc;
if ((client_ssl = SSL_new(client_ctx)) == NULL)
- return tls_error(US"SSL_new", host, NULL);
+ return tls_error(US"SSL_new", host, NULL, errstr);
SSL_set_session_id_context(client_ssl, sid_ctx, Ustrlen(sid_ctx));
SSL_set_fd(client_ssl, fd);
SSL_set_connect_state(client_ssl);
if (ob->tls_sni)
{
- if (!expand_check(ob->tls_sni, US"tls_sni", &tls_out.sni))
+ if (!expand_check(ob->tls_sni, US"tls_sni", &tls_out.sni, errstr))
return FAIL;
- if (tls_out.sni == NULL)
+ if (!tls_out.sni)
{
DEBUG(D_tls) debug_printf("Setting TLS SNI forced to fail, not sending\n");
}
#ifdef EXPERIMENTAL_DANE
if (tlsa_dnsa)
- if ((rc = dane_tlsa_load(client_ssl, host, tlsa_dnsa)) != OK)
+ if ((rc = dane_tlsa_load(client_ssl, host, tlsa_dnsa, errstr)) != OK)
return rc;
#endif
#endif
if (rc <= 0)
- return tls_error(US"SSL_connect", host, sigalrm_seen ? US"timed out" : NULL);
+ return tls_error(US"SSL_connect", host, sigalrm_seen ? US"timed out" : NULL,
+ errstr);
DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");
/* This gets the next byte from the TLS input buffer. If the buffer is empty,
it refills the buffer via the SSL reading function.
-Arguments: none
+Arguments: lim Maximum amount to read/buffer
Returns: the next character or EOF
Only used by the server-side TLS.
*/
int
-tls_getc(void)
+tls_getc(unsigned lim)
{
if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm)
{
ssl_xfer_buffer, ssl_xfer_buffer_size);
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
- inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size);
+ inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer,
+ MIN(ssl_xfer_buffer_size, lim));
error = SSL_get_error(server_ssl, inbytes);
alarm(0);
tls_in.peerdn = NULL;
tls_in.sni = NULL;
- return smtp_getc();
+ return smtp_getc(lim);
}
/* Handle genuine errors */
return -1;
}
else if (error != SSL_ERROR_NONE)
- {
return -1;
- }
return inbytes;
}
if (!(tls_require_ciphers && *tls_require_ciphers))
return NULL;
-if (!expand_check(tls_require_ciphers, US"tls_require_ciphers", &expciphers))
+if (!expand_check(tls_require_ciphers, US"tls_require_ciphers", &expciphers,
+ &err))
return US"failed to expand tls_require_ciphers";
if (!(expciphers && *expciphers))
if (!SSL_CTX_set_cipher_list(ctx, CS expciphers))
{
ERR_error_string(ERR_get_error(), ssl_errstring);
- err = string_sprintf("SSL_CTX_set_cipher_list(%s) failed", expciphers);
+ err = string_sprintf("SSL_CTX_set_cipher_list(%s) failed: %s",
+ expciphers, ssl_errstring);
}
SSL_CTX_free(ctx);
/* This module provides TLS (aka SSL) support for Exim. The code for OpenSSL is
based on a patch that was originally contributed by Steve Haslam. It was
adapted from stunnel, a GPL program by Michal Trojnara. The code for GNU TLS is
-based on a patch contributed by Nikos Mavroyanopoulos. Because these packages
+based on a patch contributed by Nikos Mavrogiannopoulos. Because these packages
are so very different, the functions for each are kept in separate files. The
relevant file is #included as required, after any any common functions.
*/
static BOOL
-expand_check(const uschar *s, const uschar *name, uschar **result)
+expand_check(const uschar *s, const uschar *name, uschar **result, uschar ** errstr)
{
-if (s == NULL) *result = NULL; else
+if (!s)
+ *result = NULL;
+else if ( !(*result = expand_string(US s)) /* need to clean up const more */
+ && !expand_string_forcedfail
+ )
{
- *result = expand_string(US s); /* need to clean up const some more */
- if (*result == NULL && !expand_string_forcedfail)
- {
- log_write(0, LOG_MAIN|LOG_PANIC, "expansion of %s failed: %s", name,
- expand_string_message);
- return FALSE;
- }
+ *errstr = US"Internal error";
+ log_write(0, LOG_MAIN|LOG_PANIC, "expansion of %s failed: %s", name,
+ expand_string_message);
+ return FALSE;
}
return TRUE;
}
-#! PERL_COMMAND -w
+#! PERL_COMMAND
# This is a Perl script to demonstrate the possibilities of on-the-fly
# delivery filtering in Exim. It is presented with a message on its standard
# Philip Hazel, May 1997
#############################################################################
+use warnings;
+BEGIN { pop @INC if $INC[-1] eq '.' };
# If the filter is called with any arguments, insert them into the message
# as X-Arg headers, just to verify what they are.
-/* Add/remove/rewwrite headers, and send them plus the empty-line sparator.
+/* Add/remove/rewrite headers, and send them plus the empty-line separator.
Globals:
header_list
/* Pick up from all the addresses. The plist and dlist variables are
anchors for lists of addresses already handled; they have to be defined at
- this level becuase write_env_to() calls itself recursively. */
+ this level because write_env_to() calls itself recursively. */
for (p = tctx->addr; p; p = p->next)
if (!write_env_to(p, &plist, &dlist, &first, fd, tctx))
if (size > DELIVER_OUT_BUFFER_SIZE && hsize > 0)
{
DEBUG(D_transport)
- debug_printf("sending small initial BDAT; hssize=%d\n", hsize);
+ debug_printf("sending small initial BDAT; hsize=%d\n", hsize);
if ( tctx->chunk_cb(fd, tctx, hsize, 0) != OK
|| !transport_write_block(fd, deliver_out_buffer, hsize)
|| tctx->chunk_cb(fd, tctx, 0, tc_reap_prev) != OK
BOOL
dkim_transport_write_message(int out_fd, transport_ctx * tctx,
- struct ob_dkim * dkim)
+ struct ob_dkim * dkim, const uschar ** err)
{
int dkim_fd;
int save_errno = 0;
BOOL rc;
uschar * dkim_spool_name;
-int sread = 0;
-int wwritten = 0;
-uschar *dkim_signature = NULL;
-int siglen = 0;
+uschar * dkim_signature = NULL;
+int sread = 0, wwritten = 0, siglen = 0, options;
off_t k_file_size;
-int options;
+const uschar * errstr;
/* If we can't sign, just call the original function. */
/* Can't create spool file. Ugh. */
rc = FALSE;
save_errno = errno;
+ *err = string_sprintf("dkim spoolfile create: %s", strerror(errno));
goto CLEANUP;
}
/* Rewind file and feed it to the goats^W DKIM lib */
dkim->dot_stuffed = !!(options & topt_end_dot);
lseek(dkim_fd, 0, SEEK_SET);
-if ((dkim_signature = dkim_exim_sign(dkim_fd, dkim)))
+if ((dkim_signature = dkim_exim_sign(dkim_fd, dkim, &errstr)))
siglen = Ustrlen(dkim_signature);
else if (dkim->dkim_strict)
{
save_errno = EACCES;
log_write(0, LOG_MAIN, "DKIM: message could not be signed,"
" and dkim_strict is set. Deferring message delivery.");
+ *err = errstr;
rc = FALSE;
goto CLEANUP;
}
if ((pid = fork()) == 0)
{
- int i = 17;
+ int i = 19;
const uschar **argv;
/* Disconnect entirely from the parent process. If we are running in the
if (smtp_peer_options & PEER_OFFERED_PIPE) argv[i++] = US"-MCP";
if (smtp_peer_options & PEER_OFFERED_SIZE) argv[i++] = US"-MCS";
#ifdef SUPPORT_TLS
- if (smtp_peer_options & PEER_OFFERED_TLS) argv[i++] = US"-MCT";
+ if (smtp_peer_options & PEER_OFFERED_TLS)
+ if (tls_out.active >= 0 || continue_proxy)
+ {
+ argv[i++] = US"-MCt";
+ argv[i++] = sending_ip_address;
+ argv[i++] = string_sprintf("%d", sending_port);
+ }
+ else
+ argv[i++] = US"-MCT";
#endif
if (queue_run_pid != (pid_t)0)
*/
if (address_pipe_argcount > 1)
memmove(
- /* current position + additonal args */
+ /* current position + additional args */
argv + i + address_pipe_argcount,
/* current position + 1 (for the (uschar *)0 at the end) */
argv + i + 1,
Open with O_WRONLY + O_EXCL + O_CREAT with configured mode, unless we know
this is via a symbolic link (only possible if allow_symlinks is set), in
- which case don't use O_EXCL, as it dosn't work.
+ which case don't use O_EXCL, as it doesn't work.
If open fails because the file already exists, go to (6f). To avoid
looping for ever in a situation where the file is continuously being
fcntl() call (BSDI & FreeBSD do not). */
if (!isdirectory && ftruncate(fd, saved_size))
- DEBUG(D_transport) debug_printf("Error restting file size\n");
+ DEBUG(D_transport) debug_printf("Error resetting file size\n");
}
/* Handle successful writing - we want the modification time to be now for
more_errno from the top address for use with ERRNO_FILTER_FAIL
buffer the LMTP response buffer
yield where to put a one-digit LMTP response code
- message where to put an errror message
+ message where to put an error message
Returns: TRUE if a "QUIT" command should be sent, else FALSE
*/
{
if (ob->force_command)
{
- /* Enables expansion of $address_pipe into seperate arguments */
+ /* Enables expansion of $address_pipe into separate arguments */
setflag(addr, af_force_command);
cmd = ob->cmd;
expand_arguments = TRUE;
the command that was given is a non-existent path). By default this is
treated as just another failure, but if freeze_exec_fail is set, the reaction
is to freeze the message rather than bounce the address. Exim used to signal
- this failure with EX_UNAVAILABLE, which is definined in many systems as
+ this failure with EX_UNAVAILABLE, which is defined in many systems as
#define EX_UNAVAILABLE 69
uschar *ss;
int size, ptr, i;
- /* If temp_errors is "*" all codes are temporary. Initializion checks
+ /* If temp_errors is "*" all codes are temporary. Initialization checks
that it's either "*" or a list of numbers. If not "*", scan the list of
temporary failure codes; if any match, the result is DEFER. */
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
#include "../exim.h"
#include "smtp.h"
-#define PENDING 256
-#define PENDING_DEFER (PENDING + DEFER)
-#define PENDING_OK (PENDING + OK)
-
-#define DELIVER_BUFFER_SIZE 4096
-
/* Options specific to the smtp transport. This transport also supports LMTP
over TCP/IP. The options must be in alphabetic order (note that "_" comes
#ifdef SUPPORT_TLS
{ "hosts_nopass_tls", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_nopass_tls) },
+ { "hosts_noproxy_tls", opt_stringptr,
+ (void *)offsetof(smtp_transport_options_block, hosts_noproxy_tls) },
#endif
{ "hosts_override", opt_bool,
(void *)offsetof(smtp_transport_options_block, hosts_override) },
NULL, /* hosts_avoid_pipelining */
NULL, /* hosts_avoid_esmtp */
NULL, /* hosts_nopass_tls */
+ US"*", /* hosts_noproxy_tls */
5*60, /* command_timeout */
5*60, /* connect_timeout; shorter system default overrides */
5*60, /* data timeout */
static uschar *mail_command; /* Points to MAIL cmd for error messages */
static uschar *data_command = US""; /* Points to DATA cmd for error messages */
static BOOL update_waiting; /* TRUE to update the "wait" database */
+
+/*XXX move to smtp_context */
static BOOL pipelining_active; /* current transaction is in pipe mode */
/* Pass back options if required. This interface is getting very messy. */
-if (tf != NULL)
+if (tf)
{
tf->interface = ob->interface;
tf->port = ob->port;
list. */
if (!testflag(addrlist, af_local_host_removed))
- {
- for (; addrlist != NULL; addrlist = addrlist->next)
- if (addrlist->fallback_hosts == NULL)
- addrlist->fallback_hosts = ob->fallback_hostlist;
- }
+ for (; addrlist; addrlist = addrlist->next)
+ if (!addrlist->fallback_hosts) addrlist->fallback_hosts = ob->fallback_hostlist;
return OK;
}
{
addr->basic_errno = errno_value;
addr->more_errno |= orvalue;
- if (msg != NULL)
+ if (msg)
{
addr->message = msg;
if (pass_message) setflag(addr, af_pass_message);
more_errno from the top address for use with ERRNO_FILTER_FAIL
buffer the SMTP response buffer
yield where to put a one-digit SMTP response code
- message where to put an errror message
+ message where to put an error message
pass_message set TRUE if message is an SMTP response
Returns: TRUE if an SMTP "QUIT" command should be sent, else FALSE
uschar *buffer, int *yield, uschar **message, BOOL *pass_message)
{
uschar * pl = pipelining_active ? US"pipelined " : US"";
+const uschar * s;
*yield = '4'; /* Default setting is to give a temporary error */
-/* Handle response timeout */
-
-if (*errno_value == ETIMEDOUT)
- {
- *message = US string_sprintf("SMTP timeout after %s%s",
- pl, smtp_command);
- if (transport_count > 0)
- *message = US string_sprintf("%s (%d bytes written)", *message,
- transport_count);
- return FALSE;
- }
-
-/* Handle malformed SMTP response */
-
-if (*errno_value == ERRNO_SMTPFORMAT)
- {
- const uschar *malfresp = string_printing(buffer);
- while (isspace(*malfresp)) malfresp++;
- *message = *malfresp == 0
- ? string_sprintf("Malformed SMTP reply (an empty line) "
- "in response to %s%s", pl, smtp_command)
- : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
- pl, smtp_command, malfresp);
- return FALSE;
- }
-
-/* Handle a failed filter process error; can't send QUIT as we mustn't
-end the DATA. */
-
-if (*errno_value == ERRNO_FILTER_FAIL)
- {
- *message = US string_sprintf("transport filter process failed (%d)%s",
- more_errno,
- (more_errno == EX_EXECFAILED)? ": unable to execute command" : "");
- return FALSE;
- }
-
-/* Handle a failed add_headers expansion; can't send QUIT as we mustn't
-end the DATA. */
-
-if (*errno_value == ERRNO_CHHEADER_FAIL)
- {
- *message =
- US string_sprintf("failed to expand headers_add or headers_remove: %s",
- expand_string_message);
- return FALSE;
- }
-
-/* Handle failure to write a complete data block */
-
-if (*errno_value == ERRNO_WRITEINCOMPLETE)
+switch(*errno_value)
{
- *message = US string_sprintf("failed to write a data block");
- return FALSE;
- }
+ case ETIMEDOUT: /* Handle response timeout */
+ *message = US string_sprintf("SMTP timeout after %s%s",
+ pl, smtp_command);
+ if (transport_count > 0)
+ *message = US string_sprintf("%s (%d bytes written)", *message,
+ transport_count);
+ return FALSE;
+
+ case ERRNO_SMTPFORMAT: /* Handle malformed SMTP response */
+ s = string_printing(buffer);
+ while (isspace(*s)) s++;
+ *message = *s == 0
+ ? string_sprintf("Malformed SMTP reply (an empty line) "
+ "in response to %s%s", pl, smtp_command)
+ : string_sprintf("Malformed SMTP reply in response to %s%s: %s",
+ pl, smtp_command, s);
+ return FALSE;
+
+ case ERRNO_FILTER_FAIL: /* Handle a failed filter process error;
+ can't send QUIT as we mustn't end the DATA. */
+ *message = string_sprintf("transport filter process failed (%d)%s",
+ more_errno,
+ more_errno == EX_EXECFAILED ? ": unable to execute command" : "");
+ return FALSE;
+
+ case ERRNO_CHHEADER_FAIL: /* Handle a failed add_headers expansion;
+ can't send QUIT as we mustn't end the DATA. */
+ *message =
+ string_sprintf("failed to expand headers_add or headers_remove: %s",
+ expand_string_message);
+ return FALSE;
+
+ case ERRNO_WRITEINCOMPLETE: /* failure to write a complete data block */
+ *message = string_sprintf("failed to write a data block");
+ return FALSE;
#ifdef SUPPORT_I18N
-/* Handle lack of advertised SMTPUTF8, for international message */
-if (*errno_value == ERRNO_UTF8_FWD)
- {
- *message = US string_sprintf("utf8 support required but not offered for forwarding");
- DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message);
- return TRUE;
- }
+ case ERRNO_UTF8_FWD: /* no advertised SMTPUTF8, for international message */
+ *message = US"utf8 support required but not offered for forwarding";
+ DEBUG(D_deliver|D_transport) debug_printf("%s\n", *message);
+ return TRUE;
#endif
+ }
/* Handle error responses from the remote mailer. */
if (buffer[0] != 0)
{
- const uschar *s = string_printing(buffer);
- *message = US string_sprintf("SMTP error from remote mail server after %s%s: "
- "%s", pl, smtp_command, s);
+ *message = string_sprintf("SMTP error from remote mail server after %s%s: "
+ "%s", pl, smtp_command, s = string_printing(buffer));
*pass_message = TRUE;
*yield = buffer[0];
return TRUE;
{
*errno_value = ERRNO_SMTPCLOSED;
*message = US string_sprintf("Remote host closed connection "
- "in response to %s%s", pl, smtp_command);
+ "in response to %s%s", pl, smtp_command);
}
-else *message = US string_sprintf("%s [%s]", host->name, host->address);
+else
+ *message = US string_sprintf("%s [%s]", host->name, host->address);
return FALSE;
}
converted to OK at the end.
Arguments:
- addrlist the complete address list
- include_affixes TRUE if affixes include in RCPT
- sync_addr ptr to the ptr of the one to start scanning at (updated)
- host the host we are connected to
+ sx smtp connection context
count the number of responses to read
- address_retry_
- include_sender true if 4xx retry is to include the sender it its key
- pending_MAIL true if the first response is for MAIL
pending_DATA 0 if last command sent was not DATA
+1 if previously had a good recipient
-1 if not previously had a good recipient
- inblock incoming SMTP block
- timeout timeout value
- buffer buffer for reading response
- buffsize size of buffer
Returns: 3 if at least one address had 2xx and one had 5xx
2 if at least one address had 5xx but none had 2xx
*/
static int
-sync_responses(address_item *addrlist, BOOL include_affixes,
- address_item **sync_addr, host_item *host, int count,
- BOOL address_retry_include_sender, BOOL pending_MAIL,
- int pending_DATA, smtp_inblock *inblock, int timeout, uschar *buffer,
- int buffsize)
+sync_responses(smtp_context * sx, int count, int pending_DATA)
{
-address_item *addr = *sync_addr;
+address_item *addr = sx->sync_addr;
+smtp_transport_options_block *ob =
+ (smtp_transport_options_block *)sx->tblock->options_block;
int yield = 0;
/* Handle the response for a MAIL command. On error, reinstate the original
command in big_buffer for error message use, and flush any further pending
responses before returning, except after I/O errors and timeouts. */
-if (pending_MAIL)
+if (sx->pending_MAIL)
{
count--;
- if (!smtp_read_response(inblock, buffer, buffsize, '2', timeout))
+ if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
+ '2', ob->command_timeout))
{
DEBUG(D_transport) debug_printf("bad response for MAIL\n");
Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
- if (errno == 0 && buffer[0] != 0)
+ if (errno == 0 && sx->buffer[0] != 0)
{
uschar flushbuffer[4096];
int save_errno = 0;
- if (buffer[0] == '4')
+ if (sx->buffer[0] == '4')
{
save_errno = ERRNO_MAIL4XX;
- addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
+ addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
}
while (count-- > 0)
{
- if (!smtp_read_response(inblock, flushbuffer, sizeof(flushbuffer),
- '2', timeout)
+ if (!smtp_read_response(&sx->inblock, flushbuffer, sizeof(flushbuffer),
+ '2', ob->command_timeout)
&& (errno != 0 || flushbuffer[0] == 0))
break;
}
while (count-- > 0) /* Mark any pending addrs with the host used */
{
while (addr->transport_return != PENDING_DEFER) addr = addr->next;
- addr->host_used = host;
+ addr->host_used = sx->host;
addr = addr->next;
}
return -3;
while (addr->transport_return != PENDING_DEFER) addr = addr->next;
/* The address was accepted */
- addr->host_used = host;
+ addr->host_used = sx->host;
- if (smtp_read_response(inblock, buffer, buffsize, '2', timeout))
+ if (smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
+ '2', ob->command_timeout))
{
yield |= 1;
addr->transport_return = PENDING_OK;
else if (errno == ETIMEDOUT)
{
uschar *message = string_sprintf("SMTP timeout after RCPT TO:<%s>",
- transport_rcpt_address(addr, include_affixes));
- set_errno_nohost(addrlist, ETIMEDOUT, message, DEFER, FALSE);
+ transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes));
+ set_errno_nohost(sx->first_addr, ETIMEDOUT, message, DEFER, FALSE);
retry_add_item(addr, addr->address_retry_key, 0);
update_waiting = FALSE;
return -1;
big_buffer for which we are checking the response, so the error message
makes sense. */
- else if (errno != 0 || buffer[0] == 0)
+ else if (errno != 0 || sx->buffer[0] == 0)
{
string_format(big_buffer, big_buffer_size, "RCPT TO:<%s>",
- transport_rcpt_address(addr, include_affixes));
+ transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes));
return -2;
}
{
addr->message =
string_sprintf("SMTP error from remote mail server after RCPT TO:<%s>: "
- "%s", transport_rcpt_address(addr, include_affixes),
- string_printing(buffer));
+ "%s", transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes),
+ string_printing(sx->buffer));
setflag(addr, af_pass_message);
- msglog_line(host, addr->message);
+ if (!sx->verify)
+ msglog_line(sx->host, addr->message);
/* The response was 5xx */
- if (buffer[0] == '5')
+ if (sx->buffer[0] == '5')
{
addr->transport_return = FAIL;
yield |= 2;
{
addr->transport_return = DEFER;
addr->basic_errno = ERRNO_RCPT4XX;
- addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
+ addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
+ if (!sx->verify)
+ {
#ifndef DISABLE_EVENT
- event_defer_errno = addr->more_errno;
- msg_event_raise(US"msg:rcpt:host:defer", addr);
+ event_defer_errno = addr->more_errno;
+ msg_event_raise(US"msg:rcpt:host:defer", addr);
#endif
- /* Log temporary errors if there are more hosts to be tried.
- If not, log this last one in the == line. */
+ /* Log temporary errors if there are more hosts to be tried.
+ If not, log this last one in the == line. */
- if (host->next)
- log_write(0, LOG_MAIN, "H=%s [%s]: %s", host->name, host->address, addr->message);
+ if (sx->host->next)
+ log_write(0, LOG_MAIN, "H=%s [%s]: %s",
+ sx->host->name, sx->host->address, addr->message);
#ifndef DISABLE_EVENT
- else
- msg_event_raise(US"msg:rcpt:defer", addr);
+ else
+ msg_event_raise(US"msg:rcpt:defer", addr);
#endif
- /* Do not put this message on the list of those waiting for specific
- hosts, as otherwise it is likely to be tried too often. */
+ /* Do not put this message on the list of those waiting for specific
+ hosts, as otherwise it is likely to be tried too often. */
- update_waiting = FALSE;
+ update_waiting = FALSE;
- /* Add a retry item for the address so that it doesn't get tried again
- too soon. If address_retry_include_sender is true, add the sender address
- to the retry key. */
+ /* Add a retry item for the address so that it doesn't get tried again
+ too soon. If address_retry_include_sender is true, add the sender address
+ to the retry key. */
- if (address_retry_include_sender)
- {
- uschar *altkey = string_sprintf("%s:<%s>", addr->address_retry_key,
- sender_address);
- retry_add_item(addr, altkey, 0);
- }
- else retry_add_item(addr, addr->address_retry_key, 0);
+ retry_add_item(addr,
+ ob->address_retry_include_sender
+ ? string_sprintf("%s:<%s>", addr->address_retry_key, sender_address)
+ : addr->address_retry_key,
+ 0);
+ }
}
}
} /* Loop for next RCPT response */
/* Update where to start at for the next block of responses, unless we
have already handled all the addresses. */
-if (addr != NULL) *sync_addr = addr->next;
+if (addr) sx->sync_addr = addr->next;
/* Handle a response to DATA. If we have not had any good recipients, either
previously or in this block, the response is ignored. */
if (pending_DATA != 0 &&
- !smtp_read_response(inblock, buffer, buffsize, '3', timeout))
+ !smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
+ '3', ob->command_timeout))
{
int code;
uschar *msg;
BOOL pass_message;
if (pending_DATA > 0 || (yield & 1) != 0)
{
- if (errno == 0 && buffer[0] == '4')
+ if (errno == 0 && sx->buffer[0] == '4')
{
errno = ERRNO_DATA4XX;
- addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
+ sx->first_addr->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
}
return -3;
}
- (void)check_response(host, &errno, 0, buffer, &code, &msg, &pass_message);
+ (void)check_response(sx->host, &errno, 0, sx->buffer, &code, &msg, &pass_message);
DEBUG(D_transport) debug_printf("%s\nerror for DATA ignored: pipelining "
"is in use and there were no good recipients\n", msg);
}
struct transport_instance *tblock;
} smtp_compare_t;
-/*
-Create a unique string that identifies this message, it is based on
-sender_address, helo_data and tls_certificate if enabled. */
+
+/* Create a unique string that identifies this message, it is based on
+sender_address, helo_data and tls_certificate if enabled.
+*/
static uschar *
smtp_local_identity(uschar * sender, struct transport_instance * tblock)
-uschar
-ehlo_response(uschar * buf, size_t bsize, uschar checks)
+static uschar
+ehlo_response(uschar * buf, uschar checks)
{
+size_t bsize = Ustrlen(buf);
+
#ifdef SUPPORT_TLS
if ( checks & PEER_OFFERED_TLS
&& pcre_exec(regex_STARTTLS, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0)
{
smtp_transport_options_block * ob =
(smtp_transport_options_block *)(tctx->tblock->options_block);
+smtp_context * sx = tctx->smtp_context;
int cmd_count = 0;
int prev_cmd_count;
-uschar * buffer = tctx->buffer;
-
/* Write SMTP chunk header command */
if (chunk_size > 0)
{
- if((cmd_count = smtp_write_command(tctx->outblock, FALSE, "BDAT %u%s\r\n",
+ if((cmd_count = smtp_write_command(&sx->outblock, FALSE, "BDAT %u%s\r\n",
chunk_size,
flags & tc_chunk_last ? " LAST" : "")
) < 0) return ERROR;
data_command = string_copy(big_buffer); /* Save for later error message */
}
-prev_cmd_count = cmd_count += tctx->cmd_count;
+prev_cmd_count = cmd_count += sx->cmd_count;
/* Reap responses for any previous, but not one we just emitted */
if (chunk_size > 0)
prev_cmd_count--;
-if (tctx->pending_BDAT)
+if (sx->pending_BDAT)
prev_cmd_count--;
if (flags & tc_reap_prev && prev_cmd_count > 0)
DEBUG(D_transport) debug_printf("look for %d responses"
" for previous pipelined cmds\n", prev_cmd_count);
- switch(sync_responses(tctx->first_addr, tctx->tblock->rcpt_include_affixes,
- tctx->sync_addr, tctx->host, prev_cmd_count,
- ob->address_retry_include_sender,
- tctx->pending_MAIL, 0,
- tctx->inblock,
- ob->command_timeout,
- buffer, DELIVER_BUFFER_SIZE))
+ switch(sync_responses(sx, prev_cmd_count, 0))
{
case 1: /* 2xx (only) => OK */
- case 3: tctx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */
- case 2: *tctx->completed_address = TRUE; /* 5xx (only) => progress made */
+ case 3: sx->good_RCPT = TRUE; /* 2xx & 5xx => OK & progress made */
+ case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
case 0: break; /* No 2xx or 5xx, but no probs */
case -1: /* Timeout on RCPT */
default: return ERROR; /* I/O error, or any MAIL/DATA error */
}
cmd_count = 1;
- if (!tctx->pending_BDAT)
+ if (!sx->pending_BDAT)
pipelining_active = FALSE;
}
/* Reap response for an outstanding BDAT */
-if (tctx->pending_BDAT)
+if (sx->pending_BDAT)
{
DEBUG(D_transport) debug_printf("look for one response for BDAT\n");
- if (!smtp_read_response(tctx->inblock, buffer, DELIVER_BUFFER_SIZE, '2',
+ if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), '2',
ob->command_timeout))
{
- if (errno == 0 && buffer[0] == '4')
+ if (errno == 0 && sx->buffer[0] == '4')
{
errno = ERRNO_DATA4XX; /*XXX does this actually get used? */
- tctx->first_addr->more_errno |=
- ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
+ sx->addrlist->more_errno |=
+ ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
}
return ERROR;
}
cmd_count--;
- tctx->pending_BDAT = FALSE;
+ sx->pending_BDAT = FALSE;
pipelining_active = FALSE;
}
else if (chunk_size > 0)
- tctx->pending_BDAT = TRUE;
+ sx->pending_BDAT = TRUE;
-tctx->cmd_count = cmd_count;
+sx->cmd_count = cmd_count;
return OK;
}
/*************************************************
-* Deliver address list to given host *
+* Make connection for given message *
*************************************************/
-/* If continue_hostname is not null, we get here only when continuing to
-deliver down an existing channel. The channel was passed as the standard
-input. TLS is never active on a passed channel; the previous process always
-closes it down before passing the connection on.
-
-Otherwise, we have to make a connection to the remote host, and do the
-initial protocol exchange.
-
-When running as an MUA wrapper, if the sender or any recipient is rejected,
-temporarily or permanently, we force failure for all recipients.
-
+/*
Arguments:
- addrlist chain of potential addresses to deliver; only those whose
- transport_return field is set to PENDING_DEFER are currently
- being processed; others should be skipped - they have either
- been delivered to an earlier host or IP address, or been
- failed by one of them.
- host host to deliver to
- host_af AF_INET or AF_INET6
- port default TCP/IP port to use, in host byte order
- interface interface to bind to, or NULL
- tblock transport instance block
- message_defer set TRUE if yield is OK, but all addresses were deferred
- because of a non-recipient, non-host failure, that is, a
- 4xx response to MAIL FROM, DATA, or ".". This is a defer
- that is specific to the message.
+ ctx connection context
suppress_tls if TRUE, don't attempt a TLS connection - this is set for
a second attempt after TLS initialization fails
Returns: OK - the connection was made and the delivery attempted;
- the result for each address is in its data block.
+ fd is set in the conn context, tls_out set up.
DEFER - the connection could not be made, or something failed
while setting up the SMTP session, or there was a
non-message-specific error, such as a timeout.
- ERROR - a filter command is specified for this transport,
- and there was a problem setting it up; OR helo_data
- or add_headers or authenticated_sender is specified
- for this transport, and the string failed to expand
+ ERROR - helo_data or add_headers or authenticated_sender is
+ specified for this transport, and the string failed
+ to expand
*/
-
-static int
-smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
- uschar *interface, transport_instance *tblock,
- BOOL *message_defer, BOOL suppress_tls)
+int
+smtp_setup_conn(smtp_context * sx, BOOL suppress_tls)
{
-address_item *addr;
-address_item *sync_addr;
-address_item *first_addr = addrlist;
-int yield = OK;
-int address_count;
-int save_errno;
-int rc;
-time_t start_delivery_time = time(NULL);
-smtp_transport_options_block *ob =
- (smtp_transport_options_block *)(tblock->options_block);
-struct lflags {
- BOOL lmtp:1;
- BOOL smtps:1;
- BOOL ok:1;
- BOOL send_rset:1;
- BOOL send_quit:1;
- BOOL setting_up:1;
- BOOL esmtp:1;
- BOOL esmtp_sent:1;
- BOOL pending_MAIL:1;
-#ifndef DISABLE_PRDR
- BOOL prdr_active:1;
-#endif
-#ifdef SUPPORT_I18N
- BOOL utf8_needed:1;
-#endif
- BOOL dsn_all_lasthop:1;
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
- BOOL dane:1;
- BOOL dane_required:1;
-#endif
-} lflags;
-
-BOOL pass_message = FALSE;
-BOOL completed_address = FALSE;
-uschar peer_offered = 0;
#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
dns_answer tlsa_dnsa;
#endif
-smtp_inblock inblock;
-smtp_outblock outblock;
-int max_rcpt = tblock->max_addresses;
-uschar *igquotstr = US"";
-
-#ifdef EXPERIMENTAL_DSN_INFO
-uschar *smtp_greeting = NULL;
-uschar *helo_response = NULL;
-#endif
-uschar *helo_data = NULL;
-
-uschar *message = NULL;
-uschar new_message_id[MESSAGE_ID_LENGTH + 1];
-uschar *p;
-uschar buffer[DELIVER_BUFFER_SIZE];
-uschar inbuffer[4096];
-uschar outbuffer[4096];
+BOOL pass_message = FALSE;
+uschar * message = NULL;
+int yield = OK;
+int rc;
-suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
+sx->ob = (smtp_transport_options_block *) sx->tblock->options_block;
-lflags.lmtp = strcmpic(ob->protocol, US"lmtp") == 0;
-lflags.smtps = strcmpic(ob->protocol, US"smtps") == 0;
-lflags.ok = FALSE;
-lflags.send_rset = TRUE;
-lflags.send_quit = TRUE;
-lflags.setting_up = TRUE;
-lflags.esmtp = TRUE;
-lflags.esmtp_sent = FALSE;
+sx->lmtp = strcmpic(sx->ob->protocol, US"lmtp") == 0;
+sx->smtps = strcmpic(sx->ob->protocol, US"smtps") == 0;
+sx->ok = FALSE;
+sx->send_rset = TRUE;
+sx->send_quit = TRUE;
+sx->setting_up = TRUE;
+sx->esmtp = TRUE;
+sx->esmtp_sent = FALSE;
#ifdef SUPPORT_I18N
-lflags.utf8_needed = FALSE;
+sx->utf8_needed = FALSE;
#endif
-lflags.dsn_all_lasthop = TRUE;
+sx->dsn_all_lasthop = TRUE;
#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
-lflags.dane = FALSE;
-lflags.dane_required = verify_check_given_host(&ob->hosts_require_dane, host) == OK;
+sx->dane = FALSE;
+sx->dane_required = verify_check_given_host(&sx->ob->hosts_require_dane, sx->host) == OK;
+#endif
+
+if ((sx->max_rcpt = sx->tblock->max_addresses) == 0) sx->max_rcpt = 999999;
+sx->peer_offered = 0;
+sx->igquotstr = US"";
+if (!sx->helo_data) sx->helo_data = sx->ob->helo_data;
+#ifdef EXPERIMENTAL_DSN_INFO
+sx->smtp_greeting = NULL;
+sx->helo_response = NULL;
#endif
-*message_defer = FALSE;
smtp_command = US"initial connection";
-buffer[0] = '\0';
-if (max_rcpt == 0) max_rcpt = 999999;
+sx->buffer[0] = '\0';
/* Set up the buffer for reading SMTP response packets. */
-inblock.buffer = inbuffer;
-inblock.buffersize = sizeof(inbuffer);
-inblock.ptr = inbuffer;
-inblock.ptrend = inbuffer;
+sx->inblock.buffer = sx->inbuffer;
+sx->inblock.buffersize = sizeof(sx->inbuffer);
+sx->inblock.ptr = sx->inbuffer;
+sx->inblock.ptrend = sx->inbuffer;
/* Set up the buffer for holding SMTP commands while pipelining */
-outblock.buffer = outbuffer;
-outblock.buffersize = sizeof(outbuffer);
-outblock.ptr = outbuffer;
-outblock.cmd_count = 0;
-outblock.authenticating = FALSE;
+sx->outblock.buffer = sx->outbuffer;
+sx->outblock.buffersize = sizeof(sx->outbuffer);
+sx->outblock.ptr = sx->outbuffer;
+sx->outblock.cmd_count = 0;
+sx->outblock.authenticating = FALSE;
/* Reset the parameters of a TLS session. */
/* Flip the legacy TLS-related variables over to the outbound set in case
they're used in the context of the transport. Don't bother resetting
-afterward as we're in a subprocess. */
+afterward (when being used by a transport) as we're in a subprocess.
+For verify, unflipped once the callout is dealt with */
tls_modify_variables(&tls_out);
#ifndef SUPPORT_TLS
-if (lflags.smtps)
+if (sx->smtps)
{
- set_errno_nohost(addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
+ set_errno_nohost(sx->addrlist, ERRNO_TLSFAILURE, US"TLS support not available",
DEFER, FALSE);
return ERROR;
}
if (continue_hostname == NULL)
{
+ if (sx->verify)
+ HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", sx->interface, sx->port);
+
/* This puts port into host->port */
- inblock.sock = outblock.sock =
- smtp_connect(host, host_af, port, interface, ob->connect_timeout, tblock);
+ sx->inblock.sock = sx->outblock.sock =
+ smtp_connect(sx->host, sx->host_af, sx->port, sx->interface,
+ sx->ob->connect_timeout, sx->tblock);
- if (inblock.sock < 0)
+ if (sx->inblock.sock < 0)
{
- set_errno_nohost(addrlist, errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
- NULL, DEFER, FALSE);
+ uschar * msg = NULL;
+ if (sx->verify)
+ {
+ msg = US strerror(errno);
+ HDEBUG(D_verify) debug_printf("connect: %s\n", msg);
+ }
+ set_errno_nohost(sx->addrlist,
+ errno == ETIMEDOUT ? ERRNO_CONNECTTIMEOUT : errno,
+ sx->verify ? string_sprintf("could not connect: %s", msg)
+ : NULL,
+ DEFER, FALSE);
+ sx->send_quit = FALSE;
return DEFER;
}
tls_out.dane_verified = FALSE;
tls_out.tlsa_usage = 0;
- if (host->dnssec == DS_YES)
+ if (sx->host->dnssec == DS_YES)
{
- if( lflags.dane_required
- || verify_check_given_host(&ob->hosts_try_dane, host) == OK
+ if( sx->dane_required
+ || verify_check_given_host(&sx->ob->hosts_try_dane, sx->host) == OK
)
- switch (rc = tlsa_lookup(host, &tlsa_dnsa, lflags.dane_required))
+ switch (rc = tlsa_lookup(sx->host, &tlsa_dnsa, sx->dane_required))
{
- case OK: lflags.dane = TRUE; break;
+ case OK: sx->dane = TRUE; break;
case FAIL_FORCED: break;
- default: set_errno_nohost(addrlist, ERRNO_DNSDEFER,
+ default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
string_sprintf("DANE error: tlsa lookup %s",
rc == DEFER ? "DEFER" : "FAIL"),
rc, FALSE);
return rc;
}
}
- else if (lflags.dane_required)
+ else if (sx->dane_required)
{
- set_errno_nohost(addrlist, ERRNO_DNSDEFER,
- string_sprintf("DANE error: %s lookup not DNSSEC", host->name),
+ set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
+ string_sprintf("DANE error: %s lookup not DNSSEC", sx->host->name),
FAIL, FALSE);
return FAIL;
}
- if (lflags.dane)
- ob->tls_tempfail_tryclear = FALSE;
+ if (sx->dane)
+ sx->ob->tls_tempfail_tryclear = FALSE;
}
#endif /*DANE*/
sense if helo_data contains ${lookup dnsdb ...} stuff). The expansion is
delayed till here so that $sending_interface and $sending_port are set. */
- helo_data = expand_string(ob->helo_data);
+ if (sx->helo_data)
+ if (!(sx->helo_data = expand_string(sx->helo_data)))
+ if (sx->verify)
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "<%s>: failed to expand transport's helo_data value for callout: %s",
+ sx->addrlist->address, expand_string_message);
+
#ifdef SUPPORT_I18N
- if (helo_data)
+ if (sx->helo_data)
{
- uschar * errstr = NULL;
- if ((helo_data = string_domain_utf8_to_alabel(helo_data, &errstr)), errstr)
- {
- errstr = string_sprintf("failed to expand helo_data: %s", errstr);
- set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE);
- yield = DEFER;
- goto SEND_QUIT;
- }
+ expand_string_message = NULL;
+ if ((sx->helo_data = string_domain_utf8_to_alabel(sx->helo_data,
+ &expand_string_message)),
+ expand_string_message)
+ if (sx->verify)
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "<%s>: failed to expand transport's helo_data value for callout: %s",
+ sx->addrlist->address, expand_string_message);
+ else
+ sx->helo_data = NULL;
}
#endif
is nevertheless a reasonably clean way of programming this kind of logic,
where you want to escape on any error. */
- if (!lflags.smtps)
+ if (!sx->smtps)
{
BOOL good_response;
#ifdef TCP_QUICKACK
- (void) setsockopt(inblock.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
+ (void) setsockopt(sx->inblock.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
#endif
- good_response = smtp_read_response(&inblock, buffer, sizeof(buffer),
- '2', ob->command_timeout);
+ good_response = smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
+ '2', sx->ob->command_timeout);
#ifdef EXPERIMENTAL_DSN_INFO
- smtp_greeting = string_copy(buffer);
+ sx->smtp_greeting = string_copy(sx->buffer);
#endif
if (!good_response) goto RESPONSE_FAILED;
#ifndef DISABLE_EVENT
{
uschar * s;
- lookup_dnssec_authenticated = host->dnssec==DS_YES ? US"yes"
- : host->dnssec==DS_NO ? US"no" : NULL;
- s = event_raise(tblock->event_action, US"smtp:connect", buffer);
+ lookup_dnssec_authenticated = sx->host->dnssec==DS_YES ? US"yes"
+ : sx->host->dnssec==DS_NO ? US"no" : NULL;
+ s = event_raise(sx->tblock->event_action, US"smtp:connect", sx->buffer);
if (s)
{
- set_errno_nohost(addrlist, ERRNO_EXPANDFAIL,
+ set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL,
string_sprintf("deferred by smtp:connect event expansion: %s", s),
DEFER, FALSE);
yield = DEFER;
/* Now check if the helo_data expansion went well, and sign off cleanly if
it didn't. */
- if (!helo_data)
+ if (!sx->helo_data)
{
- uschar *message = string_sprintf("failed to expand helo_data: %s",
+ message = string_sprintf("failed to expand helo_data: %s",
expand_string_message);
- set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
+ set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
yield = DEFER;
goto SEND_QUIT;
}
}
/** Debugging without sending a message
-addrlist->transport_return = DEFER;
+sx->addrlist->transport_return = DEFER;
goto SEND_QUIT;
**/
mailers use upper case for some reason (the RFC is quite clear about case
independence) so, for peace of mind, I gave in. */
- lflags.esmtp = verify_check_given_host(&ob->hosts_avoid_esmtp, host) != OK;
+ sx->esmtp = verify_check_given_host(&sx->ob->hosts_avoid_esmtp, sx->host) != OK;
/* Alas; be careful, since this goto is not an error-out, so conceivably
we might set data between here and the target which we assume to exist
and be usable. I can see this coming back to bite us. */
#ifdef SUPPORT_TLS
- if (lflags.smtps)
+ if (sx->smtps)
{
smtp_peer_options |= PEER_OFFERED_TLS;
suppress_tls = FALSE;
- ob->tls_tempfail_tryclear = FALSE;
+ sx->ob->tls_tempfail_tryclear = FALSE;
smtp_command = US"SSL-on-connect";
goto TLS_NEGOTIATE;
}
#endif
- if (lflags.esmtp)
+ if (sx->esmtp)
{
- if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
- lflags.lmtp ? "LHLO" : "EHLO", helo_data) < 0)
+ if (smtp_write_command(&sx->outblock, FALSE, "%s %s\r\n",
+ sx->lmtp ? "LHLO" : "EHLO", sx->helo_data) < 0)
goto SEND_FAILED;
- lflags.esmtp_sent = TRUE;
- if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
- ob->command_timeout))
+ sx->esmtp_sent = TRUE;
+ if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), '2',
+ sx->ob->command_timeout))
{
- if (errno != 0 || buffer[0] == 0 || lflags.lmtp)
+ if (errno != 0 || sx->buffer[0] == 0 || sx->lmtp)
{
#ifdef EXPERIMENTAL_DSN_INFO
- helo_response = string_copy(buffer);
+ sx->helo_response = string_copy(sx->buffer);
#endif
goto RESPONSE_FAILED;
}
- lflags.esmtp = FALSE;
+ sx->esmtp = FALSE;
}
#ifdef EXPERIMENTAL_DSN_INFO
- helo_response = string_copy(buffer);
+ sx->helo_response = string_copy(sx->buffer);
#endif
}
else
DEBUG(D_transport)
debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
- if (!lflags.esmtp)
+ if (!sx->esmtp)
{
BOOL good_response;
- int n = sizeof(buffer);
- uschar * rsp = buffer;
+ int n = sizeof(sx->buffer);
+ uschar * rsp = sx->buffer;
- if (lflags.esmtp_sent && (n = Ustrlen(buffer)) < sizeof(buffer)/2)
- { rsp = buffer + n + 1; n = sizeof(buffer) - n; }
+ if (sx->esmtp_sent && (n = Ustrlen(sx->buffer)) < sizeof(sx->buffer)/2)
+ { rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n; }
- if (smtp_write_command(&outblock, FALSE, "HELO %s\r\n", helo_data) < 0)
+ if (smtp_write_command(&sx->outblock, FALSE, "HELO %s\r\n", sx->helo_data) < 0)
goto SEND_FAILED;
- good_response = smtp_read_response(&inblock, rsp, n,
- '2', ob->command_timeout);
+ good_response = smtp_read_response(&sx->inblock, rsp, n,
+ '2', sx->ob->command_timeout);
#ifdef EXPERIMENTAL_DSN_INFO
- helo_response = string_copy(rsp);
+ sx->helo_response = string_copy(rsp);
#endif
if (!good_response)
{
/* Handle special logging for a closed connection after HELO
when had previously sent EHLO */
- if (rsp != buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
+ if (rsp != sx->buffer && rsp[0] == 0 && (errno == 0 || errno == ECONNRESET))
{
- message = NULL;
- lflags.send_quit = FALSE;
- save_errno = ERRNO_SMTPCLOSED;
- message = string_sprintf("Remote host closed connection "
- "in response to %s (EHLO response was: %s)",
- smtp_command, buffer);
- goto FAILED;
+ errno = ERRNO_SMTPCLOSED;
+ goto EHLOHELO_FAILED;
}
- Ustrncpy(buffer, rsp, sizeof(buffer)/2);
+ Ustrncpy(sx->buffer, rsp, sizeof(sx->buffer)/2);
goto RESPONSE_FAILED;
}
}
- peer_offered = smtp_peer_options = 0;
+ sx->peer_offered = smtp_peer_options = 0;
- if (lflags.esmtp || lflags.lmtp)
+ if (sx->esmtp || sx->lmtp)
{
- peer_offered = ehlo_response(buffer, Ustrlen(buffer),
+ sx->peer_offered = ehlo_response(sx->buffer,
PEER_OFFERED_TLS /* others checked later */
);
/* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
#ifdef SUPPORT_TLS
- smtp_peer_options |= peer_offered & PEER_OFFERED_TLS;
+ smtp_peer_options |= sx->peer_offered & PEER_OFFERED_TLS;
#endif
}
}
connection on. */
/*XXX continue case needs to propagate DSN_INFO, prob. in deliver.c
-as the contine goes via transport_pass_socket() and doublefork and exec.
+as the continue goes via transport_pass_socket() and doublefork and exec.
It does not wait. Unclear how we keep separate host's responses
separate - we could match up by host ip+port as a bodge. */
else
{
- inblock.sock = outblock.sock = fileno(stdin);
+ sx->inblock.sock = sx->outblock.sock = 0; /* stdin */
smtp_command = big_buffer;
- host->port = port; /* Record the port that was used */
+ sx->host->port = sx->port; /* Record the port that was used */
+ sx->helo_data = NULL; /* ensure we re-expand ob->helo_data */
+
+ /* For a continued connection with TLS being proxied for us, nothing
+ more to do. */
+
+ if (continue_proxy)
+ {
+ sx->peer_offered = smtp_peer_options;
+ pipelining_active = !!(smtp_peer_options & PEER_OFFERED_PIPE);
+ HDEBUG(D_transport) debug_printf("continued connection, proxied TLS\n");
+ return OK;
+ }
+ HDEBUG(D_transport) debug_printf("continued connection, no TLS\n");
}
/* If TLS is available on this connection, whether continued or not, attempt to
#ifdef SUPPORT_TLS
if ( smtp_peer_options & PEER_OFFERED_TLS
&& !suppress_tls
- && verify_check_given_host(&ob->hosts_avoid_tls, host) != OK)
+ && verify_check_given_host(&sx->ob->hosts_avoid_tls, sx->host) != OK
+ && ( !sx->verify
+ || verify_check_given_host(&sx->ob->hosts_verify_avoid_tls, sx->host) != OK
+ ) )
{
uschar buffer2[4096];
- if (smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") < 0)
+ if (smtp_write_command(&sx->outblock, FALSE, "STARTTLS\r\n") < 0)
goto SEND_FAILED;
/* If there is an I/O error, transmission of this message is deferred. If
STARTTLS, we carry on. This means we will try to send the message in clear,
unless the host is in hosts_require_tls (tested below). */
- if (!smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
- ob->command_timeout))
+ if (!smtp_read_response(&sx->inblock, buffer2, sizeof(buffer2), '2',
+ sx->ob->command_timeout))
{
if ( errno != 0
|| buffer2[0] == 0
- || (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)
+ || (buffer2[0] == '4' && !sx->ob->tls_tempfail_tryclear)
)
{
- Ustrncpy(buffer, buffer2, sizeof(buffer));
+ Ustrncpy(sx->buffer, buffer2, sizeof(sx->buffer));
+ sx->buffer[sizeof(sx->buffer)-1] = '\0';
goto RESPONSE_FAILED;
}
}
else
TLS_NEGOTIATE:
{
- int rc = tls_client_start(inblock.sock, host, addrlist, tblock
+ address_item * addr;
+ uschar * errstr;
+ int rc = tls_client_start(sx->inblock.sock, sx->host, sx->addrlist, sx->tblock,
# ifdef EXPERIMENTAL_DANE
- , lflags.dane ? &tlsa_dnsa : NULL
+ sx->dane ? &tlsa_dnsa : NULL,
# endif
- );
+ &errstr);
/* TLS negotiation failed; give an error. From outside, this function may
be called again to try in clear on a new connection, if the options permit
if (rc != OK)
{
# ifdef EXPERIMENTAL_DANE
- if (lflags.dane) log_write(0, LOG_MAIN,
- "DANE attempt failed; no TLS connection to %s [%s]",
- host->name, host->address);
+ if (sx->dane) log_write(0, LOG_MAIN,
+ "DANE attempt failed; TLS connection to %s [%s]: %s",
+ sx->host->name, sx->host->address, errstr);
# endif
- save_errno = ERRNO_TLSFAILURE;
- message = US"failure while setting up TLS session";
- lflags.send_quit = FALSE;
+ errno = ERRNO_TLSFAILURE;
+ message = string_sprintf("TLS session: %s", errstr);
+ sx->send_quit = FALSE;
goto TLS_FAILED;
}
/* TLS session is set up */
smtp_peer_options_wrap = smtp_peer_options;
- for (addr = addrlist; addr; addr = addr->next)
+ for (addr = sx->addrlist; addr; addr = addr->next)
if (addr->transport_return == PENDING_DEFER)
{
addr->cipher = tls_out.cipher;
char *greeting_cmd;
BOOL good_response;
- if (helo_data == NULL)
+ if (!sx->helo_data && !(sx->helo_data = expand_string(sx->ob->helo_data)))
{
- helo_data = expand_string(ob->helo_data);
- if (helo_data == NULL)
- {
- uschar *message = string_sprintf("failed to expand helo_data: %s",
- expand_string_message);
- set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
- yield = DEFER;
- goto SEND_QUIT;
- }
+ uschar *message = string_sprintf("failed to expand helo_data: %s",
+ expand_string_message);
+ set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, message, DEFER, FALSE);
+ yield = DEFER;
+ goto SEND_QUIT;
}
/* For SMTPS we need to wait for the initial OK response. */
- if (lflags.smtps)
+ if (sx->smtps)
{
- good_response = smtp_read_response(&inblock, buffer, sizeof(buffer),
- '2', ob->command_timeout);
+ good_response = smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
+ '2', sx->ob->command_timeout);
#ifdef EXPERIMENTAL_DSN_INFO
- smtp_greeting = string_copy(buffer);
+ sx->smtp_greeting = string_copy(sx->buffer);
#endif
if (!good_response) goto RESPONSE_FAILED;
}
- if (lflags.esmtp)
+ if (sx->esmtp)
greeting_cmd = "EHLO";
else
{
debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
}
- if (smtp_write_command(&outblock, FALSE, "%s %s\r\n",
- lflags.lmtp ? "LHLO" : greeting_cmd, helo_data) < 0)
+ if (smtp_write_command(&sx->outblock, FALSE, "%s %s\r\n",
+ sx->lmtp ? "LHLO" : greeting_cmd, sx->helo_data) < 0)
goto SEND_FAILED;
- good_response = smtp_read_response(&inblock, buffer, sizeof(buffer),
- '2', ob->command_timeout);
+ good_response = smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer),
+ '2', sx->ob->command_timeout);
#ifdef EXPERIMENTAL_DSN_INFO
- helo_response = string_copy(buffer);
+ sx->helo_response = string_copy(sx->buffer);
#endif
if (!good_response) goto RESPONSE_FAILED;
smtp_peer_options = 0;
/* If the host is required to use a secure channel, ensure that we
have one. */
-else if ( lflags.smtps
+else if ( sx->smtps
# ifdef EXPERIMENTAL_DANE
- || lflags.dane
+ || sx->dane
# endif
- || verify_check_given_host(&ob->hosts_require_tls, host) == OK
+ || verify_check_given_host(&sx->ob->hosts_require_tls, sx->host) == OK
)
{
- save_errno = ERRNO_TLSREQUIRED;
+ errno = ERRNO_TLSREQUIRED;
message = string_sprintf("a TLS session is required, but %s",
smtp_peer_options & PEER_OFFERED_TLS
? "an attempt to start TLS failed" : "the server did not offer TLS support");
#endif
)
{
- if (lflags.esmtp || lflags.lmtp)
+ if (sx->esmtp || sx->lmtp)
{
- peer_offered = ehlo_response(buffer, Ustrlen(buffer),
- 0 /* no TLS */
- | (lflags.lmtp && ob->lmtp_ignore_quota ? PEER_OFFERED_IGNQ : 0)
- | PEER_OFFERED_CHUNKING
- | PEER_OFFERED_PRDR
+ sx->peer_offered = ehlo_response(sx->buffer,
+ 0 /* no TLS */
+ | (sx->lmtp && sx->ob->lmtp_ignore_quota ? PEER_OFFERED_IGNQ : 0)
+ | PEER_OFFERED_CHUNKING
+ | PEER_OFFERED_PRDR
#ifdef SUPPORT_I18N
- | (addrlist->prop.utf8_msg ? PEER_OFFERED_UTF8 : 0)
- /*XXX if we hand peercaps on to continued-conn processes,
- must not depend on this addr */
+ | (sx->addrlist->prop.utf8_msg ? PEER_OFFERED_UTF8 : 0)
+ /*XXX if we hand peercaps on to continued-conn processes,
+ must not depend on this addr */
#endif
- | PEER_OFFERED_DSN
- | PEER_OFFERED_PIPE
- | (ob->size_addition >= 0 ? PEER_OFFERED_SIZE : 0)
+ | PEER_OFFERED_DSN
+ | PEER_OFFERED_PIPE
+ | (sx->ob->size_addition >= 0 ? PEER_OFFERED_SIZE : 0)
);
/* Set for IGNOREQUOTA if the response to LHLO specifies support and the
lmtp_ignore_quota option was set. */
- igquotstr = peer_offered & PEER_OFFERED_IGNQ ? US" IGNOREQUOTA" : US"";
+ sx->igquotstr = sx->peer_offered & PEER_OFFERED_IGNQ ? US" IGNOREQUOTA" : US"";
/* If the response to EHLO specified support for the SIZE parameter, note
this, provided size_addition is non-negative. */
- smtp_peer_options |= peer_offered & PEER_OFFERED_SIZE;
+ smtp_peer_options |= sx->peer_offered & PEER_OFFERED_SIZE;
/* Note whether the server supports PIPELINING. If hosts_avoid_esmtp matched
the current host, esmtp will be false, so PIPELINING can never be used. If
the current host matches hosts_avoid_pipelining, don't do it. */
- if ( peer_offered & PEER_OFFERED_PIPE
- && verify_check_given_host(&ob->hosts_avoid_pipelining, host) != OK)
+ if ( sx->peer_offered & PEER_OFFERED_PIPE
+ && verify_check_given_host(&sx->ob->hosts_avoid_pipelining, sx->host) != OK)
smtp_peer_options |= PEER_OFFERED_PIPE;
DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
smtp_peer_options & PEER_OFFERED_PIPE ? "" : "not ");
- if ( peer_offered & PEER_OFFERED_CHUNKING
- && verify_check_given_host(&ob->hosts_try_chunking, host) != OK)
- peer_offered &= ~PEER_OFFERED_CHUNKING;
+ if ( sx->peer_offered & PEER_OFFERED_CHUNKING
+ && verify_check_given_host(&sx->ob->hosts_try_chunking, sx->host) != OK)
+ sx->peer_offered &= ~PEER_OFFERED_CHUNKING;
- if (peer_offered & PEER_OFFERED_CHUNKING)
+ if (sx->peer_offered & PEER_OFFERED_CHUNKING)
{DEBUG(D_transport) debug_printf("CHUNKING usable\n");}
#ifndef DISABLE_PRDR
- if ( peer_offered & PEER_OFFERED_PRDR
- && verify_check_given_host(&ob->hosts_try_prdr, host) != OK)
- peer_offered &= ~PEER_OFFERED_PRDR;
+ if ( sx->peer_offered & PEER_OFFERED_PRDR
+ && verify_check_given_host(&sx->ob->hosts_try_prdr, sx->host) != OK)
+ sx->peer_offered &= ~PEER_OFFERED_PRDR;
- if (peer_offered & PEER_OFFERED_PRDR)
+ if (sx->peer_offered & PEER_OFFERED_PRDR)
{DEBUG(D_transport) debug_printf("PRDR usable\n");}
#endif
/* Note if the server supports DSN */
- smtp_peer_options |= peer_offered & PEER_OFFERED_DSN;
+ smtp_peer_options |= sx->peer_offered & PEER_OFFERED_DSN;
DEBUG(D_transport) debug_printf("%susing DSN\n",
- peer_offered & PEER_OFFERED_DSN ? "" : "not ");
+ sx->peer_offered & PEER_OFFERED_DSN ? "" : "not ");
/* Note if the response to EHLO specifies support for the AUTH extension.
If it has, check that this host is one we want to authenticate to, and do
the business. The host name and address must be available when the
authenticator's client driver is running. */
- switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host,
- ob, lflags.esmtp, &inblock, &outblock))
+ switch (yield = smtp_auth(sx->buffer, sizeof(sx->buffer), sx->addrlist, sx->host,
+ sx->ob, sx->esmtp, &sx->inblock, &sx->outblock))
{
default: goto SEND_QUIT;
case OK: break;
/* The setting up of the SMTP call is now complete. Any subsequent errors are
message-specific. */
-lflags.setting_up = FALSE;
+sx->setting_up = FALSE;
#ifdef SUPPORT_I18N
-if (addrlist->prop.utf8_msg)
+if (sx->addrlist->prop.utf8_msg)
{
- lflags.utf8_needed = !addrlist->prop.utf8_downcvt
- && !addrlist->prop.utf8_downcvt_maybe;
- DEBUG(D_transport) if (!lflags.utf8_needed)
+ sx->utf8_needed = !sx->addrlist->prop.utf8_downcvt
+ && !sx->addrlist->prop.utf8_downcvt_maybe;
+ DEBUG(D_transport) if (!sx->utf8_needed)
debug_printf("utf8: %s downconvert\n",
- addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
+ sx->addrlist->prop.utf8_downcvt ? "mandatory" : "optional");
}
/* If this is an international message we need the host to speak SMTPUTF8 */
-if (lflags.utf8_needed && !(peer_offered & PEER_OFFERED_UTF8))
+if (sx->utf8_needed && !(sx->peer_offered & PEER_OFFERED_UTF8))
{
errno = ERRNO_UTF8_FWD;
goto RESPONSE_FAILED;
}
#endif
-/* If there is a filter command specified for this transport, we can now
-set it up. This cannot be done until the identify of the host is known. */
+return OK;
+
-if (tblock->filter_command != NULL)
{
- BOOL rc;
- uschar fbuf[64];
- sprintf(CS fbuf, "%.50s transport", tblock->name);
- rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
- TRUE, DEFER, addrlist, fbuf, NULL);
- transport_filter_timeout = tblock->filter_timeout;
+ int code;
- /* On failure, copy the error to all addresses, abandon the SMTP call, and
- yield ERROR. */
+ RESPONSE_FAILED:
+ message = NULL;
+ sx->send_quit = check_response(sx->host, &errno, sx->addrlist->more_errno,
+ sx->buffer, &code, &message, &pass_message);
+ goto FAILED;
- if (!rc)
- {
- set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
- FALSE);
- yield = ERROR;
- goto SEND_QUIT;
- }
+ SEND_FAILED:
+ code = '4';
+ message = US string_sprintf("send() to %s [%s] failed: %s",
+ sx->host->name, sx->host->address, strerror(errno));
+ sx->send_quit = FALSE;
+ goto FAILED;
- if ( transport_filter_argv
- && *transport_filter_argv
- && **transport_filter_argv
- && peer_offered & PEER_OFFERED_CHUNKING
- )
- {
- peer_offered &= ~PEER_OFFERED_CHUNKING;
- DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
- }
+ /* This label is jumped to directly when a TLS negotiation has failed,
+ or was not done for a host for which it is required. Values will be set
+ in message and errno, and setting_up will always be true. Treat as
+ a temporary error. */
+
+ EHLOHELO_FAILED:
+ code = '4';
+ message = string_sprintf("Remote host closed connection in response to %s"
+ " (EHLO response was: %s)", smtp_command, sx->buffer);
+ sx->send_quit = FALSE;
+ goto FAILED;
+
+#ifdef SUPPORT_TLS
+ TLS_FAILED:
+ code = '4';
+ goto FAILED;
+#endif
+
+ /* The failure happened while setting up the call; see if the failure was
+ a 5xx response (this will either be on connection, or following HELO - a 5xx
+ after EHLO causes it to try HELO). If so, fail all addresses, as this host is
+ never going to accept them. For other errors during setting up (timeouts or
+ whatever), defer all addresses, and yield DEFER, so that the host is not
+ tried again for a while. */
+
+FAILED:
+ sx->ok = FALSE; /* For when reached by GOTO */
+
+ yield = code == '5'
+#ifdef SUPPORT_I18N
+ || errno == ERRNO_UTF8_FWD
+#endif
+ ? FAIL : DEFER;
+
+ set_errno(sx->addrlist, errno, message, yield, pass_message, sx->host
+#ifdef EXPERIMENTAL_DSN_INFO
+ , sx->smtp_greeting, sx->helo_response
+#endif
+ );
}
-/* For messages that have more than the maximum number of envelope recipients,
-we want to send several transactions down the same SMTP connection. (See
-comments in deliver.c as to how this reconciles, heuristically, with
-remote_max_parallel.) This optimization was added to Exim after the following
-code was already working. The simplest way to put it in without disturbing the
-code was to use a goto to jump back to this point when there is another
-transaction to handle. */
+SEND_QUIT:
-SEND_MESSAGE:
-sync_addr = first_addr;
-address_count = 0;
-lflags.ok = FALSE;
-lflags.send_rset = TRUE;
-completed_address = FALSE;
+if (sx->send_quit)
+ (void)smtp_write_command(&sx->outblock, FALSE, "QUIT\r\n");
+
+#ifdef SUPPORT_TLS
+tls_close(FALSE, TRUE);
+#endif
+
+/* Close the socket, and return the appropriate value, first setting
+works because the NULL setting is passed back to the calling process, and
+remote_max_parallel is forced to 1 when delivering over an existing connection,
+
+If all went well and continue_more is set, we shouldn't actually get here if
+there are further addresses, as the return above will be taken. However,
+writing RSET might have failed, or there may be other addresses whose hosts are
+specified in the transports, and therefore not visible at top level, in which
+case continue_more won't get set. */
+
+HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
+if (sx->send_quit)
+ {
+ shutdown(sx->outblock.sock, SHUT_WR);
+ if (fcntl(sx->inblock.sock, F_SETFL, O_NONBLOCK) == 0)
+ for (rc = 16; read(sx->inblock.sock, sx->inbuffer, sizeof(sx->inbuffer)) > 0 && rc > 0;)
+ rc--; /* drain socket */
+ sx->send_quit = FALSE;
+ }
+(void)close(sx->inblock.sock);
+sx->inblock.sock = sx->outblock.sock = -1;
+
+#ifndef DISABLE_EVENT
+(void) event_raise(sx->tblock->event_action, US"tcp:close", NULL);
+#endif
+
+continue_transport = NULL;
+continue_hostname = NULL;
+return yield;
+}
+
+
+
+
+/* Create the string of options that will be appended to the MAIL FROM:
+in the connection context buffer */
+
+static int
+build_mailcmd_options(smtp_context * sx, address_item * addrlist)
+{
+uschar * p = sx->buffer;
+address_item * addr;
+int address_count;
+*p = 0;
-/* Initiate a message transfer. If we know the receiving MTA supports the SIZE
-qualification, send it, adding something to the message size to allow for
-imprecision and things that get added en route. Exim keeps the number of lines
+/* If we know the receiving MTA supports the SIZE qualification,
+send it, adding something to the message size to allow for imprecision
+and things that get added en route. Exim keeps the number of lines
in a message, so we can give an accurate value for the original message, but we
need some additional to handle added headers. (Double "." characters don't get
included in the count.) */
-p = buffer;
-*p = 0;
-
-if (peer_offered & PEER_OFFERED_SIZE)
+if (sx->peer_offered & PEER_OFFERED_SIZE)
{
- sprintf(CS p, " SIZE=%d", message_size+message_linecount+ob->size_addition);
+ sprintf(CS p, " SIZE=%d", message_size+message_linecount+sx->ob->size_addition);
while (*p) p++;
}
#ifndef DISABLE_PRDR
-lflags.prdr_active = FALSE;
-if (peer_offered & PEER_OFFERED_PRDR)
- for (addr = first_addr; addr; addr = addr->next)
+/* If it supports Per-Recipient Data Reponses, and we have omre than one recipient,
+request that */
+
+sx->prdr_active = FALSE;
+if (sx->peer_offered & PEER_OFFERED_PRDR)
+ for (addr = addrlist; addr; addr = addr->next)
if (addr->transport_return == PENDING_DEFER)
{
for (addr = addr->next; addr; addr = addr->next)
if (addr->transport_return == PENDING_DEFER)
{ /* at least two recipients to send */
- lflags.prdr_active = TRUE;
+ sx->prdr_active = TRUE;
sprintf(CS p, " PRDR"); p += 5;
break;
}
#endif
#ifdef SUPPORT_I18N
-if ( addrlist->prop.utf8_msg
+/* If it supports internationalised messages, and this meesage need that,
+request it */
+
+if ( sx->peer_offered & PEER_OFFERED_UTF8
+ && addrlist->prop.utf8_msg
&& !addrlist->prop.utf8_downcvt
- && peer_offered & PEER_OFFERED_UTF8
)
- sprintf(CS p, " SMTPUTF8"), p += 9;
+ Ustrcpy(p, " SMTPUTF8"), p += 9;
#endif
-/* check if all addresses have lasthop flag */
-/* do not send RET and ENVID if true */
-for (lflags.dsn_all_lasthop = TRUE, addr = first_addr;
- address_count < max_rcpt && addr != NULL;
- addr = addr->next)
- if ((addr->dsn_flags & rf_dsnlasthop) != 1)
- {
- lflags.dsn_all_lasthop = FALSE;
+/* check if all addresses have DSN-lasthop flag; do not send RET and ENVID if so */
+for (sx->dsn_all_lasthop = TRUE, addr = addrlist, address_count = 0;
+ addr && address_count < sx->max_rcpt;
+ addr = addr->next) if (addr->transport_return == PENDING_DEFER)
+ {
+ address_count++;
+ if (!(addr->dsn_flags & rf_dsnlasthop))
+ {
+ sx->dsn_all_lasthop = FALSE;
break;
}
+ }
/* Add any DSN flags to the mail command */
-if (peer_offered & PEER_OFFERED_DSN && !lflags.dsn_all_lasthop)
+if (sx->peer_offered & PEER_OFFERED_DSN && !sx->dsn_all_lasthop)
{
if (dsn_ret == dsn_ret_hdrs)
{ Ustrcpy(p, " RET=HDRS"); p += 9; }
if (dsn_envid)
{
- string_format(p, sizeof(buffer) - (p-buffer), " ENVID=%s", dsn_envid);
+ string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ENVID=%s", dsn_envid);
while (*p) p++;
}
}
otherwise no check - this feature is expected to be used with LMTP and other
cases where non-standard addresses (e.g. without domains) might be required. */
-if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob))
+if (smtp_mail_auth_str(p, sizeof(sx->buffer) - (p-sx->buffer), addrlist, sx->ob))
+ return ERROR;
+
+return OK;
+}
+
+
+static void
+build_rcptcmd_options(smtp_context * sx, const address_item * addr)
+{
+uschar * p = sx->buffer;
+*p = 0;
+
+/* Add any DSN flags to the rcpt command */
+
+if (sx->peer_offered & PEER_OFFERED_DSN && !(addr->dsn_flags & rf_dsnlasthop))
+ {
+ if (addr->dsn_flags & rf_dsnflags)
+ {
+ int i;
+ BOOL first = TRUE;
+
+ Ustrcpy(p, " NOTIFY=");
+ while (*p) p++;
+ for (i = 0; i < nelem(rf_list); i++) if (addr->dsn_flags & rf_list[i])
+ {
+ if (!first) *p++ = ',';
+ first = FALSE;
+ Ustrcpy(p, rf_names[i]);
+ while (*p) p++;
+ }
+ }
+
+ if (addr->dsn_orcpt)
+ {
+ string_format(p, sizeof(sx->buffer) - (p-sx->buffer), " ORCPT=%s",
+ addr->dsn_orcpt);
+ while (*p) p++;
+ }
+ }
+}
+
+
+
+/*
+Return:
+ 0 good, rcpt results in addr->transport_return (PENDING_OK, DEFER, FAIL)
+ -1 MAIL response error
+ -2 any non-MAIL read i/o error
+ -3 non-MAIL response timeout
+ -4 internal error; channel still usable
+ -5 transmit failed
+ */
+
+int
+smtp_write_mail_and_rcpt_cmds(smtp_context * sx, int * yield)
+{
+address_item * addr;
+int address_count;
+int rc;
+
+if (build_mailcmd_options(sx, sx->first_addr) != OK)
{
- yield = ERROR;
- goto SEND_QUIT;
+ *yield = ERROR;
+ return -4;
}
/* From here until we send the DATA command, we can make use of PIPELINING
When PIPELINING is off, each command written reports that it has flushed the
buffer. */
-lflags.pending_MAIL = TRUE; /* The block starts with MAIL */
+sx->pending_MAIL = TRUE; /* The block starts with MAIL */
{
- uschar * s = return_path;
+ uschar * s = sx->from_addr;
#ifdef SUPPORT_I18N
uschar * errstr = NULL;
for the to-addresses (done below), and also (ugly) for re-doing when building
the delivery log line. */
- if ( addrlist->prop.utf8_msg
- && (addrlist->prop.utf8_downcvt || !(peer_offered & PEER_OFFERED_UTF8))
+ if ( sx->addrlist->prop.utf8_msg
+ && (sx->addrlist->prop.utf8_downcvt || !(sx->peer_offered & PEER_OFFERED_UTF8))
)
{
- if (s = string_address_utf8_to_alabel(return_path, &errstr), errstr)
+ if (s = string_address_utf8_to_alabel(s, &errstr), errstr)
{
- set_errno_nohost(addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE);
- yield = ERROR;
- goto SEND_QUIT;
+ set_errno_nohost(sx->addrlist, ERRNO_EXPANDFAIL, errstr, DEFER, FALSE);
+ *yield = ERROR;
+ return -4;
}
- setflag(addrlist, af_utf8_downcvt);
+ setflag(sx->addrlist, af_utf8_downcvt);
}
#endif
- rc = smtp_write_command(&outblock, pipelining_active,
- "MAIL FROM:<%s>%s\r\n", s, buffer);
+ rc = smtp_write_command(&sx->outblock, pipelining_active,
+ "MAIL FROM:<%s>%s\r\n", s, sx->buffer);
}
mail_command = string_copy(big_buffer); /* Save for later error message */
switch(rc)
{
case -1: /* Transmission error */
- goto SEND_FAILED;
+ return -5;
- case +1: /* Block was sent */
- if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
- ob->command_timeout))
+ case +1: /* Cmd was sent */
+ if (!smtp_read_response(&sx->inblock, sx->buffer, sizeof(sx->buffer), '2',
+ sx->ob->command_timeout))
{
- if (errno == 0 && buffer[0] == '4')
+ if (errno == 0 && sx->buffer[0] == '4')
{
errno = ERRNO_MAIL4XX;
- addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
+ sx->addrlist->more_errno |= ((sx->buffer[1] - '0')*10 + sx->buffer[2] - '0') << 8;
}
- goto RESPONSE_FAILED;
+ return -1;
}
- lflags.pending_MAIL = FALSE;
+ sx->pending_MAIL = FALSE;
break;
+
+ /* otherwise zero: command queued for pipeline */
}
/* Pass over all the relevant recipient addresses for this host, which are the
ones that have status PENDING_DEFER. If we are using PIPELINING, we can send
several before we have to read the responses for those seen so far. This
checking is done by a subroutine because it also needs to be done at the end.
-Send only up to max_rcpt addresses at a time, leaving first_addr pointing to
+Send only up to max_rcpt addresses at a time, leaving next_addr pointing to
the next one if not all are sent.
In the MUA wrapper situation, we want to flush the PIPELINING buffer for the
last address because we want to abort if any recipients have any kind of
problem, temporary or permanent. We know that all recipient addresses will have
the PENDING_DEFER status, because only one attempt is ever made, and we know
-that max_rcpt will be large, so all addresses will be done at once. */
+that max_rcpt will be large, so all addresses will be done at once.
-for (addr = first_addr;
- addr && address_count < max_rcpt;
- addr = addr->next)
- if (addr->transport_return == PENDING_DEFER)
+For verify we flush the pipeline after any (the only) rcpt address. */
+
+for (addr = sx->first_addr, address_count = 0;
+ addr && address_count < sx->max_rcpt;
+ addr = addr->next) if (addr->transport_return == PENDING_DEFER)
{
int count;
BOOL no_flush;
uschar * rcpt_addr;
- addr->dsn_aware = peer_offered & PEER_OFFERED_DSN
+ addr->dsn_aware = sx->peer_offered & PEER_OFFERED_DSN
? dsn_support_yes : dsn_support_no;
address_count++;
- no_flush = pipelining_active && (!mua_wrapper || addr->next);
-
- /* Add any DSN flags to the rcpt command and add to the sent string */
+ no_flush = pipelining_active && !sx->verify && (!mua_wrapper || addr->next);
- p = buffer;
- *p = 0;
-
- if (peer_offered & PEER_OFFERED_DSN && !(addr->dsn_flags & rf_dsnlasthop))
- {
- if (addr->dsn_flags & rf_dsnflags)
- {
- int i;
- BOOL first = TRUE;
- Ustrcpy(p, " NOTIFY=");
- while (*p) p++;
- for (i = 0; i < 4; i++)
- if ((addr->dsn_flags & rf_list[i]) != 0)
- {
- if (!first) *p++ = ',';
- first = FALSE;
- Ustrcpy(p, rf_names[i]);
- while (*p) p++;
- }
- }
-
- if (addr->dsn_orcpt)
- {
- string_format(p, sizeof(buffer) - (p-buffer), " ORCPT=%s",
- addr->dsn_orcpt);
- while (*p) p++;
- }
- }
+ build_rcptcmd_options(sx, addr);
/* Now send the RCPT command, and process outstanding responses when
necessary. After a timeout on RCPT, we just end the function, leaving the
yield as OK, because this error can often mean that there is a problem with
just one address, so we don't want to delay the host. */
- rcpt_addr = transport_rcpt_address(addr, tblock->rcpt_include_affixes);
+ rcpt_addr = transport_rcpt_address(addr, sx->tblock->rcpt_include_affixes);
#ifdef SUPPORT_I18N
- if ( testflag(addrlist, af_utf8_downcvt)
+ if ( testflag(sx->addrlist, af_utf8_downcvt)
&& !(rcpt_addr = string_address_utf8_to_alabel(rcpt_addr, NULL))
)
{
/*XXX could we use a per-address errstr here? Not fail the whole send? */
errno = ERRNO_EXPANDFAIL;
- goto SEND_FAILED;
+ return -5; /*XXX too harsh? */
}
#endif
- count = smtp_write_command(&outblock, no_flush, "RCPT TO:<%s>%s%s\r\n",
- rcpt_addr, igquotstr, buffer);
+ count = smtp_write_command(&sx->outblock, no_flush, "RCPT TO:<%s>%s%s\r\n",
+ rcpt_addr, sx->igquotstr, sx->buffer);
- if (count < 0) goto SEND_FAILED;
+ if (count < 0) return -5;
if (count > 0)
{
- switch(sync_responses(first_addr, tblock->rcpt_include_affixes,
- &sync_addr, host, count, ob->address_retry_include_sender,
- lflags.pending_MAIL, 0, &inblock, ob->command_timeout, buffer,
- sizeof(buffer)))
+ switch(sync_responses(sx, count, 0))
{
- case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */
- case 2: completed_address = TRUE; /* 5xx (only) => progress made */
- break;
+ case 3: sx->ok = TRUE; /* 2xx & 5xx => OK & progress made */
+ case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
+ break;
+
+ case 1: sx->ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
+ if (!sx->lmtp) /* can't tell about progress yet */
+ sx->completed_addr = TRUE;
+ case 0: /* No 2xx or 5xx, but no probs */
+ break;
+
+ case -1: return -3; /* Timeout on RCPT */
+ case -2: return -2; /* non-MAIL read i/o error */
+ default: return -1; /* any MAIL error */
+ }
+ sx->pending_MAIL = FALSE; /* Dealt with MAIL */
+ }
+ } /* Loop for next address */
- case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
- if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */
- case 0: /* No 2xx or 5xx, but no probs */
- break;
+sx->next_addr = addr;
+return 0;
+}
- case -1: goto END_OFF; /* Timeout on RCPT */
- default: goto RESPONSE_FAILED; /* I/O error, or any MAIL error */
+
+#ifdef SUPPORT_TLS
+/*****************************************************
+* Proxy TLS connection for another transport process *
+******************************************************/
+/*
+Use the smtp-context buffer as a staging area, and select on both the slave
+process and the TLS'd fd for data to read (per the coding in ip_recv() and
+fd_ready() this is legitimate). Do blocking full-size writes, and reads
+under a timeout.
+
+Arguments:
+ sx smtp context block
+ proxy_fd comms to proxied process
+ timeout per-read timeout, seconds
+*/
+
+static void
+smtp_proxy_tls(smtp_context * sx, int proxy_fd, int timeout)
+{
+fd_set fds;
+int max_fd = MAX(proxy_fd, tls_out.active) + 1;
+int rc, i, fd_bits, nbytes;
+
+set_process_info("proxying TLS connection for continued transport");
+FD_ZERO(&fds);
+FD_SET(tls_out.active, &fds);
+FD_SET(proxy_fd, &fds);
+
+for (fd_bits = 3; fd_bits; )
+ {
+ time_t time_left = timeout;
+ time_t time_start = time(NULL);
+
+ /* wait for data */
+ do
+ {
+ struct timeval tv = { time_left, 0 };
+
+ rc = select(max_fd, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tv);
+
+ if (rc < 0 && errno == EINTR)
+ if ((time_left -= time(NULL) - time_start) > 0) continue;
+
+ if (rc <= 0)
+ {
+ DEBUG(D_transport) if (rc == 0) debug_printf("%s: timed out\n", __FUNCTION__);
+ return;
}
- lflags.pending_MAIL = FALSE; /* Dealt with MAIL */
}
- } /* Loop for next address */
+ while (rc < 0 || !(FD_ISSET(tls_out.active, &fds) || FD_ISSET(proxy_fd, &fds)));
+
+ /* handle inbound data */
+ if (FD_ISSET(tls_out.active, &fds))
+ if ((rc = tls_read(FALSE, sx->buffer, sizeof(sx->buffer))) <= 0)
+ {
+ fd_bits &= ~1;
+ FD_CLR(tls_out.active, &fds);
+ shutdown(proxy_fd, SHUT_WR);
+ }
+ else
+ {
+ for (nbytes = 0; rc - nbytes > 0; nbytes += i)
+ if ((i = write(proxy_fd, sx->buffer + nbytes, rc - nbytes)) < 0) return;
+ }
+ else if (fd_bits & 1)
+ FD_SET(tls_out.active, &fds);
+
+ /* handle outbound data */
+ if (FD_ISSET(proxy_fd, &fds))
+ if ((rc = read(proxy_fd, sx->buffer, sizeof(sx->buffer))) <= 0)
+ {
+ fd_bits &= ~2;
+ FD_CLR(proxy_fd, &fds);
+ shutdown(tls_out.active, SHUT_WR);
+ }
+ else
+ {
+ for (nbytes = 0; rc - nbytes > 0; nbytes += i)
+ if ((i = tls_write(FALSE, sx->buffer + nbytes, rc - nbytes)) < 0) return;
+ }
+ else if (fd_bits & 2)
+ FD_SET(proxy_fd, &fds);
+ }
+}
+#endif
+
+
+/*************************************************
+* Deliver address list to given host *
+*************************************************/
+
+/* If continue_hostname is not null, we get here only when continuing to
+deliver down an existing channel. The channel was passed as the standard
+input. TLS is never active on a passed channel; the previous process always
+closes it down before passing the connection on.
+
+Otherwise, we have to make a connection to the remote host, and do the
+initial protocol exchange.
+
+When running as an MUA wrapper, if the sender or any recipient is rejected,
+temporarily or permanently, we force failure for all recipients.
+
+Arguments:
+ addrlist chain of potential addresses to deliver; only those whose
+ transport_return field is set to PENDING_DEFER are currently
+ being processed; others should be skipped - they have either
+ been delivered to an earlier host or IP address, or been
+ failed by one of them.
+ host host to deliver to
+ host_af AF_INET or AF_INET6
+ port default TCP/IP port to use, in host byte order
+ interface interface to bind to, or NULL
+ tblock transport instance block
+ message_defer set TRUE if yield is OK, but all addresses were deferred
+ because of a non-recipient, non-host failure, that is, a
+ 4xx response to MAIL FROM, DATA, or ".". This is a defer
+ that is specific to the message.
+ suppress_tls if TRUE, don't attempt a TLS connection - this is set for
+ a second attempt after TLS initialization fails
+
+Returns: OK - the connection was made and the delivery attempted;
+ the result for each address is in its data block.
+ DEFER - the connection could not be made, or something failed
+ while setting up the SMTP session, or there was a
+ non-message-specific error, such as a timeout.
+ ERROR - a filter command is specified for this transport,
+ and there was a problem setting it up; OR helo_data
+ or add_headers or authenticated_sender is specified
+ for this transport, and the string failed to expand
+*/
+
+static int
+smtp_deliver(address_item *addrlist, host_item *host, int host_af, int port,
+ uschar *interface, transport_instance *tblock,
+ BOOL *message_defer, BOOL suppress_tls)
+{
+address_item *addr;
+int yield = OK;
+int save_errno;
+int rc;
+time_t start_delivery_time = time(NULL);
+
+BOOL pass_message = FALSE;
+uschar *message = NULL;
+uschar new_message_id[MESSAGE_ID_LENGTH + 1];
+uschar *p;
+
+smtp_context sx;
+
+suppress_tls = suppress_tls; /* stop compiler warning when no TLS support */
+*message_defer = FALSE;
+
+sx.addrlist = addrlist;
+sx.host = host;
+sx.host_af = host_af,
+sx.port = port;
+sx.interface = interface;
+sx.helo_data = NULL;
+sx.tblock = tblock;
+sx.verify = FALSE;
+
+/* Get the channel set up ready for a message (MAIL FROM being the next
+SMTP command to send */
+
+if ((rc = smtp_setup_conn(&sx, suppress_tls)) != OK)
+ return rc;
+
+/* If there is a filter command specified for this transport, we can now
+set it up. This cannot be done until the identify of the host is known. */
+
+if (tblock->filter_command)
+ {
+ BOOL rc;
+ uschar fbuf[64];
+ sprintf(CS fbuf, "%.50s transport", tblock->name);
+ rc = transport_set_up_command(&transport_filter_argv, tblock->filter_command,
+ TRUE, DEFER, addrlist, fbuf, NULL);
+ transport_filter_timeout = tblock->filter_timeout;
+
+ /* On failure, copy the error to all addresses, abandon the SMTP call, and
+ yield ERROR. */
+
+ if (!rc)
+ {
+ set_errno_nohost(addrlist->next, addrlist->basic_errno, addrlist->message, DEFER,
+ FALSE);
+ yield = ERROR;
+ goto SEND_QUIT;
+ }
+
+ if ( transport_filter_argv
+ && *transport_filter_argv
+ && **transport_filter_argv
+ && sx.peer_offered & PEER_OFFERED_CHUNKING
+ )
+ {
+ sx.peer_offered &= ~PEER_OFFERED_CHUNKING;
+ DEBUG(D_transport) debug_printf("CHUNKING not usable due to transport filter\n");
+ }
+ }
+
+
+/* For messages that have more than the maximum number of envelope recipients,
+we want to send several transactions down the same SMTP connection. (See
+comments in deliver.c as to how this reconciles, heuristically, with
+remote_max_parallel.) This optimization was added to Exim after the following
+code was already working. The simplest way to put it in without disturbing the
+code was to use a goto to jump back to this point when there is another
+transaction to handle. */
+
+SEND_MESSAGE:
+sx.from_addr = return_path;
+sx.first_addr = sx.sync_addr = addrlist;
+sx.ok = FALSE;
+sx.send_rset = TRUE;
+sx.completed_addr = FALSE;
+
+
+/* Initiate a message transfer. */
+
+switch(smtp_write_mail_and_rcpt_cmds(&sx, &yield))
+ {
+ case 0: break;
+ case -1: case -2: goto RESPONSE_FAILED;
+ case -3: goto END_OFF;
+ case -4: goto SEND_QUIT;
+ default: goto SEND_FAILED;
+ }
/* If we are an MUA wrapper, abort if any RCPTs were rejected, either
permanently or temporarily. We should have flushed and synced after the last
if (mua_wrapper)
{
address_item *badaddr;
- for (badaddr = first_addr; badaddr; badaddr = badaddr->next)
+ for (badaddr = sx.first_addr; badaddr; badaddr = badaddr->next)
if (badaddr->transport_return != PENDING_OK)
{
/*XXX could we find a better errno than 0 here? */
set_errno_nohost(addrlist, 0, badaddr->message, FAIL,
testflag(badaddr, af_pass_message));
- lflags.ok = FALSE;
+ sx.ok = FALSE;
break;
}
}
If using CHUNKING, do not send a BDAT until we know how big a chunk we want
to send is. */
-if ( !(peer_offered & PEER_OFFERED_CHUNKING)
- && (lflags.ok || (pipelining_active && !mua_wrapper)))
+if ( !(sx.peer_offered & PEER_OFFERED_CHUNKING)
+ && (sx.ok || (pipelining_active && !mua_wrapper)))
{
- int count = smtp_write_command(&outblock, FALSE, "DATA\r\n");
+ int count = smtp_write_command(&sx.outblock, FALSE, "DATA\r\n");
if (count < 0) goto SEND_FAILED;
- switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
- host, count, ob->address_retry_include_sender, lflags.pending_MAIL,
- lflags.ok ? +1 : -1, &inblock, ob->command_timeout, buffer, sizeof(buffer)))
+ switch(sync_responses(&sx, count, sx.ok ? +1 : -1))
{
- case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */
- case 2: completed_address = TRUE; /* 5xx (only) => progress made */
+ case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */
+ case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */
break;
- case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
- if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */
+ case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
+ if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
case 0: break; /* No 2xx or 5xx, but no probs */
case -1: goto END_OFF; /* Timeout on RCPT */
well as body. Set the appropriate timeout value to be used for each chunk.
(Haven't been able to make it work using select() for writing yet.) */
-if (!(peer_offered & PEER_OFFERED_CHUNKING) && !lflags.ok)
+if (!(sx.peer_offered & PEER_OFFERED_CHUNKING) && !sx.ok)
{
/* Save the first address of the next batch. */
- first_addr = addr;
+ sx.first_addr = sx.next_addr;
- lflags.ok = TRUE;
+ sx.ok = TRUE;
}
else
{
of responses. The callback needs a whole bunch of state so set up
a transport-context structure to be passed around. */
- if (peer_offered & PEER_OFFERED_CHUNKING)
+ if (sx.peer_offered & PEER_OFFERED_CHUNKING)
{
tctx.check_string = tctx.escape_string = NULL;
tctx.options |= topt_use_bdat;
tctx.chunk_cb = smtp_chunk_cmd_callback;
- tctx.inblock = &inblock;
- tctx.outblock = &outblock;
- tctx.host = host;
- tctx.first_addr = first_addr;
- tctx.sync_addr = &sync_addr;
- tctx.pending_MAIL = lflags.pending_MAIL;
- tctx.pending_BDAT = FALSE;
- tctx.good_RCPT = lflags.ok;
- tctx.completed_address = &completed_address;
- tctx.cmd_count = 0;
- tctx.buffer = buffer;
+ sx.pending_BDAT = FALSE;
+ sx.good_RCPT = sx.ok;
+ sx.cmd_count = 0;
+ tctx.smtp_context = &sx;
}
else
tctx.options |= topt_end_dot;
/* Save the first address of the next batch. */
- first_addr = addr;
+ sx.first_addr = sx.next_addr;
/* Responses from CHUNKING commands go in buffer. Otherwise,
there has not been a response. */
- buffer[0] = 0;
+ sx.buffer[0] = 0;
sigalrm_seen = FALSE;
- transport_write_timeout = ob->data_timeout;
+ transport_write_timeout = sx.ob->data_timeout;
smtp_command = US"sending data block"; /* For error messages */
DEBUG(D_transport|D_v)
- if (peer_offered & PEER_OFFERED_CHUNKING)
+ if (sx.peer_offered & PEER_OFFERED_CHUNKING)
debug_printf(" will write message using CHUNKING\n");
else
debug_printf(" SMTP>> writing message and terminating \".\"\n");
transport_count = 0;
#ifndef DISABLE_DKIM
- lflags.ok = dkim_transport_write_message(inblock.sock, &tctx, &ob->dkim);
+ sx.ok = dkim_transport_write_message(sx.inblock.sock, &tctx, &sx.ob->dkim,
+ CUSS &message);
#else
- lflags.ok = transport_write_message(inblock.sock, &tctx, 0);
+ sx.ok = transport_write_message(sx.inblock.sock, &tctx, 0);
#endif
/* transport_write_message() uses write() because it is called from other
or the failure of a transport filter or the expansion of added headers.
Or, when CHUNKING, it can be a protocol-detected failure. */
- if (!lflags.ok)
- goto RESPONSE_FAILED;
+ if (!sx.ok)
+ if (message) goto SEND_FAILED;
+ else goto RESPONSE_FAILED;
/* We used to send the terminating "." explicitly here, but because of
buffering effects at both ends of TCP/IP connections, you don't gain
smtp_command = US"end of data";
- if (peer_offered & PEER_OFFERED_CHUNKING && tctx.cmd_count > 1)
+ if (sx.peer_offered & PEER_OFFERED_CHUNKING && sx.cmd_count > 1)
{
/* Reap any outstanding MAIL & RCPT commands, but not a DATA-go-ahead */
- switch(sync_responses(first_addr, tblock->rcpt_include_affixes, &sync_addr,
- host, tctx.cmd_count-1, ob->address_retry_include_sender,
- lflags.pending_MAIL, 0,
- &inblock, ob->command_timeout, buffer, sizeof(buffer)))
+ switch(sync_responses(&sx, sx.cmd_count-1, 0))
{
- case 3: lflags.ok = TRUE; /* 2xx & 5xx => OK & progress made */
- case 2: completed_address = TRUE; /* 5xx (only) => progress made */
+ case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */
+ case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */
break;
- case 1: lflags.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
- if (!lflags.lmtp) completed_address = TRUE; /* can't tell about progress yet */
+ case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
+ if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
case 0: break; /* No 2xx or 5xx, but no probs */
case -1: goto END_OFF; /* Timeout on RCPT */
* followed by the individual responses, before going on with
* the overall response. If we don't get the warning then deal
* with per non-PRDR. */
- if(lflags.prdr_active)
+ if(sx.prdr_active)
{
- lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3',
- ob->final_timeout);
- if (!lflags.ok && errno == 0) switch(buffer[0])
+ sx.ok = smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '3',
+ sx.ob->final_timeout);
+ if (!sx.ok && errno == 0) switch(sx.buffer[0])
{
- case '2': lflags.prdr_active = FALSE;
- lflags.ok = TRUE;
+ case '2': sx.prdr_active = FALSE;
+ sx.ok = TRUE;
break;
case '4': errno = ERRNO_DATA4XX;
addrlist->more_errno |=
- ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
+ ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
break;
}
}
/* For non-PRDR SMTP, we now read a single response that applies to the
whole message. If it is OK, then all the addresses have been delivered. */
- if (!lflags.lmtp)
+ if (!sx.lmtp)
{
- lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
- ob->final_timeout);
- if (!lflags.ok && errno == 0 && buffer[0] == '4')
+ sx.ok = smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '2',
+ sx.ob->final_timeout);
+ if (!sx.ok && errno == 0 && sx.buffer[0] == '4')
{
errno = ERRNO_DATA4XX;
- addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
+ addrlist->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
}
}
software before the spool gets updated. Also record the final SMTP
confirmation if needed (for SMTP only). */
- if (lflags.ok)
+ if (sx.ok)
{
int flag = '=';
int delivery_time = (int)(time(NULL) - start_delivery_time);
int len;
uschar *conf = NULL;
- lflags.send_rset = FALSE;
+ sx.send_rset = FALSE;
pipelining_active = FALSE;
/* Set up confirmation if needed - applies only to SMTP */
#ifdef DISABLE_EVENT
LOGGING(smtp_confirmation) &&
#endif
- !lflags.lmtp
+ !sx.lmtp
)
{
- const uschar *s = string_printing(buffer);
+ const uschar *s = string_printing(sx.buffer);
/* deconst cast ok here as string_printing was checked to have alloc'n'copied */
- conf = (s == buffer)? (uschar *)string_copy(s) : US s;
+ conf = (s == sx.buffer)? (uschar *)string_copy(s) : US s;
}
/* Process all transported addresses - for LMTP or PRDR, read a status for
each one. */
- for (addr = addrlist; addr != first_addr; addr = addr->next)
+ for (addr = addrlist; addr != sx.first_addr; addr = addr->next)
{
if (addr->transport_return != PENDING_OK) continue;
it doesn't get tried again too soon. */
#ifndef DISABLE_PRDR
- if (lflags.lmtp || lflags.prdr_active)
+ if (sx.lmtp || sx.prdr_active)
#else
- if (lflags.lmtp)
+ if (sx.lmtp)
#endif
{
- if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
- ob->final_timeout))
+ if (!smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '2',
+ sx.ob->final_timeout))
{
- if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
+ if (errno != 0 || sx.buffer[0] == 0) goto RESPONSE_FAILED;
addr->message = string_sprintf(
#ifndef DISABLE_PRDR
- "%s error after %s: %s", lflags.prdr_active ? "PRDR":"LMTP",
+ "%s error after %s: %s", sx.prdr_active ? "PRDR":"LMTP",
#else
"LMTP error after %s: %s",
#endif
- data_command, string_printing(buffer));
+ data_command, string_printing(sx.buffer));
setflag(addr, af_pass_message); /* Allow message to go to user */
- if (buffer[0] == '5')
+ if (sx.buffer[0] == '5')
addr->transport_return = FAIL;
else
{
errno = ERRNO_DATA4XX;
- addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
+ addr->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
addr->transport_return = DEFER;
#ifndef DISABLE_PRDR
- if (!lflags.prdr_active)
+ if (!sx.prdr_active)
#endif
retry_add_item(addr, addr->address_retry_key, 0);
}
continue;
}
- completed_address = TRUE; /* NOW we can set this flag */
+ sx.completed_addr = TRUE; /* NOW we can set this flag */
if (LOGGING(smtp_confirmation))
{
- const uschar *s = string_printing(buffer);
+ const uschar *s = string_printing(sx.buffer);
/* deconst cast ok here as string_printing was checked to have alloc'n'copied */
- conf = (s == buffer)? (uschar *)string_copy(s) : US s;
+ conf = (s == sx.buffer) ? US string_copy(s) : US s;
}
}
addr->special_action = flag;
addr->message = conf;
#ifndef DISABLE_PRDR
- if (lflags.prdr_active) addr->flags |= af_prdr_used;
+ if (sx.prdr_active) addr->flags |= af_prdr_used;
#endif
- if (peer_offered & PEER_OFFERED_CHUNKING) addr->flags |= af_chunking_used;
+ if (sx.peer_offered & PEER_OFFERED_CHUNKING) addr->flags |= af_chunking_used;
flag = '-';
#ifndef DISABLE_PRDR
- if (!lflags.prdr_active)
+ if (!sx.prdr_active)
#endif
{
/* Update the journal. For homonymic addresses, use the base address plus
write error, as it may prove possible to update the spool file later. */
if (testflag(addr, af_homonym))
- sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
+ sprintf(CS sx.buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
else
- sprintf(CS buffer, "%.500s\n", addr->unique);
+ sprintf(CS sx.buffer, "%.500s\n", addr->unique);
- DEBUG(D_deliver) debug_printf("journalling %s\n", buffer);
- len = Ustrlen(CS buffer);
- if (write(journal_fd, buffer, len) != len)
+ DEBUG(D_deliver) debug_printf("journalling %s\n", sx.buffer);
+ len = Ustrlen(CS sx.buffer);
+ if (write(journal_fd, sx.buffer, len) != len)
log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
- "%s: %s", buffer, strerror(errno));
+ "%s: %s", sx.buffer, strerror(errno));
}
}
#ifndef DISABLE_PRDR
- if (lflags.prdr_active)
+ if (sx.prdr_active)
{
/* PRDR - get the final, overall response. For any non-success
upgrade all the address statuses. */
- lflags.ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
- ob->final_timeout);
- if (!lflags.ok)
+ sx.ok = smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer), '2',
+ sx.ob->final_timeout);
+ if (!sx.ok)
{
- if(errno == 0 && buffer[0] == '4')
+ if(errno == 0 && sx.buffer[0] == '4')
{
errno = ERRNO_DATA4XX;
- addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
+ addrlist->more_errno |= ((sx.buffer[1] - '0')*10 + sx.buffer[2] - '0') << 8;
}
- for (addr = addrlist; addr != first_addr; addr = addr->next)
- if (buffer[0] == '5' || addr->transport_return == OK)
+ for (addr = addrlist; addr != sx.first_addr; addr = addr->next)
+ if (sx.buffer[0] == '5' || addr->transport_return == OK)
addr->transport_return = PENDING_OK; /* allow set_errno action */
goto RESPONSE_FAILED;
}
/* Update the journal, or setup retry. */
- for (addr = addrlist; addr != first_addr; addr = addr->next)
+ for (addr = addrlist; addr != sx.first_addr; addr = addr->next)
if (addr->transport_return == OK)
- {
- if (testflag(addr, af_homonym))
- sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
- else
- sprintf(CS buffer, "%.500s\n", addr->unique);
-
- DEBUG(D_deliver) debug_printf("journalling(PRDR) %s\n", buffer);
- len = Ustrlen(CS buffer);
- if (write(journal_fd, buffer, len) != len)
- log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
- "%s: %s", buffer, strerror(errno));
- }
- else if (addr->transport_return == DEFER)
- retry_add_item(addr, addr->address_retry_key, -2);
+ {
+ if (testflag(addr, af_homonym))
+ sprintf(CS sx.buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
+ else
+ sprintf(CS sx.buffer, "%.500s\n", addr->unique);
+
+ DEBUG(D_deliver) debug_printf("journalling(PRDR) %s\n", sx.buffer);
+ len = Ustrlen(CS sx.buffer);
+ if (write(journal_fd, sx.buffer, len) != len)
+ log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
+ "%s: %s", sx.buffer, strerror(errno));
+ }
+ else if (addr->transport_return == DEFER)
+ retry_add_item(addr, addr->address_retry_key, -2);
}
#endif
here during the setting up phase (i.e. before MAIL FROM) then always defer, as
the problem is not related to this specific message. */
-if (!lflags.ok)
+if (!sx.ok)
{
int code, set_rc;
uschar * set_message;
{
save_errno = errno;
message = NULL;
- lflags.send_quit = check_response(host, &save_errno, addrlist->more_errno,
- buffer, &code, &message, &pass_message);
+ sx.send_quit = check_response(host, &save_errno, addrlist->more_errno,
+ sx.buffer, &code, &message, &pass_message);
goto FAILED;
}
{
save_errno = errno;
code = '4';
- message = US string_sprintf("send() to %s [%s] failed: %s",
- host->name, host->address, strerror(save_errno));
- lflags.send_quit = FALSE;
+ message = string_sprintf("send() to %s [%s] failed: %s",
+ host->name, host->address, message ? message : US strerror(save_errno));
+ sx.send_quit = FALSE;
goto FAILED;
}
- /* This label is jumped to directly when a TLS negotiation has failed,
- or was not done for a host for which it is required. Values will be set
- in message and save_errno, and setting_up will always be true. Treat as
- a temporary error. */
-
-#ifdef SUPPORT_TLS
- TLS_FAILED:
- code = '4';
-#endif
-
- /* If the failure happened while setting up the call, see if the failure was
- a 5xx response (this will either be on connection, or following HELO - a 5xx
- after EHLO causes it to try HELO). If so, fail all addresses, as this host is
- never going to accept them. For other errors during setting up (timeouts or
- whatever), defer all addresses, and yield DEFER, so that the host is not
- tried again for a while. */
-
FAILED:
- lflags.ok = FALSE; /* For when reached by GOTO */
- set_message = message;
+ {
+ BOOL message_error;
- if (lflags.setting_up)
- if (code == '5')
- set_rc = FAIL;
- else
- yield = set_rc = DEFER;
+ sx.ok = FALSE; /* For when reached by GOTO */
+ set_message = message;
/* We want to handle timeouts after MAIL or "." and loss of connection after
"." specially. They can indicate a problem with the sender address or with
cases are treated in the same way as a 4xx response. This next bit of code
does the classification. */
- else
- {
- BOOL message_error;
-
switch(save_errno)
{
-#ifdef SUPPORT_I18N
- case ERRNO_UTF8_FWD:
- code = '5';
- /*FALLTHROUGH*/
-#endif
case 0:
case ERRNO_MAIL4XX:
case ERRNO_DATA4XX:
set_errno(addrlist, save_errno, set_message, set_rc, pass_message, host
#ifdef EXPERIMENTAL_DSN_INFO
- , smtp_greeting, helo_response
+ , sx.smtp_greeting, sx.helo_response
#endif
);
}
DEBUG(D_transport)
debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d "
- "yield=%d first_address is %sNULL\n", lflags.ok, lflags.send_quit,
- lflags.send_rset, continue_more, yield, first_addr ? "not " : "");
+ "yield=%d first_address is %sNULL\n", sx.ok, sx.send_quit,
+ sx.send_rset, continue_more, yield, sx.first_addr ? "not " : "");
-if (completed_address && lflags.ok && lflags.send_quit)
+if (sx.completed_addr && sx.ok && sx.send_quit)
{
BOOL more;
smtp_compare_t t_compare;
t_compare.tblock = tblock;
t_compare.current_sender_address = sender_address;
- if ( first_addr != NULL
+ if ( sx.first_addr != NULL
|| continue_more
- || ( ( tls_out.active < 0
- || verify_check_given_host(&ob->hosts_nopass_tls, host) != OK
+ || (
+#ifdef SUPPORT_TLS
+ ( tls_out.active < 0 && !continue_proxy
+ || verify_check_given_host(&sx.ob->hosts_nopass_tls, host) != OK
)
&&
+#endif
transport_check_waiting(tblock->name, host->name,
tblock->connection_max_messages, new_message_id, &more,
(oicf)smtp_are_same_identities, (void*)&t_compare)
uschar *msg;
BOOL pass_message;
- if (lflags.send_rset)
- {
- if (! (lflags.ok = smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0))
+ if (sx.send_rset)
+ if (! (sx.ok = smtp_write_command(&sx.outblock, FALSE, "RSET\r\n") >= 0))
{
msg = US string_sprintf("send() to %s [%s] failed: %s", host->name,
- host->address, strerror(save_errno));
- lflags.send_quit = FALSE;
+ host->address, strerror(errno));
+ sx.send_quit = FALSE;
}
- else if (! (lflags.ok = smtp_read_response(&inblock, buffer,
- sizeof(buffer), '2', ob->command_timeout)))
+ else if (! (sx.ok = smtp_read_response(&sx.inblock, sx.buffer,
+ sizeof(sx.buffer), '2', sx.ob->command_timeout)))
{
int code;
- lflags.send_quit = check_response(host, &errno, 0, buffer, &code, &msg,
+ sx.send_quit = check_response(host, &errno, 0, sx.buffer, &code, &msg,
&pass_message);
- if (!lflags.send_quit)
+ if (!sx.send_quit)
{
DEBUG(D_transport) debug_printf("H=%s [%s] %s\n",
host->name, host->address, msg);
}
}
- }
/* Either RSET was not needed, or it succeeded */
- if (lflags.ok)
+ if (sx.ok)
{
- if (first_addr != NULL) /* More addresses still to be sent */
+ int pfd[2];
+ int socket_fd = sx.inblock.sock;
+
+
+ if (sx.first_addr != NULL) /* More addresses still to be sent */
{ /* in this run of the transport */
continue_sequence++; /* Causes * in logging */
goto SEND_MESSAGE;
}
if (continue_more) return yield; /* More addresses for another run */
- /* Pass the socket to a new Exim process. Before doing so, we must shut
- down TLS. Not all MTAs allow for the continuation of the SMTP session
- when TLS is shut down. We test for this by sending a new EHLO. If we
- don't get a good response, we don't attempt to pass the socket on. */
-
+ /* Pass the connection on to a new Exim process. */
#ifdef SUPPORT_TLS
if (tls_out.active >= 0)
- {
- tls_close(FALSE, TRUE);
- smtp_peer_options = smtp_peer_options_wrap;
- if (lflags.smtps)
- lflags.ok = FALSE;
- else
- lflags.ok = smtp_write_command(&outblock,FALSE,"EHLO %s\r\n",helo_data) >= 0 &&
- smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
- ob->command_timeout);
- }
+ if (verify_check_given_host(&sx.ob->hosts_noproxy_tls, host) == OK)
+ {
+ /* Pass the socket, for direct use, to a new Exim process. Before
+ doing so, we must shut down TLS. Not all MTAs allow for the
+ continuation of the SMTP session when TLS is shut down. We test for
+ this by sending a new EHLO. If we don't get a good response, we don't
+ attempt to pass the socket on. */
+
+ tls_close(FALSE, TRUE);
+ smtp_peer_options = smtp_peer_options_wrap;
+ sx.ok = !sx.smtps
+ && smtp_write_command(&sx.outblock, FALSE,
+ "EHLO %s\r\n", sx.helo_data) >= 0
+ && smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer),
+ '2', sx.ob->command_timeout);
+ }
+ else
+ {
+ /* Set up a pipe for proxying TLS for the new transport process */
+
+ smtp_peer_options |= PEER_OFFERED_TLS;
+ if (sx.ok = (socketpair(AF_UNIX, SOCK_STREAM, 0, pfd) == 0))
+ socket_fd = pfd[1];
+ else
+ set_errno(sx.first_addr, errno, US"internal allocation problem",
+ DEFER, FALSE, host
+# ifdef EXPERIMENTAL_DSN_INFO
+ , sx.smtp_greeting, sx.helo_response
+# endif
+ );
+ }
#endif
- /* If the socket is successfully passed, we musn't send QUIT (or
+ /* If the socket is successfully passed, we mustn't send QUIT (or
indeed anything!) from here. */
/*XXX DSN_INFO: assume likely to do new HELO; but for greet we'll want to
propagate it from the initial
*/
- if (lflags.ok && transport_pass_socket(tblock->name, host->name,
- host->address, new_message_id, inblock.sock))
- lflags.send_quit = FALSE;
+ if (sx.ok && transport_pass_socket(tblock->name, host->name,
+ host->address, new_message_id, socket_fd))
+ {
+ sx.send_quit = FALSE;
+
+ /* If TLS is still active, we need to proxy it for the transport we
+ just passed the baton to. Fork a child to to do it, and return to
+ get logging done asap. Which way to place the work makes assumptions
+ about post-fork prioritisation which may not hold on all platforms. */
+
+ if (tls_out.active >= 0)
+ {
+ int pid = fork();
+ if (pid > 0) /* parent */
+ {
+ tls_close(FALSE, FALSE);
+ (void)close(sx.inblock.sock);
+ continue_transport = NULL;
+ continue_hostname = NULL;
+ return yield;
+ }
+ else if (pid == 0) /* child */
+ {
+ smtp_proxy_tls(&sx, pfd[0], sx.ob->command_timeout);
+ exim_exit(0);
+ }
+ }
+ }
}
/* If RSET failed and there are addresses left, they get deferred. */
-
- else set_errno(first_addr, errno, msg, DEFER, FALSE, host
+ else
+ set_errno(sx.first_addr, errno, msg, DEFER, FALSE, host
#ifdef EXPERIMENTAL_DSN_INFO
- , smtp_greeting, helo_response
+ , sx.smtp_greeting, sx.helo_response
#endif
);
}
operation, the old commented-out code was removed on 17-Sep-99. */
SEND_QUIT:
-if (lflags.send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
+if (sx.send_quit) (void)smtp_write_command(&sx.outblock, FALSE, "QUIT\r\n");
END_OFF:
specified in the transports, and therefore not visible at top level, in which
case continue_more won't get set. */
-HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n");
-if (lflags.send_quit)
+HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
+if (sx.send_quit)
{
- shutdown(outblock.sock, SHUT_WR);
- if (fcntl(inblock.sock, F_SETFL, O_NONBLOCK) == 0)
- for (rc = 16; read(inblock.sock, inbuffer, sizeof(inbuffer)) > 0 && rc > 0;)
+ shutdown(sx.outblock.sock, SHUT_WR);
+ if (fcntl(sx.inblock.sock, F_SETFL, O_NONBLOCK) == 0)
+ for (rc = 16; read(sx.inblock.sock, sx.inbuffer, sizeof(sx.inbuffer)) > 0 && rc > 0;)
rc--; /* drain socket */
}
-(void)close(inblock.sock);
+(void)close(sx.inblock.sock);
#ifndef DISABLE_EVENT
(void) event_raise(tblock->event_action, US"tcp:close", NULL);
smtp_transport_closedown(transport_instance *tblock)
{
smtp_transport_options_block *ob =
- (smtp_transport_options_block *)(tblock->options_block);
+ (smtp_transport_options_block *)tblock->options_block;
smtp_inblock inblock;
smtp_outblock outblock;
uschar buffer[256];
commonly points to a configuration error, but the best action is still
to carry on for the next host. */
- if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_FAILED)
+ if (rc == HOST_FIND_AGAIN || rc == HOST_FIND_SECURITY || rc == HOST_FIND_FAILED)
{
retry_add_item(addrlist, string_sprintf("R:%s", host->name), 0);
expired = FALSE;
{
if (addr->transport_return != DEFER) continue;
addr->basic_errno = ERRNO_UNKNOWNHOST;
- addr->message =
- string_sprintf("failed to lookup IP address for %s", host->name);
+ addr->message = string_sprintf(
+ rc == HOST_FIND_SECURITY
+ ? "lookup of IP address for %s was insecure"
+ : "failed to lookup IP address for %s",
+ host->name);
}
continue;
}
host_is_expired = retry_check_address(addrlist->domain, host, pistring,
incl_ip, &retry_host_key, &retry_message_key);
- DEBUG(D_transport) debug_printf("%s [%s]%s status = %s\n", host->name,
+ DEBUG(D_transport) debug_printf("%s [%s]%s retry-status = %s\n", host->name,
(host->address == NULL)? US"" : host->address, pistring,
(host->status == hstatus_usable)? "usable" :
(host->status == hstatus_unusable)? "unusable" :
{
case hwhy_retry: hosts_retry++; break;
case hwhy_failed: hosts_fail++; break;
+ case hwhy_insecure:
case hwhy_deferred: hosts_defer++; break;
}
&& verify_check_given_host(&ob->hosts_require_tls, host) != OK
)
{
- log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
- "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
+ log_write(0, LOG_MAIN,
+ "%s: delivering unencrypted to H=%s [%s] (not in hosts_require_tls)",
+ first_addr->message, host->name, host->address);
first_addr = prepare_addresses(addrlist, host);
rc = smtp_deliver(addrlist, thost, host_af, port, interface, tblock,
&message_defer, TRUE);
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
+#define DELIVER_BUFFER_SIZE 4096
+
+#define PENDING 256
+#define PENDING_DEFER (PENDING + DEFER)
+#define PENDING_OK (PENDING + OK)
+
+
/* Private structure for the private options and other private data. */
typedef struct {
uschar *hosts_verify_avoid_tls;
uschar *hosts_avoid_pipelining;
uschar *hosts_avoid_esmtp;
+#ifdef SUPPORT_TLS
uschar *hosts_nopass_tls;
+ uschar *hosts_noproxy_tls;
+#endif
int command_timeout;
int connect_timeout;
int data_timeout;
#endif
} smtp_transport_options_block;
+/* smtp connect context */
+typedef struct {
+ uschar * from_addr;
+ address_item * addrlist;
+ host_item * host;
+ int host_af;
+ int port;
+ uschar * interface;
+
+ BOOL verify:1;
+ BOOL lmtp:1;
+ BOOL smtps:1;
+ BOOL ok:1;
+ BOOL setting_up:1;
+ BOOL esmtp:1;
+ BOOL esmtp_sent:1;
+#ifndef DISABLE_PRDR
+ BOOL prdr_active:1;
+#endif
+#ifdef SUPPORT_I18N
+ BOOL utf8_needed:1;
+#endif
+ BOOL dsn_all_lasthop:1;
+#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
+ BOOL dane:1;
+ BOOL dane_required:1;
+#endif
+ BOOL pending_MAIL:1;
+ BOOL pending_BDAT:1;
+ BOOL good_RCPT:1;
+ BOOL completed_addr:1;
+ BOOL send_rset:1;
+ BOOL send_quit:1;
+
+ int max_rcpt;
+ int cmd_count;
+
+ uschar peer_offered;
+ uschar * igquotstr;
+ uschar * helo_data;
+#ifdef EXPERIMENTAL_DSN_INFO
+ uschar * smtp_greeting;
+ uschar * helo_response;
+#endif
+
+ address_item * first_addr;
+ address_item * next_addr;
+ address_item * sync_addr;
+
+ smtp_inblock inblock;
+ smtp_outblock outblock;
+ uschar buffer[DELIVER_BUFFER_SIZE];
+ uschar inbuffer[4096];
+ uschar outbuffer[4096];
+
+ transport_instance * tblock;
+ smtp_transport_options_block * ob;
+} smtp_context;
+
+extern int smtp_setup_conn(smtp_context *, BOOL);
+extern int smtp_write_mail_and_rcpt_cmds(smtp_context *, int *);
+
+
/* Data for reading the private options. */
extern optionlist smtp_transport_options[];
case AUTH_NONE:
return OK;
case AUTH_NAME:
- HDEBUG(D_transport|D_acl|D_v) debug_printf(" socks auth NAME '%s' '%s'\n",
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" socks auth NAME '%s' '%s'\n",
sob->auth_name, sob->auth_pwd);
i = Ustrlen(sob->auth_name);
j = Ustrlen(sob->auth_pwd);
HDEBUG(D_transport|D_acl|D_v)
{
int i;
- debug_printf(" SOCKS>>");
+ debug_printf_indent(" SOCKS>>");
for (i = 0; i<len; i++) debug_printf(" %02x", s[i]);
debug_printf("\n");
}
)
return FAIL;
HDEBUG(D_transport|D_acl|D_v)
- debug_printf(" SOCKS<< %02x %02x\n", s[0], s[1]);
+ debug_printf_indent(" SOCKS<< %02x %02x\n", s[0], s[1]);
if (s[0] == AUTH_NAME_VER && s[1] == 0)
{
- HDEBUG(D_transport|D_acl|D_v) debug_printf(" socks auth OK\n");
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" socks auth OK\n");
return OK;
}
if ((idx = socks_get_proxy(proxies, nproxies)) < 0)
{
- HDEBUG(D_transport|D_acl|D_v) debug_printf(" no proxies left\n");
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" no proxies left\n");
errno = EBUSY;
return -1;
}
/* Send method-selection */
state = US"method select";
-HDEBUG(D_transport|D_acl|D_v) debug_printf(" SOCKS>> 05 01 %02x\n", sob->auth_type);
+HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SOCKS>> 05 01 %02x\n", sob->auth_type);
buf[0] = 5; buf[1] = 1; buf[2] = sob->auth_type;
if (send(fd, buf, 3, 0) < 0)
goto snd_err;
)
goto rcv_err;
HDEBUG(D_transport|D_acl|D_v)
- debug_printf(" SOCKS<< %02x %02x\n", buf[0], buf[1]);
+ debug_printf_indent(" SOCKS<< %02x %02x\n", buf[0], buf[1]);
if ( buf[0] != 5
|| socks_auth(fd, buf[1], sob, tmo) != OK
)
HDEBUG(D_transport|D_acl|D_v)
{
int i;
- debug_printf(" SOCKS>>");
+ debug_printf_indent(" SOCKS>>");
for (i = 0; i<size; i++) debug_printf(" %02x", buf[i]);
debug_printf("\n");
}
HDEBUG(D_transport|D_acl|D_v)
{
int i;
- debug_printf(" SOCKS>>");
+ debug_printf_indent(" SOCKS>>");
for (i = 0; i<size; i++) debug_printf(" %02x", buf[i]);
debug_printf("\n");
}
proxy_session = TRUE;
HDEBUG(D_transport|D_acl|D_v)
- debug_printf(" proxy farside: [%s]:%d\n", proxy_external_address, proxy_external_port);
+ debug_printf_indent(" proxy farside: [%s]:%d\n", proxy_external_address, proxy_external_port);
return fd;
snd_err:
- HDEBUG(D_transport|D_acl|D_v) debug_printf(" proxy snd_err %s: %s\n", state, strerror(errno));
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" proxy snd_err %s: %s\n", state, strerror(errno));
return -1;
proxy_err:
struct socks_err * se =
buf[1] > nelem(socks_errs) ? NULL : socks_errs + buf[1];
HDEBUG(D_transport|D_acl|D_v)
- debug_printf(" proxy %s: %s\n", state, se ? se->reason : US"unknown error code received");
+ debug_printf_indent(" proxy %s: %s\n", state, se ? se->reason : US"unknown error code received");
errno = se ? se->errcode : EPROTO;
}
rcv_err:
- HDEBUG(D_transport|D_acl|D_v) debug_printf(" proxy rcv_err %s: %s\n", state, strerror(errno));
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" proxy rcv_err %s: %s\n", state, strerror(errno));
if (!errno) errno = EPROTO;
else if (errno == ENOENT) errno = ECONNABORTED;
return -1;
Arguments:
path the path to the maildir directory; this is already backed-up
- to the parent if the delivery diretory is a maildirfolder
+ to the parent if the delivery directory is a maildirfolder
ob the appendfile options block
regex a compiled regex for getting a file's size from its name
dir_regex a compiled regex for selecting maildir directories
tree_node *
tree_search(tree_node *p, const uschar *name)
{
-while (p != NULL)
+while (p)
{
int c = Ustrcmp(name, p->name);
if (c == 0) return p;
- p = (c < 0)? p->left : p->right;
+ p = c < 0 ? p->left : p->right;
}
return NULL;
}
void
tree_walk(tree_node *p, void (*f)(uschar*, uschar*, void*), void *ctx)
{
-if (p == NULL) return;
+if (!p) return;
f(p->name, p->data.ptr, ctx);
-if (p->left != NULL) tree_walk(p->left, f, ctx);
-if (p->right != NULL) tree_walk(p->right, f, ctx);
+tree_walk(p->left, f, ctx);
+tree_walk(p->right, f, ctx);
}
int rc;
#ifdef SUPPORT_I18N_2008
+/* Avoid lowercasing plain-ascii domains */
+if (!string_is_utf8(utf8))
+ return string_copy(utf8);
+
/* Only lowercase is accepted by the library call. A pity since we lose
any mixed-case annotation. This does not really matter for a domain. */
{
/* Whole address conversion.
The *err string pointer should be null before the call.
-Return NULL on oeeror, with (optional) errstring pointer filled in
+Return NULL on error, with (optional) errstring pointer filled in
*/
uschar *
/* NB 9 Sept 07. There is a nasty kludge here in all these CALL_FN_
macros. In order not to trash the stack redzone, we need to drop
%rsp by 128 before the hidden call, and restore afterwards. The
- nastyness is that it is only by luck that the stack still appears
+ nastiness is that it is only by luck that the stack still appears
to be unwindable during the hidden call - since then the behaviour
of any routine using this macro does not match what the CFI data
says. Sigh.
/* These requests allow control to move from the simulated CPU to the
- real CPU, calling an arbitary function.
+ real CPU, calling an arbitrary function.
Note that the current ThreadId is inserted as the first argument.
So this call:
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2016 */
+/* Copyright (c) University of Cambridge 1995 - 2017 */
/* See the file NOTICE for conditions of use and distribution. */
/* Functions concerned with verifying things. The original code for callout
-/*************************************************
-* Do callout verification for an address *
-*************************************************/
-
-/* This function is called from verify_address() when the address has routed to
-a host list, and a callout has been requested. Callouts are expensive; that is
-why a cache is used to improve the efficiency.
-
-Arguments:
- addr the address that's been routed
- host_list the list of hosts to try
- tf the transport feedback block
+/* Check the callout cache.
+Options * pm_mailfrom may be modified by cache partial results.
- ifstring "interface" option from transport, or NULL
- portstring "port" option from transport, or NULL
- protocolstring "protocol" option from transport, or NULL
- callout the per-command callout timeout
- callout_overall the overall callout timeout (if < 0 use 4*callout)
- callout_connect the callout connection timeout (if < 0 use callout)
- options the verification options - these bits are used:
- vopt_is_recipient => this is a recipient address
- vopt_callout_no_cache => don't use callout cache
- vopt_callout_fullpm => if postmaster check, do full one
- vopt_callout_random => do the "random" thing
- vopt_callout_recipsender => use real sender for recipient
- vopt_callout_recippmaster => use postmaster for recipient
- se_mailfrom MAIL FROM address for sender verify; NULL => ""
- pm_mailfrom if non-NULL, do the postmaster check with this sender
-
-Returns: OK/FAIL/DEFER
+Return: TRUE if result found
*/
-static int
-do_callout(address_item *addr, host_item *host_list, transport_feedback *tf,
- int callout, int callout_overall, int callout_connect, int options,
- uschar *se_mailfrom, uschar *pm_mailfrom)
+static BOOL
+cached_callout_lookup(address_item * addr, uschar * address_key,
+ uschar * from_address, int * opt_ptr, uschar ** pm_ptr,
+ int * yield, uschar ** failure_ptr,
+ dbdata_callout_cache * new_domain_record, int * old_domain_res)
{
-int yield = OK;
-int old_domain_cache_result = ccache_accept;
-BOOL done = FALSE;
-uschar *address_key;
-uschar *from_address;
-uschar *random_local_part = NULL;
-const uschar *save_deliver_domain = deliver_domain;
-uschar **failure_ptr = options & vopt_is_recipient
- ? &recipient_verify_failure : &sender_verify_failure;
+int options = *opt_ptr;
open_db dbblock;
open_db *dbm_file = NULL;
-dbdata_callout_cache new_domain_record;
-dbdata_callout_cache_address new_address_record;
-host_item *host;
-time_t callout_start_time;
-uschar peer_offered = 0;
-
-new_domain_record.result = ccache_unknown;
-new_domain_record.postmaster_result = ccache_unknown;
-new_domain_record.random_result = ccache_unknown;
-
-memset(&new_address_record, 0, sizeof(new_address_record));
-
-/* For a recipient callout, the key used for the address cache record must
-include the sender address if we are using the real sender in the callout,
-because that may influence the result of the callout. */
-
-address_key = addr->address;
-from_address = US"";
-
-if (options & vopt_is_recipient)
- {
- if (options & vopt_callout_recipsender)
- {
- address_key = string_sprintf("%s/<%s>", addr->address, sender_address);
- from_address = sender_address;
- if (cutthrough.delivery) options |= vopt_callout_no_cache;
- }
- else if (options & vopt_callout_recippmaster)
- {
- address_key = string_sprintf("%s/<postmaster@%s>", addr->address,
- qualify_domain_sender);
- from_address = string_sprintf("postmaster@%s", qualify_domain_sender);
- }
- }
-
-/* For a sender callout, we must adjust the key if the mailfrom address is not
-empty. */
-
-else
- {
- from_address = (se_mailfrom == NULL)? US"" : se_mailfrom;
- if (from_address[0] != 0)
- address_key = string_sprintf("%s/<%s>", addr->address, from_address);
- }
/* Open the callout cache database, it it exists, for reading only at this
stage, unless caching has been disabled. */
{
HDEBUG(D_verify) debug_printf("callout cache: disabled by no_cache\n");
}
-else if ((dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)) == NULL)
+else if (!(dbm_file = dbfn_open(US"callout", O_RDWR, &dbblock, FALSE)))
{
HDEBUG(D_verify) debug_printf("callout cache: not available\n");
}
-
-/* If a cache database is available see if we can avoid the need to do an
-actual callout by making use of previously-obtained data. */
-
-if (dbm_file)
+else
{
- dbdata_callout_cache_address *cache_address_record;
- dbdata_callout_cache *cache_record = get_callout_cache_record(dbm_file,
- addr->domain, US"domain",
- callout_cache_domain_positive_expire,
- callout_cache_domain_negative_expire);
+ /* If a cache database is available see if we can avoid the need to do an
+ actual callout by making use of previously-obtained data. */
+
+ dbdata_callout_cache_address * cache_address_record;
+ dbdata_callout_cache * cache_record = get_callout_cache_record(dbm_file,
+ addr->domain, US"domain",
+ callout_cache_domain_positive_expire, callout_cache_domain_negative_expire);
/* If an unexpired cache record was found for this domain, see if the callout
process can be short-circuited. */
not to disturb the cached domain value if this whole verification succeeds
(we don't want it turning into "accept"). */
- old_domain_cache_result = cache_record->result;
+ *old_domain_res = cache_record->result;
- if (cache_record->result == ccache_reject ||
- (*from_address == 0 && cache_record->result == ccache_reject_mfnull))
+ if ( cache_record->result == ccache_reject
+ || *from_address == 0 && cache_record->result == ccache_reject_mfnull)
{
setflag(addr, af_verify_nsfail);
HDEBUG(D_verify)
- debug_printf("callout cache: domain gave initial rejection, or "
- "does not accept HELO or MAIL FROM:<>\n");
+ debug_printf("callout cache: domain gave initial rejection, or "
+ "does not accept HELO or MAIL FROM:<>\n");
setflag(addr, af_verify_nsfail);
addr->user_message = US"(result of an earlier callout reused).";
- yield = FAIL;
+ *yield = FAIL;
*failure_ptr = US"mail";
- goto END_CALLOUT;
+ dbfn_close(dbm_file);
+ return TRUE;
}
/* If a previous check on a "random" local part was accepted, we assume
case ccache_accept:
HDEBUG(D_verify)
debug_printf("callout cache: domain accepts random addresses\n");
- goto END_CALLOUT; /* Default yield is OK */
+ dbfn_close(dbm_file);
+ return TRUE; /* Default yield is OK */
case ccache_reject:
HDEBUG(D_verify)
debug_printf("callout cache: domain rejects random addresses\n");
- options &= ~vopt_callout_random;
- new_domain_record.random_result = ccache_reject;
- new_domain_record.random_stamp = cache_record->random_stamp;
+ *opt_ptr = options & ~vopt_callout_random;
+ new_domain_record->random_result = ccache_reject;
+ new_domain_record->random_stamp = cache_record->random_stamp;
break;
default:
HDEBUG(D_verify)
debug_printf("callout cache: need to check random address handling "
"(not cached or cache expired)\n");
- goto END_CACHE;
+ dbfn_close(dbm_file);
+ return FALSE;
}
/* If a postmaster check is requested, but there was a previous failure,
but has not been done before, we are going to have to do a callout, so skip
remaining cache processing. */
- if (pm_mailfrom)
+ if (*pm_ptr)
{
if (cache_record->postmaster_result == ccache_reject)
- {
- setflag(addr, af_verify_pmfail);
- HDEBUG(D_verify)
- debug_printf("callout cache: domain does not accept "
- "RCPT TO:<postmaster@domain>\n");
- yield = FAIL;
- *failure_ptr = US"postmaster";
- setflag(addr, af_verify_pmfail);
- addr->user_message = US"(result of earlier verification reused).";
- goto END_CALLOUT;
- }
+ {
+ setflag(addr, af_verify_pmfail);
+ HDEBUG(D_verify)
+ debug_printf("callout cache: domain does not accept "
+ "RCPT TO:<postmaster@domain>\n");
+ *yield = FAIL;
+ *failure_ptr = US"postmaster";
+ setflag(addr, af_verify_pmfail);
+ addr->user_message = US"(result of earlier verification reused).";
+ dbfn_close(dbm_file);
+ return TRUE;
+ }
if (cache_record->postmaster_result == ccache_unknown)
- {
- HDEBUG(D_verify)
- debug_printf("callout cache: need to check RCPT "
- "TO:<postmaster@domain> (not cached or cache expired)\n");
- goto END_CACHE;
- }
+ {
+ HDEBUG(D_verify)
+ debug_printf("callout cache: need to check RCPT "
+ "TO:<postmaster@domain> (not cached or cache expired)\n");
+ dbfn_close(dbm_file);
+ return FALSE;
+ }
/* If cache says OK, set pm_mailfrom NULL to prevent a redundant
postmaster check if the address itself has to be checked. Also ensure
*/
HDEBUG(D_verify) debug_printf("callout cache: domain accepts RCPT "
-
"TO:<postmaster@domain>\n");
- pm_mailfrom = NULL;
- new_domain_record.postmaster_result = ccache_accept;
- new_domain_record.postmaster_stamp = cache_record->postmaster_stamp;
+ "TO:<postmaster@domain>\n");
+ *pm_ptr = NULL;
+ new_domain_record->postmaster_result = ccache_accept;
+ new_domain_record->postmaster_stamp = cache_record->postmaster_stamp;
}
}
sender address if we are doing a recipient callout with a non-empty sender).
*/
- cache_address_record = (dbdata_callout_cache_address *)
- get_callout_cache_record(dbm_file,
- address_key, US"address",
- callout_cache_positive_expire,
- callout_cache_negative_expire);
+ if (!(cache_address_record = (dbdata_callout_cache_address *)
+ get_callout_cache_record(dbm_file, address_key, US"address",
+ callout_cache_positive_expire, callout_cache_negative_expire)))
+ {
+ dbfn_close(dbm_file);
+ return FALSE;
+ }
- if (cache_address_record)
+ if (cache_address_record->result == ccache_accept)
{
- if (cache_address_record->result == ccache_accept)
- {
- HDEBUG(D_verify)
- debug_printf("callout cache: address record is positive\n");
- }
- else
- {
- HDEBUG(D_verify)
- debug_printf("callout cache: address record is negative\n");
- addr->user_message = US"Previous (cached) callout verification failure";
- *failure_ptr = US"recipient";
- yield = FAIL;
- }
- goto END_CALLOUT;
+ HDEBUG(D_verify)
+ debug_printf("callout cache: address record is positive\n");
+ }
+ else
+ {
+ HDEBUG(D_verify)
+ debug_printf("callout cache: address record is negative\n");
+ addr->user_message = US"Previous (cached) callout verification failure";
+ *failure_ptr = US"recipient";
+ *yield = FAIL;
}
/* Close the cache database while we actually do the callout for real. */
- END_CACHE:
dbfn_close(dbm_file);
- dbm_file = NULL;
+ return TRUE;
+ }
+return FALSE;
+}
+
+
+/* Write results to callout cache
+*/
+static void
+cache_callout_write(dbdata_callout_cache * dom_rec, const uschar * domain,
+ int done, dbdata_callout_cache_address * addr_rec, uschar * address_key)
+{
+open_db dbblock;
+open_db *dbm_file = NULL;
+
+/* If we get here with done == TRUE, a successful callout happened, and yield
+will be set OK or FAIL according to the response to the RCPT command.
+Otherwise, we looped through the hosts but couldn't complete the business.
+However, there may be domain-specific information to cache in both cases.
+
+The value of the result field in the new_domain record is ccache_unknown if
+there was an error before or with MAIL FROM:, and errno was not zero,
+implying some kind of I/O error. We don't want to write the cache in that case.
+Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */
+
+if (dom_rec->result != ccache_unknown)
+ if (!(dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE)))
+ {
+ HDEBUG(D_verify) debug_printf("callout cache: not available\n");
+ }
+ else
+ {
+ (void)dbfn_write(dbm_file, domain, dom_rec,
+ (int)sizeof(dbdata_callout_cache));
+ HDEBUG(D_verify) debug_printf("wrote callout cache domain record for %s:\n"
+ " result=%d postmaster=%d random=%d\n",
+ domain,
+ dom_rec->result,
+ dom_rec->postmaster_result,
+ dom_rec->random_result);
+ }
+
+/* If a definite result was obtained for the callout, cache it unless caching
+is disabled. */
+
+if (done && addr_rec->result != ccache_unknown)
+ {
+ if (!dbm_file)
+ dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE);
+ if (!dbm_file)
+ {
+ HDEBUG(D_verify) debug_printf("no callout cache available\n");
+ }
+ else
+ {
+ (void)dbfn_write(dbm_file, address_key, addr_rec,
+ (int)sizeof(dbdata_callout_cache_address));
+ HDEBUG(D_verify) debug_printf("wrote %s callout cache address record for %s\n",
+ addr_rec->result == ccache_accept ? "positive" : "negative",
+ address_key);
+ }
+ }
+
+if (dbm_file) dbfn_close(dbm_file);
+}
+
+
+/* Cutthrough-multi. If the existing cached cutthrough connection matches
+the one we would make for a subsequent recipient, use it. Send the RCPT TO
+and check the result, nonpipelined as it may be wanted immediately for
+recipient-verification.
+
+It seems simpler to deal with this case separately from the main callout loop.
+We will need to remember it has sent, or not, so that rcpt-acl tail code
+can do it there for the non-rcpt-verify case. For this we keep an addresscount.
+
+Return: TRUE for a definitive result for the recipient
+*/
+static int
+cutthrough_multi(address_item * addr, host_item * host_list,
+ transport_feedback * tf, int * yield)
+{
+BOOL done = FALSE;
+host_item * host;
+
+if (addr->transport == cutthrough.addr.transport)
+ for (host = host_list; host; host = host->next)
+ if (Ustrcmp(host->address, cutthrough.host.address) == 0)
+ {
+ int host_af;
+ uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
+ int port = 25;
+
+ deliver_host = host->name;
+ deliver_host_address = host->address;
+ deliver_host_port = host->port;
+ deliver_domain = addr->domain;
+ transport_name = addr->transport->name;
+
+ host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
+
+ if (!smtp_get_interface(tf->interface, host_af, addr, &interface,
+ US"callout") ||
+ !smtp_get_port(tf->port, addr, &port, US"callout"))
+ log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
+ addr->message);
+
+ if ( ( interface == cutthrough.interface
+ || ( interface
+ && cutthrough.interface
+ && Ustrcmp(interface, cutthrough.interface) == 0
+ ) )
+ && port == cutthrough.host.port
+ )
+ {
+ uschar * resp = NULL;
+
+ /* Match! Send the RCPT TO, set done from the response */
+ done =
+ smtp_write_command(&ctblock, FALSE, "RCPT TO:<%.1000s>\r\n",
+ transport_rcpt_address(addr,
+ addr->transport->rcpt_include_affixes)) >= 0 &&
+ cutthrough_response('2', &resp, CUTTHROUGH_DATA_TIMEOUT) == '2';
+
+ /* This would go horribly wrong if a callout fail was ignored by ACL.
+ We punt by abandoning cutthrough on a reject, like the
+ first-rcpt does. */
+
+ if (done)
+ {
+ address_item * na = store_get(sizeof(address_item));
+ *na = cutthrough.addr;
+ cutthrough.addr = *addr;
+ cutthrough.addr.host_used = &cutthrough.host;
+ cutthrough.addr.next = na;
+
+ cutthrough.nrcpt++;
+ }
+ else
+ {
+ cancel_cutthrough_connection("recipient rejected");
+ if (!resp || errno == ETIMEDOUT)
+ {
+ HDEBUG(D_verify) debug_printf("SMTP timeout\n");
+ }
+ else if (errno == 0)
+ {
+ if (*resp == 0)
+ Ustrcpy(resp, US"connection dropped");
+
+ addr->message =
+ string_sprintf("response to \"%s\" was: %s",
+ big_buffer, string_printing(resp));
+
+ addr->user_message =
+ string_sprintf("Callout verification failed:\n%s", resp);
+
+ /* Hard rejection ends the process */
+
+ if (resp[0] == '5') /* Address rejected */
+ {
+ *yield = FAIL;
+ done = TRUE;
+ }
+ }
+ }
+ }
+ break; /* host_list */
+ }
+if (!done)
+ cancel_cutthrough_connection("incompatible connection");
+return done;
+}
+
+
+/*************************************************
+* Do callout verification for an address *
+*************************************************/
+
+/* This function is called from verify_address() when the address has routed to
+a host list, and a callout has been requested. Callouts are expensive; that is
+why a cache is used to improve the efficiency.
+
+Arguments:
+ addr the address that's been routed
+ host_list the list of hosts to try
+ tf the transport feedback block
+
+ ifstring "interface" option from transport, or NULL
+ portstring "port" option from transport, or NULL
+ protocolstring "protocol" option from transport, or NULL
+ callout the per-command callout timeout
+ callout_overall the overall callout timeout (if < 0 use 4*callout)
+ callout_connect the callout connection timeout (if < 0 use callout)
+ options the verification options - these bits are used:
+ vopt_is_recipient => this is a recipient address
+ vopt_callout_no_cache => don't use callout cache
+ vopt_callout_fullpm => if postmaster check, do full one
+ vopt_callout_random => do the "random" thing
+ vopt_callout_recipsender => use real sender for recipient
+ vopt_callout_recippmaster => use postmaster for recipient
+ se_mailfrom MAIL FROM address for sender verify; NULL => ""
+ pm_mailfrom if non-NULL, do the postmaster check with this sender
+
+Returns: OK/FAIL/DEFER
+*/
+
+static int
+do_callout(address_item *addr, host_item *host_list, transport_feedback *tf,
+ int callout, int callout_overall, int callout_connect, int options,
+ uschar *se_mailfrom, uschar *pm_mailfrom)
+{
+int yield = OK;
+int old_domain_cache_result = ccache_accept;
+BOOL done = FALSE;
+uschar *address_key;
+uschar *from_address;
+uschar *random_local_part = NULL;
+const uschar *save_deliver_domain = deliver_domain;
+uschar **failure_ptr = options & vopt_is_recipient
+ ? &recipient_verify_failure : &sender_verify_failure;
+dbdata_callout_cache new_domain_record;
+dbdata_callout_cache_address new_address_record;
+time_t callout_start_time;
+
+new_domain_record.result = ccache_unknown;
+new_domain_record.postmaster_result = ccache_unknown;
+new_domain_record.random_result = ccache_unknown;
+
+memset(&new_address_record, 0, sizeof(new_address_record));
+
+/* For a recipient callout, the key used for the address cache record must
+include the sender address if we are using the real sender in the callout,
+because that may influence the result of the callout. */
+
+if (options & vopt_is_recipient)
+ if (options & vopt_callout_recipsender)
+ {
+ from_address = sender_address;
+ address_key = string_sprintf("%s/<%s>", addr->address, sender_address);
+ if (cutthrough.delivery) options |= vopt_callout_no_cache;
+ }
+ else if (options & vopt_callout_recippmaster)
+ {
+ from_address = string_sprintf("postmaster@%s", qualify_domain_sender);
+ address_key = string_sprintf("%s/<postmaster@%s>", addr->address,
+ qualify_domain_sender);
+ }
+ else
+ {
+ from_address = US"";
+ address_key = addr->address;
+ }
+
+/* For a sender callout, we must adjust the key if the mailfrom address is not
+empty. */
+
+else
+ {
+ from_address = se_mailfrom ? se_mailfrom : US"";
+ address_key = *from_address
+ ? string_sprintf("%s/<%s>", addr->address, from_address) : addr->address;
}
+if (cached_callout_lookup(addr, address_key, from_address,
+ &options, &pm_mailfrom, &yield, failure_ptr,
+ &new_domain_record, &old_domain_cache_result))
+ goto END_CALLOUT;
+
if (!addr->transport)
{
HDEBUG(D_verify) debug_printf("cannot callout via null transport\n");
{
smtp_transport_options_block *ob =
(smtp_transport_options_block *)addr->transport->options_block;
+ host_item * host;
/* The information wasn't available in the cache, so we have to do a real
callout and save the result in the cache for next time, unless no_cache is set,
or unless we have a previously cached negative random result. If we are to test
with a random local part, ensure that such a local part is available. If not,
- log the fact, but carry on without randomming. */
+ log the fact, but carry on without randomising. */
- if (options & vopt_callout_random && callout_random_local_part != NULL)
+ if (options & vopt_callout_random && callout_random_local_part)
if (!(random_local_part = expand_string(callout_random_local_part)))
log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
"callout_random_local_part: %s", expand_string_message);
if (smtp_out && !disable_callout_flush) mac_smtp_fflush();
+ clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
+ clearflag(addr, af_verify_nsfail); /* null sender callout flag */
+
/* cutthrough-multi: if a nonfirst rcpt has the same routing as the first,
and we are holding a cutthrough conn open, we can just append the rcpt to
-that conn for verification purposes (and later delivery also). Simplest
-coding means skipping this whole loop and doing the append separately.
-
-We will need to remember it has been appended so that rcpt-acl tail code
-can do it there for the non-rcpt-verify case. For this we keep an addresscount.
-*/
-
- /* Can we re-use an open cutthrough connection? */
- if ( cutthrough.fd >= 0
- && (options & (vopt_callout_recipsender | vopt_callout_recippmaster))
- == vopt_callout_recipsender
- && !random_local_part
- && !pm_mailfrom
- )
- {
- if (addr->transport == cutthrough.addr.transport)
- for (host = host_list; host; host = host->next)
- if (Ustrcmp(host->address, cutthrough.host.address) == 0)
- {
- int host_af;
- uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
- int port = 25;
-
- deliver_host = host->name;
- deliver_host_address = host->address;
- deliver_host_port = host->port;
- deliver_domain = addr->domain;
- transport_name = addr->transport->name;
-
- host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
-
- if (!smtp_get_interface(tf->interface, host_af, addr, &interface,
- US"callout") ||
- !smtp_get_port(tf->port, addr, &port, US"callout"))
- log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
- addr->message);
-
- if ( ( interface == cutthrough.interface
- || ( interface
- && cutthrough.interface
- && Ustrcmp(interface, cutthrough.interface) == 0
- ) )
- && port == cutthrough.host.port
- )
- {
- uschar * resp = NULL;
-
- /* Match! Send the RCPT TO, append the addr, set done */
- done =
- smtp_write_command(&ctblock, FALSE, "RCPT TO:<%.1000s>\r\n",
- transport_rcpt_address(addr,
- (addr->transport == NULL)? FALSE :
- addr->transport->rcpt_include_affixes)) >= 0 &&
- cutthrough_response('2', &resp, CUTTHROUGH_DATA_TIMEOUT) == '2';
-
- /* This would go horribly wrong if a callout fail was ignored by ACL.
- We punt by abandoning cutthrough on a reject, like the
- first-rcpt does. */
-
- if (done)
- {
- address_item * na = store_get(sizeof(address_item));
- *na = cutthrough.addr;
- cutthrough.addr = *addr;
- cutthrough.addr.host_used = &cutthrough.host;
- cutthrough.addr.next = na;
-
- cutthrough.nrcpt++;
- }
- else
- {
- cancel_cutthrough_connection("recipient rejected");
- if (!resp || errno == ETIMEDOUT)
- {
- HDEBUG(D_verify) debug_printf("SMTP timeout\n");
- }
- else if (errno == 0)
- {
- if (*resp == 0)
- Ustrcpy(resp, US"connection dropped");
-
- addr->message =
- string_sprintf("response to \"%s\" from %s [%s] was: %s",
- big_buffer, host->name, host->address,
- string_printing(resp));
-
- addr->user_message =
- string_sprintf("Callout verification failed:\n%s", resp);
-
- /* Hard rejection ends the process */
-
- if (resp[0] == '5') /* Address rejected */
- {
- yield = FAIL;
- done = TRUE;
- }
- }
- }
- }
- break;
- }
- if (!done)
- cancel_cutthrough_connection("incompatible connection");
- }
+that conn for verification purposes (and later delivery also). Simplest
+coding means skipping this whole loop and doing the append separately. */
+
+ /* Can we re-use an open cutthrough connection? */
+ if ( cutthrough.fd >= 0
+ && (options & (vopt_callout_recipsender | vopt_callout_recippmaster))
+ == vopt_callout_recipsender
+ && !random_local_part
+ && !pm_mailfrom
+ )
+ done = cutthrough_multi(addr, host_list, tf, &yield);
- /* Now make connections to the hosts and do real callouts. The list of hosts
- is passed in as an argument. */
+ /* If we did not use a cached connection, make connections to the hosts
+ and do real callouts. The list of hosts is passed in as an argument. */
for (host = host_list; host && !done; host = host->next)
{
- smtp_inblock inblock;
- smtp_outblock outblock;
int host_af;
int port = 25;
- BOOL send_quit = TRUE;
- uschar *active_hostname = smtp_active_hostname;
- BOOL lmtp;
- BOOL smtps;
- BOOL esmtp;
- BOOL suppress_tls = FALSE;
uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
- BOOL dane = FALSE;
- BOOL dane_required;
- dns_answer tlsa_dnsa;
-#endif
- uschar inbuffer[4096];
- uschar outbuffer[1024];
- uschar responsebuffer[4096];
- uschar * size_str;
-
- clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
- clearflag(addr, af_verify_nsfail); /* null sender callout flag */
-
- /* Skip this host if we don't have an IP address for it. */
+ smtp_context sx;
if (!host->address)
{
/* Set IPv4 or IPv6 */
- host_af = Ustrchr(host->address, ':') == NULL ? AF_INET : AF_INET6;
+ host_af = Ustrchr(host->address, ':') ? AF_INET6 : AF_INET;
/* Expand and interpret the interface and port strings. The latter will not
be used if there is a host-specific port (e.g. from a manualroute router).
log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
addr->message);
- /* Set HELO string according to the protocol */
- lmtp= Ustrcmp(tf->protocol, "lmtp") == 0;
- smtps= Ustrcmp(tf->protocol, "smtps") == 0;
-
-
- HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port);
-
- /* Set up the buffer for reading SMTP response packets. */
-
- inblock.buffer = inbuffer;
- inblock.buffersize = sizeof(inbuffer);
- inblock.ptr = inbuffer;
- inblock.ptrend = inbuffer;
+ sx.addrlist = addr;
+ sx.host = host;
+ sx.host_af = host_af,
+ sx.port = port;
+ sx.interface = interface;
+ sx.helo_data = tf->helo_data;
+ sx.tblock = addr->transport;
+ sx.verify = TRUE;
- /* Set up the buffer for holding SMTP commands while pipelining */
+tls_retry_connection:
+ /* Set the address state so that errors are recorded in it */
- outblock.buffer = outbuffer;
- outblock.buffersize = sizeof(outbuffer);
- outblock.ptr = outbuffer;
- outblock.cmd_count = 0;
- outblock.authenticating = FALSE;
+ addr->transport_return = PENDING_DEFER;
+ ob->connect_timeout = callout_connect;
+ ob->command_timeout = callout;
- /* Connect to the host; on failure, just loop for the next one, but we
- set the error for the last one. Use the callout_connect timeout. */
+ /* Get the channel set up ready for a message (MAIL FROM being the next
+ SMTP command to send. If we tried TLS but it failed, try again without
+ if permitted */
- tls_retry_connection:
-
- /* Reset the parameters of a TLS session */
- tls_out.cipher = tls_out.peerdn = tls_out.peercert = NULL;
-
- inblock.sock = outblock.sock =
- smtp_connect(host, host_af, port, interface, callout_connect,
- addr->transport);
- if (inblock.sock < 0)
+ yield = smtp_setup_conn(&sx, FALSE);
+#ifdef SUPPORT_TLS
+ if ( yield == DEFER
+ && addr->basic_errno == ERRNO_TLSFAILURE
+ && ob->tls_tempfail_tryclear
+ && verify_check_given_host(&ob->hosts_require_tls, host) != OK
+ )
{
- HDEBUG(D_verify) debug_printf("connect: %s\n", strerror(errno));
- addr->message = string_sprintf("could not connect to %s [%s]: %s",
- host->name, host->address, strerror(errno));
+ log_write(0, LOG_MAIN,
+ "%s: callout unencrypted to %s [%s] (not in hosts_require_tls)",
+ addr->message, host->name, host->address);
+ addr->transport_return = PENDING_DEFER;
+ yield = smtp_setup_conn(&sx, TRUE);
+ }
+#endif
+ if (yield != OK)
+ {
+ errno = addr->basic_errno;
transport_name = NULL;
deliver_host = deliver_host_address = NULL;
deliver_domain = save_deliver_domain;
- continue;
- }
-
-#if defined(SUPPORT_TLS) && defined(EXPERIMENTAL_DANE)
- {
- int rc;
-
- tls_out.dane_verified = FALSE;
- tls_out.tlsa_usage = 0;
-
- dane_required =
- verify_check_given_host(&ob->hosts_require_dane, host) == OK;
-
- if (host->dnssec == DS_YES)
- {
- if( dane_required
- || verify_check_given_host(&ob->hosts_try_dane, host) == OK
- )
- {
- if ((rc = tlsa_lookup(host, &tlsa_dnsa, dane_required)) != OK)
- return rc;
- dane = TRUE;
- }
- }
- else if (dane_required)
- {
- log_write(0, LOG_MAIN, "DANE error: %s lookup not DNSSEC", host->name);
- return FAIL;
- }
-
- if (dane)
- ob->tls_tempfail_tryclear = FALSE;
- }
-#endif /*DANE*/
-
- /* Expand the helo_data string to find the host name to use. */
- if (tf->helo_data)
- {
- uschar * s = expand_string(tf->helo_data);
- if (!s)
- log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's "
- "helo_data value for callout: %s", addr->address,
- expand_string_message);
- else active_hostname = s;
- }
-
- /* Wait for initial response, and send HELO. The smtp_write_command()
- function leaves its command in big_buffer. This is used in error responses.
- Initialize it in case the connection is rejected. */
-
- Ustrcpy(big_buffer, "initial connection");
-
- /* Unless ssl-on-connect, wait for the initial greeting */
- smtps_redo_greeting:
-
-#ifdef SUPPORT_TLS
- if (!smtps || (smtps && tls_out.active >= 0))
-#endif
- {
-#ifdef TCP_QUICKACK
- (void) setsockopt(inblock.sock, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
-#endif
- if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout)))
- goto RESPONSE_FAILED;
+ /* Failure to accept HELO is cached; this blocks the whole domain for all
+ senders. I/O errors and defer responses are not cached. */
-#ifndef DISABLE_EVENT
- lookup_dnssec_authenticated = host->dnssec==DS_YES ? US"yes"
- : host->dnssec==DS_NO ? US"no" : NULL;
- if (event_raise(addr->transport->event_action,
- US"smtp:connect", responsebuffer))
+ if (yield == FAIL && (errno == 0 || errno == ERRNO_SMTPCLOSED))
{
- lookup_dnssec_authenticated = NULL;
- /* Logging? Debug? */
- goto RESPONSE_FAILED;
+ setflag(addr, af_verify_nsfail);
+ new_domain_record.result = ccache_reject;
+ done = TRUE;
}
- lookup_dnssec_authenticated = NULL;
-#endif
- }
-
- /* Not worth checking greeting line for ESMTP support */
- if (!(esmtp = verify_check_given_host(&ob->hosts_avoid_esmtp, host) != OK))
- DEBUG(D_transport)
- debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
-
- tls_redo_helo:
-
-#ifdef SUPPORT_TLS
- if (smtps && tls_out.active < 0) /* ssl-on-connect, first pass */
- {
- peer_offered &= ~PEER_OFFERED_TLS;
- ob->tls_tempfail_tryclear = FALSE;
- }
- else /* all other cases */
-#endif
-
- { esmtp_retry:
-
- if (!(done= smtp_write_command(&outblock, FALSE, "%s %s\r\n",
- !esmtp? "HELO" : lmtp? "LHLO" : "EHLO", active_hostname) >= 0))
- goto SEND_FAILED;
- if (!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout))
- {
- if (errno != 0 || responsebuffer[0] == 0 || lmtp || !esmtp || tls_out.active >= 0)
- {
- done= FALSE;
- goto RESPONSE_FAILED;
- }
-#ifdef SUPPORT_TLS
- peer_offered &= ~PEER_OFFERED_TLS;
-#endif
- esmtp = FALSE;
- goto esmtp_retry; /* fallback to HELO */
- }
-
- /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
-
- peer_offered = esmtp
- ? ehlo_response(responsebuffer, sizeof(responsebuffer),
- (!suppress_tls && tls_out.active < 0 ? PEER_OFFERED_TLS : 0)
- | 0 /* no IGNQ */
- | 0 /* no PRDR */
-#ifdef SUPPORT_I18N
- | (addr->prop.utf8_msg && !addr->prop.utf8_downcvt
- ? PEER_OFFERED_UTF8 : 0)
-#endif
- | 0 /* no DSN */
- | 0 /* no PIPE */
-
- /* only care about SIZE if we have size from inbound */
- | (message_size > 0 && ob->size_addition >= 0
- ? PEER_OFFERED_SIZE : 0)
- )
- : 0;
- }
-
- size_str = options & vopt_is_recipient && peer_offered & PEER_OFFERED_SIZE
- ? string_sprintf(" SIZE=%d", message_size + ob->size_addition) : US"";
-
-#ifdef SUPPORT_TLS
- smtp_peer_options |= peer_offered & PEER_OFFERED_TLS;
-#endif
-
- /* If TLS is available on this connection attempt to
- start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
- send another EHLO - the server may give a different answer in secure mode. We
- use a separate buffer for reading the response to STARTTLS so that if it is
- negative, the original EHLO data is available for subsequent analysis, should
- the client not be required to use TLS. If the response is bad, copy the buffer
- for error analysis. */
-
-#ifdef SUPPORT_TLS
- if ( peer_offered & PEER_OFFERED_TLS
- && verify_check_given_host(&ob->hosts_avoid_tls, host) != OK
- && verify_check_given_host(&ob->hosts_verify_avoid_tls, host) != OK
- )
- {
- uschar buffer2[4096];
- if ( !smtps
- && !(done= smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") >= 0))
- goto SEND_FAILED;
-
- /* If there is an I/O error, transmission of this message is deferred. If
- there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
- false, we also defer. However, if there is a temporary rejection of STARTTLS
- and tls_tempfail_tryclear is true, or if there is an outright rejection of
- STARTTLS, we carry on. This means we will try to send the message in clear,
- unless the host is in hosts_require_tls (tested below). */
-
- if (!smtps && !smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
- ob->command_timeout))
- {
- if ( errno != 0
- || buffer2[0] == 0
- || buffer2[0] == '4' && !ob->tls_tempfail_tryclear
- )
- {
- Ustrncpy(responsebuffer, buffer2, sizeof(responsebuffer));
- done= FALSE;
- goto RESPONSE_FAILED;
- }
- }
-
- /* STARTTLS accepted or ssl-on-connect: try to negotiate a TLS session. */
else
- {
- int oldtimeout = ob->command_timeout;
- int rc;
-
- ob->command_timeout = callout;
- rc = tls_client_start(inblock.sock, host, addr, addr->transport
-# ifdef EXPERIMENTAL_DANE
- , dane ? &tlsa_dnsa : NULL
-# endif
- );
- ob->command_timeout = oldtimeout;
-
- /* TLS negotiation failed; give an error. Try in clear on a new
- connection, if the options permit it for this host. */
- if (rc != OK)
- {
- HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n");
- (void)close(inblock.sock);
-# ifndef DISABLE_EVENT
- (void) event_raise(addr->transport->event_action,
- US"tcp:close", NULL);
-# endif
- if ( ob->tls_tempfail_tryclear
- && !smtps
- && verify_check_given_host(&ob->hosts_require_tls, host) != OK
- )
- {
- log_write(0, LOG_MAIN, "TLS session failure:"
- " callout unencrypted to %s [%s] (not in hosts_require_tls)",
- host->name, host->address);
- suppress_tls = TRUE;
- goto tls_retry_connection;
- }
-
- /*save_errno = ERRNO_TLSFAILURE;*/
- /*message = US"failure while setting up TLS session";*/
- send_quit = FALSE;
- done= FALSE;
- goto TLS_FAILED;
- }
-
- /* TLS session is set up. Copy info for logging. */
- addr->cipher = tls_out.cipher;
- addr->peerdn = tls_out.peerdn;
-
- /* For SMTPS we need to wait for the initial OK response, then do HELO. */
- if (smtps)
- goto smtps_redo_greeting;
-
- /* For STARTTLS we need to redo EHLO */
- goto tls_redo_helo;
- }
- }
-
- /* If the host is required to use a secure channel, ensure that we have one. */
- if (tls_out.active < 0)
- if (
-# ifdef EXPERIMENTAL_DANE
- dane ||
-# endif
- verify_check_given_host(&ob->hosts_require_tls, host) == OK
- )
- {
- /*save_errno = ERRNO_TLSREQUIRED;*/
- log_write(0, LOG_MAIN,
- "H=%s [%s]: a TLS session is required for this host, but %s",
- host->name, host->address,
- peer_offered & PEER_OFFERED_TLS
- ? "an attempt to start TLS failed"
- : "the server did not offer TLS support");
- done= FALSE;
- goto TLS_FAILED;
- }
-
-#endif /*SUPPORT_TLS*/
-
- done = TRUE; /* so far so good; have response to HELO */
-
- /* For now, transport_filter by cutthrough-delivery is not supported */
- /* Need proper integration with the proper transport mechanism. */
- if (cutthrough.delivery)
- {
-#ifndef DISABLE_DKIM
- uschar * s;
-#endif
- if (addr->transport->filter_command)
- {
- cutthrough.delivery = FALSE;
- HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
- }
-#ifndef DISABLE_DKIM
- else if ((s = ob->dkim.dkim_domain) && (s = expand_string(s)) && *s)
- {
- cutthrough.delivery = FALSE;
- HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of DKIM signing\n");
- }
-#endif
- }
-
- SEND_FAILED:
- RESPONSE_FAILED:
- TLS_FAILED:
- ;
- /* Clear down of the TLS, SMTP and TCP layers on error is handled below. */
-
- /* Failure to accept HELO is cached; this blocks the whole domain for all
- senders. I/O errors and defer responses are not cached. */
-
- if (!done)
- {
- *failure_ptr = US"mail"; /* At or before MAIL */
- if (errno == 0 && responsebuffer[0] == '5')
- {
- setflag(addr, af_verify_nsfail);
- new_domain_record.result = ccache_reject;
- }
- }
-
-#ifdef SUPPORT_I18N
- else if ( addr->prop.utf8_msg
- && !addr->prop.utf8_downcvt
- && !(peer_offered & PEER_OFFERED_UTF8)
- )
- {
- HDEBUG(D_acl|D_v) debug_printf("utf8 required but not offered\n");
- errno = ERRNO_UTF8_FWD;
- setflag(addr, af_verify_nsfail);
- done = FALSE;
- }
- else if ( addr->prop.utf8_msg
- && (addr->prop.utf8_downcvt || !(peer_offered & PEER_OFFERED_UTF8))
- && !(setflag(addr, af_utf8_downcvt),
- from_address = string_address_utf8_to_alabel(from_address,
- &addr->message)
- ) )
- {
- errno = ERRNO_EXPANDFAIL;
- setflag(addr, af_verify_nsfail);
- done = FALSE;
+ done = FALSE;
+ goto no_conn;
}
-#endif
-
- /* If we haven't authenticated, but are required to, give up. */
- /* Try to AUTH */
-
- else done = smtp_auth(responsebuffer, sizeof(responsebuffer),
- addr, host, ob, esmtp, &inblock, &outblock) == OK &&
-
- /* Copy AUTH info for logging */
- ( (addr->authenticator = client_authenticator),
- (addr->auth_id = client_authenticated_id),
-
- /* Build a mail-AUTH string (re-using responsebuffer for convenience */
- !smtp_mail_auth_str(responsebuffer, sizeof(responsebuffer), addr, ob)
- ) &&
-
- ( (addr->auth_sndr = client_authenticated_sender),
-
- /* Send the MAIL command */
- (smtp_write_command(&outblock, FALSE,
-#ifdef SUPPORT_I18N
- addr->prop.utf8_msg && !addr->prop.utf8_downcvt
- ? "MAIL FROM:<%s>%s%s SMTPUTF8\r\n"
- :
-#endif
- "MAIL FROM:<%s>%s%s\r\n",
- from_address, responsebuffer, size_str) >= 0)
- ) &&
-
- smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
- '2', callout);
- deliver_host = deliver_host_address = NULL;
- deliver_domain = save_deliver_domain;
+ /* If we needed to authenticate, smtp_setup_conn() did that. Copy
+ the AUTH info for logging */
- /* If the host does not accept MAIL FROM:<>, arrange to cache this
- information, but again, don't record anything for an I/O error or a defer. Do
- not cache rejections of MAIL when a non-empty sender has been used, because
- that blocks the whole domain for all senders. */
+ addr->authenticator = client_authenticator;
+ addr->auth_id = client_authenticated_id;
- if (!done)
- {
- *failure_ptr = US"mail"; /* At or before MAIL */
- if (errno == 0 && responsebuffer[0] == '5')
- {
- setflag(addr, af_verify_nsfail);
- if (from_address[0] == 0)
- new_domain_record.result = ccache_reject_mfnull;
- }
- }
+ sx.from_addr = from_address;
+ sx.first_addr = sx.sync_addr = addr;
+ sx.ok = FALSE; /*XXX these 3 last might not be needed for verify? */
+ sx.send_rset = TRUE;
+ sx.completed_addr = FALSE;
- /* Otherwise, proceed to check a "random" address (if required), then the
- given address, and the postmaster address (if required). Between each check,
- issue RSET, because some servers accept only one recipient after MAIL
- FROM:<>.
+ new_domain_record.result = old_domain_cache_result == ccache_reject_mfnull
+ ? ccache_reject_mfnull : ccache_accept;
- Before doing this, set the result in the domain cache record to "accept",
- unless its previous value was ccache_reject_mfnull. In that case, the domain
- rejects MAIL FROM:<> and we want to continue to remember that. When that is
- the case, we have got here only in the case of a recipient verification with
- a non-null sender. */
+ /* Do the random local part check first. Temporarily replace the recipient
+ with the "random" value */
- else
+ if (random_local_part)
{
+ uschar * main_address = addr->address;
const uschar * rcpt_domain = addr->domain;
#ifdef SUPPORT_I18N
}
#endif
- new_domain_record.result =
- (old_domain_cache_result == ccache_reject_mfnull)?
- ccache_reject_mfnull: ccache_accept;
-
- /* Do the random local part check first */
-
- if (random_local_part != NULL)
- {
- uschar randombuffer[1024];
- BOOL random_ok =
- smtp_write_command(&outblock, FALSE,
- "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part,
- rcpt_domain) >= 0 &&
- smtp_read_response(&inblock, randombuffer,
- sizeof(randombuffer), '2', callout);
-
- /* Remember when we last did a random test */
-
- new_domain_record.random_stamp = time(NULL);
-
- /* If accepted, we aren't going to do any further tests below. */
-
- if (random_ok)
- new_domain_record.random_result = ccache_accept;
-
- /* Otherwise, cache a real negative response, and get back to the right
- state to send RCPT. Unless there's some problem such as a dropped
- connection, we expect to succeed, because the commands succeeded above.
- However, some servers drop the connection after responding to an
- invalid recipient, so on (any) error we drop and remake the connection.
- */
+ /* This would be ok for 1st rcpt of a cutthrough (XXX do we have a count?) , but no way to
+ handle a subsequent because of the RSET. So refuse to support any. */
+ cancel_cutthrough_connection("random-recipient");
- else if (errno == 0)
- {
- /* This would be ok for 1st rcpt a cutthrough, but no way to
- handle a subsequent. So refuse to support any */
- cancel_cutthrough_connection("random-recipient");
+ addr->address = string_sprintf("%s@%.1000s",
+ random_local_part, rcpt_domain);
+ done = FALSE;
- if (randombuffer[0] == '5')
- new_domain_record.random_result = ccache_reject;
+ /* If accepted, we aren't going to do any further tests below.
+ Otherwise, cache a real negative response, and get back to the right
+ state to send RCPT. Unless there's some problem such as a dropped
+ connection, we expect to succeed, because the commands succeeded above.
+ However, some servers drop the connection after responding to an
+ invalid recipient, so on (any) error we drop and remake the connection.
+ XXX We don't care about that for postmaster_full. Should we?
+
+ XXX could we add another flag to the context, and have the common
+ code emit the RSET too? Even pipelined after the RCPT...
+ Then the main-verify call could use it if there's to be a subsequent
+ postmaster-verify.
+ The sync_responses() would need to be taught about it and we'd
+ need another return code filtering out to here.
+ */
- done =
- smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
- smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
- '2', callout) &&
+ /* Remember when we last did a random test */
+ new_domain_record.random_stamp = time(NULL);
- smtp_write_command(&outblock, FALSE,
-#ifdef SUPPORT_I18N
- addr->prop.utf8_msg && !addr->prop.utf8_downcvt
- ? "MAIL FROM:<%s> SMTPUTF8\r\n"
- :
-#endif
- "MAIL FROM:<%s>\r\n",
- from_address) >= 0 &&
- smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
- '2', callout);
+ if (smtp_write_mail_and_rcpt_cmds(&sx, &yield) == 0)
+ switch(addr->transport_return)
+ {
+ case PENDING_OK:
+ new_domain_record.random_result = ccache_accept;
+ break;
+ case FAIL:
+ new_domain_record.random_result = ccache_reject;
+
+ /* Between each check, issue RSET, because some servers accept only
+ one recipient after MAIL FROM:<>.
+ XXX We don't care about that for postmaster_full. Should we? */
+
+ if ((done =
+ smtp_write_command(&sx.outblock, FALSE, "RSET\r\n") >= 0 &&
+ smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer),
+ '2', callout)))
+ break;
- if (!done)
- {
HDEBUG(D_acl|D_v)
- debug_printf("problem after random/rset/mfrom; reopen conn\n");
+ debug_printf_indent("problem after random/rset/mfrom; reopen conn\n");
random_local_part = NULL;
#ifdef SUPPORT_TLS
tls_close(FALSE, TRUE);
#endif
- HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n");
- (void)close(inblock.sock);
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
+ (void)close(sx.inblock.sock);
+ sx.inblock.sock = sx.outblock.sock = -1;
#ifndef DISABLE_EVENT
(void) event_raise(addr->transport->event_action,
US"tcp:close", NULL);
#endif
+ addr->address = main_address;
+ addr->transport_return = PENDING_DEFER;
+ sx.first_addr = sx.sync_addr = addr;
+ sx.ok = FALSE;
+ sx.send_rset = TRUE;
+ sx.completed_addr = FALSE;
goto tls_retry_connection;
- }
- }
- else done = FALSE; /* Some timeout/connection problem */
- } /* Random check */
+ }
- /* If the host is accepting all local parts, as determined by the "random"
- check, we don't need to waste time doing any further checking. */
+ /* Re-setup for main verify, or for the error message when failing */
+ addr->address = main_address;
+ addr->transport_return = PENDING_DEFER;
+ sx.first_addr = sx.sync_addr = addr;
+ sx.ok = FALSE;
+ sx.send_rset = TRUE;
+ sx.completed_addr = FALSE;
+ }
+ else
+ done = TRUE;
- if (new_domain_record.random_result != ccache_accept && done)
- {
- /* Get the rcpt_include_affixes flag from the transport if there is one,
- but assume FALSE if there is not. */
+ /* Main verify. If the host is accepting all local parts, as determined
+ by the "random" check, we don't need to waste time doing any further
+ checking. */
- uschar * rcpt = transport_rcpt_address(addr,
- addr->transport ? addr->transport->rcpt_include_affixes : FALSE);
+ if (done)
+ {
+ done = FALSE;
+ switch(smtp_write_mail_and_rcpt_cmds(&sx, &yield))
+ {
+ case 0: switch(addr->transport_return) /* ok so far */
+ {
+ case PENDING_OK: done = TRUE;
+ new_address_record.result = ccache_accept;
+ break;
+ case FAIL: done = TRUE;
+ yield = FAIL;
+ *failure_ptr = US"recipient";
+ new_address_record.result = ccache_reject;
+ break;
+ default: break;
+ }
+ break;
+
+ case -1: /* MAIL response error */
+ *failure_ptr = US"mail";
+ if (errno == 0 && sx.buffer[0] == '5')
+ {
+ setflag(addr, af_verify_nsfail);
+ if (from_address[0] == 0)
+ new_domain_record.result = ccache_reject_mfnull;
+ }
+ break;
+ /* non-MAIL read i/o error */
+ /* non-MAIL response timeout */
+ /* internal error; channel still usable */
+ default: break; /* transmit failed */
+ }
+ }
-#ifdef SUPPORT_I18N
- /*XXX should the conversion be moved into transport_rcpt_address() ? */
- if ( testflag(addr, af_utf8_downcvt)
- && !(rcpt = string_address_utf8_to_alabel(rcpt, NULL))
- )
- {
- errno = ERRNO_EXPANDFAIL;
- *failure_ptr = US"recipient";
- done = FALSE;
- }
- else
-#endif
+ addr->auth_sndr = client_authenticated_sender;
- done =
- smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n",
- rcpt) >= 0 &&
- smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
- '2', callout);
+ deliver_host = deliver_host_address = NULL;
+ deliver_domain = save_deliver_domain;
- if (done)
- new_address_record.result = ccache_accept;
- else if (errno == 0 && responsebuffer[0] == '5')
- {
- *failure_ptr = US"recipient";
- new_address_record.result = ccache_reject;
- }
+ /* Do postmaster check if requested; if a full check is required, we
+ check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */
- /* Do postmaster check if requested; if a full check is required, we
- check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */
+ if (done && pm_mailfrom)
+ {
+ /* Could possibly shift before main verify, just above, and be ok
+ for cutthrough. But no way to handle a subsequent rcpt, so just
+ refuse any */
+ cancel_cutthrough_connection("postmaster verify");
+ HDEBUG(D_acl|D_v) debug_printf_indent("Cutthrough cancelled by presence of postmaster verify\n");
- if (done && pm_mailfrom != NULL)
- {
- /* Could possibly shift before main verify, just above, and be ok
- for cutthrough. But no way to handle a subsequent rcpt, so just
- refuse any */
- cancel_cutthrough_connection("postmaster verify");
- HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of postmaster verify\n");
-
- done =
- smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
- smtp_read_response(&inblock, responsebuffer,
- sizeof(responsebuffer), '2', callout) &&
-
- smtp_write_command(&outblock, FALSE,
- "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 &&
- smtp_read_response(&inblock, responsebuffer,
- sizeof(responsebuffer), '2', callout) &&
-
- /* First try using the current domain */
-
- ((
- smtp_write_command(&outblock, FALSE,
- "RCPT TO:<postmaster@%.1000s>\r\n", rcpt_domain) >= 0 &&
- smtp_read_response(&inblock, responsebuffer,
- sizeof(responsebuffer), '2', callout)
- )
-
- ||
-
- /* If that doesn't work, and a full check is requested,
- try without the domain. */
-
- (
- (options & vopt_callout_fullpm) != 0 &&
- smtp_write_command(&outblock, FALSE,
- "RCPT TO:<postmaster>\r\n") >= 0 &&
- smtp_read_response(&inblock, responsebuffer,
- sizeof(responsebuffer), '2', callout)
- ));
-
- /* Sort out the cache record */
-
- new_domain_record.postmaster_stamp = time(NULL);
-
- if (done)
- new_domain_record.postmaster_result = ccache_accept;
- else if (errno == 0 && responsebuffer[0] == '5')
- {
- *failure_ptr = US"postmaster";
- setflag(addr, af_verify_pmfail);
- new_domain_record.postmaster_result = ccache_reject;
- }
- }
- } /* Random not accepted */
- } /* MAIL FROM: accepted */
+ done = smtp_write_command(&sx.outblock, FALSE, "RSET\r\n") >= 0
+ && smtp_read_response(&sx.inblock, sx.buffer,
+ sizeof(sx.buffer), '2', callout);
+ if (done)
+ {
+ uschar * main_address = addr->address;
+
+ /*XXX oops, affixes */
+ addr->address = string_sprintf("postmaster@%.1000s", addr->domain);
+ addr->transport_return = PENDING_DEFER;
+
+ sx.from_addr = pm_mailfrom;
+ sx.first_addr = sx.sync_addr = addr;
+ sx.ok = FALSE;
+ sx.send_rset = TRUE;
+ sx.completed_addr = FALSE;
+
+ if( smtp_write_mail_and_rcpt_cmds(&sx, &yield) == 0
+ && addr->transport_return == PENDING_OK
+ )
+ done = TRUE;
+ else
+ done = (options & vopt_callout_fullpm) != 0
+ && smtp_write_command(&sx.outblock, FALSE,
+ "RCPT TO:<postmaster>\r\n") >= 0
+ && smtp_read_response(&sx.inblock, sx.buffer,
+ sizeof(sx.buffer), '2', callout);
+
+ /* Sort out the cache record */
+
+ new_domain_record.postmaster_stamp = time(NULL);
+
+ if (done)
+ new_domain_record.postmaster_result = ccache_accept;
+ else if (errno == 0 && sx.buffer[0] == '5')
+ {
+ *failure_ptr = US"postmaster";
+ setflag(addr, af_verify_pmfail);
+ new_domain_record.postmaster_result = ccache_reject;
+ }
+
+ addr->address = main_address;
+ }
+ }
/* For any failure of the main check, other than a negative response, we just
close the connection and carry on. We can identify a negative response by the
fact that errno is zero. For I/O errors it will be non-zero
don't give the IP address because this may be an internal host whose identity
is not to be widely broadcast. */
- if (!done)
+no_conn:
+ switch(errno)
{
- if (errno == ETIMEDOUT)
- {
- HDEBUG(D_verify) debug_printf("SMTP timeout\n");
- send_quit = FALSE;
- }
+ case ETIMEDOUT:
+ HDEBUG(D_verify) debug_printf("SMTP timeout\n");
+ sx.send_quit = FALSE;
+ break;
+
#ifdef SUPPORT_I18N
- else if (errno == ERRNO_UTF8_FWD)
+ case ERRNO_UTF8_FWD:
{
extern int acl_where; /* src/acl.c */
errno = 0;
addr->message = string_sprintf(
- "response to \"%s\" from %s [%s] did not include SMTPUTF8",
- big_buffer, host->name, host->address);
- addr->user_message = acl_where == ACL_WHERE_RCPT
- ? US"533 mailbox name not allowed"
+ "response to \"EHLO\" did not include SMTPUTF8");
+ addr->user_message = acl_where == ACL_WHERE_RCPT
+ ? US"533 no support for internationalised mailbox name"
: US"550 mailbox unavailable";
yield = FAIL;
done = TRUE;
}
+ break;
#endif
- else if (errno == 0)
- {
- if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped");
+ case ECONNREFUSED:
+ sx.send_quit = FALSE;
+ break;
- addr->message =
- string_sprintf("response to \"%s\" from %s [%s] was: %s",
- big_buffer, host->name, host->address,
- string_printing(responsebuffer));
+ case 0:
+ if (*sx.buffer == 0) Ustrcpy(sx.buffer, US"connection dropped");
- addr->user_message = options & vopt_is_recipient
- ? string_sprintf("Callout verification failed:\n%s", responsebuffer)
- : string_sprintf("Called: %s\nSent: %s\nResponse: %s",
- host->address, big_buffer, responsebuffer);
+ /*XXX test here is ugly; seem to have a split of responsibility for
+ building this message. Need to reationalise. Where is it done
+ before here, and when not?
+ Not == 5xx resp to MAIL on main-verify
+ */
+ if (!addr->message) addr->message =
+ string_sprintf("response to \"%s\" was: %s",
+ big_buffer, string_printing(sx.buffer));
- /* Hard rejection ends the process */
+ addr->user_message = options & vopt_is_recipient
+ ? string_sprintf("Callout verification failed:\n%s", sx.buffer)
+ : string_sprintf("Called: %s\nSent: %s\nResponse: %s",
+ host->address, big_buffer, sx.buffer);
- if (responsebuffer[0] == '5') /* Address rejected */
- {
- yield = FAIL;
- done = TRUE;
- }
- }
+ /* Hard rejection ends the process */
+
+ if (sx.buffer[0] == '5') /* Address rejected */
+ {
+ yield = FAIL;
+ done = TRUE;
+ }
+ break;
}
/* End the SMTP conversation and close the connection. */
- /* Cutthrough - on a successfull connect and recipient-verify with
+ /* Cutthrough - on a successful connect and recipient-verify with
use-sender and we are 1st rcpt and have no cutthrough conn so far
here is where we want to leave the conn open */
if ( cutthrough.delivery
&& !random_local_part
&& !pm_mailfrom
&& cutthrough.fd < 0
- && !lmtp
+ && !sx.lmtp
)
{
- HDEBUG(D_acl|D_v) debug_printf("holding verify callout open for cutthrough delivery\n");
+ HDEBUG(D_acl|D_v) debug_printf_indent("holding verify callout open for cutthrough delivery\n");
- cutthrough.fd = outblock.sock; /* We assume no buffer in use in the outblock */
+ cutthrough.fd = sx.outblock.sock; /* We assume no buffer in use in the outblock */
cutthrough.nrcpt = 1;
cutthrough.interface = interface;
cutthrough.host = *host;
/* Ensure no cutthrough on multiple address verifies */
if (options & vopt_callout_recipsender)
cancel_cutthrough_connection("not usable for cutthrough");
- if (send_quit)
+ if (sx.send_quit)
{
- (void) smtp_write_command(&outblock, FALSE, "QUIT\r\n");
+ (void) smtp_write_command(&sx.outblock, FALSE, "QUIT\r\n");
/* Wait a short time for response, and discard it */
- smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
+ smtp_read_response(&sx.inblock, sx.buffer, sizeof(sx.buffer),
'2', 1);
}
+ if (sx.inblock.sock >= 0)
+ {
#ifdef SUPPORT_TLS
- tls_close(FALSE, TRUE);
+ tls_close(FALSE, TRUE);
#endif
- HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n");
- (void)close(inblock.sock);
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
+ (void)close(sx.inblock.sock);
+ sx.inblock.sock = sx.outblock.sock = -1;
#ifndef DISABLE_EVENT
- (void) event_raise(addr->transport->event_action, US"tcp:close", NULL);
+ (void) event_raise(addr->transport->event_action, US"tcp:close", NULL);
#endif
+ }
}
+ if (!done || yield != OK)
+ addr->message = string_sprintf("%s [%s] : %s", host->name, host->address,
+ addr->message);
} /* Loop through all hosts, while !done */
}
/* If we get here with done == TRUE, a successful callout happened, and yield
will be set OK or FAIL according to the response to the RCPT command.
Otherwise, we looped through the hosts but couldn't complete the business.
-However, there may be domain-specific information to cache in both cases.
-
-The value of the result field in the new_domain record is ccache_unknown if
-there was an error before or with MAIL FROM:, and errno was not zero,
-implying some kind of I/O error. We don't want to write the cache in that case.
-Otherwise the value is ccache_accept, ccache_reject, or ccache_reject_mfnull. */
-
-if ( !(options & vopt_callout_no_cache)
- && new_domain_record.result != ccache_unknown)
- {
- if ((dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE))
- == NULL)
- {
- HDEBUG(D_verify) debug_printf("callout cache: not available\n");
- }
- else
- {
- (void)dbfn_write(dbm_file, addr->domain, &new_domain_record,
- (int)sizeof(dbdata_callout_cache));
- HDEBUG(D_verify) debug_printf("wrote callout cache domain record for %s:\n"
- " result=%d postmaster=%d random=%d\n",
- addr->domain,
- new_domain_record.result,
- new_domain_record.postmaster_result,
- new_domain_record.random_result);
- }
- }
-
-/* If a definite result was obtained for the callout, cache it unless caching
-is disabled. */
+However, there may be domain-specific information to cache in both cases. */
-if (done)
- {
- if ( !(options & vopt_callout_no_cache)
- && new_address_record.result != ccache_unknown)
- {
- if (!dbm_file)
- dbm_file = dbfn_open(US"callout", O_RDWR|O_CREAT, &dbblock, FALSE);
- if (!dbm_file)
- {
- HDEBUG(D_verify) debug_printf("no callout cache available\n");
- }
- else
- {
- (void)dbfn_write(dbm_file, address_key, &new_address_record,
- (int)sizeof(dbdata_callout_cache_address));
- HDEBUG(D_verify) debug_printf("wrote %s callout cache address record for %s\n",
- new_address_record.result == ccache_accept ? "positive" : "negative",
- address_key);
- }
- }
- } /* done */
+if (!(options & vopt_callout_no_cache))
+ cache_callout_write(&new_domain_record, addr->domain,
+ done, &new_address_record, address_key);
/* Failure to connect to any host, or any response other than 2xx or 5xx is a
temporary error. If there was only one host, and a response was received, leave
it alone if supplying details. Otherwise, give a generic response. */
-else /* !done */
+if (!done)
{
uschar * dullmsg = string_sprintf("Could not complete %s verify callout",
options & vopt_is_recipient ? "recipient" : "sender");
yield = DEFER;
- if (host_list->next || !addr->message)
- addr->message = dullmsg;
+ addr->message = host_list->next || !addr->message
+ ? dullmsg : string_sprintf("%s: %s", dullmsg, addr->message);
addr->user_message = smtp_return_error_details
? string_sprintf("%s for <%s>.\n"
/* Come here from within the cache-reading code on fast-track exit. */
END_CALLOUT:
-if (dbm_file) dbfn_close(dbm_file);
+tls_modify_variables(&tls_in);
return yield;
}
get rewritten. */
addr2 = *addr;
-HDEBUG(D_acl) debug_printf("----------- %s cutthrough setup ------------\n",
+HDEBUG(D_acl) debug_printf_indent("----------- %s cutthrough setup ------------\n",
rcpt_count > 1 ? "more" : "start");
rc = verify_address(&addr2, NULL,
vopt_is_recipient | vopt_callout_recipsender | vopt_callout_no_cache,
NULL, NULL, NULL);
addr->message = addr2.message;
addr->user_message = addr2.user_message;
-HDEBUG(D_acl) debug_printf("----------- end cutthrough setup ------------\n");
+HDEBUG(D_acl) debug_printf_indent("----------- end cutthrough setup ------------\n");
return rc;
}
return TRUE;
}
-HDEBUG(D_transport|D_acl) debug_printf("cutthrough_send failed: %s\n", strerror(errno));
+HDEBUG(D_transport|D_acl) debug_printf_indent("cutthrough_send failed: %s\n", strerror(errno));
return FALSE;
}
if(cutthrough.fd < 0)
return FALSE;
-HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> DATA\n");
+HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> DATA\n");
cutthrough_puts(US"DATA\r\n", 6);
cutthrough_flush_send();
/* We share a routine with the mainline transport to handle header add/remove/rewrites,
but having a separate buffered-output function (for now)
*/
-HDEBUG(D_acl) debug_printf("----------- start cutthrough headers send -----------\n");
+HDEBUG(D_acl) debug_printf_indent("----------- start cutthrough headers send -----------\n");
tctx.tblock = cutthrough.addr.transport;
tctx.addr = &cutthrough.addr;
if (!transport_headers_send(cutthrough.fd, &tctx, &cutthrough_write_chunk))
return FALSE;
-HDEBUG(D_acl) debug_printf("----------- done cutthrough headers send ------------\n");
+HDEBUG(D_acl) debug_printf_indent("----------- done cutthrough headers send ------------\n");
return TRUE;
}
conn before the final dot.
*/
ctblock.ptr = ctbuffer;
- HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> QUIT\n");
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> QUIT\n");
_cutthrough_puts(US"QUIT\r\n", 6); /* avoid recursion */
_cutthrough_flush_send();
#ifdef SUPPORT_TLS
tls_close(FALSE, TRUE);
#endif
- HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP(close)>>\n");
+ HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP(close)>>\n");
(void)close(cutthrough.fd);
cutthrough.fd = -1;
- HDEBUG(D_acl) debug_printf("----------- cutthrough shutdown (%s) ------------\n", why);
+ HDEBUG(D_acl) debug_printf_indent("----------- cutthrough shutdown (%s) ------------\n", why);
}
ctblock.ptr = ctbuffer;
}
{
uschar res;
address_item * addr;
-HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> .\n");
+HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> .\n");
/* Assume data finshed with new-line */
if( !cutthrough_puts(US".", 1)
dnssec_domains = &ob->dnssec;
}
- (void)host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
+ (void) host_find_bydns(host, NULL, flags, NULL, NULL, NULL,
dnssec_domains, NULL, NULL);
}
}
* Check header names for 8-bit characters *
*************************************************/
-/* This function checks for invalid charcters in header names. See
+/* This function checks for invalid characters in header names. See
RFC 5322, 2.2. and RFC 6532, 3.
Arguments:
}
/* If the pattern is an IP address, optionally followed by a bitmask count, do
-a (possibly masked) comparision with the current IP address. */
+a (possibly masked) comparison with the current IP address. */
if (string_is_ip_address(ss, &maskoffset) != 0)
return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL);
(void)tree_insertnode(&dnsbl_cache, t);
}
- /* Do the DNS loopup . */
+ /* Do the DNS lookup . */
HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query);
cb->rc = dns_basic_lookup(&dnsa, query, T_A);
--- /dev/null
+#!/usr/bin/env perl
+
+use warnings;
+use strict;
+BEGIN { pop @INC if $INC[-1] eq '.' };
+
+use Fcntl qw(:DEFAULT :flock :seek);
+use File::Find;
+use File::Spec;
+
+use constant MIN_AGE => 60; # seconds
+my $exim = exists $ENV{'EXIM_BINARY'} ? $ENV{'EXIM_BINARY'} : 'exim';
+
+my %known_okay = map {$_=>1} qw( linux darwin freebsd );
+unless (exists $known_okay{$^O}) {
+ warn "for ease, this perl uses flock, not fcntl, assuming they're the same\n";
+ warn "this is not known by this author to be the case on $^O\n";
+ warn "please investigate and either add to allowed-list in script, or rewrite\n";
+ die "bailing out";
+
+ # Another approach to rewriting script: stop all exim receivers and
+ # queue-runners, prevent them from starting, then add your OS to the list and
+ # run, even though the locking type is wrong, relying upon not actually
+ # contending.
+}
+
+my $spool_dir = `$exim -n -bP spool_directory`;
+chomp $spool_dir;
+
+chdir(File::Spec->catfile($spool_dir, 'input'))
+ or die "chdir($spool_dir/input) failed: $!\n";
+
+my $exim_msgid_r = qr/(?:[0-9A-Za-z]{6}-[0-9A-Za-z]{6}-[0-9A-Za-z]{2})/;
+my $spool_dfile_r = qr/^(($exim_msgid_r)-D)\z/o;
+
+sub fh_ends_newline {
+ my ($fh, $dfn, $verbose) = @_;
+ seek($fh, -1, 2) or do { warn "seek(file($dfn)) failed: $!\n"; return -1 };
+ my $count = read $fh, my $ch, 1;
+ if ($count == -1) { warn "failed to read last byte of $dfn\n"; return -1 };
+ if ($count == 0) { warn "file shrunk by one?? problem with $dfn\n"; return -1 };
+ if ($ch eq "\n") { print "okay!\n" if $verbose; return 1 }
+ print "PROBLEM: $dfn missing final newline (got $ch)\n" if $verbose;
+ return 0;
+}
+
+
+sub each_found_file {
+ return unless $_ =~ $spool_dfile_r;
+ my ($msgid, $dfn) = ($2, $1);
+
+ # We should have already upgraded Exim before invoking us, thus any spool
+ # files will be old and we can reduce spending time trying to lock files
+ # still being written to, etc.
+ my @st = lstat($dfn) or return;
+ if ($^T - $st[9] < MIN_AGE) { return };
+ -f "./${msgid}-H" || return;
+
+ print "consider: $dfn\n";
+ open(my $fh, '+<:raw', $dfn) or do {
+ warn "open($dfn) failed: $!\n";
+ return;
+ };
+ # return with a lexical FH in modern Perl should guarantee close, AIUI
+
+ # we do our first check without a lock, so that we can scan past messages
+ # being handled by Exim quickly, and only lock up on those which Exim is
+ # trying and failing to deliver. However, since Exim will be hung on remote
+ # hosts, this is likely. Thus best to kill queue-runners first.
+
+ return if fh_ends_newline($fh, $dfn, 0); # also returns on error
+ print "Problem? $msgid probably missing newline, locking to be sure ...\n";
+ flock($fh, LOCK_EX) or do { warn "flock(file($dfn)) failed: $!\n"; return };
+ return if fh_ends_newline($fh, $dfn, 1); # also returns on error
+
+ fixup_message($msgid, $dfn, $fh);
+
+ close($fh) or warn "close($dfn) failed: $!\n";
+};
+
+sub fixup_message {
+ my ($msgid, $dfn, $fh) = @_;
+ # we can't freeze the message, our lock stops that, which is good!
+
+ seek($fh, 0, 2) or do { warn "seek(file($dfn)) failed: $!\n"; return -1 };
+
+ my $r = inc_message_header_linecount($msgid);
+ if ($r < 0) {
+ warn "failed to fix message headers in ${msgid}-H so not editing message\n";
+ return;
+ }
+
+ print {$fh} "\n";
+
+ print "${msgid}: added newline\n";
+};
+
+sub inc_message_header_linecount {
+ my ($msgid) = @_;
+ my $name_in = "${msgid}-H";
+ my $name_out = "${msgid}-chunkfix";
+
+ open(my $in, '<:perlio', $name_in) or do { warn "open(${name_in}) failed: $!\n"; return -1 };
+ open(my $out, '>:perlio', $name_out) or do { warn "write-open(${name_out}) failed: $!\n"; return -1 };
+ my $seen = 0;
+ my $lc;
+ foreach (<$in>) {
+ if ($seen) {
+ print {$out} $_;
+ next;
+ }
+ if (/^(-body_linecount\s+)(\d+)(\s*)$/) {
+ $lc = $2 + 1;
+ print {$out} "${1}${lc}${3}";
+ $seen = 1;
+ next;
+ }
+ print {$out} $_;
+ }
+ close($in) or do {
+ warn "read-close(${msgid}-H) failed, assuming incomplete: $!\n";
+ close($out);
+ unlink $name_out;
+ return -1;
+ };
+ close($out) or do {
+ warn "write-close(${msgid}-chunkfix) failed, aborting: $!\n";
+ unlink $name_out;
+ return -1;
+ };
+
+ my @target = stat($name_in) or do { warn "stat($name_in) failed: $!\n"; unlink $name_out; return -1 };
+ my @created = stat($name_out) or do { warn "stat($name_out) failed: $!\n"; unlink $name_out; return -1 };
+ # 4=uid, 5=gid, 2=mode
+ if (($created[5] != $target[5]) or ($created[4] != $target[4])) {
+ chown $target[4], $target[5], $name_out or do {
+ warn "chown($name_out) failed: $!\n";
+ unlink $name_out;
+ return -1;
+ };
+ }
+ if (($created[2]&07777) != ($target[2]&0x7777)) {
+ chmod $target[2]&0x7777, $name_out or do {
+ warn "chmod($name_out) failed: $!\n";
+ unlink $name_out;
+ return -1;
+ };
+ }
+
+ rename $name_out, $name_in or do {
+ warn "rename '${msgid}-chunkfix' -> '${msgid}-H' failed: $!\n";
+ unlink $name_out;
+ return -1;
+ };
+
+ print "${msgid}: linecount set to $lc\n";
+ return 1;
+}
+
+find({wanted => \&each_found_file}, '.');
# Vadim Vygonets <vadik-exim@vygo.net>. All rights reserved.
# Public domain is OK with me.
+BEGIN { pop @INC if $INC[-1] eq '.' };
+
use MIME::Base64;
use Digest::MD5;
# Little Perl script to convert flat file into CDB file. Two advantages over
# cdbmake-12 awk script that is distributed with CDB:
# 1) Handles 'dpc22:dpc22@hermes' as well as 'dpc22 dpc22@hermes'
-# 2) Perl works with arbitary length strings: awk chokes at 1,024 chars
+# 2) Perl works with arbitrary length strings: awk chokes at 1,024 chars
#
# Cambridge: hermes/src/admin/mkcdb,v 1.9 2005/02/15 18:14:12 fanf2 Exp
use strict;
+BEGIN { pop @INC if $INC[-1] eq '.' };
$ENV{'PATH'} = "";
umask(022);
# Copyright (C) 2012 Wizards Internet Ltd
# License GPLv2: GNU GPL version 2 <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
use strict;
+BEGIN { pop @INC if $INC[-1] eq '.' };
use Getopt::Std;
$Getopt::Std::STANDARD_HELP_VERSION=1;
use IO::Handle;
#
use strict;
use warnings;
+BEGIN { pop @INC if $INC[-1] eq '.' };
use IO::Select;
use IO::Socket;
use Getopt::Long;
use strict;
+BEGIN { pop @INC if $INC[-1] eq '.' };
+
sub usage () {
print <<END;
usage: ratelimit.pl [options] <period> <regex> <logfile>
# bin/client an SMTP script-driven client, without TLS support
# bin/client-gnutls ditto, with GnuTLS support
# bin/client-ssl ditto, with OpenSSL support
-# bin/fakens a fake namserver
+# bin/fakens a fake nameserver
# bin/fd output details of open file descriptors
# bin/iefbr14 a program that does nothing and returns 0
# bin/loaded a dynamically loaded test module
(2) cd into the exim-testsuite-x.xx directory.
-(3) Run "autoconf" then "./configure" and then "make". This builds a few
- auxiliary programs that are written in C.
+(3) Run "./configure" and then "make". This builds a few auxiliary programs that
+ are written in C.
(4) echo $PWD/test-config >> your_TRUSTED_CONFIG_LIST_filename
Typically that is .../exim/test/trusted_configs
This allows "overrides" for the test results. It's intended
use is to deal with distro specific differences in the test
output. The default flavour is "FOO" if autodetection fails.
- (Autodection is possible for known flavours only. Known
+ (Autodetection is possible for known flavours only. Known
flavours are computed after file name extensions in stdout/*
and stderr/*.)
maintainer after making a change to the code that affects a lot of
tests (for example, the wording of a message).
+ -SLOW For very slow hosts that appear to have Heisenbugs, delay before
+ comparing output files from a testcase
+
The options for ./runtest must be given first (but after the name of the
binary, if present). Any further options, that is, items on the command line
that start with a hyphen, are passed to the Exim binary when it is run as part
Other circumstances give rise to other prompts. If a test generates output for
which there is no saved data, the prompt (after a message stating which file is
-unexpectely not empty) is:
+unexpectedly not empty) is:
Continue, Show, or Quit? [Q]
The expected return code in this case is 1, and the data lines are passed to
Exim on its standard input. Both the command line and the data lines have the
-standard substitions applied to them. Thus, HOSTNAME in the example above will
+standard substitutions applied to them. Thus, HOSTNAME in the example above will
be replaced by the local host's name. Long commands can be continued over
several lines by using \ as a continuation character. This does *not* apply to
data lines.
need_largefiles
This command must be at the head of a script. If the Exim binary does not
-suppport large files (off_t is <= 4), the entire script is skipped, and a
+support large files (off_t is <= 4), the entire script is skipped, and a
comment is output.
program is compiled, one that supports TLS using OpenSSL. The additional
arguments specify a certificate and key file when required for the connection.
There are two additional options: -tls-on-connect, that causes the client to
-initiate TLS negociation immediately on connection; -ocsp that causes the TLS
+initiate TLS negotiation immediately on connection; -ocsp that causes the TLS
negotiation to include a certificate-status request. The latter takes a
filename argument, the CA info for verifying the stapled response.
(2) If a line starts with three plus signs followed by a space, the rest of the
line specifies a number of seconds to sleep for before proceeding.
-(3) Otherwise, the line is an input line line that is sent to the server. Any
+(3) If a line begins with three '>' characters and a space, the rest of the
+ line is input to be sent to the server. Backslash escaping is done as
+ described below, but no trailing "\r\n" is sent.
+
+(4) If a line begin with three '<' characters and a space, the rest of the
+ line is a filename; the content of the file is inserted intto the script
+ at this point.
+
+(5) Otherwise, the line is an input line line that is sent to the server. Any
occurrences of \r and \n in the line are turned into carriage return and
linefeed, respectively. This is used for testing PIPELINING.
+ Any sequences of \x followed by two hex digits are converted to the equvalent
+ byte value. Any other character following a \ is sent verbatim.
+ The line is sent with a trailing "\r\n".
Here is a simple example:
example, some TLS certificates) are used by more than one test, and so their
names are not of this form.
-There are also some auxilary DNS zone files, which are described in the next
+There are also some auxiliary DNS zone files, which are described in the next
section.
--- /dev/null
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+Line 1: This is a simple test.
+Line 2: This is a simple test.
--- /dev/null
+WARNING for Exim Testsuite:
+
+If you change these certificates you will also need to update the TLSA records in dnszone-src/db.test.ex
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
-MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp\r
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f\r
-Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn\r
-90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf\r
-MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR\r
-XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u\r
-X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u\r
-MTXhPAdr1Fn6Jj+eZy1Uv/yu
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX\r
+4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk\r
+EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk\r
+xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs\r
+RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf\r
+gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh\r
+iaEG3X51ApoqRRyXcSJZBcYN
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES\r
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv\r
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd\r
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5\r
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe\r
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW\r
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu\r
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX\r
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO\r
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4\r
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
-MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp\r
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f\r
-Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn\r
-90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf\r
-MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR\r
-XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u\r
-X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u\r
-MTXhPAdr1Fn6Jj+eZy1Uv/yu
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX\r
+4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk\r
+EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk\r
+xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs\r
+RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf\r
+gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh\r
+iaEG3X51ApoqRRyXcSJZBcYN
-----END CERTIFICATE-----
Bag Attributes
friendlyName: OCSP Signer
- localKeyID: 5C 45 60 73 58 0B 05 B0 8A E3 5E E0 82 F4 43 38 BC 92 11 D1
+ localKeyID: 71 A9 2F 71 11 ED 33 7A 5A AC BD 8A E8 31 B5 F4 00 1A 96 7B
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
-MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOXfY0A/oOp7KA4Q
-AtDupzSVuTLwDERtvI0C3Lbo7gsyx+PAbpnOwOkKoR8BbJ3/ay5UB8Ximwf2u2A4
-MDdtlK1/gmtkkU7l4bKlszy/CQ9ovYaKixFvfM5bI2Z5OUgjDtYG2HkatCKWPrdu
-RSV7xrCYZ+FAV/1zC4On0WoYu80RAgMBAAECgYACAERSalthvym1maEUpYcyF32R
-unI45EWoapZ2RyfPVCVWT7YGw7x9KtkFNpN1+qO5twSMTfEwjA7MgyC0UtFg/wpM
-QeeEK8KIOg7xgur1Q3mpb3E6o4ZOFcPV0S3dGP/kT3TSMbgGzChu2ZK5fLpwNk74
-BCD8eOE8JLq60yGxYwJBAPa431ywNBPp7atC9BDdON4BAEr0r6Cb+SZUJK1+DKpR
-1kVjq7Tt5TipsdBtYnQh2r0SFDKJw37ULDH54DFw07MCQQDuhE8jIQPPohFyLEUn
-HhIHSs/LEYWXtbSkWsZji4r1Q+1tCUOeqfZiMLo6MQgnwu1N534IpOXgmoAWGFsS
-z8orAkEAzIJqA7a7NFaP/4o8LU5yuPMzfu5cNlGTsMXGsVjuvq+fYV1BE3SusM1Y
-62AAYCs/2cGGpG21cwgEqlhqEhFoKQJBAKIT+orOhn5zjRNejedVAb8+0REW6Qb8
-jLIalTFTw6uC6zXq065fpHN41TNx2i7awNLtebF6DFOh6WQaTNjtpl0CQQCt7EvE
-fxcjWKwEJrUXF4gLho1GebR38Et5eRqFuhnMfPM7gu2FrPtXeIel4/Mm7QvBklv7
-a4epoR/YDYlkJ/xa
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMWL5GdlufxkZH6j
+c2yV5cjRyUotDklCAjNi0lHUqcIddHDE3JYoOY+awfoK8p0uIbBuLYucYKoPJT9p
+k7Q5S3dGjMR83AMig36vaLqkUoDHGH1WVcwYzyFYyNn6xsV7lPqD+gdb3NdmhrPN
+XOUwZPVs47fprqRGqTuuqthmr3inAgMBAAECgYAFRZ951vAouTEpZAlPi4yPWHHr
+xdoMwHM4ldmRD4DcSlbyL37HjxlCKNomZyZkZXfGspoKkMjPoQnYcGPdum22HC2V
+kfiiVbT9+1JHfEQ52MJPf5DC38KSiJXigOwljN580baDNEcFuyqQY/+zv7iH1AeM
+kRXeUs8k4+SI4DNSGQJBAOT9gNbe/GfBUQHPWkB4RGYFcwJSZrRyBCKqYK6W38Fs
+Ii/8OKZ/WRxzEQQ5+AA9PR9EWXFVMq7wU9Zn1Ufzdj0CQQDc2OzFIpkyAG5T1iXo
+ptf41hzva2Z8mH9BeYCk8ChSq76vIYig1x//+Hndwsx8X2gCxcbijMJvjHQPrG6Y
+C7yzAkEApgt0e1qiKBIzzV4wEYOkBV56MPrTYpEyknh9NtxMUBM7DxSTd5fsZAbE
+Fg562KGPSrbjLJ0c7WFzSYttSokt+QJBAIcxiCfZ2TwhxWgvBP/Z+wYKVKY/8fo+
+BFDZh2Xw2k5Zcp6VAaWsa5tvyXJ2yGUupmZkGi8fifttWLMrlHwhWz8CQQDWKBtW
+NRAwS7yq8DNFEJs4zP8P4U3/7iQnlX1VPzU517m3x++VSwWcMSSy7pF3toXZJRF+
+eF94ASUz85rI54FT
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICBTCCAW6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt\r
cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy\r
-MzQwM1oXDTM4MDEwMTEyMzQwM1owMjEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAY\r
+MzQwMVoXDTM4MDEwMTEyMzQwMVowMjEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAY\r
BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\r
-iQKBgQDl32NAP6DqeygOEALQ7qc0lbky8AxEbbyNAty26O4LMsfjwG6ZzsDpCqEf\r
-AWyd/2suVAfF4psH9rtgODA3bZStf4JrZJFO5eGypbM8vwkPaL2GiosRb3zOWyNm\r
-eTlIIw7WBth5GrQilj63bkUle8awmGfhQFf9cwuDp9FqGLvNEQIDAQABoyowKDAO\r
+iQKBgQDFi+RnZbn8ZGR+o3NsleXI0clKLQ5JQgIzYtJR1KnCHXRwxNyWKDmPmsH6\r
+CvKdLiGwbi2LnGCqDyU/aZO0OUt3RozEfNwDIoN+r2i6pFKAxxh9VlXMGM8hWMjZ\r
++sbFe5T6g/oHW9zXZoazzVzlMGT1bOO36a6kRqk7rqrYZq94pwIDAQABoyowKDAO\r
BgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcN\r
-AQELBQADgYEAItOiudWgomzwbClA9o7UIHV3bP5hQ6ZB6UA47+BB+BYqyq1toxNY\r
-uUZYuMr02fJzh3Y7yJCipQ0ac0vlFgVg1cuBcjYb+Qj8+jZPdU6iNuHhQVOArCqJ\r
-htS+pkqXstFkSRvFU6Ps5D8xgSbgFe+UE1iHqMHl5V8h9QlL85QM4Lg=
+AQELBQADgYEAVv4Md0Knp0gutMKCvPTb78cQbCrYJCZY/rD5bFrLdjb04/Vp6wxZ\r
+Zml5UeYlXDrlaAZ9pvv2JItNrkJdDgy4dfXnHYkEyf0VRXchy/ORnzOCIiq83lim\r
+Zng6m70reCwFJar9yaofPk7eMOOl2BoNJIMalmZH3Sn0PW+zLa98qi8=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Signing Cert
- localKeyID: 66 80 BF 3A C9 12 D9 85 0A B5 ED B3 6A A6 5A A2 73 20 52 EE
+ localKeyID: 9E 3C E0 62 B3 A1 22 50 86 25 CD A7 F5 F1 59 CD A0 DC FE 07
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
-MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAOOMkRJs7F2ue2M4
-756NNjcQt6ZFfreQOq/A8zl6iM80dcT4OSYTj4x8ekr0kF/pND1GJe8X/RdqDhn3
-ETnJbzPTWnR+ujEI3a/PvdW5lKeyWrfdYKx2XycB+wW16sGB5csHNh3HsCxR3dSR
-v/Oj2lL6pe2/FNjh3sLUbkIF9+MTAgMBAAECgYAa5hHQ0Z3KteaxxC1rRY/MSEZ1
-ZM9bHV/FSUlXQ5lq6RgnjceaV9icclXgiMg3q5vNxyjnz82kLW4iT/cHfjzjSefm
-IYilLzE5jtkXJnCfzWIzLHYKwe1HCLX5S78YYiVJkjKtZrC9hnAPTHRQBBJ9IHHo
-U7Qk2mKzBdbYEpeQ1QJBAPW/Yi0VDisjbFI601PhzoiWLBLz3dEy9ZWj58MvrLWo
-0a/bxsjrxmumcR1qpuszZcHFl/JRQVmJ55Mpy0cFff8CQQDtCtIfGwrN3/QVE2K5
-2+dEbzlDPpk2qmsQXduZT5bXYo9t2Q5bac+V8X9WfvmfxP71SdpvqDUSCVkBACcx
-mcLtAkAI5PhksVJl9U5CW6ayboXPI8BMn07z92g0Fk6ZHeyeVpHgT5AOTZpM4yVM
-70NDWATi0ogBWTeIShl7lhOpamV5AkBRt5ZCdO8flCIwFdPGIQI0PGewP+dPyiZI
-qSKoUqC8tdSeWOKzLuIKXgu5BOMHakE+zGwKbCGHi0NsreHVHp3tAkAUC2+PTjlj
-Z3A+ZzwC/Vt81W+GtQOOmGTWwfUZMowFV/uw7hQRN1ALWTCv6O0xGa7evoSTjS9s
-FXqDkIT381kD
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMLY+HnZQx0PwIBb
+qYChJQqBBsISmzpVg8GprTfUnMMHOkcPxyYgl9GWY+D1XwrYtc/xVV54bstbZEFW
+VLH3TzYRk0Lnjk0UoODhe7TWNg/wGs1wnPO7yKnyiyKoDOj33cBlehZ4ZkonuFgD
+UzlEIyRIgGEXHCg5uMb0G3UtD+R5AgMBAAECgYABeqTaab8XyIOBnMprpC2DY0rN
+nV1UOGa/RhCFR1IesowxgGbQjCvo9HelOTjAoVBWxCbTznwEibdWn31MsezSOFKs
+vIiXfyFJUhONnt88Yx4YmSfoRLNjSUsjXyxc5qnnk1zEXyrg8Ek2HzBmxEY1nuGA
+JTAF6q8c6y15PL4pdQJBAOaBfap41wGg2RjKRHgcop0xcLIw4+GIJM4FLw6H5LyB
+MuqiGi93otTgCWgNS1diV1D9PEjvxxXA5TJgx/u5m30CQQDYZdsvYF3qXI1wPLXk
+uATJDFEHpk3doHEXPoErvkGrEke9HC6spSkMk2yxj1Rdkd/U1PF4dqJi35BaDYgi
+p+WtAkB5D8FkaxrhLA1ZS8IyIzf0vyalL7A/nzVVTrusMgscRe7r9D80duz6SMAn
++fN77ZZWXunulKBG+IxnrRTbTFwxAkEArRVTKmK225RpoMM+bZFuamyKh0bScxk4
+O3JIGPfVSIKXlL/s6TQ1UBS+1Iqi3TCnSnGELmkdW14b9JtsLuQCBQJBAOH9NRNW
+rCQRCy+zlEo1c5Aukm+q2JHkuZwyVbBx7EEqX9RXwQ74OMVUUfqk7XhspY3SOg5i
++BfrMwWtyFCfgmg=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES\r
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv\r
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd\r
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5\r
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe\r
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW\r
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu\r
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX\r
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO\r
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4\r
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
; Config::Simple 4.59
-; Thu Nov 1 12:34:02 2012
-
-[CLICA]
-sighash=SHA256
-crl_signer=Signing Cert
-crl_url=http://crl.example.com/latest.crl
-level=1
-signer=Signing Cert
-ocsp_signer=OCSP Signer
-ocsp_url=http://oscp.example.com/
+; Thu Nov 1 12:34:01 2012
[CA]
+bits=1024
org=example.com
subject=clica CA
name=Certificate Authority
-bits=1024
+
+[CLICA]
+crl_url=http://crl.example.com/latest.crl
+ocsp_url=http://oscp.example.com/
+signer=Signing Cert
+ocsp_signer=OCSP Signer
+sighash=SHA256
+crl_signer=Signing Cert
+level=1
-update=20161101174750Z
+update=20170131185506Z
-----BEGIN X509 CRL-----
MIHtMFgCAQEwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20x
-GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNjExMDExNzQ3NTBaMA0G
-CSqGSIb3DQEBCwUAA4GBANWNiRAfuqCpy5xCJRHBQX8PeS7SMvKsgN3/7CahxPMo
-/1AXqiQfsSK91kI4EVbcTUuEIlSmZyVk5fVFsfn1nYDyTjqmpuiNhR1473KJsLO6
-CkWLFB0FLcpZIxoKjA00F7fWXA+OI95pr76JixcWUYESQBkgWQGYxEvhdgDH+Fh6
+GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNzAxMzExODU1MDZaMA0G
+CSqGSIb3DQEBCwUAA4GBALweRJiNR6xxBHSq8yJwCQ8QTPk20k3HZMqkiHJsXk2k
+7Bi8u084dWT6qusM0sX+EIijWaq0PeI62eMIxTypD8f+ug3ookeq1uTr5/oxitfp
+5Q2t5yFzk6fqmnozxyb2BhRGiEpwouLFngt9yz3WjJmOXVIQbz3JDpzHBx8kIhMm
-----END X509 CRL-----
-update=20161101174753Z
-addcert 102 20161101174753Z
-addcert 202 20161101174753Z
+update=20170131185508Z
+addcert 102 20170131185508Z
+addcert 202 20170131185508Z
-----BEGIN X509 CRL-----
MIIBHTCBhwIBATANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFtcGxlLmNv
-bTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE2MTEwMTE3NDc1M1ow
-LTAUAgFmGA8yMDE2MTEwMTE3NDc1M1owFQICAMoYDzIwMTYxMTAxMTc0NzUzWjAN
-BgkqhkiG9w0BAQsFAAOBgQBecwRKnMEtZ1Hy5UKs5KR8N9oM1lvHeVCpf2KDYgR2
-x0W4qsPVhMQTt23XhNZwQ+FX+u1l+doNZlwBk7HJOdnrT0X6KlCIO/jomd5NtQ7c
-DtWoNakhoESob/L2Kcd9RlkeZmhV9sJ/nFDURy6367+jWa5HHhyfEQDOj2rQ8mqQ
-Qw==
+bTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE3MDEzMTE4NTUwOFow
+LTAUAgFmGA8yMDE3MDEzMTE4NTUwOFowFQICAMoYDzIwMTcwMTMxMTg1NTA4WjAN
+BgkqhkiG9w0BAQsFAAOBgQB+5VosBl1uvUXUQ17NdPZJSR0ZyJ9+jwTSauGwGjHa
+sKjpVCwT8Lzf0CL15/sv3mR4P67v3xLHKuxLpdzVhrgOFanoeplGUJFmXjIQ547H
+5Psyeg3C1+Ob6uIUZR0p7SVSeJJNiv8XlrIu78YsPrFigE8X/qUqEeXOXYyINlFh
+7w==
-----END X509 CRL-----
processor : 0
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
physical id : 0
-siblings : 1
+siblings : 8
core id : 0
-cpu cores : 1
+cpu cores : 4
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5424.00
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
processor : 1
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
-physical id : 1
-siblings : 1
-core id : 0
-cpu cores : 1
-apicid : 1
-initial apicid : 1
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 1
+cpu cores : 4
+apicid : 2
+initial apicid : 2
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.15
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
processor : 2
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
-physical id : 2
-siblings : 1
-core id : 0
-cpu cores : 1
-apicid : 2
-initial apicid : 2
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 2
+cpu cores : 4
+apicid : 4
+initial apicid : 4
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.09
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
processor : 3
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
-physical id : 3
-siblings : 1
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 3
+cpu cores : 4
+apicid : 6
+initial apicid : 6
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.13
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 4
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
core id : 0
-cpu cores : 1
+cpu cores : 4
+apicid : 1
+initial apicid : 1
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5428.40
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 5
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 1
+cpu cores : 4
apicid : 3
initial apicid : 3
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5428.13
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 6
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 2
+cpu cores : 4
+apicid : 5
+initial apicid : 5
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.27
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 7
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 3
+cpu cores : 4
+apicid : 7
+initial apicid : 7
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.26
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
- CPU0 CPU1 CPU2 CPU3
- 0: 135 0 0 0 IO-APIC-edge timer
- 1: 1 2 3 2 IO-APIC-edge i8042
- 6: 0 1 1 1 IO-APIC-edge floppy
- 8: 0 0 0 0 IO-APIC-edge rtc0
- 9: 0 0 0 0 IO-APIC-fasteoi acpi
- 10: 496 482 486 468 IO-APIC-fasteoi virtio4
- 11: 10 147 30 27 IO-APIC-fasteoi uhci_hcd:usb1, qxl
- 12: 0 41 47 38 IO-APIC-edge i8042
- 14: 0 0 0 0 IO-APIC-edge ata_piix
- 15: 24 20 182194 20 IO-APIC-edge ata_piix
- 24: 0 0 0 0 PCI-MSI-edge virtio0-config
- 25: 0 0 0 0 PCI-MSI-edge virtio2-config
- 26: 0 3 1 4 PCI-MSI-edge virtio2-virtqueues
- 27: 3075029 25 27 24 PCI-MSI-edge virtio0-input.0
- 28: 0 0 1 0 PCI-MSI-edge virtio0-output.0
- 29: 0 0 0 0 PCI-MSI-edge virtio1-config
- 30: 8 10 6 263036 PCI-MSI-edge virtio1-input.0
- 31: 0 1 1 0 PCI-MSI-edge virtio1-output.0
- 32: 0 0 0 0 PCI-MSI-edge virtio3-config
- 33: 2251 1443 1443 76412 PCI-MSI-edge virtio3-req.0
-NMI: 0 0 0 0 Non-maskable interrupts
-LOC: 2927588 2332410 2357757 2469878 Local timer interrupts
-SPU: 0 0 0 0 Spurious interrupts
-PMI: 0 0 0 0 Performance monitoring interrupts
-IWI: 171654 62779 47813 57003 IRQ work interrupts
-RTR: 0 0 0 0 APIC ICR read retries
-RES: 801927 676810 570786 698330 Rescheduling interrupts
-CAL: 22675 11464 17532 1233 Function call interrupts
-TLB: 82281 78051 78821 80323 TLB shootdowns
-TRM: 0 0 0 0 Thermal event interrupts
-THR: 0 0 0 0 Threshold APIC interrupts
-MCE: 0 0 0 0 Machine check exceptions
-MCP: 624 624 624 624 Machine check polls
-ERR: 0
-MIS: 0
-MemTotal: 1785008 kB
-MemFree: 252440 kB
-MemAvailable: 1297232 kB
-Buffers: 0 kB
-Cached: 491464 kB
-SwapCached: 252 kB
-Active: 330668 kB
-Inactive: 223256 kB
-Active(anon): 30216 kB
-Inactive(anon): 73420 kB
-Active(file): 300452 kB
-Inactive(file): 149836 kB
+ CPU0 CPU1 CPU2 CPU3 CPU4 CPU5 CPU6 CPU7
+ 0: 52 0 0 0 0 0 0 0 IR-IO-APIC 2-edge timer
+ 1: 16 459 44 16 71 52 37 18 IR-IO-APIC 1-edge i8042
+ 8: 0 0 0 1 0 0 0 0 IR-IO-APIC 8-edge rtc0
+ 9: 89 154 83 105 355 114 136 53 IR-IO-APIC 9-fasteoi acpi
+ 12: 201 49375 1144 1233 5340 1378 1701 919 IR-IO-APIC 12-edge i8042
+ 16: 1 0 0 0 0 0 0 0 IR-IO-APIC 16-fasteoi i801_smbus
+ 19: 5 3 2 0 8 2 2 2 IR-IO-APIC 19-fasteoi
+ 120: 0 0 0 0 0 0 0 0 DMAR-MSI 0-edge dmar0
+ 121: 0 0 0 0 0 0 0 0 DMAR-MSI 1-edge dmar1
+ 124: 7929 1965 1951 91785 6129 4099 2324 2579 IR-PCI-MSI 376832-edge ahci[0000:00:17.0]
+ 125: 219 13 6 32 12 8 6 22 IR-PCI-MSI 327680-edge xhci_hcd
+ 126: 97 12 17 44 16 8 5 2 IR-PCI-MSI 2097152-edge rtsx_pci
+ 127: 0 0 87 0 58 0 61 36 IR-PCI-MSI 520192-edge enp0s31f6
+ 128: 0 0 0 2 2 0 1 8 IR-PCI-MSI 1048576-edge
+ 129: 725 32 125 185 13085 451 6925 254 IR-PCI-MSI 32768-edge i915
+ 130: 23 9 7 0 11 0 1 0 IR-PCI-MSI 360448-edge mei_me
+ 131: 21 6 4 2 7 4 3 0 IR-PCI-MSI 1572864-edge iwlwifi
+ 132: 713 0 63 42 106 45 129 120 IR-PCI-MSI 514048-edge snd_hda_intel:card0
+ NMI: 2 1 1 1 2 4 1 1 Non-maskable interrupts
+ LOC: 33252 27470 28482 27041 44011 60675 27232 32342 Local timer interrupts
+ SPU: 0 0 0 0 0 0 0 0 Spurious interrupts
+ PMI: 2 1 1 1 2 4 1 1 Performance monitoring interrupts
+ IWI: 4 0 0 2 0 0 1 1 IRQ work interrupts
+ RTR: 7 0 0 0 0 0 0 0 APIC ICR read retries
+ RES: 9953 4152 2811 2503 2970 1497 2330 2606 Rescheduling interrupts
+ CAL: 51614 26930 27696 38549 30005 38582 36536 38830 Function call interrupts
+ TLB: 44868 21971 22151 33281 24454 32863 30173 34882 TLB shootdowns
+ TRM: 0 0 0 0 0 0 0 0 Thermal event interrupts
+ THR: 0 0 0 0 0 0 0 0 Threshold APIC interrupts
+ DFR: 0 0 0 0 0 0 0 0 Deferred Error APIC interrupts
+ MCE: 0 0 0 0 0 0 0 0 Machine check exceptions
+ MCP: 3 3 3 3 3 3 3 3 Machine check polls
+ ERR: 0
+ MIS: 0
+ PIN: 0 0 0 0 0 0 0 0 Posted-interrupt notification event
+ PIW: 0 0 0 0 0 0 0 0 Posted-interrupt wakeup event
+MemTotal: 15855100 kB
+MemFree: 11476980 kB
+MemAvailable: 12986624 kB
+Buffers: 385492 kB
+Cached: 1341284 kB
+SwapCached: 0 kB
+Active: 2944176 kB
+Inactive: 986248 kB
+Active(anon): 2204748 kB
+Inactive(anon): 57096 kB
+Active(file): 739428 kB
+Inactive(file): 929152 kB
Unevictable: 0 kB
Mlocked: 0 kB
-SwapTotal: 3354620 kB
-SwapFree: 3353308 kB
-Dirty: 728 kB
-Writeback: 0 kB
-AnonPages: 62116 kB
-Mapped: 18712 kB
-Shmem: 41176 kB
-Slab: 898296 kB
-SReclaimable: 847920 kB
-SUnreclaim: 50376 kB
-KernelStack: 2752 kB
-PageTables: 5844 kB
+SwapTotal: 7933948 kB
+SwapFree: 7933948 kB
+Dirty: 896 kB
+Writeback: 24 kB
+AnonPages: 1629712 kB
+Mapped: 243280 kB
+Shmem: 58204 kB
+Slab: 251984 kB
+SReclaimable: 179424 kB
+SUnreclaim: 72560 kB
+KernelStack: 6816 kB
+PageTables: 29640 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
-CommitLimit: 4247124 kB
-Committed_AS: 387204 kB
+CommitLimit: 15861496 kB
+Committed_AS: 8757188 kB
VmallocTotal: 34359738367 kB
-VmallocUsed: 149692 kB
-VmallocChunk: 34359524352 kB
+VmallocUsed: 0 kB
+VmallocChunk: 0 kB
HardwareCorrupted: 0 kB
-AnonHugePages: 6144 kB
+AnonHugePages: 684032 kB
+ShmemHugePages: 0 kB
+ShmemPmdMapped: 0 kB
+CmaTotal: 0 kB
+CmaFree: 0 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
-DirectMap4k: 67576 kB
-DirectMap2M: 4126720 kB
+DirectMap4k: 147456 kB
+DirectMap2M: 6608896 kB
+DirectMap1G: 10485760 kB
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
- eth0: 218818091 3198854 0 95478 0 0 0 0 7346771 57437 0 0 0 0 0 0
- eth1: 29581672 268301 0 93500 0 0 0 0 30026524 67527 0 0 0 0 0 0
- lo: 1056 11 0 0 0 0 0 0 1056 11 0 0 0 0 0 0
+wlp3s0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+enp0s31f6: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ vnet0: 32675 319 0 0 0 0 0 0 42290 545 0 0 0 0 0 0
+virbr1: 28209 319 0 0 0 0 0 0 27394 284 0 0 0 0 0 0
+virbr1-nic: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ lo: 92538 1136 0 0 0 0 0 0 92538 1136 0 0 0 0 0 0
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f
-Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn
-90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf
-MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR
-XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u
-X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u
-MTXhPAdr1Fn6Jj+eZy1Uv/yu
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX
+4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk
+EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk
+xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs
+RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf
+gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh
+iaEG3X51ApoqRRyXcSJZBcYN
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired1.example.com
- localKeyID: 74 0B 83 3D D8 F1 19 00 06 6B B7 31 AB 7D 7B 9E 9E F8 39 D5
+ localKeyID: 99 F4 E5 1B DE CB 48 9B DF 6F 48 1E 2F F7 D0 45 87 BF E1 AA
subject=/CN=expired1.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQwNVoXDTEyMTIwMTEyMzQwNVowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
-ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALy2HJZRTcNSDF5QRW3X
-BQNLIYmrDUq3yumF4PE9MOXr0+xg/EmPQwJDB3zh06zwt1T+sV6iQb2Q0c2FhaHO
-uwWJqUbAiFsnT9BTVoRKu2ucZGSMQnkN6/pm72DHob6rMrTfPj6KOyTivuAhyDW5
-i1goyUFTdn8SJ61l8HL5byF9AgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwMloXDTEyMTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTCvf315OK4Yr6gzhR/
+UgD+UArs0hNH2W2Uc+IJnRyrXrfqH3WYRV+tWsijqOoA9z6JcgXaImH5XSq35buY
+caS1IhHg7ubtIEG0QcY4qf1wZK0V1A48Yk9iwYU4eBlBaqe2hNjVnXZprYteZ9Ws
+VWfjH+H3/Xh3BGrxL6FjcE+pAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHwYDVR0R
-BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEARaN7
-KMTp2MpeFZ1L2SN9WRYwykEiD9E9aP+ML/TKtt+9T7GUooFVuJCo6XxwDwKQeU5k
-hXeBId0fzHBbxmm8hv/OCC8A0bXokabggpwcpJj1KiWjTCNjP0SpcDbCVh/tnqnW
-VObxV0+BX8B33kUGQmxWMZTknCSQYOcae9Oifac=
+BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAnAU6
+0ELaqsG85xaBG0ygY7VPEZFvsO45F37Y/VXp3YmwMMKpyN3DT6B3vSl64XLHCBcb
+91Sl1A3kkTJS4lLxPt12PNuImc+lr+D3vJqgJ2uoKznYmgX7cHWLnXkL3fX8TmSc
+UW3WlWPM+DqP9rTX1Rpw0PLb02WgnkAzbDegeR8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES\r
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv\r
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd\r
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5\r
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe\r
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW\r
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu\r
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX\r
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO\r
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4\r
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired1.example.com
- localKeyID: 74 0B 83 3D D8 F1 19 00 06 6B B7 31 AB 7D 7B 9E 9E F8 39 D5
+ localKeyID: 99 F4 E5 1B DE CB 48 9B DF 6F 48 1E 2F F7 D0 45 87 BF E1 AA
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI4jACuaIHJ84CAggA
-MBQGCCqGSIb3DQMHBAj08DCtju6rWwSCAoD1UBHO5lXLwHuQcfSjaRQF6fwzI8fK
-okLEQMxBRXirCP6webLBy3X6kGsKNxxs3Wd6JAV0Gw4ESRUConGQEpqGIjdmKhcH
-+lKSQssW0CSw5axXpJr0nt+hBbxpKPScJugriJBJlZoGf86/1j81bHmZV7bT9G8e
-jMD1VeGmRi9kVZWfKLmMWiR6FbXei9jsqZCVtoYWj/zu4HBveVwfKFW58Eff1nYT
-YcW9eLJPvMFYpCnCVptkXK6IjNjnGlGkXUC2QAH+J1IH83kXOw/O+EccdJFKD1tP
-uxNQCiw4X5vAmcdmt4i6N8Iozqz2vz2OGxCW+ymCEJq6ZdaHLQngHeN/FzHq2kiD
-3crfjsoZYKzHV8XkzyHAx1qTySRbucgf/HukabqVBUZ8VEQKRCfMsF6csd9Ch0bm
-gUcqU8vSxlzlG+pRPxYBsSZraOyj9+Gkkb9XwMnXm+kTHqBejgB8iL27ZA6mUNX9
-Flnu3fmg8XUJWmsmUvHInAEm0QkuvR21wlyq3OvFXW5Z3YCimm6sWCYgJRBe7l8I
-DhIr4ki/oMwfKGmnvBSFJoSlj/O9JiNVO+5WdB4c43HQ3Ck07oVFw3UJNhXHnVnh
-u8fAYrgui+LTBEoKOVwEAADQBDMZ2Eq2PLSAs5xQp/n7Ygrptb8egbpiY75CvRuv
-I6Yq6Yb6vnE20Q8LapUZNymN6mfltu/79/XGYYTki89eSpsjgDPvcA95y8t7UuHi
-PlEYxaVo5qqRJGh/GKBa6rtsJR+hRwTeVhGp503N6e6eLpc+wZm0tuRv1BFu6HM/
-sCpnza17FDflZk8A27TGNguUnYtV6sZ9Db2LcdAKMiGbgYXxzsXzPjnr
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIF6bmOIjY8xECAggA
+MBQGCCqGSIb3DQMHBAi/0D3fDlzKwgSCAoBNavhFtNwnXQ+Um51KYksca5ul2XDp
+IIOweOixkUeOsPLlWEXE1FnD795WqWMcJHilFGtC01cTplsf0W042ECwBbAzr4Z2
+aniI+IyTDtSD9LbIqOHQEDzR0MfrtwyQ66A1OFxhi1yU5uYDCvLqzSQp485l3LHK
+/ZN2hloTgUYZMFQr9g+PTpzgyHwUls0jnOMN6BVVblwv1L4MqeS+15Z2AtnRWGtl
+rDmAbGLm/aeCe49IrFRIc0jHE3gDs+iRUTJ/bnSEgLUtRL2w7aNTA4XcvCQP631V
++AYXH91FSRpq1braQZjlJSmZCK0whdqDuZDy+pHl9dTqOEqtrOeryY7hsmKpibZG
+t69G6A7fJGsWCxi/pVw92y1rfn3TNSxx6EiZMDwL+Y7A47+u7tGYitNtoN2s9gS+
+WQqHqgVd81zGxwi79VIH/K2kyaBc2fhIJspa7a9CUQW+nA5abrwCrDP5d+Y1OfaQ
+q6vT/eVto05T4LlcwrqIdhkvcWxk/lQG3oi6f/Wy80bOdk5CmfpwJc87J4mRTcwK
+6mK9b8nq1eX/aj4JXZPrbl/boz2KMP4lxbmw4H0kueC84JgZmqifCCGIVSHZFUDV
+tNpijNXLAwgnNBUxk0ffFI8LC6FvSHs46Ij+RS0Hth8D2+DA5b//N/Z18iIi8chQ
+11f/MzCuN4MsZ6f8yrvTYfsf9FlMpUCWFnrKMCMHikVh4usk1VAUjszyMp2wwujl
+mt531rN/eB8P9edh8+2Zg0FG8wZeiRaLzBmktEZmDXv3A4o/Ksr2bDqp8nAU5n8V
+wBEQ3q6AAHosVq5PyRAbm2KwOEJVMDdR8tF3QZuogvXW2GbyhNsthsjz
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: expired1.example.com
- localKeyID: 74 0B 83 3D D8 F1 19 00 06 6B B7 31 AB 7D 7B 9E 9E F8 39 D5
+ localKeyID: 99 F4 E5 1B DE CB 48 9B DF 6F 48 1E 2F F7 D0 45 87 BF E1 AA
subject=/CN=expired1.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQwNVoXDTEyMTIwMTEyMzQwNVowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
-ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALy2HJZRTcNSDF5QRW3X
-BQNLIYmrDUq3yumF4PE9MOXr0+xg/EmPQwJDB3zh06zwt1T+sV6iQb2Q0c2FhaHO
-uwWJqUbAiFsnT9BTVoRKu2ucZGSMQnkN6/pm72DHob6rMrTfPj6KOyTivuAhyDW5
-i1goyUFTdn8SJ61l8HL5byF9AgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwMloXDTEyMTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTCvf315OK4Yr6gzhR/
+UgD+UArs0hNH2W2Uc+IJnRyrXrfqH3WYRV+tWsijqOoA9z6JcgXaImH5XSq35buY
+caS1IhHg7ubtIEG0QcY4qf1wZK0V1A48Yk9iwYU4eBlBaqe2hNjVnXZprYteZ9Ws
+VWfjH+H3/Xh3BGrxL6FjcE+pAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHwYDVR0R
-BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEARaN7
-KMTp2MpeFZ1L2SN9WRYwykEiD9E9aP+ML/TKtt+9T7GUooFVuJCo6XxwDwKQeU5k
-hXeBId0fzHBbxmm8hv/OCC8A0bXokabggpwcpJj1KiWjTCNjP0SpcDbCVh/tnqnW
-VObxV0+BX8B33kUGQmxWMZTknCSQYOcae9Oifac=
+BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAnAU6
+0ELaqsG85xaBG0ygY7VPEZFvsO45F37Y/VXp3YmwMMKpyN3DT6B3vSl64XLHCBcb
+91Sl1A3kkTJS4lLxPt12PNuImc+lr+D3vJqgJ2uoKznYmgX7cHWLnXkL3fX8TmSc
+UW3WlWPM+DqP9rTX1Rpw0PLb02WgnkAzbDegeR8=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQC8thyWUU3DUgxeUEVt1wUDSyGJqw1Kt8rpheDxPTDl69PsYPxJ
-j0MCQwd84dOs8LdU/rFeokG9kNHNhYWhzrsFialGwIhbJ0/QU1aESrtrnGRkjEJ5
-Dev6Zu9gx6G+qzK03z4+ijsk4r7gIcg1uYtYKMlBU3Z/EietZfBy+W8hfQIDAQAB
-AoGAARQ7A3xRGbmmuCOFh0siXiOEn+q8Ynh/EGL4KuufmrjOEKOMCB7K6NwAy3LB
-0dLubIpL8cySGbcnQur6aRqeUApckTKEQCJVngWNCuyOsS2c4ymMhL6c5iKM/s7z
-DK/JR7rSI6eaWuNzJDN7uk3d6B36UPQrKYcY3LUUgcJ4n3ECQQDj4IXAQ2U3szUW
-ZWIH43GrF3RVj6ozfLoyX/JEV8AZlLwzYBTcrMncTwxbGSZgf1axWMBg/X77OAlP
-pbAwYvsRAkEA1AAzet5Dn/dZbsF03gSOSF7sb8UvgYUZwVWN9o4FXFjkYTCOhLFi
-xKGLQEb5KBUef1KEUpxgr79NVycs6s4HrQJBAJmlHQmRZ4Gy1yyOlxZyiIWvfsTh
-5QRqKLEmeBcUg3W8D1kkg2x3JHPi6JXT00hlE3LoQG4k/aUtFzoYoT8+vcECQGu/
-smqHXv2FvOmi36Ab1qkHvcnNAaklmgJ+Vknywty9vU18XWMpuRZROLIxoF7z5O03
-ZlOKcUXByDA8lAK/Nn0CQQCMpajB4RGF9IxWhfkNqdcEaei1qFlLo7l7KpZUI6UK
-056Q7UpuPfUaUG1reUKlwDAUzvj0djAQhbJqrmagd2NV
+MIICXQIBAAKBgQDEwr399eTiuGK+oM4Uf1IA/lAK7NITR9ltlHPiCZ0cq1636h91
+mEVfrVrIo6jqAPc+iXIF2iJh+V0qt+W7mHGktSIR4O7m7SBBtEHGOKn9cGStFdQO
+PGJPYsGFOHgZQWqntoTY1Z12aa2LXmfVrFVn4x/h9/14dwRq8S+hY3BPqQIDAQAB
+AoGAAqXDgbHNKSHQWP6ilz2uqvXBD6HnzRDymNoJBHnFo+zzDX14e+VsdYudxO+y
+0PyUrGzpXFvMNPjygHsl+7QNlLg4i0dP762tHD4QE32qMBVhBPty1koAyM1cWi3P
+QttMl+/pGcVy4h/YtEA2MFnFqAG3oNpYwqolaVjm1qCqENsCQQDzgVgUKq++/y8D
+I7gqxSjoYapzGm7izJpHR4fXoSlYuSNiF1DXlwKSj0RgXcYueKYViycxt2zJnF2g
+UEOTiWr/AkEAztteDppqGJAW8qI5e0llnZwKe67osrw6s7I/ttXfcNxRCqGWiqH8
+aP9hShFx9urN4ytgi6XLWo0E84jAILINVwJAYlqhH+wp9mSOMZ9w2N2v60TfmwRX
+O4ZW3mmXBdKTp8GH+CvgvGPDZz006hOWY9jZhKQjHaKv7zMYYhNpaCM+MwJBALiy
+PeUkEp8j6Jl0J4bhHg4ACYwtvC/6yR8xhJonlH4c+W9YoCXgRJMrkx6jPPKO7I5t
+aKLHwi5zw3v/Gi0XTbkCQQC+2rPSR007V864RuUK2ze112YtiL50nAEywbbQVvtf
+56yQWG6eI0hVTWVJ5iRAdtUdyBgnAGHWKga1IVOqE+zc
-----END RSA PRIVATE KEY-----
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f
-Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn
-90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf
-MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR
-XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u
-X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u
-MTXhPAdr1Fn6Jj+eZy1Uv/yu
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX
+4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk
+EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk
+xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs
+RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf
+gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh
+iaEG3X51ApoqRRyXcSJZBcYN
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired2.example.com
- localKeyID: 55 EB 55 1B FD 2C A9 66 7D 3F 2E B2 F5 5B EF 6F 60 12 64 2E
+ localKeyID: 03 C3 7C BA 9F F2 B7 B8 7D 68 60 75 BE 3B 17 47 A0 02 67 B2
subject=/CN=expired2.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MDhaFw0xMjEyMDExMjM0MDhaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
-bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbz0OWRqZiN1CDR91
-FskX0vqava1R6/9PfVFwD/7D6FpEVV97OBkDVORWbx/V/3yaeoT0TKDU3DWompq4
-1oIhfvq8ffKINjZEk9d3f89lOPomajUg3BGDnWm3Mp2E0p9BmKnKUd7MKGljg9SF
-L7g4QqHHE/ZqbEm6YxouFZTT4QIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDJaFw0xMjEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7gLu3gydH924Hw35f
+2W2KQeNCRRwrL1Urn3H9q7NnKccK3QSUizcx83byD4Csd/rkHnVSTm3VJdpCcmXN
+42Snj3D+F2+/IY3pLnWt49n3ivgQKk9pnnRfXMQO7rG/U8geumxXp6XC5Q3qeZqv
+EHa+i5pUt5Uz/TDC+u+AIxTwWwIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMB8GA1Ud
-EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAD1w
-KJkGLBSlvTDA8jJJaiVEJiWgdF9pz/QonwzZxArktb69nlZLrS6BJLQtf83IU3/n
-l7Rpo7cWkSY6XpBEUsV0qemZkhoqon658Kz/8b/7QSL5ch8uHSY8SqTJj5OoJN6P
-efJ0EKBciYbOWgwmdR1ywSs9rAoIFGrhuwJC3FQT
+EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAHhC
+cMpcjXZKmjzJJQm9VepmbPizYXxR2KMOVNC5G8JH0/0U6TfIkdu+qF4G0WXRJEVT
+44ePzwgjOK/7mmHMQvNxwtWAQhQzQ2JFxrQ7vjXGhqVFIm0fNU/Gf01300si1HUI
+nwRhyQxG9IxIE7/FbT01JsWUxtHBHOHCohaEYSyq
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES\r
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv\r
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd\r
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5\r
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe\r
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW\r
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu\r
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX\r
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO\r
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4\r
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired2.example.com
- localKeyID: 55 EB 55 1B FD 2C A9 66 7D 3F 2E B2 F5 5B EF 6F 60 12 64 2E
+ localKeyID: 03 C3 7C BA 9F F2 B7 B8 7D 68 60 75 BE 3B 17 47 A0 02 67 B2
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIJiwjFZ552mACAggA
-MBQGCCqGSIb3DQMHBAj0PuFR42ejFQSCAoBt9UrR6LOVJ3y5JA/6hTg9/QTzQ8Vp
-o43rQ7VVYyYM4K9CcFgZlMbxTiHac0n2zqcy2cwewOULnUg/ddhzViU46pRWvY85
-4TPTKQETHCHc+/h3G0sAhb3YG/khFeez/kg75ZESpfhfaNLq2SMFjJ1K9JgztHYi
-UdrVAD51KBUQhQCGG4p5vw+AL6+RH2Lao1U4T8r2XGt8Du4UemkBS/sE17F2xGru
-axZ1Y/lkM0SXL2kYqwTFvb2XXtLFhGcMRxJbntNQk5HmweON+RWZ7EulF9f2jkei
-XqZT2vzDDzDufvxlFlbjzS88OUf52oj1wdewwqtqA/Ab97ETAWCOcC02CdxIcaXw
-Uyy5OWigW69TYQONgvY75r0l9hytR8wG4tujXUJOZWkVE37hzWFifE8AYLmf0Bog
-Oinb/YHMYvJtnUH0YCk3pH+I5km23Jb3wxUbM0RCntvJso0ZGBbJ2dHpD2jAF2dK
-wgNYA3FBTjSOaJBHw1VNo2npOOR3/9YephvkYlFQIvwn7M+QMmYwzYiSp/o957A7
-IqC1SNyDl2Mbw7hVLKFYAZV323zmnH48eWeYyVeHoksqB3b97zVnpVYhkwYZz9so
-vNpFOaoVYyRZujRWDzrwjEsvxAvxCgZoRQETPuGHBIc32TlynNuWWeD3Uwok+Yq0
-U/MCj+7+W3jmy3gUeqU+eA5sIQcopp5pzUUuvxc/wgMiWvxokPRBQquTSri3Arkk
-3uzK5Nee6XbkG0rf1fz9XBn+I/i6/m0pxGWkvAI2xoOWTEI2Tk4RkgwiMtNf0NrO
-nMOum0uygKyMFLWt1oN41xXciYLMF2lfZgn+zTGJB6YU8mXETfs1BNS4
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI+1fTTnzZeCICAggA
+MBQGCCqGSIb3DQMHBAjtTHCBCPf9ngSCAoAVmQMk3hX9mk0xc4GhSQUW/ncAfK/N
+WxlMvcE+C85Liy+ZNFIn509+boPd1Di4DCTcM1Q88JDAqGkeS5uv38pPK+c4EpSQ
+Wn5UWx1ly0OYmebzGVgQMgF6pa2HBhbcEyAiWkvZX/9+ME0amR0glQj6N6G61TjG
+WmRGjUqkPkYkKBSg5+HqlGJRNOwYWLR2R/mAw9L+zsPOVzyalfeyNDHOEMjWF6MZ
+bWQRH79UWD7uC10652/VXpxua+myPQ4WWYBy3aYLKLAAxYfzEfZddnegrt+vK2zn
+oSST1nwEKXRKxs3s6CMrEoA1wy7u8MD+YCSBy1ciXqa3Lf51GjOKJJzdbAblVoEu
+5ST/OpX7ivqbsq6zHRulFqeeggN9Hoqc4CGKj+R4aia2EumMro3qNNCAJVrMHDIH
+/ncXvAW1zU6ZlpP8aOjc+ITHXtOGIhCFa5+XP5/D78To7Jz793NZAG3yxcVgSlUV
+rdJ2I4RqBEpOUdyAABbpHjocsey554gbv+0htleuwTTe+jXNuwMY1m0CCzPaMRno
+LL18EXndjsyuEhhOw78wLUTLF0ZKfhBTvoa/wHr1ahzWTjkgvp5z5h/2WWGiGT76
+8dP6ZX2WyX5smXHqKfnpncAXeAGFdDYz2VPiRcj5pAN8bgrZF5b10rREP6BluLxJ
+DmT719RyDcGLjR3vZzWk3yMXsnruJTvNE3bVufQ8uHeHJXLpO4tvxKQqJa4MbyhI
+ZIdZsRMopmoqh6ZZUFtjBcF7Rg8GmD5xgGmRUeGDDm9dhGlmtCGhqlkrS4p50hhE
+iZ1rYvts3vEjkGwrMyRBBDEKAmbNPX1SOF9IIaClV5MOvMEUrUuPDs18
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: expired2.example.com
- localKeyID: 55 EB 55 1B FD 2C A9 66 7D 3F 2E B2 F5 5B EF 6F 60 12 64 2E
+ localKeyID: 03 C3 7C BA 9F F2 B7 B8 7D 68 60 75 BE 3B 17 47 A0 02 67 B2
subject=/CN=expired2.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MDhaFw0xMjEyMDExMjM0MDhaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
-bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClbz0OWRqZiN1CDR91
-FskX0vqava1R6/9PfVFwD/7D6FpEVV97OBkDVORWbx/V/3yaeoT0TKDU3DWompq4
-1oIhfvq8ffKINjZEk9d3f89lOPomajUg3BGDnWm3Mp2E0p9BmKnKUd7MKGljg9SF
-L7g4QqHHE/ZqbEm6YxouFZTT4QIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDJaFw0xMjEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7gLu3gydH924Hw35f
+2W2KQeNCRRwrL1Urn3H9q7NnKccK3QSUizcx83byD4Csd/rkHnVSTm3VJdpCcmXN
+42Snj3D+F2+/IY3pLnWt49n3ivgQKk9pnnRfXMQO7rG/U8geumxXp6XC5Q3qeZqv
+EHa+i5pUt5Uz/TDC+u+AIxTwWwIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMB8GA1Ud
-EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAD1w
-KJkGLBSlvTDA8jJJaiVEJiWgdF9pz/QonwzZxArktb69nlZLrS6BJLQtf83IU3/n
-l7Rpo7cWkSY6XpBEUsV0qemZkhoqon658Kz/8b/7QSL5ch8uHSY8SqTJj5OoJN6P
-efJ0EKBciYbOWgwmdR1ywSs9rAoIFGrhuwJC3FQT
+EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAHhC
+cMpcjXZKmjzJJQm9VepmbPizYXxR2KMOVNC5G8JH0/0U6TfIkdu+qF4G0WXRJEVT
+44ePzwgjOK/7mmHMQvNxwtWAQhQzQ2JFxrQ7vjXGhqVFIm0fNU/Gf01300si1HUI
+nwRhyQxG9IxIE7/FbT01JsWUxtHBHOHCohaEYSyq
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQClbz0OWRqZiN1CDR91FskX0vqava1R6/9PfVFwD/7D6FpEVV97
-OBkDVORWbx/V/3yaeoT0TKDU3DWompq41oIhfvq8ffKINjZEk9d3f89lOPomajUg
-3BGDnWm3Mp2E0p9BmKnKUd7MKGljg9SFL7g4QqHHE/ZqbEm6YxouFZTT4QIDAQAB
-AoGAH7HsNK+FlRzPpzP0bu5qoJHfSX5FkohwZb5Qt/OYj9gYUzc4D9dzk1vUU2r+
-4nUMXlxS1KtJtP5rmV3lfrw6OfmhTO+W71ytTz8ZzHtdj/je8d4aWNE8WqQfg2j6
-jHsieWi8CygWx4ka7U3UrxgX0nh0N+ioaqjPNgHvV2rR3EECQQDbbYdn+lV/5Y9e
-GSGE09QccqPZ3sEdnp3ELBIzezvkSdA5EDIbzma5spSj8wm2/VIfCn3uh5X0A3ti
-0WzrofjNAkEAwQHw+DRoI2vy21wSL0yQaM4Um1fITjSslmdUFZpilhzqFyZcLyyK
-TCqRCmlqP2tUuLMWpWKxNpW0VbnX36BXZQJAOfJLzuaqC5N47/WdB3HVUwnnQVL1
-Frhbm4Gz8Mp7f4cKqPcg9HzmXeXOIRm+mAd/11iy9vnxXLZKsEb0B6oHhQJAfSVD
-F8zzUTRnbfCPIfglEq+9ENSkXoEs/wDUtoU6M1dgOc53q2bX7XcUQIoFiEWR04jb
-wDTz7w62tXchEDEpOQJBAJyZKsZn18xufngUMUjY/7ZxW5ndDI82Ek5b19eiKJ/4
-w2xcrO/s4E9BQBRKIBtZB7+PiniUduQIifA4AaUGGFw=
+MIICXAIBAAKBgQC7gLu3gydH924Hw35f2W2KQeNCRRwrL1Urn3H9q7NnKccK3QSU
+izcx83byD4Csd/rkHnVSTm3VJdpCcmXN42Snj3D+F2+/IY3pLnWt49n3ivgQKk9p
+nnRfXMQO7rG/U8geumxXp6XC5Q3qeZqvEHa+i5pUt5Uz/TDC+u+AIxTwWwIDAQAB
+AoGAAJl5xf7kikKj0MmhUnLFQHACChpLvTc+5DJcZ/HegfqSTv0JvbYHg8lH8/1F
++Q0EbhLW245sGGOOUnYRLXH8aWXiLZHL/Y/RHZf/F2MCu+8nB1n2WRwzJAiJFlah
+heSPV7DzQdIdSl4CSBh69hLQKYYltbM+iihKfDDcn8nHKjkCQQDrIZIu3Sk8LW35
+xstQkNASR6u2IoMeNVZmvPwyCJGvqz6VXMGIxSGi7DWUpiXleFzFBUNCzZORhosX
+yufpGI9XAkEAzCT/UdesO59lhc+DfezRM/yFc1IhBzbdYCrg4XsdGjfj5XwnDE4a
+1vDSgXwFuRagQlqdAd6uZjcfsisFBWY4nQJAUIJmM3W2sMw9Y9EVvLhZBmlT+kFG
+9Aj/VJ5RHDCi8auI+kuQWOxm4ApRLlzVjQTxfuSWa0FIzgNrjPIFBmNKcQJAQPWM
+4QgV4CsKbRfpKYrPzxENjfKWW+tTaiR6xoUcb5lVRVLKQhogZEDhWx6R26GdgT/A
+MjYfnJrx1QnnYR5z6QJBAL/xT2kJ2qnd1HTnJN8Qnst0qyFtM7A6CAg4KbT+DXhz
+KQiPnjaJ90xM6ulBhFXgFxxZf17Il3D0oKgpIBD1hBk=
-----END RSA PRIVATE KEY-----
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f
-Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn
-90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf
-MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR
-XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u
-X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u
-MTXhPAdr1Fn6Jj+eZy1Uv/yu
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX
+4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk
+EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk
+xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs
+RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf
+gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh
+iaEG3X51ApoqRRyXcSJZBcYN
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked1.example.com
- localKeyID: 2F 87 10 D4 45 CA 26 A1 B5 3C 01 0B 35 E1 A9 21 CB 19 40 8B
+ localKeyID: A4 6E 43 75 F5 17 61 E2 7D E3 F3 6D D0 F8 F9 9C D7 EE AD 1A
subject=/CN=revoked1.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQwNFoXDTM4MDEwMTEyMzQwNFowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
-ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALyYHbMbeVQ8dkOnPIfX
-2g8umDn9cjwm323zvGSHrg272vPedx9sEdYNFnfci8J4K07izRlO3wzYwQYQX6Hb
-N03uBjpkIHRNj+XK3QxGbQ33CnPWLtdBO6WUrMVJtIqQDjJCDoiKMaWatt5zFcSJ
-kqy5cJSRnCEDYZt3c57TngedAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwMVoXDTM3MTIwMTEyMzQwMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWRE4+5vBjQ8HKVvG6A
+P63xO0tLcyJqfWDiQs+1dis0POIH5U3UJ3gTUxgwii0Lbmm+f9cjXITGTEjifTOt
++jI4t7X2wOYNC4986xlj+OqtcwpkjByUoRiJUgZqkrjRqA3OLaXBoK6CJnz0Ar9W
+XR+xSPTfS0M9erQ4u4pUptVvAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHwYDVR0R
-BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAPmeh
-CHnTo0ibhhjyGp1rhblScvRrPTpNLipDwTp2qVVo1T47lwaX2VsEYByEP/cP/MVn
-ymzifYvwnEQg49hLEFVoNmMVJgwwxcw0pAkDRCG9cQzYDLHt7nr2QL2/67kRexqO
-T2WnHsi/6x3z6z0CWv/F0n8NkBki+9QKWzumpQE=
+BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAfMKs
+DF9N6RkX03DDgnHCSeWrGGTbkD+O2r8MutrHUGDVOkd0HNTH6q207Ro7PX5kqvhO
+lboY6ZEvQKVNSfAi01i5Y5s6wb1DDv7DxHhcLqHwtdFBieoSlyWZKP2wO63g79DF
+ApUPsvWWzYNNY00kw375TMgpKwWuT41Ku6su4eU=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES\r
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv\r
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd\r
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5\r
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe\r
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW\r
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu\r
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX\r
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO\r
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4\r
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked1.example.com
- localKeyID: 2F 87 10 D4 45 CA 26 A1 B5 3C 01 0B 35 E1 A9 21 CB 19 40 8B
+ localKeyID: A4 6E 43 75 F5 17 61 E2 7D E3 F3 6D D0 F8 F9 9C D7 EE AD 1A
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIRQJD2Jy7lCwCAggA
-MBQGCCqGSIb3DQMHBAgMKJPII3znFgSCAoALLJf1g9rfI6itd9sWFuQEgsgQPA/d
-B+HEoEYZkMG9fRpn/OkpVVj2OKKnw0tzhOHvSJS9wc4PGkfp433K84J+GvQf9+pd
-hilP7z8rzN1y8DGWEU5jyY4o7jFtF3UNTdNEJvv6w8HxFSf9Ne5Gnp3qhP0r9AQw
-ulPHvR5UbIf0G7rkj1bGsUxBqazApaBmBr7tcY+9wuSRjZFNhr72e8cerYvYo3ow
-I6kO+1dFGKEoBuOADGD5OzWU+cLBuQ+uid10IlctkKM/3ORlKSfutN8O/Qdbx+nb
-TTTJHa+RHVp2dU1sxPTt4WXqvTjx4r5IL4LThqA7yGBBPBZHO6Wk2nCTRnmxaAkh
-SE1FSzt9A2X90MEwteZZpKuB2IJwEJYLfqwA6woBf9EoSrMtlcCF8rX/EtVMD1ss
-QIYO/2vdESAFTq7PuDEbC0Lgp0USZLeqTtOifHcPCWSr7d8q93zwdZpWPJF7EayD
-mzpbM5olt3VdFGQrJDgx/lJqqROz5sA1+PkdxbD9lgAQA1CQVA6OdN2B8GcOuIO3
-mg1L4KTZ6lecCuq7uP4rC4TBU707gqurVsX4N6Y6G/99ChbrwrQ9MdkeZpBPP/hx
-HtNwxQjnGklzcqPEf5n8Bu4PUnPFSFSM9lGy1ugF6AS5uDTOdoHaWpDpG5TF8+cc
-2P9DnT1H28zqSkEmKp1u4WbbChc3h9KSFB2oKg322DLF33ehPDJr1yx42SNXmvcF
-IhiJXk0toe+vE7TpW6tZEigpakLv6731ioUDBvUv12YU2OmLoK4zktjP/Yb/+DEr
-J4UUmSU1bi0nS5JynQpnTQhgvN9z18neSp1OxL0tHogpyoQRnIPaRyfP
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxIoJd+wM7r8CAggA
+MBQGCCqGSIb3DQMHBAjniEOF/iAnggSCAoCGcL9tpCttSP5YygyMiWoJAGuIku9p
+VqA1arNd3rxsKTOWeBnl/c8+p/bbRCkQ/6/Ibf+53AHaNCazVdXWrZQqr8mUK+vu
+DtIUD9at2Ke+rKmSyZXxQ6R9USnU2XI3OQtRou1h1Ba9dSd8YmbTAs9eTuwxeI8/
+0k2lD46LhCIulQZRNzW5Balb8GnvCK+qeIbFzFti8R8ofqA9/mNNTCxHa1ZiXREe
+R1Wtd9GdRxagshp6VIm4huKaa7NPfDALaH6OHKtCh3ZmV4y+V/ZBpFRe8JHc1ppS
+ZM0viEW4+upIGdW1wO1LC5Ncf9B2T4nH0bx9Ic2WP3EntTISkPfDzirQxpkkjqOk
+6cn657OM2Yz8ueqsj/jFf+ah0+x+CeXQCMduZIVm6Us5KhjXW0uuliIegQzqv3bF
+wEEt+Qf6hno3VmDVLfS9G1P+FVEJh8yIpvxJt2wtV8w94HeaNHsE4EFpc9GBloY1
+XjlMm81rNFWxUQwRd7pN004IA/WnUpBg9ZdC2zxsoympCbe+GrLnlv9XG/aCLYpM
+0JneX5RjM4l+S46UgjpDgwsmkvtxdubYiu1O7b0btEV0pg0poz//PxR/MCPLFcrc
+vuuj03BJPEVJkHWq+LtszRI2WMqz1kfHcmDVoWC05IkpIUYjd8pSv4tFkGbdaczr
+3alR5o6UFRMiL7ziURnxwUlJvqxIy0533rTtdU42qUxX1fNfKTQXAABBhBAQME68
+vApjNrrTbr0FlEcZvGMRDedbxTWqvRSlM50FpiTLpm4+roSpKKOs150+TW6fXX7F
+CC0y0s+NCxFawyi2BZacLRWb95OuZoVOLw34nJcpaSOc9uVHOS34KzAa
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: revoked1.example.com
- localKeyID: 2F 87 10 D4 45 CA 26 A1 B5 3C 01 0B 35 E1 A9 21 CB 19 40 8B
+ localKeyID: A4 6E 43 75 F5 17 61 E2 7D E3 F3 6D D0 F8 F9 9C D7 EE AD 1A
subject=/CN=revoked1.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQwNFoXDTM4MDEwMTEyMzQwNFowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
-ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALyYHbMbeVQ8dkOnPIfX
-2g8umDn9cjwm323zvGSHrg272vPedx9sEdYNFnfci8J4K07izRlO3wzYwQYQX6Hb
-N03uBjpkIHRNj+XK3QxGbQ33CnPWLtdBO6WUrMVJtIqQDjJCDoiKMaWatt5zFcSJ
-kqy5cJSRnCEDYZt3c57TngedAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwMVoXDTM3MTIwMTEyMzQwMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWRE4+5vBjQ8HKVvG6A
+P63xO0tLcyJqfWDiQs+1dis0POIH5U3UJ3gTUxgwii0Lbmm+f9cjXITGTEjifTOt
++jI4t7X2wOYNC4986xlj+OqtcwpkjByUoRiJUgZqkrjRqA3OLaXBoK6CJnz0Ar9W
+XR+xSPTfS0M9erQ4u4pUptVvAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHwYDVR0R
-BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAPmeh
-CHnTo0ibhhjyGp1rhblScvRrPTpNLipDwTp2qVVo1T47lwaX2VsEYByEP/cP/MVn
-ymzifYvwnEQg49hLEFVoNmMVJgwwxcw0pAkDRCG9cQzYDLHt7nr2QL2/67kRexqO
-T2WnHsi/6x3z6z0CWv/F0n8NkBki+9QKWzumpQE=
+BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADgYEAfMKs
+DF9N6RkX03DDgnHCSeWrGGTbkD+O2r8MutrHUGDVOkd0HNTH6q207Ro7PX5kqvhO
+lboY6ZEvQKVNSfAi01i5Y5s6wb1DDv7DxHhcLqHwtdFBieoSlyWZKP2wO63g79DF
+ApUPsvWWzYNNY00kw375TMgpKwWuT41Ku6su4eU=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC8mB2zG3lUPHZDpzyH19oPLpg5/XI8Jt9t87xkh64Nu9rz3ncf
-bBHWDRZ33IvCeCtO4s0ZTt8M2MEGEF+h2zdN7gY6ZCB0TY/lyt0MRm0N9wpz1i7X
-QTullKzFSbSKkA4yQg6IijGlmrbecxXEiZKsuXCUkZwhA2Gbd3Oe054HnQIDAQAB
-AoGASF9BinGBGmPHaIfdUS3ypr/VN++8Ljwmop2VjqiIkQmlaM9WvE6u+4rzM9UF
-JwARcojTdyJOszHcxNR0tnqW2l5yJhKKEQ/3fOgGkQuqzP2KH6JESQiUsCQAbOyE
-ncnnNFJ5UaI+8LB5SeT06L9EXQ6bqRVRG433Cs6/EMqlYqsCQQDrZGm7BIzzzxfY
-DLLn91SyAlf/WXgM6tIMqYL6DpLWZlTGgXZeFuLU0y3V1NgMaj9flWPR6iO8vn1j
-KX5aBz6DAkEAzRrexFY1bzHpQkrzbX75lUCSE3N1/JKTfMTq7x6FZJ6N1tyLHrp4
-1niwMHikazs5hjWlMsIZYTgPkjD/0XLHXwJAAitevhaApg6WjaswSusAoNNctEHC
-1Xuki/FT/7H6sHco+Ntgl+VmGcgIeBwKEbM4+kyKKvkZczfeN/e97l56uQJBAMVV
-iur/vp1jOfeMQTUiK2NMIr8QIX6GT9yFYTv684BhhDorKra/1i8TIwEfsaFx8+CK
-kIyLbvu4glK3TgnoEqUCQDu6hMf9ppZ9jTa79LAmZnNQotAwYYMVrUwvfoEBSK9i
-6j+27Ki18/saH9SJyYIrQSXEVgWLrRHu24+pkJ48E68=
+MIICXQIBAAKBgQClkROPubwY0PBylbxugD+t8TtLS3Mian1g4kLPtXYrNDziB+VN
+1Cd4E1MYMIotC25pvn/XI1yExkxI4n0zrfoyOLe19sDmDQuPfOsZY/jqrXMKZIwc
+lKEYiVIGapK40agNzi2lwaCugiZ89AK/Vl0fsUj030tDPXq0OLuKVKbVbwIDAQAB
+AoGAT+DK+bwH0kc3wmiYdQ1964snar+3iAKtg8kVp8VqAhUdTIW3rRFui2FzZQfC
+GlJaDj1gyyhd0hcjpcRT2FOXEc4g489xkS/kOgeQPCFlwPN+I/PmZ1E3iDM7Qs4i
+2XUePg2Zb+el4QEuBNWkVpU3btOy+8gQmao0GnRX9Q0C0O0CQQDN8NjE7cLIZKBQ
+00yVtD7F40yGWnKl/DW0QzHbn+etWJ5xsZk17BiTHFXfEUtTzzYA79WsNFJX5j7+
+neGJhtONAkEAzc/bEQwF3KclOfGo5o8LGftbafME64QYhrp46R086jpuZR+mw3vv
+5deBNgYwyswomQklAR9z4DnXH16klmrv6wJBAMhQ5FkxOAz6LCJSVaUsbP7JaE8r
+PWeM2qQb1Cxf7tdjYsMOUAvuOb0mi7RtuwqrfEkPAJT/U7UiRdYethmypqUCQAW/
+NhjFwywkJq/1hYfamq7BDA5rUMnayGyKrHGl9Vt9AjQkrB1tSoeaeustRROEm+Wa
+EcR0QmISe2VO2T2yAr0CQQCznB4IUSbabutzmEavAlwu45Bart2lDTm+WVq1+Tn0
+/fcwC7q50lB5yfnlJPuhWGvEZmluFcr8HeMIAZ8mHuPZ
-----END RSA PRIVATE KEY-----
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f
-Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn
-90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf
-MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR
-XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u
-X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u
-MTXhPAdr1Fn6Jj+eZy1Uv/yu
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX
+4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk
+EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk
+xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs
+RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf
+gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh
+iaEG3X51ApoqRRyXcSJZBcYN
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked2.example.com
- localKeyID: 60 1E 5F 04 72 87 3D DF D6 6E A8 72 9C 31 3D 4F EE 2F 08 52
+ localKeyID: 56 16 8A 9E 0B EB F6 31 A5 7D 38 3F 0D E9 67 70 05 98 7D 89
subject=/CN=revoked2.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MDdaFw0zODAxMDExMjM0MDdaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
-bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH+p2yj4NWa1uzkvNN
-E3kE6axpNn5FXJ5NG1KVfpJIqK5LPbEGH6+VvmTgntn9143mhaYnA5moXk5bETXw
-OJ0hqXJK9XpjpXJrK8Nhx7BY5krtM0UsDq3EhNEw6+AKDBwT+9uD2y50X9UKkLJh
-JshmcK0fStVWlExN1ytD0gKURQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDJaFw0zNzEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGe+/fQwDwwqWA0ysH
+eTLg7C1qmbgu39qxlggpYqfD9FmphJnhw9fDwndeCVxiAtYFThJ6MtJgTV1R/II9
+4oBftgWT2LlvCrUK+3j6PjVHlpFSoLtmOSj0I4NBTcxofXH6Vje6pYruEOnXLhxK
+Sn7vtx8Fzgo3aLTlgCQIRRs/fQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMB8GA1Ud
-EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAFbp
-R8Z0SgNHSvM/NAjsWvrHHMFfOggViyNk9Z2TOJ3NHsQ/WPmWJfVobD0wS9JupDsY
-i9J3RjmkIPv/R3bJ2zNrGZ0Vo26T8VW8WZV+K47jDhl8Yc6nm633qaIkvDUrQT1D
-8ndRU/5kTWzsj49lU8uxzxK6Zi3anMKeucZN2N1G
+EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBABzS
+kAeaoXMuHHyYsrKY2nuzP2OWi65kgyL6TngE1rDGySkhrgkro+Am8/z1uHzpwR6c
+hfCMY/XA2LEfenVJ71gxTBHnIItIAcLN7ZJkLKhgOGMEupzPNZlUnqFwUpAhxtPy
+0tIlyeKHR4hlWb1hs2z6PEqqOLB2ovvfqAxdqf9h
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES\r
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv\r
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd\r
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5\r
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe\r
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW\r
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu\r
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX\r
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO\r
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4\r
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked2.example.com
- localKeyID: 60 1E 5F 04 72 87 3D DF D6 6E A8 72 9C 31 3D 4F EE 2F 08 52
+ localKeyID: 56 16 8A 9E 0B EB F6 31 A5 7D 38 3F 0D E9 67 70 05 98 7D 89
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIzQ9LbVmACpoCAggA
-MBQGCCqGSIb3DQMHBAiQAqzjbeMJdQSCAoDIZV+TwEeKGLUd579pnH7rbgghDFZh
-uBH+Nn/T4w2cRZzePbGLORnaLUw4TqwNj0wkT1z3qWvVAv5EDbDrOJiWv+AhUCsR
-Efu1N486pkCnZH5YYQ+A1TKR4SkWgqVXdsg8YA7rafsz59i/HBm5aE95iV1cIuZS
-PGJSxZxUZqAFzWs6P3tGe6bO87BrQ6BRqIgYaZu3TTWvadSMEbnOnsnGOu4Q6frG
-4qEcaG4u0T2LnvcMDyh35O11kOoF+WxqnJSKnPuJtuyODN43e0hx9akNWI0e4LKH
-PvQ2KREajv2B000SE+dIMoYR2r6et4+mTqkmmVtTpBhsnw9CS1I3WyDEJLtSIWs1
-EdIiPSRLWVT3cDy3TBIX8iTu6yTUk+isXPEUHRyUvSOdRjpYrQgEWhVuUBOgwo9V
-FpS6Zt+JFR47q3VRA/3VMcDT4BF0viee0SFNwsgGKRBPdajGUpVuyxsrussirBBm
-32/lmb/gRMqsDtuBz1gaasa8N0u1bIYzXBvwYGritLT2Ijsd/PsydJBNPG3CjYNE
-BCABnMW7oJ5aEU1+fItj88K+d0WCjb6O0dV8DfpLxHyzQeZDJuRiRUBEDfyddl2N
-3MixmChxb/p2jiznlxSPspqp3uBzvJYO1mx6UTy3tgexyknmZDFhmaenZbwLqcrD
-JLjwbdvpgRE06RzDQVH7feNoqYlQl4LD/E+taQzBtBZuBSXZliLF20DlnXSoC+ho
-/RjoBZMqA6zm+keHvisX204m5xa1xcwhVXJdaOqmfPpi2oS/3ijCScVLJFtbRGPD
-Ch9++RCyfE/3VjtHQF2LpxeICIF5aZlrhNxzJHdfh44ZLv8Q0iK/S4GE
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIb0wALdeJZD8CAggA
+MBQGCCqGSIb3DQMHBAgKGxPM9mU8ZASCAoCTwlu6oehSYz24UqwHYgk5EjZzaGKC
+O2cedBNqLeuR2XONmnsELaFSlPgUpiPcV//AjuJapRy0Jizm8g+mKL95P6NNx61J
+ha/Tr7ACCJnnD0HaqVx/2lLyjCS781oXrB3hSM4M9lsgL8XR88yw9cVly5PA6vfE
+IICqsJWI7ZENYfmwJSx2Sbh0NhPt6S0Ps33l7i/0iPiXcIjJdDDdtZy6HSMz2eDH
+apZlEZcEeUsZ42esDOnyB3zAFIt1I27ex0D5Yj/LjcSdP6nuxn87lqfppwciKSRm
+8HfVFtpqb3b2M2Q70E/yNEND5BL00LZzuotEo7CMvTK37OQIJhindWE8Hk0Q8x3H
+5p7cEKKclqoPB0MiXHXtPiV9j8Amn8FtquRYsBqJn8VQDum/7BCpduiMNrHaj0hU
+6775q2qbC8A5JVbcplTerCuRHaX/DE3vjAIBnFmXm+AGwcu9j/Q6ZWSWW4mDO1UW
+p77EHLHBkluFI0P2rhccgyg7O/31d48Lf2csS/rUKGb9B0gR0eumzCgLw5UCtD6y
+2U2GWL3H2EGN1Ph3L5lOjG6PdS9o8u0omU23JtYVpRwEDwS/fvS4emFunMpH2X4O
+9cmPAvTh0RwQIwcbG81dxhNR8AEa2GENwYBIuh0S9ZWiWB3Z+a2eXNPtzt28wPfo
+sPeRnVuvooGbu29hzKuY9L8s+aqAYccqzrOn3Z6Qwl7VPml/yMxPjpyfTjvu5vxU
+1z8jzzuCZG7Pn9wqSvQjSImUoqE+c0NXkFU0jA0cvrTceODNcgylRvwy8l05YeOW
+uFmMzr+GCY2Fvk37BS+2yUetIU49EHLCXnzk+nsLkRG8pGgdnl1MTnJV
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: revoked2.example.com
- localKeyID: 60 1E 5F 04 72 87 3D DF D6 6E A8 72 9C 31 3D 4F EE 2F 08 52
+ localKeyID: 56 16 8A 9E 0B EB F6 31 A5 7D 38 3F 0D E9 67 70 05 98 7D 89
subject=/CN=revoked2.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MDdaFw0zODAxMDExMjM0MDdaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
-bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH+p2yj4NWa1uzkvNN
-E3kE6axpNn5FXJ5NG1KVfpJIqK5LPbEGH6+VvmTgntn9143mhaYnA5moXk5bETXw
-OJ0hqXJK9XpjpXJrK8Nhx7BY5krtM0UsDq3EhNEw6+AKDBwT+9uD2y50X9UKkLJh
-JshmcK0fStVWlExN1ytD0gKURQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDJaFw0zNzEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGe+/fQwDwwqWA0ysH
+eTLg7C1qmbgu39qxlggpYqfD9FmphJnhw9fDwndeCVxiAtYFThJ6MtJgTV1R/II9
+4oBftgWT2LlvCrUK+3j6PjVHlpFSoLtmOSj0I4NBTcxofXH6Vje6pYruEOnXLhxK
+Sn7vtx8Fzgo3aLTlgCQIRRs/fQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMB8GA1Ud
-EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAFbp
-R8Z0SgNHSvM/NAjsWvrHHMFfOggViyNk9Z2TOJ3NHsQ/WPmWJfVobD0wS9JupDsY
-i9J3RjmkIPv/R3bJ2zNrGZ0Vo26T8VW8WZV+K47jDhl8Yc6nm633qaIkvDUrQT1D
-8ndRU/5kTWzsj49lU8uxzxK6Zi3anMKeucZN2N1G
+EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBABzS
+kAeaoXMuHHyYsrKY2nuzP2OWi65kgyL6TngE1rDGySkhrgkro+Am8/z1uHzpwR6c
+hfCMY/XA2LEfenVJ71gxTBHnIItIAcLN7ZJkLKhgOGMEupzPNZlUnqFwUpAhxtPy
+0tIlyeKHR4hlWb1hs2z6PEqqOLB2ovvfqAxdqf9h
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDH+p2yj4NWa1uzkvNNE3kE6axpNn5FXJ5NG1KVfpJIqK5LPbEG
-H6+VvmTgntn9143mhaYnA5moXk5bETXwOJ0hqXJK9XpjpXJrK8Nhx7BY5krtM0Us
-Dq3EhNEw6+AKDBwT+9uD2y50X9UKkLJhJshmcK0fStVWlExN1ytD0gKURQIDAQAB
-AoGAUKTHiFTobWaw3bsyY1ApeuoyrWEczaLacZTFmmSm4Ccp1kzEAQixGY1kh9J3
-bS7KWf5mcRA6HFQffAj2O+/QqSYRh+FpqF7G+Vuy9EEp1DFEHBW5EVAuL4yv8g6Y
-6b8w4bd1qegg/85teFQgPgLYjQUs9jyOwTf4YGeiP6cgLvcCQQDyBFbxbxNz9mpl
-U4RfzxDZMALHlYrQPPOpHdM5veKYpHInGtpf2/HIqeRLiuQ4dadK4KSfHaUiVgc1
-hFh1BnQvAkEA04h+plOp9rQLBFcnr4fD0xR6/5GNigUL3CftIOJrGcOdMpZFMwNu
-GDRqwLqwEe4k0yTXJJOFYkYW0ZgMPY79ywJBAOpmDZcUz7B2ryGoPANXV6gi+e44
-BhQdlJjtDBFWucrBKtZ5CZviOFDzSutngBa2zOqWnJqHadLRo3XP0qS1NX0CQHq5
-+3j2m2qlxKqNAlpls2iYvk/em7bS/LGLfJmSo7677k02QAm72Lk0WCdfaN3ORBE4
-k5YF/OIqdfy+cYOZnYcCQQDgWQddjHDpMTmGSIHF7LFvmOsxc8RvaCf/rbqIR4me
-GTtOL3aAlwVcagn1Otph+abTL6PSNJQOe5kGwatGKcAn
+MIICXQIBAAKBgQDGe+/fQwDwwqWA0ysHeTLg7C1qmbgu39qxlggpYqfD9FmphJnh
+w9fDwndeCVxiAtYFThJ6MtJgTV1R/II94oBftgWT2LlvCrUK+3j6PjVHlpFSoLtm
+OSj0I4NBTcxofXH6Vje6pYruEOnXLhxKSn7vtx8Fzgo3aLTlgCQIRRs/fQIDAQAB
+AoGAI6UXT2+PiC1Unp2NwTJVXkpb36SKjLR76F+KyK/kdA76WTSsk/xhT9EpMbSZ
+qCpdOCesrtBYsp3CMBqaYzW9muGko3LchOCXVxMTp0GUQDNg51qZSTCgDf7656TL
+mW1P39sqqPdabA6+SyjV1sKv2uvOPOvbK4Wipk+M7pqSjEsCQQDqoD8olMo7rdxb
+D/+3DuoeeZepoMNUsXK2goWzbYuy4DKCEkXsTjg7RM+MIk8t+RNXXQvA7j6aysvV
+dozFkpOHAkEA2JDR+X/idbwjGa23Qep01oBQzEMb38u+vdJFC0lKl8u2CQ471Uxt
+a+ILOs+V+pxAU/GCSZNP6TgiNebCu6ld2wJBAMY6QWI942bsi0H8kGXPGgpJXNOZ
+2a4ShgKg3+kqYl7sgH/YhG8T3vpkNp4E1rTWvXqQSD/micoqEHD3ShQatL0CQBV8
+WLiuLWOM5NaZW4MYpbraRCnfxpYvep8Oi3cRMGta9JZ1aQ5CZOC9LmwJSFHyypcJ
+cOmnydfTj+FVIaDIrt0CQQC/YwxvWaM9zTasK7xJqNabFF+nFb2mfi2xhmguqr6u
+TinTMeyhZR4q78Qg/xrYSQTilrZgwGaDp7ikVSwonkjZ
-----END RSA PRIVATE KEY-----
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f
-Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn
-90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf
-MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR
-XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u
-X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u
-MTXhPAdr1Fn6Jj+eZy1Uv/yu
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX
+4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk
+EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk
+xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs
+RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf
+gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh
+iaEG3X51ApoqRRyXcSJZBcYN
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server1.example.com
- localKeyID: 83 06 18 47 AC F4 ED 86 00 12 B7 91 F0 42 C7 AF 6E CB 0C 46
+ localKeyID: 7E BF 00 86 25 1D DE A8 18 31 F5 E2 4E E5 2B CD D1 6E 90 BD
subject=/CN=server1.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
-LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA54CbrIH0gCvUPwM0NXZk
-XPPPTp2T3soEJfDq09OFF3frbzbn3Y9Aa7saE388maxmB92XdYdcluh82wGcpMNZ
-3zZ3YsGiofjVjFCGIprOaQ0lZXYxjHdtxrn0gCsygS8eBZ3FrTLbshvvJLlLdlGI
-MRBb1XThD0UZdL2oV0j48KkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
+MzQwMVoXDTM3MTIwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9UMQX5gjkbMrFRq70L7d
+FF9ZZ+lMjEevQNUUKrMRwbDWLx2c343YCPalFGDSypcxsWchc4AnIpzKIAjfzb4r
+d+xmFyaUV/vFmGFCuN7A5vIC9YI/eKG5CpzY4H7lHmeWnPSVJpGO5/IfnlXHHXtE
+v7uRqn0xt+VzSSp0zlVCfNkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMHAGA1Ud
-EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIiYWx0ZXJu
-YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLmNvbYITc2VydmVyMS5leGFtcGxlLmNv
-bYIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBACGRwx8oRd0srNY4ROewu95a
-3EUcRvF2qA2/qk/0A14e+7cQFk1OUfGPueQ4EGkCwWsnLXwV8LcLTFGrIUM2Pk46
-aH1hFTfDKrg+NIVOHFRVlXoLgHA4d9C9TsTKq68U6qMkQxPrJ5eCEaIVKTwV8vjp
-jdetILV31wGPhJXB6CXb
+EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5jb22CIWFsdGVy
+bmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIJKi50ZXN0LmV4ghNzZXJ2ZXIx
+LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAGfvLUOOQ1D1P0HuQs/0tDE9
+2Ii19yQfJoMyamz/ija3vssoSGicqTxuLy2l9PzSCZsdBAAmfaX5ORMG3Z1pePh7
+9TyCnY+5Txq28At/IIJugE44CdFDIyLdN12AbVqqIzPkeckNjcy47V9rAVYsSYmb
+yl7Vs7CTftVe8Jh9XwdL
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Signing Cert
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f
-Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn
-90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf
-MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR
-XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u
-X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u
-MTXhPAdr1Fn6Jj+eZy1Uv/yu
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX
+4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk
+EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk
+xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs
+RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf
+gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh
+iaEG3X51ApoqRRyXcSJZBcYN
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server1.example.com
- localKeyID: 83 06 18 47 AC F4 ED 86 00 12 B7 91 F0 42 C7 AF 6E CB 0C 46
+ localKeyID: 7E BF 00 86 25 1D DE A8 18 31 F5 E2 4E E5 2B CD D1 6E 90 BD
subject=/CN=server1.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
-LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA54CbrIH0gCvUPwM0NXZk
-XPPPTp2T3soEJfDq09OFF3frbzbn3Y9Aa7saE388maxmB92XdYdcluh82wGcpMNZ
-3zZ3YsGiofjVjFCGIprOaQ0lZXYxjHdtxrn0gCsygS8eBZ3FrTLbshvvJLlLdlGI
-MRBb1XThD0UZdL2oV0j48KkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
+MzQwMVoXDTM3MTIwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9UMQX5gjkbMrFRq70L7d
+FF9ZZ+lMjEevQNUUKrMRwbDWLx2c343YCPalFGDSypcxsWchc4AnIpzKIAjfzb4r
+d+xmFyaUV/vFmGFCuN7A5vIC9YI/eKG5CpzY4H7lHmeWnPSVJpGO5/IfnlXHHXtE
+v7uRqn0xt+VzSSp0zlVCfNkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMHAGA1Ud
-EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIiYWx0ZXJu
-YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLmNvbYITc2VydmVyMS5leGFtcGxlLmNv
-bYIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBACGRwx8oRd0srNY4ROewu95a
-3EUcRvF2qA2/qk/0A14e+7cQFk1OUfGPueQ4EGkCwWsnLXwV8LcLTFGrIUM2Pk46
-aH1hFTfDKrg+NIVOHFRVlXoLgHA4d9C9TsTKq68U6qMkQxPrJ5eCEaIVKTwV8vjp
-jdetILV31wGPhJXB6CXb
+EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5jb22CIWFsdGVy
+bmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIJKi50ZXN0LmV4ghNzZXJ2ZXIx
+LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAGfvLUOOQ1D1P0HuQs/0tDE9
+2Ii19yQfJoMyamz/ija3vssoSGicqTxuLy2l9PzSCZsdBAAmfaX5ORMG3Z1pePh7
+9TyCnY+5Txq28At/IIJugE44CdFDIyLdN12AbVqqIzPkeckNjcy47V9rAVYsSYmb
+yl7Vs7CTftVe8Jh9XwdL
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES\r
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv\r
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd\r
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5\r
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe\r
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW\r
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu\r
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX\r
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO\r
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4\r
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server1.example.com
- localKeyID: 83 06 18 47 AC F4 ED 86 00 12 B7 91 F0 42 C7 AF 6E CB 0C 46
+ localKeyID: 7E BF 00 86 25 1D DE A8 18 31 F5 E2 4E E5 2B CD D1 6E 90 BD
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQICbhwx2ULosMCAggA
-MBQGCCqGSIb3DQMHBAiYrkRIOMV+swSCAoBerG3VHBlRrcYC55/infkD5/5+O+1I
-tCK6keqj9CrQ8jo7vX6Rpx4Cy1oiNHJgo+tUGxsLau7as+4EhfJSGG08FEUZny04
-7Ve5WtSsufbz0ZALjk0R9lJ363rMxSAOl6tP20dMjBYGLmHTMt5+uJbA5kmhQ3ul
-jPuhvVlfG+pxM0WFHglgBA/8OKyT2ka2ldhwHBBofX5LXc5QcbLmicO9Dr81hzbb
-paqLhuVZ0GNrl1sM8HkifLMOPNlm8UlkLZV3m456E9HgDAgBxq12YAChz07njNbs
-e6l6La0bbmLYJ4sVyRqNPzrMgricuxKranzpODA9+dgAuhjQoXGIWyarScPKdcaL
-QXjZK0l9i6wNXaI5gYEEP4mJ6cwmoG/SKZ+DRMAibl3J/nvoq2deCM19mpJPAp+L
-60Q3ZadfrLPUMquLMHMoJ6EOLsFqLoaFxjFzLSdOJoz4i7lYCy7C0/GDbU4xsu+q
-55lwPflzOxDRXh6NDVuXeVevOVJr4KD3acvLqxDigNXpTxKvCQaS1uiy9UXSMCvv
-Y6JEhD9HPjqRAzzssy3HkEP6IDTXr9X7JTyl0iENkxt4fERYG8BufrVMBEw1ELr5
-zkieo67RYv9OUfpf3kYFnVR3/Dkkpz3HVRhef/H320/8ThKhotdUUORRbOsDaZoS
-ETLG6oTkGDm2TBRvdjh511gKUr+yTMxqRmPTTsym6DDVfggXV7aWE+ef5RKjbndZ
-NjgD2SR1VlVn/60j+1UYoLfhOjw4iIfEShFlWiYHZd37B1tQappbzs+VXjkRVYix
-DlxzzRALkOX2oisWH6Y9Fnq79k2t0LlY9aRA8RE6rPLxw3TgPnDLHgZY
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIYGrq4Gcw4KoCAggA
+MBQGCCqGSIb3DQMHBAg+KGahXoie+ASCAoAri89FemSuJebVOZnSJM5inxBeqLLV
+FqWPjgIrpjlTnc2Vjus37RMwToxqo0E8u1oXFoeaDbn2S78JNuf04SdQ+sxBsFEi
+wur1n6HftSyokdVZeN7I60HEscpYpGgodU0RhxdnvrypHpVLbi8mqwVys36MkF/W
+e0achT07b5g7mOisy52cf7hVWnHVFuGWHGAdUL6UpUBhT2uv3C+0V0Pj+XqMDU7z
+OFSqE3ctFt+QzXQDPtxesVH06JVvLhTsS+2wpLPt+ATny3W140K4mg69eaeHHEMk
+VKcvnUDxr3ByuD6WoEyB4Co2oTJ7Zk0F4HvN/59uOo1z7Rq8Ex54ZW3FIjrV6xOS
+6idg5D8DsBXN1tTQ1EWF1KsVufiH2cPkm8t5rAB9kX4w7NPYeYgY/V62Z93uhe56
+iIrPcBm0/dnVObkQRhk1DcaBL8DsSBlTP+jmb55+RVGJR3kGWgPpeCIf1qF5dG+H
+qIluxf5BEZ+BE8mRcj6hKm99lB5bA8TG/MFFQdYC9i1z5rtcRpKp3HJhCXBWfhwf
+D3VPpLp9rPXKXK4Fr9G/1JmnrExI9+PGlGj9QuyNizoiBCBF33JnoGedorbV2nFc
+igh+LJf2Kc4GSRYGaxsTieYC4mvZ0OxUHcWkJ3u7kSDqqyvxqd9CruYDpj4s2iSg
+0i3DVwerMK39qZhWoMLDBdI8aq/BVSItQXjPESuZb1YH1V8N06gmF6qjcRHaXzC/
+gUH6m0WMyZM3hPFSfXzb89aaLIn1UsH7we+6RWpoDb2a6VJke4M7XtcfM1KuAMBF
+INmjVC6LoVQrA3zHydnmYImkHVz4n4KHCi31mrA+G/mj2vAB6pKQi/Re
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: server1.example.com
- localKeyID: 83 06 18 47 AC F4 ED 86 00 12 B7 91 F0 42 C7 AF 6E CB 0C 46
+ localKeyID: 7E BF 00 86 25 1D DE A8 18 31 F5 E2 4E E5 2B CD D1 6E 90 BD
subject=/CN=server1.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
-LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA54CbrIH0gCvUPwM0NXZk
-XPPPTp2T3soEJfDq09OFF3frbzbn3Y9Aa7saE388maxmB92XdYdcluh82wGcpMNZ
-3zZ3YsGiofjVjFCGIprOaQ0lZXYxjHdtxrn0gCsygS8eBZ3FrTLbshvvJLlLdlGI
-MRBb1XThD0UZdL2oV0j48KkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
+MzQwMVoXDTM3MTIwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9UMQX5gjkbMrFRq70L7d
+FF9ZZ+lMjEevQNUUKrMRwbDWLx2c343YCPalFGDSypcxsWchc4AnIpzKIAjfzb4r
+d+xmFyaUV/vFmGFCuN7A5vIC9YI/eKG5CpzY4H7lHmeWnPSVJpGO5/IfnlXHHXtE
+v7uRqn0xt+VzSSp0zlVCfNkCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5jb20vMHAGA1Ud
-EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIiYWx0ZXJu
-YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLmNvbYITc2VydmVyMS5leGFtcGxlLmNv
-bYIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBACGRwx8oRd0srNY4ROewu95a
-3EUcRvF2qA2/qk/0A14e+7cQFk1OUfGPueQ4EGkCwWsnLXwV8LcLTFGrIUM2Pk46
-aH1hFTfDKrg+NIVOHFRVlXoLgHA4d9C9TsTKq68U6qMkQxPrJ5eCEaIVKTwV8vjp
-jdetILV31wGPhJXB6CXb
+EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5jb22CIWFsdGVy
+bmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLmNvbYIJKi50ZXN0LmV4ghNzZXJ2ZXIx
+LmV4YW1wbGUuY29tMA0GCSqGSIb3DQEBCwUAA4GBAGfvLUOOQ1D1P0HuQs/0tDE9
+2Ii19yQfJoMyamz/ija3vssoSGicqTxuLy2l9PzSCZsdBAAmfaX5ORMG3Z1pePh7
+9TyCnY+5Txq28At/IIJugE44CdFDIyLdN12AbVqqIzPkeckNjcy47V9rAVYsSYmb
+yl7Vs7CTftVe8Jh9XwdL
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDngJusgfSAK9Q/AzQ1dmRc889OnZPeygQl8OrT04UXd+tvNufd
-j0BruxoTfzyZrGYH3Zd1h1yW6HzbAZykw1nfNndiwaKh+NWMUIYims5pDSVldjGM
-d23GufSAKzKBLx4FncWtMtuyG+8kuUt2UYgxEFvVdOEPRRl0vahXSPjwqQIDAQAB
-AoGAMTC5I2Mrtk5Z15fRMKj682tU+fHuuTC4x+0UoLT5uz5edu+2PfRR7nI/vLPV
-BxxEQ9iYdb8w89nrqceCZtohjq55WDWCuJUewZQyNSHC/v+Q+J9YmCnoU9SFX4gB
-Kr8tU+I1LhlIzCBd4K/0iCrASN69L93G6IIrpfR24pBNjU8CQQD0rfDVXLPjpjA2
-8E9kaqYlfk7QL9XhAla3wRioqPDg9001H8KVRnWqbLmiGFCWn+sATZ2nW9oV9THp
-6MFkjAt3AkEA8jaYCzt6LW051XpovqfEN9n4fAPDSAhMx4Hych4BlA2k4oLtTNqB
-xh6fTY5PIkKuhH7vSiMnZSGX1vpGQrGs3wJBAIXfzg/PoxWBzougvK/Cspl9HH5I
-TgvJDc2It4dAuFs+tF3GvN6UKLlQt9j62M0xPpFx5jq1xQOSnvbOxVHQVk0CQCt0
-nAa33w2zYQLp+UzrcIrMsoYdbrXHt26747GRrJrRb9mrv8NgGJRg/he+BniRGhpv
-Y6Mbd3/vbPyG3oAsvGUCQBX/JRVcosW/GqF0Au6rd7pPS0HU6ebXtlSTb3Nd24Xk
-uutI78VFuyv4ZUmj3qRxj65IoVCK2h3Z96PDgw1QbFU=
+MIICXAIBAAKBgQD1QxBfmCORsysVGrvQvt0UX1ln6UyMR69A1RQqsxHBsNYvHZzf
+jdgI9qUUYNLKlzGxZyFzgCcinMogCN/Nvit37GYXJpRX+8WYYUK43sDm8gL1gj94
+obkKnNjgfuUeZ5ac9JUmkY7n8h+eVccde0S/u5GqfTG35XNJKnTOVUJ82QIDAQAB
+AoGAXyp6EHWym4bXeTVp2gotM4n54ZGLc8Ue8fub+yOHiM4KlbaaV74srPGzRVB6
+ikSXchwvxSbdSJdo8HwxBx66s2fLKb/XfntFDdUij36qmZfJjPElBPMpjwU1PYlc
+mgIXIPGsicKTowjws5kX8SwB+dQFxDqO0LZEBlGq0bpl80cCQQD+Tm3LP4nIHjQM
+YTllT2pcPIFoG+qq3ff2AJkcw94UdLuerb4IkDC1G8l5tqIXz3fJ6nyMAUoRIA+d
+dDQmFq9rAkEA9uU3E1l0BLxtDYGtsJ6uGI9QYdtfc+NuhBIU1KLZyO43PVsKA7QJ
+i7Y0PzlyeYItttsB0zgY7uPAZFXKaxfpywJBAPwKTSTohyzQSnOOlG0FRXu+995v
+9Kd+MPgeZaGtulf5zc2ZksM37R5COO+pg4MnuyhifyffS0InzXIXLmwlhZsCQB+o
+/QsKKYqB7yoQOwmvD3wuxIwH6ZGe1IkzGGC8EVlm0saXag1XhPHZh5Gj+D4Ep4AP
+TYicZPYdVoqHRdG920kCQGVrR1boFcnMavhdlOUUIupDXldVsThol4jI0A82EgSy
+0HoqR7W9I23uGOtAMGLJsITVNr67FixHyxJ5g26oXv8=
-----END RSA PRIVATE KEY-----
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.com/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
-MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK2aQA0QoS4VI5Aw1u8f
-Q94dMBwDYSo/+26Gln98d4N12j5UetDNx91Dvrn1mdWnnZvfMbUUIoDlBguwydKn
-90Qz5+bVMTww+wf5WYNY9n4Z9GTnHLTt6kzb0F5OEWu4Vsc5uFy0a/MiXbqAZpQf
-MHjf8F1cec3yt0c5hsaT/RNhAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADnBYMdbtBpSSHTTvCTR
-XPlwy5nPTxics/HLv5DxIG3BKr97vYgONK+wHN45we8qxnoSpD0VoucJxef0rN4u
-X/yG6VoYjFRL/yW88nXzFy752nK83YrGGdUUWheY4OrAEGMmeyUe9Aw7GGczJi5u
-MTXhPAdr1Fn6Jj+eZy1Uv/yu
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJmw215lURHtIlsmndGX
+4rn6AyPcReCzRClw8icPv5GzxDnXxqbjK8Ghvkil8RAV8mAkDXDzDi8J5NIsMKwk
+EF8LaGfnbhaeRkvfDXN4YGrGclMMCVN4zk810pDrfrz3KCGpokOKoaWUsRTTdftk
+xyfw2Ui1nPNfg9fO/cfAyr9FAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBABrTmR8+gtECLU7zsbrs
+RKIeE9YSXxsqzv3DPpUj9VN7l05ERe3db7/TNePBLH0KwpjWljuPDUhKWC5jQvkf
+gBEr0CKALQGWU0sQJDNhR3SDsPUGU0BFUQT7g1B94Dmp72ivHLjMrtxnLrOT32Uh
+iaEG3X51ApoqRRyXcSJZBcYN
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server2.example.com
- localKeyID: 93 74 64 09 0D 55 41 58 38 49 39 03 E6 38 82 1D 15 25 10 17
+ localKeyID: 3E 38 B3 52 20 A0 E1 80 39 74 EA 8D D9 D2 2C DA F6 53 CC BF
subject=/CN=server2.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MDZaFw0zODAxMDExMjM0MDZaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
-ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKyfVyM2/OEp07jUT275
-Z443TxznHO7R/gOy2YSg8boviB72gXWcnvPD7JJ19zT4dAX7ycYhJJHvnfurI9sx
-lbeC12v1Vci9auGtSdyTfiFE6sHj5WG85eRLPyp9Bh10oHF5f5/O8ql5oY6Mp64f
-gzkQww6adLTJhMXdYum4pYS7AgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
+MjM0MDJaFw0zNzEyMDExMjM0MDJaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpVDMWYm+sUgk2Suy9g
+bFS1QSurQJANa1I4+2yQhqK8r2KaNMODeTBPm8wjDaia3OUPUXx0dUwzF5oi6sr7
+ztThjz6vAvPyq7fCyIO5P19FdQ8Po1QefxoPWTvN7giWjh0n1FeoG/Ls+sROjchm
+TbVuxrbU9kGfSqmBIPF1R0qPAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0R
-BBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQBxsq97
-lShV8znjjTJD6S9oKO8Ddjw6anrXbkdOaSVn+3rrvLtpnD/ot3jQqXgMekaNAd7M
-xv0Tvo2ZuhLu69/pZZhM6f8u/nFeEf5IgWaRp/VwipxjNresaZUGXlSbU/+p2Qc0
-Z/XwBfcW6yiJjpgnWF9hwz9y9dwvt2dIhxjGcg==
+BBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQA64kuJ
+wKno+NK76n34V3qqJkKzlAQEJPcNbTPegpB1dro6pH3g5W06POZ0P7Stz9G5vWoG
+ROqpoxReNNdULu1as/vK31q2Itiw8DhoSKjNNGuy6X+WzexI+l0OL2bww7/59GUQ
+gLn0+tu+pCbDPSU6f7fprc3WBlXxmD7qtc92oQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
-MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjjJES\r
-bOxdrntjOO+ejTY3ELemRX63kDqvwPM5eojPNHXE+DkmE4+MfHpK9JBf6TQ9RiXv\r
-F/0Xag4Z9xE5yW8z01p0froxCN2vz73VuZSnslq33WCsdl8nAfsFterBgeXLBzYd\r
-x7AsUd3Ukb/zo9pS+qXtvxTY4d7C1G5CBffjEwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2Ph5\r
+2UMdD8CAW6mAoSUKgQbCEps6VYPBqa031JzDBzpHD8cmIJfRlmPg9V8K2LXP8VVe\r
+eG7LW2RBVlSx9082EZNC545NFKDg4Xu01jYP8BrNcJzzu8ip8osiqAzo993AZXoW\r
+eGZKJ7hYA1M5RCMkSIBhFxwoObjG9Bt1LQ/keQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-C7ceggvAVv4ZSKHzibMYkkXpnTEgsOcY3LJr9hWaJIVf1wQQWaWwSpKGDg4wQnIu\r
-amd7gq+gPngvvuduUM/Xj6qIqPZJ3CN07qoM7NIDQ4woJloF3G5vn5A6FH2eFizX\r
-zBPeRvPEZ6SCqQaD5KDwaQ4GrrX3hNU4fNI0e+9v9EQ=
+JV9x4BGPTibmtXmXJOR0tETUR4RKc+Cis07H55mGDweIWtDT0dmlisLFyFK/rNdO\r
+zSeOIw2xchD86uNckYZd28OMEoSDI/lVhIxlEXaWvrf+BiaFX3AaPB3oivAp5aF4\r
+iy9WlTtH1uoE7iNueRd+beg5BgpgV0hyZAnoePQojH0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server2.example.com
- localKeyID: 93 74 64 09 0D 55 41 58 38 49 39 03 E6 38 82 1D 15 25 10 17
+ localKeyID: 3E 38 B3 52 20 A0 E1 80 39 74 EA 8D D9 D2 2C DA F6 53 CC BF
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIaCVkvUUXUUoCAggA
-MBQGCCqGSIb3DQMHBAiHwVLAkyFHwASCAoCvzbvhMu88cVthellg1tLg6gIhGaus
-E9ieFnGgBEtuiKe6aZ7YAMkloEAZTOOMS0E4YAPOeKk3Yi9qRIngYpkSJHmx2FXu
-Z5sxV48Rb8+V1I7IxcWt0aWuvfPf/fNHXCxNFAVjA6Pyv1we8qKuJ+eQhHE5GE7o
-nwE2wbnIkJEQczGomuxJz1NpI6wlCWhr13n8CKlqctwhiUEqWQ6F6T/OJ8KMyPl5
-hQZunwLsnbPaXkqQS052RbDs8CpR7tTb6BiH8JcusDD4Tac4Tni1/A5ikgHLYeMt
-IIj9ywBX4a/w3Q7rXvYWlePo5UHFaHwMovgITEfg0E/O2FRsOkNZMyXhhzWdxI+O
-id8olki2dSq2QclpkU+KQZJG1he7cgw4H3uq999YWpsM1ZYYnQWl/2ygvOv/xQZo
-3HHHBm1rITifu1PZK0Nrk2L0EGUiyJhyha24imR2sAlL4kfSj6sQe86DmdtQ4CJ8
-oLFntckhHx/WzEng8ZTBkl1VcmW2hQOAWLZ/fjidMTW0JRIVlsl1UbA8g5SwaSKL
-yaFyVWksit5vPDe2hEHXZrJRN5xnto5vwKnkks4FNah8cJRT7Tvv13hQTNqxBBGk
-YqJdPryEv7XAFpKvM5B7d8prJOTflCoPm5T4tHeWwwmE04OqhNl/lenbW4er+JpD
-6zAd1temSUZVMne9X6uSQ7oRNZgoay1TeSeo0mPITR/iFGoGrvppupxY7SLRthxk
-GLJS5r143eMfAHwtj0uyn7JMBaIpUBhqTFtncE2Z6bas1iCyGp6THz7r/Kci3zCj
-qkOPVxen4rjqz3Y99ctQAvOa0npIYUe++9Oj8hEAJMZeqhxJEeijoykv
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIA6708poqRaECAggA
+MBQGCCqGSIb3DQMHBAjxI7tR7pallgSCAoApDIMC+I4DyiyYAbZ0rp4FD4IrabLn
+Vnwa/QMJ3b8oXVOD57zgJtV3hqRWQ1vjMm+dhW2UegFaFwluutEKTuijw25Vu6CF
+CfiHf+3Lnf7l/3vjYJcLuP58BRMe6VcK3BWBbvJu/kCEyyYYqY8Z4bfR/CeCiNb1
+oOInQ2IallqhzJU4/DpSzTzSwP2gjMTRkmMtMhdiGV/OC4t1stXNuSTkvf6SrckH
+4/LcLWyl0zf+HKA/VXdyko05XEM226BFX1GfhDTgLHMVc4Z552XYIdsXCJfwhNQ6
+IGct946WRV2elrq7YwaVFI6dTKv2Gh+rs5K4excypcFSEt2fE3DYsnVlsDAs/Lut
+i8DOHktLNoULrqmSDu3G6bhQ9R2CAy46Jr/1qyN/PyLx7qdGQ0VDUlxLRbitjFJf
+v3bV8xcGjDhmv1qZbUcBBP2ugsSk29mAXyyRF/nemggetvIUWqVduZyYVT/BYAK1
+Nag8ZzDhL0GWWXLky6hinDnhp6Q9P1xDV2Uz7NIPMiRXkW+JRsIoRZ1an+mbDp74
+iIuNDIIoonF48Wgj6uV0UfZB03zOM5lY+YtIkPBD7BFViWPBP7h0tDUyQn6Li0X3
+GabS4rws5YwSBzgqTIEJli4FnCFMFrWKdtdT3eBsbPp/CR4WszDgKgtUdddYLu+P
+hfny8mEbftelyd66a0ufyKTGgvoC+Up9WVavnJEMaipIgOIQ33akNPrjJUOKBmUo
+NeEr9bKaazZmvNfFadaQBf5c68OK0VIsyS//9Px7d39NcmA7pM9Z4a5fmWbFn59D
+XymB042vK2hcuGBCx4B+Crc4kSVkGHah0LsmnfKBeMStKux+I1cX7FzB
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: server2.example.com
- localKeyID: 93 74 64 09 0D 55 41 58 38 49 39 03 E6 38 82 1D 15 25 10 17
+ localKeyID: 3E 38 B3 52 20 A0 E1 80 39 74 EA 8D D9 D2 2C DA F6 53 CC BF
subject=/CN=server2.example.com
issuer=/O=example.com/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MDZaFw0zODAxMDExMjM0MDZaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
-ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKyfVyM2/OEp07jUT275
-Z443TxznHO7R/gOy2YSg8boviB72gXWcnvPD7JJ19zT4dAX7ycYhJJHvnfurI9sx
-lbeC12v1Vci9auGtSdyTfiFE6sHj5WG85eRLPyp9Bh10oHF5f5/O8ql5oY6Mp64f
-gzkQww6adLTJhMXdYum4pYS7AgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
+MjM0MDJaFw0zNzEyMDExMjM0MDJaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpVDMWYm+sUgk2Suy9g
+bFS1QSurQJANa1I4+2yQhqK8r2KaNMODeTBPm8wjDaia3OUPUXx0dUwzF5oi6sr7
+ztThjz6vAvPyq7fCyIO5P19FdQ8Po1QefxoPWTvN7giWjh0n1FeoG/Ls+sROjchm
+TbVuxrbU9kGfSqmBIPF1R0qPAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0R
-BBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQBxsq97
-lShV8znjjTJD6S9oKO8Ddjw6anrXbkdOaSVn+3rrvLtpnD/ot3jQqXgMekaNAd7M
-xv0Tvo2ZuhLu69/pZZhM6f8u/nFeEf5IgWaRp/VwipxjNresaZUGXlSbU/+p2Qc0
-Z/XwBfcW6yiJjpgnWF9hwz9y9dwvt2dIhxjGcg==
+BBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQA64kuJ
+wKno+NK76n34V3qqJkKzlAQEJPcNbTPegpB1dro6pH3g5W06POZ0P7Stz9G5vWoG
+ROqpoxReNNdULu1as/vK31q2Itiw8DhoSKjNNGuy6X+WzexI+l0OL2bww7/59GUQ
+gLn0+tu+pCbDPSU6f7fprc3WBlXxmD7qtc92oQ==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCsn1cjNvzhKdO41E9u+WeON08c5xzu0f4DstmEoPG6L4ge9oF1
-nJ7zw+ySdfc0+HQF+8nGISSR7537qyPbMZW3gtdr9VXIvWrhrUnck34hROrB4+Vh
-vOXkSz8qfQYddKBxeX+fzvKpeaGOjKeuH4M5EMMOmnS0yYTF3WLpuKWEuwIDAQAB
-AoGAFRVnGq16KHQn4GDKDOdYXxXhS0ntDjxGtqPvDlRsAc4RZZq9CCTngyVwbRkM
-ZwNbhGmS5OiiY1KtbJIkEH8XZn2d4SpRkGumIaMVOyN4iHuj7ALNXkTvcBT50J2J
-YUjeIdjTTvj2AR3h3kA/4HMU10qvn5j5wXegKjTt1vFctxUCQQDeNsRQj0L6DKoI
-d9HaDTpmSfiVEtsbtkclBZ9z38AVduHA6lv9hUd2I6NkAVPqJ9Nc9786ACtCNAvd
-Y85rSMedAkEAxt5SuZ7TP64x+eWXgLMO36N3z4F/R7GWlGwOR1bKjOY3Z3CSb+5M
-w+Voef3x2jshqOQaYSGsdOvkhF5aaYiKNwJBANnr3cSfanCsoMejMiLknCQaYPVZ
-Q5W+wbC1/fT2NnsWVjkJ3OMYpMdgFemKP9A/9FGVCW0JI2NOhWA9c/7UpiUCQC7A
-b3RB2WncGtWj2wUfkzySIoV+7Rw+rKbB7G1rAv0y1g2UUmjL/fIDyZb8U1I5moUo
-8uao0vE9z6AqyliLB+sCQQC6aavxAR1ylgoQfcKLkZZu5PXzmyxJcWvUn74f0abd
-crkYiOyNvh7VAiYsWDB2cZ/Bqe/VcY6qt/uZS5nA9Jv9
+MIICXAIBAAKBgQCqVQzFmJvrFIJNkrsvYGxUtUErq0CQDWtSOPtskIaivK9imjTD
+g3kwT5vMIw2omtzlD1F8dHVMMxeaIurK+87U4Y8+rwLz8qu3wsiDuT9fRXUPD6NU
+Hn8aD1k7ze4Ilo4dJ9RXqBvy7PrETo3IZk21bsa21PZBn0qpgSDxdUdKjwIDAQAB
+AoGAGoE9iYnjyULZu+R3SDoC4XOK/paZZ1EPQC4pwY0DxlMCH5/LUhklRIU+wxc5
+SuE+Ok6V6X3dusvAgnWof4mLd4erej11dbPL0o9m5oUT9RYmajOLDHsM6sPgwlpi
+FNMHi1iM0KRfwexu1pQ4jR8pXOlSF7VcXRPvHtmI+kTd25ECQQDhjCDtp8iCBVPE
+2uv0FMv3yow7X26xj/Ah08jrDwsq+eS6NxX+ZZcbbBR4pcbw7adQ+mXl6q+jqfk5
+3TbqDddbAkEAwVRzvAq17TkIfGkNGhpN91/lb0UM4ogYfIUKlHBBa973tdtH9YNk
+ZiXU3GeYb1adVjRRJff6msaGMHm0eQvz3QJBAJstsBIS2A8s3x+Xh7OdA2BuyOCo
+nh4obAy6C4g+B28AE3BTKhynhLlnOQZw+FkXCYDbZnQzbbhq34ACRR/vefUCQHj4
+jzKqwQufFGBEm54pt3+C0d2+J0HYRvojhWs8krMc4YM5ot1NShVgtsDzUb7ZQ7od
+ImnPsVAHyQ+sF/FmOUECQH/JRqucORx5ZrJUh3dkMmELYQXQ3n9J2hhbOvuv/7oe
+BXCWOE7DqDODFARgXbqA7uaZfWmVKT4s/6AO9aDvmSo=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw\r
-MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp\r
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7\r
-qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ\r
-FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua\r
-Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS\r
-QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU\r
-CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw\r
-+IUzziMDFxJiuC4JNJkapdKX
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz\r
+wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ\r
+ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V\r
+1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w\r
+jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c\r
+/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C\r
+vAJ2oHvLkS1MOpYEUICjB6xe
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw\r
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae\r
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV\r
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ\r
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv\r
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N\r
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5\r
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng\r
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7\r
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF\r
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f\r
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw\r
-MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp\r
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7\r
-qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ\r
-FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua\r
-Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS\r
-QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU\r
-CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw\r
-+IUzziMDFxJiuC4JNJkapdKX
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz\r
+wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ\r
+ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V\r
+1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w\r
+jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c\r
+/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C\r
+vAJ2oHvLkS1MOpYEUICjB6xe
-----END CERTIFICATE-----
Bag Attributes
friendlyName: OCSP Signer
- localKeyID: 83 C3 E7 52 73 7B A0 21 3F 34 6F 32 52 51 4C FF F9 D2 8A B5
+ localKeyID: 78 F3 7C 5D 22 37 23 2E 25 E0 FB 04 7C 0C B4 05 54 05 99 6A
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
-MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANpnYhecN75yeM5F
-IRsYNr79au1MLQ4FIudAPAsAFCj5AQ2dTq5na+Au807Tg/pNa/DscXsnMPusyEF2
-9tBOzGQjytdK80thpMgxPfZtknPJXs/09qH1AfuDNA5+d0wp3lzp+HIPZ+6qEsjG
-gAzF8O3Hxn66tTh96su7+PeTvxGhAgMBAAECgYAFkOifmtqi9e1zLpDmhRddVoWY
-ccpkyOvJ5GW5VyuUXBz3OhPvmv01WtX2o3ppvUoRyzFU0N/JPLbzb+jwL+9qln5W
-hn8ZRAVQurdg+pIDjsv18uEf01ac7mW8HySG25gQh7JdEwBKdn520gBZ4HlzEKT8
-zT9B+6UyYSH1rfZYwQJBAPK4Gix/LFWlGbUZTgZlVt8WmUg8Py8hEAsnOQouzdCn
-+ODFL45GXvIwUMK/KJUX4RWUoyNv4RtZLzm2vMfUPOECQQDmWq7toGkd95shGy/u
-5WZS5KE0fQG7k1nVb2ja2lyekisJIpaNbswqN/TsYIGCcJjsBzov1fUx3gxAh3Oo
-lqzBAkBwmkBqTEWBJisa/TZZeUIoFQ/flzOo5anPws6Pjs8k8ghgHprFYphBu3B8
-KLrnEED4BhD5K7o/OczS9Zf3DNuBAkBroeemhJNZOz6y418sQufix41DVz2eBaWu
-AtZ9nBY2yZluNUkfYKvo9ihs4lLhPfdWIbJgc5qT6GrVI/U4yt6BAkEAsuJIERpj
-5ICE0nhqM4UUKNuplmnW15tRRft0synrXm7fJm3je+sJoq5id3ylrD0nLAiF3yNA
-UFclX4W55QENIw==
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANomNfuqsa1ahnza
+wpXuvhr2NkfdzFXzZlL1NXZUcfQFV/h0gg0V/+OBfyvWiA7Gcx1g9nhREuHNaMDU
+0K0w5C+gUChtEflLiXVnsYPDpAtP+SqjmbnqxH8sI/GrZAB1Ssgd8eNQiYvv+PWl
+5BPNB2zocWfNwAs7SWWbeUtPeML7AgMBAAECgYAC86zC730fhVKF0IxsKfS1D/OI
+CblPb/7InZbDixMy4qcER7d8neMtrvwvp6aFXCPH+YheWIxpwG+8ofw6XXVeMEH6
+TF93OmZU8b1nt/hjDi/hO8BpP6uLgdAbBQwhP9GJwtKjXwwx2lbkXtlMhNDzAjF1
+wVoAWwsbJ5HjOPnWbQJBAPQW06A7K/dbv00sYPPUGfUnmM1nmGxbt15NgJLh8gWv
+9Dnk56vrluBVDEm08x69ymN543olGPRAY4USPqFBxdcCQQDky1d5BXtqLqqUaqVq
+5tj4uY0F5hVLswne2x19/cTtE9XwbIRFjEUfFs6hwaz7dIdi9lbjpmb789vX74wG
+xv99AkB6c9ErO0QtTfvEzZS9/hQfpwPDWEthYQm2546vIWb3b3RIbwvCdeg1FrWZ
+bIvjSjd0fDuglWfVcU/7/FErOQH1AkEAj18NFX1l9QgBRLf/qJm4ZUSBJq0jsygi
+i1BrjsQzXw0LB3o4+QwJVI4KNjsTlw9St6T+lfF0n3YU0Z/+81BIUQJALwXf4X5O
+yHXXoXEKDKoRzduu2jzY8NtorkVwdroNa/Ey38cU7Qfq8E+yP+RkBoZBkC0GFYYk
+uMDc6VSZR8FHGQ==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICBTCCAW6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt\r
cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy\r
-MzQxN1oXDTM4MDEwMTEyMzQxN1owMjEUMBIGA1UEChMLZXhhbXBsZS5uZXQxGjAY\r
+MzQwM1oXDTM4MDEwMTEyMzQwM1owMjEUMBIGA1UEChMLZXhhbXBsZS5uZXQxGjAY\r
BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\r
-iQKBgQDaZ2IXnDe+cnjORSEbGDa+/WrtTC0OBSLnQDwLABQo+QENnU6uZ2vgLvNO\r
-04P6TWvw7HF7JzD7rMhBdvbQTsxkI8rXSvNLYaTIMT32bZJzyV7P9Pah9QH7gzQO\r
-fndMKd5c6fhyD2fuqhLIxoAMxfDtx8Z+urU4ferLu/j3k78RoQIDAQABoyowKDAO\r
+iQKBgQDaJjX7qrGtWoZ82sKV7r4a9jZH3cxV82ZS9TV2VHH0BVf4dIINFf/jgX8r\r
+1ogOxnMdYPZ4URLhzWjA1NCtMOQvoFAobRH5S4l1Z7GDw6QLT/kqo5m56sR/LCPx\r
+q2QAdUrIHfHjUImL7/j1peQTzQds6HFnzcALO0llm3lLT3jC+wIDAQABoyowKDAO\r
BgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcN\r
-AQELBQADgYEAUsdueNj83wgbyybqrEIeL8opnLTyX+hwomW2vqGT4+7GTCMKsJJT\r
-fo/iC8O+t6aUt4HdiO3IBqtjibYxluykCA9AzfBT1GjMDp5Kd2FhTHIQq5yGACiq\r
-YSJ/qNRL4IwZ+rC6q47OwdhFlvgwGHTRi5Njn6bmJ+8k2DN1hJVnkOM=
+AQELBQADgYEAXPnZ7D7SoaGa8EcMXI5DgJwI7kH3Ww/9xa3/0aF0OD7dsw/qeW1W\r
+2r04MuiGb6MBfNxa1njL3kSnCmKs6G7Ronpb6icFZq3v+f9LabhLBI3uz6kgwrI/\r
+Js4k0c9VlR18yb2xYY89m32HkRefAsBMjEiCv/xl5PuBLQ4O0gjkr9s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Signing Cert
- localKeyID: 58 8C 98 1B 26 7E 2E 4E 46 B8 4E B9 F5 C9 F7 86 85 EE 51 6A
+ localKeyID: FD CF A0 42 1B 5A 49 F7 CD E2 2C 14 DF 08 5F 77 54 CA 2E 9B
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOkttp796P+PVpTi
-2285PNrEXM2yb40jK4T+wS7J9hbeV/RDcNRISCbQKT5cL6M9pjI0ONXsWDzbpzLz
-/MYz6m9FQTwuwlse3iTzF06YsdwozHRPsmGkxcejZRkzE9NxmwB8HIkatxQw5hh7
-y4JXVpuAfM5kNKT7opMus/RjaFszAgMBAAECgYAw2zKl2naMwVg3RtcKVVhSUA1P
-zgDAdiuCqKwKZSeKQBj2pYDJAcIYW8ogdklG7z5Yy4dTDzunuLAuJWADmVIXiuvo
-jnX3RwpVbSm+nCje391A5q5yHv30GEVPjXrjg/GjEvkClZ5tDEdkKljUxIMbJyq/
-yjSYlMNPB6UKK28FjQJBAPbr2D+7/SL6gKFou5m7lwIAlNuynuxclZUXD7POlRQ/
-88PQyOdGABIKpLeWJNt2+ufq5haP3OLgzVU6XfXMXd8CQQDxwIPVspRw2H5q2N7k
-+6OE9gxdr5koBtnGnSmTqHHLlMTWuFsm7C1Nw8uBq7N/XLh2raZARO5m5JVsq+sn
-KYUtAkB1nIC0WuaH8qmyOCCjaSbUXVKKEtp/2tmk2gcwrgV0T8HcU2ZeQolmDovG
-pk2H+3QnY0uVE5Eyv8EOB28Z1O4hAkEAh5XFWtDxV+jT3fEL8bkAGM42WUTmzQAq
-m64BZ4MNb3RcgWCcHtRPBFJPjMZTwZarDkSN/XWrj6Gb/HrfQ/ORcQJBAIhfTkOy
-DDTIOVLQeeP1hJooxPBZlisGzyUOKRgjeplhHfTRQ+4tAHdxcdgZgF1NIQgi2ofo
-OqABIbFcG8z0FZQ=
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMKxk6+mNy/jmG+R
+eZuRktKjLDBf3hreMUL33c7FMvyLGlDQrFjZtzxMtw5MD6neEfSmLY0nCKJZVCMD
+0det/uz9GbK1cVmInmwT+a2QE0JSMfa6gbP3HW5W4jCrZyiVF7sl1DloKdvcPvuc
+XL1s68Tn2yWMJuN5TY3AjUshpSB9AgMBAAECgYAD3vH3wQ9B1X2XYkYPsMJBi9r6
+Dz3kPNyv3yu6y7Lq0H0ydCOpFJMPENtm3l5FW1PyEEfBkbAbQjlpBM9sQVpbJPUq
+bqMdEq2GR6/qNp/GOIS6oJe7uBzab8lxVrcUt0nYc1DFku1oTpI5MLlotStB/Ssl
+oQdBmkuCgIXh73lxAQJBAPalNgKdVJojCFw8keUNTPSpr/qDnIWheM9VbU+DsPPd
+bjEnBJNy32PNn5OZabAIsi3RqAMXSkMAX93NoYfCpkECQQDKE/GjAN8NzLx6/cQi
+Fhl1UKWU5RQiMcg3N6rE6tkz4VnkISUsJb/D+r0ZvPSIb7bkQFheQMnUC2bbAsPb
+oMM9AkEA249OeR1dBqlQ8+rnZSNl8hZsFXG7kCmhxc+iMzpj93KSeSbmp+uGeO2+
+tEHJF29mTetoyPeen+5haK14scXRAQJACTXNfptsjyl0sbpdNRyCvokVcurZ9xED
+yhh8bQszKR0tRquIETILQnhsI/8rugg1csPIA0u6pzJ51qOSn7D9FQJBANutlC47
+4MzmhDPsXKyNM4bSfqByIHf+LbRLj8zIug6cyxmZomy55wCQbpqXUcg/W+i58ydJ
+JNoOayt+2wuK4/M=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw\r
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae\r
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV\r
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ\r
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv\r
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N\r
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5\r
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng\r
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7\r
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF\r
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f\r
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
; Config::Simple 4.59
-; Thu Nov 1 12:34:16 2012
+; Thu Nov 1 12:34:03 2012
+
+[CA]
+org=example.net
+name=Certificate Authority
+subject=clica CA
+bits=1024
[CLICA]
-sighash=SHA256
crl_signer=Signing Cert
+ocsp_url=http://oscp.example.net/
crl_url=http://crl.example.net/latest.crl
-level=1
signer=Signing Cert
+sighash=SHA256
ocsp_signer=OCSP Signer
-ocsp_url=http://oscp.example.net/
-
-[CA]
-org=example.net
-subject=clica CA
-name=Certificate Authority
-bits=1024
+level=1
-update=20161101174751Z
+update=20170131185506Z
-----BEGIN X509 CRL-----
MIHtMFgCAQEwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5uZXQx
-GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNjExMDExNzQ3NTFaMA0G
-CSqGSIb3DQEBCwUAA4GBAHJwzBzqjnhUHwDcUqCb2/V3lygZcDSYuH5bm6nMXTML
-T/nAYYNEnx+vLvl3PoOnY3R4QOUfFO7IdW/Awxp9Pl5aARBMAqgtGdyEX26n/g5n
-ayj9Go1CaaVhRP/2x2hnlvvyKvwGxrA0w7Fp7qIBTQXd71yNdqkAXwPjZ+IjzIdh
+GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNzAxMzExODU1MDZaMA0G
+CSqGSIb3DQEBCwUAA4GBAHNFzPgtGmXUXcr29O60RAqo47rUjgMgna6Se3uI9DDh
+uKhuf23lrT8pEVtvedYFo3cuTO8t4LH6B/3b+giyboxkoAEbC1PA6aHGJC1W9DCc
+xJenmVm5JbqEjiI3ondpNyvyOiLYX9J7iVMl1/XoW/dFI4p1reA8z2Zc1iDOvgzP
-----END X509 CRL-----
-update=20161101174753Z
-addcert 102 20161101174753Z
-addcert 202 20161101174753Z
+update=20170131185508Z
+addcert 102 20170131185508Z
+addcert 202 20170131185508Z
-----BEGIN X509 CRL-----
MIIBHTCBhwIBATANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFtcGxlLm5l
-dDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE2MTEwMTE3NDc1M1ow
-LTAUAgFmGA8yMDE2MTEwMTE3NDc1M1owFQICAMoYDzIwMTYxMTAxMTc0NzUzWjAN
-BgkqhkiG9w0BAQsFAAOBgQCIo/iYs4nbqo6CVRT6JDlNEvsPqKtlqlE22bPMNZVw
-smpdTlIk+MZ8bf3wH9TStOA7u1/9cKlE1eCLzXVjlKWevY81/Pk+aoJxlJMIBeRB
-zbKKcF9WzuD/FxbueS2OfDUJqR/+cFMhII+1OF7WwGAZsBH3UwG2TdO/dtIER2vc
-gg==
+dDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE3MDEzMTE4NTUwOFow
+LTAUAgFmGA8yMDE3MDEzMTE4NTUwOFowFQICAMoYDzIwMTcwMTMxMTg1NTA4WjAN
+BgkqhkiG9w0BAQsFAAOBgQCzAPuByn/+gsqzO6hE8JPs6AIPSK98dA2x2R7rOMuf
+tAekmPym5wdfeEAISyxRSeDZbT9tbNcG3N7SBaZf/tAC6zdGP8lMqnYiSfkwq7ee
+iVwLdAUxyusgPW4jmEKk5n7ppFS8tlaY+lmSHfnE5dCbD9Ol4fnyRC2dobuD0pNe
+bg==
-----END X509 CRL-----
processor : 0
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
physical id : 0
-siblings : 1
+siblings : 8
core id : 0
-cpu cores : 1
+cpu cores : 4
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5424.00
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
processor : 1
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
-physical id : 1
-siblings : 1
-core id : 0
-cpu cores : 1
-apicid : 1
-initial apicid : 1
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 1
+cpu cores : 4
+apicid : 2
+initial apicid : 2
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.15
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
processor : 2
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
-physical id : 2
-siblings : 1
-core id : 0
-cpu cores : 1
-apicid : 2
-initial apicid : 2
+microcode : 0x9e
+cpu MHz : 2700.164
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 2
+cpu cores : 4
+apicid : 4
+initial apicid : 4
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.09
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
processor : 3
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
-physical id : 3
-siblings : 1
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 3
+cpu cores : 4
+apicid : 6
+initial apicid : 6
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.13
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 4
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
core id : 0
-cpu cores : 1
+cpu cores : 4
+apicid : 1
+initial apicid : 1
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5428.40
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 5
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 1
+cpu cores : 4
apicid : 3
initial apicid : 3
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5428.13
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 6
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 2
+cpu cores : 4
+apicid : 5
+initial apicid : 5
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.27
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 7
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 3
+cpu cores : 4
+apicid : 7
+initial apicid : 7
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.26
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
- CPU0 CPU1 CPU2 CPU3
- 0: 135 0 0 0 IO-APIC-edge timer
- 1: 1 2 3 2 IO-APIC-edge i8042
- 6: 0 1 1 1 IO-APIC-edge floppy
- 8: 0 0 0 0 IO-APIC-edge rtc0
- 9: 0 0 0 0 IO-APIC-fasteoi acpi
- 10: 496 482 486 468 IO-APIC-fasteoi virtio4
- 11: 10 147 30 27 IO-APIC-fasteoi uhci_hcd:usb1, qxl
- 12: 0 41 47 38 IO-APIC-edge i8042
- 14: 0 0 0 0 IO-APIC-edge ata_piix
- 15: 24 20 182208 20 IO-APIC-edge ata_piix
- 24: 0 0 0 0 PCI-MSI-edge virtio0-config
- 25: 0 0 0 0 PCI-MSI-edge virtio2-config
- 26: 0 3 1 4 PCI-MSI-edge virtio2-virtqueues
- 27: 3075309 25 27 24 PCI-MSI-edge virtio0-input.0
- 28: 0 0 1 0 PCI-MSI-edge virtio0-output.0
- 29: 0 0 0 0 PCI-MSI-edge virtio1-config
- 30: 8 10 6 263048 PCI-MSI-edge virtio1-input.0
- 31: 0 1 1 0 PCI-MSI-edge virtio1-output.0
- 32: 0 0 0 0 PCI-MSI-edge virtio3-config
- 33: 2251 1443 1443 76460 PCI-MSI-edge virtio3-req.0
-NMI: 0 0 0 0 Non-maskable interrupts
-LOC: 2930727 2337740 2362650 2473899 Local timer interrupts
-SPU: 0 0 0 0 Spurious interrupts
-PMI: 0 0 0 0 Performance monitoring interrupts
-IWI: 172169 63376 48335 57101 IRQ work interrupts
-RTR: 0 0 0 0 APIC ICR read retries
-RES: 803394 677845 571916 698750 Rescheduling interrupts
-CAL: 22684 11471 17545 1233 Function call interrupts
-TLB: 82385 78148 78910 80389 TLB shootdowns
-TRM: 0 0 0 0 Thermal event interrupts
-THR: 0 0 0 0 Threshold APIC interrupts
-MCE: 0 0 0 0 Machine check exceptions
-MCP: 624 624 624 624 Machine check polls
-ERR: 0
-MIS: 0
-MemTotal: 1785008 kB
-MemFree: 255196 kB
-MemAvailable: 1299360 kB
-Buffers: 0 kB
-Cached: 490764 kB
-SwapCached: 252 kB
-Active: 329040 kB
-Inactive: 222876 kB
-Active(anon): 28888 kB
-Inactive(anon): 73412 kB
-Active(file): 300152 kB
-Inactive(file): 149464 kB
+ CPU0 CPU1 CPU2 CPU3 CPU4 CPU5 CPU6 CPU7
+ 0: 52 0 0 0 0 0 0 0 IR-IO-APIC 2-edge timer
+ 1: 16 459 44 16 71 52 37 18 IR-IO-APIC 1-edge i8042
+ 8: 0 0 0 1 0 0 0 0 IR-IO-APIC 8-edge rtc0
+ 9: 89 154 83 105 355 114 136 53 IR-IO-APIC 9-fasteoi acpi
+ 12: 201 49498 1295 1310 5642 1517 1861 1019 IR-IO-APIC 12-edge i8042
+ 16: 1 0 0 0 0 0 0 0 IR-IO-APIC 16-fasteoi i801_smbus
+ 19: 5 3 2 0 8 2 2 2 IR-IO-APIC 19-fasteoi
+ 120: 0 0 0 0 0 0 0 0 DMAR-MSI 0-edge dmar0
+ 121: 0 0 0 0 0 0 0 0 DMAR-MSI 1-edge dmar1
+ 124: 7929 1965 1951 91821 6129 4099 2324 2579 IR-PCI-MSI 376832-edge ahci[0000:00:17.0]
+ 125: 219 13 6 32 12 8 6 22 IR-PCI-MSI 327680-edge xhci_hcd
+ 126: 97 12 17 44 16 8 5 2 IR-PCI-MSI 2097152-edge rtsx_pci
+ 127: 0 0 88 0 58 0 61 36 IR-PCI-MSI 520192-edge enp0s31f6
+ 128: 0 0 0 2 2 0 1 8 IR-PCI-MSI 1048576-edge
+ 129: 725 32 125 185 13085 451 7280 254 IR-PCI-MSI 32768-edge i915
+ 130: 23 9 7 0 11 0 1 0 IR-PCI-MSI 360448-edge mei_me
+ 131: 21 6 4 2 7 4 3 0 IR-PCI-MSI 1572864-edge iwlwifi
+ 132: 713 0 63 42 106 45 129 120 IR-PCI-MSI 514048-edge snd_hda_intel:card0
+ NMI: 2 1 1 1 2 4 1 1 Non-maskable interrupts
+ LOC: 33592 27812 28870 27337 44352 61045 27556 32668 Local timer interrupts
+ SPU: 0 0 0 0 0 0 0 0 Spurious interrupts
+ PMI: 2 1 1 1 2 4 1 1 Performance monitoring interrupts
+ IWI: 4 0 0 2 0 0 1 1 IRQ work interrupts
+ RTR: 7 0 0 0 0 0 0 0 APIC ICR read retries
+ RES: 10018 4170 2813 2504 2970 1497 2333 2607 Rescheduling interrupts
+ CAL: 51614 26932 27696 38549 30005 38583 36538 38831 Function call interrupts
+ TLB: 44868 21971 22151 33281 24454 32863 30173 34882 TLB shootdowns
+ TRM: 0 0 0 0 0 0 0 0 Thermal event interrupts
+ THR: 0 0 0 0 0 0 0 0 Threshold APIC interrupts
+ DFR: 0 0 0 0 0 0 0 0 Deferred Error APIC interrupts
+ MCE: 0 0 0 0 0 0 0 0 Machine check exceptions
+ MCP: 3 3 3 3 3 3 3 3 Machine check polls
+ ERR: 0
+ MIS: 0
+ PIN: 0 0 0 0 0 0 0 0 Posted-interrupt notification event
+ PIW: 0 0 0 0 0 0 0 0 Posted-interrupt wakeup event
+MemTotal: 15855100 kB
+MemFree: 11478688 kB
+MemAvailable: 12987704 kB
+Buffers: 385504 kB
+Cached: 1340144 kB
+SwapCached: 0 kB
+Active: 2943928 kB
+Inactive: 985216 kB
+Active(anon): 2204596 kB
+Inactive(anon): 56576 kB
+Active(file): 739332 kB
+Inactive(file): 928640 kB
Unevictable: 0 kB
Mlocked: 0 kB
-SwapTotal: 3354620 kB
-SwapFree: 3353308 kB
-Dirty: 2224 kB
+SwapTotal: 7933948 kB
+SwapFree: 7933948 kB
+Dirty: 2456 kB
Writeback: 0 kB
-AnonPages: 60940 kB
-Mapped: 18716 kB
-Shmem: 41148 kB
-Slab: 898272 kB
-SReclaimable: 847964 kB
-SUnreclaim: 50308 kB
-KernelStack: 2656 kB
-PageTables: 5240 kB
+AnonPages: 1629696 kB
+Mapped: 242564 kB
+Shmem: 57684 kB
+Slab: 251912 kB
+SReclaimable: 179404 kB
+SUnreclaim: 72508 kB
+KernelStack: 6864 kB
+PageTables: 29584 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
-CommitLimit: 4247124 kB
-Committed_AS: 383304 kB
+CommitLimit: 15861496 kB
+Committed_AS: 8745148 kB
VmallocTotal: 34359738367 kB
-VmallocUsed: 149692 kB
-VmallocChunk: 34359524352 kB
+VmallocUsed: 0 kB
+VmallocChunk: 0 kB
HardwareCorrupted: 0 kB
-AnonHugePages: 6144 kB
+AnonHugePages: 684032 kB
+ShmemHugePages: 0 kB
+ShmemPmdMapped: 0 kB
+CmaTotal: 0 kB
+CmaFree: 0 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
-DirectMap4k: 67576 kB
-DirectMap2M: 4126720 kB
+DirectMap4k: 147456 kB
+DirectMap2M: 6608896 kB
+DirectMap1G: 10485760 kB
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
- eth0: 218836605 3199144 0 95485 0 0 0 0 7359507 57561 0 0 0 0 0 0
- eth1: 29582512 268313 0 93507 0 0 0 0 30026986 67532 0 0 0 0 0 0
- lo: 1056 11 0 0 0 0 0 0 1056 11 0 0 0 0 0 0
+wlp3s0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+enp0s31f6: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ vnet0: 32675 319 0 0 0 0 0 0 42342 546 0 0 0 0 0 0
+virbr1: 28209 319 0 0 0 0 0 0 27394 284 0 0 0 0 0 0
+virbr1-nic: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ lo: 92538 1136 0 0 0 0 0 0 92538 1136 0 0 0 0 0 0
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7
-qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ
-FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua
-Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS
-QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU
-CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw
-+IUzziMDFxJiuC4JNJkapdKX
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz
+wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ
+ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V
+1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w
+jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c
+/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C
+vAJ2oHvLkS1MOpYEUICjB6xe
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired1.example.net
- localKeyID: 9A AF 11 07 E4 1D BC 1C D0 1C 7E 7F 0C 91 F7 69 20 A2 88 E9
+ localKeyID: 8C 4C 0B E5 B0 98 94 3A D9 D7 F9 9B 4C 08 90 41 D2 D2 81 BA
subject=/CN=expired1.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQyMFoXDTEyMTIwMTEyMzQyMFowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
-ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOetOZ/lz5792Jijv3XL
-2sZ489lHQBYdaC87pXVJ7xTedmZ/S/dlKA9DYuRmZIay+pCZwDIxL8OSKTbQHjKN
-cXDOqVLzraH6VGjZPNjUxNrci23yoXC1GQkEcjSgJDU/kQeqbwppqr2mq28MK4XP
-fPZnX726A9kOYi54MJN4JqDXAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwM1oXDTEyMTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALam9ms8TMqjajj0f4Lp
+kkzchktMmqxsekP+x7juWbpWHA2jcu5k3FQ8uk6haYR2L5azhTugyvKMmUhs22QM
+xLklebk+vJgsFDYD+Hp1P/KOljuohaIEemNf0S5KochyQnsVaRlYUGjnSnms3BTH
+VoiUsmVgfTx+Uc+nFHyud90VAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHwYDVR0R
-BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAlW3u
-wOkP/n3NxCdnmsIMPkUfsYhB2QwOnXTeS3X0Wkb9UETJxL/wyOubx6rV3BCQDk0k
-bHlofR66DbqXkZ+W+LvJ4ibIaxkE6OpcJS3kx+twJ0Ii70tYPfoRcjAY4n+w+BIn
-CbVeXkP8zop5pnIJfmauz63oaOkPa2fyUeq+lXA=
+BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAiafH
+LUsttmpVmeexSBZLTDznG7cn+TnqwtXrzcxj0R4n3qwdN/JwySsxTGBtBRWYp2bj
+3GrEMxNZA05KtZ7dWWK2hib/Re8MqDoOEJmpgGxQAZ2i7qJdXGworodKU+dWPKDJ
+URTK97yW4e+l/krzF0ZquGYl9Lv1qeL75xB0FP0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw\r
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae\r
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV\r
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ\r
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv\r
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N\r
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5\r
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng\r
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7\r
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF\r
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f\r
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired1.example.net
- localKeyID: 9A AF 11 07 E4 1D BC 1C D0 1C 7E 7F 0C 91 F7 69 20 A2 88 E9
+ localKeyID: 8C 4C 0B E5 B0 98 94 3A D9 D7 F9 9B 4C 08 90 41 D2 D2 81 BA
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBdkc/9nuKRkCAggA
-MBQGCCqGSIb3DQMHBAga59grlxIvnASCAoAOPMW/jpiJuAtqmJJFeFmeUz8ucX7N
-laacTJjPGEXfmTNNsB/gBXbsEGm3yKSXIjcb1S62HFbdAbdpHdj0Usr9RxuBlcC6
-GcRdL3qt9YSZ/RuzFr0jYZbiqI3vB0N6fX8qg6Lp/AhZLxsRi2sAzdQ0cAHWP3c3
-6YpL0OTv0VJtqM6foAmmUwEU1xkSr1bcXML23I5Vm13OxkX1RdY1OyQqqJ48wyIY
-wdtxBfwQUobpNZg+G4ioqXfv1ZhsI0UyxKUYf5wP+7noQgv/SWGe3IOMxLZp8YOD
-lm0TMjB7L9QqzZlOT+AjkATuycetzPiYgxAey0JVvTk/An+jJqgDIkbeAxuGIQp7
-k146GsD4MiVtqU73dkZdm+ZsEl+rAbhjLgXuDNc0mgvqRBWr80PdBDWXP89n59by
-Vx55mMCB+4IyiFW/PdsydC8fWZH0EIE/ntsDCjyf+tDHkBk7nB9l/FlRJSY539vn
-PIaL6/7iCon+gGe6aHVTNtLJX9ICxFU4xFrhoprV4GBjCWLdaHc/al7kXKAO+3xD
-y0IT1ousFn8IsPvAZS2Lkn9V46ok5mUJXoOwnBMZWsHXhm6u0lVa7AweqJtYhUIc
-bdueSPVyblHDaXIUaL6oU0F5Y8DKDy4ZNKXRYaFrU9vT8g8EdwALpoWY38q7p30r
-K7HvXmGrW2tvDIKNKrycnQO0M27av3zpm44Ch5o97gXGZFLFnsfOcn3NN/tr14IJ
-m25WE5DIcxL5kIAi2/80PiR3Donj1Xco5lsx3aMuWAp1hkTC5PKN0o1oKZHCuXae
-7t0e655FRJ7DARZW+qqfnBRHQTRxDrgMgn3Q2R0E+QlS1YQJLXhsQvxm
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9iAVPu6cdvECAggA
+MBQGCCqGSIb3DQMHBAjfYK+uNUzfKwSCAoApd2yPxqavn4kI8V7+3bhs3VNKL+3N
+CvrQR3uHo+UQcRRhgE/mMzWvVxAL1YFwW8y5SQ/2qXyeT7Rfvqx6iOvWWpHg/yIp
+7FdwM83zCHgTEUGYTEzyhCbt4MZvvtf9SBhrqCT7LSg3oDklWj9xQ0BBBS1C5fY3
+g47WyXTButmUK0QTqENQrzCTm5QD1YJtZVD1zaWp6txUPCSv8zKb1HSZEFvetU6t
+P5LdIfja+2ntqipiU6X53tN3RphZXJtquQH8oNLxwmixgDfHQW7+cPrZGUJ4MfMy
+nJOWzjalg2/LT6P/LCxI4wL7nlVQvoT6e2DByHMnG+dvUN6DHTUzBTGabzVQN9KC
+HfiNWtmsQlb2clcd9WKmuVcGRiI944o5PKjn2kfrzZqWIa1R0Os0Y55sOg4981nK
+VsTsUNuc4ap3V8m+3MI3yTXD7nRwZaHw5GTdacGOWAS+7v+dm6z8sqB+fjDsgwED
+3t9b42N4LmMEX5GrmJ0lE/3PqF3emYmJfbkAD6Juf1Y+jBRzEhav24y6p7dBwlPo
+qrntYHRikiOlwMVJQ/qsLsJwz87VhYhslRpmERE/vp44uENGTu/1JomhGKDXpZDL
+P+Q9iuGVAJihFF2AsaOEQxHEKMxY7bOmHjSoiF8bzloi2PHkwF9tZqdfRjoRjLnH
+YEWTuJ1DvzWGskq+oy/3ywzZg3BjO7H5hD38ujdp/xNfsGre9yZYIr8VXXFSyPEe
+XfEqrgjnAeAiAQgXiHOJXQGr/cwRn1wS1bZPJfq4P0ubdymdtkwdTfR189fmfQGD
+AoUXyRdU+Ewg0ne40wON6LQjkAXMw7FPP6jJIC8fLfwhuXw3w1EBqD2p
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: expired1.example.net
- localKeyID: 9A AF 11 07 E4 1D BC 1C D0 1C 7E 7F 0C 91 F7 69 20 A2 88 E9
+ localKeyID: 8C 4C 0B E5 B0 98 94 3A D9 D7 F9 9B 4C 08 90 41 D2 D2 81 BA
subject=/CN=expired1.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQyMFoXDTEyMTIwMTEyMzQyMFowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
-ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOetOZ/lz5792Jijv3XL
-2sZ489lHQBYdaC87pXVJ7xTedmZ/S/dlKA9DYuRmZIay+pCZwDIxL8OSKTbQHjKN
-cXDOqVLzraH6VGjZPNjUxNrci23yoXC1GQkEcjSgJDU/kQeqbwppqr2mq28MK4XP
-fPZnX726A9kOYi54MJN4JqDXAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwM1oXDTEyMTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALam9ms8TMqjajj0f4Lp
+kkzchktMmqxsekP+x7juWbpWHA2jcu5k3FQ8uk6haYR2L5azhTugyvKMmUhs22QM
+xLklebk+vJgsFDYD+Hp1P/KOljuohaIEemNf0S5KochyQnsVaRlYUGjnSnms3BTH
+VoiUsmVgfTx+Uc+nFHyud90VAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHwYDVR0R
-BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAlW3u
-wOkP/n3NxCdnmsIMPkUfsYhB2QwOnXTeS3X0Wkb9UETJxL/wyOubx6rV3BCQDk0k
-bHlofR66DbqXkZ+W+LvJ4ibIaxkE6OpcJS3kx+twJ0Ii70tYPfoRcjAY4n+w+BIn
-CbVeXkP8zop5pnIJfmauz63oaOkPa2fyUeq+lXA=
+BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAiafH
+LUsttmpVmeexSBZLTDznG7cn+TnqwtXrzcxj0R4n3qwdN/JwySsxTGBtBRWYp2bj
+3GrEMxNZA05KtZ7dWWK2hib/Re8MqDoOEJmpgGxQAZ2i7qJdXGworodKU+dWPKDJ
+URTK97yW4e+l/krzF0ZquGYl9Lv1qeL75xB0FP0=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDnrTmf5c+e/diYo791y9rGePPZR0AWHWgvO6V1Se8U3nZmf0v3
-ZSgPQ2LkZmSGsvqQmcAyMS/Dkik20B4yjXFwzqlS862h+lRo2TzY1MTa3Itt8qFw
-tRkJBHI0oCQ1P5EHqm8Kaaq9pqtvDCuFz3z2Z1+9ugPZDmIueDCTeCag1wIDAQAB
-AoGAZOIfp6sw37D2MnGLm8XrPGXK+aB3HaoshfTZNdu+Cj5dHIDuGYqpCQx08bRM
-rgMd7P2mnbShce4hmEbD/4tsC7kCGGtwRsxeVZyxklgpBXRMGjQghx32JM9jn7lE
-0ZVILJlrKRFlUY96wAB3rjAefPqrpYV1d48fVUc2/ofXSAECQQD+xRAkJfKUn+wv
-1ro/xwsITbCWLTL4Gl6LTM5pbEsrA/CU686A6yW5ku5CnjoB3XAz4e71fMepf3WE
-GHzILb7XAkEA6MudfRW9Yq5HkKpkwGoSPBsE9ip5fszNDLmLxjAKI9IzLutSwtFU
-Gh/0B4FJpu+xUiWgQTVozBwvEnKjmzvuAQJBAK1fASr4P+nwIlQzta7tDo7p/39S
-5tp7Z1c4P0bykPyGw9Mz3OVSH+v3FvhyoFrgjBhiabDY5y5rNFdeKpw2tSUCQQCH
-ST0+4hFrdai1U7C1eW8bawBZJpnwrIhFatbl2CksZA3GqI8yFIBxpjwk2Ge7EfTU
-rnURMD60z3Qznleh8RQBAkBRm+clmkmjPx6ZzD5+3vX0lPa+Lf4HQb6OqgJpchDk
-AkFnH61DZRdCX7DRipkhzuBlzK0tbSsl+labyfTY7g2H
+MIICXgIBAAKBgQC2pvZrPEzKo2o49H+C6ZJM3IZLTJqsbHpD/se47lm6VhwNo3Lu
+ZNxUPLpOoWmEdi+Ws4U7oMryjJlIbNtkDMS5JXm5PryYLBQ2A/h6dT/yjpY7qIWi
+BHpjX9EuSqHIckJ7FWkZWFBo50p5rNwUx1aIlLJlYH08flHPpxR8rnfdFQIDAQAB
+AoGAB/2u/8sLf5iiO0c9ZlLBQwe7tvCkGkhWrC+XlJhxg8ytWM6MMAuyByUl3cnM
+wFvBVIa/HNOnaxVKDzPAAJUP2nYCVKUhHT5H1/ifG+sovO7K3KAvUSgthJMFIQwp
+urRAFAI8ItacZh5Gwf6VEIw2Ivpt0/YRBfT8q1wRzLKrVVMCQQDfI47B/sCROF7X
+PDpCVih1o9TYRQnB1n8UXZ91oYUd9/NNjM+qhcj+vvxDoXySWHTRHY2bZyY37qkc
+NNWCttubAkEA0Y0JgZ3Jk89p7LEHdawAkKvXd9vP7HvC1BjbcdGSggs0OfRCv/2r
+QelPlxCyBiieEUBbXdxzhq/ammhmwsBtDwJBANfWzEMoidqu3UZzMqNyNca9R6g+
+95YxRlFL0m/1Yg9ABW/RMhrvOCH6WYeN0DK7L5wLayuUFirqR1hKXvEGsdsCQQC0
+bBWyRxPnMx+FjorYsyataXeUmGr2tzxxd5GB9yqI03K9L2VFfvi0QFipvdM54EDw
+o5PHRecmIUU7ywYnSpzbAkEAvmoueUG/+ZtS0QFzAc5X4qdZBPhHXZqPzG7EodrP
+9JxPzbtd5ydroRoQIEv6t9zlpRVDinMzoeCA6fbFbsrdTw==
-----END RSA PRIVATE KEY-----
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7
-qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ
-FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua
-Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS
-QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU
-CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw
-+IUzziMDFxJiuC4JNJkapdKX
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz
+wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ
+ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V
+1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w
+jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c
+/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C
+vAJ2oHvLkS1MOpYEUICjB6xe
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired2.example.net
- localKeyID: 1B FE B7 F4 F9 64 D6 55 85 0D B8 4F 66 7D DD 24 CE 4A 67 95
+ localKeyID: 09 05 6A 30 14 31 F8 40 DC EA 06 CA 52 BE 1D 22 3B DE D2 C6
subject=/CN=expired2.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MjJaFw0xMjEyMDExMjM0MjJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
-bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVBCb/zCK6rPCw1M9n
-PBc8vzTv9QMlMbkC5tNYzYcL/9r4AC8HoIsPrs/mbGwPdzGDfTRVz7XsYHfm75Ir
-6W4RGkh8y0mHQR9FidE6OtlhsuhZjUez7DdIusFZpwpusmhbwl2PkFF5+w5xRN/p
-mI+AH3EDLeL4e8rGEDjUlYEHBQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDRaFw0xMjEyMDExMjM0MDRaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzNkxwec9ojJFsCyEr
+TAgCTdOF6iJTzJkyvZVJvhVoa9JRjlNL9tKmQl0TEI1iINQ46uhnQ8xtRuqgZyTa
+RgIsYMWT1o0PtFD0dDXpI3NkmWgkVMTmI+mBfS4DDBd5zG4r1qW2ZkWriGPd/Be7
+kjsIXvKfhzJT/X4Q3vnmgD2SLQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMB8GA1Ud
-EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAK8/
-DlZCyZtARfYN3wRLvn5QP397KqugKDRSGW5pQVsheBPCe5DPnZ6XbL1DWQgzoAA6
-kRBKNm5l9C5lOtzcD0h8OmX+GOpHZyVF4LGKTowqKeS79CxqOCzYvOsOIfHcI0AF
-jARIiZn1GzMKQvrf3Lq7ctrs5M6a3GCsbr38rvlr
+EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAKli
+I2LORJdRj6SUnyA5wnuIIJ8hmCur9T+IfclLrsUOFixrGd7GYkOKkQgulErZth4e
+cz2IQvc4dsR/moJxiVJvcgRJ+bPSI+K1jTVuZo3RY7N+kAMcWmiWNWlvfx5sQy91
+jkCpTUy+4I2Uj3iRxuQK6iGKyx2t7RH495VfXn5J
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw\r
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae\r
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV\r
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ\r
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv\r
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N\r
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5\r
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng\r
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7\r
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF\r
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f\r
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired2.example.net
- localKeyID: 1B FE B7 F4 F9 64 D6 55 85 0D B8 4F 66 7D DD 24 CE 4A 67 95
+ localKeyID: 09 05 6A 30 14 31 F8 40 DC EA 06 CA 52 BE 1D 22 3B DE D2 C6
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIo+Z1MMAxXMUCAggA
-MBQGCCqGSIb3DQMHBAi2sn4DoRlq9wSCAoAFcaKcbpOKq563nFJqtRUeC50PJsns
-uRnK54IDJV8FyiC1k4YRFuyzD6v0p2CyNp7AG3bBo7CvMCcVaPZQwU9QB4/m7/VQ
-9BWHjJuNyK6Ea4T7j+N2mnqhKTUDxgu3uSMgjgykkpiduCGVXetabt0GNWLs+zNh
-I+NESGFS4E52Lec4g5kBuCfDOR+gAXV0Gbc8/MaHygAR2/rtRn5Nc+wutKchvCzx
-SUQFiK6NFnCB5fuci1A1P8nZckk9ik987f/lY94EgWVeXy36Dnjk7S3l7bDqAwVD
-aglrZfXarhts4VCj0JfHKfZ+Dw+2Nl6LZzaTEBeGWyQ4IRZxn7c5CQv5PtK22oKx
-00R9YIaEwKnkLqwhxGnOL3isNixuMQsHAvBvzf/3rRkiN++6NlWKwF4ULcb9qm+O
-k/KEITJbFxhOogAS3aZmXD8NeJPzbQ8CTrJGs5lT+xatb2pqDC/9FpYcLSreTWNu
-3T0EjfRCOmW5E5pPlpKIFxRUd/U0tHC26v7mOX1nTCnrzRVQALliNUnDCXDKsVbQ
-QNrkUwdSba7SrVy5Gxrd23mQriJRA082pA7fZ/P8hqKBneB0xCYMdsd2wOaA8ZUz
-OxvvIcEOaAjDWVOYoi3TKBYxhaLLFFbeDITSAVSbvqWXWzWflPaAfAU0jkSK4mHb
-Hj1wnmCexxO/Kv9sYxX1Hq3b4SrrpywWDwCR70AewdcftBp8tw4uV5A0EZoEjutA
-pQMxFSAPdQ/vBmqLNZzYQlcbhTY4cnIEnlfG7cG458h2pUT2wfqYaBki/Ehjl5Yq
-R2foB9GcFuGxNTsUheREjG5hQMHLaZISpA7ZZPkLpL+ffrNZr22lQDq6
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIX/6iAvJ+djQCAggA
+MBQGCCqGSIb3DQMHBAgCbjjMCQenvQSCAoBe+ruh68oZ5C59n0MZioRk71eDPokd
+vVl9WuJ5jC7h3Zo7ELDl0GRGUxunULkGPsUyj6za/64OALKIcrLbdWnqfVjssF60
+l8TansAcp0ZwWcK1BGSXopYFNSUdrZtW0l9NSLp/rBvtvVeT74LzZ3GY0QN/IA/o
+9ZcmYM11XKJU8dCTJ6AZ7xnBDnJWDrsG3imcBdWDKLORhBrRYyCDgUVwc5nT24gS
+uOhUV8PzsClUglGVSeXbnUDJRwETG/IraToPjxUi/YS/MJVXecHCeR0kDRb4dvMU
+BOQ1Gn7bbKpIfaCJgLBiCGzBm6AIJ0NTQnhovBm9N6w22DssGZ18P5EjDj0ppat+
+42YMgH6CJE6RPT4CU1NvIthe8mhYJVVzXEStFSStF2igxcj+4pTdx5+mz8EnzFch
+M99vzblIivfh2CnR0DJceQf+G1WFwMqu2on3VEqYEyKYlFTkan8QkbCz21eI4UsV
+IVqlLurlGbIoDYK9ttBN8YrKFVemoE1lrZVQj2aPHIoZCZ2QQxrQYxv9B/BnnUOF
+3IUMGgzdzvs1VwH2SBLHIZtb+8LrPkNb0gtEPuHJKA8yZUobARVWaeaOXaxz4BM9
+RUGM2AyFnhIhfrZjinT3RShVjCkVTTng3JaJDcqgmHIeLGR/J5ZRO/bTyXMHFAly
+ib7QjkgnxAo+Bv+UHO9rCBp8vVKg1Digq4PnNVosYRMOz8Ew9U4/gnbAK2qkrY8h
+yqSAc15kgEU3ezSkZnsKqoqXMA6CfmtXAUNWnPXsdCDfcFdr6+BlP+uT1n4Agacv
+inqxUoOHAn/nw4NQmdwAzpDtIlFCJjT18uTVhDknDRF1UACzR1tsCA3g
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: expired2.example.net
- localKeyID: 1B FE B7 F4 F9 64 D6 55 85 0D B8 4F 66 7D DD 24 CE 4A 67 95
+ localKeyID: 09 05 6A 30 14 31 F8 40 DC EA 06 CA 52 BE 1D 22 3B DE D2 C6
subject=/CN=expired2.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MjJaFw0xMjEyMDExMjM0MjJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
-bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVBCb/zCK6rPCw1M9n
-PBc8vzTv9QMlMbkC5tNYzYcL/9r4AC8HoIsPrs/mbGwPdzGDfTRVz7XsYHfm75Ir
-6W4RGkh8y0mHQR9FidE6OtlhsuhZjUez7DdIusFZpwpusmhbwl2PkFF5+w5xRN/p
-mI+AH3EDLeL4e8rGEDjUlYEHBQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDRaFw0xMjEyMDExMjM0MDRaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzNkxwec9ojJFsCyEr
+TAgCTdOF6iJTzJkyvZVJvhVoa9JRjlNL9tKmQl0TEI1iINQ46uhnQ8xtRuqgZyTa
+RgIsYMWT1o0PtFD0dDXpI3NkmWgkVMTmI+mBfS4DDBd5zG4r1qW2ZkWriGPd/Be7
+kjsIXvKfhzJT/X4Q3vnmgD2SLQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMB8GA1Ud
-EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAK8/
-DlZCyZtARfYN3wRLvn5QP397KqugKDRSGW5pQVsheBPCe5DPnZ6XbL1DWQgzoAA6
-kRBKNm5l9C5lOtzcD0h8OmX+GOpHZyVF4LGKTowqKeS79CxqOCzYvOsOIfHcI0AF
-jARIiZn1GzMKQvrf3Lq7ctrs5M6a3GCsbr38rvlr
+EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAKli
+I2LORJdRj6SUnyA5wnuIIJ8hmCur9T+IfclLrsUOFixrGd7GYkOKkQgulErZth4e
+cz2IQvc4dsR/moJxiVJvcgRJ+bPSI+K1jTVuZo3RY7N+kAMcWmiWNWlvfx5sQy91
+jkCpTUy+4I2Uj3iRxuQK6iGKyx2t7RH495VfXn5J
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDVBCb/zCK6rPCw1M9nPBc8vzTv9QMlMbkC5tNYzYcL/9r4AC8H
-oIsPrs/mbGwPdzGDfTRVz7XsYHfm75Ir6W4RGkh8y0mHQR9FidE6OtlhsuhZjUez
-7DdIusFZpwpusmhbwl2PkFF5+w5xRN/pmI+AH3EDLeL4e8rGEDjUlYEHBQIDAQAB
-AoGACrYgPemmb2ul2MaCvWa0pm3Y/B3+b/7dlktEImmHWm+ds63Sr5f/liTMuIII
-Nwjf2QRRPuVoeP/q15aBa6rbyXHbDjTkKrqFhOTdoEIuwJUK+XFXjY6nuNGlDgbJ
-MGt0zFvnc0HX8w7IF+UswicZwP+B7X2vvCkviASAJEEEl8ECQQD2t3vx35ssXZry
-SDizl4REmAElp6nIay1IKi7PxidiwZdjA9I25KIYxHvq9BRGBFzT2Jo9JYpZXgrh
-q7DFJukhAkEA3QgLsKQEztzSm2D9gPbXvLqnYep3a/sRW/60J9g/BtjFBFx8HNsy
-oxVGx5iId6TN0zu8XJVbuuYhwg51y2RtZQJAJPLvzhaV77wJE5X7X/ImLfux2EjW
-5ZwfiPpATn+3sFOb74lH906gdCMhB9wMGTxYBqYe219+68loycljzPL54QJARPFv
-hAeFIGksoB6etA1KuamW8CnMWjgT8BgAZbVD44TV30hhxjZxEwFd9IAVgQw8zziA
-xngoBqIlwXv1Lh4DKQJAd9TcaAxoTOwxcjFwo6bQzAMPk3DVxcBK94M/s54Bd9iu
-Do79WbyY1PwkfGbqm0ZU6hQ/ebQ8VpN0aps/plbKCw==
+MIICXQIBAAKBgQCzNkxwec9ojJFsCyErTAgCTdOF6iJTzJkyvZVJvhVoa9JRjlNL
+9tKmQl0TEI1iINQ46uhnQ8xtRuqgZyTaRgIsYMWT1o0PtFD0dDXpI3NkmWgkVMTm
+I+mBfS4DDBd5zG4r1qW2ZkWriGPd/Be7kjsIXvKfhzJT/X4Q3vnmgD2SLQIDAQAB
+AoGAImNPbJ+7EE001F4YWcYHnWWQqpggSSMv3GArhtBuLDDQVSzxx9hPWG7QjEl3
+T7aL8nYE7VfBoNBkUi4okKexX79JJM2+05EdYXIm3aYjA+lwgESIFFNr/TxFHC+E
+jFCRmhddUYPmUf5lbs+6ICvPyKTVmShfLb8R+j6gKeXcljMCQQDiMelc2eBM6waF
+3MVemNAqiPpgntpOKJPuHpSnugGDHMYO1Al+mmMLy9ru8G2htOy/RCzdGefhK9Yv
+N2pSEMbvAkEAytOLZHcDeX8j8AgPydkfkHE4sQjY0fiSHBY7O3FU4hQzeALXEfQ5
+f99uLVRBP4pndiXsbkJa/DvkIvEU9Z+YowJAcJeDn9JcEi2TC6L/I71RMTsJ1np8
+FBeiuw7B1FOEWS1DcTIen8RdtQt+KR3IlIuopPRcmJpCkBTwAoTFCaCMRQJBAL3w
+f2A05+cWflQhaI+xKhL9RIbdbxaq/kEZPJz9E+2n108y8a+Zk2NBnI8MkRHtDdih
+yRi0QTpm580lEWi37ZsCQQCki1fxtuErImwvdQhnuGyZWu/2v0AhRlr3w3QLgs8Q
+Gcwpvv56og8XdKqJ+ZHjuxfbnV2X9rXJ12ywNaQtxZ5I
-----END RSA PRIVATE KEY-----
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7
-qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ
-FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua
-Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS
-QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU
-CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw
-+IUzziMDFxJiuC4JNJkapdKX
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz
+wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ
+ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V
+1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w
+jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c
+/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C
+vAJ2oHvLkS1MOpYEUICjB6xe
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked1.example.net
- localKeyID: 2A AC E8 62 3E FD 18 F7 B0 8B 34 15 B9 75 FB 67 95 D7 09 CE
+ localKeyID: B9 50 B8 D8 AC F9 E3 3F F6 C9 39 EF D2 03 54 FF 4C B7 04 F0
subject=/CN=revoked1.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxOVoXDTM4MDEwMTEyMzQxOVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
-ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM1WXW0S7RgmWV4aWaOU
-dgKR11AozRW4lPaV1RBuES6KFpf3UaAidXB4b4b+GCPSm/ipkIuKgndhZLF7I+sw
-fRtxCivf2Ma0DHJsY61ngf17zBP65nMmQAev360R6plasC84mjVZeYtPSpy/KUgY
-1Kfg2PRTMfPIPmBvaK1Rx+Q9AgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwM1oXDTM3MTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOrqKjZH8h3OBLrGB30b
+KJNKeJq0+93l6ojTCdaCRY9/LaTrHMcz0b9STUJr40NtD8rrfrqHT+u8LyiBFGPP
+WXtau5oPn0nwfPCwnMCqRL0JHP8rcNjkJ2IrVMUaxf7ESt37gP9HtY107W/M65qM
+I4L8fQKSFAOE9S3mDOr5LwGrAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHwYDVR0R
-BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAB6xH
-EtocDYao+0eNrhKVnr5KZ0U2Ll8GF+xUoZrkDwXs1o5Juue/+1B4CPcK2UlqH1F2
-UDH40fPCKzdZeKfkpvU3+iqrht1ThJf6AOERqoqFCfxmb/Zvu4YgACkCZezlyCfK
-IbLb7ZU0lAT7wu4/T3bxKp7NdU6QDEoQq5/NgUA=
+BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEApfi5
+vZVllEdnt9Ak/2SGu7jNuKWegXJaO9L04B3Bjdr+KMM2lRUSEkWGHg/KIdIPsOC2
+rH0ThzwFBq628WXf+1eD2KdSMK2YMrAWXV9Xt+rIjz/NT8mvjsl0dKU13gwnptqs
+cgOCEUY8hm0LET0p/0NmyRwKqZsvqDgoNEnHzuw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw\r
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae\r
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV\r
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ\r
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv\r
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N\r
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5\r
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng\r
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7\r
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF\r
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f\r
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked1.example.net
- localKeyID: 2A AC E8 62 3E FD 18 F7 B0 8B 34 15 B9 75 FB 67 95 D7 09 CE
+ localKeyID: B9 50 B8 D8 AC F9 E3 3F F6 C9 39 EF D2 03 54 FF 4C B7 04 F0
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIT4DkRKP6XOoCAggA
-MBQGCCqGSIb3DQMHBAhTQIh3a3KSlQSCAoBB/GpPS7kNKT+442dnPS4BXbT3hxg2
-9/tZPRWHKIYh4aCzu+QQbjJ73jLBmrjlwTHyaTJYuOTHxMW5rnji8U+2hX3pSBgi
-3cBmcH8pfsx8IC0Y2JyM65tJItCs8Uh3Zp6TKBddc5bDVbKrC2wS8xvm9QILJT33
-Cvm6oC/3HvxmnSHrpm8Mt/WhwvYY1SlSueGrQ5iqFnqtnOmMicKQiieWpw2b5++v
-OVmHsSbuh6gfTPCVovM/Q0wsGzHRrYbyHVoUJFTBGDlLrSru0pOHyDpQHfTTfGF/
-EFClCgcWtu3pcXpyjCdsvzuawxQVFyTKTojxNy0TLNcx+4U8kma+1kFPn2+umFlp
-VN2tYfOVDOBHDft8kthaQfPhE9yQo+CGBE0fqpxCteXqoObFpQnn+fR4L2CUPvgg
-+WZcLm3ig6WNhSjx1kQrp6OEALi0oCLZGKmOs1FyiKv07AyrsuSaBw1k4cHWgn1f
-LWvF1ndpgRCh+WFGrjYkkKI3KU+4EFRCqUIPFruALtUSymuThbvyJY1lut5MilmO
-t3WGkvfIEQhrSN58lT7eJcNn0m4GTznRITc7pJ6N8jNnSKFRzTUJ/auWncDvdNYh
-jEP/uEn9aOMjS0hHGYzl0YPsC9ryo1XGEi9kh0TSI/UVP06GgAXKYl6awe66l8pJ
-61dLP2O/Pim3FeRcGVBPA6uBdPVx2gr048FgcrOSX+KTLA+bnEJhMGNuUf85pKvD
-jUlYG38fypfjQk8eQfJiuMpcipT0aQBxHeRvdsygGqxkzjOFbYLVmvDhw5xR0Aml
-K3tZHz2mD43xCfn1d2H9fuHj45Xabk+aDY4p2gP/qsz2SiiHXb6Ytz7x
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIWBK2hryEVlACAggA
+MBQGCCqGSIb3DQMHBAh9wEe6UUaoqgSCAoA7ZNT4mYD7fU9qRc7DECUXO5q+VmFm
+H3rmQOV0npaSJb9EVF1/ZCayzYpCAV7n0rXkXdnDY/j/jACCMa/EXnRAp5v0z1nC
+U3q48FwjBXyJpUiZsxq8py+8XdQrILFxNO6gELahmMU11ZC5Car1UunWYTZfVr+7
+MpP3PE9KqqTrrIWlUDj7b3UuMIvX04pq++4R01/ctA/SltzsjH0Rv1bbuvoLdTrZ
+MhBMLZG54Y8W1a+VaDdXsatiZn0TxZ6hCg3LszJ7eh0/xasXPfjfmqT3wnS6lzSE
+nsSYJM2jgcKQi/WCHqXIMl2ZQvvVTmja/0P5IZ94EFMzyItP4DPZY5pWv1wAk6wZ
+DTQTrxsBbZF8DuO+yTA/3iPTMHzYdsqLyZMTg5mEdE8dIEJu5B3Fx7bNRgvAcSU6
+GRnNdFaXKfb/LmZu0KDBpHF+BCqMRAFXqSsijwyvwy1Jt23QLFQUajZM7yms8rX1
+ev6tlSpSVxhlUnwEuCVNgbact8YfFSEeAv3hmFPTt8h3VmNp06Y2C/U8hBNJm+SR
+b4H6RdUFq6i50ygd52HEO5NCwQuDsQMLLysDau7plUOdwql8NO1ji0PzLYIbBowZ
+WhibSjWx6bKpmwNS+Dh//BY3XosvCNCHRRm+QnDqnK2IIFfPGuabw2YlmVTqSY0V
+ooOq3iaKuhuREakZ6XaW2l/bQel//9uVkb5aqo8/8Zg56xEfIVg+6XNiG+zIBtj6
+en0y6/fWLT9zonam2V8h7FUdsIGLsHMoGoWaW7ItZqrJF7Z9esgz4lU7gOtWl7YG
+Wd2KhJfciJcemystNsUxB5opNg37Xz54bwUcAKvceCmSaq9ZzAkklhFa
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: revoked1.example.net
- localKeyID: 2A AC E8 62 3E FD 18 F7 B0 8B 34 15 B9 75 FB 67 95 D7 09 CE
+ localKeyID: B9 50 B8 D8 AC F9 E3 3F F6 C9 39 EF D2 03 54 FF 4C B7 04 F0
subject=/CN=revoked1.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxOVoXDTM4MDEwMTEyMzQxOVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
-ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM1WXW0S7RgmWV4aWaOU
-dgKR11AozRW4lPaV1RBuES6KFpf3UaAidXB4b4b+GCPSm/ipkIuKgndhZLF7I+sw
-fRtxCivf2Ma0DHJsY61ngf17zBP65nMmQAev360R6plasC84mjVZeYtPSpy/KUgY
-1Kfg2PRTMfPIPmBvaK1Rx+Q9AgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwM1oXDTM3MTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOrqKjZH8h3OBLrGB30b
+KJNKeJq0+93l6ojTCdaCRY9/LaTrHMcz0b9STUJr40NtD8rrfrqHT+u8LyiBFGPP
+WXtau5oPn0nwfPCwnMCqRL0JHP8rcNjkJ2IrVMUaxf7ESt37gP9HtY107W/M65qM
+I4L8fQKSFAOE9S3mDOr5LwGrAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHwYDVR0R
-BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEAB6xH
-EtocDYao+0eNrhKVnr5KZ0U2Ll8GF+xUoZrkDwXs1o5Juue/+1B4CPcK2UlqH1F2
-UDH40fPCKzdZeKfkpvU3+iqrht1ThJf6AOERqoqFCfxmb/Zvu4YgACkCZezlyCfK
-IbLb7ZU0lAT7wu4/T3bxKp7NdU6QDEoQq5/NgUA=
+BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5uZXQwDQYJKoZIhvcNAQELBQADgYEApfi5
+vZVllEdnt9Ak/2SGu7jNuKWegXJaO9L04B3Bjdr+KMM2lRUSEkWGHg/KIdIPsOC2
+rH0ThzwFBq628WXf+1eD2KdSMK2YMrAWXV9Xt+rIjz/NT8mvjsl0dKU13gwnptqs
+cgOCEUY8hm0LET0p/0NmyRwKqZsvqDgoNEnHzuw=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDNVl1tEu0YJlleGlmjlHYCkddQKM0VuJT2ldUQbhEuihaX91Gg
-InVweG+G/hgj0pv4qZCLioJ3YWSxeyPrMH0bcQor39jGtAxybGOtZ4H9e8wT+uZz
-JkAHr9+tEeqZWrAvOJo1WXmLT0qcvylIGNSn4Nj0UzHzyD5gb2itUcfkPQIDAQAB
-AoGAUMaZyA+671Yer9Mj0iLT7Zzbm7ABRXswNnSotWbnIWy3CJ8FID6N/mmSTgNl
-EaqHKuHhd9NMEZRhnSP49EtF2zIja4GyMHegemv5N8qsiYP98S+vH4hk4/sKIqHB
-BhLOFf/rd8kyXdJxkzTh+9/Cw8AxdYl0BNApuM15zmYa3o0CQQDvqdpJ8M3Jq4eV
-tABvH2UjS0zcH2Xg2u4Yxvr2wuIsMhScqIeww/DvnpdaWWpBEUA2ZtmttNZebpIi
-H+gfjZdrAkEA21WEwzgDx9LNOTaVjASeHp4jcPQU0AVDiMvh0eBuaGlXuhsq/wcO
-kvSU3/CEpWIT9UO+m6mjL4nUuXkmRU9k9wJBAK22AUCCx8YbDAVYGNBygw4X8DfE
-kkVuqhFPeGwPSXwbOJFsHh3jh+lGnBGiqb9Lz60e0zxyzMZZgpY1Zjwols0CQCDN
-959jH12hr8Qg39kjT6rwqAha2UoLn4A0TkAfuyOurcpOCe4+1fUw05ty08QQmT+T
-tEx/4MJZcRGUhx7Ssx0CQQCF5X9X5kNNLVTEjmnGSJHobuLUYXRH74olKGAxfQm9
-YuKwgEJAGEAuAG9+QYMJsBPsqm18w6bd0FIhrqNzW+0+
+MIICXAIBAAKBgQDq6io2R/IdzgS6xgd9GyiTSniatPvd5eqI0wnWgkWPfy2k6xzH
+M9G/Uk1Ca+NDbQ/K6366h0/rvC8ogRRjz1l7WruaD59J8HzwsJzAqkS9CRz/K3DY
+5CdiK1TFGsX+xErd+4D/R7WNdO1vzOuajCOC/H0CkhQDhPUt5gzq+S8BqwIDAQAB
+AoGAFLdNVt4Y9t6zjt9ml6mTQwuLmTEIQqhDR4k80kLiUxltcznpa5O64nryjAuR
+muEwrFdm8WVI+5cfA+mZXIS59W1pXGeJ7+plhLEan97ja6bQKHUAzfJoF/iN3B0y
+oSC7DpO5jcI4s/iF4BgHFk6/CRGKqnmvHe3F+69IaRoeVKkCQQD1s4zslyBoCrvH
+2dESoKGRVgm/DgOL01ky1igkiMj8ICmOkjI+kciAKnGOcQEgUW48rgV8zYTA25mi
+3ZT6pjutAkEA9MLeym0eGVER5bMvhes9QTtIpaOvEIhgFGGq50mbcPfE8s4Uq8xL
+oVfDL2AEIsV7mpXxxbZrfBat/rxUEO7dtwJAQnHC63xXFCvK6lnaM1pjNwV4b0Vf
+6iFGnvvRMUgYai5cbqTUl50fBqHzwZyHvHCpChnZfA2sF+eLHcMkdcAcpQJBANfw
+xVaahp+XYs7hE+B29ogCoclhbCaN6xaQRJPh4P392wjMwHgBuggSweWeNIfo63Ar
+Mi9ZDeNgrwm7Zf+6fmkCQARjGSwgobjSXiABXj3t/psyoeEScKHk2vwjgUtjHWMS
+imyxwPsWyorJxFYLT6EWjkGd9OSJ3EXaBbNWFMAMbgM=
-----END RSA PRIVATE KEY-----
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7
-qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ
-FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua
-Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS
-QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU
-CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw
-+IUzziMDFxJiuC4JNJkapdKX
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz
+wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ
+ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V
+1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w
+jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c
+/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C
+vAJ2oHvLkS1MOpYEUICjB6xe
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked2.example.net
- localKeyID: F8 C0 F0 9F B1 B0 60 D3 BE 6C 2B 2E F9 EB 57 9F C3 63 FB 20
+ localKeyID: 7A 3D 99 D0 B9 57 D0 D1 D2 6F 5D C0 3F CA F3 A9 34 49 BC 45
subject=/CN=revoked2.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MjFaFw0zODAxMDExMjM0MjFaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
-bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDnDs91kOgdASz36BY9
-VC9wr7fB/tc1Gh2HoJqofTKR+0bD1Bi2MiA+LtRxitsaoNOS0UIxebeqaZ570H/G
-MN01QVwsxSrqxGPESUrLybk0qUxnd7MkRnq1CKjldCG7ufH3ACFjlOGUEbbCIKeY
-bTyBbFjrsCRdzoyeSII4y6HxJQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDRaFw0zNzEyMDExMjM0MDRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6mq2TPyXL30lDv6nm
+k6cDAfPw70OceffXFbBtGT0gVYo1uu3uwbgsXlVAWKbOVwB5eyANgjCu1cT8Ijmu
+Smver4PEI54NVT5LCMhaqZh//eh99KCeCL9bsRPFWNP6HLYDMJrLbEfcCTk+l0NQ
+1Qw9CX5d5YTQuIsJtad8I3bimQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMB8GA1Ud
-EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAGXt
-Sqxp2tsIOszNEdaj8QGunGxXWfX5J8z/XjPhJz0uLTTau7FU12Kxs/UrKq1Y5Gdr
-6VjY0aRj4MylBx7QGMtHAHcHHs90Fb9sA4lCDfrFoP4tkLFOhyJRIj525SLN8nHW
-u0dr1LlV0T9SNfsFDkyNhlb8/5TxM2ujGcQVvWlU
+EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBALZH
+gmXhmLpZ7kqPoOiA/DU17X0wfouWx7wPSbzlNRnSuv255oLXnuYaFAadSr0V9fIq
+pwfS4SOSuvL9eil1hBSUDaFrYfLdmCgXNa+W3mskvDc8M589CnHEoR6QOrOZGzgB
+ffLYT2L+Z8A0K3XOGhA6JSrUKG46Ilmph3D17USQ
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw\r
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae\r
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV\r
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ\r
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv\r
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N\r
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5\r
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng\r
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7\r
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF\r
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f\r
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked2.example.net
- localKeyID: F8 C0 F0 9F B1 B0 60 D3 BE 6C 2B 2E F9 EB 57 9F C3 63 FB 20
+ localKeyID: 7A 3D 99 D0 B9 57 D0 D1 D2 6F 5D C0 3F CA F3 A9 34 49 BC 45
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIimhRhAhkNdwCAggA
-MBQGCCqGSIb3DQMHBAhaasJDQXVyJQSCAoDVjygVy8c0w0QsbPCvYDbiyrkPOqES
-r8ubXlcI5B4GSsoi4Ho9xdOiYQOyi3fCGpj/xa8uwvyDNCUNt0ndc9lO7m2joUpx
-rRvbjsFWDdWXUaKRnCKfYd6P3NxAs/bu0x0VzySI/d3goG55q8EdM9O69VYcuwSK
-uD2bHdd044TDCUvIhtd/j6BwiSvXbReDSrRAi2YaKTBTkg/hJmNltkyh2POlaHt1
-MXijtn4V1STsp+3Z3Vi4g3W9CG2e772McVtrtcwVPkN9iigpFNJymA2hBOS1xKzU
-+XTMNwPrdx/wN5jzkV6e9d91kXwTBgzc1cI7sARi8dn5q0cNUyt9dA116ujXbE1b
-kSFwhCYVgYW/XxxbjicnQQ+3rH/SPlGGrccvqEyYfTYggK9cQoKVYZrkKbbjhb9z
-25xegLYHH6m00sYw/9dLxK+AhhHcUpJaJ+so6jJVmPHJRJq8Uwom8DElZEuwYEYF
-g+2juJ6bc5nbZVn4Sud/yUzl9TEkgLJXWCPw6BClDID6IoQGct8hI4/LizvK/cJp
-YQZ+iVl8wyPigDR1+1RPdbRiCLqZRpONXa1OVmQNlOVbNYJhJ8kOtNBLnOrYi/hN
-WDcgY6FmSDIaSrk168y079bibguONh7XYtJ8JbY2tJGXJfnlwqF6xkJvtWUhRpqE
-VzEk+5/WcuxxXRERunYAzZ00VFZi/g5+LfL9GeJWpU8VYlh/OExYXDmq/BRnMxlh
-8NIR4b5zZQ4lfUazMRZOvKXTPhjwf2YWly9IYuFzQdOvRY4JZpP5hGH1YzU66tVw
-w7na64Uiq9jvWvqJsgaXd89z0AJ/FrhQ5YIHulvuinFiJEI0g1GvAWAX
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIl8ORkiq1WgcCAggA
+MBQGCCqGSIb3DQMHBAhQynRXr7dKyASCAoCUInV8bnrIdALtUsJjSorOPDnKfo31
+jvT9nnowjwQGVDSB0spwjChqab2BanhimzPgPJatNsp3eoQ4Tqg+vCRa543PQMTv
+C3DNngH9mC2gv9utEnoOlg0bhT8WbgTsLTlbY8cg2bz2APRVvjyug46G3uZkbq4d
+vaHIZJtL6JeokSAaRnuHJHxZmbsxlbDj2A1kmt4kH7+PRrrs/VLESQ6gTATnb24R
+ChHPW/9nhCT4VJTkN2XgLGdnuja2HmFjOSlhOUU6gCh9oCQIbqOz/eJNQassbEub
+4AvFuOUTAG/O+1DxGe5ou61+i32WW3eOgAgobnrz0Ws/7EwME1mDUzQX0PxSiEVn
+kWqvg58LDcsi6Vl8Xm+LEDalh6xYRKtmM06dhfis9itxKQCWTj4uN2UDukQE2p7L
+epZjeoGAJ1YkaE8dRewM7VbaVRx037Qe93MUNhifngMWimni9uL2k5sgP4sfiks4
+x7jXbc5T1xNOkMRNpkjUyu2YbdnyKfdSg0iUV8+cFJ74oc8lwpXxkj2Uoq0Q3VhA
+TEMKlDeKvI0QIf7MXKhWRG025+44kLVzdloFIGZvg/3viBWaxbnSzMJS6nJWSbEq
+feXN03XpomrB2Cw3GkS5EcHSibuQ5ziXUnVbOnD+7wkKyA0NxPsavDt+0u9DqoWk
+0Upu2/Q8eVa6s6bFVLc0xeHCoxITIJXYNF421yE3D4PgXN3Jx10GJVo6LAk9eTjD
+GRZ73oLHnzEUkE/G7uuDt69nPPW+GEaskW8Mc8ZAedJ21/SSmkvLB1/cnUQsf9Sp
+fd2RKymIozWGXImbnEgMO/7pfhm7acgo+V1IUmY0mCTjWUAYWQj4Ba6a
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: revoked2.example.net
- localKeyID: F8 C0 F0 9F B1 B0 60 D3 BE 6C 2B 2E F9 EB 57 9F C3 63 FB 20
+ localKeyID: 7A 3D 99 D0 B9 57 D0 D1 D2 6F 5D C0 3F CA F3 A9 34 49 BC 45
subject=/CN=revoked2.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MjFaFw0zODAxMDExMjM0MjFaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
-bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDnDs91kOgdASz36BY9
-VC9wr7fB/tc1Gh2HoJqofTKR+0bD1Bi2MiA+LtRxitsaoNOS0UIxebeqaZ570H/G
-MN01QVwsxSrqxGPESUrLybk0qUxnd7MkRnq1CKjldCG7ufH3ACFjlOGUEbbCIKeY
-bTyBbFjrsCRdzoyeSII4y6HxJQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDRaFw0zNzEyMDExMjM0MDRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6mq2TPyXL30lDv6nm
+k6cDAfPw70OceffXFbBtGT0gVYo1uu3uwbgsXlVAWKbOVwB5eyANgjCu1cT8Ijmu
+Smver4PEI54NVT5LCMhaqZh//eh99KCeCL9bsRPFWNP6HLYDMJrLbEfcCTk+l0NQ
+1Qw9CX5d5YTQuIsJtad8I3bimQIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMB8GA1Ud
-EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAGXt
-Sqxp2tsIOszNEdaj8QGunGxXWfX5J8z/XjPhJz0uLTTau7FU12Kxs/UrKq1Y5Gdr
-6VjY0aRj4MylBx7QGMtHAHcHHs90Fb9sA4lCDfrFoP4tkLFOhyJRIj525SLN8nHW
-u0dr1LlV0T9SNfsFDkyNhlb8/5TxM2ujGcQVvWlU
+EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBALZH
+gmXhmLpZ7kqPoOiA/DU17X0wfouWx7wPSbzlNRnSuv255oLXnuYaFAadSr0V9fIq
+pwfS4SOSuvL9eil1hBSUDaFrYfLdmCgXNa+W3mskvDc8M589CnHEoR6QOrOZGzgB
+ffLYT2L+Z8A0K3XOGhA6JSrUKG46Ilmph3D17USQ
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDnDs91kOgdASz36BY9VC9wr7fB/tc1Gh2HoJqofTKR+0bD1Bi2
-MiA+LtRxitsaoNOS0UIxebeqaZ570H/GMN01QVwsxSrqxGPESUrLybk0qUxnd7Mk
-Rnq1CKjldCG7ufH3ACFjlOGUEbbCIKeYbTyBbFjrsCRdzoyeSII4y6HxJQIDAQAB
-AoGAGLr6lHxGg7g4/m2+V6EXlMmR8vcaRKo/Z+FWPFtuGrbY26PrYzDZR56OiXqR
-ufdlvcyc95ut/1TfrCPkUSuwuUrsEGQ3ikTpJ6VvC/MSsTcR0+pTCanCjOqqT4ww
-/Z6aMqTJRh1fcCZqExmgrvg8ErK/NnxMUh0ow2pmJcBpVsECQQD3bTVrtEEiIcup
-hUs35rE1L3E7srlnHRL5Adt4yjwBjGWH9YU2ZPLZJlHJGBlrF8Z02M79cl9U0zuu
-awmLHU7FAkEA7xBnN5kPeit4LH4MMsOFfN7dYAsAcJfWY2bxzaEeLopY2MK1omdV
-aAAm7FynZNz2t5AgEtBqobELCuDtk1w+4QJBAL5tD6tH/MUPK5bZnq10YDhlvglL
-IURJ7Rs2IbrSMuKiMlY0UQUvJnSX+GQDpzR0BOpTHuOTDenT9N/lQ2AM+10CQQDM
-YYys5qlpvBIgj56kI65S5EIEo0M7/0OlddRSBWXFSjfNESGx93/3yvF773aY76Pp
-qUkSbKZNGAwlv8i8zAdhAkA69PWHkogtutdvmUoQSsmzsqIg561sD6n5243Afhq8
-5TMwYm9olx6gDrobNYOTf8rsrikSf3O3LpUA9e7tIBp4
+MIICXAIBAAKBgQC6mq2TPyXL30lDv6nmk6cDAfPw70OceffXFbBtGT0gVYo1uu3u
+wbgsXlVAWKbOVwB5eyANgjCu1cT8IjmuSmver4PEI54NVT5LCMhaqZh//eh99KCe
+CL9bsRPFWNP6HLYDMJrLbEfcCTk+l0NQ1Qw9CX5d5YTQuIsJtad8I3bimQIDAQAB
+AoGAHPmlrYaRrOLYB9q8BrSzVeaOEBcRouYsKMwSYBkaLRTQkt/wJYcTvQ1MzuK1
+IWHQY2H4q9WlD5DcDIvtSaCpYl+/XWf5LB+F7UQNOzqVCVADBgGIbf+kvncIHYud
+OAf+ifgEJrN4JJAmPpf+jIb4Z7THBl1nPzErxC1ZfRXzrT0CQQDhmHEtF3d4JpsZ
+Sg7AK9g9ZOLq775ufjRFt65nI49Iq/zg2NxUO4GVxd3LIKK91P+tdchenZSMa58b
+boHjI7c3AkEA08DyzF2lJk4HyEDssxJQGPSf4Qkb14ialSnYnQKcuY9uFaSq2qmD
+UqKCy2K07bWbxFST+SgbWXjuUYdppCJ8rwJBAJPnVPQiOYJ9lRwscKVPWZNOzHMJ
+QYnBllXLCj22k58qmz1zEGjtJpViR3qAaBIbTpGT8g0ONTEm8gaTGfcoGFsCQChK
+kGhecSwmsMhjwiYYl/EHqtww1YFfVrqHKdZGRvfv2Kx5lqDgnEI+9dApSe/pHGhx
+B27jOMD/h6kvsOQwQ7UCQFT6lidTnHgwDif41JCGxTE3HggKfhkPEz3ZOcQ+WOgf
+qsGi1sjzEl1pEwJwYm6xTp17AonJ6wnl6gNTbQIcGmU=
-----END RSA PRIVATE KEY-----
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7
-qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ
-FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua
-Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS
-QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU
-CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw
-+IUzziMDFxJiuC4JNJkapdKX
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz
+wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ
+ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V
+1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w
+jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c
+/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C
+vAJ2oHvLkS1MOpYEUICjB6xe
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server1.example.net
- localKeyID: 44 AB D2 68 6E 76 EE 41 1E 4C AF 3D 69 E0 10 16 57 63 41 CD
+ localKeyID: 9D 8E 88 6D C1 6C A7 AA FE CC D9 E9 36 E1 6B F2 AE 65 AC 4D
subject=/CN=server1.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxOFoXDTM4MDEwMTEyMzQxOFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
-Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gVz0Nze9gQCYIRrlakZ
-kKeyPy5H6E5uJU3jiK2sQ2cb9nQLXdPX7HndhFixMSaKPB2RgYyxnruo+DZ1XSpm
-gTnofP5ImBmZ6RO+BcOyMAa576orEDOxdfFS8QYzk6xKM8j4A1TlxM/EEgqAQN2y
-DqClzQK1K6Cx52k7h11b1q0CAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
+MzQwM1oXDTM3MTIwMTEyMzQwM1owHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9hrjHUQ00de8LbF1elKa
+Kjiz5UBYzmj8BWEH2Jy4Bz3lWfBVLx7YlLYRo7nwwlj7IAJ5bU6u9NSXLxDUI3w1
+B7iXZpbbGMOai2zpUOVKnhWonkr++9d8ed34eNv01HHQw5xqupXQh8MoVQ9MOnTr
+XsMkE8gkDpDT5piFzrYDLIUCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMHAGA1Ud
EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5uZXSCE3NlcnZl
-cjEuZXhhbXBsZS5uZXSCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx
-LmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAM/Q0DEhwFn9kuWKxvPaoLuj
-T1iiEv/g8iImZaydWuBSJ4FL8RS8sLtY7/j6Ohc9JnocLnvgKTcITaxjpWDIIzE1
-nPLzY/xGMbOGF7p/U5MAcBZzmkPxsj/etMm1gfYUcqPjJIfh7MGuWB1g4SFf8xox
-KH2Y1/8YLIYzqDIpv1FV
+cjEuZXhhbXBsZS5uZXSCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm5l
+dIIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAJPC1iV+zpSU3ehQpNtQKe2Y
+qSPt5GUvpsbCr8aG53zJ6dLktcuTaE685cYfKZiX1stqIFSLKLFKiTQ9tWL1u3Yu
+MsqRDKXuMWqNL3i8d8A0ZcRTtpyKsHbJ2nhp1j9bUJnGsMMZ8XPb8oZqy/8EvXsk
+g0JdrloqoSXkK9aDIAD3
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Signing Cert
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7
-qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ
-FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua
-Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS
-QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU
-CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw
-+IUzziMDFxJiuC4JNJkapdKX
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz
+wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ
+ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V
+1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w
+jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c
+/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C
+vAJ2oHvLkS1MOpYEUICjB6xe
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server1.example.net
- localKeyID: 44 AB D2 68 6E 76 EE 41 1E 4C AF 3D 69 E0 10 16 57 63 41 CD
+ localKeyID: 9D 8E 88 6D C1 6C A7 AA FE CC D9 E9 36 E1 6B F2 AE 65 AC 4D
subject=/CN=server1.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxOFoXDTM4MDEwMTEyMzQxOFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
-Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gVz0Nze9gQCYIRrlakZ
-kKeyPy5H6E5uJU3jiK2sQ2cb9nQLXdPX7HndhFixMSaKPB2RgYyxnruo+DZ1XSpm
-gTnofP5ImBmZ6RO+BcOyMAa576orEDOxdfFS8QYzk6xKM8j4A1TlxM/EEgqAQN2y
-DqClzQK1K6Cx52k7h11b1q0CAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
+MzQwM1oXDTM3MTIwMTEyMzQwM1owHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9hrjHUQ00de8LbF1elKa
+Kjiz5UBYzmj8BWEH2Jy4Bz3lWfBVLx7YlLYRo7nwwlj7IAJ5bU6u9NSXLxDUI3w1
+B7iXZpbbGMOai2zpUOVKnhWonkr++9d8ed34eNv01HHQw5xqupXQh8MoVQ9MOnTr
+XsMkE8gkDpDT5piFzrYDLIUCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMHAGA1Ud
EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5uZXSCE3NlcnZl
-cjEuZXhhbXBsZS5uZXSCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx
-LmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAM/Q0DEhwFn9kuWKxvPaoLuj
-T1iiEv/g8iImZaydWuBSJ4FL8RS8sLtY7/j6Ohc9JnocLnvgKTcITaxjpWDIIzE1
-nPLzY/xGMbOGF7p/U5MAcBZzmkPxsj/etMm1gfYUcqPjJIfh7MGuWB1g4SFf8xox
-KH2Y1/8YLIYzqDIpv1FV
+cjEuZXhhbXBsZS5uZXSCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm5l
+dIIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAJPC1iV+zpSU3ehQpNtQKe2Y
+qSPt5GUvpsbCr8aG53zJ6dLktcuTaE685cYfKZiX1stqIFSLKLFKiTQ9tWL1u3Yu
+MsqRDKXuMWqNL3i8d8A0ZcRTtpyKsHbJ2nhp1j9bUJnGsMMZ8XPb8oZqy/8EvXsk
+g0JdrloqoSXkK9aDIAD3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw\r
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae\r
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV\r
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ\r
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv\r
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N\r
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5\r
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng\r
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7\r
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF\r
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f\r
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server1.example.net
- localKeyID: 44 AB D2 68 6E 76 EE 41 1E 4C AF 3D 69 E0 10 16 57 63 41 CD
+ localKeyID: 9D 8E 88 6D C1 6C A7 AA FE CC D9 E9 36 E1 6B F2 AE 65 AC 4D
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI62XXI1iHMRwCAggA
-MBQGCCqGSIb3DQMHBAgUfBqahNODUQSCAoAAns5L+WDU8Ax0WUYmdqBHVeOmhclz
-LaPCde8mum8ZZ7eAo4YxuPXMJUnxdBLdR0xGH+GFOwmk3B1jTRKuJapHrKlEBCgk
-jni46aFXqNRMZQJnaJiw9lx48DIiLi7QE8nGxVivVKGG0/nUbqtCpyA3tE9LJgmA
-VlawKPwdiUhE+spUMEruwNoqCTT7ZK+25AjrWYwTsGKatlFRur2iMnsXd8UwXKy3
-kXLf7FZtM6ZpTLNiwcGFzxLDLrMHd4YrUzTkrsGS3Nw3JbeLUZ6JRqU6W8AOS9Js
-/kryPO0SUIvCosmhKfdik5L3EGy4hffjEyidSk2VCzqzAVvwk9oIVC7tS8GOdxno
-uJ929KUbjWOMdaVgh+VUWKG0anViZhQmrtDAajKuWtYbr+jprydaN40kw4/sE3c4
-90X5vCr7fBuqy3ODYg45k+H2RdN3ATYFwr4AhRBIDr2oIS1SdSwj48T7RG2zqlYe
-XM9JLmmbr6mmX1QY2rMnBbZyriHLpHEx4UV9Codt5y2xJmLhyz8bzKxngKkHC3Ov
-vdTS6R5Lar4SguWUY8q0gwvvLGGjU3xpLFt1xya82ZzDoz182mByjNvVqAgxy6Zb
-VC8W/wvcsQt11NxH7XoEdumBu1THGQn7oVOv0iSlaaoQwjvBG2vsXxlrOG3syk2A
-H/b80kI2VZyxI/VGgLO5Qm6S5gpeq+ZcgMlaJ9sHI4Y+O5AqJzADpLRIdLgRaFnE
-BTlNGjrtxSXIUyvXsqR5CJ7Nrq1zBhqjVoGewRVR3aXPcQayrIWDAiIzeegGsCTP
-xJvWzk2IZGrsl2a4z7YmgTvZssZJzqSIePbeAE1PDc/er6oglPtAndKa
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIOd+1INjFUxECAggA
+MBQGCCqGSIb3DQMHBAg9VZq9DU5CbwSCAoA7jHnjoTklLx5kS/0wLcjzd/+EmYuz
+X2jVsD6al33pBgKbvOdMt3Jss26llvNB5MSGev/HcXK6+U512zhnjhL5f0eBoVEM
+K+zkwO/D4j5wR9URRB3i6Z/H1qWf+lpvB4S8BGeFENM/aLEPUvf4JN4BhKmeAIyD
+367Q0nlkNhRNNPvFQ8UNTDBhfXYT25lDMtBUl6cyibbc+LmFX6MUAbfffjoqaBBX
+OF7sJ/AJmCZDKI+QFeeabf1hiroyio661Ip09ygz2xnaY7CxJLuEJySVzNA3NyNJ
+hOevn78Owerv57F9X6hkSRteKJ8drc+hbbV6BIglkkoFEMWwJXshy+q6raKaqzfy
+mZ6tY9ehgC/wzCIPWFZOQCFDGNpLvxrX0SncSFegr8utueHBf1Je4maxAXl+qVtr
+wmU6ybI8XY6CaRWgpCohed8xjR5hEokmhNV0BXDghChb5TORk2578a8AhsgdhB0t
+wthyCE1i7zS61ITP86E5LWOhOpThZmm4E01QHgnXzjr5f8pAkO/guXizAsD37W9W
+NmgfQYwKu6H64HbjPguLxXLP5FuVryYlyAYse/RtLOG9aiH+gUce2rGxkr6FQNKt
+dg82cctgMWDJ4STbrEr+D4yceCYErpDiXx7D3ZH7ZouunReEhZpG6E3o/T0jGuzv
+0G5WY5C989TH2p2OS7EL3Od8HtqtCuV16ECNUkaEVkOXI6fq9GuRBUPeRWd6V7iU
+DBn5NOtMoBY0qJ5rOgBY9t391VaZpTIQp5A0SilXuoKFM69d+3IQOzvnKAT8Ok/8
+l4pODZvzgHAwcXL+U7DzVcBswxaKukbv2yLag7Ebh19GzLEYWZJhUUUS
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: server1.example.net
- localKeyID: 44 AB D2 68 6E 76 EE 41 1E 4C AF 3D 69 E0 10 16 57 63 41 CD
+ localKeyID: 9D 8E 88 6D C1 6C A7 AA FE CC D9 E9 36 E1 6B F2 AE 65 AC 4D
subject=/CN=server1.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxOFoXDTM4MDEwMTEyMzQxOFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
-Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gVz0Nze9gQCYIRrlakZ
-kKeyPy5H6E5uJU3jiK2sQ2cb9nQLXdPX7HndhFixMSaKPB2RgYyxnruo+DZ1XSpm
-gTnofP5ImBmZ6RO+BcOyMAa576orEDOxdfFS8QYzk6xKM8j4A1TlxM/EEgqAQN2y
-DqClzQK1K6Cx52k7h11b1q0CAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
+MzQwM1oXDTM3MTIwMTEyMzQwM1owHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm5ldDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA9hrjHUQ00de8LbF1elKa
+Kjiz5UBYzmj8BWEH2Jy4Bz3lWfBVLx7YlLYRo7nwwlj7IAJ5bU6u9NSXLxDUI3w1
+B7iXZpbbGMOai2zpUOVKnhWonkr++9d8ed34eNv01HHQw5xqupXQh8MoVQ9MOnTr
+XsMkE8gkDpDT5piFzrYDLIUCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5uZXQvMHAGA1Ud
EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5uZXSCE3NlcnZl
-cjEuZXhhbXBsZS5uZXSCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx
-LmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4GBAM/Q0DEhwFn9kuWKxvPaoLuj
-T1iiEv/g8iImZaydWuBSJ4FL8RS8sLtY7/j6Ohc9JnocLnvgKTcITaxjpWDIIzE1
-nPLzY/xGMbOGF7p/U5MAcBZzmkPxsj/etMm1gfYUcqPjJIfh7MGuWB1g4SFf8xox
-KH2Y1/8YLIYzqDIpv1FV
+cjEuZXhhbXBsZS5uZXSCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm5l
+dIIJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAJPC1iV+zpSU3ehQpNtQKe2Y
+qSPt5GUvpsbCr8aG53zJ6dLktcuTaE685cYfKZiX1stqIFSLKLFKiTQ9tWL1u3Yu
+MsqRDKXuMWqNL3i8d8A0ZcRTtpyKsHbJ2nhp1j9bUJnGsMMZ8XPb8oZqy/8EvXsk
+g0JdrloqoSXkK9aDIAD3
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDWBXPQ3N72BAJghGuVqRmQp7I/LkfoTm4lTeOIraxDZxv2dAtd
-09fsed2EWLExJoo8HZGBjLGeu6j4NnVdKmaBOeh8/kiYGZnpE74Fw7IwBrnvqisQ
-M7F18VLxBjOTrEozyPgDVOXEz8QSCoBA3bIOoKXNArUroLHnaTuHXVvWrQIDAQAB
-AoGAA4at+I43By8cOepcmmfhkbJNm8Bfs2pdYrR0j/sqiCbB/W6+hDJ6D32Xgndy
-nehwZRqom82NXJvjZgmBqAILk8Q8PrArj6azlHBIQpymmvtxTCogHNdSw4k8+q6Q
-dtyW9W4vYbrTXaYTEElLmVSYgxlVddWL6eTmqMTKGYjgkcECQQD8I9rEtydHgET0
-tSJvsGGrCeuGFpsL3KVhdSWKcaIxiuHs9umkAdU11K7ArWTCbqkeAowdZTvZiymZ
-oaSAA47tAkEA2Uw1idLroZ6Oo0jti1EFxFtKKRyWAgyu5PqPqqrI+7VqmfWfH+LQ
-2lCCjwW+1rjFJ3Y5uNuoOFmd3/3ctKiuwQJBALDFhmwiKFS1tiKGF5WMaH0coFZK
-5Prk/8Ga+u3cCyWGxCx5U4abjlqGONp29kxmfwS+LnOxdMtpCIpgTE8/r2UCQAj3
-K/5TxYUVla0HBUYKQcKoQZcQpt/OxiiMbgEMqt43zf4sNDSMlzFqwPhFtGoHlZrb
-NeZ6qaYpjGoBf2m0zAECQAbyKsFxNNHpWbzRS6HLVNanwLHBdJcy0cPRiownLJQ+
-zjuKEyPdvg74CEz4/gvF+h0XvRjbnKsvf05WVz14YwQ=
+MIICXAIBAAKBgQD2GuMdRDTR17wtsXV6UpoqOLPlQFjOaPwFYQfYnLgHPeVZ8FUv
+HtiUthGjufDCWPsgAnltTq701JcvENQjfDUHuJdmltsYw5qLbOlQ5UqeFaieSv77
+13x53fh42/TUcdDDnGq6ldCHwyhVD0w6dOtewyQTyCQOkNPmmIXOtgMshQIDAQAB
+AoGABy2kQVXVS67vqGreAQIMOm/t2gUVIEHrN+zyYaP0IxO3Gb5AYV/p14V5xHYc
+2PkD5M475HaHgvvAbusB2l45+iNBW6wgTLCztPYbgMPiDVp47AcACRqIaC3SoDqC
+rUP8cUhlge1KTKjIlP7q8MVRl1ckPFaoTOM7hyNqyev6BHECQQD9HWO77AyIUcUC
+6gaPuvx2FZ6C7dnN+ojyVMu6lcd6CJekNhoN912AoKB8vsjoEuPejPsipGWuWso6
+ZwbFl3izAkEA+OkK3s5woOSd0NjP7BHRHEOAW337qMMcT3AI8CzJDg1YBZTMrX6r
+ixk77khw3FjWk4USTpJpBYjsansJslkx5wJAXBPx8S4IzRp6AfpikqziJI7u0BB4
+uG7YnNduGZ1dKK6xg4JO7h+7uwwz9c1txscAcDh3L34Ao3HRuXc7Rmw48wJABjS5
+QqjfAgPxM13UgUxIbG36a02O0rxanlhqwKI9OQ54HVuCZuj7mfI9HknMFpJYd0Eg
+HblkyPCLBHSg30N+DQJBALpMoB9ayQBQgTWUl9yJs1b4bu6/SUduAgVTdIU+0Af8
+yfzJkTVaCEH+Y0MS8uyuu6vdnhsQnbwk1eFVj6XMXlU=
-----END RSA PRIVATE KEY-----
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.net/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw
-MTAxMTIzNDE2WjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALW2VpRYVYpYPshnP4+7
-qUT15Ny+e8NsdobVwjRyVBqr0LHSWS5ubY4jBQ5iUGE2G/ixtUxMcGfGSNhuGFYQ
-FKvuh4F6AvlhFpqd6WFt9cb+AsWl4izqweNqo+uWcCJcqprYj/Jw13PkVK3pK1ua
-Dw/dqStmank6CTL03/GgUuyxAgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAHW7exapgmmDg8dEcyLS
-QadT0QZVQkDxLEo4HcOX6SwLKJ9uNwdUCI7MWP0D/EV+2q0wNgG+YZtzyhgI/mdU
-CR8lFrFCTT0JqBWHtCZelw9+eGY2/o3ahSWJBvaZliF/53HnL4L4EtYmlCV+5Uuw
-+IUzziMDFxJiuC4JNJkapdKX
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMTEbMTyGaBnI5WpLVtz
+wWIEzR2lJyq5MHV6t9cIw/M1VFc0a9Woq8IeEyEmlycNe1/HgJfr7jq2JCtFu4VZ
+ZFMJW6bD7KiUGp2DwPEeC5yN1q7T4Yuho8kIdzpRTYnWo4RgPhl7wxSYoier+8/V
+1Zy3PrsciWI7Avp2Uq8iNGl/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBADczofjhb+kWLvYcdK+w
+jEMvqwiEsm947WXuWYtg0Wi2IWhyZId9KfVJtHs7b/720WX2VeewkafuV+QfwE5c
+/Q7N8M1tnFbKT/2Af7o3MVxDH9cYXPTYWgM5i0Yv5k73VBZ/dhT5HSj1Ri1sxv3C
+vAJ2oHvLkS1MOpYEUICjB6xe
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server2.example.net
- localKeyID: E4 EA 63 F9 F4 03 5B BC 53 9A D8 69 D8 F9 CC E6 03 91 F4 56
+ localKeyID: 6A E8 46 7A BF C8 D0 A8 0B BF 99 5B 88 D4 21 1C F5 D1 29 B0
subject=/CN=server2.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MjFaFw0zODAxMDExMjM0MjFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
-ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANENFWh+HMxEjZsG21Fp
-OhPtsdBiudnR48Wu3NYD5lraEaVePlwTxPoMEmYqwIqtYe4+x8vlmLaWvKkTjJwT
-AgJV8NVWr9jH4XjyZm9/GK0CyQScibjE/fsCYQvBU/VKHO9pTc5sr7nsaOTZW7NH
-l1ocYnzIj9YXAu3Iw6AX7gLDAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
+MjM0MDNaFw0zNzEyMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJlsgV5oLe2Grkp1uZAu
+FPgYedF8iBTxWxeMwDYrv02zlMGYVvNpqu0rYFw9Z5AMTUt8nCTVWlo17KkWUkfl
+1jLL4+5VYVcSmQkh8Th7N9hjwks5dgoGttXODEIraagU0Q00K+3iWkHaUkJL/jOh
+xEeDfO83QB3xZL9WOgyFM0xvAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHgYDVR0R
-BBcwFYITc2VydmVyMi5leGFtcGxlLm5ldDANBgkqhkiG9w0BAQsFAAOBgQBKHs44
-5Sv7+GVj7XgmAsYDiOTfMcQ/bD4RRa2err0iku/SCYEATCxZLbo6iCLcwgtkf3YQ
-6AFj+d5w1qAmOgm9wfZKIRPoM5ndEOeR3VdffHEeXG4yo7/8DL+pbZjDTFl9dLSa
-kblJFdinSu4Gcy4E+bH0mC0E04ujCTqxiIg2fg==
+BBcwFYITc2VydmVyMi5leGFtcGxlLm5ldDANBgkqhkiG9w0BAQsFAAOBgQBivwX4
+EgnDGiBc5peorNumyRuk5OBSiftJoy+CvV7tOqs/hU64PJZri103eEr49cgt3FC+
+YcuZWVJtzb6x5XN2YtEvwZY2WdGEdo7H4v0AVGfevguvIqtTxoBc8ZyYtXEflIVD
+tavL2kS8jbk82eIIVn6S2FvR/PBhH4wW6NK3XQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDE2WhcNMzgw\r
-MTAxMTIzNDE2WjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpLbae\r
-/ej/j1aU4ttvOTzaxFzNsm+NIyuE/sEuyfYW3lf0Q3DUSEgm0Ck+XC+jPaYyNDjV\r
-7Fg826cy8/zGM+pvRUE8LsJbHt4k8xdOmLHcKMx0T7JhpMXHo2UZMxPTcZsAfByJ\r
-GrcUMOYYe8uCV1abgHzOZDSk+6KTLrP0Y2hbMwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCsZOv\r
+pjcv45hvkXmbkZLSoywwX94a3jFC993OxTL8ixpQ0KxY2bc8TLcOTA+p3hH0pi2N\r
+JwiiWVQjA9HXrf7s/RmytXFZiJ5sE/mtkBNCUjH2uoGz9x1uVuIwq2colRe7JdQ5\r
+aCnb3D77nFy9bOvE59sljCbjeU2NwI1LIaUgfQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-Xcsvkc9hpdwT+ZGrnhSfYwF1HhTlI+1QfsQ0kO/TvDwswj3xJjaGfs+zg6anSgng\r
-JDNm5tklwvPbJaE79vPvVWy9jmUq5IeFAt2x1heTql2kY7P0oH3kYwgp1K0fNLf7\r
-/HHWzo3gtrho+AYKr3E7OZpfpx9AGig00bwJYQEFgEA=
+Xi2XyqKqdhCOdcNmhhaOaPc9M5/W/52Y4y8DNEveJdbn9ZOIjz7w2vnxJ8hhbJHF\r
+RDGz6jeTnYz7wIYwRxU6y8vUNtXbV+S6RcWL6Symek52O32tj+TTP99lSu/bC2+f\r
+7cNOqfsUzyMi4EagINLkPFT8p0ozjXeWu7/Cy17K75s=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server2.example.net
- localKeyID: E4 EA 63 F9 F4 03 5B BC 53 9A D8 69 D8 F9 CC E6 03 91 F4 56
+ localKeyID: 6A E8 46 7A BF C8 D0 A8 0B BF 99 5B 88 D4 21 1C F5 D1 29 B0
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9zGVV4cEu7ECAggA
-MBQGCCqGSIb3DQMHBAjD1hKFRDzEsASCAoBQNuSurHPQ4NdFqMPbcZM1H+OOIkZF
-4YEUKCPoSyeTKVkaNKiwipZ4uLVamJLlbpJ3eOpyTNU0TNyVzBSxRyyxRgiDmY+/
-KYUvaI59LpXGE/OZEIdb/lsxQr5mKhFg8bNseg/HpLl0KHgIt+5hiufvP602b9Ch
-02HZmXcYKhFDnO6X/bQMp+fed2Y2tPdfNXUdwhrp9y0gKZtzXIvme0PQN1wG22Iu
-s0eC51z391eJ/CoTx4yxV00slpN5ItbxCmqBTBSF5eMBZHcSQpmt0d+xGDaYfhyL
-xdM353qu2NJ/nX4vILtz6KdWBrJt5PuN3DjTzjJM566KYLRVQSUMVeDsGm3jb+QR
-hV4beOplXkD1J72BVgs6I5unBuoem9MHMZSC/TVaEUDPZtWzbjGWLErK4zUfugq1
-ITfFbS4wusy4t8M1pSL/0gqNSRCvcPJN7JvmOKfY4vhvmYGmqsduJ3nHetvWPOsC
-2pAlwfJIhQGhvXZpVtEh6jyGC/YFGUfrDASYzF3TTcVGpklVZmgglYNg3r0wiV2D
-cz6P6O1fR1K3fA3FuSLdhGBitfN01RZdWCsmjP7HHqHEx+4CjTX3qfimCYZkC5xJ
-+q0deKfchndPvqNhiKZpWsubFpXtKNTIAvE1HwkA+O6PUHbnd6GE3qjehaKCNK01
-u9+z6ZljGq+tPybNO4D/NlU8XKzfoYXg3ADCqUXs1JsssoCqae0l5do90ZI8vkwr
-dEyRdYdHUaByl28qMTW9Mp9NsnHMf+pFbEpdcWMQCaSTXnoTA7Ocgax7n4sJEQ+U
-GByIBSmb0BnWKLhXAgHMZ7VWAYAfLGo1qfrB5X3nqGcbziQ/7z9rdzPx
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI2ZqeNNhoV1ICAggA
+MBQGCCqGSIb3DQMHBAiVpXY5TfQEiQSCAoAiD60iC1798cMn9RFq3fpWITpKISb6
+VX9n+SrWrNe14JeDXFAm1xoqCJtL1hi8lbpNXXwtzSk+s4ZTIa+VCegKFZ26lVfG
+uTPT8ivNLHNq1vEGP0Kl/PJvJW7aNJP9R0fYnbtQwXNbvPGfWfGzL/6y/5toLp+d
+FNBZCda5bZ5UTLXCUX3mFq9+y7bz4NjcyryAjOQ+mhTewo6XSZR48FNyZmql47Ca
+hwtkfkRCd0AMZTJFUv5uYavjP+qgpv1JOoM6DQPacWdqG6Bc7wUL4rlXCipzQCkc
+rKOw73T5wYgrHLc7kNMbIxOGfYt+rBkNGjlQ/RoJ/NJgq9EPswY13AglDZRXnCtC
+yd7HXrllM2+3tAjmipC1kXX9+V/cqmt4SuLWnXstpF9wuu9N0/hJtxC1sg5kinMt
+2K4M4XRTby5x/9FMCebCRPGJnCSUbCyV9Jsc9IK/9M9N2r5VSVHCHkjNOMJdALBm
+1OqaxDOIOy5/CaCCUTxM6WHqQPEEIz5bPkt+Pgbg5zmdTGMnM8HbJogFu/Tiyihz
+zVDgnsv8cXMHp16ZfFULbuDf1RLdfYGaJVu94MNXnsLJtKQ96QVxaXCtC4ywpkPO
+DWVne+Svu5YtrangHhUILbbMtivj1zgJmfZ35Qo8RVhCeNsV57k0GutYnto+Vcde
+iR8j94i2cE/V9q/b12i4+aMS7gfvcxEVIYEz81L51cm/lOCxPmhwQcV/ozHrqA15
+U/FDFYMEvQBNOjiiTQZvzwd+FDidFR/szYGVQ8nNiMcPLvmeLgRHKgAi6PSyrPi4
+MVK3EFCdQC0Otb6uKDbsD8yRKKB47V2ky4gi7xSKN8j1muf1kG4WS372
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: server2.example.net
- localKeyID: E4 EA 63 F9 F4 03 5B BC 53 9A D8 69 D8 F9 CC E6 03 91 F4 56
+ localKeyID: 6A E8 46 7A BF C8 D0 A8 0B BF 99 5B 88 D4 21 1C F5 D1 29 B0
subject=/CN=server2.example.net
issuer=/O=example.net/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MjFaFw0zODAxMDExMjM0MjFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
-ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANENFWh+HMxEjZsG21Fp
-OhPtsdBiudnR48Wu3NYD5lraEaVePlwTxPoMEmYqwIqtYe4+x8vlmLaWvKkTjJwT
-AgJV8NVWr9jH4XjyZm9/GK0CyQScibjE/fsCYQvBU/VKHO9pTc5sr7nsaOTZW7NH
-l1ocYnzIj9YXAu3Iw6AX7gLDAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
+MjM0MDNaFw0zNzEyMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJlsgV5oLe2Grkp1uZAu
+FPgYedF8iBTxWxeMwDYrv02zlMGYVvNpqu0rYFw9Z5AMTUt8nCTVWlo17KkWUkfl
+1jLL4+5VYVcSmQkh8Th7N9hjwks5dgoGttXODEIraagU0Q00K+3iWkHaUkJL/jOh
+xEeDfO83QB3xZL9WOgyFM0xvAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUubmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm5ldC8wHgYDVR0R
-BBcwFYITc2VydmVyMi5leGFtcGxlLm5ldDANBgkqhkiG9w0BAQsFAAOBgQBKHs44
-5Sv7+GVj7XgmAsYDiOTfMcQ/bD4RRa2err0iku/SCYEATCxZLbo6iCLcwgtkf3YQ
-6AFj+d5w1qAmOgm9wfZKIRPoM5ndEOeR3VdffHEeXG4yo7/8DL+pbZjDTFl9dLSa
-kblJFdinSu4Gcy4E+bH0mC0E04ujCTqxiIg2fg==
+BBcwFYITc2VydmVyMi5leGFtcGxlLm5ldDANBgkqhkiG9w0BAQsFAAOBgQBivwX4
+EgnDGiBc5peorNumyRuk5OBSiftJoy+CvV7tOqs/hU64PJZri103eEr49cgt3FC+
+YcuZWVJtzb6x5XN2YtEvwZY2WdGEdo7H4v0AVGfevguvIqtTxoBc8ZyYtXEflIVD
+tavL2kS8jbk82eIIVn6S2FvR/PBhH4wW6NK3XQ==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDRDRVofhzMRI2bBttRaToT7bHQYrnZ0ePFrtzWA+Za2hGlXj5c
-E8T6DBJmKsCKrWHuPsfL5Zi2lrypE4ycEwICVfDVVq/Yx+F48mZvfxitAskEnIm4
-xP37AmELwVP1ShzvaU3ObK+57Gjk2VuzR5daHGJ8yI/WFwLtyMOgF+4CwwIDAQAB
-AoGAFrOyCHfxjqk/K3+yH4Qq33Enpzahcisd7iDQMJmZ0XHvCqNSaFNpR7I56Uhp
-QmYTxXih392eGO4DrOTHl0dlJ0NH6i9nOg8qrHKnItozZ6xtCJ1DE3kB8SqXk3xW
-ghRepamaHlujSu8yWIwWNt+vPftccTDu+k/LkGV84YYfKJECQQD/2qtuyNOxceAa
-llD9PSGWHGgEwQt6Ko5BQX8ZyQdAs9BD/FKWLTsmvbJ3XxKlQ92KWRI9RmXgFeKq
-N49vCjYrAkEA0SuVzhjSbWvn7gWESnRHVsdodiB9YIBBZB0Qj3FgPx+9w/RuJFyi
-SwlEo9tbQE2ZeAPbXn9071BQd9CyIUHxyQJBAKuCTkEpZp8gkvW/pfLcM9OIn0Hw
-ll0CgfHEkgsa8z2wTAAG+OWq1GgX6baTiNA4Oh4vr0ZcFpaslRE9xWzOD5kCQARA
-Uoch0gUPUGNyEUJCIsEMxH7CIko30Rxrys5fi4k85+p3qVVr3JCR26dI6g3gheH+
-khLVnFbQ1xHYWAZ9BKECQQC87g+wvVpo8sQ94QYPPKfpJiVx/0yURYnkMRHIa1b0
-zaNNeDg6bBSOxclqtF5ZZKYkThu4iZJ9ZARNxvZ4/8CN
+MIICXQIBAAKBgQCZbIFeaC3thq5KdbmQLhT4GHnRfIgU8VsXjMA2K79Ns5TBmFbz
+aartK2BcPWeQDE1LfJwk1VpaNeypFlJH5dYyy+PuVWFXEpkJIfE4ezfYY8JLOXYK
+BrbVzgxCK2moFNENNCvt4lpB2lJCS/4zocRHg3zvN0Ad8WS/VjoMhTNMbwIDAQAB
+AoGAArP+s4MdDApLbSnAfeHR920MTbyRSTfXZbAn0syChQPyTaw5cUsd+n/BJYmP
+bDegmlaKXxEYk8OkynXc4pdnZrFk0nFGjWISvXWe0ONd651UP4BBuMPP/K+H980D
+mWEe5UK5kbem0d5v8+i1UVx2Kf6TRnm0mCysqiqU2zqEtsECQQDKFWJNUXOQPIaF
+DLbK4dl5njJSSh5IqwEplnrzngokN55xc2aZgcpUnB0kXMPQikoeron0gbcvVe/d
+vZKwOttFAkEAwluXGGVShUpJLyjT+elvtY1yXI3Waez5/xFrEJys20EboUfNXpoN
+Hm9E7zE8k9gwXuh42WqfO/WlEdR2bFYqIwJBAIQqRCZpNPmKfDgcPpil6UPfMO4c
+x32jSZlXb4ZRQDS7o4ZzgRC4kAmSKIUVnoOPTjaO1G7zP0lYHQ6a44sakzkCQQCQ
+XcgV7u0k5NEHnqQV9jdr++z+orypYcUwmZeVd0tOcUY8vkDmDDfCa5Qgt8nvZ55G
+YRejJ3ev6f77B34PatFRAkBd4mWCQ7joLRU4x9cTJnZVtk7ZS/9AvGm2Exiu89Z0
+yuRHeHU4uLKy4cww8xgQHEUDk+qZf/4yuhL+CzeQMepx
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw\r
-MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp\r
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci\r
-UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy\r
-KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB\r
-mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq\r
-DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO\r
-gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy\r
-e/xewJdeLc+y5zuobX05I7rP
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l\r
+yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk\r
+esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd\r
+FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB\r
+uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9\r
+tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5\r
+U9+lNhpF9AUWEAAo3FqHgShh
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw\r
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z\r
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2\r
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR\r
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ\r
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6\r
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns\r
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV\r
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi\r
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ\r
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk\r
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw\r
-MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp\r
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci\r
-UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy\r
-KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB\r
-mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq\r
-DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO\r
-gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy\r
-e/xewJdeLc+y5zuobX05I7rP
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l\r
+yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk\r
+esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd\r
+FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw\r
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB\r
+uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9\r
+tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5\r
+U9+lNhpF9AUWEAAo3FqHgShh
-----END CERTIFICATE-----
Bag Attributes
friendlyName: OCSP Signer
- localKeyID: DA A9 16 A1 04 4F F1 18 E3 A4 58 B8 71 3F 53 46 B5 4B 22 EC
+ localKeyID: 46 CA 70 9F 5E 12 ED DE C8 E5 3C 49 74 8F 24 5E E6 2A 3F C4
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMVsIWDfi6gE1Wx9
-TeovWG3Zy33eImGUuNk9q/vDYULCTUlH0iSyZF59iqGGMOEsPtCBWghmDIupO917
-7ewiuX3Yk+k/N54XfB/gvWD1iiDcBBrAIkAy36WwnVFSJwt4c1UaOhRV+zjC4jiJ
-5P0xAG5p/FgWHuafIdlZtrujuFa3AgMBAAECgYAUFQA+NO8lW7yECSkEUeWaYwW2
-m4J+z5yQCJx2gzThEBfBhQtEzVq1W+rerGJLfW80UXwhj5PmHwRmbsVQeGXK0A2A
-OIbuRJ/0Z/iQ2ppp/Uqalgkfen2Eopb8dn6bT0hZooaJpGAwIqrnyQ7vDfC8Uylh
-7k9FpQYX24zTidEeJQJBAO4m+Y+0Z7L0hKlZZeamcbjBCPX8I1Y085d5KM4LTNvA
-Ey7/IY8Ft6ImnzCvz05SZnalVwz23dtzr2Lr/jaEUoUCQQDUN72NVHKuGO79rMuv
-IFW7f79qCt3hS1J023aWACRNVqggt1eBmBzjQFVwESyL2BbQzzb2aK8bIR8q+MeA
-Vw8LAkEAgZVbfcIgGtPJy4wFUneGsYz3n0FOyP2O/gDDHzou2/OrfIr+a6Akx2pU
-fF1tY6SadDyLHVbGaT6NVDos3OUrMQJAO3pj5fiFK8ZRNUf4zlyBqstjGpVxGnPB
-6H6Z/fCMPCDNfl3kaK35arfdOkuV8JvfySZKgUVVzoS595FCWPYNgQJBANQWNkkC
-J4PminJFaEWz/zKt74oJCihdHatmWAB/udxVsAxcP1S2lZnqvj19H3Q5ffNaCHSM
-iBB4GC0UWPEjpWY=
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMvqTqy7scJ4os3C
+niym37cs2tEu4h1QQUPTb9KoZZwnnZzaiYb8jrx6PSCDAQK1IRCtTFi9vtSZWHlg
+B25y2Ul296C9ME/ajj9k4c/47oAypdbYzfagIblPzL47/AyAG94Fk//mAIfxWrBa
+MH8CyWh9vtnpih132yhg48wPMOZFAgMBAAECgYABNEIArR8QmevEMUkD1HxvtXkZ
+USCOscGg5+e6I7pt4KICohu7y1QAcuxXe86OuIkYcx2HTJ+K29j05odEtLLpxHIy
+J/rFhAD4D/cenUzAJG8LdN2AHCtLdzSwL5e9W9Fed7lO/hwzNWwxGTtYuf2qEo3r
+2MKsYt1FLw6qZsyIhQJBAOg9dmeo4SEaeFddg5WFdmsaYk604Mmp0yPfKOKybGzp
+mutxVf9wEbJ0wpoPxiKQIf9qdFBH2si/hcyxpwEavIMCQQDgxv84eI1NTrCa9Qf5
+/ZU72EL8kNU6v5UjOg7g8a2Y/8yh5AJDtUt/dcppLVF1dsC53mKAcHfo4rbeYiFw
+sWeXAkEAk+Be/o5YG34BVo/i81gyGOyJ4FfoMkCCgvrby82UoJz22igmfCnd+uXB
+69tTbDqei0Y7ncrDEsRw6+/KyTc/BQJAOFkKb/Cgk4mvchkM99lfCNKM8F2qZoDS
+dTM/uZo8R4eQl+DdxHV1SK2RoU4wBn9Pjwi1rrcDCEmVSChXc7W1XwJAJ9Dw+hxl
+YgQoz5SSsK+oLai8eKqKp03AH0xeqZGZS1uEkEaPRDVhsx36b6UTZVDnzmEnP73e
+0E2TXBv9glr6pg==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICBTCCAW6gAwIBAgIBAzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt\r
cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy\r
-MzQwOVoXDTM4MDEwMTEyMzQwOVowMjEUMBIGA1UEChMLZXhhbXBsZS5vcmcxGjAY\r
+MzQwMloXDTM4MDEwMTEyMzQwMlowMjEUMBIGA1UEChMLZXhhbXBsZS5vcmcxGjAY\r
BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\r
-iQKBgQDFbCFg34uoBNVsfU3qL1ht2ct93iJhlLjZPav7w2FCwk1JR9IksmRefYqh\r
-hjDhLD7QgVoIZgyLqTvde+3sIrl92JPpPzeeF3wf4L1g9Yog3AQawCJAMt+lsJ1R\r
-UicLeHNVGjoUVfs4wuI4ieT9MQBuafxYFh7mnyHZWba7o7hWtwIDAQABoyowKDAO\r
+iQKBgQDL6k6su7HCeKLNwp4spt+3LNrRLuIdUEFD02/SqGWcJ52c2omG/I68ej0g\r
+gwECtSEQrUxYvb7UmVh5YAductlJdvegvTBP2o4/ZOHP+O6AMqXW2M32oCG5T8y+\r
+O/wMgBveBZP/5gCH8VqwWjB/Aslofb7Z6Yodd9soYOPMDzDmRQIDAQABoyowKDAO\r
BgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcN\r
-AQELBQADgYEAOqoUYB9JsaA6P6BRreY2d7vq/mEgMdQqOmLs372MUgEmuaTib+8T\r
-W1ZzPVAyKAXLA0Mx9Cm4M2u6GM2xd5n+pZQEF+PMJEnLOUOZzIZMd3FQoq2YOvKG\r
-5oosmINwUkb9JeBFLcHZDZ+/byKa7gPPWGwhqo/X9aCWyRISLjOZSTY=
+AQELBQADgYEADdWWEn+mEAo9wST4LfuXNT4gVs7xKDvGarvDmFHEQo+vK4MdBz/l\r
+kdDlN2gSJmKkJz/gDLTAA2pnJc/28fM/n/WLIcn2xW5QyMPJkpbLETRMQz7Dy0NH\r
+ZEJ/GefzAfetO9kPTYckCWxANRfOkBEs0Bq+me6khDH2ckLaNBMi+A0=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Signing Cert
- localKeyID: 60 68 96 E4 EE 63 A4 1C 88 76 FC AC 75 0D C9 27 DD DC 0F 16
+ localKeyID: 2C 93 44 07 DE 13 D0 4A 78 2F 06 D4 27 89 FB 9E 82 64 50 E8
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALuQnzM8pAcc33ZD
-SRd5pcpUdTSwuNKtJLI6WPbR08aIraXeHnnrcZ7MtyRyCXBdRWFkKjYyT/l6rSzQ
-otZY+f30JR52TGEyzsM/y7etYHAO1NyouzTm6+Jx92jRCnP3BoCjHBHYhyHA0kPY
-jp9eEhqP8ZjfimN/sJn7pB+eOW2DAgMBAAECgYA8cjykFgBknGz1n3SQQK9p17MY
-AnXly0/eskgWbwO5YTXZFQ6sSvDIdP/2mlupXx2rZ8zkv20foOXrYeeAfZc+r7Bw
-k9WBOrca9JW8evBq6Pz5WuhCy7MNtvSY+0OjIIqf4MDh8FtJunN7GcGp+D0xc3kr
-QMnoP4zSXdTNhT4rDQJBANzFSWGHbTlG0NSxSDCxXffSxWpAEbVGuy+hYXGXpQBh
-qht94exlHJSUKLNj7aAXpG/H23/gnuTUyfMxsJf2LEUCQQDZfti4W8E3N2hKxLQS
-OJDy2MdNTCRmgyrVriedvhY20jay2y1nhvfiqPUZzNnyyYoAfuR+lncIETyS82Vk
-0mMnAkEAweRrPELKhKFTS1mgA1PjKYJta5F1e/Xw9DYR9MewXJNp6Nc4EnwDC+LL
-lDHRQudAvgOTHc5S/rp72yDq7auA2QJBAJPmVE2Z55w6y2r8tE8ntDnP/EeuHZqw
-W7KPCVWVa9m/vX6G2StrdqnlpzbyPMuDDZskrxD+FNehkQWFClAzWUUCQBMtw1jj
-ofWdwvPI9+S9+Ar9boRfjm560R7WAM4Vpca+Bfn8XODBuL3zJZYtuPqOeZcf945L
-Tbh+58nTebzJg44=
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMjSl5m+1346jw4w
+/L8QiVw2JVIlDrNvlrC4Bw+NvmBQTd1nX7s+IHgGUuFPXBtQmKoLezpSjaPPM1Jx
+abAhsxPByRQiNLpD7eSGBkdaHa4EBf2P06sxonoOO3KNaK0NcxRyuey29CzhMygW
+S8G8f3iCxi2dtMLkMKYootGRbBCFAgMBAAECgYAFJkVF53teHMFLU10/xvxGtYq6
+cwHP/xYFnQptTyypCpYcjciKJBswCLV6Wo8ZkjT/80BrK+++2hLOU+MqZYrSdLqH
+W2P3vBlaAhssaGu4dxa/X6og2fKrsn6Q9JBPNL4hvHNbUkQNCz7YAKgKdVaBbp98
+cRrWqV2Oz0inGl+k5wJBAO5zEhZIzKUUJZYdwP8q605+lTGua6hW1zf/OgvYaJxu
+V4KS8t4RGyK69ELp7fsGeZoXpgH+CZyYYcm9Z7ltvY8CQQDXmovFMDtNL36U7661
+uIJz1wI9eB3ISGo4EhuK5FDF0Wd3G4JlvZ+s99JoNRlkP60pSNX4mIVNWaFlTMpY
+JW6rAkAAyEHb7ts1A27oIira63IgLMwigJb702UbWuv+0/Pr53TECeVgEyBKqeBZ
+Q9kzBJ9rgP5bbVDswZc4iTWI5zJDAkAajHdFksjamkyV/mWfDtdReFpYQ2A3d2NN
+AD3P/olLsptw+Tw3VwBAhkusdU1pIMYr3UIr2GwhuDW9iZUpAYL9AkEA3QUuCDHa
+nUNJ7095aeaFIsRcKS8GDAiQS9+RMOadhvH9cWButRuoLEAZxxGkcnL1Pby3lGa/
+cLQpsTMExg5Log==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw\r
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z\r
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2\r
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR\r
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ\r
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6\r
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns\r
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV\r
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi\r
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ\r
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk\r
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
; Config::Simple 4.59
-; Thu Nov 1 12:34:08 2012
+; Thu Nov 1 12:34:02 2012
[CLICA]
sighash=SHA256
-crl_signer=Signing Cert
-crl_url=http://crl.example.org/latest.crl
-level=1
signer=Signing Cert
-ocsp_signer=OCSP Signer
+level=1
ocsp_url=http://oscp.example.org/
+crl_signer=Signing Cert
+ocsp_signer=OCSP Signer
+crl_url=http://crl.example.org/latest.crl
[CA]
-org=example.org
-subject=clica CA
name=Certificate Authority
+subject=clica CA
bits=1024
+org=example.org
-update=20161101174751Z
+update=20170131185506Z
-----BEGIN X509 CRL-----
MIHtMFgCAQEwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5vcmcx
-GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNjExMDExNzQ3NTFaMA0G
-CSqGSIb3DQEBCwUAA4GBAFTm0R/eAa6I8NpxnYj8JaaPMla1Y85epIzla3MiT49/
-sxRGwfsvxVRbBgDOkGICVgnEOPF68efOQhGrDP8mUccHYConCPnlwphhjBbf5coQ
-QfJBDqr6hBbYf5qnWdgND+eso+nhA2bJOElAs6bk+R0FCJdeubd+HhjFoQ6idEeP
+GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxNzAxMzExODU1MDZaMA0G
+CSqGSIb3DQEBCwUAA4GBADLD6OroW8EWuq29VZY20bC+GRrfYYQVr6bnlFBeXci4
+9OeBuLSiuil3JJ6+dxudnY5EiuR5n0xCbrtXZl0Vo5vOG5715rHZJa1qClmuN/lg
+/1qEhrv07xM0Nr1KAolfY/AbCG/qfJQqYjfGE4PhYHoWCkorediQEZcCZttWNa1X
-----END X509 CRL-----
-update=20161101174753Z
-addcert 102 20161101174753Z
-addcert 202 20161101174753Z
+update=20170131185508Z
+addcert 102 20170131185508Z
+addcert 202 20170131185508Z
-----BEGIN X509 CRL-----
MIIBHTCBhwIBATANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFtcGxlLm9y
-ZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE2MTEwMTE3NDc1M1ow
-LTAUAgFmGA8yMDE2MTEwMTE3NDc1M1owFQICAMoYDzIwMTYxMTAxMTc0NzUzWjAN
-BgkqhkiG9w0BAQsFAAOBgQCwqQU6wOjlfQ4FtSznjytU5foi0kZWHFlWjmMjuz0f
-1UpZzpddpu8mxXIjZebvRSj5e1IQP9sk8H3sdd0D7mmiItk+qUKyJoWbEeA4om5y
-0DOoRpBGj5xE9QggV4eoxlesqI+WgKjv4vkJqlh6Ot/Ift6Wg6VrKREJTVLm3MQK
-5g==
+ZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0GA8yMDE3MDEzMTE4NTUwOFow
+LTAUAgFmGA8yMDE3MDEzMTE4NTUwOFowFQICAMoYDzIwMTcwMTMxMTg1NTA4WjAN
+BgkqhkiG9w0BAQsFAAOBgQAJBbIgdSCMTdcUL0399zEfbd5c12WOIo+emgVrfNsr
+23prPL1ZoPm8l+49oPX+QEamoupbYNwAAKZ+pB1geKL/h7fOidLHunsee8Fh7D/L
+KTxHFe93JZzHl5+xiQM8WRGnsWrRVVebmcktKHG2oGglzY3e1m1xZrIJ6eXmzPXM
+zw==
-----END X509 CRL-----
processor : 0
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
physical id : 0
-siblings : 1
+siblings : 8
core id : 0
-cpu cores : 1
+cpu cores : 4
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5424.00
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
processor : 1
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
-physical id : 1
-siblings : 1
-core id : 0
-cpu cores : 1
-apicid : 1
-initial apicid : 1
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 1
+cpu cores : 4
+apicid : 2
+initial apicid : 2
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.15
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
processor : 2
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
-physical id : 2
-siblings : 1
-core id : 0
-cpu cores : 1
-apicid : 2
-initial apicid : 2
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 2
+cpu cores : 4
+apicid : 4
+initial apicid : 4
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.09
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
processor : 3
vendor_id : GenuineIntel
cpu family : 6
-model : 13
-model name : QEMU Virtual CPU version 1.5.3
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
stepping : 3
-microcode : 0x1
-cpu MHz : 1994.999
-cache size : 4096 KB
-physical id : 3
-siblings : 1
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 3
+cpu cores : 4
+apicid : 6
+initial apicid : 6
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.13
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 4
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
core id : 0
-cpu cores : 1
+cpu cores : 4
+apicid : 1
+initial apicid : 1
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5428.40
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 5
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 1
+cpu cores : 4
apicid : 3
initial apicid : 3
fpu : yes
fpu_exception : yes
-cpuid level : 4
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5428.13
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 6
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.164
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 2
+cpu cores : 4
+apicid : 5
+initial apicid : 5
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.27
+clflush size : 64
+cache_alignment : 64
+address sizes : 39 bits physical, 48 bits virtual
+power management:
+
+processor : 7
+vendor_id : GenuineIntel
+cpu family : 6
+model : 94
+model name : Intel(R) Core(TM) i7-6820HQ CPU @ 2.70GHz
+stepping : 3
+microcode : 0x9e
+cpu MHz : 2700.000
+cache size : 8192 KB
+physical id : 0
+siblings : 8
+core id : 3
+cpu cores : 4
+apicid : 7
+initial apicid : 7
+fpu : yes
+fpu_exception : yes
+cpuid level : 22
wp : yes
-flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni cx16 hypervisor lahf_lm
-bogomips : 3989.99
+flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch epb intel_pt tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
+bugs :
+bogomips : 5427.26
clflush size : 64
cache_alignment : 64
-address sizes : 38 bits physical, 48 bits virtual
+address sizes : 39 bits physical, 48 bits virtual
power management:
- CPU0 CPU1 CPU2 CPU3
- 0: 135 0 0 0 IO-APIC-edge timer
- 1: 1 2 3 2 IO-APIC-edge i8042
- 6: 0 1 1 1 IO-APIC-edge floppy
- 8: 0 0 0 0 IO-APIC-edge rtc0
- 9: 0 0 0 0 IO-APIC-fasteoi acpi
- 10: 496 482 486 468 IO-APIC-fasteoi virtio4
- 11: 10 147 30 27 IO-APIC-fasteoi uhci_hcd:usb1, qxl
- 12: 0 41 47 38 IO-APIC-edge i8042
- 14: 0 0 0 0 IO-APIC-edge ata_piix
- 15: 24 20 182202 20 IO-APIC-edge ata_piix
- 24: 0 0 0 0 PCI-MSI-edge virtio0-config
- 25: 0 0 0 0 PCI-MSI-edge virtio2-config
- 26: 0 3 1 4 PCI-MSI-edge virtio2-virtqueues
- 27: 3075155 25 27 24 PCI-MSI-edge virtio0-input.0
- 28: 0 0 1 0 PCI-MSI-edge virtio0-output.0
- 29: 0 0 0 0 PCI-MSI-edge virtio1-config
- 30: 8 10 6 263042 PCI-MSI-edge virtio1-input.0
- 31: 0 1 1 0 PCI-MSI-edge virtio1-output.0
- 32: 0 0 0 0 PCI-MSI-edge virtio3-config
- 33: 2251 1443 1443 76439 PCI-MSI-edge virtio3-req.0
-NMI: 0 0 0 0 Non-maskable interrupts
-LOC: 2928502 2336072 2358940 2472920 Local timer interrupts
-SPU: 0 0 0 0 Spurious interrupts
-PMI: 0 0 0 0 Performance monitoring interrupts
-IWI: 172144 62813 48129 57019 IRQ work interrupts
-RTR: 0 0 0 0 APIC ICR read retries
-RES: 803123 677010 571558 698502 Rescheduling interrupts
-CAL: 22679 11469 17535 1233 Function call interrupts
-TLB: 82367 78077 78876 80352 TLB shootdowns
-TRM: 0 0 0 0 Thermal event interrupts
-THR: 0 0 0 0 Threshold APIC interrupts
-MCE: 0 0 0 0 Machine check exceptions
-MCP: 624 624 624 624 Machine check polls
-ERR: 0
-MIS: 0
-MemTotal: 1785008 kB
-MemFree: 254052 kB
-MemAvailable: 1298532 kB
-Buffers: 0 kB
-Cached: 491108 kB
-SwapCached: 252 kB
-Active: 329132 kB
-Inactive: 223080 kB
-Active(anon): 28840 kB
-Inactive(anon): 73412 kB
-Active(file): 300292 kB
-Inactive(file): 149668 kB
+ CPU0 CPU1 CPU2 CPU3 CPU4 CPU5 CPU6 CPU7
+ 0: 52 0 0 0 0 0 0 0 IR-IO-APIC 2-edge timer
+ 1: 16 459 44 16 71 52 37 18 IR-IO-APIC 1-edge i8042
+ 8: 0 0 0 1 0 0 0 0 IR-IO-APIC 8-edge rtc0
+ 9: 89 154 83 105 355 114 136 53 IR-IO-APIC 9-fasteoi acpi
+ 12: 201 49438 1213 1262 5483 1423 1806 952 IR-IO-APIC 12-edge i8042
+ 16: 1 0 0 0 0 0 0 0 IR-IO-APIC 16-fasteoi i801_smbus
+ 19: 5 3 2 0 8 2 2 2 IR-IO-APIC 19-fasteoi
+ 120: 0 0 0 0 0 0 0 0 DMAR-MSI 0-edge dmar0
+ 121: 0 0 0 0 0 0 0 0 DMAR-MSI 1-edge dmar1
+ 124: 7929 1965 1951 91801 6129 4099 2324 2579 IR-PCI-MSI 376832-edge ahci[0000:00:17.0]
+ 125: 219 13 6 32 12 8 6 22 IR-PCI-MSI 327680-edge xhci_hcd
+ 126: 97 12 17 44 16 8 5 2 IR-PCI-MSI 2097152-edge rtsx_pci
+ 127: 0 0 88 0 58 0 61 36 IR-PCI-MSI 520192-edge enp0s31f6
+ 128: 0 0 0 2 2 0 1 8 IR-PCI-MSI 1048576-edge
+ 129: 725 32 125 185 13085 451 7136 254 IR-PCI-MSI 32768-edge i915
+ 130: 23 9 7 0 11 0 1 0 IR-PCI-MSI 360448-edge mei_me
+ 131: 21 6 4 2 7 4 3 0 IR-PCI-MSI 1572864-edge iwlwifi
+ 132: 713 0 63 42 106 45 129 120 IR-PCI-MSI 514048-edge snd_hda_intel:card0
+ NMI: 2 1 1 1 2 4 1 1 Non-maskable interrupts
+ LOC: 33466 27621 28699 27181 44170 60850 27384 32510 Local timer interrupts
+ SPU: 0 0 0 0 0 0 0 0 Spurious interrupts
+ PMI: 2 1 1 1 2 4 1 1 Performance monitoring interrupts
+ IWI: 4 0 0 2 0 0 1 1 IRQ work interrupts
+ RTR: 7 0 0 0 0 0 0 0 APIC ICR read retries
+ RES: 9981 4165 2812 2504 2970 1497 2331 2607 Rescheduling interrupts
+ CAL: 51614 26930 27696 38549 30005 38583 36536 38830 Function call interrupts
+ TLB: 44868 21971 22151 33281 24454 32863 30173 34882 TLB shootdowns
+ TRM: 0 0 0 0 0 0 0 0 Thermal event interrupts
+ THR: 0 0 0 0 0 0 0 0 Threshold APIC interrupts
+ DFR: 0 0 0 0 0 0 0 0 Deferred Error APIC interrupts
+ MCE: 0 0 0 0 0 0 0 0 Machine check exceptions
+ MCP: 3 3 3 3 3 3 3 3 Machine check polls
+ ERR: 0
+ MIS: 0
+ PIN: 0 0 0 0 0 0 0 0 Posted-interrupt notification event
+ PIW: 0 0 0 0 0 0 0 0 Posted-interrupt wakeup event
+MemTotal: 15855100 kB
+MemFree: 11477720 kB
+MemAvailable: 12987088 kB
+Buffers: 385492 kB
+Cached: 1340976 kB
+SwapCached: 0 kB
+Active: 2943984 kB
+Inactive: 985944 kB
+Active(anon): 2204564 kB
+Inactive(anon): 57088 kB
+Active(file): 739420 kB
+Inactive(file): 928856 kB
Unevictable: 0 kB
Mlocked: 0 kB
-SwapTotal: 3354620 kB
-SwapFree: 3353308 kB
-Dirty: 1476 kB
+SwapTotal: 7933948 kB
+SwapFree: 7933948 kB
+Dirty: 1696 kB
Writeback: 0 kB
-AnonPages: 61072 kB
-Mapped: 18504 kB
-Shmem: 41148 kB
-Slab: 898368 kB
-SReclaimable: 847936 kB
-SUnreclaim: 50432 kB
-KernelStack: 2672 kB
-PageTables: 5384 kB
+AnonPages: 1629620 kB
+Mapped: 242948 kB
+Shmem: 58196 kB
+Slab: 252040 kB
+SReclaimable: 179452 kB
+SUnreclaim: 72588 kB
+KernelStack: 6800 kB
+PageTables: 29632 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
-CommitLimit: 4247124 kB
-Committed_AS: 383308 kB
+CommitLimit: 15861496 kB
+Committed_AS: 8751488 kB
VmallocTotal: 34359738367 kB
-VmallocUsed: 149692 kB
-VmallocChunk: 34359524352 kB
+VmallocUsed: 0 kB
+VmallocChunk: 0 kB
HardwareCorrupted: 0 kB
-AnonHugePages: 6144 kB
+AnonHugePages: 684032 kB
+ShmemHugePages: 0 kB
+ShmemPmdMapped: 0 kB
+CmaTotal: 0 kB
+CmaFree: 0 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
-DirectMap4k: 67576 kB
-DirectMap2M: 4126720 kB
+DirectMap4k: 147456 kB
+DirectMap2M: 6608896 kB
+DirectMap1G: 10485760 kB
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
- eth0: 218826535 3198986 0 95481 0 0 0 0 7353205 57500 0 0 0 0 0 0
- eth1: 29582092 268307 0 93503 0 0 0 0 30026750 67530 0 0 0 0 0 0
- lo: 1056 11 0 0 0 0 0 0 1056 11 0 0 0 0 0 0
+wlp3s0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+enp0s31f6: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ vnet0: 32675 319 0 0 0 0 0 0 42290 545 0 0 0 0 0 0
+virbr1: 28209 319 0 0 0 0 0 0 27394 284 0 0 0 0 0 0
+virbr1-nic: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ lo: 92538 1136 0 0 0 0 0 0 92538 1136 0 0 0 0 0 0
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci
-UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy
-KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB
-mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq
-DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO
-gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy
-e/xewJdeLc+y5zuobX05I7rP
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l
+yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk
+esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd
+FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB
+uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9
+tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5
+U9+lNhpF9AUWEAAo3FqHgShh
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired1.example.org
- localKeyID: 1F E8 12 E8 2B 26 DE 83 89 52 9D 86 BB 3E 54 0C 0E F0 1E 85
+ localKeyID: 56 97 A6 F6 EB 03 2D 8E E5 E1 57 7E 7B F0 BC F3 C9 BB F3 D1
subject=/CN=expired1.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxMloXDTEyMTIwMTEyMzQxMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
-ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ65ETDQ0BFUzfULaRgT
-7y3Lmo6D824GBywv4Dndgc5pChikv7TyCv3d8JdGs+ujXJUqzp0ahK/vamjoj8WH
-+MKRVXamiDbNsVggjr9GaF+4bP4+Pxlk9RNpbqlpuMzn0U1u63/QnMjOii/zZN5T
-q0yvOLl2RYYnftKkhA1o9h2tAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwMloXDTEyMTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANImCjuDNWSYsLa2Kav2
+9Pu+dMrn+gXIUJ5WGNzjc0fZUf9u3W2is1Y/6XrNkHsMAELyadAD9DJCzNQxB7YL
+Gn0wlo/glr8Njxe4q3FmJq1AjCUB0lDXEeHbyP8HoVu1Y/aY5vAJsVwW5od+S77d
+ewSvg6vR8zhjTAZiscgHwzPnAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHwYDVR0R
-BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAuyaK
-diFbp3JdXCjvrupsLExA9592LshGTyBO8o36MLUFdzGIIsYN0vXWvJfiTShIGAtx
-9RMiwbjoUwVf5bQPHBeQJTIlkxBSJ11h8DJynNLVrxcQ9l95sO0KbCcJF/C24xO+
-FmxmReGz95B/70pGdejwqbZHND6jTU7lzk17iEA=
+BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAN3HU
+uSw4LZzflDXB6rtzOBrYU52GnZmBgwdKO851kHDIi5HJSe8KFk7thDtMQHQskh/R
+650WMAHy+S/k87OONlk4p9ZoM7yIoJgvJ2WFcGK66eM76o5vnm2dhy88s4MzNsks
++H3xFAI2lPYBoKJKeKz3XZj0QuDli6KjlCte290=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw\r
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z\r
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2\r
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR\r
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ\r
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6\r
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns\r
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV\r
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi\r
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ\r
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk\r
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired1.example.org
- localKeyID: 1F E8 12 E8 2B 26 DE 83 89 52 9D 86 BB 3E 54 0C 0E F0 1E 85
+ localKeyID: 56 97 A6 F6 EB 03 2D 8E E5 E1 57 7E 7B F0 BC F3 C9 BB F3 D1
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIa+ZaRfZ9YdMCAggA
-MBQGCCqGSIb3DQMHBAiiBWlQ0jW19wSCAoCiihzOTQtSnUUuGcsOlhbJOZKALjU+
-55566IeI7awy2s+E3YqFc+Ii+kLHVc1aAiWLhOLvQJEs5ox1xAqgJyZwxs2mgxRS
-kLkFrYtjeqXVZPr1rO77ngWxRR+f9biHXjjbi8aAt2dfn8JdaL6lD+e6H0Y6+coP
-VIFCgov8gNB0sm+QDB5Jq9+vxZSgplbyJsJdzUUDST90XDtI1PFdXZlV+3fCUT+H
-u3gJ38OdQ5HEQYizDCR6buwiGWGJkAONI5oBBtyfAH5eGE9ogzEwf8OHUSqQwuNl
-EVaCUrwrCCu8w8DE24rsRaMcP8ApXQEtxN8hdBWqqyYs3uGdHWmVp/h7CutVqyVj
-JBt8yqNdRyBeGXLH1PnnLS94J93hVj3XrOG/ScGEXgPzDXNK7ws47iySLCW/DVwQ
-XpawOMKvnRRPw8Tmeq8Gx4uFke5h45EwlsBIa5Sfq00uMCyJXg62BD21Opo3jo0T
-dhBxlUTXlQXgF0GzxM6aXX2ZDoNfHzJR+C6mBAVs26NobLr2NZ+i4HgylylA6tuJ
-rYL1PgQbKeWHMIcx22PHij97BV/+H7bBRUxqJM4da9cg4t6IxPpB3dJf6cXqAkbH
-/msgx0KVYdBANIC8AF5+pyhRA2+WrVvFxyvb8Ji4DaV5re+nNLt9ZFRiCiFjUL0z
-pydZiTddgQ3I1WGCiteqLEEsSvy34Ju3PyQoQJkNH3TFmvHcNvjd78gRWPTnY9DI
-1PpUJD0GYtvAxj5PZaord+ESHEzGURaIVbUEuguXVdg239f7Kw+NymdEo/Ne3LD6
-+VU/2Sq/vxRUCdJKkhEGcBLeLvducWbB7duVLi8agK4LyaakcCsy91GX
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIYw5AHKHpvwACAggA
+MBQGCCqGSIb3DQMHBAjPjI96QuNFaASCAoAjCiOv8zLE19SudivjlvejgTBwUXXb
+RKTIijmHGXjP2WaW47vWcCZ8hSDI5TEuDF56khVea56GyWW86XFB/1P2Mcwg2HBP
+OfqrFG5ZZI1zQ/40U/jkYpQ79IUAvY1Xn3Af8hsbFGo0saIG2HpWdDQqWE+MM+fU
+rTliQVtCHaU2V5w4clcz+CkzUyHtRogc+gX+VMl/bKK0OkyT8R1tA1eRJIUiDTc9
+kpEFD9wQB+TpWH3UyMg8Vy+GBQVH9R6Q9mcoDMWvmYTnT9wkcb3DhHZ7Fb+vlzNK
+NssdtTjxguFpjDozvxbUH9niJUAZcC5owd0LO8q/0IVuNhJEZOAtP9aeCklMvs5n
+u+4e4/jDXWmU3LHIPVy4X3j8Rf1y5YTdu2DZQLZs707mplLtBqnf0DLY1va1Y4/E
+i2SDfRamfjvQKissZL1QywniMLXT66dXMSINSG+jPt8l8DkYNEgwcaSepJAERF1q
+3y3TCBXhj+juhN4aiZT0zbQiDA4NHzHI8+xs2yThpaqA71o5xh35l+dMcRNLcWuc
+3CpVQvsGeVyF6Rn9isMFa3TuzGMfeG+2GNWjL1/hy5i3ROiV3yuuGX10kSSbg0sn
+nbAhCFugRYEywE6+Rnv9tfTwU9zutQPK2VZrG6GNzT0cucLGLbsHIts20QOWjiI8
+5cV5fDKTZhzPld2K8OpkhGSnRkdWvay89RwAzebcsBwSNoPfuxX0pXgi98mnaXVY
+KDhpmGhUya+AcflPJyd3DY9Ys/Eldq8aPEj0JWUGhyJyy0K6waoFTuZ6lIZMMLWV
+vHfsQlgTEqHlaXvs4qg9yzLHJaa40ucaeIbPjDtHB82Rd4APCoSkYTFn
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: expired1.example.org
- localKeyID: 1F E8 12 E8 2B 26 DE 83 89 52 9D 86 BB 3E 54 0C 0E F0 1E 85
+ localKeyID: 56 97 A6 F6 EB 03 2D 8E E5 E1 57 7E 7B F0 BC F3 C9 BB F3 D1
subject=/CN=expired1.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZzANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxMloXDTEyMTIwMTEyMzQxMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
-ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ65ETDQ0BFUzfULaRgT
-7y3Lmo6D824GBywv4Dndgc5pChikv7TyCv3d8JdGs+ujXJUqzp0ahK/vamjoj8WH
-+MKRVXamiDbNsVggjr9GaF+4bP4+Pxlk9RNpbqlpuMzn0U1u63/QnMjOii/zZN5T
-q0yvOLl2RYYnftKkhA1o9h2tAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwMloXDTEyMTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANImCjuDNWSYsLa2Kav2
+9Pu+dMrn+gXIUJ5WGNzjc0fZUf9u3W2is1Y/6XrNkHsMAELyadAD9DJCzNQxB7YL
+Gn0wlo/glr8Njxe4q3FmJq1AjCUB0lDXEeHbyP8HoVu1Y/aY5vAJsVwW5od+S77d
+ewSvg6vR8zhjTAZiscgHwzPnAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHwYDVR0R
-BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAuyaK
-diFbp3JdXCjvrupsLExA9592LshGTyBO8o36MLUFdzGIIsYN0vXWvJfiTShIGAtx
-9RMiwbjoUwVf5bQPHBeQJTIlkxBSJ11h8DJynNLVrxcQ9l95sO0KbCcJF/C24xO+
-FmxmReGz95B/70pGdejwqbZHND6jTU7lzk17iEA=
+BBgwFoIUZXhwaXJlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAN3HU
+uSw4LZzflDXB6rtzOBrYU52GnZmBgwdKO851kHDIi5HJSe8KFk7thDtMQHQskh/R
+650WMAHy+S/k87OONlk4p9ZoM7yIoJgvJ2WFcGK66eM76o5vnm2dhy88s4MzNsks
++H3xFAI2lPYBoKJKeKz3XZj0QuDli6KjlCte290=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCeuREw0NARVM31C2kYE+8ty5qOg/NuBgcsL+A53YHOaQoYpL+0
-8gr93fCXRrPro1yVKs6dGoSv72po6I/Fh/jCkVV2pog2zbFYII6/RmhfuGz+Pj8Z
-ZPUTaW6pabjM59FNbut/0JzIzoov82TeU6tMrzi5dkWGJ37SpIQNaPYdrQIDAQAB
-AoGAFPxRGowxRmlZBdIpZgaUtBBccgVeNSjU3/HAisYPuJPIwvNdaXYrH9+tRMMT
-XM9vmUVcpgbwjjZwckh1Yd+VcybnPABw3auOeoKWTKHg0B6gShwBSkkh9Pq8zW3t
-lOR8GFm0UmbvKf0Z8GFGfkHab/eKwMCVm8t4PHNnwfE81l0CQQDMFWNViXqe+n0g
-ZHh6Sp3/+nKJ0bKQD6dYcTI6tPhBhBFvQUFVSRsVyeBlGRB++BOxd/Yw93qJbCcC
-VD/PrMbXAkEAxxmkLlBr3nfOabPT3Yi8ctvg3zIJ9j6NslZMxCdJ96qoZu51VnBl
-1TvhM78/LnbW9uCh2KkPR1SV9W+bsuhjGwJAaKcjHC72sWWUGrNK0LNI2IZOi/v7
-jEJqt0C82DwK/lXCNwIIhbqKaB7wsgcrXWDLgHsaxTtzG9tZGamoW0+nWwJBALW8
-LQXteJjnyOzpLXGgt0sscxWoSjmQHaz0YzwFFNpR10elUEunavx5nPWsExLpfQx6
-PKFUp9KXXg5bYsaqopMCQQCEGg5SRni9xSapkmf0RjA/6v+rSGGyLnMl2hNGazN0
-BVMfbhPWJ3Xs8vJYZUAnDC8P1BC2t45lOVNr/Ah9bJ1T
+MIICXAIBAAKBgQDSJgo7gzVkmLC2timr9vT7vnTK5/oFyFCeVhjc43NH2VH/bt1t
+orNWP+l6zZB7DABC8mnQA/QyQszUMQe2Cxp9MJaP4Ja/DY8XuKtxZiatQIwlAdJQ
+1xHh28j/B6FbtWP2mObwCbFcFuaHfku+3XsEr4Or0fM4Y0wGYrHIB8Mz5wIDAQAB
+AoGAQNzE48GHxVjrkjl/ezhqPRl36vjWztoZKAXi/qqldlO5X2HUrnY9bC2l3uV7
+5r65hfBUgIP351t+5S+M9b9PmS0cMTQ9M6GHF8Ahvw5CKlttg1cHcU+5GMYUGPJ6
+NRI3V3RVJI8ew7SljN9dEoPjXThqAQwgDfxAbJCvr163rOECQQDuxqjJxMfvg3Yf
+RYvMPsAfaYfGymXXKoAUsEZdqcWFVk4OcMd+lpN2yWZ7+CSVok0XaLA3wObgRV1S
+Le5IhrSzAkEA4U68AOuu8fgTGwY62Z/ux6K0qYFomwhUxy/RVdezMHP/KSgjH5cT
+6L3jVr2vOfO8WwNst7IdUNQG9LhLkUhl/QJAXl/YsL79QzaThnKneZfHueKtDq5K
+qEudChBOD5Edh8D/4wdCYk9Dg6zAu/jtBNN8Yuc21yKAXl4sL2IGD1ZmrwJAD/nM
+POh5TDEB8c2cSKgdf0xbMRW6/Bs4H7OVTVfxHcNr2Vg+PVQyFjO4tgLXNO3CclWo
+1NGtYHjYUWvr985BZQJBAOD5MMnrWWpXW1b7GTQfw24zMfYbw5CNEYXUn3t8mwhL
+/wDBfNicDchags/kP7AhQ9xR5br29v41kJhk6DuoKbk=
-----END RSA PRIVATE KEY-----
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci
-UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy
-KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB
-mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq
-DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO
-gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy
-e/xewJdeLc+y5zuobX05I7rP
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l
+yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk
+esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd
+FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB
+uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9
+tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5
+U9+lNhpF9AUWEAAo3FqHgShh
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired2.example.org
- localKeyID: BC 49 19 1E EE 31 06 3E 4B AE 35 33 9F 5F A4 D8 A8 A0 57 69
+ localKeyID: 0D 1B DB 87 3F A0 82 FE 25 25 17 FB 02 8B 11 A0 C7 3B 3F 2D
subject=/CN=expired2.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MTVaFw0xMjEyMDExMjM0MTVaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
-bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpk3vdqmKGLJ1atHFL
-VM6BNY2H/RAPgt7bc+6zb6/PBIzkQC5yjA552IHOs3LWLYRKUHEcJ/7KsAO6Xi3i
-9nD2leVy8vjfudjqgdAb3BSXdXMuqm6GFHHAAClB46Cr6pzHD4f9r8GoDvHjvqFe
-n1EObewAbGAhj22DfPA2vfV68wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDNaFw0xMjEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrcutPy6MwDf8v9KY+
+EmfD1UgqwzWDfExzOLltPoqYDe/925YdyR4APYZwMYKSz6aCqcr2RHXNlhaQxn28
+QXBEiqYN9oDxSUBGnMYpahG1kVChdwDOmB7xs6Qr8fyMQSQ6fxOSs8NpSiobBd5v
+JXvFsLyoqpWHF1hvRFpPAtjY9wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMB8GA1Ud
-EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAG5q
-2Axh9aXYSUyzVv478q7JhGOJKQ6ZpmVChQghFikeo/GAxv0gm62aD2Ka9+iNkc66
-yGIFOc+QK7pOIClhDpp3AKWrgzhmdYQ3aOfbgTigG4jYjz5SldE0nedrK/xRVJ/J
-oLxAhtxpRO9htIJTcx2pW4DRu4Wv13uncB436kPD
+EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAIlD
+3fGGN1764ZR0OBfhIcfR18putZkIlFQSQojhj4ZgCisqU/pXlkQ8FM2mUhDLZfi1
+dezo36i6x3tmNnnVVc0DUn8mmD0t0SlH7PBrIyhv10spu2wfitNqnuyknAIpEE5V
+v2FZRwnBxqhQkWoGjDb+vCOJxH3zYgXMEaN99Ifu
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw\r
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z\r
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2\r
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR\r
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ\r
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6\r
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns\r
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV\r
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi\r
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ\r
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk\r
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: expired2.example.org
- localKeyID: BC 49 19 1E EE 31 06 3E 4B AE 35 33 9F 5F A4 D8 A8 A0 57 69
+ localKeyID: 0D 1B DB 87 3F A0 82 FE 25 25 17 FB 02 8B 11 A0 C7 3B 3F 2D
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIXzoSEpxpBAACAggA
-MBQGCCqGSIb3DQMHBAg9BBR7hWZt7wSCAoBlLeuxRVykDRj7vKA4febmUGxPbNwF
-Vyt6Y1Bsn8VpwxDypA32u7xx+o4fi0J6o8CbovDChfFO/U9ptxyRHNN3ZGWuBuEB
-XwXMzIAjymoqRVDEOdTWziyrTHVm74SuUPirxZ1TwGVz4tJKQclhaIOpB3dByV6x
-QyJ208vp9D1ona7TYJ/+CfQUHLHcZ6b1am9DitIxfoRJL6n11A8LYA1JjIYK+ESa
-ZKngsYOnl9LMoTXaPWsR5KSCmi4OrqnjAoDCb9Mrn4Bn2UeJkYRg4FEVK+fM0wrs
-UytmP4p/u88reHRWiCT/yRNCJxuRcDrFMYtU3InExEXDIek+IjQQAeF82rn9Ku0m
-Sl+q1wxT15PRPmFXK5rkcdzlwu8dS7vo9W9wUQyE2BpDGUJmKGWmhFeus8XoJuTa
-7jC1TR60VkGUHyHPfatV7IjyEGBr4rWp1MnpRH1Yw4vSgX7AAVWdoeX4YfNB6gsA
-ioX1dYLQpZZ4+DB6lPNUEX6pYyszwqmYUMuVvu/j6SGYsyoxrIHapL5cmTsBjt+S
-uvoeglZixIrZLcUDn4fpcC9Ks7QswF1MzEsqxW2ZcKjPYyBJ6otMid6u8BRWnkAx
-8IZvRFddStKjS7iiuAQ3N02cn727q/sdwvXEaV3A7Pc/hK+PPF47m/Yg4Wi4JSIp
-6OLwRPqTkBDJ7QJcrem6zod+eyoMY2KyDmP9geJAM7hfk7JhPcV9ikEZe7rAUaA4
-F08WxbFSEIKoc07ZBjeQjztmpK6z2c5+JsDenPpRS+p1gonKvpbIIeKfsPoW4IEE
-cWGFH7GPtWfc+ubPiGsFEFICUwxFK9rc82pxe7qmQ/ZEw0JUnM+Hv+o4
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIm43+EhADc5wCAggA
+MBQGCCqGSIb3DQMHBAhpt6/mtIXjNwSCAoDi0VXOiUz3lGJBbkvrD9woQ6e5w3gu
+VVIfze/89KJsBTlLo7Idg1/veb9I2swd8XuKMjo3uiJdt3Xtv5LyJysF8qMRlm4L
+WosNaJ5iTve6beJlLcy1KnPyrReq+CHGToALGoejewlaU4zRzW8yTY6J1Hg7xiKD
+QzgfbGeji+4W8fsWMVk1vhmj1edf1upNeFdTS8esmZOfk4LlP5WGV8KtE2ikZ/mj
+V8kHg0pJY3jNhcolpUSw1y4C4U4Sus00L3wiRFEG98ltZPPtp6wcVV1brU7XwzP8
+StKMCyCte6e/PoOklkcznZZZKABo+/yfrzrH7GI0ATwoyQATvObAZdmsF41Lw8Zx
+aY1YEYulFVcqjrGFP8b1vRllw//XvYm6xr3xcPgSnifJ0b4lGjqjW3peJW2n5fp7
+mwr6pmWEGFE5c//DjbvvswiIMa5xBbBkEaySbSnS2mzzTIHYP8ezEgyU8jDACEJD
+/F/evkvyTM3fYQMh+x9npD5dI3Ea7rd+6CikFhFGT2f4JT3HO9z5pB2VWR8i5E06
+c73VwLQGCkQKyPj+5M+ISooVgohKo9MhPpNPdG7lDLW6Z/PNhCS60TorQF7BbqhZ
+1r1sp9Cc+rFlV6fAJy0DB7lrVUKi7Sfk+uaqtNlHc4shPEs4uB4SLPBLXXgoYzBD
+mFi7OFQwLaSQVv4XV88ewxYTNkRJFowZzeRoxRZit8ReVC+28Tv8ISnKK6+ZAY1o
+N3CkI4CBdZtg6I9KS9ABt2BspcSEGuN3XEzkfVDk09POVaO2t/HQZIAyNVu4RAny
+afaGdLUyaGWNYNSqH436XeiNZyoIg/QfI041JQb4/fwcrYikZNlCo4i6
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: expired2.example.org
- localKeyID: BC 49 19 1E EE 31 06 3E 4B AE 35 33 9F 5F A4 D8 A8 A0 57 69
+ localKeyID: 0D 1B DB 87 3F A0 82 FE 25 25 17 FB 02 8B 11 A0 C7 3B 3F 2D
subject=/CN=expired2.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMswDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MTVaFw0xMjEyMDExMjM0MTVaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
-bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpk3vdqmKGLJ1atHFL
-VM6BNY2H/RAPgt7bc+6zb6/PBIzkQC5yjA552IHOs3LWLYRKUHEcJ/7KsAO6Xi3i
-9nD2leVy8vjfudjqgdAb3BSXdXMuqm6GFHHAAClB46Cr6pzHD4f9r8GoDvHjvqFe
-n1EObewAbGAhj22DfPA2vfV68wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDNaFw0xMjEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrcutPy6MwDf8v9KY+
+EmfD1UgqwzWDfExzOLltPoqYDe/925YdyR4APYZwMYKSz6aCqcr2RHXNlhaQxn28
+QXBEiqYN9oDxSUBGnMYpahG1kVChdwDOmB7xs6Qr8fyMQSQ6fxOSs8NpSiobBd5v
+JXvFsLyoqpWHF1hvRFpPAtjY9wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMB8GA1Ud
-EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAG5q
-2Axh9aXYSUyzVv478q7JhGOJKQ6ZpmVChQghFikeo/GAxv0gm62aD2Ka9+iNkc66
-yGIFOc+QK7pOIClhDpp3AKWrgzhmdYQ3aOfbgTigG4jYjz5SldE0nedrK/xRVJ/J
-oLxAhtxpRO9htIJTcx2pW4DRu4Wv13uncB436kPD
+EQQYMBaCFGV4cGlyZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAIlD
+3fGGN1764ZR0OBfhIcfR18putZkIlFQSQojhj4ZgCisqU/pXlkQ8FM2mUhDLZfi1
+dezo36i6x3tmNnnVVc0DUn8mmD0t0SlH7PBrIyhv10spu2wfitNqnuyknAIpEE5V
+v2FZRwnBxqhQkWoGjDb+vCOJxH3zYgXMEaN99Ifu
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCpk3vdqmKGLJ1atHFLVM6BNY2H/RAPgt7bc+6zb6/PBIzkQC5y
-jA552IHOs3LWLYRKUHEcJ/7KsAO6Xi3i9nD2leVy8vjfudjqgdAb3BSXdXMuqm6G
-FHHAAClB46Cr6pzHD4f9r8GoDvHjvqFen1EObewAbGAhj22DfPA2vfV68wIDAQAB
-AoGADiqfB3argnAJuUEn0dZE5jB2IW03wUP6oDTANUdYVaAYsRzXhIRE1VMMDRua
-tV/aFGdB+8svkvk/Zntls/dImn42uCr9WlM26qsV9c8e8dcQRmHQgWn3uSimrYP7
-FMTYrpTv+WCBxmDkAioh/efN0R2UNiv4i1AwRBiagXFVLkECQQDYf13hDEgV2Djq
-LDcjNyHLLDPI8kCdCYiy8BNitv6iOVdW9KB5Wpa200qYPhyFicXz3eWZtgm62ODo
-rX875CdhAkEAyIRpD5vTmsezgmH4N2dZzAf55QtXEnM+t/rAf3tu6Tb/DVJnDlLr
-oEu3lTJk8egoYd2s1u7EbTfmkkTFovTG0wJAENdHjDwSV3CsbLrnxxuAy3cyyAzg
-LdcSBSlbuLAXerMPMjpxST9cvfgNs24RdenTtjaqp5xbgWdhh3gHj7cdwQJBAKXw
-znFYZ/oDoo8YPK69HRc40pm2lMx0C0d+gKf/on3mQZToyNiVzuHNR5R1LAz2L9Ut
-+se0uWIZjPsnZtfA8nkCQEEtRUwc4wj8Mit2SWHViaK7EckNZrQ6ZkC55DxCDulv
-Qgy1MaPR7Imzh8RTvWywSMrvkE/+lwEZjMKzxb56sIo=
+MIICXAIBAAKBgQCrcutPy6MwDf8v9KY+EmfD1UgqwzWDfExzOLltPoqYDe/925Yd
+yR4APYZwMYKSz6aCqcr2RHXNlhaQxn28QXBEiqYN9oDxSUBGnMYpahG1kVChdwDO
+mB7xs6Qr8fyMQSQ6fxOSs8NpSiobBd5vJXvFsLyoqpWHF1hvRFpPAtjY9wIDAQAB
+AoGAJC0c+trgpaCmcnOAaoOOspM75Y4IKiTdqshS0/rI2rnCJIIjhEhuFKXmyqCf
+ySOYomR6Z4ldhBJB062WVVVHf05811usTNPaaKGsYlgN9h8VZkMXL6jGdUCuoKV7
+4RpMN5cXoLofZEiuqQgfoJRPksEPFkq4vIFwCtMylE+ecoECQQDY8MJYCFh6XO6R
+JtmDgT5x1nIPKXNx7b2JSFkKr2HDRwuc/U/RlTHZNIqJy0B0EOunurQf46aq4yHm
+luZ8KROBAkEAylFbyhfEbhT1Ky0zZtwHsgfyi8ZifXeY1XQPU4QGsckeH6VuU+Qt
+di5IX42xvn5fNiv7OnOwYWokwTIYJoTIdwJAOYBfUuwrX4ugZHLytoucXJols2Ue
+R3VnhqrZhx6DgDolluABtyCfjN4DVpC8LceKXvP66HTz6Vm406DtyL0ugQJAQ5Ee
+RYTgfh8TreK/mud6znMnBpUviVVqvkavY6XhEnjnTYxTJ0M6B5D3bKoGpWbQ52eS
+1HeUfUQUmEzhkeOgiwJBAIuSckRkCGwPz1lJMEXWGPnXIHX5m6xS7czZiXYEQjDI
+sc7ZX5ChkTH+xkG/kKCux3uzWZV9/Bze9Nf1HTJQlHY=
-----END RSA PRIVATE KEY-----
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci
-UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy
-KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB
-mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq
-DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO
-gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy
-e/xewJdeLc+y5zuobX05I7rP
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l
+yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk
+esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd
+FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB
+uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9
+tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5
+U9+lNhpF9AUWEAAo3FqHgShh
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked1.example.org
- localKeyID: 62 09 23 AE C1 DA 20 CB E4 CB F7 7D 56 C2 EF B9 96 E4 60 8E
+ localKeyID: 16 B3 32 55 D8 A1 08 97 7C BC 6A 34 A8 E5 16 99 80 90 A9 65
subject=/CN=revoked1.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxMVoXDTM4MDEwMTEyMzQxMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
-ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzAXVcUFIbXHd4434hL
-AMLBwWwJfq9081hOorKkcOvZJ1AosMWzWRgnMuC5srj4zkGiJq2iR2CL26A+/34u
-b6QQbVaTdtYz4xPNY760BECVOzpXKkD+8LYpZpZY6BU6LKHgdtwwWit2jiryLLhH
-RTGwGQpd5zmNvk6yAB4AKcaDAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwMloXDTM3MTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANQ5TGY6CeRUAIwm8yIr
+LUEgx8w4fgM8aoZJ7e3rm4nyNHbokZKUz/ixjsfTmvp2HP64GGhfi7s2tV+4m4oe
+uklEvxjc5beTOOF2kLPAD85ycizzUtA2zYPp00F52FwDHC17/5wGwXmQ43ULuguJ
+xlWLAAnhtTLvlt4kizHeI9JxAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHwYDVR0R
-BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAR4pF
-hRr+vuDmtx4Z1H4PQrMviAolUggT5fK6Xt/VWI42rhRyIAmk9+L72UpeOJPay9zH
-Y90WWTmVF3Z0ygtJoqxMa4+yCHP0X5YvoMxU0F69gwZ1VwMSH0eaqfy96keC51IH
-GGJhDQnSCvdaZkwHSr9x0NbjkScHEIYbGGjgFHI=
+BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAAFxO
+ibdqx4Poxsp/s48C8LnzVoudTMFqszwDTaUdiOQppBL9PMEgQKo2Ai/stxGfSl/s
+/QcBVjXt6fhGs6jojVWMuDbAmLGa8JUjSK9zwcvHvHef0lIw30nwI7OXK6pV1Nnk
+ShW5r683Zm3fWBPk/meEDUNuKH4fVC5hcbJPulQ=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw\r
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z\r
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2\r
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR\r
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ\r
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6\r
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns\r
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV\r
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi\r
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ\r
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk\r
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked1.example.org
- localKeyID: 62 09 23 AE C1 DA 20 CB E4 CB F7 7D 56 C2 EF B9 96 E4 60 8E
+ localKeyID: 16 B3 32 55 D8 A1 08 97 7C BC 6A 34 A8 E5 16 99 80 90 A9 65
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQINt3ve3qUUP0CAggA
-MBQGCCqGSIb3DQMHBAgrqUmSSqVCSwSCAoBmJ39SMKPkCtt3ZVosxt3FRTOCDDLJ
-2o9MS+QMqLxHZC8bDefqM205j22PLE82XfVGIkgOKCRF7tXeH5hEMeSm/YzY+c15
-Nd3kjasxBCPH1DUnOCoFQ/aZ84krdSVPRPf1eVuWSLymMPDG7WchdQY0qcKHGPCS
-5tMOFGFhR+pYJTuEasK9PfSDx6bG3ia2Big+6O9SW8ubJ8f5T0v4dQ+NXOHJ690r
-y0YoqtZcQG+9RoXTKFVLpKFW3PEWkDVjOrTpkvzHrbtZGETvp7uM2z0QtCS4ylCq
-jDwfoeAGmJexcImVWWHSKESCWoK5vwvC/0wd/WO4I5WCL2rgRzQM1K6TyB+0p99n
-dzVqDKy++7Y7CHP61RZmP/rHL12xFhKAax+kW3QTqceT7Q3iXvM9h5NEoWAOPjkO
-qWr3nmeHDvzYof6WB4TojbcqNNVep9LHxfkIltiLemyniigf/uisq+Nbbwxuv538
-raOUjqV0FKPsNXeOM5dJ85dQ7MUZj9UNFE6siSDMb4r7wdLLrcEv0yOecXHNfnzL
-JFP51OfMJh6kVSxuagH8W7X5LG/W4NhRc4EAVvLiYyFnAaJvH/twdgepEgNMnF+H
-xMvn8JqBEiwXSUdU0rSOmmB1DDJi756oRFbWn0s9+yy5ZonkPnSUtUCTw9rBXijx
-s+9OvsF+a8igsTrPv48bBNxKumwSwasM329CUSj1bnoFMdXU5CeKAdrpFUvpKTlX
-//HmRqnJ46OyNP+uUrktg9pDAucCg36vXMn0VOVqrh+XiZX0NAIghCD9ZjWDtECp
-yvvIcdEmF5hNt2c8pnCvoabVC9SHUfF6rPUx9RQyUWFcFhiPLGqa4nx1
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIRkXoekprbYgCAggA
+MBQGCCqGSIb3DQMHBAjhK23s2B87MgSCAoDQv3pazdLUvYbPkShsuco700PJRn0i
+Iu4o446zUSLfgrFRbMfGdMSQoCklSGtHfhEwqIwg9j7mkJ3Rh9BoA/tFcM7/eOsx
+2rbb9EFPGsNm4a6AXkI+1+umXJJizPORGZ2uYrqoQ/ACaLegS8VMeEOvp2RJXxBN
+MqeESk2OCxA21YHgrGH0Noiuhy9NjW9WWFzvis5lgCJd24gLiEXyNBY6oq1oIUd7
+Xi095aBC+KHsQRQngbGxNd/M/TYI6RkdxNhPpvibHN83fhza+y/EVWtkJ/UW9gcv
+WPeBFFLjFHfQg51R8Ra4xZvaVgR6PB8ULPi+fSLt7XtvextUuR65mbTk8a15fljB
+SkJnjGFS1zZABJD7rDj1WpqMEH+2QIqn3usRxYa5tGVbONI3wlqV49Z08eIjDPwT
+DDXTlUOGZg1VIYWN1qkAJuApuZS4Ax/ND0fK/Qm5UMPBjbXOG6FLX3R2EfXcOeXC
+HVhSRTlRay/7YTlByek1V9UQv5NCF2Urpvio4xaMs5K5DFMpXsnUyzgfIzv0101e
+nEjDrZjkDmWqIm0hMjJpgAzu6GC5dzBS8gu4tLFhmdxMnBnhd6xRscu4Tkqtl6oy
+pIWdgiCJZfQ6ydUnzbOl6qgI0RNDrV8kg0FSINFbQ+aDUts3P3TVL+DM5locJiRd
+zCz3Cs4YcEYrKeHi3NT2tIouDE3+wNSa1LfGCdUm+tv47sS+7zBuQ32cZn6fPLH+
+9C8SFlE1dMqf+DaBbF+EssQuwotl4c335I9WfYO5//zgBHkc9kuft9B9yJ8BRiN6
+o2NJu6dkC3rENWpaKA7t28Kfq0KHkrz1QWmaQf/3UeHnjXoEBVRY8bnf
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: revoked1.example.org
- localKeyID: 62 09 23 AE C1 DA 20 CB E4 CB F7 7D 56 C2 EF B9 96 E4 60 8E
+ localKeyID: 16 B3 32 55 D8 A1 08 97 7C BC 6A 34 A8 E5 16 99 80 90 A9 65
subject=/CN=revoked1.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIBZjANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxMVoXDTM4MDEwMTEyMzQxMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
-ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKzAXVcUFIbXHd4434hL
-AMLBwWwJfq9081hOorKkcOvZJ1AosMWzWRgnMuC5srj4zkGiJq2iR2CL26A+/34u
-b6QQbVaTdtYz4xPNY760BECVOzpXKkD+8LYpZpZY6BU6LKHgdtwwWit2jiryLLhH
-RTGwGQpd5zmNvk6yAB4AKcaDAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
+MzQwMloXDTM3MTIwMTEyMzQwMlowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANQ5TGY6CeRUAIwm8yIr
+LUEgx8w4fgM8aoZJ7e3rm4nyNHbokZKUz/ixjsfTmvp2HP64GGhfi7s2tV+4m4oe
+uklEvxjc5beTOOF2kLPAD85ycizzUtA2zYPp00F52FwDHC17/5wGwXmQ43ULuguJ
+xlWLAAnhtTLvlt4kizHeI9JxAgMBAAGjgcAwgb0wDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHwYDVR0R
-BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAR4pF
-hRr+vuDmtx4Z1H4PQrMviAolUggT5fK6Xt/VWI42rhRyIAmk9+L72UpeOJPay9zH
-Y90WWTmVF3Z0ygtJoqxMa4+yCHP0X5YvoMxU0F69gwZ1VwMSH0eaqfy96keC51IH
-GGJhDQnSCvdaZkwHSr9x0NbjkScHEIYbGGjgFHI=
+BBgwFoIUcmV2b2tlZDEuZXhhbXBsZS5vcmcwDQYJKoZIhvcNAQELBQADgYEAAFxO
+ibdqx4Poxsp/s48C8LnzVoudTMFqszwDTaUdiOQppBL9PMEgQKo2Ai/stxGfSl/s
+/QcBVjXt6fhGs6jojVWMuDbAmLGa8JUjSK9zwcvHvHef0lIw30nwI7OXK6pV1Nnk
+ShW5r683Zm3fWBPk/meEDUNuKH4fVC5hcbJPulQ=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCswF1XFBSG1x3eON+ISwDCwcFsCX6vdPNYTqKypHDr2SdQKLDF
-s1kYJzLgubK4+M5Boiatokdgi9ugPv9+Lm+kEG1Wk3bWM+MTzWO+tARAlTs6VypA
-/vC2KWaWWOgVOiyh4HbcMFordo4q8iy4R0UxsBkKXec5jb5OsgAeACnGgwIDAQAB
-AoGAOr/w/nxFvtXJwpl069UWHSXnseZIv0L2v0F+82IZRRxE0m4EMDgeRKiQFP0S
-WvXCr2+F1+cofx0RRB4opbEFJic+kXq+B1JHjzODN5A0hUyMxmn6mvVQ6WmKzL81
-nhZKXq2Y0KWHG4gpUwIXAfcXIx9NGauwj7jO3VtT6InjKYECQQDiunzwfC0D2lHm
-V/8o1BQ7ej8ITwo9wCxwMRqefCk5EEtmIAMp5OU+GEi9Bev89BhEJZCh+usZQG7V
-OrAso39FAkEAww3nIQ4eEM4dqdIZXvFxQRqhXS3bPC7mCvDc1KykYPHUFtSSG1HL
-GVi3/edZRLLvQ1WCRUUffArxklPPntSHJwJAJtAL4VMwlY9DI+5+dKvRhtkHf1Gg
-jC+gq9gMGYNhvy4F6kaipAJWKAoaMZmY62WR3eCcYM5Gfr0j/Aae8BVRDQJAIZV/
-Oj3IB3S1vsuh+qrvqRoAtp5ypQYeLbwTCbtAAkEhF106WuHWamLQKzNuN1nnwFw0
-teCU7zKjLWKo2NwW+QJAIAu5TSZI53Tfn/hRBqvIbgOUIkisPkOQUikCSj8/OGNc
-JT/EdpMGPF62VtSPPJnCe4q2+r2tUfmuWGNJvvzI5g==
+MIICXAIBAAKBgQDUOUxmOgnkVACMJvMiKy1BIMfMOH4DPGqGSe3t65uJ8jR26JGS
+lM/4sY7H05r6dhz+uBhoX4u7NrVfuJuKHrpJRL8Y3OW3kzjhdpCzwA/OcnIs81LQ
+Ns2D6dNBedhcAxwte/+cBsF5kON1C7oLicZViwAJ4bUy75beJIsx3iPScQIDAQAB
+AoGAB7cGssYsHHhHIKaHVZqyeCuaBnpsw/nEU8Stq7snkhKYyz795hwMZJmcK6Ht
+ixVJYqNRuX9KB/36MWRCMkRBncM5AwgX/BOX29xSXtDW0F1A/5iao2mPiZBu/fOB
+XVouF9w/XJsIy+QmL+exux+0IF5gAezgGopMQ/5yyu6D/AkCQQDtV5AUoav7rk8S
+1xtk8L4mZGh5QWJCeEQsN7Xp1zde8QCTFd2hfvzHkncDPDWL9+m+NL46X2xeeD1C
+aNRDf0q5AkEA5Og9LtO3nB1ti6HMMms9HX4X5v6p96bJhQl5/EXyFbO6rJBXbWe+
+2AmwBbXFU1Me/na1G6c7vY75WNsY96EJeQJATNG2lLbvT3rPpS1ydG1nXk3JctWy
+1AjRJ+6wNouuJFCk+vZs0cSkVIQXeTiXrEIFqcawe3w/OyR3z3LWoTImIQJBAKfT
+QXBAl0BlLviNwnlAuIkT9pBMK+8/IEZioUX9PjT9FaMJHKBAzOH1kFFPaIHj0jh8
+beH9ZUZgOZ4U3KRJM/kCQEVAgKgZaulkv8IxPoTLuaimonyJPI0Ku8P5jzxuAdHw
+1sHXicVddvjPJtJ09ptt58X5qVbkrXX7IHxtcSZTSXM=
-----END RSA PRIVATE KEY-----
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci
-UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy
-KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB
-mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq
-DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO
-gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy
-e/xewJdeLc+y5zuobX05I7rP
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l
+yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk
+esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd
+FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB
+uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9
+tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5
+U9+lNhpF9AUWEAAo3FqHgShh
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked2.example.org
- localKeyID: A8 C5 3E ED 81 EA 3F C1 29 F3 99 8B 80 DE 3E 49 33 2A 01 BA
+ localKeyID: 6A 36 1A 58 1C FF A8 9F 66 D1 B4 67 09 EB 27 63 A2 71 2E E8
subject=/CN=revoked2.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MTRaFw0zODAxMDExMjM0MTRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
-bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWREymQBM1gpiZ6S4o
-NXLaz/Ib3aV0rYWemC20Fwmrm94vJogfLKO9tCEdZzpGOxhe9Y96qwoCIMj0Ygh8
-edEWGq0g5Ke0985W9vH58tHjSIUtRWeCFqsBLQjWS4Vd4qliUMnQiwn5vRjbZrG0
-j/VJnogI+YnXAItuWWerohQ84QIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDNaFw0zNzEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh98fCkIQKwpKyfg2o
+fEYF9ZV7Lo9dQWnHtumygfIipzVtMzEEvQ0UKOwvaUdKqT81IrmEokjBo/phHjMN
+iQxunhO4i//CNk0qImDrR3/alvxMO1lquWB/l8kDOx9PjR8ntGb8vWB29GbMDpj9
+BLyMkg0EOZZHo46VW5J3EFA21wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMB8GA1Ud
-EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBACF2
-0KANuezWEJ42ouOza31RHJEAt1KG4Bg4s6sGjUV4mV87sdob5cdUTZOJFMZK/QmJ
-q4s6PtYTh3fGqg07T6C8k0zrmN30KPGlpdhPZjOqXzZXu56yYMgHZC6D85udK+vh
-zgDbkg4/4chZBdOsM+ErMDJNZulK3vsYbTVvviDm
+EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAET9
+V8w/BEUzYzeBZlFLAsgfTQxc4OxqWfJDCfEA/fJ7TrTpBPRkqV3ndx4ML4TkP6qt
+dtAe6FMV2ZFhqe4X2uvHPXTcO44Zz3cLR7S1ykJcEK3S6w6cmjgOAIBwsSW1enrX
+G42IbhOW5XVRrASQSA4ylHbGvEsoz5yfnCTzaNfs
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw\r
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z\r
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2\r
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR\r
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ\r
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6\r
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns\r
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV\r
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi\r
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ\r
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk\r
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: revoked2.example.org
- localKeyID: A8 C5 3E ED 81 EA 3F C1 29 F3 99 8B 80 DE 3E 49 33 2A 01 BA
+ localKeyID: 6A 36 1A 58 1C FF A8 9F 66 D1 B4 67 09 EB 27 63 A2 71 2E E8
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIOqUsEZxApfECAggA
-MBQGCCqGSIb3DQMHBAiS2tvMTVDiQQSCAoAteyeon9iTmTlqZqspp3GLMUDreM9W
-2C0RZdAZJTr+joPK7yIKZe7lEEBL4ednib7l3Jz3ogSyAyuBiZTU4NBpDlxLYgnT
-0PLncSe2z+Lw29+oNYcD5EMrjFpyQnlZa01kv2B5QK+HTkusCUbkBIkpb4yxCXrb
-3ra0eB4me73+I9URPQHOlcDxKDAo0QZQIAgp5OfE2G8UeWu5Wnc+Fj6OsakhfloI
-s2ujZQFWlc7b57BeL/i4bKaJEkNcQqZjp72Rh0NAZRLEjs/WawBQpbB3Uqxg/vID
-4YeTmPh5tHwWiyEUBeXVilGEF9i6Dn9TILHVjsgHHM5CUe0EA+JPfzsyj8MZYsfK
-VJ1l9ZYx9r4eJPg3mHc+DzWGmK58mav2FeTGHaFW1gxmR38n4T5rIUXgnX6dzJS8
-caGS4Yt8EvGyUOmvelTv0LaVHwav28fAEzQ+rO9ofGDBpcpbAHZuFjnYrb/YuoWa
-FND9XQFVCUWi/rasadg0sTlR8k/6/BcMuGheUlyc/LEOVsD8nRO7109sIAjzlXOQ
-ejf6uzVEkOtr7EC0TYyFPudFewOvjzdPgR+TMIG+7mwaCt5XKZuaJhGCaL+rReyQ
-HNTvBId2NmBLX6atcg2AAP4KFkPvBXpqK3cFvFTagA8q9lA3qYGIRehxu9e5NQeq
-oI5WfniiFunZ8I4Qjj4wTDnJtyRkkxXt3ng8uuqBpXmQjFcDbupoqD9V6MZciJIb
-pgf+H2oUSuz+QaJW003SbxrnCcYp69rVfkZBs68ob+hU4GkhOKFvNdJEqhfNEr6Y
-3gKjomLAUXQMK6CrEQm+uTaDXVjb64ANPp67DJaMmY9IM4pkszdL+Ci/
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIGHbR7WtopmoCAggA
+MBQGCCqGSIb3DQMHBAh0zlUUYCw0mQSCAoAfAQ9wwJjxeHg8cun5HROWb8uU0e1x
+8i70wELecOA0U34te0Ng3n9sjsGj/YHSiGJIHws9zO3pA9mGW5o9QpqV97MVA9ix
+E8JDU+4aI120s02p8y2PW9WUARJUKudp31TOxITv28HuXdsE3XPkevHqAD1TotUV
+nyVTib5efhqDkBMv1t7tPhPd6fwoxttgR6HL1tzEg48kb6pFAjp2Wijf3m5kt6DE
+xOoujA3b50aSkpkdlpDDoD+4QoPYs33KUuQ7ScFvXI5+u70DC30NBqqkghOrwTnM
+TK+5ralTXuWEn72PZPAAlvFFORyVySAbM5lMIwBukeUD1DwWKztVspg+3m9yd/2+
+4F4LcQiRnK61k0UBico+NxOzu8Nty0foRLXVQOmjGVMV40FLxTqV8zDAT3dxysij
+Mhy0lKWq7PIwUYUfue/MLe6bs48kK2tm5oEjhdR/j8JHi2dWje4iH3KyYqZzEtTH
+X8ezmSsIkx2w2CGTt4K5kFZv19kGEavzZ9JfG0PMnV90KGI1MvJvcQ1o/Mb0mQdq
+ZkzF9gAoLwGqMImDFXx7byaxGYcAdAFK6ZpmEE/+lFAVMo4/8z/i87xpEdPGtWbQ
+f7npJ80oK6G0nog+HOmY58n8iIf/2/oRrCuC+OMcl8/slA7/JwkXfaUQaiZyUvMf
+Csja31m7nL/OOmvsPUwlxlDRKP55egEmy5qCyJWKzfEPBK7CbzPbvGuTmfF5aGEq
+B/eLlr42JJV2vAAc3XnSCOwp5zyaZyKlTsnI5A+ywK6FAj/bQ2xe+tj6SeAD9k28
+Gt8cwWVyKGXsAv1JTXPzv1uzQPORU4pDqA4gZAKC4S0E1Q1VN8O9tMw3
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: revoked2.example.org
- localKeyID: A8 C5 3E ED 81 EA 3F C1 29 F3 99 8B 80 DE 3E 49 33 2A 01 BA
+ localKeyID: 6A 36 1A 58 1C FF A8 9F 66 D1 B4 67 09 EB 27 63 A2 71 2E E8
subject=/CN=revoked2.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICijCCAfOgAwIBAgICAMowDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MTRaFw0zODAxMDExMjM0MTRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
-bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWREymQBM1gpiZ6S4o
-NXLaz/Ib3aV0rYWemC20Fwmrm94vJogfLKO9tCEdZzpGOxhe9Y96qwoCIMj0Ygh8
-edEWGq0g5Ke0985W9vH58tHjSIUtRWeCFqsBLQjWS4Vd4qliUMnQiwn5vRjbZrG0
-j/VJnogI+YnXAItuWWerohQ84QIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
+MjM0MDNaFw0zNzEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDh98fCkIQKwpKyfg2o
+fEYF9ZV7Lo9dQWnHtumygfIipzVtMzEEvQ0UKOwvaUdKqT81IrmEokjBo/phHjMN
+iQxunhO4i//CNk0qImDrR3/alvxMO1lquWB/l8kDOx9PjR8ntGb8vWB29GbMDpj9
+BLyMkg0EOZZHo46VW5J3EFA21wIDAQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMB8GA1Ud
-EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBACF2
-0KANuezWEJ42ouOza31RHJEAt1KG4Bg4s6sGjUV4mV87sdob5cdUTZOJFMZK/QmJ
-q4s6PtYTh3fGqg07T6C8k0zrmN30KPGlpdhPZjOqXzZXu56yYMgHZC6D85udK+vh
-zgDbkg4/4chZBdOsM+ErMDJNZulK3vsYbTVvviDm
+EQQYMBaCFHJldm9rZWQyLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAET9
+V8w/BEUzYzeBZlFLAsgfTQxc4OxqWfJDCfEA/fJ7TrTpBPRkqV3ndx4ML4TkP6qt
+dtAe6FMV2ZFhqe4X2uvHPXTcO44Zz3cLR7S1ykJcEK3S6w6cmjgOAIBwsSW1enrX
+G42IbhOW5XVRrASQSA4ylHbGvEsoz5yfnCTzaNfs
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDWREymQBM1gpiZ6S4oNXLaz/Ib3aV0rYWemC20Fwmrm94vJogf
-LKO9tCEdZzpGOxhe9Y96qwoCIMj0Ygh8edEWGq0g5Ke0985W9vH58tHjSIUtRWeC
-FqsBLQjWS4Vd4qliUMnQiwn5vRjbZrG0j/VJnogI+YnXAItuWWerohQ84QIDAQAB
-AoGASAqQxvkWPFCbpGwdY9GMu3tdSPc+ETviiE9cVofEbZmrm6jV7b1hlIAC/lLd
-6g0mhY8E3dayN8L0Lg7kEY4XuTwdGD9pfRLsoPQzWcmr0gw5p/36CcZQIP+Pt1vV
-stExLwGNLOybPlmHN57dHN7mmx7M+6QFG6/F/VxxEp8Sy/0CQQD4YnwDMTJV8NIZ
-lZzDItcrmd5984nO5+nUJeCVCQgPw4I1uZiY0E/Cx6kcdwxD45eEBa37E/xRMIFg
-RvX4A/+jAkEA3NYH/KnYE7ZeP7PeubJ3W2pJ5GqBEK7Nge+T6DieYPYdapXsVu1V
-wy8JxA6s2egCsSsubYHKCbYQ/sTemqFJqwJASfsLdOfyViakbXpidryp2hK6cklX
-gokQ3F9rxPgrroZNAjOFf/6Lwzg05oWO4amoN2p5p48MWCJaZpK8MGMAgQJBAJso
-jggJ1VVURrf/SreyGoZSEYS5B+GOz7lBeOwqC60YfuaKW7lfm2g9vmDP5sZbarjM
-HBy4mhlkoGBANh7yv20CQCqx6S5HWBL3pq9SIvIRsB+WkwW2n30+qrTu723eeT1/
-NvDlRNEI5NxCrCyaokKgXZU7sRTP0JgcZoczHY5gyZ8=
+MIICXQIBAAKBgQDh98fCkIQKwpKyfg2ofEYF9ZV7Lo9dQWnHtumygfIipzVtMzEE
+vQ0UKOwvaUdKqT81IrmEokjBo/phHjMNiQxunhO4i//CNk0qImDrR3/alvxMO1lq
+uWB/l8kDOx9PjR8ntGb8vWB29GbMDpj9BLyMkg0EOZZHo46VW5J3EFA21wIDAQAB
+AoGAGDk5M1zNot+n3TWRHkIwOXxRqXJc0Qjtn4i2tbmjbN6S5iFqPFFN4R7f7tcw
+2sqY6YfO7m59MTD0asvTejx6Vf+4Ff/GGMXMTw2SNyQwk0U6bYJLuz6MqhHAd4N0
+BDntsPAvmPi4io8oenbodx0SJlAE4yPWIt/SJX2BawA9To0CQQD/c4cmjYP/ic9Z
+VFrrZpKKrRJXoBtw7hdhpd5oi9gIlOIZ1H2iJKK44qbnHTOm8b6J/OG4Z+Zdqu8L
+JI0dg3dVAkEA4nQKHtfCb37DpF0fQe2JymcjtV126wV8zWlCqzP0W9Kphe2tt9QY
+mjgOgwB6LwzMrVd1LQQVz18lssMyyJxdewJAM+lAP79mYZmZv2d7CndPtEqzfYcV
+zH811Swl5Ez229eVkvYxia+0OaoljLXMd1KNC/GN1TGYCNThuvv0iVjb+QJBAJiu
+emBfQuZfxtMcQkX2PXAtaEMRWGuPkJ0CeoPqDLiYado17WnDZC8e2pHzEW6Fp767
+9/I5Ded6lHVZ7PSbkN8CQQCZrZqk4elkEUH6mjnENehBxLYod03U01Ghyg/HH/e2
+on2c+26Cjj9Qd81SDU5Hy5yInEm28Htz5//R1wX7QVLK
-----END RSA PRIVATE KEY-----
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci
-UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy
-KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB
-mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq
-DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO
-gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy
-e/xewJdeLc+y5zuobX05I7rP
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l
+yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk
+esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd
+FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB
+uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9
+tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5
+U9+lNhpF9AUWEAAo3FqHgShh
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server1.example.org
- localKeyID: 2A 6F DA 4F 4A 79 1E 96 98 93 94 B5 B3 DD 7E 3F BA E9 B7 DE
+ localKeyID: 31 14 69 34 8C 81 EC 6D 46 82 02 96 40 E3 D7 65 60 72 C1 47
subject=/CN=server1.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxMFoXDTM4MDEwMTEyMzQxMFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
-Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqR50t7jEnAr98WjQzvsb
-N9SIcPLriSJVaOXOTrPC8fuaBbt8FDcGP/Gc8U/DwbbvcXLHIWd4Vk040M0cZIqp
-yIWz7hNM2qYaKlIKDEpn+h1RfGyClWoC2K/Nzh9hgWylzP21bTwLlb3IoGhIlUFq
-A1KEWXdK9NJOBdybDmBJucMCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
+MzQwMloXDTM3MTIwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtz5/dxB0WGrlSPBl2obN
+4UL+JhCslJJbTnd4oYpQNG7gsmPSaxf3W3+i1QA0ugfvdUP7zEOlU+H6YaoUIrPG
+/S0h6cGkwW1Z68HDvYRzUIdiVFJfIUuSKMckQHv1lkiX2GXOHfAE6VJM4iaTgeVW
+r//JrJ6qtVNen4aipdR0ChsCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMHAGA1Ud
-EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5vcmeCE3NlcnZl
-cjEuZXhhbXBsZS5vcmeCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx
-LmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAEn/U765e9k8EEQAkeEXyk4/
-oFdOUW0CwpZi0NEJwyeC0zBbUk32ZXfzNLI0lnol/HBuL2J/K7tn9UATrH5x1OUk
-cUEYmnyzXO3SnFP4O43/BAvZ502AdZScafLbfAiGabdw9ILE/X+p7mP+PzBvcOre
-nlli+ow6thH+fYgpjRFU
+EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm9yZ4IiYWx0ZXJu
+YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLm9yZ4ITc2VydmVyMS5leGFtcGxlLm9y
+Z4IJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAFIri9zSly2pxUJqdgI+KGeQ
+Gu1Ipo7uN7psbST9aZf+BlJ/6vcebmYs8BR9kIwBwwDZ9nmUV8cX8iZOr7CrBQ/F
+IiAUrTzUEcFgiwGjTyG8m9QF/RJnHrehjCwTwhpF04SN/qpIPUl2l4+b9trTRexB
+7RhKtFMpHNW3cm2hITZf
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Signing Cert
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci
-UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy
-KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB
-mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq
-DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO
-gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy
-e/xewJdeLc+y5zuobX05I7rP
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l
+yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk
+esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd
+FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB
+uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9
+tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5
+U9+lNhpF9AUWEAAo3FqHgShh
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server1.example.org
- localKeyID: 2A 6F DA 4F 4A 79 1E 96 98 93 94 B5 B3 DD 7E 3F BA E9 B7 DE
+ localKeyID: 31 14 69 34 8C 81 EC 6D 46 82 02 96 40 E3 D7 65 60 72 C1 47
subject=/CN=server1.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxMFoXDTM4MDEwMTEyMzQxMFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
-Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqR50t7jEnAr98WjQzvsb
-N9SIcPLriSJVaOXOTrPC8fuaBbt8FDcGP/Gc8U/DwbbvcXLHIWd4Vk040M0cZIqp
-yIWz7hNM2qYaKlIKDEpn+h1RfGyClWoC2K/Nzh9hgWylzP21bTwLlb3IoGhIlUFq
-A1KEWXdK9NJOBdybDmBJucMCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
+MzQwMloXDTM3MTIwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtz5/dxB0WGrlSPBl2obN
+4UL+JhCslJJbTnd4oYpQNG7gsmPSaxf3W3+i1QA0ugfvdUP7zEOlU+H6YaoUIrPG
+/S0h6cGkwW1Z68HDvYRzUIdiVFJfIUuSKMckQHv1lkiX2GXOHfAE6VJM4iaTgeVW
+r//JrJ6qtVNen4aipdR0ChsCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMHAGA1Ud
-EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5vcmeCE3NlcnZl
-cjEuZXhhbXBsZS5vcmeCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx
-LmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAEn/U765e9k8EEQAkeEXyk4/
-oFdOUW0CwpZi0NEJwyeC0zBbUk32ZXfzNLI0lnol/HBuL2J/K7tn9UATrH5x1OUk
-cUEYmnyzXO3SnFP4O43/BAvZ502AdZScafLbfAiGabdw9ILE/X+p7mP+PzBvcOre
-nlli+ow6thH+fYgpjRFU
+EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm9yZ4IiYWx0ZXJu
+YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLm9yZ4ITc2VydmVyMS5leGFtcGxlLm9y
+Z4IJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAFIri9zSly2pxUJqdgI+KGeQ
+Gu1Ipo7uN7psbST9aZf+BlJ/6vcebmYs8BR9kIwBwwDZ9nmUV8cX8iZOr7CrBQ/F
+IiAUrTzUEcFgiwGjTyG8m9QF/RJnHrehjCwTwhpF04SN/qpIPUl2l4+b9trTRexB
+7RhKtFMpHNW3cm2hITZf
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw\r
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z\r
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2\r
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR\r
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ\r
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6\r
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns\r
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV\r
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi\r
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ\r
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk\r
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server1.example.org
- localKeyID: 2A 6F DA 4F 4A 79 1E 96 98 93 94 B5 B3 DD 7E 3F BA E9 B7 DE
+ localKeyID: 31 14 69 34 8C 81 EC 6D 46 82 02 96 40 E3 D7 65 60 72 C1 47
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIiQi2yo4iWpUCAggA
-MBQGCCqGSIb3DQMHBAhU5AKV9mRkdgSCAoCir+zzDqSL5hmUS/4WmPoRsVYB/w27
-mCi9x5+2gPSzNk4zOoMjArwEjDKtdc970fRkxglesl7pj9JLVfrnuAP/F4r91q/W
-TTraltXGK87/2a3YEVcgPQlzleEeeOWKQAePbK/uRzCmKgItyRQJ2Dr189opE3HH
-OwKr3hfRvZvHxzrPMmIVeeG7xRDJRkyVXNOoni+jmZOROElvXnJ/+gHhZZYiQfkn
-tuXGTxOTGC1AmMcu5PK69B7S079SwX7MLZQ6W7AJpl3rrsPlEg8LfxCc3uT5rqfv
-1PNtjUr0VlVPx+K6gI3Fxr3WX+hLlPI2lBYBmOKDbFL5lfXoSGA08aaC3vdO0cQA
-L+4w7fHyn19if7JZ6ucoXn+9OM50PsGKB0TlOgvKH2u0z4p1/nfK5e2849BMBKVs
-uNuhTlxPkXh7qNCEfhprFQY0AB0P0OKk2CfKoucAVYD0zHjwaxMtEH/vP0oWvk5t
-B6iiT9WXzggXiRQyvSd6LQB1sqgzGMKTdtwWHZ4lO+jtwqPgr0NeQCnszD/sD/1x
-qNLSNAZBVH+2NL319j2itogoe3k76NQ8QbNPfEcKVEsfrT6IByho9tV759RRsFze
-+ufN1Fkkms8xMkl0L/CLAgHvoYuFjCyjVDRJ1IdrIhjT9Rjbgpq5Kbhlwkk0oUVd
-4A+irv61PdguBo7vVFRVSRE35cJxrcG9Z4WB74OIG6tcYomq2PStJ1IOe/WJI6VZ
-g/3iOQms11qN4uZ0kZsDo3qN8qaPkvc8inQXOV0T5l2Fzr/kc+trRIaFQSsQBYhA
-vW9SZwSD9iPBO0xIkxgdvVL7op4y8qCIY4dpU5bpxinND/tlSh+F66uO
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI0KA9siaIVP8CAggA
+MBQGCCqGSIb3DQMHBAg6Gg3j5UDUbQSCAoDUEoPxBLNYMXBTA+6k8MdrSurwRYSS
+VcYEV6au+lbp27F8VBgiBk0eQEo6AAAYsV2qyucZ+r4TfMuWgF3kHMqUqesTDePB
+0p2WNSB8Fy6/9vjwzhDwzKGNi8kksnUNmEgqZKEEn01H+TT1F3a0o7//teDJnNCg
+5avTCnnNkcXzZcKaMKQRos1cg1QIBdgrLdFIVzvAa+2Osd5v3UWI7lSSJT5sA9Od
+sU2bPYTDSQx2iK8+fMVCsGvUeTxae5DATYvo17ypBZEMW5eoUG+aHerueOtihdMU
+vvq0pPmP1dcKVSWxBYVepc/IMeoM7axyA+JJATTK7asBbnB4Biq813p/vKpRCqLF
+dAgMTeces6Kax/rxMIUJ+LbEPDY9umooJbwMxREz1tyrvc7gOoIPNss/9LdiFtzY
+lrKlL/gt1Xfp1NAHHtmD5znzpzJVXDaw7U8jWuy9ADb29LpOAaffdZy24hpCa/My
+qzJz4qhGtjXKvzXfqhy+ZMu91e+rRO1kqe7AVY58B7yvmm9kQBZeAaQOknjdWyS4
+ofylo2DpeIRgkt2zvt1KBEDXJMI/dZfbL52EoCdFGZ7mLSDsOh9A8/tMg1TZBUaZ
+BTo6igkcjeKXYd+poCD3pSftFvOz2APKJqxH/I74/jtf1g2l5TJa/mTxRllPSWRF
+embdxZetofkZ2w5HvRAt8xa8ePckd8dOqcOsQ2ZVHabyAylH0fara8mdzaD4NvWE
+meWtSdv5jkYa9MSqiQvgDGBAeBIRwi98vJcbdcTjdEkgWRNfEKDeEXj/TRd6KLp4
+RooJAzlvtUa7XrwYvvmJr1YYhkVUN/ZLe71Z8tsYzIVhEgux8Lm4P4wA
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: server1.example.org
- localKeyID: 2A 6F DA 4F 4A 79 1E 96 98 93 94 B5 B3 DD 7E 3F BA E9 B7 DE
+ localKeyID: 31 14 69 34 8C 81 EC 6D 46 82 02 96 40 E3 D7 65 60 72 C1 47
subject=/CN=server1.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIIC2zCCAkSgAwIBAgIBZTANBgkqhkiG9w0BAQsFADAzMRQwEgYDVQQKEwtleGFt
cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
-MzQxMFoXDTM4MDEwMTEyMzQxMFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
-Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqR50t7jEnAr98WjQzvsb
-N9SIcPLriSJVaOXOTrPC8fuaBbt8FDcGP/Gc8U/DwbbvcXLHIWd4Vk040M0cZIqp
-yIWz7hNM2qYaKlIKDEpn+h1RfGyClWoC2K/Nzh9hgWylzP21bTwLlb3IoGhIlUFq
-A1KEWXdK9NJOBdybDmBJucMCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
+MzQwMloXDTM3MTIwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtz5/dxB0WGrlSPBl2obN
+4UL+JhCslJJbTnd4oYpQNG7gsmPSaxf3W3+i1QA0ugfvdUP7zEOlU+H6YaoUIrPG
+/S0h6cGkwW1Z68HDvYRzUIdiVFJfIUuSKMckQHv1lkiX2GXOHfAE6VJM4iaTgeVW
+r//JrJ6qtVNen4aipdR0ChsCAwEAAaOCARIwggEOMA4GA1UdDwEB/wQEAwIE8DAg
BgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWg
I4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEB
BCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29zY3AuZXhhbXBsZS5vcmcvMHAGA1Ud
-EQRpMGeCImFsdGVybmF0ZW5hbWUyLnNlcnZlcjEuZXhhbXBsZS5vcmeCE3NlcnZl
-cjEuZXhhbXBsZS5vcmeCCSoudGVzdC5leIIhYWx0ZXJuYXRlbmFtZS5zZXJ2ZXIx
-LmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4GBAEn/U765e9k8EEQAkeEXyk4/
-oFdOUW0CwpZi0NEJwyeC0zBbUk32ZXfzNLI0lnol/HBuL2J/K7tn9UATrH5x1OUk
-cUEYmnyzXO3SnFP4O43/BAvZ502AdZScafLbfAiGabdw9ILE/X+p7mP+PzBvcOre
-nlli+ow6thH+fYgpjRFU
+EQRpMGeCIWFsdGVybmF0ZW5hbWUuc2VydmVyMS5leGFtcGxlLm9yZ4IiYWx0ZXJu
+YXRlbmFtZTIuc2VydmVyMS5leGFtcGxlLm9yZ4ITc2VydmVyMS5leGFtcGxlLm9y
+Z4IJKi50ZXN0LmV4MA0GCSqGSIb3DQEBCwUAA4GBAFIri9zSly2pxUJqdgI+KGeQ
+Gu1Ipo7uN7psbST9aZf+BlJ/6vcebmYs8BR9kIwBwwDZ9nmUV8cX8iZOr7CrBQ/F
+IiAUrTzUEcFgiwGjTyG8m9QF/RJnHrehjCwTwhpF04SN/qpIPUl2l4+b9trTRexB
+7RhKtFMpHNW3cm2hITZf
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCpHnS3uMScCv3xaNDO+xs31Ihw8uuJIlVo5c5Os8Lx+5oFu3wU
-NwY/8ZzxT8PBtu9xcschZ3hWTTjQzRxkiqnIhbPuE0zaphoqUgoMSmf6HVF8bIKV
-agLYr83OH2GBbKXM/bVtPAuVvcigaEiVQWoDUoRZd0r00k4F3JsOYEm5wwIDAQAB
-AoGANwfbiAr+Ix6qinsGc0ufjDfC3CoXvaxn6XXZ/58cANzTvijHU9ah2H3ZCWbg
-trC90oc8R+Dg9ggzxDHyGr9KRpewk9CDAEgkKASCHogALyTl85fGf0XBjgfa4ys0
-LCWpjLDHySNx+wTln5DI4MU2OpShbgfvBY5hNRnGXebj9F0CQQDa40lMSbUX65gl
-s9sar/S2ExOVZCpcYaR/38H5Bti8HzvGEMGjx1AaOTW0v/hjXRadovbDC9vgtSsU
-uXINuvSNAkEAxcr6P2mnoin7v/7Jne9JpDBjdB+WiUJY+1h10tLIaD0eu71yx/oO
-Icp1/6FY4RyTKtj8jeE3kvy4MkCzkOFbjwJALntHjHC2iR7Zj2ATLiahY6zHYtkD
-edyuTw1YJqbCjahgTB4w0LO5mef+NKTzfT4+WDlMB31UMvKl9F+xDaNe3QJASMxJ
-SLehXD0pjGPBXyCoMQciQ6YwqLpDt9a6Hus3ma4NNrommdW+B8/VmE2RQeFbhSSx
-56Jh6vaa8NwBeyyGnwJAV403J4IfFKu1jwH/bi4zoQI5F9M7zKXyxz+z85UJIHIR
-7S7T3vbMa8aWMGdOkxN/44+EYHKZigDgN0fngTRuKw==
+MIICWwIBAAKBgQC3Pn93EHRYauVI8GXahs3hQv4mEKyUkltOd3ihilA0buCyY9Jr
+F/dbf6LVADS6B+91Q/vMQ6VT4fphqhQis8b9LSHpwaTBbVnrwcO9hHNQh2JUUl8h
+S5IoxyRAe/WWSJfYZc4d8ATpUkziJpOB5Vav/8msnqq1U16fhqKl1HQKGwIDAQAB
+AoGAEgIF08Udsey7YKojUFDsHaWQRVxhIW6qo3DxPWrSy/xTf6R4ssaVq/vEnEsb
+Y2bRPQRz09SYBEDSctOci/Z/6QntdIeuh+07EOQnjZpKHn60uat/cWUMvj53texv
+YKjsNGdavZHWlS7unI7dQBlCt6BzYX0WOHSmx4CQcBADQ1UCQQDjpVE0IIiXpRAo
+C2b8Wq0dBO1L6Y8lHQ5bkqbMteX4/PfIK7JjKfmdl0sU+scxlHzXEpfD/8qZudx5
+I+JpGJb3AkEAzhFlXwc6iJhBAon7J/nDKV4LGRjISbV207YnQ0espGTTjlhubckl
+5v/SHbUmo4I/wKxaDrrVn7LJenK266Ho/QJAE2HkBBgxCRhYw9AUuK/PxYTB35DH
+S1Wp/0oBQbTLG+QOBNETozXTtwNGtUaU5zfJWVaP7XQ9/9C/YOEZSfF6CQJATuWS
+LmQSISJKIbK6mn+iHUCIdz9pz+7OZBilx7i1fOutpB5viVEuVdc0l3M4K/o+doKG
+qIUYLWDCi0NIjccb8QJAJJcst+8d9yW6IX6/KeMJ2C1NConB6mtrjRbxHsGG1ViE
+jwEHoX0bhn5EhNZOpxOYVMdQTg7PoNGBCPh1BQ4nzQ==
-----END RSA PRIVATE KEY-----
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: Certificate Authority
issuer=/O=example.org/CN=clica CA
-----BEGIN CERTIFICATE-----
MIIB7jCCAVegAwIBAgIBATANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw
-MTAxMTIzNDA5WjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
-Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL7g6InDJBOPnTmNseci
-UYVZtfokI9WjOsisA4jt9BQMkdmACXfgO2LSF4n1qKv3dgZh+RsWnCQScft4PDfy
-KLvKy5HUrKJOhGrjEdOY4kfe8yzvPnvLFnVvoT+7oecYhb20onX4cwrYbDse0prB
-mUdzxCZ4lvb+Ohbevfq+TUR7AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
-DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAIhvpc4aqmpWysW6pinq
-DwULNiL96lcNaZ8tZXfdHGgbzfgYir+sbKObg+wOHObkRmEY/FcIF9sbwJuetOiO
-gMTEQwB13J6VurRcfTygrqHe0F0bC/Zq/AJ/BEbdVhtQ5H68G7qMBZw2aVpflZBy
-e/xewJdeLc+y5zuobX05I7rP
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKKaWSv0duLwJQQ6t18l
+yWSGmELgaflSPTidcPii6YYskJAQjnHH13P63PUwXj68knq9JdgeXwZLWszq04Uk
+esjSLJ/e9eIE+Uk9Y2zaes0vTiOIMnYe9u4S6VUNYBO6S+zX89+CHBicNr9tnEEd
+FAw56VTBKtMDA2oPWi5BQ+8/AgMBAAGjJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQEw
+DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4GBAKGed/hvquJ9QctYRyCB
+uIYN1ogbfRj2bSYvKMrSvuW8bVyYAR0C8jj8LA9IEK33EZKBz+D0RHV7s13Cnom9
+tHjIX1ncfl5vPR/Hus0ZKqwauvSauo7hkWRO7isuUzmNBp7YjgLSPr2QYptlpBS5
+U9+lNhpF9AUWEAAo3FqHgShh
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server2.example.org
- localKeyID: BF 37 DA C8 19 97 0F 16 A1 F8 90 02 DB 17 CB C7 89 33 D1 E2
+ localKeyID: E2 38 5B 24 CB CF B7 53 1B 69 87 7A EF 67 67 6C 88 CD 28 0E
subject=/CN=server2.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MTNaFw0zODAxMDExMjM0MTNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
-ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALsNJFJOkDN3pjWXSiId
-781OhAJ8Tev7iHxPqT/CBjvBbBqBYnAk5q2VzeBBdrD9g3s0uXTdv8KsJeKVU9cE
-2VzaAiTXT0EG/kLpxR/HimLHpS6VMHWe6V//nNOscwa1v3h+MVc45rDT9l0MDvIC
-OgzW8rM3xzhFhtk1zbSn5ieJAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
+MjM0MDNaFw0zNzEyMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPK/TJn4ZDN286XMhCLH
+ipnWbbNsFpqMotrAxdyA9thomMnYXU89uqPnQsyUyD5c7rUp+F2LWUGDPkd8v4q+
+EL3dUTRTnVY47ZMtVLz08nyucZTo/y+8ysaYDGmgioCQ8MME4C1lYe06bK33OYUe
+jYCM1DgDB/h04vkftlrQcOAbAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHgYDVR0R
-BBcwFYITc2VydmVyMi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOBgQB8tfPX
-PqGaV8+AkMX/qtqd745YYYE1tibX2LX6ok8OdLcjdM8mPRb3J/bJrifpJiVhYESY
-XKBruZZxh4Fzh9HgKHidkfCP3py2CfpycR1BQ8eellv6mNibdoEjSCAvCEVJAaez
-pmwN1VlAzO9qx6sH5xKMxCfV2uJDQNSYAwH4Bg==
+BBcwFYITc2VydmVyMi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOBgQCs5mI1
+W3xtz2hR/I2EWAAr415QJ43LRyzNQun0/b4k52BgubGDVAXKzkhes7RRNCW7+h6d
+wgJKFvBnHviThkmM00DGzSYJ2VCmHXsogJmWMl8zcEjOgC9E3LZKjp27dsjr4GlM
+jwf8XjoOCu3RUtdzuFOEmXviVYNbeiSlFsJSEQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICLDCCAZWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMRQwEgYDVQQKEwtleGFt\r
-cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDA5WhcNMzgw\r
-MTAxMTIzNDA5WjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
-Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7kJ8z\r
-PKQHHN92Q0kXeaXKVHU0sLjSrSSyOlj20dPGiK2l3h5563GezLckcglwXUVhZCo2\r
-Mk/5eq0s0KLWWPn99CUedkxhMs7DP8u3rWBwDtTcqLs05uvicfdo0Qpz9waAoxwR\r
-2IchwNJD2I6fXhIaj/GY34pjf7CZ+6QfnjltgwIDAQABo1owWDAOBgNVHQ8BAf8E\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI0peZ\r
+vtd+Oo8OMPy/EIlcNiVSJQ6zb5awuAcPjb5gUE3dZ1+7PiB4BlLhT1wbUJiqC3s6\r
+Uo2jzzNScWmwIbMTwckUIjS6Q+3khgZHWh2uBAX9j9OrMaJ6DjtyjWitDXMUcrns\r
+tvQs4TMoFkvBvH94gsYtnbTC5DCmKKLRkWwQhQIDAQABo1owWDAOBgNVHQ8BAf8E\r
BAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRw\r
Oi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwDQYJKoZIhvcNAQELBQADgYEA\r
-IQxQegBv96He97J15mtGvo/CjjVDtKVrSJgWOqoIz/UXveM2BvQ35RPHm+a4LYMV\r
-6+g6/n3ulW/zMLXUTzly9VnbVKEWOjbuz3cJhpiBXABkZ3n1Pp0SiXe+SYdGGVUi\r
-QtcQVMqGdnPfgC8ycxNff+mv9E+iauC/4guJKlFPmNc=
+eqMhcknWmbpCS7ail+FEhRpiLgZU05d7jdf3yQLu1EmMS/fdDvY8R8G17FDcCoLQ\r
+mSgIvn73UqTgmDgErGZgZ2LqcgioBo7fgxS2knxFKIi/WlKHpiqOkSYtqtacIUnk\r
+1NkPYWjBwP3bUYauHu7EcTTHO6iWd0doLrMJvGUtm9c=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: server2.example.org
- localKeyID: BF 37 DA C8 19 97 0F 16 A1 F8 90 02 DB 17 CB C7 89 33 D1 E2
+ localKeyID: E2 38 5B 24 CB CF B7 53 1B 69 87 7A EF 67 67 6C 88 CD 28 0E
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI3OJxMlFMPCICAggA
-MBQGCCqGSIb3DQMHBAjtwebzSkWpeQSCAoDs+GuspE8T6O+6y30iq0g0b57q0eNH
-oxAal4jHMOL1N7Kuxh1qSjkQUfCK+QQIiGEfyHA/kNzgs8lC0iHWOZ4OuaWzYrPP
-5cCVJYEfkGaT6DzfzHAkIcJv/3i5sfLdsHi9hTYKrj1cXEa2oEbLF9BVUhqPfM8+
-ius1tcNClNqfVFg6hcyr/iIQOkG+MwoLxYaX1vLOm42DQtQoPWFD4JrlsdDI1x0L
-TWpYTCv3twnFkiO037MhB0E6SSE9rDnwm5zFDY5/7gBK8lgm/qlK7IJre9pvzx38
-WI1QLViWKOtMXxLf49MDMBJMP0vk1TW5xhjuZ9dw9RvMrmv/9nQiSyjV4DA1QzVx
-qj16E0lCQe+JbJ91iiMAGVh91AS1mxlcHY09T3oZ8yUN758hOZCVQnpmZwEJybIc
-E0NxXE5dIj83aMPiIfOBLIPZG9h3VPUYDUCfWm2/7YIbZcCDgrNo+Jly2+E4AJ9b
-evgnXsIMd7Rf9+bzew+j7oObDdJ09Bp+gAGv9sRClcWuuQgdTLLkzJYG3ppq7AaH
-AnlquIfgCH+OaJOHFAhnFzq6viSmQjg2Q3SDbyyYeOorrS2r7zMqmG+ctnfjTF0/
-z3VjqOsoHj9WPA6aJTH7mcK5wB/QrFQhVAQTShOuJ2AkbIwb5pLf8PEH7ginnlFc
-ZUuRhl4oTsanIkUnisynG2MfnEcSwl2oYjWURque2qgVQEfFjvjxwPNl6ZUExrdP
-bymXsBnOh25Q9sQCFukZiZdEuxnMNnXZQL0ed4sJ8zSx7VS/IbR/20zID0BlraTJ
-i0po2h1IIotsBkcUU4/a6EA7jSpKLBiiIf0jk7J0hEWCRXiEY1QmxjVU
+MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIdTvmpL9IhJ8CAggA
+MBQGCCqGSIb3DQMHBAgW9kM3XgA1bASCAoB8x3/0XnKhZ+FysQyzoVMHHPf8834g
+pMx1U/2cIO+fvHH/3nQEiO/J5eOTbWdUoBKKujsGf7y+Y3fZ2jW5KRd4NAw708v0
+lCncRlEaTuQSAxMl/njeouj+VZPYth2KXewRMLwetvQN1r5ZnpE7DRdYvDggEzLA
+rAF2ss30BRpe1+pziIFxnBPaEZ8IaZmDBRLyhrVuvNRDQ0+9AzQGxX1AUchlTrNM
+1dtKZGgma/sV6RTKrHcsxswy9iY18bmsSOLlSf4Vmia8j5WUY48NyTqLYR1bm+2l
+MQxP2TrKw9DrnAcIFo13Xfz32bhYz7fCA6vheOxA7/j/n/Wab/0f1QCbVyGg6qj8
+Nle9bBQMyo/4A9jXKPJq9Ja3XpLBwuaPd4kNG/nC5qmpxYAkiJY2yoaF+eWUb/Bd
+VnaKTzyEHedKi2TkB3lnTwRhDNiP9e55L0BaCGrDy289X37FmNOqv1TZ8bbbl78m
+icGaQlKmdVIP8za7jjBuyt0FUxgMZ395SY0CcIBNT0g4wv1p08QNQKOR6ElLPumR
+n7419MxONeQlRKbN1ADKmhDUNSSW1r0RAaVx5nDVuVhzFybHAEiuoAdx9RR1/juC
+hey2ukbytqACDbfbkXp0k+xbNFtkFohdUfc1RgAXs7jKIxqw1Ump7CyGO7RpQEYi
+/HLjnRCbaGJSSrPXSDE52L+n1aCWLQ5iovh5/eRLqxzLpL8Wir+ye9m3c4y3ak6x
+vJr5tx3ECx3/9/EHh2H4xo0F3dNb+fNmC+JYVLcPoZLc+46xSh02ODAaKK3r1H9/
+2gvVLUpByG8hpAhCvvOoNunUu/0i1pEFPhuLj3nVB7IUb28a5MmatUSa
-----END ENCRYPTED PRIVATE KEY-----
Bag Attributes
friendlyName: server2.example.org
- localKeyID: BF 37 DA C8 19 97 0F 16 A1 F8 90 02 DB 17 CB C7 89 33 D1 E2
+ localKeyID: E2 38 5B 24 CB CF B7 53 1B 69 87 7A EF 67 67 6C 88 CD 28 0E
subject=/CN=server2.example.org
issuer=/O=example.org/CN=clica Signing Cert
-----BEGIN CERTIFICATE-----
MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhh
bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
-MjM0MTNaFw0zODAxMDExMjM0MTNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
-ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALsNJFJOkDN3pjWXSiId
-781OhAJ8Tev7iHxPqT/CBjvBbBqBYnAk5q2VzeBBdrD9g3s0uXTdv8KsJeKVU9cE
-2VzaAiTXT0EG/kLpxR/HimLHpS6VMHWe6V//nNOscwa1v3h+MVc45rDT9l0MDvIC
-OgzW8rM3xzhFhtk1zbSn5ieJAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
+MjM0MDNaFw0zNzEyMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPK/TJn4ZDN286XMhCLH
+ipnWbbNsFpqMotrAxdyA9thomMnYXU89uqPnQsyUyD5c7rUp+F2LWUGDPkd8v4q+
+EL3dUTRTnVY47ZMtVLz08nyucZTo/y+8ysaYDGmgioCQ8MME4C1lYe06bK33OYUe
+jYCM1DgDB/h04vkftlrQcOAbAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAG
A1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAj
hiFodHRwOi8vY3JsLmV4YW1wbGUub3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEE
KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLm9yZy8wHgYDVR0R
-BBcwFYITc2VydmVyMi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOBgQB8tfPX
-PqGaV8+AkMX/qtqd745YYYE1tibX2LX6ok8OdLcjdM8mPRb3J/bJrifpJiVhYESY
-XKBruZZxh4Fzh9HgKHidkfCP3py2CfpycR1BQ8eellv6mNibdoEjSCAvCEVJAaez
-pmwN1VlAzO9qx6sH5xKMxCfV2uJDQNSYAwH4Bg==
+BBcwFYITc2VydmVyMi5leGFtcGxlLm9yZzANBgkqhkiG9w0BAQsFAAOBgQCs5mI1
+W3xtz2hR/I2EWAAr415QJ43LRyzNQun0/b4k52BgubGDVAXKzkhes7RRNCW7+h6d
+wgJKFvBnHviThkmM00DGzSYJ2VCmHXsogJmWMl8zcEjOgC9E3LZKjp27dsjr4GlM
+jwf8XjoOCu3RUtdzuFOEmXviVYNbeiSlFsJSEQ==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC7DSRSTpAzd6Y1l0oiHe/NToQCfE3r+4h8T6k/wgY7wWwagWJw
-JOatlc3gQXaw/YN7NLl03b/CrCXilVPXBNlc2gIk109BBv5C6cUfx4pix6UulTB1
-nulf/5zTrHMGtb94fjFXOOaw0/ZdDA7yAjoM1vKzN8c4RYbZNc20p+YniQIDAQAB
-AoGADQLjQ6ls3POl92TcdoaUE3kydBTO+8sNqa4F5SY7NkVkXmyhGxFqDWmV/lM3
-bSTZVETs4Jz7NZCxevMtt4+CChW6vEM7TosEfUQ+Sp8D1t7PJJm8fIVAagm42HmA
-xUS0+5nAKepo0cWytuNVKLg1t/RFAASWhDVGVLre5OD63/0CQQDeCBg5O2QrjQEx
-CttJf+UfQ4PMv1gLEP/toY4ZINrItPo9rIaqbev2jkovDNIILVuImAT7zbQAgKQA
-/X5BThDVAkEA16sJ4box1KjnuAzsIMvs/gEVlX1ba3Hf8XlQ+8yMO/tbIKZNX2LQ
-4ZdEi2IextphwxrF9IO6OAzR5cf8V8E15QJAfmidYfguT5030HQd5Pqrt+D4aNmH
-hsVm8CPKgwPxi9N9pR9UjDOI5Baeparm6UDpnBrwu2uhz6dtuCKafxOzAQJAdJy6
-3x66Su55PH9gPeuF3WHgtc/uWo5cNEkQjNXxDY2/nEvPkj/wCcqs+WC4m3UBX2le
-l/OSATSNWd1kiF6kMQJBALwevGEIolnWI19Q/V1kigRYM+6SXDHcqZ+Bd4/MbdFS
-6XQBwJke2ysY9iKCx9dzUUtS0vMpEv15g+RFveWe9Ss=
+MIICWwIBAAKBgQDyv0yZ+GQzdvOlzIQix4qZ1m2zbBaajKLawMXcgPbYaJjJ2F1P
+Pbqj50LMlMg+XO61Kfhdi1lBgz5HfL+KvhC93VE0U51WOO2TLVS89PJ8rnGU6P8v
+vMrGmAxpoIqAkPDDBOAtZWHtOmyt9zmFHo2AjNQ4Awf4dOL5H7Za0HDgGwIDAQAB
+AoGAKCTvJUbDmhKRxaQWYBgReafRWYrxDAW2XaiOsDeFsGalNJA7Ei06Y1EN+35J
+cALMw+9ucFiTXgxh2CRZxYycK4TsAc9pxDr5Kqicr1kJbcIvYVA+Ddv5amI7wnVB
+abXMwCkoiVx7Kx1NgOMNT2RxF5pRDwioirQ0tMgLTN+U1n0CQQD8Fvqj//LRiKh9
+ADcK/gW0pZlD+4JzWKgF2Mx3wUsYZOppzkYj4KhAEGGMvN1Gz7RcNUxUGr9Y3aqA
+lDYuCkEHAkEA9oM43HW+Bm1+4ykhNzHGoN0FZZfeKhNXuH2VgYnBAZ2K47OQTTA6
+6JdmU3fiutquH59JTgnis2eoepdIHmLnTQJAaFBd8OUlpn0FM4yWOk85LzJjRJVb
+ur1R8fFvUpLCr1p7AcNglNIO7UuaAjHY4sdqG8nWRus2iOBZAJHUBaMqmwJAMEYu
+Qm4EUnnq2U1apdZnkWT3A5gj95VmHkjpmD6Dv288na6yWYtSXe4YKcxWaEUeyC6H
+SnMBJCTuh2NMyjaQGQJAJlzGzxq5Vxqt+QKfXiCbsj1tMW+8S8UYQqZLET/+/4kF
+8HKKO6653D1kjcvonBI/OyuwaZESdOImNzdAAhfgxQ==
-----END RSA PRIVATE KEY-----
clica -D "$idir" -p password -B 1024 -I -N example.$tld -F \
-C http://crl.example.$tld/latest.crl -O http://oscp.example.$tld/
- clica -D example.$tld -p password -s 101 -S server1.example.$tld \
+ # -m <months>
+ clica -D example.$tld -p password -s 101 -S server1.example.$tld -m 301 \
-8 alternatename.server1.example.$tld,alternatename2.server1.example.$tld,*.test.ex
- clica -D example.$tld -p password -s 102 -S revoked1.example.$tld
+ clica -D example.$tld -p password -s 102 -S revoked1.example.$tld -m 301
clica -D example.$tld -p password -s 103 -S expired1.example.$tld -m 1
- clica -D example.$tld -p password -s 201 -S server2.example.$tld
- clica -D example.$tld -p password -s 202 -S revoked2.example.$tld
+ clica -D example.$tld -p password -s 201 -S server2.example.$tld -m 301
+ clica -D example.$tld -p password -s 202 -S revoked2.example.$tld -m 301
clica -D example.$tld -p password -s 203 -S expired2.example.$tld -m 1
daemon_smtp_ports =
daemon_startup_retries = 3
daemon_startup_sleep = 8s
+debug_store
delay_warning = 1d
delay_warning_condition = ${if match{$h_precedence:}{(?i)bulk|list}{no}{yes}}
deliver_drop_privilege
acl_smtp_expn = check_expn
qualify_domain = test.ex
no_write_rejectlog
+recipient_unqualified_hosts = 3.3.3.3
# ----- ACLs -----
check_vrfy:
deny local_parts = hardfail
message = 599 custom reject
+ accept local_parts = acceptable
+ accept local_parts = ok_with_dom
+ domains = test.ex
check_expn:
accept hosts = 2.2.2.2
localuser:
driver = accept
- local_parts = userx
+ local_parts = userx : ok_with_dom : acceptable
transport = local_delivery
driver = autoreply
once = DIR/test-once
once_file_size = 30
+ once_repeat = 4s
text = "Auto reply message"
to = $sender_address
user = CALLER
--- /dev/null
+.include confs/TESTNUM./aaa
--- /dev/null
+.include bbb
--- /dev/null
+0376
\ No newline at end of file
--- /dev/null
+# Exim test configuration 0579
+
+.include DIR/aux-var/std_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+domainlist local_domains = test.ex
+log_selector = +received_recipients
+
+acl_smtp_rcpt = accept logwrite=cmd '$smtp_command'
+
+# ------ ACLs ------
+
+begin acl
+
+# ------ Routers ------
+
+begin routers
+
+r1:
+ driver = redirect
+ data = :blackhole:
+
+
+# ------ Transports ------
+
+begin transports
+
+# End
+++ /dev/null
-0900
\ No newline at end of file
--- /dev/null
+# Exim test configuration 0901
+SERVER=
+SRV=
+LIST=
+ALLOW=
+
+exim_path = EXIM_PATH
+keep_environment =
+host_lookup_order = bydns
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/SERVER%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+chunking_advertise_hosts = *
+tls_advertise_hosts = ${if eq {SRV}{tls} {*}}
+
+pipelining_advertise_hosts = :
+
+# ----- Main settings -----
+
+primary_hostname = testhost.test.ex
+domainlist local_domains = @ : test.ex
+
+acl_smtp_rcpt = check_recipient
+acl_smtp_data_prdr = check_prdr
+acl_smtp_data = check_data
+trusted_users = CALLER
+queue_only
+smtp_receive_timeout = 2s
+log_selector = +received_recipients
+
+.ifdef _OPT_MAIN_TLS_CERTIFICATE
+tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+.endif
+
+ALLOW
+
+# ----- ACL -----
+
+begin acl
+
+check_recipient:
+ accept hosts = :
+ accept domains = +local_domains
+ deny message = relay not permitted
+
+check_prdr:
+ accept local_parts = good
+ deny
+
+check_data:
+ warn message = X-acl-message-linecount: $message_linecount
+ accept
+
+# ----- Routers -----
+
+begin routers
+
+to_server:
+ driver = accept
+ condition = ${if !eq {SERVER}{server}}
+ transport = remote_smtp${if eq {OPT}{dkim} {_dkim}}
+ errors_to = ""
+
+fail_remote_domains:
+ driver = redirect
+ domains = ! +local_domains
+ data = :fail: unrouteable mail domain "$domain"
+
+localuser:
+ driver = accept
+ check_local_user
+ transport = local_delivery
+ headers_add = X-local-user: uid=$local_user_uid gid=$local_user_gid
+
+
+# ----- Transports -----
+
+begin transports
+
+local_delivery:
+ driver = appendfile
+ delivery_date_add
+ envelope_to_add
+ file = DIR/test-mail/$local_part
+ headers_add = "X-body-linecount: $body_linecount\n\
+ X-message-linecount: $message_linecount\n\
+ X-received-count: $received_count"
+ return_path_add
+
+remote_smtp:
+ driver = smtp
+ hosts = 127.0.0.1
+ port = PORT_S
+ allow_localhost
+ command_timeout = 2s
+ final_timeout = 2s
+
+remote_smtp_dkim:
+ driver = smtp
+ hosts = 127.0.0.1
+ port = PORT_S
+ allow_localhost
+ command_timeout = 2s
+ final_timeout = 2s
+
+.ifdef OPT
+ dkim_domain = test.ex
+ dkim_selector = sel
+ dkim_private_key = DIR/aux-fixed/dkim/dkim.private
+.ifndef HEADERS_MAXSIZE
+ dkim_sign_headers = LIST
+.endif
+.endif
+
+# ----- Retry -----
+
+begin retry
+* * F,30m,5m;
+# End
+++ /dev/null
-0900
\ No newline at end of file
+++ /dev/null
-.include confs/0903./aaa
+++ /dev/null
-.include bbb
--- /dev/null
+0900
\ No newline at end of file
--- /dev/null
+0900
\ No newline at end of file
logwrite = SN <${certextract {subject} {$tls_in_peercert}}>
logwrite = IN <${certextract {issuer} {$tls_in_peercert}}>
logwrite = IN/O <${certextract {issuer,O} {$tls_in_peercert}}>
- logwrite = NB <${certextract {notbefore} {$tls_in_peercert}}>
+ logwrite = NB/r <${certextract {notbefore,raw} {$tls_in_peercert}}>
+ logwrite = NB <${certextract {notbefore} {$tls_in_peercert}}>
logwrite = NB/i <${certextract {notbefore,int}{$tls_in_peercert}}>
- logwrite = NA <${certextract {notafter} {$tls_in_peercert}}>
+ logwrite = NA/i <${certextract {notafter,int} {$tls_in_peercert}}>
+ logwrite = NA <${certextract {notafter} {$tls_in_peercert}}>
logwrite = SA <${certextract {sig_algorithm}{$tls_in_peercert}}>
logwrite = SG <${certextract {signature} {$tls_in_peercert}}>
logwrite = ${certextract {subj_altname} {$tls_in_peercert} {SAN <$value>}{(no SAN)}}
# logwrite = ${certextract {ocsp_uri} {$tls_in_peercert} {OCU <$value>}{(no OCU)}}
logwrite = ${certextract {crl_uri} {$tls_in_peercert} {CRU <$value>}{(no CRU)}}
logwrite = md5 fingerprint ${md5:$tls_in_peercert}
- logwrite = sha1 fingerprint ${sha1:$tls_in_peercert}
+ logwrite = sha1 fingerprint ${sha1:$tls_in_peercert}
logwrite = sha256 fingerprint ${sha256:$tls_in_peercert}
logwrite = der_b64 ${base64:$tls_in_peercert}
acl_smtp_rcpt = accept
-log_selector = +tls_peerdn+smtp_connection+incoming_port
+log_selector = +tls_peerdn+smtp_connection+incoming_port+received_recipients
queue_only
queue_run_in_order
driver = smtp
allow_localhost
hosts = 127.0.0.1
+ hosts_noproxy_tls = :
port = PORT_D
# End
logwrite = NB/r <${certextract {notbefore,raw} {$tls_in_peercert}}>
logwrite = NB <${certextract {notbefore} {$tls_in_peercert}}>
logwrite = NB/i <${certextract {notbefore,int}{$tls_in_peercert}}>
- logwrite = NA <${certextract {notafter} {$tls_in_peercert}}>
+ logwrite = NA/i <${certextract {notafter,int} {$tls_in_peercert}}>
+ logwrite = NA <${certextract {notafter} {$tls_in_peercert}}>
logwrite = SA <${certextract {sig_algorithm}{$tls_in_peercert}}>
logwrite = SG <${certextract {signature} {$tls_in_peercert}}>
logwrite = ${certextract {subj_altname} {$tls_in_peercert} {SAN <$value>}{(no SAN)}}
acl_smtp_rcpt = accept
-log_selector = +tls_peerdn+smtp_connection+incoming_port
+log_selector = +tls_peerdn+smtp_connection+incoming_port+received_recipients
queue_only
queue_run_in_order
driver = smtp
allow_localhost
hosts = 127.0.0.1
+ hosts_noproxy_tls = :
port = PORT_D
tls_try_verify_hosts = :
# ----- Main settings -----
-acl_not_smtp = check_rcpt
+acl_smtp_rcpt = check_rcpt
+acl_not_smtp = check_not_smtp
queue_only
begin acl
check_rcpt:
+ accept
+ local_parts = defer_strict
+ set acl_m1 = ${lookup dnsdb{defer_strict,a=$domain}}
+
+check_not_smtp:
warn
set acl_m1 = ${map {<,$recipients} \
{${lookup dnsdb{a=${domain:$item}}{$value}fail}}}
--- /dev/null
+# Exim test configuration 4011
+# Content-scan: f-prot6d interface
+
+.include DIR/aux-var/std_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+av_scanner = f-prot6d : localhost4 PORT_S
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+acl_smtp_data = c_data
+
+begin acl
+
+c_data:
+ accept !malware = * OPT
+ deny logwrite = $callout_address malware_name $malware_name
+
+# ----- Routers -----
+
+begin routers
+
+r:
+ driver = redirect
+ data = :blackhole:
+
+# End
--- /dev/null
+# Exim test configuration 4030
+# Proxy Protocol
+
+.include DIR/aux-var/std_conf_prefix
+
+primary_hostname = myhost.test.ex
+hosts_proxy = HOSTIPV4
+queue_only
+
+# ----- Main settings -----
+
+log_selector = +proxy +incoming_port
+
+acl_smtp_rcpt = r_acl
+
+
+begin acl
+
+r_acl:
+ accept
+ logwrite = proxy session: $proxy_session
+ logwrite = local [$received_ip_address]:$received_port
+ logwrite = proxy internal [$proxy_local_address]:$proxy_local_port
+ logwrite = proxy external [$proxy_external_address]:$proxy_external_port
+ logwrite = remote [$sender_host_address]:$sender_host_port
+
+
+# ----- Routers -----
+
+begin routers
+
+dump:
+ driver = redirect
+ data = :blackhole:
+
+# End
+++ /dev/null
-# Exim test configuration 4503
-
-SERVER=
-OPT=
-
-.include DIR/aux-var/std_conf_prefix
-
-primary_hostname = myhost.test.ex
-
-# ----- Main settings -----
-
-acl_smtp_rcpt = accept
-acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
-
-
-# ----- Routers
-
-begin routers
-
-server_dump:
- driver = redirect
- condition = ${if eq {SERVER}{server}{yes}{no}}
- data = :blackhole:
-
-client:
- driver = accept
- transport = send_to_server
-
-# ----- Transports
-
-begin transports
-
-send_to_server:
- driver = smtp
- allow_localhost
- hosts = HOSTIPV4
- port = PORT_D
-
- dkim_domain = test.ex
- dkim_selector = sel
- dkim_private_key = DIR/aux-fixed/dkim/dkim.private
-.ifndef HEADERS_MAXSIZE
- dkim_sign_headers = OPT
-.endif
-
-# End
--- /dev/null
+4500
\ No newline at end of file
--- /dev/null
+4500
\ No newline at end of file
+++ /dev/null
-0900
\ No newline at end of file
+++ /dev/null
-# Exim test configuration 4510
-
-SERVER=
-OPT=
-
-.include DIR/aux-var/std_conf_prefix
-
-primary_hostname = myhost.test.ex
-
-# ----- Main settings -----
-
-acl_smtp_rcpt = accept
-acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
-acl_smtp_data_prdr = accept local_parts = okuser
-
-prdr_enable
-
-# ----- Routers
-
-begin routers
-
-client:
- driver = accept
- condition = ${if eq {SERVER}{server}{no}{yes}}
- transport = send_to_server
-
-server_dump:
- driver = redirect
- senders = ! :
- data = :blackhole:
-
-server_store:
- driver = accept
- transport = store
-
-# ----- Transports
-
-begin transports
-
-store:
- driver = appendfile
- file = DIR/test-mail/store
- return_path_add
- user = CALLER
-
-send_to_server:
- driver = smtp
- allow_localhost
- hosts = HOSTIPV4
- port = PORT_D
-
- dkim_domain = ${if def:sender_address_local_part {test.ex}}
- dkim_selector = sel
- dkim_private_key = DIR/aux-fixed/dkim/dkim.private
- dkim_sign_headers = From
-
-# End
--- /dev/null
+# Exim test configuration 4520
+
+SERVER=
+OPT=
+
+.include DIR/aux-var/std_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
+
+
+# ----- Routers
+
+begin routers
+
+server_dump:
+ driver = redirect
+ condition = ${if eq {SERVER}{server}{yes}{no}}
+ data = :blackhole:
+
+client:
+ driver = accept
+ transport = send_to_server
+
+# ----- Transports
+
+begin transports
+
+send_to_server:
+ driver = smtp
+ allow_localhost
+ hosts = HOSTIPV4
+ port = PORT_D
+
+ dkim_domain = test.ex
+.ifdef SELECTOR
+ dkim_selector = SELECTOR
+.else
+ dkim_selector = sel
+.endif
+ dkim_private_key = DIR/aux-fixed/dkim/dkim.private
+.ifndef HEADERS_MAXSIZE
+ dkim_sign_headers = OPT
+.endif
+
+# End
--- /dev/null
+0900
\ No newline at end of file
--- /dev/null
+0900
\ No newline at end of file
--- /dev/null
+# Exim test configuration 4550
+
+SERVER=
+OPT=
+
+.include DIR/aux-var/std_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+acl_smtp_dkim = accept logwrite = signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
+acl_smtp_data_prdr = accept local_parts = okuser
+
+prdr_enable
+
+# ----- Routers
+
+begin routers
+
+client:
+ driver = accept
+ condition = ${if eq {SERVER}{server}{no}{yes}}
+ transport = send_to_server
+
+server_dump:
+ driver = redirect
+ senders = ! :
+ data = :blackhole:
+
+server_store:
+ driver = accept
+ transport = store
+
+# ----- Transports
+
+begin transports
+
+store:
+ driver = appendfile
+ file = DIR/test-mail/store
+ return_path_add
+ user = CALLER
+
+send_to_server:
+ driver = smtp
+ allow_localhost
+ hosts = HOSTIPV4
+ port = PORT_D
+
+ dkim_domain = ${if def:sender_address_local_part {test.ex}}
+ dkim_selector = sel
+ dkim_private_key = DIR/aux-fixed/dkim/dkim.private
+ dkim_sign_headers = From
+
+# End
;
DNSSEC mxdane256ta MX 1 dane256ta
DNSSEC dane256ta A HOSTIPV4
-DNSSEC _1225._tcp.dane256ta TLSA 2 0 1 87712b46e3c444c9a58edaa9dbe34c26b81cefb658a002b267ee3223fd9219cd
+DNSSEC _1225._tcp.dane256ta TLSA 2 0 1 eec923139018c540a344c5191660ecba1ac3708525a98bfc338e17f31d3fa741
; A multiple-return MX where all TLSA lookups defer
--- /dev/null
+package Exim::Utils;
+use v5.10.1;
+use strict;
+use warnings;
+use parent 'Exporter';
+our @EXPORT_OK = qw(uniq numerically);
+
+
+sub uniq {
+ my %uniq = map { $_, undef } @_;
+ return keys %uniq;
+}
+
+sub numerically { $::a <=> $::b }
+
+1;
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Test: reject connect
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 ** userx@domain1 F=<CALLER@test.ex> R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after initial connection: 550 Go away
+1999-03-02 09:44:33 10HmaX-0005vi-00 ** userx@domain1 F=<CALLER@test.ex> R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after initial connection: 550 Go away (A)
1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER <CALLER@test.ex> F=<> R=all T=local_delivery
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Test: reject helo
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaZ-0005vi-00 ** userx@domain1 F=<CALLER@test.ex> R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after HELO the.local.host.name: 550 Go away
-1999-03-02 09:44:33 10HmaZ-0005vi-00 ** usery@domain2 F=<CALLER@test.ex> R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after HELO the.local.host.name: 550 Go away
+1999-03-02 09:44:33 10HmaZ-0005vi-00 ** userx@domain1 F=<CALLER@test.ex> R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after HELO the.local.host.name: 550 Go away (C)
+1999-03-02 09:44:33 10HmaZ-0005vi-00 ** usery@domain2 F=<CALLER@test.ex> R=others T=smtp H=localhost4.test.ex [127.0.0.1]: SMTP error from remote mail server after HELO the.local.host.name: 550 Go away (C)
1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> R=10HmaZ-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 => CALLER <CALLER@test.ex> F=<> R=all T=local_delivery
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: response to "RCPT TO:<bad@localhost>" from 127.0.0.1 [127.0.0.1] was: 550 Unknown user
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<bad@localhost>: 550 Unknown user
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <uncheckable@localhost1>: response to "RCPT TO:<uncheckable@localhost1>" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <uncheckable@localhost1>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<uncheckable@localhost1>: 450 Temporary error
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<uncheckable@localhost1> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable2@localhost1>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 Error for <>
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable2@localhost1>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 Error for <>
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<uncheckable2@localhost1> rejected RCPT <z@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable@localhost1>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550-Multiline error for <>\n550 Here's the second line
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable@localhost1>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550-Multiline error for <>\n550 Here's the second line
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<uncheckable@localhost1> rejected RCPT <z@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<z@remote.domain>: 550 Recipient not liked
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<z@remote.domain>: 550-Recipient not liked on two lines\n550 Here's the second
1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> temporarily rejected RCPT <z@remote.domain>: Could not complete recipient verify callout
1999-03-02 09:44:33 10HmaX-0005vi-00 H=[V4NET.0.0.4] U=root F=<uncheckable@localhost1> rejected after DATA: there is no valid sender in any header line
1999-03-02 09:44:33 10HmaY-0005vi-00 H=[V4NET.0.0.4] U=root F=<uncheckable@localhost1> rejected after DATA: there is no valid sender in any header line
1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: relay not permitted
-1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for <ok@localhost1>: response to "RCPT TO:<postmaster@localhost1>" from 127.0.0.1 [127.0.0.1] was: 550 Don't like postmaster
+1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for <ok@localhost1>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@localhost1>: 550 Don't like postmaster
1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: response to "RCPT TO:<z@remote.lmtp>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: response to "initial connection" from 127.0.0.1 [127.0.0.1] was: connection dropped
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<z@remote.lmtp>: 550 Recipient not liked
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : Remote host closed connection in response to initial connection
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost1> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost1> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
1999-03-02 09:44:33 End queue run: pid=pppp
******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:1225 [127.0.0.1]:1226 [ip4.ip4.ip4.ip4]:1227
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:{1225,1226} [ip4.ip4.ip4.ip4]:1227
1999-03-02 09:44:33 10HmaX-0005vi-00 <= userx@test.ex H=(rhu.barb) [127.0.0.1]:1111 I=[127.0.0.1]:1225 P=esmtp S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= userx@test.ex H=(rhu.barb) [127.0.0.1]:1112 I=[127.0.0.1]:1226 P=esmtp S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER F=<> rejected after DATA: '>' missing at end of address: failing address in "From:" header is: <bad@syntax
1999-03-02 09:44:33 10HmaY-0005vi-00 U=CALLER F=<> rejected after DATA: there is no valid sender in any header line
-1999-03-02 09:44:33 U=CALLER sender verify defer for <callout@x>: could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error
+1999-03-02 09:44:33 U=CALLER sender verify defer for <callout@x>: Could not complete sender verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error
1999-03-02 09:44:33 U=CALLER F=<callout@x> temporarily rejected RCPT <x@y>: Could not complete sender verify callout
1999-03-02 09:44:33 10HmaZ-0005vi-00 U=CALLER F=<nosyntax@x> rejected after DATA
1999-03-02 09:44:33 10HmbA-0005vi-00 U=CALLER F=<> rejected after DATA: there is no valid sender in any header line
-1999-03-02 09:44:33 U=CALLER F=<recipcallout@y> temporarily rejected RCPT <callout@y>: could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error
+1999-03-02 09:44:33 U=CALLER F=<recipcallout@y> temporarily rejected RCPT <callout@y>: Could not complete recipient verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error
1999-03-02 09:44:33 U=CALLER F=<> rejected RCPT <cantverify.fail@y>: failure message
1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT <cantverify.defer@y>: defer message
1999-03-02 09:44:33 10HmbB-0005vi-00 U=CALLER F=<> rejected after DATA: '>' missing at end of address: failing address in "From:" header is: <bad@syntax
1999-03-02 09:44:33 10HmbC-0005vi-00 U=CALLER F=<> rejected after DATA: there is no valid sender in any header line
-1999-03-02 09:44:33 U=CALLER sender verify defer for <callout@x>: could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error
+1999-03-02 09:44:33 U=CALLER sender verify defer for <callout@x>: Could not complete sender verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error
1999-03-02 09:44:33 U=CALLER F=<callout@x> temporarily rejected RCPT <x@y>: Could not complete sender verify callout
1999-03-02 09:44:33 10HmbD-0005vi-00 U=CALLER F=<nosyntax@x> rejected after DATA
1999-03-02 09:44:33 10HmbE-0005vi-00 U=CALLER F=<> rejected after DATA: there is no valid sender in any header line
-1999-03-02 09:44:33 U=CALLER F=<recipcallout@y> temporarily rejected RCPT <callout@y>: could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error
+1999-03-02 09:44:33 U=CALLER F=<recipcallout@y> temporarily rejected RCPT <callout@y>: Could not complete recipient verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error
1999-03-02 09:44:33 U=CALLER F=<> rejected RCPT <cantverify.fail@y>: failure message
1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT <cantverify.defer@y>: defer message
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> H=host2.name [4.3.2.1] U=CALLER P=smtp S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 Error in system filter: failed to expand " acl_c0="$acl_c0"\n acl_c1="$acl_c1"\n acl_c2="$acl_c2"\n acl_c3="$acl_c3"\n acl_c4="$acl_c4"\n acl_c5="$acl_c5"\n acl_c6="$acl_c6"\n acl_c7="$acl_c7"\n acl_c8="$acl_c8"\n acl_c9="$acl_c9"\n acl_m0="$acl_m0"\n acl_m1="$acl_m1"\n acl_m2="$acl_m2"\n acl_m3="$acl_m3"\n acl_m4="$acl_m4"\n acl_m5="$acl_m5"\n acl_m6="$acl_m6"\n acl_m7="$acl_m7"\n acl_m8="$acl_m8"\n acl_m9="$acl_m9"\n acl_m_foo="$acl_m_foo"\n acl_m_bar="$acl_m_bar"\n acl_c_foo="$acl_c_foo"\n acl_c_bar="$acl_c_bar"\n" in logwrite command: unknown variable name "acl_c1" (strict_acl_vars is set)
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (test) [127.0.0.1] P=smtp S=sss
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <ok@localhost>: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <ok@localhost>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: response to "RCPT TO:<bad@localhost>" from 127.0.0.1 [127.0.0.1] was: 550 REJECTED
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<bad@localhost>: 550 REJECTED
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: (recipient): Sender verify failed
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: (recipient): Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 REJECT MAIL FROM
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 REJECT MAIL FROM
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> rejected RCPT <z@test.ex>: (mail): Sender verify failed
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> rejected RCPT <z@test.ex>: (mail): Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>: response to "RCPT TO:<postmaster@otherhost>" from 127.0.0.1 [127.0.0.1] was: 550 NOT OK
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@otherhost>: 550 NOT OK
1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>
1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for <okok@otherhost51>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root sender verify defer for <ok@otherhost3>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost3>" was: 250 OK
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<ok@otherhost3> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root sender verify defer for <ok@otherhost4>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost4>" was: 250 OK
+1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root F=<ok@otherhost4> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for <okok@otherhost51>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost51>
1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<okok@otherhost51> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok7@otherhost53 H=[V4NET.0.0.7] U=root P=smtp S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok7@otherhost53 H=[V4NET.0.0.8] U=root P=smtp S=sss
-1999-03-02 09:44:33 U=CALLER Warning: Sender verify failed: response to "RCPT TO:<x@remote>" from 127.0.0.1 [127.0.0.1] was: 550 Unknown
+1999-03-02 09:44:33 U=CALLER Warning: Sender verify failed: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<x@remote>: 550 Unknown
1999-03-02 09:44:33 U=CALLER Warning: some other warning
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local-smtp S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 => x <x@local> R=r1 T=t1
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 U=CALLER sender verify fail for <z@remote>: response to "RCPT TO:<z@remote>" from 127.0.0.1 [127.0.0.1] was: 550 Unknown
+1999-03-02 09:44:33 U=CALLER sender verify fail for <z@remote>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<z@remote>: 550 Unknown
1999-03-02 09:44:33 U=CALLER F=<z@remote> rejected RCPT <deny@local>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER Warning: Sender verify failed: response to "RCPT TO:<qq@remote>" from 127.0.0.1 [127.0.0.1] was: 550 Unknown
+1999-03-02 09:44:33 U=CALLER Warning: Sender verify failed: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<qq@remote>: 550 Unknown
1999-03-02 09:44:33 U=CALLER Warning: Sender verify failed
1999-03-02 09:44:33 U=CALLER Warning: some other warning
-1999-03-02 09:44:33 U=CALLER sender verify defer for <r1@domain1>: response to "RCPT TO:<r1@domain1>" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error
+1999-03-02 09:44:33 U=CALLER sender verify defer for <r1@domain1>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<r1@domain1>: 450 Temporary error
1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL <r1@domain1>: Could not complete sender verify callout
-1999-03-02 09:44:33 U=CALLER sender verify defer for <r2@domain2>: response to "RCPT TO:<r2@domain2>" from ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] was: 450 Temporary error
+1999-03-02 09:44:33 U=CALLER sender verify defer for <r2@domain2>: Could not complete sender verify callout: ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] : SMTP error from remote mail server after RCPT TO:<r2@domain2>: 450 Temporary error
1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL <r2@domain2>: Could not complete sender verify callout
-1999-03-02 09:44:33 U=CALLER sender verify defer for <r3@domain3>: response to "RCPT TO:<r3@domain3>" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error
+1999-03-02 09:44:33 U=CALLER sender verify defer for <r3@domain3>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<r3@domain3>: 450 Temporary error
1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL <r3@domain3>: Could not complete sender verify callout
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <Ok@localhost>: response to "RCPT TO:<postmaster@localhost>" from 127.0.0.1 [127.0.0.1] was: 550 NO
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <Ok@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@localhost>: 550 NO
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<Ok@localhost> rejected RCPT <checkpm@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <NOTok@elsewhere>: response to "RCPT TO:<NOTok@elsewhere>" from 127.0.0.1 [127.0.0.1] was: 550 NO
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <NOTok@elsewhere>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<NOTok@elsewhere>: 550 NO
1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<NOTok@elsewhere> rejected RCPT <nocheckpm@test.ex>: Sender verify failed
1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<NOTok2@elsewhere> rejected RCPT <nocheckpm@test.ex>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER F=<s3@other.ex> rejected RCPT r3@other.ex: response to "MAIL FROM:<s3@other.ex>" from 127.0.0.1 [127.0.0.1] was: 550 NOTOK
-1999-03-02 09:44:33 U=CALLER F=<s4@other.ex> temporarily rejected RCPT r4@other.ex: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused
-1999-03-02 09:44:33 U=CALLER F=<x9@test.ex> rejected RCPT <r9@test.ex>: response to "RCPT TO:<r9@test.ex>" from 127.0.0.1 [127.0.0.1] was: 550 NO
+1999-03-02 09:44:33 U=CALLER F=<s3@other.ex> rejected RCPT r3@other.ex: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<s3@other.ex>" was: 550 NOTOK
+1999-03-02 09:44:33 U=CALLER F=<s4@other.ex> temporarily rejected RCPT r4@other.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused
+1999-03-02 09:44:33 U=CALLER F=<x9@test.ex> rejected RCPT <r9@test.ex>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<r9@test.ex>: 550 NO
1999-03-02 09:44:33 U=CALLER F=<x9@test.ex> rejected RCPT <r9@test.ex>: Previous (cached) callout verification failure
-1999-03-02 09:44:33 U=CALLER sender verify fail for <x9@test.ex>: response to "RCPT TO:<x9@test.ex>" from 127.0.0.1 [127.0.0.1] was: 550 NO
+1999-03-02 09:44:33 U=CALLER sender verify fail for <x9@test.ex>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<x9@test.ex>: 550 NO
1999-03-02 09:44:33 U=CALLER F=<x9@test.ex> rejected RCPT <r9@test.ex>: Sender verify failed
1999-03-02 09:44:33 U=CALLER sender verify fail for <x9@test.ex>
1999-03-02 09:44:33 U=CALLER F=<x9@test.ex> rejected RCPT <r9@test.ex>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout
-1999-03-02 09:44:33 U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout
+1999-03-02 09:44:33 U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO:<r11@two.test.ex>
+1999-03-02 09:44:33 U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after initial connection
1999-03-02 09:44:33 Messages accepted:
1999-03-02 09:44:33 Recipients:
1999-03-02 09:44:33 Accepted:
-1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT teplevel ACL may not fail ('deny' verb used incorrectly)
+1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT toplevel ACL may not fail ('deny' verb used incorrectly)
1999-03-02 09:44:33 Messages received: 1
1999-03-02 09:44:33 Messages accepted:
1999-03-02 09:44:33 Recipients:
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userx@broken.example>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 I'm misconfigured
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userx@broken.example>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 I'm misconfigured
1999-03-02 09:44:33 U=CALLER rejected MAIL <userx@broken.example>: Sender verify failed
1999-03-02 09:44:33 U=CALLER sender verify fail for <userx@broken.example>
1999-03-02 09:44:33 U=CALLER rejected MAIL <userx@broken.example>: Sender verify failed
--- /dev/null
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <ok@localhost>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<bad@localhost>: 550 REJECTED rcpt
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: (recipient): Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: (recipient): Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 REJECT mail from
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> rejected RCPT <z@test.ex>: (mail): Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> rejected RCPT <z@test.ex>: (mail): Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@otherhost>: 550 NOT OK rcpt postmaster
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root sender verify defer for <ok@otherhost3>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost3>" was: 250 OK accepting that random recipient
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<ok@otherhost3> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root sender verify defer for <ok@otherhost4>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost4>" was: 250 OK
+1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root F=<ok@otherhost4> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for <okok@otherhost51>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost51>
+1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<okok@otherhost51> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok7@otherhost53 H=[V4NET.0.0.7] U=root P=smtp S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok7@otherhost53 H=[V4NET.0.0.8] U=root P=smtp S=sss
--- /dev/null
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 cmd 'RCPT TO:<"name with spaces"@test.ex>'
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> H=(test) [127.0.0.1] P=esmtp S=sss for "name with spaces"@test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 => :blackhole: <"name with spaces"@test.ex> R=r1
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 SMTP connection from (tester) [127.0.0.1] lost while reading message data
1999-03-02 09:44:33 10HmbB-0005vi-00 <= someone@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex
1999-03-02 09:44:33 H=(tester) [127.0.0.1] F=<someone@some.domain> rejected RCPT <dummy@reject.ex>: relay not permitted
+1999-03-02 09:44:33 rejected from <someone@some.domain> H=(tester) [127.0.0.1]: Non-CRLF-terminated header, under CHUNKING: message abandoned
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for a@test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for b@test.ex
-1999-03-02 09:44:33 10HmaY-0005vi-00 == b@test.ex R=to_server T=remote_smtp defer (dd): Connection timed out H=127.0.0.1 [127.0.0.1]: SMTP timeout after end of data (ddd bytes written)
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for c@test.ex
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => c@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for d@test.ex
-1999-03-02 09:44:33 10HmbA-0005vi-00 ** d@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 500 oops
-1999-03-02 09:44:33 10HmbA-0005vi-00 d@test.ex: error ignored
-1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbB-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for e@test.ex
-1999-03-02 09:44:33 10HmbB-0005vi-00 == e@test.ex R=to_server T=remote_smtp defer (-46) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 400 not right now
-1999-03-02 09:44:33 10HmbC-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for p@test.ex
-1999-03-02 09:44:33 10HmbC-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
-1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbD-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for q@test.ex
-1999-03-02 09:44:33 10HmbD-0005vi-00 == q@test.ex R=to_server T=remote_smtp defer (dd): Connection timed out H=127.0.0.1 [127.0.0.1]: SMTP timeout after pipelined end of data (ddd bytes written)
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for r@test.ex
-1999-03-02 09:44:33 10HmbE-0005vi-00 => r@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
-1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbF-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for s@test.ex
-1999-03-02 09:44:33 10HmbF-0005vi-00 ** s@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 550 unacceptable mail-from
-1999-03-02 09:44:33 10HmbF-0005vi-00 s@test.ex: error ignored
-1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbG-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for s1@test.ex
-1999-03-02 09:44:33 10HmbG-0005vi-00 == s1@test.ex R=to_server T=remote_smtp defer (-45) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 450 greylisted mail-from
-1999-03-02 09:44:33 10HmbH-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for t@test.ex
-1999-03-02 09:44:33 10HmbH-0005vi-00 ** t@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:<t@test.ex>: 550 no such recipient
-1999-03-02 09:44:33 10HmbH-0005vi-00 t@test.ex: error ignored
-1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbI-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for u@test.ex
-1999-03-02 09:44:33 10HmbI-0005vi-00 ** u@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 500 oops bdat
-1999-03-02 09:44:33 10HmbI-0005vi-00 u@test.ex: error ignored
-1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbJ-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for v@test.ex
-1999-03-02 09:44:33 10HmbJ-0005vi-00 == v@test.ex R=to_server T=remote_smtp defer (-46) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 400 not right now bdat
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= someone1@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= someone2@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= someone3@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= someone2A@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= someone3A@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 SMTP data timeout (message abandoned) on connection from (tester) [127.0.0.1] F=<someone4@some.domain>
+1999-03-02 09:44:33 SMTP connection from (tester) [127.0.0.1] lost while reading message data
+1999-03-02 09:44:33 SMTP connection from (tester) [127.0.0.1] lost while reading message data
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= someone8@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex
+1999-03-02 09:44:33 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "bdat 1" H=(tester) [127.0.0.1] next input="bdat 87 last\r\n"
+1999-03-02 09:44:33 SMTP call from (tester) [127.0.0.1] dropped: too many syntax or protocol errors (last command was "From: Sam@random.com")
+1999-03-02 09:44:33 SMTP connection from (tester) [127.0.0.1] lost while reading message data (header)
+++ /dev/null
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for a@test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for d@test.ex
-1999-03-02 09:44:33 10HmaY-0005vi-00 ** d@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after sending data block: 500 oops bdat-nonlast
-1999-03-02 09:44:33 10HmaY-0005vi-00 d@test.ex: error ignored
-1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for p@test.ex
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for s@test.ex
-1999-03-02 09:44:33 10HmbA-0005vi-00 ** s@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined sending data block: 550 unacceptable mail-from
-1999-03-02 09:44:33 10HmbA-0005vi-00 s@test.ex: error ignored
-1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbB-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for t@test.ex
-1999-03-02 09:44:33 10HmbB-0005vi-00 ** t@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:<t@test.ex>: 550 no such recipient
-1999-03-02 09:44:33 10HmbB-0005vi-00 t@test.ex: error ignored
-1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbC-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for t1@test.ex t2@test.ex
-1999-03-02 09:44:33 10HmbC-0005vi-00 ** t1@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:<t1@test.ex>: 550 no such recipient
-1999-03-02 09:44:33 10HmbC-0005vi-00 => t2@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
-1999-03-02 09:44:33 10HmbC-0005vi-00 t1@test.ex: error ignored
-1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbD-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for u@test.ex
-1999-03-02 09:44:33 10HmbD-0005vi-00 ** u@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined sending data block: 500 oops nonlast bdat
-1999-03-02 09:44:33 10HmbD-0005vi-00 u@test.ex: error ignored
-1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbE-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for v@test.ex
-1999-03-02 09:44:33 10HmbE-0005vi-00 ** v@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 500 oops bdat
-1999-03-02 09:44:33 10HmbE-0005vi-00 v@test.ex: error ignored
-1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbF-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for p@test.ex
-1999-03-02 09:44:33 10HmbF-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
-1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for a@test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for b@test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 == b@test.ex R=to_server T=remote_smtp defer (dd): Connection timed out H=127.0.0.1 [127.0.0.1]: SMTP timeout after end of data (ddd bytes written)
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for c@test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => c@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for d@test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 ** d@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 500 oops
+1999-03-02 09:44:33 10HmbA-0005vi-00 d@test.ex: error ignored
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for e@test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 == e@test.ex R=to_server T=remote_smtp defer (-46) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 400 not right now
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for p@test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for q@test.ex
+1999-03-02 09:44:33 10HmbD-0005vi-00 == q@test.ex R=to_server T=remote_smtp defer (dd): Connection timed out H=127.0.0.1 [127.0.0.1]: SMTP timeout after pipelined end of data (ddd bytes written)
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for r@test.ex
+1999-03-02 09:44:33 10HmbE-0005vi-00 => r@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
+1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbF-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for s@test.ex
+1999-03-02 09:44:33 10HmbF-0005vi-00 ** s@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 550 unacceptable mail-from
+1999-03-02 09:44:33 10HmbF-0005vi-00 s@test.ex: error ignored
+1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbG-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for s1@test.ex
+1999-03-02 09:44:33 10HmbG-0005vi-00 == s1@test.ex R=to_server T=remote_smtp defer (-45) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 450 greylisted mail-from
+1999-03-02 09:44:33 10HmbH-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for t@test.ex
+1999-03-02 09:44:33 10HmbH-0005vi-00 ** t@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:<t@test.ex>: 550 no such recipient
+1999-03-02 09:44:33 10HmbH-0005vi-00 t@test.ex: error ignored
+1999-03-02 09:44:33 10HmbH-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbI-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for u@test.ex
+1999-03-02 09:44:33 10HmbI-0005vi-00 ** u@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 500 oops bdat
+1999-03-02 09:44:33 10HmbI-0005vi-00 u@test.ex: error ignored
+1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbJ-0005vi-00 <= sender@source.dom U=root P=local-bsmtp S=sss for v@test.ex
+1999-03-02 09:44:33 10HmbJ-0005vi-00 == v@test.ex R=to_server T=remote_smtp defer (-46) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined end of data: 400 not right now bdat
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for a@test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for d@test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 ** d@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after sending data block: 500 oops bdat-nonlast
+1999-03-02 09:44:33 10HmaY-0005vi-00 d@test.ex: error ignored
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for p@test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for s@test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 ** s@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined sending data block: 550 unacceptable mail-from
+1999-03-02 09:44:33 10HmbA-0005vi-00 s@test.ex: error ignored
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for t@test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 ** t@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:<t@test.ex>: 550 no such recipient
+1999-03-02 09:44:33 10HmbB-0005vi-00 t@test.ex: error ignored
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for t1@test.ex t2@test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 ** t1@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after RCPT TO:<t1@test.ex>: 550 no such recipient
+1999-03-02 09:44:33 10HmbC-0005vi-00 => t2@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
+1999-03-02 09:44:33 10HmbC-0005vi-00 t1@test.ex: error ignored
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for u@test.ex
+1999-03-02 09:44:33 10HmbD-0005vi-00 ** u@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined sending data block: 500 oops nonlast bdat
+1999-03-02 09:44:33 10HmbD-0005vi-00 u@test.ex: error ignored
+1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for v@test.ex
+1999-03-02 09:44:33 10HmbE-0005vi-00 ** v@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: 500 oops bdat
+1999-03-02 09:44:33 10HmbE-0005vi-00 v@test.ex: error ignored
+1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbF-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for u@test.ex
+1999-03-02 09:44:33 10HmbF-0005vi-00 == u@test.ex R=to_server T=remote_smtp defer (-46) H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after pipelined sending data block: 400 oops nonlast bdat
+1999-03-02 09:44:33 10HmbG-0005vi-00 <= sender@dom U=root P=local-bsmtp S=sss for p@test.ex
+1999-03-02 09:44:33 10HmbG-0005vi-00 => p@test.ex R=to_server T=remote_smtp H=127.0.0.1 [127.0.0.1] K C="250 OK bdat"
+1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 (IPv6 and IPv4) port 1226 (IPv6 and IPv4)
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 (IPv6 and IPv4) port 1226 (IPv6 and IPv4) [127.0.0.1]:1228
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 (IPv6 and IPv4) port 1226 (IPv6 and IPv4) [127.0.0.1]:1228
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:1225 [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:1226
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:{1225,1226}
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1227 (IPv6 and IPv4) [127.0.0.1]:1228
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:1227 [127.0.0.1]:1225
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:{1227,1225}
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 (IPv6 and IPv4) port 1226 (IPv4)
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid
-1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
+1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (certificate verification failed): certificate invalid: delivering unencrypted to H=127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid
-1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate invalid
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid
-1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate invalid
1999-03-02 09:44:33 End queue run: pid=pppp -qf
******** SERVER ********
1999-03-02 09:44:33 SN <CN=server2.example.com>
1999-03-02 09:44:33 IN <O=example.com,CN=clica Signing Cert>
1999-03-02 09:44:33 IN/O <example.com>
-1999-03-02 09:44:33 NB <Nov 1 12:34:06 2012 GMT>
-1999-03-02 09:44:33 NB/i <1351773246>
-1999-03-02 09:44:33 NA <Jan 1 12:34:06 2038 GMT>
+1999-03-02 09:44:33 NB/r <Nov 1 12:34:02 2012 GMT>
+1999-03-02 09:44:33 NB <Nov 1 12:34:02 2012 GMT>
+1999-03-02 09:44:33 NB/i <1351773242>
+1999-03-02 09:44:33 NA/i <2143283642>
+1999-03-02 09:44:33 NA <Dec 1 12:34:02 2037 GMT>
1999-03-02 09:44:33 SA <RSA-SHA256>
-1999-03-02 09:44:33 SG <71 b2 af 7b 95 28 55 f3 39 e3 8d 32 43 e9 2f 68 28 ef 03 76 3c 3a 6a 7a d7 6e 47 4e 69 25 67 fb 7a eb bc bb 69 9c 3f e8 b7 78 d0 a9 78 0c 7a 46 8d 01 de cc c6 fd 13 be 8d 99 ba 12 ee eb df e9 65 98 4c e9 ff 2e fe 71 5e 11 fe 48 81 66 91 a7 f5 70 8a 9c 63 36 b7 ac 69 95 06 5e 54 9b 53 ff a9 d9 07 34 67 f5 f0 05 f7 16 eb 28 89 8e 98 27 58 5f 61 c3 3f 72 f5 dc 2f b7 67 48 87 18 c6 72>
+1999-03-02 09:44:33 SG <3a e2 4b 89 c0 a9 e8 f8 d2 bb ea 7d f8 57 7a aa 26 42 b3 94 04 04 24 f7 0d 6d 33 de 82 90 75 76 ba 3a a4 7d e0 e5 6d 3a 3c e6 74 3f b4 ad cf d1 b9 bd 6a 06 44 ea a9 a3 14 5e 34 d7 54 2e ed 5a b3 fb ca df 5a b6 22 d8 b0 f0 38 68 48 a8 cd 34 6b b2 e9 7f 96 cd ec 48 fa 5d 0e 2f 66 f0 c3 bf f9 f4 65 10 80 b9 f4 fa db be a4 26 c3 3d 25 3a 7f b7 e9 ad cd d6 06 55 f1 98 3e ea b5 cf 76 a1>
1999-03-02 09:44:33 SAN <DNS=server2.example.com>
1999-03-02 09:44:33 CRU <http://crl.example.com/latest.crl>
-1999-03-02 09:44:33 md5 fingerprint 6EF976EBB1B8D9F761FC9B90C0A932F2
-1999-03-02 09:44:33 sha1 fingerprint 937464090D55415838493903E638821D15251017
-1999-03-02 09:44:33 sha256 fingerprint 5D5FAB3264B5DC5101A548BF1F80FED4AF1FEB8108E08EE4BE012CCC0BD39395
-1999-03-02 09:44:33 der_b64 MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDExMjM0MDZaFw0zODAxMDExMjM0MDZaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKyfVyM2/OEp07jUT275Z443TxznHO7R/gOy2YSg8boviB72gXWcnvPD7JJ19zT4dAX7ycYhJJHvnfurI9sxlbeC12v1Vci9auGtSdyTfiFE6sHj5WG85eRLPyp9Bh10oHF5f5/O8ql5oY6Mp64fgzkQww6adLTJhMXdYum4pYS7AgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQBxsq97lShV8znjjTJD6S9oKO8Ddjw6anrXbkdOaSVn+3rrvLtpnD/ot3jQqXgMekaNAd7Mxv0Tvo2ZuhLu69/pZZhM6f8u/nFeEf5IgWaRp/VwipxjNresaZUGXlSbU/+p2Qc0Z/XwBfcW6yiJjpgnWF9hwz9y9dwvt2dIhxjGcg==
+1999-03-02 09:44:33 md5 fingerprint 61F3EF662C9186FC1CA4F6FF1C22F0C9
+1999-03-02 09:44:33 sha1 fingerprint 3E38B35220A0E1803974EA8DD9D22CDAF653CCBF
+1999-03-02 09:44:33 sha256 fingerprint 33177BB2668D3D95E81B241F3C71AF36DF691818CB47B882B59F349D7416B025
+1999-03-02 09:44:33 der_b64 MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDExMjM0MDJaFw0zNzEyMDExMjM0MDJaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpVDMWYm+sUgk2Suy9gbFS1QSurQJANa1I4+2yQhqK8r2KaNMODeTBPm8wjDaia3OUPUXx0dUwzF5oi6sr7ztThjz6vAvPyq7fCyIO5P19FdQ8Po1QefxoPWTvN7giWjh0n1FeoG/Ls+sROjchmTbVuxrbU9kGfSqmBIPF1R0qPAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQA64kuJwKno+NK76n34V3qqJkKzlAQEJPcNbTPegpB1dro6pH3g5W06POZ0P7Stz9G5vWoGROqpoxReNNdULu1as/vK31q2Itiw8DhoSKjNNGuy6X+WzexI+l0OL2bww7/59GUQgLn0+tu+pCbDPSU6f7fprc3WBlXxmD7qtc92oQ==
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server2.example.com" S=sss
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (certificate verification failed): certificate invalid
-1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=client_x T=send_to_server_failcert defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=client_x T=send_to_server_failcert defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (certificate verification failed): certificate invalid
1999-03-02 09:44:33 10HmaX-0005vi-00 ** userx@test.ex: retry timeout exceeded
1999-03-02 09:44:33 10HmaX-0005vi-00 userx@test.ex: error ignored
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (certificate verification failed): certificate invalid
1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client_y T=send_to_server_retry H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client_z T=send_to_server_crypt H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbA-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (certificate verification failed): certificate invalid
-1999-03-02 09:44:33 10HmbA-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
+1999-03-02 09:44:33 10HmbA-0005vi-00 TLS session: (certificate verification failed): certificate invalid: delivering unencrypted to H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
1999-03-02 09:44:33 10HmbA-0005vi-00 => userq@test.ex R=client_q T=send_to_server_req_fail H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbF-0005vi-00"
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
1999-03-02 09:44:33 10HmbB-0005vi-00 no IP address found for host server1.example.net
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for userx@test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for usery@test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for userz@test.ex
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 SMTP connection from [127.0.0.1]:1111 (TCP/IP connection count = 1)
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for userx@test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for userz@test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for usery@test.ex
1999-03-02 09:44:33 SMTP connection from localhost (myhost.test.ex) [127.0.0.1]:1111 closed by QUIT
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx <userx@test.ex> R=server T=local_delivery
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbA-0005vi-00 => usery <usery@test.ex> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbA-0005vi-00 => userx <userx@test.ex> R=server T=local_delivery
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 => userz <userz@test.ex> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbC-0005vi-00 => usery <usery@test.ex> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (gnutls_handshake): timed out
-1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@domain1 R=others T=smtp defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@domain1 R=others T=smtp defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (gnutls_handshake): timed out
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (gnutls_handshake): A TLS fatal alert has been received.
-1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
+1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session: (gnutls_handshake): A TLS fatal alert has been received.: delivering unencrypted to H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate.
1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate.
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx <userx@test.ex> R=server T=local_delivery
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=the.local.host.name [ip4.ip4.ip4.ip4] TLS error on connection (certificate verification failed)
-1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to the.local.host.name [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
+1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (certificate verification failed): delivering unencrypted to H=the.local.host.name [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
1999-03-02 09:44:33 10HmaX-0005vi-00 => userr@test.ex R=client_r T=send_to_server_req_failname H=the.local.host.name [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 => users@test.ex R=client_s T=send_to_server_req_passname H=server1.example.com [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbB-0005vi-00"
-1999-03-02 09:44:33 H=127.0.0.1 [127.0.0.1] TLS error on connection (gnutls_handshake): timed out
-1999-03-02 09:44:33 TLS session failure: callout unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
+1999-03-02 09:44:33 TLS session: (gnutls_handshake): timed out: callout unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
1999-03-02 09:44:33 10HmaX-0005vi-00 <= s1@test.ex U=CALLER P=local-esmtp S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid
-1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
+1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (certificate verification failed): certificate invalid: delivering unencrypted to H=127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=client T=send_to_server defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 End queue run: pid=pppp -qf
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 Peer did not present a cert
1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLSv1:AES256-SHA:256 CV=no S=sss
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
1999-03-02 09:44:33 Peer cert:
1999-03-02 09:44:33 ver 2
1999-03-02 09:44:33 SN <CN=server2.example.com>
1999-03-02 09:44:33 IN <CN=clica Signing Cert,O=example.com>
1999-03-02 09:44:33 IN/O <example.com>
-1999-03-02 09:44:33 NB/r <Nov 1 12:34:06 2012 GMT>
-1999-03-02 09:44:33 NB <Nov 1 12:34:06 2012 +0000>
-1999-03-02 09:44:33 NB/i <1351773246>
-1999-03-02 09:44:33 NA <Jan 1 12:34:06 2038 +0000>
+1999-03-02 09:44:33 NB/r <Nov 1 12:34:02 2012 GMT>
+1999-03-02 09:44:33 NB <Nov 1 12:34:02 2012 +0000>
+1999-03-02 09:44:33 NB/i <1351773242>
+1999-03-02 09:44:33 NA/i <2143283642>
+1999-03-02 09:44:33 NA <Dec 1 12:34:02 2037 +0000>
1999-03-02 09:44:33 SA <sha256WithRSAEncryption>
-1999-03-02 09:44:33 SG < 71:b2:af:7b:95:28:55:f3:39:e3:8d:32:43:e9:2f:68:28:ef:\n 03:76:3c:3a:6a:7a:d7:6e:47:4e:69:25:67:fb:7a:eb:bc:bb:\n 69:9c:3f:e8:b7:78:d0:a9:78:0c:7a:46:8d:01:de:cc:c6:fd:\n 13:be:8d:99:ba:12:ee:eb:df:e9:65:98:4c:e9:ff:2e:fe:71:\n 5e:11:fe:48:81:66:91:a7:f5:70:8a:9c:63:36:b7:ac:69:95:\n 06:5e:54:9b:53:ff:a9:d9:07:34:67:f5:f0:05:f7:16:eb:28:\n 89:8e:98:27:58:5f:61:c3:3f:72:f5:dc:2f:b7:67:48:87:18:\n c6:72\n>
+1999-03-02 09:44:33 SG < 3a:e2:4b:89:c0:a9:e8:f8:d2:bb:ea:7d:f8:57:7a:aa:26:42:\n b3:94:04:04:24:f7:0d:6d:33:de:82:90:75:76:ba:3a:a4:7d:\n e0:e5:6d:3a:3c:e6:74:3f:b4:ad:cf:d1:b9:bd:6a:06:44:ea:\n a9:a3:14:5e:34:d7:54:2e:ed:5a:b3:fb:ca:df:5a:b6:22:d8:\n b0:f0:38:68:48:a8:cd:34:6b:b2:e9:7f:96:cd:ec:48:fa:5d:\n 0e:2f:66:f0:c3:bf:f9:f4:65:10:80:b9:f4:fa:db:be:a4:26:\n c3:3d:25:3a:7f:b7:e9:ad:cd:d6:06:55:f1:98:3e:ea:b5:cf:\n 76:a1\n>
1999-03-02 09:44:33 SAN <DNS=server2.example.com>
1999-03-02 09:44:33 OCU <http://oscp.example.com/>
1999-03-02 09:44:33 CRU <http://crl.example.com/latest.crl>
-1999-03-02 09:44:33 md5 fingerprint 6EF976EBB1B8D9F761FC9B90C0A932F2
-1999-03-02 09:44:33 sha1 fingerprint 937464090D55415838493903E638821D15251017
-1999-03-02 09:44:33 sha256 fingerprint 5D5FAB3264B5DC5101A548BF1F80FED4AF1FEB8108E08EE4BE012CCC0BD39395
-1999-03-02 09:44:33 der_b64 MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDExMjM0MDZaFw0zODAxMDExMjM0MDZaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKyfVyM2/OEp07jUT275Z443TxznHO7R/gOy2YSg8boviB72gXWcnvPD7JJ19zT4dAX7ycYhJJHvnfurI9sxlbeC12v1Vci9auGtSdyTfiFE6sHj5WG85eRLPyp9Bh10oHF5f5/O8ql5oY6Mp64fgzkQww6adLTJhMXdYum4pYS7AgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQBxsq97lShV8znjjTJD6S9oKO8Ddjw6anrXbkdOaSVn+3rrvLtpnD/ot3jQqXgMekaNAd7Mxv0Tvo2ZuhLu69/pZZhM6f8u/nFeEf5IgWaRp/VwipxjNresaZUGXlSbU/+p2Qc0Z/XwBfcW6yiJjpgnWF9hwz9y9dwvt2dIhxjGcg==
+1999-03-02 09:44:33 md5 fingerprint 61F3EF662C9186FC1CA4F6FF1C22F0C9
+1999-03-02 09:44:33 sha1 fingerprint 3E38B35220A0E1803974EA8DD9D22CDAF653CCBF
+1999-03-02 09:44:33 sha256 fingerprint 33177BB2668D3D95E81B241F3C71AF36DF691818CB47B882B59F349D7416B025
+1999-03-02 09:44:33 der_b64 MIICiDCCAfGgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDExMjM0MDJaFw0zNzEyMDExMjM0MDJaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKpVDMWYm+sUgk2Suy9gbFS1QSurQJANa1I4+2yQhqK8r2KaNMODeTBPm8wjDaia3OUPUXx0dUwzF5oi6sr7ztThjz6vAvPyq7fCyIO5P19FdQ8Po1QefxoPWTvN7giWjh0n1FeoG/Ls+sROjchmTbVuxrbU9kGfSqmBIPF1R0qPAgMBAAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUuY29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb3NjcC5leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMi5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOBgQA64kuJwKno+NK76n34V3qqJkKzlAQEJPcNbTPegpB1dro6pH3g5W06POZ0P7Stz9G5vWoGROqpoxReNNdULu1as/vK31q2Itiw8DhoSKjNNGuy6X+WzexI+l0OL2bww7/59GUQgLn0+tu+pCbDPSU6f7fprc3WBlXxmD7qtc92oQ==
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server2.example.com" S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: certificate name mismatch: DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" H="127.0.0.1"
1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for users@test.ex
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN=server1.example.com
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=client_x T=send_to_server_failcert defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=client_x T=send_to_server_failcert defer (-37) H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaX-0005vi-00 ** userx@test.ex: retry timeout exceeded
1999-03-02 09:44:33 10HmaX-0005vi-00 userx@test.ex: error ignored
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN=server1.example.com
-1999-03-02 09:44:33 10HmaY-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client_y T=send_to_server_retry H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN=server1.example.com
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client_z T=send_to_server_crypt H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=no DN="/CN=server1.example.com" C="250 OK id=10HmbE-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbA-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN=server1.example.com
-1999-03-02 09:44:33 10HmbA-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmbA-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
+1999-03-02 09:44:33 10HmbA-0005vi-00 TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmbA-0005vi-00 => userq@test.ex R=client_q T=send_to_server_req_fail H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbF-0005vi-00"
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
1999-03-02 09:44:33 10HmbB-0005vi-00 no IP address found for host server1.example.net
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex for usery@test.ex
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for userz@test.ex
1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-0005vi-00@myhost.test.ex for userq@test.ex
1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmbB-0005vi-00@myhost.test.ex for userr@test.ex
1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmbC-0005vi-00@myhost.test.ex for users@test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for userx@test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for usery@test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for userz@test.ex
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 SMTP connection from [127.0.0.1]:1111 (TCP/IP connection count = 1)
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex for userx@test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for userz@test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1]:1111 P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for usery@test.ex
1999-03-02 09:44:33 SMTP connection from localhost (myhost.test.ex) [127.0.0.1]:1111 closed by QUIT
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx <userx@test.ex> R=server T=local_delivery
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbA-0005vi-00 => userx <userx@test.ex> R=server T=local_delivery
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 => userz <userz@test.ex> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbC-0005vi-00 => usery <usery@test.ex> R=server T=local_delivery
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 H=(rhu.barb) [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=
1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=certificate revoked cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 [127.0.0.1] SSL verify error: depth=0 error=CRL signature failure cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 H=[127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 SMTP connection from [127.0.0.1] (TCP/IP connection count = 1)
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [127.0.0.1] (SSL_accept): timed out
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 SMTP command timeout on connection from (rhu.barb) [127.0.0.1]
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): timed out
-1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@domain1 R=others T=smtp defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@domain1 R=others T=smtp defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): timed out
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_CTX_use_certificate_chain_file file=/non/exist): error:02001002:system library:fopen:No such file or directory
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES128-SHA:128 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES128-SHA:128 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
+1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=sss id=E10HmaX-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx <userx@test.ex> R=server T=local_delivery
1999-03-02 09:44:33 Peer did not present a cert
1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLSv1:AES256-SHA:256 CV=no S=sss
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 Our cert SN: <CN=server2.example.com>
1999-03-02 09:44:33 SN <CN=server1.example.com>
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: depth=0 error=unable to get local issuer certificate cert=/CN=server1.example.com
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=the.local.host.name [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to the.local.host.name [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
+1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaX-0005vi-00 => userq@test.ex R=client_q T=send_to_server_req_fail H=the.local.host.name [ip4.ip4.ip4.ip4] C="250 OK id=10HmbB-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 [ip4.ip4.ip4.ip4] SSL verify error: certificate name mismatch: DN="/CN=server1.example.com" H="the.local.host.name"
-1999-03-02 09:44:33 10HmaY-0005vi-00 H=the.local.host.name [ip4.ip4.ip4.ip4] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session failure: delivering unencrypted to the.local.host.name [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
+1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaY-0005vi-00 => userr@test.ex R=client_r T=send_to_server_req_failname H=the.local.host.name [ip4.ip4.ip4.ip4] C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 => users@test.ex R=client_s T=send_to_server_req_passname H=server1.example.com [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbD-0005vi-00"
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaZ-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmbA-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): timed out
-1999-03-02 09:44:33 TLS session failure: callout unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
+1999-03-02 09:44:33 TLS session: (SSL_connect): timed out: callout unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
1999-03-02 09:44:33 10HmaX-0005vi-00 <= s1@test.ex U=CALLER P=local-esmtp S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT <defer_strict@test.again.dns>: failed to expand ACL string "${lookup dnsdb{defer_strict,a=$domain}}": lookup of "defer_strict,a=test.again.dns" gave DEFER:
--- /dev/null
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <userx@test.ex> R=r
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 [127.0.0.1]:1111 malware_name EICAR_Test_File
+1999-03-02 09:44:33 10HmaZ-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> rejected after DATA
+1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
+1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> temporarily rejected after DATA
+1999-03-02 09:44:33 10HmaY-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <userx@test.ex> R=r
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
--- /dev/null
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 proxy session: no
+1999-03-02 09:44:33 local [127.0.0.1]:1111
+1999-03-02 09:44:33 proxy internal []:0
+1999-03-02 09:44:33 proxy external []:0
+1999-03-02 09:44:33 remote [127.0.0.1]:1112
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= a@test.ex H=(clientname) [127.0.0.1]:1112 P=smtp S=sss
+1999-03-02 09:44:33 no host name found for IP address 127.0.0.2
+1999-03-02 09:44:33 proxy session: yes
+1999-03-02 09:44:33 local [ip4.ip4.ip4.ip4]:1111
+1999-03-02 09:44:33 proxy internal [ip4.ip4.ip4.ip4]:1113
+1999-03-02 09:44:33 proxy external [127.42.42.42]:1114
+1999-03-02 09:44:33 remote [127.0.0.2]:1115
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= c@test.ex H=(clientname) [127.0.0.2]:1115 P=smtp PRX=ip4.ip4.ip4.ip4 S=sss
+1999-03-02 09:44:33 no host name found for IP address 192.168.0.15
+1999-03-02 09:44:33 proxy session: yes
+1999-03-02 09:44:33 local [ip4.ip4.ip4.ip4]:1111
+1999-03-02 09:44:33 proxy internal [ip4.ip4.ip4.ip4]:1116
+1999-03-02 09:44:33 proxy external [192.168.0.5]:1117
+1999-03-02 09:44:33 remote [192.168.0.15]:1118
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= e@test.ex H=(clientname) [192.168.0.15]:1118 P=smtp PRX=ip4.ip4.ip4.ip4 S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= 세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com U=CALLER P=utf8local-esmtp S=sss for userR@test.ex
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userr@test.ex <userR@test.ex> F=<세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
-1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= userW@test.ex U=CALLER P=utf8local-esmtp S=sss for user.ഇരട്ടിമധുരം@test.ex
1999-03-02 09:44:33 10HmaZ-0005vi-00 => user.ഇരട്ടിമധുരം@test.ex F=<userW@test.ex> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userA@test.ex> rejected RCPT <user.यष्टिमधु@test.ex>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userB.જેઠીમધ@test.ex> rejected RCPT <user.ქართული@test.ex>: Sender verify failed
******** SERVER ********
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= 세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com U=CALLER P=utf8local-esmtp S=sss for userR@test.ex
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userr@test.ex <userR@test.ex> F=<세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
-1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= userW@test.ex U=CALLER P=utf8local-esmtp S=sss for user.ഇരട്ടിമധുരം@test.ex
1999-03-02 09:44:33 10HmaZ-0005vi-00 => user.ഇരട്ടിമധുരം@test.ex F=<userW@test.ex> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userA@test.ex> rejected RCPT <user.यष्टिमधु@test.ex>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userB.જેઠીમધ@test.ex> rejected RCPT <user.ქართული@test.ex>: Sender verify failed
******** SERVER ********
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= 세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com U=CALLER P=utf8local-esmtp S=sss for userR@test.ex
1999-03-02 09:44:33 10HmaZ-0005vi-00 => userr@test.ex <userR@test.ex> F=<세계의모든사람들이한국어를이해한다면얼마나좋을까@russian.почемужеонинеговорятпорусски.com> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
-1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= userW@test.ex U=CALLER P=utf8local-esmtp S=sss for user.ഇരട്ടിമധുരം@test.ex
1999-03-02 09:44:33 10HmaZ-0005vi-00 => user.ഇരട്ടിമധുരം@test.ex F=<userW@test.ex> R=rmt T=rmt_smtp H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userA@test.ex> rejected RCPT <user.यष्टिमधु@test.ex>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userB.જેઠીમધ@test.ex> rejected RCPT <user.ქართული@test.ex>: Sender verify failed
******** SERVER ********
+++ /dev/null
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbB-0005vi-00 => c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbC-0005vi-00"
-1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
-
-******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
-1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 h=From
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <a@test.ex> R=server_dump
-1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
-1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From:From
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <b@test.ex> R=server_dump
-1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
-1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
-1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbB-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <c@test.ex> R=server_dump
-1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
--- /dev/null
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid]
+1999-03-02 09:44:33 10HmaX-0005vi-00 signer: test.ex bits: 0
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [invalid - signature tag missing or invalid]
+1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net
+1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification failed - body hash mismatch (body probably modified in transit)]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 signer: test.ex bits: 1024
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: validation error: RSA_LONG_LINE
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: Error during validation, disabling signature verification: RSA_LONG_LINE
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net
+++ /dev/null
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@testhost.test.ex U=sender P=local S=sss for a@test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] K C="250- 661 byte chunk, total 661\\n250 OK id=10HmaY-0005vi-00"
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@testhost.test.ex U=sender P=local S=sss for b@test.ex
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] K C="250- 8520 byte chunk, total 8848\\n250 OK id=10HmbA-0005vi-00"
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-
-******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1224
-1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss id=E10HmaX-0005vi-00@testhost.test.ex for a@test.ex
-1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss id=E10HmaZ-0005vi-00@testhost.test.ex for b@test.ex
+++ /dev/null
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after DATA: 550 PRDR R=<baduser@test.ex> refusal
-1999-03-02 09:44:33 10HmaX-0005vi-00 => okuser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] PRDR C="250 PRDR R=<okuser@test.ex> acceptance"
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@myhost.test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaZ-0005vi-00"
-1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-
-******** SERVER ********
-1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
-1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From
-1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<baduser@test.ex> refusal
-1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<okuser@test.ex> acceptance
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp PRDR S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <okuser@test.ex> R=server_dump
-1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER <CALLER@myhost.test.ex> R=server_store T=store
-1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbB-0005vi-00 => c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbD-0005vi-00 => d@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbE-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <a@test.ex> R=server_dump
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From:From
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaZ-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <b@test.ex> R=server_dump
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbC-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmbC-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbB-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 => :blackhole: <c@test.ex> R=server_dump
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbE-0005vi-00 DKIM: d=test.ex s=sel_bad c=relaxed/relaxed a=rsa-sha256 b=1024 [invalid - syntax error in public key record]
+1999-03-02 09:44:33 10HmbE-0005vi-00 signer: test.ex bits: 1024 h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbD-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <d@test.ex> R=server_dump
+1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= sender@testhost.test.ex U=sender P=local S=sss for a@test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] K C="250- 661 byte chunk, total 661\\n250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= sender@testhost.test.ex U=sender P=local S=sss for b@test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=to_server T=remote_smtp_dkim H=127.0.0.1 [127.0.0.1] K C="250- 8520 byte chunk, total 8848\\n250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1224
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss id=E10HmaX-0005vi-00@testhost.test.ex for a@test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=localhost (testhost.test.ex) [127.0.0.1] P=esmtp K S=sss id=E10HmaZ-0005vi-00@testhost.test.ex for b@test.ex
--- /dev/null
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1224
+1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=esmtp K S=sss id=qwerty1234@disco-zombie.net for a@test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=esmtp K S=sss id=qwerty1234@disco-zombie.net for a@test.ex
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after DATA: 550 PRDR R=<baduser@test.ex> refusal
+1999-03-02 09:44:33 10HmaX-0005vi-00 => okuser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] PRDR C="250 PRDR R=<okuser@test.ex> acceptance"
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@myhost.test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmbA-0005vi-00 signer: test.ex bits: 1024 h=From
+1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<baduser@test.ex> refusal
+1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<okuser@test.ex> acceptance
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp PRDR S=sss id=E10HmaX-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <okuser@test.ex> R=server_dump
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER <CALLER@myhost.test.ex> R=server_store T=store
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <no@domain.com>: response to "RCPT TO:<no@domain.com>" from 127.0.0.1 [127.0.0.1] was: 550 No mate
-1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <no@domain.com>: response to "RCPT TO:<no@domain.com>" from 127.0.0.1 [127.0.0.1] was: 550 Not that one
+1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <no@domain.com>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<no@domain.com>: 550 No mate
+1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <no@domain.com>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<no@domain.com>: 550 Not that one
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmbD-0005vi-00 >> userh@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss for userh@domain.com
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
-1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> temporarily rejected RCPT <useri@domain.com>: response to "RCPT TO:<useri@domain.com>" from 127.0.0.1 [127.0.0.1] was: 450 not right now
+1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> temporarily rejected RCPT <useri@domain.com>: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<useri@domain.com>: 450 not right now
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbD-0005vi-00 Received TLS status callback, null content
-1999-03-02 09:44:33 10HmbD-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbE-0005vi-00 Server certificate revoked; reason: superseded
-1999-03-02 09:44:33 10HmbE-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbF-0005vi-00 Server OSCP dates invalid
-1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <<detail omitted>>
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbD-0005vi-00 Received TLS status callback, null content
-1999-03-02 09:44:33 10HmbD-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbE-0005vi-00 Server certificate revoked; reason: superseded
-1999-03-02 09:44:33 10HmbE-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbF-0005vi-00 Server OSCP dates invalid
-1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <<detail omitted>>
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 10HmbB-0005vi-00 => CALLER@test.ex R=client T=send_to_server3 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbD-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed)
-1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed)
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbE-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate revoked
-1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbE-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate revoked
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed)
-1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbF-0005vi-00 == CALLER@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed)
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth=0 <CN=server1.example.com>
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate invalid
1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad
1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented
1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert:
1999-03-02 09:44:33 10HmaX-0005vi-00 SN; <CN=server1.example.com>
1999-03-02 09:44:33 10HmaX-0005vi-00 SNCN<server1.example.com>
1999-03-02 09:44:33 10HmaX-0005vi-00 IN <O=example.com,CN=clica Signing Cert>
-1999-03-02 09:44:33 10HmaX-0005vi-00 NB <Nov 1 12:34:04 2012 GMT>
-1999-03-02 09:44:33 10HmaX-0005vi-00 NA <Jan 1 12:34:04 2038 GMT>
+1999-03-02 09:44:33 10HmaX-0005vi-00 NB <Nov 1 12:34:01 2012 GMT>
+1999-03-02 09:44:33 10HmaX-0005vi-00 NA <Dec 1 12:34:01 2037 GMT>
1999-03-02 09:44:33 10HmaX-0005vi-00 SA <RSA-SHA256>
-1999-03-02 09:44:33 10HmaX-0005vi-00 SG <21 91 c3 1f 28 45 dd 2c ac d6 38 44 e7 b0 bb de 5a dc 45 1c 46 f1 76 a8 0d bf aa 4f f4 03 5e 1e fb b7 10 16 4d 4e 51 f1 8f b9 e4 38 10 69 02 c1 6b 27 2d 7c 15 f0 b7 0b 4c 51 ab 21 43 36 3e 4e 3a 68 7d 61 15 37 c3 2a b8 3e 34 85 4e 1c 54 55 95 7a 0b 80 70 38 77 d0 bd 4e c4 ca ab af 14 ea a3 24 43 13 eb 27 97 82 11 a2 15 29 3c 15 f2 f8 e9 8d d7 ad 20 b5 77 d7 01 8f 84 95 c1 e8 25 db>
-1999-03-02 09:44:33 10HmaX-0005vi-00 SAN <DNS=alternatename.server1.example.com\nDNS=alternatename2.server1.example.com\nDNS=server1.example.com\nDNS=*.test.ex>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SG <67 ef 2d 43 8e 43 50 f5 3f 41 ee 42 cf f4 b4 31 3d d8 88 b5 f7 24 1f 26 83 32 6a 6c ff 8a 36 b7 be cb 28 48 68 9c a9 3c 6e 2f 2d a5 f4 fc d2 09 9b 1d 04 00 26 7d a5 f9 39 13 06 dd 9d 69 78 f8 7b f5 3c 82 9d 8f b9 4f 1a b6 f0 0b 7f 20 82 6e 80 4e 38 09 d1 43 23 22 dd 37 5d 80 6d 5a aa 23 33 e4 79 c9 0d 8d cc b8 ed 5f 6b 01 56 2c 49 89 9b ca 5e d5 b3 b0 93 7e d5 5e f0 98 7d 5f 07 4b>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SAN <DNS=alternatename2.server1.example.com\nDNS=alternatename.server1.example.com\nDNS=*.test.ex\nDNS=server1.example.com>
1999-03-02 09:44:33 10HmaX-0005vi-00 CRU <http://crl.example.com/latest.crl>
-1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
+1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (certificate verification failed): certificate invalid: delivering unencrypted to H=127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad
1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented
1999-03-02 09:44:33 10HmaY-0005vi-00 SN; <CN=server1.example.com>
1999-03-02 09:44:33 10HmaY-0005vi-00 SNCN<server1.example.com>
1999-03-02 09:44:33 10HmaY-0005vi-00 IN <O=example.com,CN=clica Signing Cert>
-1999-03-02 09:44:33 10HmaY-0005vi-00 NB <Nov 1 12:34:04 2012 GMT>
-1999-03-02 09:44:33 10HmaY-0005vi-00 NA <Jan 1 12:34:04 2038 GMT>
+1999-03-02 09:44:33 10HmaY-0005vi-00 NB <Nov 1 12:34:01 2012 GMT>
+1999-03-02 09:44:33 10HmaY-0005vi-00 NA <Dec 1 12:34:01 2037 GMT>
1999-03-02 09:44:33 10HmaY-0005vi-00 SA <RSA-SHA256>
-1999-03-02 09:44:33 10HmaY-0005vi-00 SG <21 91 c3 1f 28 45 dd 2c ac d6 38 44 e7 b0 bb de 5a dc 45 1c 46 f1 76 a8 0d bf aa 4f f4 03 5e 1e fb b7 10 16 4d 4e 51 f1 8f b9 e4 38 10 69 02 c1 6b 27 2d 7c 15 f0 b7 0b 4c 51 ab 21 43 36 3e 4e 3a 68 7d 61 15 37 c3 2a b8 3e 34 85 4e 1c 54 55 95 7a 0b 80 70 38 77 d0 bd 4e c4 ca ab af 14 ea a3 24 43 13 eb 27 97 82 11 a2 15 29 3c 15 f2 f8 e9 8d d7 ad 20 b5 77 d7 01 8f 84 95 c1 e8 25 db>
-1999-03-02 09:44:33 10HmaY-0005vi-00 SAN <DNS=alternatename.server1.example.com\nDNS=alternatename2.server1.example.com\nDNS=server1.example.com\nDNS=*.test.ex>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SG <67 ef 2d 43 8e 43 50 f5 3f 41 ee 42 cf f4 b4 31 3d d8 88 b5 f7 24 1f 26 83 32 6a 6c ff 8a 36 b7 be cb 28 48 68 9c a9 3c 6e 2f 2d a5 f4 fc d2 09 9b 1d 04 00 26 7d a5 f9 39 13 06 dd 9d 69 78 f8 7b f5 3c 82 9d 8f b9 4f 1a b6 f0 0b 7f 20 82 6e 80 4e 38 09 d1 43 23 22 dd 37 5d 80 6d 5a aa 23 33 e4 79 c9 0d 8d cc b8 ed 5f 6b 01 56 2c 49 89 9b ca 5e d5 b3 b0 93 7e d5 5e f0 98 7d 5f 07 4b>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SAN <DNS=alternatename2.server1.example.com\nDNS=alternatename.server1.example.com\nDNS=*.test.ex\nDNS=server1.example.com>
1999-03-02 09:44:33 10HmaY-0005vi-00 CRU <http://crl.example.com/latest.crl>
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=2 error=self signed certificate in certificate chain cert=/O=example.com/CN=clica CA
-1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad
1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented
1999-03-02 09:44:33 10HmaX-0005vi-00 Peer cert:
1999-03-02 09:44:33 10HmaX-0005vi-00 SN; <CN=clica CA;O=example.com>
1999-03-02 09:44:33 10HmaX-0005vi-00 SNO <example.com>
1999-03-02 09:44:33 10HmaX-0005vi-00 IN <CN=clica CA,O=example.com>
-1999-03-02 09:44:33 10HmaX-0005vi-00 NB <Nov 1 12:34:02 2012 +0000>
-1999-03-02 09:44:33 10HmaX-0005vi-00 NA <Jan 1 12:34:02 2038 +0000>
+1999-03-02 09:44:33 10HmaX-0005vi-00 NB <Nov 1 12:34:01 2012 +0000>
+1999-03-02 09:44:33 10HmaX-0005vi-00 NA <Jan 1 12:34:01 2038 +0000>
1999-03-02 09:44:33 10HmaX-0005vi-00 SA <sha256WithRSAEncryption>
-1999-03-02 09:44:33 10HmaX-0005vi-00 SG < 39:c1:60:c7:5b:b4:1a:52:48:74:d3:bc:24:d1:5c:f9:70:cb:\n 99:cf:4f:18:9c:b3:f1:cb:bf:90:f1:20:6d:c1:2a:bf:7b:bd:\n 88:0e:34:af:b0:1c:de:39:c1:ef:2a:c6:7a:12:a4:3d:15:a2:\n e7:09:c5:e7:f4:ac:de:2e:5f:fc:86:e9:5a:18:8c:54:4b:ff:\n 25:bc:f2:75:f3:17:2e:f9:da:72:bc:dd:8a:c6:19:d5:14:5a:\n 17:98:e0:ea:c0:10:63:26:7b:25:1e:f4:0c:3b:18:67:33:26:\n 2e:6e:31:35:e1:3c:07:6b:d4:59:fa:26:3f:9e:67:2d:54:bf:\n fc:ae\n>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SG < 1a:d3:99:1f:3e:82:d1:02:2d:4e:f3:b1:ba:ec:44:a2:1e:13:\n d6:12:5f:1b:2a:ce:fd:c3:3e:95:23:f5:53:7b:97:4e:44:45:\n ed:dd:6f:bf:d3:35:e3:c1:2c:7d:0a:c2:98:d6:96:3b:8f:0d:\n 48:4a:58:2e:63:42:f9:1f:80:11:2b:d0:22:80:2d:01:96:53:\n 4b:10:24:33:61:47:74:83:b0:f5:06:53:40:45:51:04:fb:83:\n 50:7d:e0:39:a9:ef:68:af:1c:b8:cc:ae:dc:67:2e:b3:93:df:\n 65:21:89:a1:06:dd:7e:75:02:9a:2a:45:1c:97:71:22:59:05:\n c6:0d\n>
1999-03-02 09:44:33 10HmaX-0005vi-00 (no SAN)
1999-03-02 09:44:33 10HmaX-0005vi-00 (no OCU)
1999-03-02 09:44:33 10HmaX-0005vi-00 (no CRU)
-1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
+1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad
1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented
1999-03-02 09:44:33 10HmaY-0005vi-00 SN; <CN=server1.example.com>
1999-03-02 09:44:33 10HmaY-0005vi-00 SNO <>
1999-03-02 09:44:33 10HmaY-0005vi-00 IN <CN=clica Signing Cert,O=example.com>
-1999-03-02 09:44:33 10HmaY-0005vi-00 NB <Nov 1 12:34:04 2012 +0000>
-1999-03-02 09:44:33 10HmaY-0005vi-00 NA <Jan 1 12:34:04 2038 +0000>
+1999-03-02 09:44:33 10HmaY-0005vi-00 NB <Nov 1 12:34:01 2012 +0000>
+1999-03-02 09:44:33 10HmaY-0005vi-00 NA <Dec 1 12:34:01 2037 +0000>
1999-03-02 09:44:33 10HmaY-0005vi-00 SA <sha256WithRSAEncryption>
-1999-03-02 09:44:33 10HmaY-0005vi-00 SG < 21:91:c3:1f:28:45:dd:2c:ac:d6:38:44:e7:b0:bb:de:5a:dc:\n 45:1c:46:f1:76:a8:0d:bf:aa:4f:f4:03:5e:1e:fb:b7:10:16:\n 4d:4e:51:f1:8f:b9:e4:38:10:69:02:c1:6b:27:2d:7c:15:f0:\n b7:0b:4c:51:ab:21:43:36:3e:4e:3a:68:7d:61:15:37:c3:2a:\n b8:3e:34:85:4e:1c:54:55:95:7a:0b:80:70:38:77:d0:bd:4e:\n c4:ca:ab:af:14:ea:a3:24:43:13:eb:27:97:82:11:a2:15:29:\n 3c:15:f2:f8:e9:8d:d7:ad:20:b5:77:d7:01:8f:84:95:c1:e8:\n 25:db\n>
-1999-03-02 09:44:33 10HmaY-0005vi-00 SAN <DNS=*.test.ex;DNS=server1.example.com;DNS=alternatename2.server1.example.com;DNS=alternatename.server1.example.com>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SG < 67:ef:2d:43:8e:43:50:f5:3f:41:ee:42:cf:f4:b4:31:3d:d8:\n 88:b5:f7:24:1f:26:83:32:6a:6c:ff:8a:36:b7:be:cb:28:48:\n 68:9c:a9:3c:6e:2f:2d:a5:f4:fc:d2:09:9b:1d:04:00:26:7d:\n a5:f9:39:13:06:dd:9d:69:78:f8:7b:f5:3c:82:9d:8f:b9:4f:\n 1a:b6:f0:0b:7f:20:82:6e:80:4e:38:09:d1:43:23:22:dd:37:\n 5d:80:6d:5a:aa:23:33:e4:79:c9:0d:8d:cc:b8:ed:5f:6b:01:\n 56:2c:49:89:9b:ca:5e:d5:b3:b0:93:7e:d5:5e:f0:98:7d:5f:\n 07:4b\n>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SAN <DNS=server1.example.com;DNS=*.test.ex;DNS=alternatename.server1.example.com;DNS=alternatename2.server1.example.com>
1999-03-02 09:44:33 10HmaY-0005vi-00 OCU <http://oscp.example.com/>
1999-03-02 09:44:33 10HmaY-0005vi-00 CRU <http://crl.example.com/latest.crl>
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from localhost (myhost.test.ex) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 [127.0.0.1] depth=2 CN=clica CA,O=example.com
1999-03-02 09:44:33 [127.0.0.1] depth=1 CN=clica Signing Cert,O=example.com
1999-03-02 09:44:33 10HmbD-0005vi-00 client ocsp status: 4 (verified)
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed)
1999-03-02 09:44:33 10HmbF-0005vi-00 client ocsp status: 3 (failed)
-1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed)
1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbG-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate verification failed): certificate revoked
1999-03-02 09:44:33 10HmbG-0005vi-00 client ocsp status: 1 (notresp)
-1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate verification failed): certificate revoked
1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbH-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (certificate status check failed)
1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 3 (failed)
-1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (certificate status check failed)
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbF-0005vi-00 Received TLS status callback, null content
-1999-03-02 09:44:33 10HmbF-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmbF-0005vi-00 client ocsp status: 1 (notresp)
-1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbF-0005vi-00 == failrequire@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbG-0005vi-00 Server certificate revoked; reason: superseded
-1999-03-02 09:44:33 10HmbG-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmbG-0005vi-00 client ocsp status: 3 (failed)
-1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbG-0005vi-00 == failrevoked@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbH-0005vi-00 Server OSCP dates invalid
-1999-03-02 09:44:33 10HmbH-0005vi-00 H=127.0.0.1 [127.0.0.1] TLS error on connection (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmbH-0005vi-00 client ocsp status: 3 (failed)
-1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: failure while setting up TLS session
+1999-03-02 09:44:33 10HmbH-0005vi-00 == failexpired@test.ex R=client T=send_to_server3 defer (-37) H=127.0.0.1 [127.0.0.1]: TLS session: (SSL_connect): error: <<detail omitted>>
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
-1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
userx@domain1
host localhost4.test.ex [127.0.0.1]
SMTP error from remote mail server after initial connection:
- 550 Go away
+ 550 Go away (A)
--NNNNNNNNNN-eximdsn-MMMMMMMMMM
Content-type: message/delivery-status
Final-Recipient: rfc822;userx@domain1
Status: 5.0.0
Remote-MTA: dns; localhost4.test.ex
-Diagnostic-Code: smtp; 550 Go away
+Diagnostic-Code: smtp; 550 Go away (A)
--NNNNNNNNNN-eximdsn-MMMMMMMMMM
Content-type: message/rfc822
usery@domain2
host localhost4.test.ex [127.0.0.1]
SMTP error from remote mail server after HELO the.local.host.name:
- 550 Go away
+ 550 Go away (C)
userx@domain1
host localhost4.test.ex [127.0.0.1]
SMTP error from remote mail server after HELO the.local.host.name:
- 550 Go away
+ 550 Go away (C)
--NNNNNNNNNN-eximdsn-MMMMMMMMMM
Content-type: message/delivery-status
Final-Recipient: rfc822;userx@domain1
Status: 5.0.0
Remote-MTA: dns; localhost4.test.ex
-Diagnostic-Code: smtp; 550 Go away
+Diagnostic-Code: smtp; 550 Go away (C)
Action: failed
Final-Recipient: rfc822;usery@domain2
Status: 5.0.0
Remote-MTA: dns; localhost4.test.ex
-Diagnostic-Code: smtp; 550 Go away
+Diagnostic-Code: smtp; 550 Go away (C)
--NNNNNNNNNN-eximdsn-MMMMMMMMMM
Content-type: message/rfc822
From: CALLER_NAME <CALLER@myhost.test.ex>
Date: Tue, 2 Mar 1999 09:44:33 +0000
-This is a test message.
+1:This is a test message.
--NNNNNNNNNN-eximdsn-MMMMMMMMMM--
From: CALLER_NAME <CALLER@myhost.test.ex>
Date: Tue, 2 Mar 1999 09:44:33 +0000
-This is a test message.
+2: This is a test message.
--NNNNNNNNNN-eximdsn-MMMMMMMMMM--
From: CALLER_NAME <CALLER@myhost.test.ex>
Date: Tue, 2 Mar 1999 09:44:33 +0000
-This is a test message.
+3: This is a test message.
--NNNNNNNNNN-eximdsn-MMMMMMMMMM--
by myhost.test.ex with esmtps (TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256)
(Exim x.yz)
(envelope-from <CALLER@myhost.test.ex>)
- id 10HmaZ-0005vi-00
+ id 10HmbA-0005vi-00
for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
Received: from CALLER by myhost.test.ex with local (Exim x.yz)
(envelope-from <CALLER@myhost.test.ex>)
by myhost.test.ex with esmtps (TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256)
(Exim x.yz)
(envelope-from <CALLER@myhost.test.ex>)
- id 10HmbA-0005vi-00
+ id 10HmbC-0005vi-00
for usery@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
Received: from CALLER by myhost.test.ex with local (Exim x.yz)
(envelope-from <CALLER@myhost.test.ex>)
--- /dev/null
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex)
+ by myhost.test.ex with esmtps (TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256)
+ (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmbB-0005vi-00
+ for userz@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaZ-0005vi-00
+ for userz@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaZ-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+TLS: cipher=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 peerdn=
+
+Test message 3
+
by myhost.test.ex with esmtps (TLSv1:AES256-SHA:256)
(Exim x.yz)
(envelope-from <CALLER@myhost.test.ex>)
- id 10HmaZ-0005vi-00
+ id 10HmbA-0005vi-00
for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
Received: from CALLER by myhost.test.ex with local (Exim x.yz)
(envelope-from <CALLER@myhost.test.ex>)
Test message 1
-From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
-Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex)
- by myhost.test.ex with esmtps (TLSv1:AES256-SHA:256)
- (Exim x.yz)
- (envelope-from <CALLER@myhost.test.ex>)
- id 10HmbA-0005vi-00
- for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
-Received: from CALLER by myhost.test.ex with local (Exim x.yz)
- (envelope-from <CALLER@myhost.test.ex>)
- id 10HmaY-0005vi-00
- for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
-Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
-From: CALLER_NAME <CALLER@myhost.test.ex>
-Date: Tue, 2 Mar 1999 09:44:33 +0000
-TLS: cipher=TLSv1:AES256-SHA:256 peerdn=
-
-Test message 2
-
--- /dev/null
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex)
+ by myhost.test.ex with esmtps (TLSv1:AES256-SHA:256)
+ (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmbC-0005vi-00
+ for usery@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaY-0005vi-00
+ for usery@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+TLS: cipher=TLSv1:AES256-SHA:256 peerdn=
+
+Test message 2
+
--- /dev/null
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex)
+ by myhost.test.ex with esmtps (TLSv1:AES256-SHA:256)
+ (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmbB-0005vi-00
+ for userz@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaZ-0005vi-00
+ for userz@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaZ-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+TLS: cipher=TLSv1:AES256-SHA:256 peerdn=
+
+Test message 3
+
+++ /dev/null
-From MAILER-DAEMON Tue Mar 02 09:44:33 1999
-Return-path: <>
-Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex)
- by myhost.test.ex with esmtp (Exim x.yz)
- id 10HmaZ-0005vi-00
- for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000
-Received: from EXIMUSER by myhost.test.ex with local (Exim x.yz)
- id 10HmaY-0005vi-00
- for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000
-X-Failed-Recipients: baduser@test.ex
-Auto-Submitted: auto-replied
-From: Mail Delivery System <Mailer-Daemon@myhost.test.ex>
-To: CALLER@myhost.test.ex
-Content-Type: multipart/report; report-type=delivery-status; boundary=NNNNNNNNNN-eximdsn-MMMMMMMMMM
-MIME-Version: 1.0
-Subject: Mail delivery failed: returning message to sender
-Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
-Date: Tue, 2 Mar 1999 09:44:33 +0000
-
---NNNNNNNNNN-eximdsn-MMMMMMMMMM
-Content-type: text/plain; charset=us-ascii
-
-This message was created automatically by mail delivery software.
-
-A message that you sent could not be delivered to one or more of its
-recipients. This is a permanent error. The following address(es) failed:
-
- baduser@test.ex
- host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]
- PRDR error after DATA: 550 PRDR R=<baduser@test.ex> refusal
-
---NNNNNNNNNN-eximdsn-MMMMMMMMMM
-Content-type: message/delivery-status
-
-Reporting-MTA: dns; myhost.test.ex
-
-Action: failed
-Final-Recipient: rfc822;baduser@test.ex
-Status: 5.0.0
-Diagnostic-Code: smtp; 550 PRDR R=<baduser@test.ex> refusal
-
---NNNNNNNNNN-eximdsn-MMMMMMMMMM
-Content-type: message/rfc822
-
-Return-path: <CALLER@myhost.test.ex>
-Received: from CALLER by myhost.test.ex with local (Exim x.yz)
- (envelope-from <CALLER@myhost.test.ex>)
- id 10HmaX-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
-From: nobody@example.com
-From: second@example.com
-Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
-Sender: CALLER_NAME <CALLER@myhost.test.ex>
-Date: Tue, 2 Mar 1999 09:44:33 +0000
-
-content
-
---NNNNNNNNNN-eximdsn-MMMMMMMMMM--
-
--- /dev/null
+From MAILER-DAEMON Tue Mar 02 09:44:33 1999
+Return-path: <>
+Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex)
+ by myhost.test.ex with esmtp (Exim x.yz)
+ id 10HmaZ-0005vi-00
+ for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Received: from EXIMUSER by myhost.test.ex with local (Exim x.yz)
+ id 10HmaY-0005vi-00
+ for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+X-Failed-Recipients: baduser@test.ex
+Auto-Submitted: auto-replied
+From: Mail Delivery System <Mailer-Daemon@myhost.test.ex>
+To: CALLER@myhost.test.ex
+Content-Type: multipart/report; report-type=delivery-status; boundary=NNNNNNNNNN-eximdsn-MMMMMMMMMM
+MIME-Version: 1.0
+Subject: Mail delivery failed: returning message to sender
+Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+--NNNNNNNNNN-eximdsn-MMMMMMMMMM
+Content-type: text/plain; charset=us-ascii
+
+This message was created automatically by mail delivery software.
+
+A message that you sent could not be delivered to one or more of its
+recipients. This is a permanent error. The following address(es) failed:
+
+ baduser@test.ex
+ host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]
+ PRDR error after DATA: 550 PRDR R=<baduser@test.ex> refusal
+
+--NNNNNNNNNN-eximdsn-MMMMMMMMMM
+Content-type: message/delivery-status
+
+Reporting-MTA: dns; myhost.test.ex
+
+Action: failed
+Final-Recipient: rfc822;baduser@test.ex
+Status: 5.0.0
+Remote-MTA: dns; ip4.ip4.ip4.ip4
+Diagnostic-Code: smtp; 550 PRDR R=<baduser@test.ex> refusal
+
+--NNNNNNNNNN-eximdsn-MMMMMMMMMM
+Content-type: message/rfc822
+
+Return-path: <CALLER@myhost.test.ex>
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaX-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
+From: nobody@example.com
+From: second@example.com
+Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+Sender: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+content
+
+--NNNNNNNNNN-eximdsn-MMMMMMMMMM--
+
-1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT teplevel ACL may not fail ('deny' verb used incorrectly)
+1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT toplevel ACL may not fail ('deny' verb used incorrectly)
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
+1999-03-02 09:44:33 10HmaY-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
while(<IN>)
{
s/>>>running<<</<<<testing>>>/;
- s/(\d+\.\d+(?:[_.]\d+)?([_-]RC\d+|[_-]dev)?(?:[0-9a-fA-F-]*)(?:-XX)?\0<<eximversion>>)/"x.yz\0" . ("*" x (length($1) - 5))/e;
+ s{
+ (\d+\.\d+ # major.minor
+ (?:[_.]\d+)? # optional patchlevel
+ (?:[_-]RC\d+|[_-]?dev(?:start)?)? # optional RC or dev(start)
+ (?:(?:[_-]\d+)? # git tag distance
+ [-_][[:xdigit:]]+)? # git id
+ (?:[-_]XX)?\0 # git dirty bit
+ <<eximversion>> # marker
+ )
+ }
+ {"x.yz\0" . ("*" x (length($1) - 5))}xe;
print OUT;
}
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: response to "RCPT TO:<bad@localhost>" from 127.0.0.1 [127.0.0.1] was: 550 Unknown user
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<bad@localhost>: 550 Unknown user
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <uncheckable@localhost1>: response to "RCPT TO:<uncheckable@localhost1>" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <uncheckable@localhost1>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<uncheckable@localhost1>: 450 Temporary error
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<uncheckable@localhost1> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable2@localhost1>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 Error for <>
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable2@localhost1>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 Error for <>
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<uncheckable2@localhost1> rejected RCPT <z@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable@localhost1>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550-Multiline error for <>\n550 Here's the second line
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable@localhost1>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550-Multiline error for <>\n550 Here's the second line
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<uncheckable@localhost1> rejected RCPT <z@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<z@remote.domain>: 550 Recipient not liked
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<z@remote.domain>: 550-Recipient not liked on two lines\n550 Here's the second
1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> temporarily rejected RCPT <z@remote.domain>: Could not complete recipient verify callout
1999-03-02 09:44:33 10HmaX-0005vi-00 H=[V4NET.0.0.4] U=root F=<uncheckable@localhost1> rejected after DATA: there is no valid sender in any header line
Envelope-from: <uncheckable@localhost1>
for z@remote.domain; Tue, 2 Mar 1999 09:44:33 +0000
F From: abcd@x.y.z
1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: relay not permitted
-1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for <ok@localhost1>: response to "RCPT TO:<postmaster@localhost1>" from 127.0.0.1 [127.0.0.1] was: 550 Don't like postmaster
+1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for <ok@localhost1>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@localhost1>: 550 Don't like postmaster
1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: response to "RCPT TO:<z@remote.lmtp>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: response to "initial connection" from 127.0.0.1 [127.0.0.1] was: connection dropped
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<z@remote.lmtp>: 550 Recipient not liked
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : Remote host closed connection in response to initial connection
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost1> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost1> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
F From: bad@domain
I Message-Id: <E10HmaY-0005vi-00@the.local.host.name>
Date: Tue, 2 Mar 1999 09:44:33 +0000
-1999-03-02 09:44:33 U=CALLER sender verify defer for <callout@x>: could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error
+1999-03-02 09:44:33 U=CALLER sender verify defer for <callout@x>: Could not complete sender verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error
1999-03-02 09:44:33 U=CALLER F=<callout@x> temporarily rejected RCPT <x@y>: Could not complete sender verify callout
1999-03-02 09:44:33 10HmaZ-0005vi-00 U=CALLER F=<nosyntax@x> rejected after DATA
Envelope-from: <nosyntax@x>
F From: <unverifiable@y>
I Message-Id: <E10HmbA-0005vi-00@the.local.host.name>
Date: Tue, 2 Mar 1999 09:44:33 +0000
-1999-03-02 09:44:33 U=CALLER F=<recipcallout@y> temporarily rejected RCPT <callout@y>: could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error
+1999-03-02 09:44:33 U=CALLER F=<recipcallout@y> temporarily rejected RCPT <callout@y>: Could not complete recipient verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error
1999-03-02 09:44:33 U=CALLER F=<> rejected RCPT <cantverify.fail@y>: failure message
1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT <cantverify.defer@y>: defer message
1999-03-02 09:44:33 10HmbB-0005vi-00 U=CALLER F=<> rejected after DATA: '>' missing at end of address: failing address in "From:" header is: <bad@syntax
1999-03-02 09:44:33 10HmbC-0005vi-00 U=CALLER F=<> rejected after DATA: there is no valid sender in any header line
-1999-03-02 09:44:33 U=CALLER sender verify defer for <callout@x>: could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error
+1999-03-02 09:44:33 U=CALLER sender verify defer for <callout@x>: Could not complete sender verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error
1999-03-02 09:44:33 U=CALLER F=<callout@x> temporarily rejected RCPT <x@y>: Could not complete sender verify callout
1999-03-02 09:44:33 10HmbD-0005vi-00 U=CALLER F=<nosyntax@x> rejected after DATA
1999-03-02 09:44:33 10HmbE-0005vi-00 U=CALLER F=<> rejected after DATA: there is no valid sender in any header line
-1999-03-02 09:44:33 U=CALLER F=<recipcallout@y> temporarily rejected RCPT <callout@y>: could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error
+1999-03-02 09:44:33 U=CALLER F=<recipcallout@y> temporarily rejected RCPT <callout@y>: Could not complete recipient verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error
1999-03-02 09:44:33 U=CALLER F=<> rejected RCPT <cantverify.fail@y>: failure message
1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT <cantverify.defer@y>: defer message
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <ok@localhost>: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <ok@localhost>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: response to "RCPT TO:<bad@localhost>" from 127.0.0.1 [127.0.0.1] was: 550 REJECTED
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<bad@localhost>: 550 REJECTED
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: (recipient): Sender verify failed
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: (recipient): Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 REJECT MAIL FROM
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 REJECT MAIL FROM
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> rejected RCPT <z@test.ex>: (mail): Sender verify failed
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> rejected RCPT <z@test.ex>: (mail): Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>: response to "RCPT TO:<postmaster@otherhost>" from 127.0.0.1 [127.0.0.1] was: 550 NOT OK
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@otherhost>: 550 NOT OK
1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>
1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for <okok@otherhost51>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root sender verify defer for <ok@otherhost3>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost3>" was: 250 OK
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<ok@otherhost3> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root sender verify defer for <ok@otherhost4>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost4>" was: 250 OK
+1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root F=<ok@otherhost4> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for <okok@otherhost51>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost51>
1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<okok@otherhost51> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
-1999-03-02 09:44:33 U=CALLER sender verify fail for <z@remote>: response to "RCPT TO:<z@remote>" from 127.0.0.1 [127.0.0.1] was: 550 Unknown
+1999-03-02 09:44:33 U=CALLER sender verify fail for <z@remote>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<z@remote>: 550 Unknown
1999-03-02 09:44:33 U=CALLER F=<z@remote> rejected RCPT <deny@local>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER sender verify defer for <r1@domain1>: response to "RCPT TO:<r1@domain1>" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error
+1999-03-02 09:44:33 U=CALLER sender verify defer for <r1@domain1>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<r1@domain1>: 450 Temporary error
1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL <r1@domain1>: Could not complete sender verify callout
-1999-03-02 09:44:33 U=CALLER sender verify defer for <r2@domain2>: response to "RCPT TO:<r2@domain2>" from ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] was: 450 Temporary error
+1999-03-02 09:44:33 U=CALLER sender verify defer for <r2@domain2>: Could not complete sender verify callout: ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] : SMTP error from remote mail server after RCPT TO:<r2@domain2>: 450 Temporary error
1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL <r2@domain2>: Could not complete sender verify callout
-1999-03-02 09:44:33 U=CALLER sender verify defer for <r3@domain3>: response to "RCPT TO:<r3@domain3>" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error
+1999-03-02 09:44:33 U=CALLER sender verify defer for <r3@domain3>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<r3@domain3>: 450 Temporary error
1999-03-02 09:44:33 U=CALLER temporarily rejected MAIL <r3@domain3>: Could not complete sender verify callout
-1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <Ok@localhost>: response to "RCPT TO:<postmaster@localhost>" from 127.0.0.1 [127.0.0.1] was: 550 NO
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <Ok@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@localhost>: 550 NO
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<Ok@localhost> rejected RCPT <checkpm@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <NOTok@elsewhere>: response to "RCPT TO:<NOTok@elsewhere>" from 127.0.0.1 [127.0.0.1] was: 550 NO
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <NOTok@elsewhere>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<NOTok@elsewhere>: 550 NO
1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<NOTok@elsewhere> rejected RCPT <nocheckpm@test.ex>: Sender verify failed
1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<NOTok2@elsewhere> rejected RCPT <nocheckpm@test.ex>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER F=<s3@other.ex> rejected RCPT r3@other.ex: response to "MAIL FROM:<s3@other.ex>" from 127.0.0.1 [127.0.0.1] was: 550 NOTOK
-1999-03-02 09:44:33 U=CALLER F=<s4@other.ex> temporarily rejected RCPT r4@other.ex: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused
-1999-03-02 09:44:33 U=CALLER F=<x9@test.ex> rejected RCPT <r9@test.ex>: response to "RCPT TO:<r9@test.ex>" from 127.0.0.1 [127.0.0.1] was: 550 NO
+1999-03-02 09:44:33 U=CALLER F=<s3@other.ex> rejected RCPT r3@other.ex: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<s3@other.ex>" was: 550 NOTOK
+1999-03-02 09:44:33 U=CALLER F=<s4@other.ex> temporarily rejected RCPT r4@other.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused
+1999-03-02 09:44:33 U=CALLER F=<x9@test.ex> rejected RCPT <r9@test.ex>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<r9@test.ex>: 550 NO
1999-03-02 09:44:33 U=CALLER F=<x9@test.ex> rejected RCPT <r9@test.ex>: Previous (cached) callout verification failure
-1999-03-02 09:44:33 U=CALLER sender verify fail for <x9@test.ex>: response to "RCPT TO:<x9@test.ex>" from 127.0.0.1 [127.0.0.1] was: 550 NO
+1999-03-02 09:44:33 U=CALLER sender verify fail for <x9@test.ex>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<x9@test.ex>: 550 NO
1999-03-02 09:44:33 U=CALLER F=<x9@test.ex> rejected RCPT <r9@test.ex>: Sender verify failed
1999-03-02 09:44:33 U=CALLER sender verify fail for <x9@test.ex>
1999-03-02 09:44:33 U=CALLER F=<x9@test.ex> rejected RCPT <r9@test.ex>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout
-1999-03-02 09:44:33 U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout
+1999-03-02 09:44:33 U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO:<r11@two.test.ex>
+1999-03-02 09:44:33 U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after initial connection
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userx@broken.example>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 I'm misconfigured
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userx@broken.example>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 I'm misconfigured
1999-03-02 09:44:33 U=CALLER rejected MAIL <userx@broken.example>: Sender verify failed
1999-03-02 09:44:33 U=CALLER sender verify fail for <userx@broken.example>
1999-03-02 09:44:33 U=CALLER rejected MAIL <userx@broken.example>: Sender verify failed
--- /dev/null
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <ok@localhost>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<bad@localhost>: 550 REJECTED rcpt
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: (recipient): Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: (recipient): Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 REJECT mail from
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> rejected RCPT <z@test.ex>: (mail): Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>
+1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<ok@localhost> rejected RCPT <z@test.ex>: (mail): Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@otherhost>: 550 NOT OK rcpt postmaster
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>
+1999-03-02 09:44:33 H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root sender verify defer for <ok@otherhost3>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost3>" was: 250 OK accepting that random recipient
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<ok@otherhost3> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root sender verify defer for <ok@otherhost4>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost4>" was: 250 OK
+1999-03-02 09:44:33 H=[V4NET.0.0.4] U=root F=<ok@otherhost4> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify defer for <okok@otherhost51>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost51>
+1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<okok@otherhost51> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
******** SERVER ********
1999-03-02 09:44:33 H=(tester) [127.0.0.1] F=<someone@some.domain> rejected RCPT <dummy@reject.ex>: relay not permitted
+1999-03-02 09:44:33 rejected from <someone@some.domain> H=(tester) [127.0.0.1]: Non-CRLF-terminated header, under CHUNKING: message abandoned
+Envelope-from: <someone@some.domain>
+Envelope-to: <CALLER@test.ex>
+ To: Susan@random.com
--- /dev/null
+
+******** SERVER ********
+1999-03-02 09:44:33 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "bdat 1" H=(tester) [127.0.0.1] next input="bdat 87 last\r\n"
+Envelope-from: <someone9@some.domain>
+Envelope-to: <CALLER@test.ex>
+1999-03-02 09:44:33 SMTP call from (tester) [127.0.0.1] dropped: too many syntax or protocol errors (last command was "From: Sam@random.com")
+Envelope-from: <someone9@some.domain>
+Envelope-to: <CALLER@test.ex>
--- /dev/null
+1999-03-02 09:44:33 U=CALLER F=<> temporarily rejected RCPT <defer_strict@test.again.dns>: failed to expand ACL string "${lookup dnsdb{defer_strict,a=$domain}}": lookup of "defer_strict,a=test.again.dns" gave DEFER:
--- /dev/null
+1999-03-02 09:44:33 10HmaZ-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> rejected after DATA
+Envelope-from: <CALLER@myhost.test.ex>
+Envelope-to: <userx@test.ex>
+P Received: from CALLER (helo=test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaZ-0005vi-00
+ for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+ Date: Tue, 2 Mar 1999 09:44:33 +0000
+ Subject: message should be rejected
+I Message-Id: <E10HmaZ-0005vi-00@myhost.test.ex>
+F From: CALLER_NAME <CALLER@myhost.test.ex>
+1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER F=<CALLER@myhost.test.ex> temporarily rejected after DATA
+Envelope-from: <CALLER@myhost.test.ex>
+Envelope-to: <userx@test.ex>
+P Received: from CALLER (helo=test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaX-0005vi-00
+ for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+ Date: Tue, 2 Mar 1999 09:44:33 +0000
+ Subject: message should be deferred due to timeout
+I Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+F From: CALLER_NAME <CALLER@myhost.test.ex>
-1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
-1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
******** SERVER ********
1999-03-02 09:44:33 H=localhost (the.local.host.name) [127.0.0.1] F=<> rejected RCPT <the.local.host.name-dddddddd-testing@test.ex>: relay not permitted
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userA@test.ex> rejected RCPT <user.यष्टिमधु@test.ex>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userB.જેઠીમધ@test.ex> rejected RCPT <user.ქართული@test.ex>: Sender verify failed
******** SERVER ********
-1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
-1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
******** SERVER ********
1999-03-02 09:44:33 H=localhost (the.local.host.name) [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no F=<> rejected RCPT <the.local.host.name-dddddddd-testing@test.ex>: relay not permitted
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userA@test.ex> rejected RCPT <user.यष्टिमधु@test.ex>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userB.જેઠીમધ@test.ex> rejected RCPT <user.ქართული@test.ex>: Sender verify failed
******** SERVER ********
-1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
-1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@spanish.PorquénopuedensimplementehablarenEspañol.local> rejected RCPT <userS@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER F=<CALLER@vietnamese.TạisaohọkhôngthểchỉnóitiếngViệt.local> rejected RCPT <userT@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
******** SERVER ********
1999-03-02 09:44:33 H=localhost (the.local.host.name) [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no F=<> rejected RCPT <the.local.host.name-dddddddd-testing@test.ex>: relay not permitted
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userA@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userA@test.ex> rejected RCPT <user.यष्टिमधु@test.ex>: Sender verify failed
-1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: response to "EHLO the.local.host.name" from 127.0.0.1 [127.0.0.1] did not include SMTPUTF8
+1999-03-02 09:44:33 U=CALLER sender verify fail for <userB.જેઠીમધ@test.ex>: 127.0.0.1 [127.0.0.1] : response to "EHLO" did not include SMTPUTF8
1999-03-02 09:44:33 U=CALLER F=<userB.જેઠીમધ@test.ex> rejected RCPT <user.ქართული@test.ex>: Sender verify failed
******** SERVER ********
-1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <no@domain.com>: response to "RCPT TO:<no@domain.com>" from 127.0.0.1 [127.0.0.1] was: 550 No mate
-1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <no@domain.com>: response to "RCPT TO:<no@domain.com>" from 127.0.0.1 [127.0.0.1] was: 550 Not that one
+1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <no@domain.com>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<no@domain.com>: 550 No mate
+1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <no@domain.com>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<no@domain.com>: 550 Not that one
1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> temporarily rejected RCPT <userd@domain.com>
-1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> temporarily rejected RCPT <useri@domain.com>: response to "RCPT TO:<useri@domain.com>" from 127.0.0.1 [127.0.0.1] was: 450 not right now
+1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> temporarily rejected RCPT <useri@domain.com>: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<useri@domain.com>: 450 not right now
###############################################################################
#use strict;
-use 5.010;
-use feature 'state'; # included in 5.010
+use v5.10.1;
use warnings;
+use if $^V >= v5.19.11, experimental => 'smartmatch';
use Errno;
use FileHandle;
use Time::Local;
use Cwd;
use File::Basename;
+use Pod::Usage;
+use Getopt::Long;
use FindBin qw'$RealBin';
use lib "$RealBin/lib";
use Exim::Runtest;
+use Exim::Utils qw(uniq numerically);
-use if $ENV{DEBUG} && $ENV{DEBUG} =~ /\bruntest\b/ => ('Smart::Comments' => '####');
+use if $ENV{DEBUG} && scalar($ENV{DEBUG} =~ /\bruntest\b/) => 'Smart::Comments' => '####';
+use if $ENV{DEBUG} && scalar($ENV{DEBUG} =~ /\bruntest\b/) => 'Data::Dumper';
+
+use constant TEST_TOP => 8999;
+use constant TEST_SPECIAL_TOP => 9999;
# Start by initializing some global variables
my $optargs = '';
my $save_output = 0;
my $server_opts = '';
+my $slow = 0;
my $valgrind = 0;
my $have_ipv4 = 1;
my $have_ipv6 = 1;
my $have_largefiles = 0;
-my $test_start = 1;
-my $test_end = $test_top = 8999;
-my $test_special_top = 9999;
my @test_list = ();
-my @test_dirs = ();
# Networks to use for DNS tests. We need to choose some networks that will
# numbers, or handle specific bad conditions in different ways, leading to
# different wording in the error messages, so we cannot compare them.
- s/(TLS error on connection (?:from .* )?\(SSL_\w+\): error:)(.*)/$1 <<detail omitted>>/;
+#XXX This loses any trailing "deliving unencypted to" which is unfortunate
+# but I can't work out how to deal with that.
+ s/(TLS session: \(SSL_\w+\): error:)(.*)(?!: delivering)/$1 <<detail omitted>>/;
+ s/(TLS error on connection from .* \(SSL_\w+\): error:)(.*)/$1 <<detail omitted>>/;
next if /SSL verify error: depth=0 error=certificate not trusted/;
# ======== Maildir things ========
}
next if /^tls_validate_require_cipher child \d+ ended: status=0x0/;
- # We invoke Exim with -D, so we hit this new messag as of Exim 4.73:
+ # We invoke Exim with -D, so we hit this new message as of Exim 4.73:
next if /^macros_trusted overridden to true by whitelisting/;
# We have to omit the localhost ::1 address so that all is well in
# Not all platforms build with DKIM enabled
next if /^PDKIM >> Body data for hash, canonicalized/;
+ # Parts of DKIM-specific debug output depend on the time/date
+ next if /^date:\w+,\{SP\}/;
+ next if /^PDKIM \[[^[]+\] (Header hash|b) computed:/;
+
# Not all platforms support TCP Fast Open, and the compile omits the check
if (s/\S+ in hosts_try_fastopen\? no \(option unset\)\n$//)
{
next if / Berkeley DB error: /;
}
- elsif ($is_mail)
- {
- # Experimental_DSN info in bounces
- next if /^Remote-MTA: /;
- next if /^X-Exim-Diagnostic: /;
- }
-
# ======== All files other than stderr ========
print MUNGED;
log_failure($log_failed_filename, $testno, $rf);
log_test($log_summary_filename, $testno, 'F') if ($force_continue);
}
- return 1 if /^c$/i;
- last if (/^s$/);
+ return 1 if /^c$/i && $rf !~ /paniclog/ && $rsf !~ /paniclog/;
+ last if (/^[sc]$/);
}
foreach $f ($rf, $rsf)
)($|[ ]=)/x' },
'sys_bindir' =>
- { 'mainlog' => 's%/(usr/)?bin/%SYSBINDIR/%' },
+ { 'mainlog' => 's%/(usr/(local/)?)?bin/%SYSBINDIR/%' },
'sync_check_data' =>
{ 'mainlog' => 's/^(.* SMTP protocol synchronization error .* next input=.{8}).*$/$1<suppressed>/',
# The <SCRIPT> file is open for us to read an optional return code line,
# followed by the command line and any following data lines for stdin. The
# command line can be continued by the use of \. Data lines are not continued
-# in this way. In all lines, the following substutions are made:
+# in this way. In all lines, the following substitutions are made:
#
# DIR => the current directory
# CALLER => the caller of this script
# reference to the subtest number, holding previous value
# reference to the expected return code value
# reference to where to put the command name (for messages)
-# auxilliary information returned from a previous run
+# auxiliary information returned from a previous run
#
-# Returns: 0 the commmand was executed inline, no subprocess was run
+# Returns: 0 the command was executed inline, no subprocess was run
# 1 a non-exim command was run and waited for
# 2 an exim command was run and waited for
# 3 a command was run and not waited for (daemon, server, exim_lock)
# 4 EOF was encountered after an initial return code line
-# Optionally alse a second parameter, a hash-ref, with auxilliary information:
+# Optionally also a second parameter, a hash-ref, with auxiliary information:
# exim_pid: pid of a run process
# munge: name of a post-script results munger
if ($args =~ /\$msg/)
{
- my($listcmd) = "$parm_cwd/eximdir/exim -bp " .
- "-DEXIM_PATH=$parm_cwd/eximdir/exim " .
- "-C $parm_cwd/test-config |";
- print ">> Getting queue list from:\n>> $listcmd\n" if ($debug);
- open (QLIST, $listcmd) || tests_exit(-1, "Couldn't run \"exim -bp\": $!\n");
- my(@msglist) = ();
- while (<QLIST>) { push (@msglist, $1) if /^\s*\d+[smhdw]\s+\S+\s+(\S+)/; }
- close(QLIST);
+ my @listcmd = ("$parm_cwd/eximdir/exim", '-bp',
+ "-DEXIM_PATH=$parm_cwd/eximdir/exim",
+ -C => "$parm_cwd/test-config");
+ print ">> Getting queue list from:\n>> @listcmd\n" if $debug;
+ # We need the message ids sorted in ascending order.
+ # Message id is: <timestamp>-<pid>-<fractional-time>. On some systems (*BSD) the
+ # PIDs are randomized, so sorting just the whole PID doesn't work.
+ # We do the Schartz' transformation here (sort on
+ # <timestamp><fractional-time>). Thanks to Kirill Miazine
+ my @msglist =
+ map { $_->[1] } # extract the values
+ sort { $a->[0] cmp $b->[0] } # sort by key
+ map { [join('.' => (split /-/, $_)[0,2]) => $_] } # key (timestamp.fractional-time) => value(message_id)
+ map { /^\s*\d+[smhdw]\s+\S+\s+(\S+)/ } `@listcmd` or tests_exit(-1, "No output from `exim -bp` (@listcmd)\n");
# Done backwards just in case there are more than 9
if ($cmd =~ /\s-DSERVER=server\s/ && $cmd !~ /\s-DNOTDAEMON\s/)
{
- $pidfile = "$parm_cwd/spool/exim-daemon.pid";
if ($debug) { printf ">> daemon: $cmd\n"; }
run_system("sudo mkdir spool/log 2>/dev/null");
run_system("sudo chown $parm_eximuser:$parm_eximgroup spool/log");
while (<SCRIPT>) { $lineno++; last if /^\*{4}\s*$/; } # Ignore any input
# Interlock with daemon startup
- while (! stat("$pidfile") ) { select(undef, undef, undef, 0.3); }
+ for (my $count = 0; ! stat("$pidfile") && $count < 30; $count++ )
+ { select(undef, undef, undef, 0.3); }
return 3; # Don't wait
}
elsif ($cmd =~ /\s-DSERVER=wait:(\d+)\s/)
-##################################################
-# Check for sudo access to root #
-##################################################
-
-print "You need to have sudo access to root to run these tests. Checking ...\n";
-if (system('sudo true >/dev/null') != 0)
- {
- die "** Test for sudo failed: testing abandoned.\n";
- }
-else
- {
- print "Test for sudo OK\n";
- }
-
-
-
##################################################
# See if an Exim binary has been given #
##################################################
# as the path to the binary. If the first argument does not start with a
# '/' but exists in the file system, it's assumed to be the Exim binary.
-($parm_exim, @ARGV) = Exim::Runtest::exim_binary(@ARGV);
-print "Exim binary is $parm_exim\n" if $parm_exim ne '';
-
-
##################################################
# Sort out options and which tests are to be run #
# options are passed on to Exim calls within the tests. Typically, this is used
# to turn on Exim debugging while setting up a test.
-while (@ARGV > 0 && $ARGV[0] =~ /^-/)
- {
- my($arg) = shift @ARGV;
- if ($optargs eq '')
- {
- if ($arg eq "-DEBUG") { $debug = 1; $cr = "\n"; next; }
- if ($arg eq "-DIFF") { $cf = "diff -u"; next; }
- if ($arg eq "-CONTINUE"){$force_continue = 1;
- $more = "cat";
- next; }
- if ($arg eq "-UPDATE") { $force_update = 1; next; }
- if ($arg eq "-NOIPV4") { $have_ipv4 = 0; next; }
- if ($arg eq "-NOIPV6") { $have_ipv6 = 0; next; }
- if ($arg eq "-KEEP") { $save_output = 1; next; }
- if ($arg eq "-VALGRIND") { $valgrind = 1; next; }
- if ($arg =~ /^-FLAVOU?R$/) { $flavour = shift; next; }
- }
- $optargs .= " $arg";
- }
+Getopt::Long::Configure qw(no_getopt_compat);
+GetOptions(
+ 'debug' => sub { $debug = 1; $cr = "\n" },
+ 'diff' => sub { $cf = 'diff -u' },
+ 'continue' => sub { $force_continue = 1; $more = 'cat' },
+ 'update' => \$force_update,
+ 'ipv4!' => \$have_ipv4,
+ 'ipv6!' => \$have_ipv6,
+ 'keep' => \$save_output,
+ 'slow' => \$slow,
+ 'valgrind' => \$valgrind,
+ 'range=i{2}' => \my @range_wanted,
+ 'test=i@' => \my @tests_wanted,
+ 'flavor|flavour=s' => $flavour,
+ 'help' => sub { pod2usage(-exit => 0) },
+ 'man' => sub {
+ pod2usage(
+ -exit => 0,
+ -verbose => 2,
+ -noperldoc => system('perldoc -V 2>/dev/null 1>&2')
+ );
+ },
+) or pod2usage;
+
+($parm_exim, @ARGV) = Exim::Runtest::exim_binary(@ARGV);
+print "Exim binary is `$parm_exim'\n" if defined $parm_exim;
-# Any subsequent arguments are a range of test numbers.
-if (@ARGV > 0)
+my @wanted = sort numerically uniq
+ @tests_wanted ? @tests_wanted : (),
+ @range_wanted ? $range_wanted[0] .. $range_wanted[1] : (),
+ @ARGV ? @ARGV == 1 ? $ARGV[0] :
+ $ARGV[1] eq '+' ? $ARGV[0]..($ARGV[0] >= 9000 ? TEST_SPECIAL_TOP : TEST_TOP) :
+ 0+$ARGV[0]..0+$ARGV[1] # add 0 to cope with test numbers starting with zero
+ : ();
+@wanted = 1..TEST_TOP if not @wanted;
+
+##################################################
+# Check for sudo access to root #
+##################################################
+
+print "You need to have sudo access to root to run these tests. Checking ...\n";
+if (system('sudo true >/dev/null') != 0)
+ {
+ die "** Test for sudo failed: testing abandoned.\n";
+ }
+else
{
- $test_end = $test_start = $ARGV[0];
- $test_end = $ARGV[1] if (@ARGV > 1);
- $test_end = ($test_start >= 9000)? $test_special_top : $test_top
- if $test_end eq "+";
- die "** Test numbers out of order\n" if ($test_end < $test_start);
+ print "Test for sudo OK\n";
}
+
+
##################################################
# Make the command's directory current #
##################################################
# If $parm_exim is still empty, ask the caller
-if ($parm_exim eq '')
+if (not $parm_exim)
{
print "** Did not find an Exim binary to test\n";
for ($i = 0; $i < 5; $i++)
# This test for an active SpamAssassin is courtesy of John Jetmore.
# The tests are hard coded to localhost:783, so no point in making
# this test flexible like the clamav test until the test scripts are
- # changed. spamd doesn't have the nice PING/PONG protoccol that
+ # changed. spamd doesn't have the nice PING/PONG protocol that
# clamd does, but it does respond to errors in an informative manner,
# so use that.
print " OK\n";
}
+tests_exit(-1, "Failed to unlink $log_summary_filename: $!")
+ if not unlink($log_summary_filename) and -e $log_summary_filename;
##################################################
# Create a list of available tests #
# because the current binary does not support the right facilities, and also
# those that are outside the numerical range selected.
-print "\nTest range is $test_start to $test_end (flavour $flavour)\n";
+printf "\nWill run %d tests between %d and %d for flavour %s\n",
+ scalar(@wanted), $wanted[0], $wanted[-1], $flavour;
+
print "Omitting \${dlfunc expansion tests (loadable module not present)\n"
if $dlfunc_deleted;
print "Omitting dbm tests (unable to copy exim_dbmbuild)\n"
if $dbm_build_deleted;
-opendir(DIR, "scripts") || tests_exit(-1, "Failed to opendir(\"scripts\"): $!");
-@test_dirs = sort readdir(DIR);
-closedir(DIR);
-# Remove . and .. and CVS from the list.
-
-for ($i = 0; $i < @test_dirs; $i++)
- {
- my($d) = $test_dirs[$i];
- if ($d eq "." || $d eq ".." || $d eq "CVS")
- {
- splice @test_dirs, $i, 1;
- $i--;
- }
- }
+my @test_dirs = grep { not /^CVS$/ } map { basename $_ } glob 'scripts/*'
+ or die tests_exit(-1, "Failed to find test scripts in 'scripts/*`: $!");
# Scan for relevant tests
-
-tests_exit(-1, "Failed to unlink $log_summary_filename")
- if (-e $log_summary_filename && !unlink($log_summary_filename));
-for ($i = 0; $i < @test_dirs; $i++)
+# HS12: Needs to be reworked.
+DIR: for (my $i = 0; $i < @test_dirs; $i++)
{
my($testdir) = $test_dirs[$i];
my($wantthis) = 1;
# Skip this directory if the first test is equal or greater than the first
# test in the next directory.
- next if ($i < @test_dirs - 1) &&
- ($test_start >= substr($test_dirs[$i+1], 0, 4));
+ next DIR if ($i < @test_dirs - 1) &&
+ ($wanted[0] >= substr($test_dirs[$i+1], 0, 4));
# No need to carry on if the end test is less than the first test in this
# subdirectory.
- last if $test_end < substr($testdir, 0, 4);
+ last DIR if $wanted[-1] < substr($testdir, 0, 4);
# Check requirements, if any.
- if (open(REQUIRES, "scripts/$testdir/REQUIRES"))
+ if (open(my $requires, "scripts/$testdir/REQUIRES"))
{
- while (<REQUIRES>)
+ while (<$requires>)
{
next if /^\s*$/;
s/\s+$//;
tests_exit(-1, "Unknown line in \"scripts/$testdir/REQUIRES\": \"$_\"");
}
}
- close(REQUIRES);
}
else
{
# We want the tests from this subdirectory, provided they are in the
# range that was selected.
- opendir(SUBDIR, "scripts/$testdir") ||
- tests_exit(-1, "Failed to opendir(\"scripts/$testdir\"): $!");
- @testlist = sort readdir(SUBDIR);
- close(SUBDIR);
+ @testlist = grep { $_ ~~ @wanted } grep { /^\d+(?:\.\d+)?$/ } map { basename $_ } glob "scripts/$testdir/*";
+ tests_exit(-1, "Failed to read test scripts from `scripts/$testdir/*': $!")
+ if not @testlist;
foreach $test (@testlist)
{
- next if ($test !~ /^\d{4}(?:\.\d+)?$/);
- if (!$wantthis || $test < $test_start || $test > $test_end)
+ if (!$wantthis)
{
log_test($log_summary_filename, $test, '.');
}
}
}
-print ">>Test List: @test_list\n", if $debug;
+print ">>Test List:\n", join "\n", @test_list, '' if $debug;
##################################################
if (not $force_continue) {
# runtest needs to interact if we're not in continue
# mode. It does so by communicate to /dev/tty
- open(T, "/dev/tty") or tests_exit(-1, "Failed to open /dev/tty: $!");
+ open(T, '<', '/dev/tty') or tests_exit(-1, "Failed to open /dev/tty: $!");
+ print "\nPress RETURN to run the tests: ";
+ <T>;
}
-print "\nPress RETURN to run the tests: ";
-$_ = $force_continue ? "c" : <T>;
-print "\n";
-
-$lasttestdir = '';
-
foreach $test (@test_list)
{
- local($lineno) = 0;
- local($commandno) = 0;
- local($subtestno) = 0;
+ state $lasttestdir = '';
+
+ local $lineno = 0;
+ local $commandno = 0;
+ local $subtestno = 0;
+ local $sortlog = 0;
+
(local $testno = $test) =~ s|.*/||;
- local($sortlog) = 0;
- my($gnutls) = 0;
- my($docheck) = 1;
- my($thistestdir) = substr($test, 0, -5);
+ # Leaving traces in the process table and in the environment
+ # gives us a chance to identify hanging processes (exim daemons)
+ local $0 = "[runtest $testno]";
+ local $ENV{EXIM_TEST_NUMBER} = $testno;
+
+ my $gnutls = 0;
+ my $docheck = 1;
+ my $thistestdir = substr($test, 0, -5);
$dynamic_socket->close() if $dynamic_socket;
$gnutls = 0;
if (-s "scripts/$thistestdir/REQUIRES")
{
- my($indent) = '';
+ my $indent = '';
print "\n>>> The following tests require: ";
- open(IN, "scripts/$thistestdir/REQUIRES") ||
- tests_exit(-1, "Failed to open scripts/$thistestdir/REQUIRES: $1");
- while (<IN>)
+ open(my $requires, '<', "scripts/$thistestdir/REQUIRES") ||
+ tests_exit(-1, "Failed to open scripts/$thistestdir/REQUIRES: $!");
+ while (<$requires>)
{
$gnutls = 1 if /^support GnuTLS/;
print $indent, $_;
$indent = ">>> ";
}
- close(IN);
}
+ $lasttestdir = $thistestdir;
}
- $lasttestdir = $thistestdir;
# Remove any debris in the spool directory and the test-mail directory
# and also the files for collecting stdout and stderr. Then put back
my($rc, $run_extra) = run_command($testno, \$subtestno, \$expectrc, \$commandname, $TEST_STATE);
my($cmdrc) = $?;
- $0 = "[runtest $testno]";
-
if ($debug) {
print ">> rc=$rc cmdrc=$cmdrc\n";
if (defined $run_extra) {
if ($? != 0)
{
if (($? & 0xff) == 0)
- { printf("Server return code %d", $?/256); }
+ { printf("Server return code %d for test %d starting line %d", $?/256,
+ $testno, $subtest_startline); }
elsif (($? & 0xff00) == 0)
{ printf("Server killed by signal %d", $? & 255); }
else
if ($docheck)
{
+ sleep 1 if $slow;
my $rc = check_output($TEST_STATE->{munge});
log_test($log_summary_filename, $testno, 'P') if ($rc == 0);
if ($rc < 2)
# Exit from the test script #
##################################################
-tests_exit(-1, "No runnable tests selected") if @test_list == 0;
+tests_exit(-1, "No runnable tests selected") if not @test_list;
tests_exit(0);
+__END__
+
+=head1 NAME
+
+ runtest - run the exim testsuite
+
+=head1 SYNOPSIS
+
+ runtest [exim-path] [options] [test0 [test1]]
+
+=head1 DESCRIPTION
+
+B<runtest> runs the Exim testsuite.
+
+=head1 OPTIONS
+
+For legacy reasons the options are not case sensitive.
+
+=over
+
+=item B<--continue>
+
+Do not stop for user interaction or on errors. (default: off)
+
+=item B<--debug>
+
+This option enables the output of debug information when running the
+various test commands. (default: off)
+
+=item B<--diff>
+
+Use C<diff -u> for comparing the expected output with the produced
+output. (default: use a built-in routine)
+
+=item B<--flavor>|B<--flavour> I<flavour>
+
+Override the expected results for results for a specific (OS) flavour.
+(default: unused)
+
+=item B<--[no]ipv4>
+
+Skip IPv4 related setup and tests (default: use ipv4)
+
+=item B<--[no]ipv6>
+
+Skip IPv6 related setup and tests (default: use ipv6)
+
+=item B<--keep>
+
+Keep the various output files produced during a test run. (default: don't keep)
+
+=item B<--range> I<n0> I<n1>
+
+Run tests between (including) I<n0> and I<n1>.
+
+=item B<--slow>
+
+Insert some delays to compensate for a slow host system. (default: off)
+
+=item B<--test> I<n>
+
+Run the specified test. This option may used multiple times.
+
+=item B<--update>
+
+Automatically update the recorded (expected) data on mismatch. (default: off)
+
+=item B<--valgrind>
+
+Start Exim wrapped by I<valgrind>. (default: don't use valgrind)
+
+=back
+
+=cut
+
+
# End of runtest script
reduce: ${reduce{a:b:c}{+}{$value$item}}
reduce: ${reduce {<, 1,2,3}{0}{${eval:$value+$item}}}
reduce: ${reduce {3:0:9:4:6}{0}{${if >{$item}{$value}{$item}{$value}}}}
+# Check for extract corrupting reduce's $value
+reduce: ${reduce {b}{a aaa}{${extract{1}{ }{$value}} , $item}}
listnamed: ${listnamed:dlist}
listnamed: ${listnamed:+dlist}
mail from:<ok@test3>
rcpt to:<x@y>
data
+
Some message
.
quit
mail from:<x@y>
rcpt to:<warn_empty@test.ex>
data
+
Testing
.
quit
mail from:<x@y>
rcpt to:<warn_log@test.ex>
data
+
Testing
.
quit
mail from:<x@y>
rcpt to:<warn_user@test.ex>
data
+
Testing
.
quit
rcpt to:<accept@y>
rcpt to:<freeze@y>
data
+
Testing
.
mail from:<x@y>
rcpt to:<accept@y>
data
+
Testing 2
.
mail from:<x@y>
rcpt to:<queue_only@y>
rcpt to:<accept@y>
data
+
Testing 3
.
mail from:<x@y>
rcpt to:<accept@y>
data
+
Testing 4
.
quit
??? 250
data
??? 354
+
Testing
.
??? 250
??? 250
data
??? 354
+
Testing 2
.
??? 250
??? 250
data
??? 354
+
Testing 3
.
??? 250
??? 250
data
??? 354
+
Testing 4
.
??? 250
exim -bh 1.1.1.1
vrfy userx@test.ex
vrfy hardfail@test.ex
+vrfy ok_with_dom@test.ex
vrfy unqual
vrfy
expn postmaster
quit
****
+exim -bh 3.3.3.3
+vrfy acceptable
+quit
+****
exim -bh 2.2.2.2
expn list
quit
exim -z "Test: reject connect"
****
server PORT_S
-550 Go away
+550 Go away (A)
QUIT
250 OK
****
server PORT_S
220 Connected OK
EHLO
-550 Go away
+550 Go away (B)
HELO
-550 Go away
+550 Go away (C)
QUIT
250 OK
****
****
exim -odi -f foo3 userx
****
+sleep 5
exim -odi -f foo1 userx
****
mail from:<>
rcpt to:<x@y>
data
+
.
quit
****
mail from:<>
rcpt to:<x@y>
data
+
.
quit
****
mail from:<x@y>
rcpt to:<x@y>
data
+
.
vrfy x@y
mail from:<x@y>
-# Preservation of ACL variables
+# Preservation of ACL variables
exim -v -odi -bs -oMa 1.2.3.4 -oMs host.name
mail from:<>
rcpt to:<x@y>
.
quit
****
+#
+exim -DSERVER=server -bd -odq -oX PORT_D
+****
+client 127.0.0.1 PORT_D
+??? 220
+HELO test
+??? 250
+MAIL FROM:<>
+??? 250
+RCPT TO:<x@y>
+??? 250
+DATA
+??? 354
+.
+??? 250
+QUIT
+****
+killdaemon
no_msglog_check
#
# Tests of IPv4 sockets
#
-server PORT_S 10
+server PORT_S 11
QUERY-1
>LF>ANSWER-1
>*eof
QUERY-10
>LF>ANSWER-10
>*eof
+>LF>ANSWER-11
+>*eof
****
millisleep 500
exim -be
8 >>${readsocket{inet:127.0.0.1:PORT_S}{QUERY-8\n}{1s}}<<
9 >>${readsocket{inet:127.0.0.1:PORT_S}{QUERY-9\n}{1s}{}{sock error}}<<
10 >>${readsocket{inet:badloop:PORT_S}{QUERY-10\n}}<<
+11 >>${readsocket{inet:thisloop:PORT_S}{QUERY-11\n}{2s:shutdown=no}}<<
****
250 OK
MAIL FROM
250 OK
-RCPT TO
+RCPT TO:<myhost.test.ex-
250 OK
QUIT
250 OK
250 OK
MAIL FROM
250 OK
-RCPT TO
+RCPT TO:<myhost.test.ex-
250 OK
QUIT
250 OK
220 Server ready
EHLO
250 OK
-MAIL FROM
+MAIL FROM:<>
250 OK
-RCPT TO
+RCPT TO:<myhost.test.ex-
550 NOT OK
RSET
250 OK
-MAIL FROM
+MAIL FROM:<>
250 OK
-RCPT TO
+RCPT TO:<ok@otherhost41>
250 OK
RSET
250 OK
-MAIL FROM
+MAIL FROM:<>
250 OK
-RCPT TO
+RCPT TO:<postmaster@otherhost41>
250 OK
QUIT
250 OK
mail from:<x@y>
rcpt to:<2@b>
data
+
Message 1
.
rset
mail from:<x@y>
rcpt to:<2@b>
data
+
Message 2
.
quit
quit
??? 221
****
-#
killdaemon
250 OK
****
exim -odi userx@test.ex usery@test.ex
-This is a test message.
+
+1:This is a test message.
****
# This one has a retry time, so will be deferred.
#
250 OK
****
exim -odi userx@retry.test.ex
-This is a test message.
+
+2: This is a test message.
****
sleep 1
# Should by now have exceeded retry time.
250 OK
****
exim -odi userx@test.ex
-This is a test message.
+
+3: This is a test message.
****
no_msglog_check
mail from:<x@y>
rcpt to:<x@y>
data
+
Message.
.
quit
--- /dev/null
+# Test different variants of .includes
+exim -bP config
--- /dev/null
+# callout verification pipelining
+need_ipv4
+#
+# basic sender verify
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO
+250 OK mail sender
+250 OK recipient
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.1
+MAIL FROM:<ok@localhost>
+RCPT TO:<z@test.ex>
+QUIT
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.1
+MAIL FROM:<ok@localhost>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Wait for the record to time out and try again
+sleep 2
+# Should want to connect, but fail
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.1
+MAIL FROM:<ok@localhost>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Test unsuccessful caching
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO
+250 OK sender
+550 REJECTED rcpt
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.1
+MAIL FROM:<bad@localhost>
+RCPT TO:<z@test.ex>
+QUIT
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.1
+MAIL FROM:<bad@localhost>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Test caching of rejection of MAIL FROM:<>
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO
+550 REJECT mail from
+530 BAD SEQUENCE no sender accepted for rcpt
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.1
+MAIL FROM:<ok@localhost>
+RCPT TO:<z@test.ex>
+QUIT
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.1
+MAIL FROM:<ok@localhost>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Test caching of rejection of postmaster
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO
+250 OK sender
+250 OK rcpt
+RSET
+250 OK reset
+MAIL FROM:<>
+RCPT TO:<postmaster@otherhost>
+250 OK sender
+550 NOT OK rcpt postmaster
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.2
+MAIL FROM:<ok@otherhost>
+RCPT TO:<z@test.ex>
+QUIT
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.2
+MAIL FROM:<ok@otherhost>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Test caching of accepting of postmaster
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM
+RCPT TO:<postmaster@otherhost2>
+250 OK
+250 OK
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.2
+MAIL FROM:<ok@otherhost2>
+RCPT TO:<z@test.ex>
+QUIT
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.2
+MAIL FROM:<ok@otherhost2>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Test caching of accepting a random address
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO:<myhost.test.ex-
+250 OK
+250 OK accepting that random recipient
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.3
+MAIL FROM:<ok@otherhost3>
+RCPT TO:<z@test.ex>
+QUIT
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.3
+MAIL FROM:<otherok@otherhost3>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Test caching of accepting a random address and postmaster
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO:<myhost.test.ex-
+250 OK
+250 OK
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.4
+MAIL FROM:<ok@otherhost4>
+RCPT TO:<z@test.ex>
+QUIT
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.4
+MAIL FROM:<ok@otherhost4>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Test caching of rejecting a random address and postmaster
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<myhost.test.ex-
+250 OK
+550 NOT OK
+RSET
+250 OK
+MAIL FROM:<>
+RCPT TO:<ok@otherhost41>
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM:<>
+RCPT TO:<postmaster@otherhost41>
+250 OK
+250 OK
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.4
+MAIL FROM:<ok@otherhost41>
+RCPT TO:<z@test.ex>
+QUIT
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.4
+MAIL FROM:<ok@otherhost41>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Test caching of accepting of postmaster when another
+# address has to be tested
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+250 OK
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.2
+MAIL FROM:<ok@otherhost21>
+RCPT TO:<z@test.ex>
+QUIT
+****
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+250 OK
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.2
+MAIL FROM:<ok2@otherhost21>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Test caching of rejecting a random address
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+550 NOT OK
+RSET
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+250 OK
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.3
+MAIL FROM:<ok@otherhost31>
+RCPT TO:<z@test.ex>
+QUIT
+****
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO:<okok@otherhost31>
+250 OK
+250 OK
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.3
+MAIL FROM:<okok@otherhost31>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Wait a bit for the record to expire and then try again
+sleep 2
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<myhost.test.ex-
+250 OK
+550 NOT OK
+RSET
+250 OK
+MAIL FROM:<>
+RCPT TO:<okokok@otherhost31>
+250 OK
+250 OK
+QUIT
+250 OK
+****
+sudo exim -DPEX=1s -d-all+verify -v -bs -oMa V4NET.0.0.3
+MAIL FROM:<okokok@otherhost31>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Timeout on the RCPT for random
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+*sleep 2
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.5
+MAIL FROM:<okok@otherhost51>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Postmaster_sender set non-empty
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM:<pmsend@a.domain>
+RCPT TO:<postmaster@otherhost52>
+250 OK
+250 OK
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.6
+MAIL FROM:<okokok@otherhost52>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Header_sender sender set non-empty
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<somesender@a.domain>
+RCPT TO:<abcd@x.y.z>
+250 OK
+250 OK
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -odq -v -bs -oMa V4NET.0.0.7
+MAIL FROM:<ok7@otherhost53>
+RCPT TO:<z@test.ex>
+DATA
+Reply-To: abcd@x.y.z
+.
+QUIT
+****
+# Timeout on RCPT for header_sender (defer_ok test)
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+*sleep 2
+****
+sudo exim -d-all+verify -odq -v -bs -oMa V4NET.0.0.8
+MAIL FROM:<ok7@otherhost53>
+RCPT TO:<z@test.ex>
+DATA
+Reply-To: abcd@x.y.z
+.
+QUIT
+****
+# Test full postmaster check
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM
+RCPT TO:<postmaster@otherhost9>
+250 OK
+550 NOT OK
+RCPT TO:<postmaster>
+250 OK
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.9
+MAIL FROM:<ok@otherhost9>
+RCPT TO:<z@test.ex>
+QUIT
+****
+# Test postmaster_mailfrom with random
+server PORT_S
+220 Server ready
+EHLO
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+550 RANDOM IS BAD
+RSET
+250 OK
+MAIL FROM
+RCPT TO
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM:<pmsend@b.domain>
+RCPT TO:<postmaster@test.ex>
+250 OK
+250 OK
+QUIT
+250 OK
+****
+sudo exim -d-all+verify -v -bs -oMa V4NET.0.0.10
+MAIL FROM:<ok@otherhost10>
+RCPT TO:<z@test.ex>
+QUIT
+****
+no_msglog_check
--- /dev/null
+# local-part with space, esmtp reception
+#
+exim -DSERVER=server -bd -oX PORT_D
+****
+#
+client 127.0.0.1 PORT_D
+??? 220
+EHLO test
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250 HELP
+MAIL FROM:<>
+??? 250
+RCPT TO:<"name with spaces"@test.ex>
+??? 250
+DATA
+??? 354
+Subject: test
+
+body
+.
+??? 250
+QUIT
+??? 221
+****
+killdaemon
This is a test message.
.
quit
-***
+****
sleep 1
no_msglog_check
#
#
exim -z "This argument written, with newline, to log"
-***
+****
??? 221
****
#
+# plain, small message (no body)
+# header line with bad line-ending
+client 127.0.0.1 PORT_D
+??? 220
+ehlo tester
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-PIPELINING
+??? 250-CHUNKING
+??? 250 HELP
+mail from:someone@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 87 last
+>>> To: Susan@random.com\n
+From: Sam@random.com
+Subject: This is a Bodyless test message
+
+??? 552
+quit
+??? 221
+****
+#
+#
killdaemon
no_msglog_check
-# CHUNKING transmission, short messages
-#
-# Start with non-pipelined cases
-#
-# Basic short message
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250 CHUNKING
-MAIL FROM
-250 OK
-RCPT TO
-250 OK
-BDAT 329 LAST
-*data 329
-250 OK
-QUIT
-225 OK
-*eof
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<a@test.ex>
-DATA
-Subject: foo
-
-data
-.
-QUIT
+# CHUNKING reception, no pipelining
+exim -DSERVER=server -bd -oX PORT_D
****
#
-# Error case: server wrongly expected more data, client gets timeout for data-ack
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250 CHUNKING
-MAIL FROM
-250 good mail cmd
-RCPT TO
-250 acceptable rcpt cmd
-BDAT 329 LAST
-*data 330
-250 OK got that data
-QUIT
-225 OK quitting
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<b@test.ex>
-DATA
-Subject: foo
+# plain, small message (no body)
+client 127.0.0.1 PORT_D
+??? 220
+ehlo tester
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-CHUNKING
+??? 250 HELP
+mail from:someone1@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 88 last
+To: Susan@random.com
+From: Sam@random.com
+Subject: This is a bodyless test message
-data
-.
-QUIT
+??? 250-
+??? 250
+quit
+??? 221
****
#
-# Error case: server wrongly expected less data
-# client get the data-ack, sends quit - but server
-# sees a munged quit due to the outstanding data tail
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250 CHUNKING
-MAIL FROM
-250 OK
-RCPT TO
-250 OK
-BDAT 329 LAST
-*data 328
-250 OK
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<c@test.ex>
-DATA
-Subject: foo
+# plain, small message (with body)
+# nonlast 1st bdat, noop, last-bdat(0)
+# immediate followon 2nd message
+client 127.0.0.1 PORT_D
+??? 220
+ehlo tester
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+mail from:someone2@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 100
+To: Susan@random.com
+From: Sam@random.com
+Subject: This is a bodyfull test message
-data
-.
-QUIT
-****
-#
-# server rejects BDAT cmd
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250 CHUNKING
-MAIL FROM
-250 OK
-RCPT TO
-250 OK
-BDAT 329 LAST
-*data 329
-500 oops
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<d@test.ex>
-DATA
-Subject: foo
+1234567890
+??? 250
+noop
+??? 250
+bdat 0 last
+??? 250-
+??? 250
+mail from:someone3@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 10
+>>> To: Susan@
+??? 250
+bdat 78 last
+random.com
+From: Sam@random.com
+Subject: This is a bodyless test message
-data
-.
-QUIT
+??? 250-
+??? 250
+quit
+??? 221
****
#
-# server tmp-rejects BDAT cmd
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250 CHUNKING
-MAIL FROM
-250 OK
-RCPT TO
-250 OK
-BDAT 329 LAST
-*data 329
-400 not right now
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<e@test.ex>
-DATA
-Subject: foo
+# plain, small message (with body)
+# nonlast 1st bdat, noop, last-bdat(0) INCORRECTLY PIPELINED
+# immediate followon 2nd message
+client 127.0.0.1 PORT_D
+??? 220
+ehlo tester
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+mail from:someone2A@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 100
+To: Susan@random.com
+From: Sam@random.com
+Subject: This is a bodyfull test message
-data
-.
-QUIT
+1234567890
+??? 250
+noop
+??? 250
+bdat 0 last
+??? 250-
+??? 250
+mail from:someone3A@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 10
+>>> To: Susan@
+??? 250
+bdat 78 last
+random.com
+From: Sam@random.com
+Subject: This is a bodyless test message
+
+??? 250-
+??? 250
+quit
+??? 221
****
#
+# not enough data in chunk
#
-###################################################
-#
-# Pipelined cases
-#
-# Basic short message
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 329 LAST
-*data 329
-250 OK mail
-250 OK rcpt
-250 OK bdat
-QUIT
-225 OK
-*eof
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<p@test.ex>
-DATA
-Subject: foo
+client 127.0.0.1 PORT_D
+??? 220
+ehlo tester
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+mail from:someone4@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 89 last
+To: Susan@random.com
+From: Sam@random.com
+Subject: This is a bodyless test message
-data
-.
-QUIT
+??? 421
****
#
-# Error case: server wrongly expected more data, client gets timeout for data-ack
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 329 LAST
-*data 330
-250 good mail cmd
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<q@test.ex>
-DATA
-Subject: foo
-
-data
-.
-QUIT
-****
+# protocol failure cases
#
-# Error case: server wrongly expected less data
-# client get the data-ack, sends quit - but server
-# sees a munged quit due to the outstanding data tail
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 329 LAST
-*data 328
-250 OK mail
-250 OK rcpt
-250 OK bdat
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<r@test.ex>
-DATA
-Subject: foo
+client 127.0.0.1 PORT_D
+??? 220
+ehlo tester
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+mail from:someone5@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 88
+To: Susan@random.com
+From: Sam@random.com
+Subject: This is a bodyless test message
-data
-.
-QUIT
+??? 250
+bdat 0
+??? 504
+quit
+??? 221
****
#
-# server rejects MAIL cmd
-# transport coding does not handle the possible RSET-and-another transaction,
-# but always QUITs
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 329 LAST
-*data 329
-550 unacceptable mail-from
-550 rcpt ungood lacking mail-from
-500 bdat ungood lacking mail-from
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<s@test.ex>
-DATA
-Subject: foo
+# followon EHLO and another message
+client 127.0.0.1 PORT_D
+??? 220
+ehlo tester
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+mail from:someone6@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 88
+To: Susan@random.com
+From: Sam@random.com
+Subject: This is a bodyless test message
+??? 250
data
-.
-QUIT
-****
-#
-# server tmp-rejects MAIL cmd
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 330 LAST
-*data 330
-450 greylisted mail-from
-550 rcpt ungood lacking mail-from
-500 bdat ungood lacking mail-from
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<s1@test.ex>
-DATA
-Subject: foo
+??? 503
+RSET
+??? 250
+EHLO tester
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+mail from:someone7@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 88
+To: Susan@random.com
+From: Sam@random.com
+Subject: This is a bodyless test message
+??? 250
data
-.
-QUIT
-****
-#
-# server rejects RCPT cmd
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 329 LAST
-*data 329
-250 OK mail
-550 no such recipient
-500 oops bdat
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<t@test.ex>
-DATA
-Subject: foo
-
+??? 503
data
-.
-QUIT
+??? 503
+quit
+??? 221
****
#
-# server rejects BDAT cmd
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 329 LAST
-*data 329
-250 OK mail
-250 OK rcpt
-500 oops bdat
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<u@test.ex>
-DATA
-Subject: foo
+# plain, small message (no body), chunk data with bdat line
+client 127.0.0.1 PORT_D
+??? 220
+ehlo tester
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-CHUNKING
+??? 250 HELP
+mail from:someone8@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 88 last\r\nTo: Susan@random.com
+From: Sam@random.com
+Subject: This is a bodyless test message
-data
-.
-QUIT
+??? 250-
+??? 250
+quit
+??? 221
****
#
-# server tmp-rejects BDAT cmd
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 329 LAST
-*data 329
-250 OK mail
-250 OK rcpt
-400 not right now bdat
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO test
-MAIL FROM:<sender@source.dom>
-RCPT TO:<v@test.ex>
-DATA
-Subject: foo
+# plain, small message (no body), 2 chunks, pipeline sync error for 2nd
+client 127.0.0.1 PORT_D
+??? 220
+ehlo tester
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-CHUNKING
+??? 250 HELP
+mail from:someone9@some.domain
+??? 250
+rcpt to:CALLER@test.ex
+??? 250
+bdat 1\r\nTbdat 87 last
+To: Susan@random.com
+From: Sam@random.com
+Subject: This is a bodyless test message
-data
-.
-QUIT
+??? 554 SMTP synchronization error
****
#
#
+killdaemon
no_msglog_check
+++ /dev/null
-# CHUNKING transmission, long messages
-#
-# Start with non-pipelined cases
-#
-# Basic long message
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250 CHUNKING
-MAIL FROM
-250 OK
-RCPT TO
-250 OK
-BDAT 295
-*data 295
-250 OK nonlast bdat
-BDAT 8380 LAST
-*data 8380
-250 OK bdat
-QUIT
-225 OK
-*eof
-****
-sudo exim -odf -bS
-EHLO
-MAIL FROM:<sender@dom>
-RCPT TO:<a@test.ex>
-DATA
-Subject: foo
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-.
-QUIT
-****
-#
-#
-# server rejects BDAT cmd
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250 CHUNKING
-MAIL FROM
-250 OK
-RCPT TO
-250 OK
-BDAT 295
-*data 295
-500 oops bdat-nonlast
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO
-MAIL FROM:<sender@dom>
-RCPT TO:<d@test.ex>
-DATA
-Subject: foo
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-.
-QUIT
-****
-#
-#
-###################################################
-#
-# Pipelined cases
-#
-# Basic long message
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 295
-250 OK mail
-250 OK rcpt
-*data 295
-250 OK nonlast bdat
-BDAT 8380 LAST
-*data 8380
-250 OK bdat
-QUIT
-225 OK
-*eof
-****
-sudo exim -odf -bS
-EHLO
-MAIL FROM:<sender@dom>
-RCPT TO:<p@test.ex>
-DATA
-Subject: foo
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-.
-QUIT
-****
-#
-# server rejects MAIL cmd
-# transport coding does not handle the possible RSET-and-another transaction,
-# but always QUITs
-#
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 295
-*data 295
-550 unacceptable mail-from
-550 rcpt ungood lacking mail-from
-500 bdat (nonlast) ungood lacking mail-from
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO
-MAIL FROM:<sender@dom>
-RCPT TO:<s@test.ex>
-DATA
-Subject: foo
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-.
-QUIT
-****
-#
-# server rejects RCPT cmd
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 295
-*data 295
-250 OK mail
-550 no such recipient
-500 oops nonlast bdat - no rcpt
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO
-MAIL FROM:<sender@dom>
-RCPT TO:<t@test.ex>
-DATA
-Subject: foo
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-.
-QUIT
-****
-#
-# server rejects 1st RCPT cmd of two
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-RCPT TO
-BDAT 279
-*data 279
-250 OK mail
-550 no such recipient
-250 good recipient
-200 OK nonlast bdat
-BDAT 8380 LAST
-*data 8380
-250 OK bdat
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO
-MAIL FROM:<sender@dom>
-RCPT TO:<t1@test.ex>
-RCPT TO:<t2@test.ex>
-DATA
-Subject: foo
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-.
-QUIT
-****
-#
-# server rejects initial BDAT cmd
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 295
-*data 295
-250 OK mail
-250 OK rcpt
-500 oops nonlast bdat
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO
-MAIL FROM:<sender@dom>
-RCPT TO:<u@test.ex>
-DATA
-Subject: foo
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-.
-QUIT
-****
-#
-# server rejects final BDAT cmd
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 295
-*data 295
-250 OK mail
-250 OK rcpt
-250 OK nonlast bdat
-BDAT 8380 LAST
-*data 8380
-500 oops bdat
-QUIT
-225 OK
-****
-sudo exim -odf -bS
-EHLO
-MAIL FROM:<sender@dom>
-RCPT TO:<v@test.ex>
-DATA
-Subject: foo
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-.
-QUIT
-****
-#
-# message with long headers
-server PORT_S
-220 Greetings
-EHLO
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM
-RCPT TO
-BDAT 8191
-250 OK mail
-250 OK rcpt
-*data 8191
-250 OK nonlast bdat
-BDAT 807 LAST
-*data 807
-250 OK bdat
-QUIT
-225 OK
-*eof
-****
-sudo exim -odf -bS
-EHLO
-MAIL FROM:<sender@dom>
-RCPT TO:<p@test.ex>
-DATA
-Subject: foo
-X-long_hdr: 0
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 2
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 3
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 4
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 5
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 6
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 7
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 8
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
- 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-
-body
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
-.
-QUIT
-****
-#
-#
-no_msglog_check
+++ /dev/null
-# Test different variants of .includes
-exim -bP config
--- /dev/null
+# CHUNKING transmission, short messages
+#
+# Start with non-pipelined cases
+#
+# Basic short message
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250 CHUNKING
+MAIL FROM
+250 OK
+RCPT TO
+250 OK
+BDAT 329 LAST
+*data 329
+250 OK
+QUIT
+225 OK
+*eof
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<a@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+# Error case: server wrongly expected more data, client gets timeout for data-ack
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250 CHUNKING
+MAIL FROM
+250 good mail cmd
+RCPT TO
+250 acceptable rcpt cmd
+BDAT 329 LAST
+*data 330
+250 OK got that data
+QUIT
+225 OK quitting
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<b@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+# Error case: server wrongly expected less data
+# client get the data-ack, sends quit - but server
+# sees a munged quit due to the outstanding data tail
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250 CHUNKING
+MAIL FROM
+250 OK
+RCPT TO
+250 OK
+BDAT 329 LAST
+*data 328
+250 OK
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<c@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+# server rejects BDAT cmd
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250 CHUNKING
+MAIL FROM
+250 OK
+RCPT TO
+250 OK
+BDAT 329 LAST
+*data 329
+500 oops
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<d@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+# server tmp-rejects BDAT cmd
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250 CHUNKING
+MAIL FROM
+250 OK
+RCPT TO
+250 OK
+BDAT 329 LAST
+*data 329
+400 not right now
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<e@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+#
+###################################################
+#
+# Pipelined cases
+#
+# Basic short message
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 329 LAST
+*data 329
+250 OK mail
+250 OK rcpt
+250 OK bdat
+QUIT
+225 OK
+*eof
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<p@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+# Error case: server wrongly expected more data, client gets timeout for data-ack
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 329 LAST
+*data 330
+250 good mail cmd
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<q@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+# Error case: server wrongly expected less data
+# client get the data-ack, sends quit - but server
+# sees a munged quit due to the outstanding data tail
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 329 LAST
+*data 328
+250 OK mail
+250 OK rcpt
+250 OK bdat
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<r@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+# server rejects MAIL cmd
+# transport coding does not handle the possible RSET-and-another transaction,
+# but always QUITs
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 329 LAST
+*data 329
+550 unacceptable mail-from
+550 rcpt ungood lacking mail-from
+500 bdat ungood lacking mail-from
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<s@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+# server tmp-rejects MAIL cmd
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 330 LAST
+*data 330
+450 greylisted mail-from
+550 rcpt ungood lacking mail-from
+500 bdat ungood lacking mail-from
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<s1@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+# server rejects RCPT cmd
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 329 LAST
+*data 329
+250 OK mail
+550 no such recipient
+500 oops bdat
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<t@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+# server rejects BDAT cmd
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 329 LAST
+*data 329
+250 OK mail
+250 OK rcpt
+500 oops bdat
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<u@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+# server tmp-rejects BDAT cmd
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 329 LAST
+*data 329
+250 OK mail
+250 OK rcpt
+400 not right now bdat
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO test
+MAIL FROM:<sender@source.dom>
+RCPT TO:<v@test.ex>
+DATA
+Subject: foo
+
+data
+.
+QUIT
+****
+#
+#
+no_msglog_check
--- /dev/null
+# CHUNKING transmission, long messages
+#
+# Start with non-pipelined cases
+#
+# Basic long message
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250 CHUNKING
+MAIL FROM
+250 OK
+RCPT TO
+250 OK
+BDAT 295
+*data 295
+250 OK nonlast bdat
+BDAT 8380 LAST
+*data 8380
+250 OK bdat
+QUIT
+225 OK
+*eof
+****
+sudo exim -odf -bS
+EHLO
+MAIL FROM:<sender@dom>
+RCPT TO:<a@test.ex>
+DATA
+Subject: foo
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+.
+QUIT
+****
+#
+#
+# server rejects BDAT cmd
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250 CHUNKING
+MAIL FROM
+250 OK
+RCPT TO
+250 OK
+BDAT 295
+*data 295
+500 oops bdat-nonlast
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO
+MAIL FROM:<sender@dom>
+RCPT TO:<d@test.ex>
+DATA
+Subject: foo
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+.
+QUIT
+****
+#
+#
+###################################################
+#
+# Pipelined cases
+#
+# Basic long message
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 295
+250 OK mail
+250 OK rcpt
+*data 295
+250 OK nonlast bdat
+BDAT 8380 LAST
+*data 8380
+250 OK bdat
+QUIT
+225 OK
+*eof
+****
+sudo exim -odf -bS
+EHLO
+MAIL FROM:<sender@dom>
+RCPT TO:<p@test.ex>
+DATA
+Subject: foo
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+.
+QUIT
+****
+#
+# server rejects MAIL cmd
+# transport coding does not handle the possible RSET-and-another transaction,
+# but always QUITs
+#
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 295
+*data 295
+550 unacceptable mail-from
+550 rcpt ungood lacking mail-from
+500 bdat (nonlast) ungood lacking mail-from
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO
+MAIL FROM:<sender@dom>
+RCPT TO:<s@test.ex>
+DATA
+Subject: foo
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+.
+QUIT
+****
+#
+# server rejects RCPT cmd
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 295
+*data 295
+250 OK mail
+550 no such recipient
+500 oops nonlast bdat - no rcpt
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO
+MAIL FROM:<sender@dom>
+RCPT TO:<t@test.ex>
+DATA
+Subject: foo
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+.
+QUIT
+****
+#
+# server rejects 1st RCPT cmd of two
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+RCPT TO
+BDAT 279
+*data 279
+250 OK mail
+550 no such recipient
+250 good recipient
+200 OK nonlast bdat
+BDAT 8380 LAST
+*data 8380
+250 OK bdat
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO
+MAIL FROM:<sender@dom>
+RCPT TO:<t1@test.ex>
+RCPT TO:<t2@test.ex>
+DATA
+Subject: foo
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+.
+QUIT
+****
+#
+# server rejects initial BDAT cmd
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 295
+*data 295
+250 OK mail
+250 OK rcpt
+500 oops nonlast bdat
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO
+MAIL FROM:<sender@dom>
+RCPT TO:<u@test.ex>
+DATA
+Subject: foo
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+.
+QUIT
+****
+#
+# server rejects final BDAT cmd
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 295
+*data 295
+250 OK mail
+250 OK rcpt
+250 OK nonlast bdat
+BDAT 8380 LAST
+*data 8380
+500 oops bdat
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO
+MAIL FROM:<sender@dom>
+RCPT TO:<v@test.ex>
+DATA
+Subject: foo
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+.
+QUIT
+****
+#
+# server temp-rejects initial BDAT cmd
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 295
+*data 295
+250 OK mail
+250 OK rcpt
+400 oops nonlast bdat
+QUIT
+225 OK
+****
+sudo exim -odf -bS
+EHLO
+MAIL FROM:<sender@dom>
+RCPT TO:<u@test.ex>
+DATA
+Subject: foo
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+.
+QUIT
+****
+#
+#
+# message with long headers
+server PORT_S
+220 Greetings
+EHLO
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM
+RCPT TO
+BDAT 8191
+250 OK mail
+250 OK rcpt
+*data 8191
+250 OK nonlast bdat
+BDAT 807 LAST
+*data 807
+250 OK bdat
+QUIT
+225 OK
+*eof
+****
+sudo exim -odf -bS
+EHLO
+MAIL FROM:<sender@dom>
+RCPT TO:<p@test.ex>
+DATA
+Subject: foo
+X-long_hdr: 0
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 2
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 3
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 4
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 5
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 6
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 7
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 8
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+
+body
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
+.
+QUIT
+****
+#
+#
+no_msglog_check
exim usery@test.ex
Test message 2
****
+exim userz@test.ex
+Test message 3
+****
exim -qqf -d-all+acl
****
killdaemon
exim userx@test.ex
Test message 1
****
-exim userx@test.ex
+exim usery@test.ex
Test message 2
****
+exim userz@test.ex
+Test message 3
+****
exim -qqf -d-all+acl
****
killdaemon
#
# If all works you'll not see any difference. To enable in the
# kernel, 'sudo sh -c "echo 3 > /proc/sys/net/ipv4/tcp_fastopen"'.
-# A packet capture on the loopback interface will show the TFU
+# A packet capture on the loopback interface will show the TFO
# option on the SYN, but the fast-output SMTP banner will not
# be seen unless you also deliberately emulate a long path:
# 'sudo tc qdisc add dev lo root netem delay 100ms'
exim -d-all+lookup -odq user@shorthost.test.ex
****
#
+# ACL defer_strict
+exim -bs
+HELO test
+MAIL FROM:<>
+RCPT TO:<defer_strict@test.again.dns>
+QUIT
+****
+#
no_msglog_check
#
****
# result via perl_at_start
FOO=foo FOO1=foo1 FOO2=foo2 BAR=bar BAR1=bar1 BAR2=bar2 exim -ps -be ''
-***
+****
--- /dev/null
+# content scan interface: f-prot6d
+need_ipv4
+munge loopback
+#
+server PORT_S
+<SCAN FILE
+>0 <clean>
+>*eof
+****
+#
+#
+#
+exim -odi -bs -DOPT=
+ehlo test.ex
+mail from:<>
+rcpt to:<userx@test.ex>
+data
+Date: Fri, 17 Dec 2004 14:35:01 +0100
+Subject: message should be accepted
+
+.
+quit
+****
+#
+#
+#
+server PORT_S
+<SCAN FILE
+>0 <infected: EICAR_Test_File> DIR/spool/scan/1clxBT-0003I9-8y/1clxBT-0003I9-8y.eml
+>*eof
+****
+#
+#
+#
+exim -odi -bs -DOPT=
+ehlo test.ex
+mail from:<>
+rcpt to:<userx@test.ex>
+data
+Date: Fri, 17 Dec 2004 14:35:01 +0100
+Subject: message should be rejected
+
+due to the server response (above)
+.
+quit
+****
+#
+#
+#
+server PORT_S
+<SCAN FILE
+*sleep 3
+****
+#
+#
+#
+exim -odi -bs -DOPT="/tmo=2s"
+ehlo test.ex
+mail from:<>
+rcpt to:<userx@test.ex>
+data
+Date: Fri, 17 Dec 2004 14:35:01 +0100
+Subject: message should be deferred due to timeout
+
+.
+quit
+****
+#
+#
+#
+server PORT_S
+<SCAN FILE
+*sleep 3
+****
+#
+#
+#
+exim -odi -bs -DOPT="/tmo=2s/defer_ok"
+ehlo test.ex
+mail from:<>
+rcpt to:<userx@test.ex>
+data
+Date: Fri, 17 Dec 2004 14:35:01 +0100
+Subject: message should be accepted despite timeout
+
+.
+quit
+****
--- /dev/null
+# proxy-protocol proxy on inbound smtp
+#
+munge loopback
+#
+exim -bd -DSERVER=server -oX PORT_D
+****
+#
+# non-prox plain receive
+client 127.0.0.1 PORT_D
+??? 220
+HELO clientname
+??? 250
+MAIL FROM:<a@test.ex>
+??? 250
+RCPT TO:<b@test.ex>
+??? 250
+DATA
+??? 354
+Subject: test
+
+body
+.
+??? 250
+QUIT
+??? 221
+****
+#
+# protocol v1 plain receive
+client HOSTIPV4 PORT_D
+PROXY TCP4 127.0.0.2 127.42.42.42 64000 25
+??? 220
+HELO clientname
+??? 250
+MAIL FROM:<c@test.ex>
+??? 250
+RCPT TO:<d@test.ex>
+??? 250
+DATA
+??? 354
+Subject: test
+
+body
+.
+??? 250
+QUIT
+??? 221
+****
+#
+#
+#
+# protocol v2 plain receive
+client HOSTIPV4 PORT_D
+>>> \x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A\x21\x11\x00\x0c\xc0\xa8\x00\x0f\xc0\xa8\x00\x05\xc2\x95\x04\x01
+??? 220
+HELO clientname
+??? 250
+MAIL FROM:<e@test.ex>
+??? 250
+RCPT TO:<f@test.ex>
+??? 250
+DATA
+??? 354
+Subject: test
+
+body
+.
+??? 250
+QUIT
+??? 221
+****
+#
+#
+#
+killdaemon
+no_msglog_check
--- /dev/null
+support PROXY
--- /dev/null
+# DKIM verify, simple canonicalisation
+#
+exim -DSERVER=server -bd -oX PORT_D
+****
+#
+# This should pass.
+# - sha1, 1024b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+ PeUA8iBGfStWv+9/BBKkvCEYj/AVMl4e9k+AqWOXKyuEUfHxqAnV+sPnOejpmvT8
+ 41kuM4u0bICvK371YvB/yO61vtliRhyqU76Y2e55p2uvMADb3UyDhLyzpco4+yBo
+ 1w0AuIxu0VU4TK8UmOLyCw/1hxrh1DcEInbEMEKJ7kI=
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+#
+# This should pass.
+# - sha1, 512b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple --selector=ses \
+# --keyfile=aux-fixed/dkim/dkim512.private < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=ses; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+ cIErF1eueIT9AU4qG54FyT3yrlVDDM7RZnuU6fWTevZpAuMqhYcRO8tU3U4vtKWB
+ +I2vd+F1gzqCzBcRtfLhZg==
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+#
+# This should pass.
+# - sha256, 1024b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \
+# --method=simple/simple < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=3UbbJTudPxmejzh7U1Zg33U3QT+1
+ 6kfV2eOTvMeiEis=; b=xQSD/JMqz0C+xKf0A1NTkPTbkDuDdJbpBuyjjT9iYvyP
+ Zez+xl0TkoPobFGVa6EN8+ZeYV18zjifhtWYLSsNmPinUtcpKQLG1zxAKmmS0JEh
+ +qihlWbeGJ5+tK588ugUzXHPj+4JBW0H6kxHvdH0l2SlQE5xs/cdggnx5QX5USY=
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+#
+#
+killdaemon
+no_stdout_check
+no_msglog_check
--- /dev/null
+# DKIM verify, simple canonicalisation, with spaces
+#
+exim -DSERVER=server -bd -oX PORT_D
+****
+#
+# this should pass verification
+# Mail original in aux-fixed/4501.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple < aux-fixed/4501.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<pass@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=pdsXC6mnKSmAYjraebHb2Tt2xqw=; b=
+ bE9pnPdz5eDwz58PFMAsiFqpcsel33p5+pnvhwY5D6B6suGFbvku+LC1pi77z3lq
+ 45mFRxT4Dr4rW4612jYi5WpNk8ed28BkNMowUCgkM2TDoktiRClFpXTUX00hCico
+ KWcgcvORf6L8txhtICsHsl94ERKXxgptXHQk8XwMEuU=
+From: mrgus@test.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple space test
+
+This is a test of simple with spaces.
+
+
+
+End of content (spaced line two lines down).
+.
+??? 250
+QUIT
+??? 221
+****
+#
+# this should fail verification
+# Same message and sig as above, but body extended with (emptyline) (line with only spaces) (emptyline)
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<fail@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=pdsXC6mnKSmAYjraebHb2Tt2xqw=; b=
+ bE9pnPdz5eDwz58PFMAsiFqpcsel33p5+pnvhwY5D6B6suGFbvku+LC1pi77z3lq
+ 45mFRxT4Dr4rW4612jYi5WpNk8ed28BkNMowUCgkM2TDoktiRClFpXTUX00hCico
+ KWcgcvORf6L8txhtICsHsl94ERKXxgptXHQk8XwMEuU=
+From: mrgus@test.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple space test
+
+This is a test of simple with spaces.
+
+
+
+End of content (spaced line two lines down).
+
+
+
+.
+??? 250
+QUIT
+??? 221
+****
+#
+killdaemon
+no_stdout_check
+no_msglog_check
--- /dev/null
+# DKIM verify, relaxed canonicalisation
+#
+exim -DSERVER=server -bd -oX PORT_D
+****
+#
+# This should pass.
+# Mail original in aux-fixed/4502.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=relaxed/relaxed < aux-fixed/4502.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=test.ex; h=
+ message-id:date:from:mime-version:to:subject:content-type
+ :content-transfer-encoding; s=sel; bh=rn0kk3aPKyhYbxzfi3WG8dAxhN
+ M=; b=Tsi3kJtTNmIP0LAkEXR201R/alr7FwaWRAP+V9qQZf7MzAFrkfKAhkT3UQ
+ zPTJsZowOZaM1UoeeDQCvfvHG5YG8YCFwU3tuLgdDvbCmYJvR+jPNntN27BXcrVH
+ fyQLstR8eQPUopT7vmdYwsMlXz0Jv7iLM1MyxsWn6z1LTlvYA=
+Message-ID: <564CFC9B.1040905@yahoo.com>
+Date: Wed, 18 Nov 2015 14:32:59 -0800
+From: Joaquin Lopez <bakawolf@test.ex>
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:24.0) Gecko/20100101 Thunderbird/24.0
+MIME-Version: 1.0
+To: bakawolf@yahoo.com
+Subject: test
+Content-Type: text/plain; charset=ISO-8859-1; format=flowed
+Content-Transfer-Encoding: 7bit
+Content-Length: 13
+
+
+
+test
+
+
+
+
+
+
+
+
+.
+??? 250
+QUIT
+??? 221
+****
+#
+# This should pass.
+# Mail original in aux-fixed/4502.msg2.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=relaxed < aux-fixed/4502.msg2.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=test.ex; h=from:to:subject
+ :date:mime-version:content-type; s=sel; bh=uoq1oCgLlTqpdDX/iUbLy
+ 7J1Wic=; b=R8INFWPcNpQCsFaaflR6DMlxeSiNyJzOhC6cd56blJf1Ko4pgXnPP
+ /iZk1GVEUVvrCg/PUSQZGbXfukFf3iiPeKuq3xLtFHLZ23BcWTBUTK/mBPNQrB6p
+ YSQAYzZC/3x4DzTlkqgQgBcm78x8SkO2TdaUK/3Ja6HloNp2spUgLQ=
+Received: from xxxxxxxx.sproing.at ([127.0.0.1]:6225 helo=xxxxxxxx.sproing.at)
+ by yyyyyyyyyy.sproing.at with esmtp (Exim 4.86)
+ (envelope-from <postmaster@sproing.at>)
+ id 1a2FuN-0007pz-HD
+ for eximdkimtest@sproing.at; Fri, 27 Nov 2015 11:05:39 +0100
+From: <postmaster@test.ex>
+To: <eximdkimtest@sproing.at>
+Subject: test
+Date: Fri, 27 Nov 2015 11:05:38 +0100
+MIME-Version: 1.0
+Content-Type: text/plain;
+
+
+
+
+
+
+.
+??? 250
+QUIT
+??? 221
+****
+#
+# This should pass.
+# Mail original in aux-fixed/4502.msg3.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=relaxed < aux-fixed/4502.msg3.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=test.ex; h=from:to:subject
+ :date:mime-version:content-type; s=sel; bh=nlP/3EB0g/eKjl7+VInpZ
+ PDwELc=; b=TDZikuksDQgvVnkU+ZD7XZFhkfuf73WV9NcLRp7R/ADkBh2ZWzoKc
+ 1wST+dRBSt9m27BPx3EeUy1rZHryChKoTDy9XzLqo4mLOH4dC5pU5MWGD+bdtdeC
+ s3kEaYt3+l+7fsVdHFTu+2WwQUcQlvmUbENRn1k8sbpe9CGPrtvcAg=
+Received: from xxxxxxxx.sproing.at ([127.0.0.1]:6225 helo=xxxxxxxx.sproing.at)
+ by yyyyyyyyyy.sproing.at with esmtp (Exim 4.86)
+ (envelope-from <postmaster@sproing.at>)
+ id 1a2FuN-0007pz-HD
+ for eximdkimtest@sproing.at; Fri, 27 Nov 2015 11:05:39 +0100
+From: <postmaster@test.ex>
+To: <eximdkimtest@sproing.at>
+Subject: test
+Date: Fri, 27 Nov 2015 11:05:38 +0100
+MIME-Version: 1.0
+Content-Type: text/plain;
+
+Some content, then two blank lines.
+
+
+.
+??? 250
+QUIT
+??? 221
+****
+#
+# This should fail, due to an extra \ in the DNS record.
+# Mail original in aux-fixed/4502.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=relaxed/relaxed --selector=sel_bad < aux-fixed/4502.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=test.ex; h=
+ message-id:date:from:mime-version:to:subject:content-type
+ :content-transfer-encoding; s=sel_bad; bh=rn0kk3aPKyhYbxzfi3WG8d
+ AxhNM=; b=kXWfssgeNTAHmr9u2U6VZvb8uXuzoeLtZqgxySmUERKBsjk9sV31yv
+ 3rEMCwdtM38yBNFK9zuLsoBUO6M7fGnpfgbGv7BnDHx8AJcsPc1Ay/7JbLKhiCxo
+ zMTFil/4pj1s3bQGLCCOcN688IgerUUFqNBM5vq0nIOKzj2dwhQC8=
+Message-ID: <564CFC9B.1040905@yahoo.com>
+Date: Wed, 18 Nov 2015 14:32:59 -0800
+From: Joaquin Lopez <bakawolf@test.ex>
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:24.0) Gecko/20100101 Thunderbird/24.0
+MIME-Version: 1.0
+To: bakawolf@yahoo.com
+Subject: test
+Content-Type: text/plain; charset=ISO-8859-1; format=flowed
+Content-Transfer-Encoding: 7bit
+Content-Length: 13
+
+
+
+test
+
+
+
+
+
+
+
+
+.
+??? 250
+QUIT
+??? 221
+****
+killdaemon
+no_stdout_check
+no_msglog_check
--- /dev/null
+# DKIM verify, errors
+#
+exim -DSERVER=server -bd -oX PORT_D
+****
+#
+# This should fail verify (missing header hash in sig header)
+# - sha1, 1024b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=;
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+#
+#
+# This should fail verify (missing body hash in sig header)
+# - sha1, 1024b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; b=
+ PeUA8iBGfStWv+9/BBKkvCEYj/AVMl4e9k+AqWOXKyuEUfHxqAnV+sPnOejpmvT8
+ 41kuM4u0bICvK371YvB/yO61vtliRhyqU76Y2e55p2uvMADb3UyDhLyzpco4+yBo
+ 1w0AuIxu0VU4TK8UmOLyCw/1hxrh1DcEInbEMEKJ7kI=
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+#
+#
+# This should fail verify (missing body)
+# - sha1, 1024b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+ PeUA8iBGfStWv+9/BBKkvCEYj/AVMl4e9k+AqWOXKyuEUfHxqAnV+sPnOejpmvT8
+ 41kuM4u0bICvK371YvB/yO61vtliRhyqU76Y2e55p2uvMADb3UyDhLyzpco4+yBo
+ 1w0AuIxu0VU4TK8UmOLyCw/1hxrh1DcEInbEMEKJ7kI=
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+.
+??? 250
+QUIT
+??? 221
+****
+#
+#
+#
+# This should refuse to do verification (over-long body line)
+# The sig is bogus, but we don't verify it
+write test-data 1x16386
+++++
+****
+#
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+ PeUA8iBGfStWv+9/BBKkvCEYj/AVMl4e9k+AqWOXKyuEUfHxqAnV+sPnOejpmvT8
+ 41kuM4u0bICvK371YvB/yO61vtliRhyqU76Y2e55p2uvMADb3UyDhLyzpco4+yBo
+ 1w0AuIxu0VU4TK8UmOLyCw/1hxrh1DcEInbEMEKJ7kI=
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+<<< test-data
+another data line
+.
+??? 250
+QUIT
+??? 221
+****
+#
+#
+killdaemon
+no_stdout_check
+no_msglog_check
--- /dev/null
+# DKIM verify, -bh test mode
+#
+#
+# This should pass.
+# - sha1, 1024b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple < aux-fixed/4500.msg1.txt
+exim -DSERVER=server -DNOTDAEMON -bh 127.0.0.1
+HELO xxx
+MAIL FROM:<CALLER@bloggs.com>
+RCPT TO:<a@test.ex>
+DATA
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+ PeUA8iBGfStWv+9/BBKkvCEYj/AVMl4e9k+AqWOXKyuEUfHxqAnV+sPnOejpmvT8
+ 41kuM4u0bICvK371YvB/yO61vtliRhyqU76Y2e55p2uvMADb3UyDhLyzpco4+yBo
+ 1w0AuIxu0VU4TK8UmOLyCw/1hxrh1DcEInbEMEKJ7kI=
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+This is a simple test.
+.
+QUIT
+****
+#
+no_stdout_check
+no_msglog_check
--- /dev/null
+# DKIM signing
+#
+exim -bd -DSERVER=server -oX PORT_D
+****
+#
+# single header signed
+exim -DOPT=From -odf a@test.ex
+From: nobody@example.com
+From: second@example.com
+
+content
+****
+#
+# single header, oversigned
+exim -DOPT=From:From -odf b@test.ex
+From: nobody@example.com
+
+content
+****
+#
+# default header set
+exim -DHEADERS_MAXSIZE=y -odf c@test.ex
+From: nobody@example.com
+
+content
+****
+#
+# check that on signing we warn in debug mode about verify problems
+exim -d-all+acl -DHEADERS_MAXSIZE=y -DSELECTOR=sel_bad -odf d@test.ex
+From: nobody@example.com
+
+content
+****
+#
+millisleep 500
+killdaemon
+no_msglog_check
--- /dev/null
+# DKIM signing, with CHUNKING, stdin
+#
+exim -bd -DSERVER=server -oX PORT_S
+****
+#
+# single header signed, short message
+exim -DOPT=dkim -DLIST=From -odf -oMt sender -f sender a@test.ex
+From: nobody@example.com
+From: second@example.com
+
+content
+****
+#
+# single header signed, long message
+exim -DOPT=dkim -DLIST=From -odf -oMt sender -f sender b@test.ex
+From: nobody@example.com
+From: second@example.com
+
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
+
+The very last line
+****
+millisleep 500
+killdaemon
+no_msglog_check
--- /dev/null
+# DKIM signing, with CHUNKING, smtp/tcp
+#
+exim -bd -DSERVER=server -oX PORT_S
+****
+#
+# This should pass.
+### sha256, 1024b + message in 1 chunk
+# Mail original in aux-fixed/4500.msg2.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \
+# --method=simple/simple < aux-fixed/4500.msg2.txt
+client 127.0.0.1 PORT_S
+??? 220
+EHLO xxx
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+BDAT 557 LAST
+DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=ZS4D3qDAC7osugrdWUTQc9HUuaSC
+ +ScH3/NkwGGOlT0=; b=ncPDYKtCsFuFA7wXHxagsZUh3Rpu0dK6Dl7FbkGykEwU
+ L/MoAe0D+Aynz+yO0k3d4vGZ6Q2sEJ4MaOZI27ezOSBsBnEhw+0uOaxE6HZew5VD
+ owfSxfXTkyfJd0CHdtYoXT0OqngTBOtAv87u1T4aLRDY1yAqasVuvLV7V80d4tQ=
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+Line 1: This is a simple test.
+Line 2: This is a simple test.
+??? 250- 557
+??? 250
+QUIT
+??? 221
+****
+#
+# This should pass.
+### sha256, 1024b + message in 2 chunks
+# Mail original in aux-fixed/4500.msg2.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \
+# --method=simple/simple < aux-fixed/4500.msg2.txt
+client 127.0.0.1 PORT_S
+??? 220
+EHLO xxx
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+BDAT 525
+DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=ZS4D3qDAC7osugrdWUTQc9HUuaSC
+ +ScH3/NkwGGOlT0=; b=ncPDYKtCsFuFA7wXHxagsZUh3Rpu0dK6Dl7FbkGykEwU
+ L/MoAe0D+Aynz+yO0k3d4vGZ6Q2sEJ4MaOZI27ezOSBsBnEhw+0uOaxE6HZew5VD
+ owfSxfXTkyfJd0CHdtYoXT0OqngTBOtAv87u1T4aLRDY1yAqasVuvLV7V80d4tQ=
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+Line 1: This is a simple test.
+??? 250 525
+BDAT 32 LAST
+Line 2: This is a simple test.
+??? 250- 32
+??? 250
+QUIT
+??? 221
+****
+millisleep 500
+killdaemon
+no_msglog_check
--- /dev/null
+support DKIM
+++ /dev/null
-# DKIM simple canonicalisation
-#
-exim -DSERVER=server -bd -oX PORT_D
-****
-#
-# This should pass.
-# - sha1, 1024b
-# Mail original in aux-fixed/4500.msg1.txt
-# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple < aux-fixed/4500.msg1.txt
-client 127.0.0.1 PORT_D
-??? 220
-HELO xxx
-??? 250
-MAIL FROM:<CALLER@bloggs.com>
-??? 250
-RCPT TO:<a@test.ex>
-??? 250
-DATA
-??? 354
-DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
- :date:message-id:subject; s=sel; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
- PeUA8iBGfStWv+9/BBKkvCEYj/AVMl4e9k+AqWOXKyuEUfHxqAnV+sPnOejpmvT8
- 41kuM4u0bICvK371YvB/yO61vtliRhyqU76Y2e55p2uvMADb3UyDhLyzpco4+yBo
- 1w0AuIxu0VU4TK8UmOLyCw/1hxrh1DcEInbEMEKJ7kI=
-From: mrgus@text.ex
-To: bakawolf@yahoo.com
-Date: Thu, 19 Nov 2015 17:00:07 -0700
-Message-ID: <qwerty1234@disco-zombie.net>
-Subject: simple test
-
-This is a simple test.
-.
-??? 250
-QUIT
-??? 221
-****
-#
-# This should pass.
-# - sha1, 512b
-# Mail original in aux-fixed/4500.msg1.txt
-# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple --selector=ses \
-# --keyfile=aux-fixed/dkim/dkim512.private < aux-fixed/4500.msg1.txt
-client 127.0.0.1 PORT_D
-??? 220
-HELO xxx
-??? 250
-MAIL FROM:<CALLER@bloggs.com>
-??? 250
-RCPT TO:<a@test.ex>
-??? 250
-DATA
-??? 354
-DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
- :date:message-id:subject; s=ses; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
- cIErF1eueIT9AU4qG54FyT3yrlVDDM7RZnuU6fWTevZpAuMqhYcRO8tU3U4vtKWB
- +I2vd+F1gzqCzBcRtfLhZg==
-From: mrgus@text.ex
-To: bakawolf@yahoo.com
-Date: Thu, 19 Nov 2015 17:00:07 -0700
-Message-ID: <qwerty1234@disco-zombie.net>
-Subject: simple test
-
-This is a simple test.
-.
-??? 250
-QUIT
-??? 221
-****
-#
-# This should pass.
-# - sha256, 1024b
-# Mail original in aux-fixed/4500.msg1.txt
-# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \
-# --method=simple/simple < aux-fixed/4500.msg1.txt
-client 127.0.0.1 PORT_D
-??? 220
-HELO xxx
-??? 250
-MAIL FROM:<CALLER@bloggs.com>
-??? 250
-RCPT TO:<a@test.ex>
-??? 250
-DATA
-??? 354
-DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to
- :date:message-id:subject; s=sel; bh=3UbbJTudPxmejzh7U1Zg33U3QT+1
- 6kfV2eOTvMeiEis=; b=xQSD/JMqz0C+xKf0A1NTkPTbkDuDdJbpBuyjjT9iYvyP
- Zez+xl0TkoPobFGVa6EN8+ZeYV18zjifhtWYLSsNmPinUtcpKQLG1zxAKmmS0JEh
- +qihlWbeGJ5+tK588ugUzXHPj+4JBW0H6kxHvdH0l2SlQE5xs/cdggnx5QX5USY=
-From: mrgus@text.ex
-To: bakawolf@yahoo.com
-Date: Thu, 19 Nov 2015 17:00:07 -0700
-Message-ID: <qwerty1234@disco-zombie.net>
-Subject: simple test
-
-This is a simple test.
-.
-??? 250
-QUIT
-??? 221
-****
-#
-#
-killdaemon
-no_stdout_check
-no_msglog_check
+++ /dev/null
-# DKIM simple canonicalisation, with spaces
-#
-exim -DSERVER=server -bd -oX PORT_D
-****
-#
-# this should pass verification
-# Mail original in aux-fixed/4501.msg1.txt
-# Sig generated by: perl aux-fixed/dkim/sign.pl --method=simple/simple < aux-fixed/4501.msg1.txt
-client 127.0.0.1 PORT_D
-??? 220
-HELO xxx
-??? 250
-MAIL FROM:<pass@bloggs.com>
-??? 250
-RCPT TO:<a@test.ex>
-??? 250
-DATA
-??? 354
-DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
- :date:message-id:subject; s=sel; bh=pdsXC6mnKSmAYjraebHb2Tt2xqw=; b=
- bE9pnPdz5eDwz58PFMAsiFqpcsel33p5+pnvhwY5D6B6suGFbvku+LC1pi77z3lq
- 45mFRxT4Dr4rW4612jYi5WpNk8ed28BkNMowUCgkM2TDoktiRClFpXTUX00hCico
- KWcgcvORf6L8txhtICsHsl94ERKXxgptXHQk8XwMEuU=
-From: mrgus@test.ex
-To: bakawolf@yahoo.com
-Date: Thu, 19 Nov 2015 17:00:07 -0700
-Message-ID: <qwerty1234@disco-zombie.net>
-Subject: simple space test
-
-This is a test of simple with spaces.
-
-
-
-End of content (spaced line two lines down).
-.
-??? 250
-QUIT
-??? 221
-****
-#
-# this should fail verification
-# Same message and sig as above, but body extended with (emptyline) (line with only spaces) (emptyline)
-client 127.0.0.1 PORT_D
-??? 220
-HELO xxx
-??? 250
-MAIL FROM:<fail@bloggs.com>
-??? 250
-RCPT TO:<a@test.ex>
-??? 250
-DATA
-??? 354
-DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
- :date:message-id:subject; s=sel; bh=pdsXC6mnKSmAYjraebHb2Tt2xqw=; b=
- bE9pnPdz5eDwz58PFMAsiFqpcsel33p5+pnvhwY5D6B6suGFbvku+LC1pi77z3lq
- 45mFRxT4Dr4rW4612jYi5WpNk8ed28BkNMowUCgkM2TDoktiRClFpXTUX00hCico
- KWcgcvORf6L8txhtICsHsl94ERKXxgptXHQk8XwMEuU=
-From: mrgus@test.ex
-To: bakawolf@yahoo.com
-Date: Thu, 19 Nov 2015 17:00:07 -0700
-Message-ID: <qwerty1234@disco-zombie.net>
-Subject: simple space test
-
-This is a test of simple with spaces.
-
-
-
-End of content (spaced line two lines down).
-
-
-
-.
-??? 250
-QUIT
-??? 221
-****
-#
-killdaemon
-no_stdout_check
-no_msglog_check
+++ /dev/null
-# DKIM verify, relaxed canonicalisation
-#
-exim -DSERVER=server -bd -oX PORT_D
-****
-#
-# This should pass.
-# Mail original in aux-fixed/4502.msg1.txt
-# Sig generated by: perl aux-fixed/dkim/sign.pl --method=relaxed/relaxed < aux-fixed/4502.msg1.txt
-client 127.0.0.1 PORT_D
-??? 220
-HELO xxx
-??? 250
-MAIL FROM:<CALLER@bloggs.com>
-??? 250
-RCPT TO:<a@test.ex>
-??? 250
-DATA
-??? 354
-DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=test.ex; h=
- message-id:date:from:mime-version:to:subject:content-type
- :content-transfer-encoding; s=sel; bh=rn0kk3aPKyhYbxzfi3WG8dAxhN
- M=; b=Tsi3kJtTNmIP0LAkEXR201R/alr7FwaWRAP+V9qQZf7MzAFrkfKAhkT3UQ
- zPTJsZowOZaM1UoeeDQCvfvHG5YG8YCFwU3tuLgdDvbCmYJvR+jPNntN27BXcrVH
- fyQLstR8eQPUopT7vmdYwsMlXz0Jv7iLM1MyxsWn6z1LTlvYA=
-Message-ID: <564CFC9B.1040905@yahoo.com>
-Date: Wed, 18 Nov 2015 14:32:59 -0800
-From: Joaquin Lopez <bakawolf@test.ex>
-User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:24.0) Gecko/20100101 Thunderbird/24.0
-MIME-Version: 1.0
-To: bakawolf@yahoo.com
-Subject: test
-Content-Type: text/plain; charset=ISO-8859-1; format=flowed
-Content-Transfer-Encoding: 7bit
-Content-Length: 13
-
-
-
-test
-
-
-
-
-
-
-
-
-.
-??? 250
-QUIT
-??? 221
-****
-#
-# This should pass.
-# Mail original in aux-fixed/4502.msg2.txt
-# Sig generated by: perl aux-fixed/dkim/sign.pl --method=relaxed < aux-fixed/4502.msg2.txt
-client 127.0.0.1 PORT_D
-??? 220
-HELO xxx
-??? 250
-MAIL FROM:<CALLER@bloggs.com>
-??? 250
-RCPT TO:<a@test.ex>
-??? 250
-DATA
-??? 354
-DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=test.ex; h=from:to:subject
- :date:mime-version:content-type; s=sel; bh=uoq1oCgLlTqpdDX/iUbLy
- 7J1Wic=; b=R8INFWPcNpQCsFaaflR6DMlxeSiNyJzOhC6cd56blJf1Ko4pgXnPP
- /iZk1GVEUVvrCg/PUSQZGbXfukFf3iiPeKuq3xLtFHLZ23BcWTBUTK/mBPNQrB6p
- YSQAYzZC/3x4DzTlkqgQgBcm78x8SkO2TdaUK/3Ja6HloNp2spUgLQ=
-Received: from xxxxxxxx.sproing.at ([127.0.0.1]:6225 helo=xxxxxxxx.sproing.at)
- by yyyyyyyyyy.sproing.at with esmtp (Exim 4.86)
- (envelope-from <postmaster@sproing.at>)
- id 1a2FuN-0007pz-HD
- for eximdkimtest@sproing.at; Fri, 27 Nov 2015 11:05:39 +0100
-From: <postmaster@test.ex>
-To: <eximdkimtest@sproing.at>
-Subject: test
-Date: Fri, 27 Nov 2015 11:05:38 +0100
-MIME-Version: 1.0
-Content-Type: text/plain;
-
-
-
-
-
-
-.
-??? 250
-QUIT
-??? 221
-****
-#
-# This should pass.
-# Mail original in aux-fixed/4502.msg3.txt
-# Sig generated by: perl aux-fixed/dkim/sign.pl --method=relaxed < aux-fixed/4502.msg3.txt
-client 127.0.0.1 PORT_D
-??? 220
-HELO xxx
-??? 250
-MAIL FROM:<CALLER@bloggs.com>
-??? 250
-RCPT TO:<a@test.ex>
-??? 250
-DATA
-??? 354
-DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=test.ex; h=from:to:subject
- :date:mime-version:content-type; s=sel; bh=nlP/3EB0g/eKjl7+VInpZ
- PDwELc=; b=TDZikuksDQgvVnkU+ZD7XZFhkfuf73WV9NcLRp7R/ADkBh2ZWzoKc
- 1wST+dRBSt9m27BPx3EeUy1rZHryChKoTDy9XzLqo4mLOH4dC5pU5MWGD+bdtdeC
- s3kEaYt3+l+7fsVdHFTu+2WwQUcQlvmUbENRn1k8sbpe9CGPrtvcAg=
-Received: from xxxxxxxx.sproing.at ([127.0.0.1]:6225 helo=xxxxxxxx.sproing.at)
- by yyyyyyyyyy.sproing.at with esmtp (Exim 4.86)
- (envelope-from <postmaster@sproing.at>)
- id 1a2FuN-0007pz-HD
- for eximdkimtest@sproing.at; Fri, 27 Nov 2015 11:05:39 +0100
-From: <postmaster@test.ex>
-To: <eximdkimtest@sproing.at>
-Subject: test
-Date: Fri, 27 Nov 2015 11:05:38 +0100
-MIME-Version: 1.0
-Content-Type: text/plain;
-
-Some content, then two blank lines.
-
-
-.
-??? 250
-QUIT
-??? 221
-****
-#
-# This should fail, but passes - bug 1926 - due to an extra \ in the DNS record.
-# Mail original in aux-fixed/4502.msg1.txt
-# Sig generated by: perl aux-fixed/dkim/sign.pl --method=relaxed/relaxed --selector=sel_bad < aux-fixed/4502.msg1.txt
-client 127.0.0.1 PORT_D
-??? 220
-HELO xxx
-??? 250
-MAIL FROM:<CALLER@bloggs.com>
-??? 250
-RCPT TO:<a@test.ex>
-??? 250
-DATA
-??? 354
-DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=test.ex; h=
- message-id:date:from:mime-version:to:subject:content-type
- :content-transfer-encoding; s=sel_bad; bh=rn0kk3aPKyhYbxzfi3WG8d
- AxhNM=; b=kXWfssgeNTAHmr9u2U6VZvb8uXuzoeLtZqgxySmUERKBsjk9sV31yv
- 3rEMCwdtM38yBNFK9zuLsoBUO6M7fGnpfgbGv7BnDHx8AJcsPc1Ay/7JbLKhiCxo
- zMTFil/4pj1s3bQGLCCOcN688IgerUUFqNBM5vq0nIOKzj2dwhQC8=
-Message-ID: <564CFC9B.1040905@yahoo.com>
-Date: Wed, 18 Nov 2015 14:32:59 -0800
-From: Joaquin Lopez <bakawolf@test.ex>
-User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:24.0) Gecko/20100101 Thunderbird/24.0
-MIME-Version: 1.0
-To: bakawolf@yahoo.com
-Subject: test
-Content-Type: text/plain; charset=ISO-8859-1; format=flowed
-Content-Transfer-Encoding: 7bit
-Content-Length: 13
-
-
-
-test
-
-
-
-
-
-
-
-
-.
-??? 250
-QUIT
-??? 221
-****
-killdaemon
-no_stdout_check
-no_msglog_check
+++ /dev/null
-# DKIM signing
-#
-exim -bd -DSERVER=server -oX PORT_D
-****
-#
-# single header signed
-exim -DOPT=From -odf a@test.ex
-From: nobody@example.com
-From: second@example.com
-
-content
-****
-#
-# single header, oversigned
-exim -DOPT=From:From -odf b@test.ex
-From: nobody@example.com
-
-content
-****
-#
-# default header set
-exim -DHEADERS_MAXSIZE=y -odf c@test.ex
-From: nobody@example.com
-
-content
-****
-millisleep 500
-killdaemon
-no_msglog_check
+++ /dev/null
-# DKIM signing, with CHUNKING
-#
-exim -bd -DSERVER=server -oX PORT_S
-****
-#
-# single header signed, short message
-exim -DOPT=dkim -DLIST=From -odf -oMt sender -f sender a@test.ex
-From: nobody@example.com
-From: second@example.com
-
-content
-****
-#
-# single header signed, long message
-exim -DOPT=dkim -DLIST=From -odf -oMt sender -f sender b@test.ex
-From: nobody@example.com
-From: second@example.com
-
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
-
-The very last line
-****
-millisleep 500
-killdaemon
-no_msglog_check
+++ /dev/null
-support DKIM
+++ /dev/null
-# DKIM signing and bounces
-#
-exim -bd -DSERVER=server -oX PORT_D
-****
-#
-# single header signed
-# one rcpt accept, one reject - should get a DSN
-exim -odf baduser@test.ex okuser@test.ex
-From: nobody@example.com
-From: second@example.com
-
-content
-****
-millisleep 500
-killdaemon
+++ /dev/null
-support DKIM
-support PRDR
--- /dev/null
+# DKIM signing and bounces
+munge optional_dsn_info
+#
+exim -bd -DSERVER=server -oX PORT_D
+****
+#
+# single header signed
+# one rcpt accept, one reject - should get a DSN
+exim -odf baduser@test.ex okuser@test.ex
+From: nobody@example.com
+From: second@example.com
+
+content
+****
+millisleep 500
+killdaemon
--- /dev/null
+support DKIM
+support PRDR
1
exim -bt user@mx-unsec-a-sec.test.ex
****
-2
+1
exim -bt user@mx-sec-a-unsec.test.ex
****
exim -bt user@mx-sec-a-sec.test.ex
/****************************************************************************/
+/* Turn "\n" and "\r" into the relevant characters. This is a hack. */
+
+static int
+unescape_buf(unsigned char * buf, int len)
+{
+unsigned char * s;
+unsigned char c, t;
+unsigned shift;
+
+for (s = buf; s < buf+len; s++) if (*s == '\\')
+ {
+ switch (s[1])
+ {
+ default: c = s[1]; shift = 1; break;
+ case 'n': c = '\n'; shift = 1; break;
+ case 'r': c = '\r'; shift = 1; break;
+ case 'x':
+ t = s[2];
+ if (t >= 'A' && t <= 'F') t -= 'A'-'9'-1;
+ else if (t >= 'a' && t <= 'f') t -= 'a'-'9'-1;
+ t -= '0';
+ c = (t<<4) & 0xf0;
+ t = s[3];
+ if (t >= 'A' && t <= 'F') t -= 'A'-'9'-1;
+ else if (t >= 'a' && t <= 'f') t -= 'a'-'9'-1;
+ t -= '0';
+ c |= t & 0xf;
+ shift = 3;
+ break;
+ }
+ *s = c;
+ memmove(s+1, s+shift+1, len-shift);
+ len -= shift;
+ }
+return len;
+}
+
+
/****************************************************************************/
+typedef struct {
+ int sock;
+ int tls_active;
+#ifdef HAVE_OPENSSL
+ SSL_CTX * ctx;
+ SSL * ssl;
+#endif
+ int sent_starttls;
+} srv_ctx;
+
+static void
+do_file(srv_ctx * srv, FILE * f, int timeout,
+ unsigned char * inbuffer, unsigned bsiz, unsigned char * inptr)
+{
+unsigned char outbuffer[1024 * 20];
+
+while (fgets(CS outbuffer, sizeof(outbuffer), f) != NULL)
+ {
+ int n = (int)strlen(CS outbuffer);
+ int crlf = 1;
+ int rc;
+
+ /* Strip trailing newline */
+ if (outbuffer[n-1] == '\n') outbuffer[--n] = 0;
+
+ /* Expect incoming */
+
+ if ( strncmp(CS outbuffer, "???", 3) == 0
+ && (outbuffer[3] == ' ' || outbuffer[3] == '*')
+ )
+ {
+ unsigned char *lineptr;
+ unsigned exp_eof = outbuffer[3] == '*';
+
+ printf("%s\n", outbuffer);
+ n = unescape_buf(outbuffer, n);
+
+ if (*inptr == 0) /* Refill input buffer */
+ {
+ if (srv->tls_active)
+ {
+ #ifdef HAVE_OPENSSL
+ rc = SSL_read (srv->ssl, inbuffer, bsiz - 1);
+ #endif
+ #ifdef HAVE_GNUTLS
+ rc = gnutls_record_recv(tls_session, CS inbuffer, bsiz - 1);
+ #endif
+ }
+ else
+ {
+ alarm(timeout);
+ rc = read(srv->sock, inbuffer, bsiz);
+ alarm(0);
+ }
+
+ if (rc < 0)
+ {
+ printf("Read error %s\n", strerror(errno));
+ exit(81);
+ }
+ else if (rc == 0)
+ if (exp_eof)
+ {
+ printf("Expected EOF read\n");
+ continue;
+ }
+ else
+ {
+ printf("Unexpected EOF read\n");
+ close(srv->sock);
+ exit(80);
+ }
+ else if (exp_eof)
+ {
+ printf("Expected EOF not read\n");
+ close(srv->sock);
+ exit(74);
+ }
+ else
+ {
+ inbuffer[rc] = 0;
+ inptr = inbuffer;
+ }
+ }
+
+ lineptr = inptr;
+ while (*inptr != 0 && *inptr != '\r' && *inptr != '\n') inptr++;
+ if (*inptr != 0)
+ {
+ *inptr++ = 0;
+ if (*inptr == '\n') inptr++;
+ }
+
+ printf("<<< %s\n", lineptr);
+ if (strncmp(CS lineptr, CS outbuffer + 4, n - 4) != 0)
+ {
+ printf("\n******** Input mismatch ********\n");
+ exit(79);
+ }
+
+ #ifdef HAVE_TLS
+ if (srv->sent_starttls)
+ {
+ if (lineptr[0] == '2')
+ {
+int rc;
+ unsigned int verify;
+
+ printf("Attempting to start TLS\n");
+ fflush(stdout);
+
+ #ifdef HAVE_OPENSSL
+ srv->tls_active = tls_start(srv->sock, &srv->ssl, srv->ctx);
+ #endif
+
+ #ifdef HAVE_GNUTLS
+ {
+ int rc;
+ sigalrm_seen = FALSE;
+ alarm(timeout);
+ do {
+ rc = gnutls_handshake(tls_session);
+ } while (rc < 0 && gnutls_error_is_fatal(rc) == 0);
+ srv->tls_active = rc >= 0;
+ alarm(0);
+
+ if (!srv->tls_active) printf("%s\n", gnutls_strerror(rc));
+ }
+ #endif
+
+ if (!srv->tls_active)
+ {
+ printf("Failed to start TLS\n");
+ fflush(stdout);
+ }
+ #ifdef HAVE_GNUTLS
+ else if (ocsp_stapling)
+ {
+ if ((rc= gnutls_certificate_verify_peers2(tls_session, &verify)) < 0)
+ {
+ printf("Failed to verify certificate: %s\n", gnutls_strerror(rc));
+ fflush(stdout);
+ }
+ else if (verify & (GNUTLS_CERT_INVALID|GNUTLS_CERT_REVOKED))
+ {
+ printf("Bad certificate\n");
+ fflush(stdout);
+ }
+ #ifdef HAVE_OCSP
+ else if (gnutls_ocsp_status_request_is_checked(tls_session, 0) == 0)
+ {
+ printf("Failed to verify certificate status\n");
+ {
+ gnutls_datum_t stapling;
+ gnutls_ocsp_resp_t resp;
+ gnutls_datum_t printed;
+ if ( (rc= gnutls_ocsp_status_request_get(tls_session, &stapling)) == 0
+ && (rc= gnutls_ocsp_resp_init(&resp)) == 0
+ && (rc= gnutls_ocsp_resp_import(resp, &stapling)) == 0
+ && (rc= gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &printed)) == 0
+ )
+ {
+ fprintf(stderr, "%.4096s", printed.data);
+ gnutls_free(printed.data);
+ }
+ else
+ (void) fprintf(stderr,"ocsp decode: %s", gnutls_strerror(rc));
+ }
+ fflush(stdout);
+ }
+ #endif
+ }
+ #endif
+ else
+ printf("Succeeded in starting TLS\n");
+ }
+ else printf("Abandoning TLS start attempt\n");
+ }
+ srv->sent_starttls = 0;
+ #endif
+ }
+
+ /* Wait for a bit before proceeding */
+
+ else if (strncmp(CS outbuffer, "+++ ", 4) == 0)
+ {
+ printf("%s\n", outbuffer);
+ sleep(atoi(CS outbuffer + 4));
+ }
+
+ /* Stack new input file */
+
+ else if (strncmp(CS outbuffer, "<<< ", 4) == 0)
+ {
+ FILE * new_f;
+ if (!(new_f = fopen(outbuffer+4 , "r")))
+ {
+ printf("Unable to open '%s': %s", inptr, strerror(errno));
+ exit(74);
+ }
+ do_file(srv, new_f, timeout, inbuffer, bsiz, inptr);
+ }
+
+
+ /* Send line outgoing, but barf if unconsumed incoming */
+
+ else
+ {
+ unsigned char * out = outbuffer;
+
+ if (strncmp(CS outbuffer, ">>> ", 4) == 0)
+ {
+ crlf = 0;
+ out += 4;
+ n -= 4;
+ }
+
+ if (*inptr != 0)
+ {
+ printf("Unconsumed input: %s", inptr);
+ printf(" About to send: %s\n", out);
+ exit(78);
+ }
+
+ #ifdef HAVE_TLS
+
+ /* Shutdown TLS */
+
+ if (strcmp(CS out, "stoptls") == 0 ||
+ strcmp(CS out, "STOPTLS") == 0)
+ {
+ if (!srv->tls_active)
+ {
+ printf("STOPTLS read when TLS not active\n");
+ exit(77);
+ }
+ printf("Shutting down TLS encryption\n");
+
+ #ifdef HAVE_OPENSSL
+ SSL_shutdown(srv->ssl);
+ SSL_free(srv->ssl);
+ #endif
+
+ #ifdef HAVE_GNUTLS
+ gnutls_bye(tls_session, GNUTLS_SHUT_WR);
+ gnutls_deinit(tls_session);
+ tls_session = NULL;
+ gnutls_global_deinit();
+ #endif
+
+ srv->tls_active = 0;
+ continue;
+ }
+
+ /* Remember that we sent STARTTLS */
+
+ srv->sent_starttls = (strcmp(CS out, "starttls") == 0 ||
+ strcmp(CS out, "STARTTLS") == 0);
+
+ /* Fudge: if the command is "starttls_wait", we send the starttls bit,
+ but we haven't set the flag, so that there is no negotiation. This is for
+ testing the server's timeout. */
+
+ if (strcmp(CS out, "starttls_wait") == 0)
+ {
+ out[8] = 0;
+ n = 8;
+ }
+ #endif
+
+ printf(">>> %s\n", out);
+ if (crlf)
+ {
+ strcpy(CS out + n, "\r\n");
+ n += 2;
+ }
+
+ n = unescape_buf(out, n);
+
+ /* OK, do it */
+
+ alarm(timeout);
+ if (srv->tls_active)
+ {
+ #ifdef HAVE_OPENSSL
+ rc = SSL_write (srv->ssl, out, n);
+ #endif
+ #ifdef HAVE_GNUTLS
+ if ((rc = gnutls_record_send(tls_session, CS out, n)) < 0)
+ {
+ printf("GnuTLS write error: %s\n", gnutls_strerror(rc));
+ exit(76);
+ }
+ #endif
+ }
+ else
+ rc = write(srv->sock, out, n);
+ alarm(0);
+
+ if (rc < 0)
+ {
+ printf("Write error: %s\n", strerror(errno));
+ exit(75);
+ }
+ }
+ }
+}
[<key file>]\n\
\n";
-int main(int argc, char **argv)
+int
+main(int argc, char **argv)
{
struct sockaddr *s_ptr;
struct sockaddr_in s_in4;
char *keyfile = NULL;
char *end = NULL;
int argi = 1;
-int host_af, port, s_len, rc, sock, save_errno;
+int host_af, port, s_len, rc, save_errno;
int timeout = 5;
-int tls_active = 0;
-int sent_starttls = 0;
int tls_on_connect = 0;
long tmplong;
struct sockaddr_in6 s_in6;
#endif
-#ifdef HAVE_OPENSSL
-SSL_CTX* ctx;
-SSL* ssl;
-#endif
+srv_ctx srv;
-unsigned char outbuffer[10240];
unsigned char inbuffer[10240];
unsigned char *inptr = inbuffer;
*inptr = 0; /* Buffer empty */
+srv.tls_active = 0;
+srv.sent_starttls = 0;
/* Options */
printf("Connecting to %s port %d ... ", address, port);
-sock = socket(host_af, SOCK_STREAM, 0);
-if (sock < 0)
+srv.sock = socket(host_af, SOCK_STREAM, 0);
+if (srv.sock < 0)
{
printf("socket creation failed: %s\n", strerror(errno));
exit(89);
/* Bind */
- if (bind(sock, s_ptr, s_len) < 0)
+ if (bind(srv.sock, s_ptr, s_len) < 0)
{
printf("Unable to bind outgoing SMTP call to %s: %s",
interface, strerror(errno));
signal(SIGALRM, sigalrm_handler_crash);
alarm(timeout);
-rc = connect(sock, s_ptr, s_len);
+rc = connect(srv.sock, s_ptr, s_len);
save_errno = errno;
alarm(0);
if (rc < 0)
{
- close(sock);
+ close(srv.sock);
printf("connect failed: %s\n", strerror(save_errno));
exit(85);
}
SSL_library_init();
SSL_load_error_strings();
-ctx = SSL_CTX_new(SSLv23_method());
-if (ctx == NULL)
+if (!(srv.ctx = SSL_CTX_new(SSLv23_method())))
{
printf ("SSL_CTX_new failed\n");
exit(84);
}
-if (certfile != NULL)
+if (certfile)
{
- if (!SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM))
+ if (!SSL_CTX_use_certificate_file(srv.ctx, certfile, SSL_FILETYPE_PEM))
{
printf("SSL_CTX_use_certificate_file failed\n");
exit(83);
printf("Certificate file = %s\n", certfile);
}
-if (keyfile != NULL)
+if (keyfile)
{
- if (!SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM))
+ if (!SSL_CTX_use_PrivateKey_file(srv.ctx, keyfile, SSL_FILETYPE_PEM))
{
printf("SSL_CTX_use_PrivateKey_file failed\n");
exit(82);
printf("Key file = %s\n", keyfile);
}
-SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_BOTH);
-SSL_CTX_set_timeout(ctx, 200);
-SSL_CTX_set_info_callback(ctx, (void (*)())info_callback);
+SSL_CTX_set_session_cache_mode(srv.ctx, SSL_SESS_CACHE_BOTH);
+SSL_CTX_set_timeout(srv.ctx, 200);
+SSL_CTX_set_info_callback(srv.ctx, (void (*)())info_callback);
#endif
if (ocsp_stapling)
gnutls_ocsp_status_request_enable_client(tls_session, NULL, 0, NULL);
#endif
-gnutls_transport_set_ptr(tls_session, (gnutls_transport_ptr_t)(intptr_t)sock);
+gnutls_transport_set_ptr(tls_session, (gnutls_transport_ptr_t)(intptr_t)srv.sock);
/* When the server asks for a certificate and the client does not have one,
there is a SIGPIPE error in the gnutls_handshake() function for some reason
printf("Attempting to start TLS\n");
#ifdef HAVE_OPENSSL
- tls_active = tls_start(sock, &ssl, ctx);
+ srv.tls_active = tls_start(srv.sock, &srv.ssl, srv.ctx);
#endif
#ifdef HAVE_GNUTLS
do {
rc = gnutls_handshake(tls_session);
} while (rc < 0 && gnutls_error_is_fatal(rc) == 0);
- tls_active = rc >= 0;
+ srv.tls_active = rc >= 0;
alarm(0);
- if (!tls_active) printf("%s\n", gnutls_strerror(rc));
+ if (!srv.tls_active) printf("%s\n", gnutls_strerror(rc));
}
#endif
- if (!tls_active)
+ if (!srv.tls_active)
printf("Failed to start TLS\n");
#if defined(HAVE_GNUTLS) && defined(HAVE_OCSP)
else if ( ocsp_stapling
}
#endif
-while (fgets(CS outbuffer, sizeof(outbuffer), stdin) != NULL)
- {
- int n = (int)strlen(CS outbuffer);
-
- /* Strip trailing newline */
- if (outbuffer[n-1] == '\n') outbuffer[--n] = 0;
-
- /* Expect incoming */
-
- if ( strncmp(CS outbuffer, "???", 3) == 0
- && (outbuffer[3] == ' ' || outbuffer[3] == '*')
- )
- {
- unsigned char *lineptr;
- unsigned exp_eof = outbuffer[3] == '*';
-
- printf("%s\n", outbuffer);
-
- if (*inptr == 0) /* Refill input buffer */
- {
- if (tls_active)
- {
- #ifdef HAVE_OPENSSL
- rc = SSL_read (ssl, inbuffer, sizeof(inbuffer) - 1);
- #endif
- #ifdef HAVE_GNUTLS
- rc = gnutls_record_recv(tls_session, CS inbuffer, sizeof(inbuffer) - 1);
- #endif
- }
- else
- {
- alarm(timeout);
- rc = read(sock, inbuffer, sizeof(inbuffer));
- alarm(0);
- }
-
- if (rc < 0)
- {
- printf("Read error %s\n", strerror(errno));
- exit(81);
- }
- else if (rc == 0)
- if (exp_eof)
- {
- printf("Expected EOF read\n");
- continue;
- }
- else
- {
- printf("Enexpected EOF read\n");
- close(sock);
- exit(80);
- }
- else if (exp_eof)
- {
- printf("Expected EOF not read\n");
- close(sock);
- exit(74);
- }
- else
- {
- inbuffer[rc] = 0;
- inptr = inbuffer;
- }
- }
-
- lineptr = inptr;
- while (*inptr != 0 && *inptr != '\r' && *inptr != '\n') inptr++;
- if (*inptr != 0)
- {
- *inptr++ = 0;
- if (*inptr == '\n') inptr++;
- }
-
- printf("<<< %s\n", lineptr);
- if (strncmp(CS lineptr, CS outbuffer + 4, (int)strlen(CS outbuffer) - 4) != 0)
- {
- printf("\n******** Input mismatch ********\n");
- exit(79);
- }
-
- #ifdef HAVE_TLS
- if (sent_starttls)
- {
- if (lineptr[0] == '2')
- {
-int rc;
- unsigned int verify;
-
- printf("Attempting to start TLS\n");
- fflush(stdout);
-
- #ifdef HAVE_OPENSSL
- tls_active = tls_start(sock, &ssl, ctx);
- #endif
-
- #ifdef HAVE_GNUTLS
- {
- int rc;
- sigalrm_seen = FALSE;
- alarm(timeout);
- do {
- rc = gnutls_handshake(tls_session);
- } while (rc < 0 && gnutls_error_is_fatal(rc) == 0);
- tls_active = rc >= 0;
- alarm(0);
-
- if (!tls_active) printf("%s\n", gnutls_strerror(rc));
- }
- #endif
-
- if (!tls_active)
- {
- printf("Failed to start TLS\n");
- fflush(stdout);
- }
- #ifdef HAVE_GNUTLS
- else if (ocsp_stapling)
- {
- if ((rc= gnutls_certificate_verify_peers2(tls_session, &verify)) < 0)
- {
- printf("Failed to verify certificate: %s\n", gnutls_strerror(rc));
- fflush(stdout);
- }
- else if (verify & (GNUTLS_CERT_INVALID|GNUTLS_CERT_REVOKED))
- {
- printf("Bad certificate\n");
- fflush(stdout);
- }
- #ifdef HAVE_OCSP
- else if (gnutls_ocsp_status_request_is_checked(tls_session, 0) == 0)
- {
- printf("Failed to verify certificate status\n");
- {
- gnutls_datum_t stapling;
- gnutls_ocsp_resp_t resp;
- gnutls_datum_t printed;
- if ( (rc= gnutls_ocsp_status_request_get(tls_session, &stapling)) == 0
- && (rc= gnutls_ocsp_resp_init(&resp)) == 0
- && (rc= gnutls_ocsp_resp_import(resp, &stapling)) == 0
- && (rc= gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &printed)) == 0
- )
- {
- fprintf(stderr, "%.4096s", printed.data);
- gnutls_free(printed.data);
- }
- else
- (void) fprintf(stderr,"ocsp decode: %s", gnutls_strerror(rc));
- }
- fflush(stdout);
- }
- #endif
- }
- #endif
- else
- printf("Succeeded in starting TLS\n");
- }
- else printf("Abandoning TLS start attempt\n");
- }
- sent_starttls = 0;
- #endif
- }
-
- /* Wait for a bit before proceeding */
-
- else if (strncmp(CS outbuffer, "+++ ", 4) == 0)
- {
- printf("%s\n", outbuffer);
- sleep(atoi(CS outbuffer + 4));
- }
-
- /* Send outgoing, but barf if unconsumed incoming */
-
- else
- {
- unsigned char *escape;
-
- if (*inptr != 0)
- {
- printf("Unconsumed input: %s", inptr);
- printf(" About to send: %s\n", outbuffer);
- exit(78);
- }
-
- #ifdef HAVE_TLS
-
- /* Shutdown TLS */
-
- if (strcmp(CS outbuffer, "stoptls") == 0 ||
- strcmp(CS outbuffer, "STOPTLS") == 0)
- {
- if (!tls_active)
- {
- printf("STOPTLS read when TLS not active\n");
- exit(77);
- }
- printf("Shutting down TLS encryption\n");
-
- #ifdef HAVE_OPENSSL
- SSL_shutdown(ssl);
- SSL_free(ssl);
- #endif
-
- #ifdef HAVE_GNUTLS
- gnutls_bye(tls_session, GNUTLS_SHUT_WR);
- gnutls_deinit(tls_session);
- tls_session = NULL;
- gnutls_global_deinit();
- #endif
-
- tls_active = 0;
- continue;
- }
-
- /* Remember that we sent STARTTLS */
-
- sent_starttls = (strcmp(CS outbuffer, "starttls") == 0 ||
- strcmp(CS outbuffer, "STARTTLS") == 0);
-
- /* Fudge: if the command is "starttls_wait", we send the starttls bit,
- but we haven't set the flag, so that there is no negotiation. This is for
- testing the server's timeout. */
-
- if (strcmp(CS outbuffer, "starttls_wait") == 0)
- {
- outbuffer[8] = 0;
- n = 8;
- }
- #endif
-
- printf(">>> %s\n", outbuffer);
- strcpy(CS outbuffer + n, "\r\n");
-
- /* Turn "\n" and "\r" into the relevant characters. This is a hack. */
-
- while ((escape = US strstr(CS outbuffer, "\\r")) != NULL)
- {
- *escape = '\r';
- memmove(escape + 1, escape + 2, (n + 2) - (escape - outbuffer) - 2);
- n--;
- }
-
- while ((escape = US strstr(CS outbuffer, "\\n")) != NULL)
- {
- *escape = '\n';
- memmove(escape + 1, escape + 2, (n + 2) - (escape - outbuffer) - 2);
- n--;
- }
-
- /* OK, do it */
-
- alarm(timeout);
- if (tls_active)
- {
- #ifdef HAVE_OPENSSL
- rc = SSL_write (ssl, outbuffer, n + 2);
- #endif
- #ifdef HAVE_GNUTLS
- rc = gnutls_record_send(tls_session, CS outbuffer, n + 2);
- if (rc < 0)
- {
- printf("GnuTLS write error: %s\n", gnutls_strerror(rc));
- exit(76);
- }
- #endif
- }
- else
- {
- rc = write(sock, outbuffer, n + 2);
- }
- alarm(0);
-
- if (rc < 0)
- {
- printf("Write error: %s\n", strerror(errno));
- exit(75);
- }
- }
- }
+do_file(&srv, stdin, timeout, inbuffer, sizeof(inbuffer), inptr);
printf("End of script\n");
-shutdown(sock, SHUT_WR);
-while ((rc = read(sock, inbuffer, sizeof(inbuffer))) > 0) ;
-close(sock);
+shutdown(srv.sock, SHUT_WR);
+while (read(srv.sock, inbuffer, sizeof(inbuffer)) > 0) ;
+close(srv.sock);
exit(0);
}
the DNS record type that is being sought
The output from the program is written to stdout. It is supposed to be in
-exactly the same format as a traditional namserver response (see RFC 1035) so
+exactly the same format as a traditional nameserver response (see RFC 1035) so
that Exim can process it as normal. At present, no compression is used.
Error messages are written to stderr.
rr_sec = TRUE;
p += 7;
}
- else if (Ustrncmp(p, US"AA ", 3) == 0) /* tagged as authoritive */
+ else if (Ustrncmp(p, US"AA ", 3) == 0) /* tagged as authoritative */
{
rr_aa = TRUE;
p += 3;
header->ancount = htons(count);
/* If the AA bit should be set (as indicated by the AA prefix in the zone file),
-we are expected to return some records in the authortive section. Bind9: If
-there is data in the answer section, the authoritive section contains the NS
+we are expected to return some records in the authoritative section. Bind9: If
+there is data in the answer section, the authoritative section contains the NS
records, otherwise it contains the SOA record. Currently we mimic this
behaviour for the first case (there is some answer record).
*/
#ifndef CS
# define CS (char *)
+# define CCS (const char *)
#endif
n = dlen < sizeof(buffer) ? dlen : sizeof(buffer);
if ((n = read(dup_accept_socket, CS buffer, n)) == 0)
{
- printf("Unxpected EOF read from client\n");
+ printf("Unexpected EOF read from client\n");
s = s->next;
goto END_OFF;
}
while (dlen-- > 0)
if (fgetc(in) == EOF)
{
- printf("Unxpected EOF read from client\n");
+ printf("Unexpected EOF read from client\n");
s = s->next;
goto END_OFF;
}
alarm(0);
n += offset;
- printit(buffer, n);
+ printit(CS buffer, n);
if (data) do
{
}
}
- if (sscanf(buffer, "<Content-length: %d", &content_length.left)) content_length.in_use = TRUE;
- if (content_length.in_use && content_length.left <= 0) shutdown(dup_accept_socket, SHUT_RD);
+ if (sscanf(CCS buffer, "<Content-length: %d", &content_length.left))
+ content_length.in_use = TRUE;
+ if (content_length.in_use && content_length.left <= 0)
+ shutdown(dup_accept_socket, SHUT_RD);
}
}
Exim version x.yz ....
configuration file is TESTSUITE/test-config
admin user
-considering: primary_hostname: $primary_hostname
- expanding: primary_hostname: $primary_hostname
- result: primary_hostname: myhost.test.ex
-considering: match: ${if match{abcd}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
-considering: abcd}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
- expanding: abcd
- result: abcd
-considering: \N^([ab]+)(\w+)$\N}{$2$1}fail}
- expanding: \N^([ab]+)(\w+)$\N
- result: ^([ab]+)(\w+)$
- condition: match{abcd}{\N^([ab]+)(\w+)$\N}
- result: true
-considering: $2$1}fail}
- expanding: $2$1
- result: cdab
- expanding: match: ${if match{abcd}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
- result: match: cdab
-considering: match: ${if match{wxyz}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
-considering: wxyz}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
- expanding: wxyz
- result: wxyz
-considering: \N^([ab]+)(\w+)$\N}{$2$1}fail}
- expanding: \N^([ab]+)(\w+)$\N
- result: ^([ab]+)(\w+)$
- condition: match{wxyz}{\N^([ab]+)(\w+)$\N}
- result: false
- scanning: $2$1}fail}
- expanding: $2$1
- result:
- skipping: result is not used
-failed to expand: match: ${if match{wxyz}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
- error message: "if" failed and "fail" requested
-failure was forced
-considering: ${if eq {1}{1}{yes}{${lookup{xx}lsearch{/non/exist}}}}
-considering: 1}{1}{yes}{${lookup{xx}lsearch{/non/exist}}}}
- expanding: 1
- result: 1
-considering: 1}{yes}{${lookup{xx}lsearch{/non/exist}}}}
- expanding: 1
- result: 1
- condition: eq {1}{1}
- result: true
-considering: yes}{${lookup{xx}lsearch{/non/exist}}}}
- expanding: yes
- result: yes
- scanning: ${lookup{xx}lsearch{/non/exist}}}}
- scanning: xx}lsearch{/non/exist}}}}
- expanding: xx
- result: xx
- skipping: result is not used
- scanning: /non/exist}}}}
- expanding: /non/exist
- result: /non/exist
- skipping: result is not used
- expanding: ${lookup{xx}lsearch{/non/exist}}
- result:
- skipping: result is not used
- expanding: ${if eq {1}{1}{yes}{${lookup{xx}lsearch{/non/exist}}}}
- result: yes
-considering: match_address: ${if match_address{a.b.c}{a.b.c}{yes}{no}}
-considering: a.b.c}{a.b.c}{yes}{no}}
- expanding: a.b.c
- result: a.b.c
-considering: a.b.c}{yes}{no}}
- expanding: a.b.c
- result: a.b.c
+ ┌considering: primary_hostname: $primary_hostname
+ ├──expanding: primary_hostname: $primary_hostname
+ └─────result: primary_hostname: myhost.test.ex
+ ┌considering: match: ${if match{abcd}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
+ ┌considering: abcd}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
+ ├──expanding: abcd
+ └─────result: abcd
+ ┌considering: \N^([ab]+)(\w+)$\N}{$2$1}fail}
+ ├──expanding: \N^([ab]+)(\w+)$\N
+ └─────result: ^([ab]+)(\w+)$
+ ├──condition: match{abcd}{\N^([ab]+)(\w+)$\N}
+ ├─────result: true
+ ┌considering: $2$1}fail}
+ ├──expanding: $2$1
+ └─────result: cdab
+ ├──expanding: match: ${if match{abcd}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
+ └─────result: match: cdab
+ ┌considering: match: ${if match{wxyz}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
+ ┌considering: wxyz}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
+ ├──expanding: wxyz
+ └─────result: wxyz
+ ┌considering: \N^([ab]+)(\w+)$\N}{$2$1}fail}
+ ├──expanding: \N^([ab]+)(\w+)$\N
+ └─────result: ^([ab]+)(\w+)$
+ ├──condition: match{wxyz}{\N^([ab]+)(\w+)$\N}
+ ├─────result: false
+ ┌───scanning: $2$1}fail}
+ ├──expanding: $2$1
+ ├─────result:
+ └───skipping: result is not used
+ ├failed to expand: match: ${if match{wxyz}{\N^([ab]+)(\w+)$\N}{$2$1}fail}
+ ├───error message: "if" failed and "fail" requested
+ └failure was forced
+ ┌considering: ${if eq {1}{1}{yes}{${lookup{xx}lsearch{/non/exist}}}}
+ ┌considering: 1}{1}{yes}{${lookup{xx}lsearch{/non/exist}}}}
+ ├──expanding: 1
+ └─────result: 1
+ ┌considering: 1}{yes}{${lookup{xx}lsearch{/non/exist}}}}
+ ├──expanding: 1
+ └─────result: 1
+ ├──condition: eq {1}{1}
+ ├─────result: true
+ ┌considering: yes}{${lookup{xx}lsearch{/non/exist}}}}
+ ├──expanding: yes
+ └─────result: yes
+ ┌───scanning: ${lookup{xx}lsearch{/non/exist}}}}
+ ┌───scanning: xx}lsearch{/non/exist}}}}
+ ├──expanding: xx
+ ├─────result: xx
+ └───skipping: result is not used
+ ┌───scanning: /non/exist}}}}
+ ├──expanding: /non/exist
+ ├─────result: /non/exist
+ └───skipping: result is not used
+ ├──expanding: ${lookup{xx}lsearch{/non/exist}}
+ ├─────result:
+ └───skipping: result is not used
+ ├──expanding: ${if eq {1}{1}{yes}{${lookup{xx}lsearch{/non/exist}}}}
+ └─────result: yes
+ ┌considering: match_address: ${if match_address{a.b.c}{a.b.c}{yes}{no}}
+ ┌considering: a.b.c}{a.b.c}{yes}{no}}
+ ├──expanding: a.b.c
+ └─────result: a.b.c
+ ┌considering: a.b.c}{yes}{no}}
+ ├──expanding: a.b.c
+ └─────result: a.b.c
LOG: MAIN PANIC
no @ found in the subject of an address list match: subject="a.b.c" pattern="a.b.c"
- condition: match_address{a.b.c}{a.b.c}
- result: false
- scanning: yes}{no}}
- expanding: yes
- result: yes
- skipping: result is not used
-considering: no}}
- expanding: no
- result: no
- expanding: match_address: ${if match_address{a.b.c}{a.b.c}{yes}{no}}
- result: match_address: no
+ ├──condition: match_address{a.b.c}{a.b.c}
+ ├─────result: false
+ ┌───scanning: yes}{no}}
+ ├──expanding: yes
+ ├─────result: yes
+ └───skipping: result is not used
+ ┌considering: no}}
+ ├──expanding: no
+ └─────result: no
+ ├──expanding: match_address: ${if match_address{a.b.c}{a.b.c}{yes}{no}}
+ └─────result: match_address: no
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
Exim version x.yz ....
configuration file is TESTSUITE/test-config
admin user
-considering: -oMa sender_host_address = $sender_host_address
- expanding: -oMa sender_host_address = $sender_host_address
- result: -oMa sender_host_address = V4NET.0.0.1
-considering: sender_host_port = $sender_host_port
- expanding: sender_host_port = $sender_host_port
- result: sender_host_port = 1234
-considering: -oMaa sender_host_authenticated = $sender_host_authenticated
- expanding: -oMaa sender_host_authenticated = $sender_host_authenticated
- result: -oMaa sender_host_authenticated = AAA
-considering: -oMai authenticated_id = $authenticated_id
- expanding: -oMai authenticated_id = $authenticated_id
- result: -oMai authenticated_id = philip
-considering: -oMas authenticated_sender = $authenticated_sender
- expanding: -oMas authenticated_sender = $authenticated_sender
- result: -oMas authenticated_sender = xx@yy.zz
-considering: -oMi interface_address = $interface_address
- expanding: -oMi interface_address = $interface_address
- result: -oMi interface_address = 1.1.1.1
-considering: interface_port = $interface_port
- expanding: interface_port = $interface_port
- result: interface_port = 99
-considering: -oMr received_protocol = $received_protocol
- expanding: -oMr received_protocol = $received_protocol
- result: -oMr received_protocol = special
-considering: -oMt sender_ident = $sender_ident
- expanding: -oMt sender_ident = $sender_ident
- result: -oMt sender_ident = me
+ ┌considering: -oMa sender_host_address = $sender_host_address
+ ├──expanding: -oMa sender_host_address = $sender_host_address
+ └─────result: -oMa sender_host_address = V4NET.0.0.1
+ ┌considering: sender_host_port = $sender_host_port
+ ├──expanding: sender_host_port = $sender_host_port
+ └─────result: sender_host_port = 1234
+ ┌considering: -oMaa sender_host_authenticated = $sender_host_authenticated
+ ├──expanding: -oMaa sender_host_authenticated = $sender_host_authenticated
+ └─────result: -oMaa sender_host_authenticated = AAA
+ ┌considering: -oMai authenticated_id = $authenticated_id
+ ├──expanding: -oMai authenticated_id = $authenticated_id
+ └─────result: -oMai authenticated_id = philip
+ ┌considering: -oMas authenticated_sender = $authenticated_sender
+ ├──expanding: -oMas authenticated_sender = $authenticated_sender
+ └─────result: -oMas authenticated_sender = xx@yy.zz
+ ┌considering: -oMi interface_address = $interface_address
+ ├──expanding: -oMi interface_address = $interface_address
+ └─────result: -oMi interface_address = 1.1.1.1
+ ┌considering: interface_port = $interface_port
+ ├──expanding: interface_port = $interface_port
+ └─────result: interface_port = 99
+ ┌considering: -oMr received_protocol = $received_protocol
+ ├──expanding: -oMr received_protocol = $received_protocol
+ └─────result: -oMr received_protocol = special
+ ┌considering: -oMt sender_ident = $sender_ident
+ ├──expanding: -oMt sender_ident = $sender_ident
+ └─────result: -oMt sender_ident = me
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
1999-03-02 09:44:33 no host name found for IP address V4NET.11.12.13
Exim version x.yz ....
configuration file is TESTSUITE/test-config
admin user
-considering: -oMa sender_host_address = $sender_host_address
- expanding: -oMa sender_host_address = $sender_host_address
- result: -oMa sender_host_address = V4NET.0.0.1
-considering: sender_host_port = $sender_host_port
- expanding: sender_host_port = $sender_host_port
- result: sender_host_port = 1234
-considering: -oMaa sender_host_authenticated = $sender_host_authenticated
- expanding: -oMaa sender_host_authenticated = $sender_host_authenticated
- result: -oMaa sender_host_authenticated = AAA
-considering: -oMai authenticated_id = $authenticated_id
- expanding: -oMai authenticated_id = $authenticated_id
- result: -oMai authenticated_id = philip
-considering: -oMas authenticated_sender = $authenticated_sender
- expanding: -oMas authenticated_sender = $authenticated_sender
- result: -oMas authenticated_sender = xx@yy.zz
-considering: -oMi interface_address = $interface_address
- expanding: -oMi interface_address = $interface_address
- result: -oMi interface_address = 1.1.1.1
-considering: interface_port = $interface_port
- expanding: interface_port = $interface_port
- result: interface_port = 99
-considering: -oMr received_protocol = $received_protocol
- expanding: -oMr received_protocol = $received_protocol
- result: -oMr received_protocol = special
-considering: ----> No lookup yet: ${if eq{black}{white}{$sender_host_name}{No}}
-considering: black}{white}{$sender_host_name}{No}}
- expanding: black
- result: black
-considering: white}{$sender_host_name}{No}}
- expanding: white
- result: white
- condition: eq{black}{white}
- result: false
- scanning: $sender_host_name}{No}}
- expanding: $sender_host_name
- result:
- skipping: result is not used
-considering: No}}
- expanding: No
- result: No
- expanding: ----> No lookup yet: ${if eq{black}{white}{$sender_host_name}{No}}
- result: ----> No lookup yet: No
-considering: -oMs sender_host_name = $sender_host_name
+ ┌considering: -oMa sender_host_address = $sender_host_address
+ ├──expanding: -oMa sender_host_address = $sender_host_address
+ └─────result: -oMa sender_host_address = V4NET.0.0.1
+ ┌considering: sender_host_port = $sender_host_port
+ ├──expanding: sender_host_port = $sender_host_port
+ └─────result: sender_host_port = 1234
+ ┌considering: -oMaa sender_host_authenticated = $sender_host_authenticated
+ ├──expanding: -oMaa sender_host_authenticated = $sender_host_authenticated
+ └─────result: -oMaa sender_host_authenticated = AAA
+ ┌considering: -oMai authenticated_id = $authenticated_id
+ ├──expanding: -oMai authenticated_id = $authenticated_id
+ └─────result: -oMai authenticated_id = philip
+ ┌considering: -oMas authenticated_sender = $authenticated_sender
+ ├──expanding: -oMas authenticated_sender = $authenticated_sender
+ └─────result: -oMas authenticated_sender = xx@yy.zz
+ ┌considering: -oMi interface_address = $interface_address
+ ├──expanding: -oMi interface_address = $interface_address
+ └─────result: -oMi interface_address = 1.1.1.1
+ ┌considering: interface_port = $interface_port
+ ├──expanding: interface_port = $interface_port
+ └─────result: interface_port = 99
+ ┌considering: -oMr received_protocol = $received_protocol
+ ├──expanding: -oMr received_protocol = $received_protocol
+ └─────result: -oMr received_protocol = special
+ ┌considering: ----> No lookup yet: ${if eq{black}{white}{$sender_host_name}{No}}
+ ┌considering: black}{white}{$sender_host_name}{No}}
+ ├──expanding: black
+ └─────result: black
+ ┌considering: white}{$sender_host_name}{No}}
+ ├──expanding: white
+ └─────result: white
+ ├──condition: eq{black}{white}
+ ├─────result: false
+ ┌───scanning: $sender_host_name}{No}}
+ ├──expanding: $sender_host_name
+ ├─────result:
+ └───skipping: result is not used
+ ┌considering: No}}
+ ├──expanding: No
+ └─────result: No
+ ├──expanding: ----> No lookup yet: ${if eq{black}{white}{$sender_host_name}{No}}
+ └─────result: ----> No lookup yet: No
+ ┌considering: -oMs sender_host_name = $sender_host_name
looking up host name for V4NET.0.0.1
IP address lookup yielded "ten-1.test.ex"
ten-1.test.ex V4NET.0.0.1 mx=-1 sort=xx
V4NET.0.0.1 OK
sender_fullhost = ten-1.test.ex [V4NET.0.0.1]
sender_rcvhost = ten-1.test.ex ([V4NET.0.0.1] ident=me)
- expanding: -oMs sender_host_name = $sender_host_name
- result: -oMs sender_host_name = ten-1.test.ex
-considering: -oMt sender_ident = $sender_ident
- expanding: -oMt sender_ident = $sender_ident
- result: -oMt sender_ident = me
+ ├──expanding: -oMs sender_host_name = $sender_host_name
+ └─────result: -oMs sender_host_name = ten-1.test.ex
+ ┌considering: -oMt sender_ident = $sender_ident
+ ├──expanding: -oMt sender_ident = $sender_ident
+ └─────result: -oMt sender_ident = me
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
Exim version x.yz ....
changed uid/gid: forcing real = effective
rcpt accepted
accept: condition test succeeded in ACL "rcpt"
end of ACL "rcpt": ACCEPT
-host in ignore_fromline_hosts? no (option unset)
>>Headers added by MAIL or RCPT ACL:
X-ACL-Warn: added header line
>>
SMTP<< data
SMTP>> 354 Enter message, ending with "." on a line by itself
search_tidyup called
-host in ignore_fromline_hosts? no (option unset)
>>Headers received:
search_tidyup called
SMTP<< data
SMTP>> 354 Enter message, ending with "." on a line by itself
search_tidyup called
-host in ignore_fromline_hosts? no (option unset)
>>Headers received:
search_tidyup called
SMTP<< data
SMTP>> 354 Enter message, ending with "." on a line by itself
search_tidyup called
-host in ignore_fromline_hosts? no (option unset)
>>Headers received:
search_tidyup called
>>> using ACL "nested_drop"
>>> processing "accept"
>>> check acl = drop
->>> using ACL "drop"
->>> processing "drop"
->>> message: forcibly dropped
->>> drop: condition test succeeded in ACL "drop"
->>> end of ACL "drop": DROP
+>>> using ACL "drop"
+>>> processing "drop"
+>>> message: forcibly dropped
+>>> drop: condition test succeeded in ACL "drop"
+>>> end of ACL "drop": DROP
>>> accept: condition test yielded "drop" in ACL "nested_drop"
>>> accept: endpass encountered - denying access
LOG: H=[V4NET.9.8.7] F=<x@y> rejected RCPT <nested_drop@y>: forcibly dropped
>>> using ACL "nested_drop_require"
>>> processing "require"
>>> check acl = drop
->>> using ACL "drop"
->>> processing "drop"
->>> message: forcibly dropped
->>> drop: condition test succeeded in ACL "drop"
->>> end of ACL "drop": DROP
+>>> using ACL "drop"
+>>> processing "drop"
+>>> message: forcibly dropped
+>>> drop: condition test succeeded in ACL "drop"
+>>> end of ACL "drop": DROP
>>> require: condition test yielded "drop" in ACL "nested_drop_require"
>>> end of ACL "nested_drop_require": not OK
LOG: H=[V4NET.9.8.7] F=<x@y> rejected RCPT <nested_drop_require@y>: forcibly dropped
>>> host in "5.6.12.1"? yes (matched "5.6.12.1")
>>> message: failed nested acl
>>> check acl = acl_5_6_12A
->>> using ACL "acl_5_6_12A"
->>> processing "accept"
->>> check domains = ok
+>>> using ACL "acl_5_6_12A"
+>>> processing "accept"
+>>> check domains = ok
>>> ok in "ok"? yes (matched "ok")
->>> accept: condition test succeeded in ACL "acl_5_6_12A"
->>> end of ACL "acl_5_6_12A": ACCEPT
+>>> accept: condition test succeeded in ACL "acl_5_6_12A"
+>>> end of ACL "acl_5_6_12A": ACCEPT
>>> accept: condition test succeeded in ACL "acl_5_6_12"
>>> end of ACL "acl_5_6_12": ACCEPT
>>> using ACL "acl_5_6_12"
>>> host in "5.6.12.1"? yes (matched "5.6.12.1")
>>> message: failed nested acl
>>> check acl = acl_5_6_12A
->>> using ACL "acl_5_6_12A"
->>> processing "accept"
->>> check domains = ok
+>>> using ACL "acl_5_6_12A"
+>>> processing "accept"
+>>> check domains = ok
>>> y in "ok"? no (end of list)
->>> accept: condition test failed in ACL "acl_5_6_12A"
->>> end of ACL "acl_5_6_12A": implicit DENY
+>>> accept: condition test failed in ACL "acl_5_6_12A"
+>>> end of ACL "acl_5_6_12A": implicit DENY
>>> accept: condition test failed in ACL "acl_5_6_12"
>>> accept: endpass encountered - denying access
LOG: H=[5.6.12.1] F=<x@y> rejected RCPT <x@y>: failed nested acl
>>> using ACL "acl_8_8_8"
>>> processing "accept"
>>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> using ACL "acl_8_8_8"
->>> processing "accept"
->>> check acl = acl_8_8_8
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
->>> accept: condition test error in ACL "acl_8_8_8"
+>>> using ACL "acl_8_8_8"
+>>> processing "accept"
+>>> check acl = acl_8_8_8
+>>> using ACL "acl_8_8_8"
+>>> processing "accept"
+>>> check acl = acl_8_8_8
+>>> using ACL "acl_8_8_8"
+>>> processing "accept"
+>>> check acl = acl_8_8_8
+>>> ╎using ACL "acl_8_8_8"
+>>> ╎processing "accept"
+>>> ╎check acl = acl_8_8_8
+>>> ╎ using ACL "acl_8_8_8"
+>>> ╎ processing "accept"
+>>> ╎ check acl = acl_8_8_8
+>>> ╎ using ACL "acl_8_8_8"
+>>> ╎ processing "accept"
+>>> ╎ check acl = acl_8_8_8
+>>> ╎ using ACL "acl_8_8_8"
+>>> ╎ processing "accept"
+>>> ╎ check acl = acl_8_8_8
+>>> ╎ ╎using ACL "acl_8_8_8"
+>>> ╎ ╎processing "accept"
+>>> ╎ ╎check acl = acl_8_8_8
+>>> ╎ ╎ using ACL "acl_8_8_8"
+>>> ╎ ╎ processing "accept"
+>>> ╎ ╎ check acl = acl_8_8_8
+>>> ╎ ╎ using ACL "acl_8_8_8"
+>>> ╎ ╎ processing "accept"
+>>> ╎ ╎ check acl = acl_8_8_8
+>>> ╎ ╎ using ACL "acl_8_8_8"
+>>> ╎ ╎ processing "accept"
+>>> ╎ ╎ check acl = acl_8_8_8
+>>> ╎ ╎ ╎using ACL "acl_8_8_8"
+>>> ╎ ╎ ╎processing "accept"
+>>> ╎ ╎ ╎check acl = acl_8_8_8
+>>> ╎ ╎ ╎ using ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ processing "accept"
+>>> ╎ ╎ ╎ check acl = acl_8_8_8
+>>> ╎ ╎ ╎ using ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ processing "accept"
+>>> ╎ ╎ ╎ check acl = acl_8_8_8
+>>> ╎ ╎ ╎ using ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ processing "accept"
+>>> ╎ ╎ ╎ check acl = acl_8_8_8
+>>> ╎ ╎ ╎ ╎using ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ ╎processing "accept"
+>>> ╎ ╎ ╎ ╎check acl = acl_8_8_8
+>>> ╎ ╎ ╎ ╎ using ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ ╎ processing "accept"
+>>> ╎ ╎ ╎ ╎ check acl = acl_8_8_8
+>>> ╎ ╎ ╎ ╎ using ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ ╎ processing "accept"
+>>> ╎ ╎ ╎ ╎ check acl = acl_8_8_8
+>>> ╎ ╎ ╎ ╎ using ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ ╎ processing "accept"
+>>> ╎ ╎ ╎ ╎ check acl = acl_8_8_8
+>>> ╎ ╎ ╎ ╎ ╎using ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ ╎ ╎processing "accept"
+>>> ╎ ╎ ╎ ╎ ╎check acl = acl_8_8_8
+>>> ╎ ╎ ╎ ╎ ╎accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ ╎accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎ ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎ ╎accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ ╎accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎ accept: condition test error in ACL "acl_8_8_8"
+>>> ╎accept: condition test error in ACL "acl_8_8_8"
+>>> accept: condition test error in ACL "acl_8_8_8"
+>>> accept: condition test error in ACL "acl_8_8_8"
+>>> accept: condition test error in ACL "acl_8_8_8"
>>> accept: condition test error in ACL "acl_8_8_8"
LOG: H=[8.8.8.8] F=<x@y> temporarily rejected RCPT <x@y>: ACL nested too deep: possible loop
>>> host in hosts_connection_nolog? no (option unset)
>>> using ACL "acl_5_6_13"
>>> processing "accept"
>>> check acl = TESTSUITE/aux-fixed/0023.acl1
->>> read ACL from file TESTSUITE/aux-fixed/0023.acl1
->>> processing "accept"
->>> check domains = y
+>>> read ACL from file TESTSUITE/aux-fixed/0023.acl1
+>>> processing "accept"
+>>> check domains = y
>>> y in "y"? yes (matched "y")
->>> check local_parts = x
+>>> check local_parts = x
>>> x in "x"? yes (matched "x")
->>> accept: condition test succeeded in ACL "TESTSUITE/aux-fixed/0023.acl1"
->>> end of ACL "TESTSUITE/aux-fixed/0023.acl1": ACCEPT
+>>> accept: condition test succeeded in ACL "TESTSUITE/aux-fixed/0023.acl1"
+>>> end of ACL "TESTSUITE/aux-fixed/0023.acl1": ACCEPT
>>> accept: condition test succeeded in ACL "acl_5_6_13"
>>> end of ACL "acl_5_6_13": ACCEPT
>>> using ACL "acl_5_6_13"
>>> processing "accept"
>>> check acl = TESTSUITE/aux-fixed/0023.acl1
->>> using ACL "TESTSUITE/aux-fixed/0023.acl1"
->>> processing "accept"
->>> check domains = y
+>>> using ACL "TESTSUITE/aux-fixed/0023.acl1"
+>>> processing "accept"
+>>> check domains = y
>>> y in "y"? yes (matched "y")
->>> check local_parts = x
+>>> check local_parts = x
>>> x1 in "x"? no (end of list)
->>> accept: condition test failed in ACL "TESTSUITE/aux-fixed/0023.acl1"
->>> end of ACL "TESTSUITE/aux-fixed/0023.acl1": implicit DENY
+>>> accept: condition test failed in ACL "TESTSUITE/aux-fixed/0023.acl1"
+>>> end of ACL "TESTSUITE/aux-fixed/0023.acl1": implicit DENY
>>> accept: condition test failed in ACL "acl_5_6_13"
>>> end of ACL "acl_5_6_13": implicit DENY
LOG: H=[5.6.13.1] F=<x@y> rejected RCPT <x1@y>
>>> using ACL "acl_5_6_13"
>>> processing "accept"
>>> check acl = TESTSUITE/aux-fixed/0023.acl1
->>> using ACL "TESTSUITE/aux-fixed/0023.acl1"
->>> processing "accept"
->>> check domains = y
+>>> using ACL "TESTSUITE/aux-fixed/0023.acl1"
+>>> processing "accept"
+>>> check domains = y
>>> y in "y"? yes (matched "y")
->>> check local_parts = x
+>>> check local_parts = x
>>> x2 in "x"? no (end of list)
->>> accept: condition test failed in ACL "TESTSUITE/aux-fixed/0023.acl1"
->>> end of ACL "TESTSUITE/aux-fixed/0023.acl1": implicit DENY
+>>> accept: condition test failed in ACL "TESTSUITE/aux-fixed/0023.acl1"
+>>> end of ACL "TESTSUITE/aux-fixed/0023.acl1": implicit DENY
>>> accept: condition test failed in ACL "acl_5_6_13"
>>> end of ACL "acl_5_6_13": implicit DENY
LOG: H=[5.6.13.1] F=<x@y> rejected RCPT <x2@y>
>>> using ACL "acl_60_60_60"
>>> processing "accept"
>>> check !acl = TESTSUITE/aux-fixed/0023.acl2
->>> read ACL from file TESTSUITE/aux-fixed/0023.acl2
->>> processing "accept"
->>> check domains = b
+>>> read ACL from file TESTSUITE/aux-fixed/0023.acl2
+>>> processing "accept"
+>>> check domains = b
>>> y in "b"? no (end of list)
->>> accept: condition test failed in ACL "TESTSUITE/aux-fixed/0023.acl2"
->>> end of ACL "TESTSUITE/aux-fixed/0023.acl2": implicit DENY
+>>> accept: condition test failed in ACL "TESTSUITE/aux-fixed/0023.acl2"
+>>> end of ACL "TESTSUITE/aux-fixed/0023.acl2": implicit DENY
>>> accept: condition test succeeded in ACL "acl_60_60_60"
>>> end of ACL "acl_60_60_60": ACCEPT
>>> using ACL "acl_60_60_60"
>>> processing "accept"
>>> check !acl = TESTSUITE/aux-fixed/0023.acl2
->>> using ACL "TESTSUITE/aux-fixed/0023.acl2"
->>> processing "accept"
->>> check domains = b
+>>> using ACL "TESTSUITE/aux-fixed/0023.acl2"
+>>> processing "accept"
+>>> check domains = b
>>> b in "b"? yes (matched "b")
->>> check local_parts = a
+>>> check local_parts = a
>>> a in "a"? yes (matched "a")
->>> accept: condition test succeeded in ACL "TESTSUITE/aux-fixed/0023.acl2"
->>> end of ACL "TESTSUITE/aux-fixed/0023.acl2": ACCEPT
+>>> accept: condition test succeeded in ACL "TESTSUITE/aux-fixed/0023.acl2"
+>>> end of ACL "TESTSUITE/aux-fixed/0023.acl2": ACCEPT
>>> accept: condition test failed in ACL "acl_60_60_60"
>>> end of ACL "acl_60_60_60": implicit DENY
LOG: H=[60.60.60.60] F=<x@y> rejected RCPT <a@b>
>>> host in host_lookup? no (option unset)
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
->>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (end of list)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
>>> check local_parts = hardfail
>>> userx in "hardfail"? no (end of list)
>>> deny: condition test failed in ACL "check_vrfy"
+>>> processing "accept"
+>>> check local_parts = acceptable
+>>> userx in "acceptable"? no (end of list)
+>>> accept: condition test failed in ACL "check_vrfy"
+>>> processing "accept"
+>>> check local_parts = ok_with_dom
+>>> userx in "ok_with_dom"? no (end of list)
+>>> accept: condition test failed in ACL "check_vrfy"
>>> end of ACL "check_vrfy": implicit DENY
LOG: H=[1.1.1.1] rejected VRFY userx@test.ex
>>> using ACL "check_vrfy"
>>> deny: condition test succeeded in ACL "check_vrfy"
>>> end of ACL "check_vrfy": DENY
LOG: H=[1.1.1.1] rejected VRFY hardfail@test.ex: 599 custom reject
+>>> using ACL "check_vrfy"
+>>> processing "deny"
+>>> check local_parts = hardfail
+>>> ok_with_dom in "hardfail"? no (end of list)
+>>> deny: condition test failed in ACL "check_vrfy"
+>>> processing "accept"
+>>> check local_parts = acceptable
+>>> ok_with_dom in "acceptable"? no (end of list)
+>>> accept: condition test failed in ACL "check_vrfy"
+>>> processing "accept"
+>>> check local_parts = ok_with_dom
+>>> ok_with_dom in "ok_with_dom"? yes (matched "ok_with_dom")
+>>> check domains = test.ex
+>>> test.ex in "test.ex"? yes (matched "test.ex")
+>>> accept: condition test succeeded in ACL "check_vrfy"
+>>> end of ACL "check_vrfy": ACCEPT
+>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+>>> routing ok_with_dom@test.ex
+>>> calling system_aliases router
+>>> system_aliases router declined for ok_with_dom@test.ex
+>>> ok_with_dom in "userx : ok_with_dom : acceptable"? yes (matched "ok_with_dom")
+>>> calling localuser router
+>>> routed by localuser router
>>> using ACL "check_expn"
>>> processing "accept"
>>> check hosts = 2.2.2.2
>>> host in host_lookup? no (option unset)
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
->>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? yes (matched "3.3.3.3")
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)
+>>> host in smtp_accept_max_nonmail_hosts? yes (matched "*")
+>>> using ACL "check_vrfy"
+>>> processing "deny"
+>>> check local_parts = hardfail
+>>> acceptable in "hardfail"? no (end of list)
+>>> deny: condition test failed in ACL "check_vrfy"
+>>> processing "accept"
+>>> check local_parts = acceptable
+>>> acceptable in "acceptable"? yes (matched "acceptable")
+>>> accept: condition test succeeded in ACL "check_vrfy"
+>>> end of ACL "check_vrfy": ACCEPT
+>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+>>> routing acceptable@test.ex
+>>> calling system_aliases router
+>>> system_aliases router declined for acceptable@test.ex
+>>> acceptable in "userx : ok_with_dom : acceptable"? yes (matched "acceptable")
+>>> calling localuser router
+>>> routed by localuser router
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (end of list)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
SMTP connection from [V4NET.0.0.1]
host in host_lookup? no (option unset)
set_process_info: pppp handling incoming connection from [V4NET.0.0.1]
-considering: ${if eq {V4NET.0.0.1} {$sender_host_address} {2} {30}}s
-considering: V4NET.0.0.1} {$sender_host_address} {2} {30}}s
- expanding: V4NET.0.0.1
- result: V4NET.0.0.1
-considering: $sender_host_address} {2} {30}}s
- expanding: $sender_host_address
- result: V4NET.0.0.1
- condition: eq {V4NET.0.0.1} {$sender_host_address}
- result: true
-considering: 2} {30}}s
- expanding: 2
- result: 2
- scanning: 30}}s
- expanding: 30
- result: 30
- skipping: result is not used
- expanding: ${if eq {V4NET.0.0.1} {$sender_host_address} {2} {30}}s
- result: 2s
+ ┌considering: ${if eq {V4NET.0.0.1} {$sender_host_address} {2} {30}}s
+ ┌considering: V4NET.0.0.1} {$sender_host_address} {2} {30}}s
+ ├──expanding: V4NET.0.0.1
+ └─────result: V4NET.0.0.1
+ ┌considering: $sender_host_address} {2} {30}}s
+ ├──expanding: $sender_host_address
+ └─────result: V4NET.0.0.1
+ ├──condition: eq {V4NET.0.0.1} {$sender_host_address}
+ ├─────result: true
+ ┌considering: 2} {30}}s
+ ├──expanding: 2
+ └─────result: 2
+ ┌───scanning: 30}}s
+ ├──expanding: 30
+ ├─────result: 30
+ └───skipping: result is not used
+ ├──expanding: ${if eq {V4NET.0.0.1} {$sender_host_address} {2} {30}}s
+ └─────result: 2s
host in host_reject_connection? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in recipient_unqualified_hosts? no (option unset)
host in helo_verify_hosts? no (option unset)
host in helo_try_verify_hosts? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
-considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ ├──expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ └─────result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
SMTP>> 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
smtp_setup_msg entered
SMTP<< mail from:userx@test.ex
hostlist:
127.0.0.1:-1
checking status of 127.0.0.1
-127.0.0.1 [127.0.0.1]:1111/ip4.ip4.ip4.ip4 status = usable
+127.0.0.1 [127.0.0.1]:1111/ip4.ip4.ip4.ip4 retry-status = usable
delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userx@domain.com)
Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected
SMTP<< 220 ESMTP
SMTP<< 250 OK
SMTP(close)>>
LOG: MAIN REJECT
- H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: response to "RCPT TO:<bad@localhost>" from 127.0.0.1 [127.0.0.1] was: 550 Unknown user
+ H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<bad@localhost>: 550 Unknown user
LOG: MAIN REJECT
H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: Sender verify failed
LOG: smtp_connection MAIN
SMTP<< 250 OK
SMTP(close)>>
LOG: MAIN REJECT
- H=[V4NET.0.0.1] U=root sender verify defer for <uncheckable@localhost1>: response to "RCPT TO:<uncheckable@localhost1>" from 127.0.0.1 [127.0.0.1] was: 450 Temporary error
+ H=[V4NET.0.0.1] U=root sender verify defer for <uncheckable@localhost1>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<uncheckable@localhost1>: 450 Temporary error
LOG: MAIN REJECT
H=[V4NET.0.0.1] U=root F=<uncheckable@localhost1> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
LOG: smtp_connection MAIN
SMTP<< 250 OK
SMTP(close)>>
LOG: MAIN REJECT
- H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable2@localhost1>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 Error for <>
+ H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable2@localhost1>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 Error for <>
LOG: MAIN REJECT
H=[V4NET.0.0.1] U=root F=<uncheckable2@localhost1> rejected RCPT <z@test.ex>: Sender verify failed
LOG: smtp_connection MAIN
SMTP<< 250 OK
SMTP(close)>>
LOG: MAIN REJECT
- H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable@localhost1>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550-Multiline error for <>\n550 Here's the second line
+ H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable@localhost1>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550-Multiline error for <>\n550 Here's the second line
LOG: MAIN REJECT
H=[V4NET.0.0.1] U=root F=<uncheckable@localhost1> rejected RCPT <z@test.ex>: Sender verify failed
LOG: smtp_connection MAIN
SMTP<< 250 OK
SMTP(close)>>
LOG: MAIN REJECT
- H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
+ H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<z@remote.domain>: 550 Recipient not liked
LOG: smtp_connection MAIN
SMTP connection from root closed by QUIT
LOG: smtp_connection MAIN
SMTP<< 250 OK
SMTP(close)>>
LOG: MAIN REJECT
- H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second
+ H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<z@remote.domain>: 550-Recipient not liked on two lines\n550 Here's the second
LOG: smtp_connection MAIN
SMTP connection from root closed by QUIT
LOG: smtp_connection MAIN
SMTP<< 250 OK
SMTP(close)>>
LOG: MAIN REJECT
- H=[V4NET.0.0.5] U=root sender verify fail for <ok@localhost1>: response to "RCPT TO:<postmaster@localhost1>" from 127.0.0.1 [127.0.0.1] was: 550 Don't like postmaster
+ H=[V4NET.0.0.5] U=root sender verify fail for <ok@localhost1>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@localhost1>: 550 Don't like postmaster
LOG: MAIN REJECT
H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: Sender verify failed
LOG: smtp_connection MAIN
SMTP<< 250- wotcher
250-SIZE
250 OK
- SMTP>> MAIL FROM:<>
+ SMTP>> MAIL FROM:<> SIZE=ssss
SMTP<< 250 OK
SMTP>> RCPT TO:<ok@localhost1>
SMTP<< 250 OK
SMTP<< 250 OK
SMTP(close)>>
LOG: MAIN REJECT
- H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: response to "RCPT TO:<z@remote.lmtp>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
+ H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<z@remote.lmtp>: 550 Recipient not liked
LOG: smtp_connection MAIN
SMTP connection from root closed by QUIT
LOG: smtp_connection MAIN
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
- SMTP>> QUIT
SMTP(close)>>
LOG: MAIN REJECT
- H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: response to "initial connection" from 127.0.0.1 [127.0.0.1] was: connection dropped
+ H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : Remote host closed connection in response to initial connection
LOG: MAIN REJECT
H=[V4NET.0.0.1] U=root F=<bad@localhost1> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
LOG: smtp_connection MAIN
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... failed: Connection refused
LOG: MAIN REJECT
- H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused
+ H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused
LOG: MAIN REJECT
H=[V4NET.0.0.1] U=root F=<bad@localhost1> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
LOG: smtp_connection MAIN
admin user
discarded duplicate host ten-1.test.ex (MX=8)
fully qualified name = mxt9.test.ex
-host_find_bydns yield = HOST_FOUND (2); returned hosts:
+host_find_bydns yield = HOST_FOUND (3); returned hosts:
ten-1.test.ex V4NET.0.0.1 MX=5
ten-2.test.ex V4NET.0.0.2 MX=6
ten-3.test.ex V4NET.0.0.3 MX=7
duplicate IP address V4NET.0.0.5 (MX=5) removed
duplicate IP address V4NET.0.0.6 (MX=6) removed
fully qualified name = mxt14.test.ex
-host_find_bydns yield = HOST_FOUND (2); returned hosts:
+host_find_bydns yield = HOST_FOUND (3); returned hosts:
ten-5-6.test.ex V4NET.0.0.5 MX=4
ten-5-6.test.ex V4NET.0.0.6 MX=4
finding IP address for ten-1.test.ex
SMTP>> 250-mail.test.ex Hello something [V4NET.0.0.0]
250-SIZE 52428800
250-8BITMIME
+250-VRFY
250-PIPELINING
250 HELP
SMTP<< mail from:<x@y>
SMTP connection from CALLER closed by QUIT
----- System filter -----
1999-03-02 09:44:33 10HmaX-0005vi-00 Error in system filter: failed to expand " acl_c0="$acl_c0"\n acl_c1="$acl_c1"\n acl_c2="$acl_c2"\n acl_c3="$acl_c3"\n acl_c4="$acl_c4"\n acl_c5="$acl_c5"\n acl_c6="$acl_c6"\n acl_c7="$acl_c7"\n acl_c8="$acl_c8"\n acl_c9="$acl_c9"\n acl_m0="$acl_m0"\n acl_m1="$acl_m1"\n acl_m2="$acl_m2"\n acl_m3="$acl_m3"\n acl_m4="$acl_m4"\n acl_m5="$acl_m5"\n acl_m6="$acl_m6"\n acl_m7="$acl_m7"\n acl_m8="$acl_m8"\n acl_m9="$acl_m9"\n acl_m_foo="$acl_m_foo"\n acl_m_bar="$acl_m_bar"\n acl_c_foo="$acl_c_foo"\n acl_c_bar="$acl_c_bar"\n" in logwrite command: unknown variable name "acl_c1" (strict_acl_vars is set)
+
+******** SERVER ********
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... failed: Connection refused
connect: Connection refused
LOG: MAIN REJECT
- H=[V4NET.0.0.1] U=root sender verify defer for <ok@localhost>: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused
+ H=[V4NET.0.0.1] U=root sender verify defer for <ok@localhost>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused
created log directory TESTSUITE/spool/log
LOG: MAIN REJECT
H=[V4NET.0.0.1] U=root F=<ok@localhost> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
result=1 postmaster=0 random=0
wrote negative callout cache address record for bad@localhost
LOG: MAIN REJECT
- H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: response to "RCPT TO:<bad@localhost>" from 127.0.0.1 [127.0.0.1] was: 550 REJECTED
+ H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<bad@localhost>: 550 REJECTED
LOG: MAIN REJECT
H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: (recipient): Sender verify failed
LOG: smtp_connection MAIN
wrote callout cache domain record for localhost:
result=3 postmaster=0 random=0
LOG: MAIN REJECT
- H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550 REJECT MAIL FROM
+ H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 REJECT MAIL FROM
LOG: MAIN REJECT
H=[V4NET.0.0.1] U=root F=<ok@localhost> rejected RCPT <z@test.ex>: (mail): Sender verify failed
LOG: smtp_connection MAIN
result=1 postmaster=2 random=0
wrote positive callout cache address record for ok@otherhost
LOG: MAIN REJECT
- H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>: response to "RCPT TO:<postmaster@otherhost>" from 127.0.0.1 [127.0.0.1] was: 550 NOT OK
+ H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@otherhost>: 550 NOT OK
LOG: MAIN REJECT
H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
LOG: smtp_connection MAIN
SMTP(close)>>
wrote callout cache domain record for otherhost3:
result=1 postmaster=0 random=1
+LOG: MAIN REJECT
+ H=[V4NET.0.0.3] U=root sender verify defer for <ok@otherhost3>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost3>" was: 250 OK
+LOG: MAIN REJECT
+ H=[V4NET.0.0.3] U=root F=<ok@otherhost3> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
LOG: smtp_connection MAIN
SMTP connection from root closed by QUIT
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
SMTP(close)>>
wrote callout cache domain record for otherhost4:
result=1 postmaster=0 random=1
+LOG: MAIN REJECT
+ H=[V4NET.0.0.4] U=root sender verify defer for <ok@otherhost4>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost4>" was: 250 OK
+LOG: MAIN REJECT
+ H=[V4NET.0.0.4] U=root F=<ok@otherhost4> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
LOG: smtp_connection MAIN
SMTP connection from root closed by QUIT
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
wrote callout cache domain record for otherhost51:
result=1 postmaster=0 random=0
LOG: MAIN REJECT
- H=[V4NET.0.0.5] U=root sender verify defer for <okok@otherhost51>: Could not complete sender verify callout
+ H=[V4NET.0.0.5] U=root sender verify defer for <okok@otherhost51>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost51>
LOG: MAIN REJECT
H=[V4NET.0.0.5] U=root F=<okok@otherhost51> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
LOG: smtp_connection MAIN
SMTP<< data
SMTP>> 354 Enter message, ending with "." on a line by itself
search_tidyup called
-host in ignore_fromline_hosts? no (option unset)
>>Headers received:
search_tidyup called
SMTP<< data
SMTP>> 354 Enter message, ending with "." on a line by itself
search_tidyup called
-host in ignore_fromline_hosts? no (option unset)
>>Headers received:
search_tidyup called
SMTP>> EHLO mail.test.ex
cmd buf flush ddd bytes
SMTP<< 250 OK
+not using PIPELINING
+not using DSN
127.0.0.1 in hosts_require_auth? no (option unset)
SMTP>> MAIL FROM:<>
cmd buf flush ddd bytes
l_message: $acl_verify_message
warn: condition test succeeded in ACL "rcpt"
LOG: MAIN
- U=CALLER Warning: Sender verify failed: response to "RCPT TO:<qq@remote>" from 127.0.0.1 [127.0.0.1] was: 550 Unknown
+ U=CALLER Warning: Sender verify failed: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<qq@remote>: 550 Unknown
processing "accept"
check senders = qq@remote
address match test: subject=qq@remote pattern=qq@remote
Data file name: TESTSUITE/spool//input//10HmaX-0005vi-00-D
Data file written for message 10HmaX-0005vi-00
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
-considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_rcvhost
- result: false
- scanning: from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: from $sender_rcvhost
-
- result: from
-
- skipping: result is not used
-considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_ident
- result: true
-considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
-considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: $sender_ident
- result: CALLER
- expanding: from ${quote_local_part:$sender_ident}
- result: from CALLER
- condition: def:sender_helo_name
- result: false
- scanning: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (helo=$sender_helo_name)
-
- result: (helo=)
-
- skipping: result is not used
- expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}
- result: from CALLER
- condition: def:received_protocol
- result: true
-considering: with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: with $received_protocol
- result: with local
- condition: def:sender_address
- result: true
-considering: (envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (envelope-from <$sender_address>)
-
- result: (envelope-from <CALLER@test.ex>)
-
- condition: def:received_for
- result: false
- scanning:
- for $received_for}}
- expanding:
- for $received_for
- result:
- for
- skipping: result is not used
- expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- result: Received: from CALLER by mail.test.ex with local (Exim x.yz)
- (envelope-from <CALLER@test.ex>)
- id 10HmaX-0005vi-00
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_rcvhost
+ ├─────result: false
+ ┌───scanning: from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: from $sender_rcvhost
+
+ ├─────result: from
+
+ └───skipping: result is not used
+ ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_ident
+ ├─────result: true
+ ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol ╎}} (Exim $version_number)
+ ╎ ${if def:sender_address {(envelope-from <$sender_address>)
+ ╎ }}id $message_exim_id${if def:received_for {
+ ╎ for $received_for}}
+ ╎├──expanding: $sender_ident
+ ╎└─────result: CALLER
+ ├──expanding: from ${quote_local_part:$sender_ident}
+ └─────result: from CALLER
+ ├──condition: def:sender_helo_name
+ ├─────result: false
+ ┌───scanning: (helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (helo=$sender_helo_name)
+
+ ├─────result: (helo=)
+
+ └───skipping: result is not used
+ ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ └─────result: from CALLER
+ ├──condition: def:received_protocol
+ ├─────result: true
+ ┌considering: with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local
+ ├──condition: def:tls_cipher
+ ├─────result: false
+ ┌───scanning: ($tls_cipher)
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: ($tls_cipher)
+
+ ├─────result: ()
+
+ └───skipping: result is not used
+ ├──condition: def:sender_address
+ ├─────result: true
+ ┌considering: (envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (envelope-from <$sender_address>)
+
+ └─────result: (envelope-from <CALLER@test.ex>)
+
+ ├──condition: def:received_for
+ ├─────result: false
+ ┌───scanning:
+ for $received_for}}
+ ├──expanding:
+ for $received_for
+ ├─────result:
+ for
+ └───skipping: result is not used
+ ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ └─────result: Received: from CALLER by mail.test.ex with local (Exim x.yz)
+ (envelope-from <CALLER@test.ex>)
+ id 10HmaX-0005vi-00
>>Generated Received: header line
P Received: from CALLER by mail.test.ex with local (Exim x.yz)
(envelope-from <CALLER@test.ex>)
id 10HmaX-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
calling local_scan(); timeout=300
local_scan() returned 0 NULL
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
Writing spool header file: TESTSUITE/spool//input//hdr.pppp
DSN: Write SPOOL :-dsn_envid NULL
DSN: Write SPOOL :-dsn_ret 0
stripped prefix rd+
checking local_parts
usery in "usery"? yes (matched "usery")
-considering: /non-exist/$domain
- expanding: /non-exist/$domain
- result: /non-exist/test.ex
+ ┌considering: /non-exist/$domain
+ ├──expanding: /non-exist/$domain
+ └─────result: /non-exist/test.ex
calling r5 router
rda_interpret (string): TESTSUITE/test-mail/junk
expanded: TESTSUITE/test-mail/junk
stripped prefix rd+
checking local_parts
CALLER in "CALLER"? yes (matched "CALLER")
-considering: /non-exist/$local_part
- expanding: /non-exist/$local_part
- result: /non-exist/CALLER
+ ┌considering: /non-exist/$local_part
+ ├──expanding: /non-exist/$local_part
+ └─────result: /non-exist/CALLER
calling r4 router
rda_interpret (string): TESTSUITE/test-mail/junk
expanded: TESTSUITE/test-mail/junk
local_part=userz domain=test.ex
checking local_parts
userz in "userz"? yes (matched "userz")
-considering: /non-exist/$domain
- expanding: /non-exist/$domain
- result: /non-exist/test.ex
+ ┌considering: /non-exist/$domain
+ ├──expanding: /non-exist/$domain
+ └─────result: /non-exist/test.ex
calling r3 router
r3 router called for userz@test.ex
domain = test.ex
local_part=usery domain=test.ex
checking local_parts
usery in "usery"? yes (matched "usery")
-considering: /non-exist/$domain
- expanding: /non-exist/$domain
- result: /non-exist/test.ex
+ ┌considering: /non-exist/$domain
+ ├──expanding: /non-exist/$domain
+ └─────result: /non-exist/test.ex
calling r2 router
r2 router called for usery@test.ex
domain = test.ex
local_part=CALLER domain=test.ex
checking local_parts
CALLER in "CALLER"? yes (matched "CALLER")
-considering: /non-exist/$local_part
- expanding: /non-exist/$local_part
- result: /non-exist/CALLER
+ ┌considering: /non-exist/$local_part
+ ├──expanding: /non-exist/$local_part
+ └─────result: /non-exist/CALLER
calling r1 router
r1 router called for CALLER@test.ex
domain = test.ex
EXIM_DBOPEN(TESTSUITE/spool/db/retry)
returned from EXIM_DBOPEN
no retry data available
-considering: /non-exist/$local_part
- expanding: /non-exist/$local_part
- result: /non-exist/usery
+ ┌considering: /non-exist/$local_part
+ ├──expanding: /non-exist/$local_part
+ └─────result: /non-exist/usery
search_tidyup called
changed uid/gid: local delivery to TESTSUITE/test-mail/junk <TESTSUITE/test-mail/junk> transport=ft1
uid=CALLER_UID gid=CALLER_GID pid=pppp
home=/non-exist/usery current=/
set_process_info: pppp delivering 10HmaX-0005vi-00 to TESTSUITE/test-mail/junk using ft1
appendfile transport entered
-considering: $address_file
- expanding: $address_file
- result: TESTSUITE/test-mail/junk
+ ┌considering: $address_file
+ ├──expanding: $address_file
+ └─────result: TESTSUITE/test-mail/junk
appendfile: mode=600 notify_comsat=0 quota=0 warning=0
file=TESTSUITE/test-mail/junk format=unix
message_prefix=From ${if def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}\n
lock file created
mailbox TESTSUITE/test-mail/junk is locked
writing to file TESTSUITE/test-mail/junk
-considering: From ${if def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
-
- condition: def:return_path
- result: true
-considering: $return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
-
- expanding: $return_path
- result: CALLER@test.ex
- scanning: MAILER-DAEMON}} ${tod_bsdinbox}
-
- expanding: MAILER-DAEMON
- result: MAILER-DAEMON
- skipping: result is not used
- expanding: From ${if def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
-
- result: From CALLER@test.ex Tue Mar 02 09:44:33 1999
-
+ ┌considering: From ${if def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
+
+ ├──condition: def:return_path
+ ├─────result: true
+ ┌considering: $return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
+
+ ├──expanding: $return_path
+ └─────result: CALLER@test.ex
+ ┌───scanning: MAILER-DAEMON}} ${tod_bsdinbox}
+
+ ├──expanding: MAILER-DAEMON
+ ├─────result: MAILER-DAEMON
+ └───skipping: result is not used
+ ├──expanding: From ${if def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
+
+ └─────result: From CALLER@test.ex Tue Mar 02 09:44:33 1999
+
writing data block fd=dddd size=sss timeout=0
writing data block fd=dddd size=sss timeout=0
writing data block fd=dddd size=sss timeout=0
home=/non-exist/CALLER current=/
set_process_info: pppp delivering 10HmaX-0005vi-00 to TESTSUITE/test-mail/junk using ft1
appendfile transport entered
-considering: $address_file
- expanding: $address_file
- result: TESTSUITE/test-mail/junk
+ ┌considering: $address_file
+ ├──expanding: $address_file
+ └─────result: TESTSUITE/test-mail/junk
appendfile: mode=600 notify_comsat=0 quota=0 warning=0
file=TESTSUITE/test-mail/junk format=unix
message_prefix=From ${if def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}\n
lock file created
mailbox TESTSUITE/test-mail/junk is locked
writing to file TESTSUITE/test-mail/junk
-considering: From ${if def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
-
- condition: def:return_path
- result: true
-considering: $return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
-
- expanding: $return_path
- result: CALLER@test.ex
- scanning: MAILER-DAEMON}} ${tod_bsdinbox}
-
- expanding: MAILER-DAEMON
- result: MAILER-DAEMON
- skipping: result is not used
- expanding: From ${if def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
-
- result: From CALLER@test.ex Tue Mar 02 09:44:33 1999
-
+ ┌considering: From ${if def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
+
+ ├──condition: def:return_path
+ ├─────result: true
+ ┌considering: $return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
+
+ ├──expanding: $return_path
+ └─────result: CALLER@test.ex
+ ┌───scanning: MAILER-DAEMON}} ${tod_bsdinbox}
+
+ ├──expanding: MAILER-DAEMON
+ ├─────result: MAILER-DAEMON
+ └───skipping: result is not used
+ ├──expanding: From ${if def:return_path{$return_path}{MAILER-DAEMON}} ${tod_bsdinbox}
+
+ └─────result: From CALLER@test.ex Tue Mar 02 09:44:33 1999
+
writing data block fd=dddd size=sss timeout=0
writing data block fd=dddd size=sss timeout=0
writing data block fd=dddd size=sss timeout=0
EXIM_DBOPEN(TESTSUITE/spool/db/retry)
returned from EXIM_DBOPEN
no retry data available
-considering: /non-exist/$local_part
- expanding: /non-exist/$local_part
- result: /non-exist/usery
+ ┌considering: /non-exist/$local_part
+ ├──expanding: /non-exist/$local_part
+ └─────result: /non-exist/usery
search_tidyup called
changed uid/gid: local delivery to usery <usery@test.ex> transport=t1
uid=CALLER_UID gid=CALLER_GID pid=pppp
EXIM_DBOPEN(TESTSUITE/spool/db/retry)
returned from EXIM_DBOPEN
no retry data available
-considering: /$local_part
- expanding: /$local_part
- result: /userz
+ ┌considering: /$local_part
+ ├──expanding: /$local_part
+ └─────result: /userz
search_tidyup called
changed uid/gid: local delivery to userz <userz@test.ex> transport=t2
uid=CALLER_UID gid=CALLER_GID pid=pppp
other2.test.ex V4NET.12.3.2 5
other2.test.ex V4NET.12.3.1 5
fully qualified name = mxt13.test.ex
-host_find_bydns yield = HOST_FOUND (2); returned hosts:
+host_find_bydns yield = HOST_FOUND (3); returned hosts:
other1.test.ex V4NET.12.4.5 MX=4
set transport smtp
queued for smtp transport: local_part = k
SMTP>> EHLO myhost.test.ex
cmd buf flush ddd bytes
SMTP<< 250 OK
+not using PIPELINING
+not using DSN
127.0.0.1 in hosts_require_auth? no (option unset)
SMTP>> MAIL FROM:<>
cmd buf flush ddd bytes
>>> 127.0.0.1 in hosts_avoid_esmtp? no (option unset)
>>> SMTP>> EHLO myhost.test.ex
>>> cmd buf flush 21 bytes
->>> SMTP timeout
>>> SMTP(close)>>
+>>> SMTP timeout
>>> ----------- end verify ------------
>>> accept: condition test deferred in ACL "mail"
-LOG: H=[1.2.3.4] sender verify defer for <p1@q>: Could not complete sender verify callout
+LOG: H=[1.2.3.4] sender verify defer for <p1@q>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after EHLO myhost.test.ex
LOG: H=[1.2.3.4] temporarily rejected MAIL <p1@q>: Could not complete sender verify callout
using the transport's hosts: 127.0.0.1
getting address for 127.0.0.1
checking status of 127.0.0.1
-127.0.0.1 [127.0.0.1]:1111 status = usable
+127.0.0.1 [127.0.0.1]:1111 retry-status = usable
delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userx@test.ex)
Connecting to 127.0.0.1 [127.0.0.1]:1225 ... failed: Connection refused
LOG: MAIN
checking status of 127.0.0.1
no host retry record
no message retry record
-127.0.0.1 [127.0.0.1]:1112 status = usable
+127.0.0.1 [127.0.0.1]:1112 retry-status = usable
delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userx@test.ex)
Connecting to 127.0.0.1 [127.0.0.1]:1226 ... failed: Connection refused
LOG: MAIN
result=1 postmaster=2 random=0
wrote positive callout cache address record for Ok@localhost
LOG: MAIN REJECT
- H=[V4NET.0.0.1] U=root sender verify fail for <Ok@localhost>: response to "RCPT TO:<postmaster@localhost>" from 127.0.0.1 [127.0.0.1] was: 550 NO
+ H=[V4NET.0.0.1] U=root sender verify fail for <Ok@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@localhost>: 550 NO
created log directory TESTSUITE/spool/log
LOG: MAIN REJECT
H=[V4NET.0.0.1] U=root F=<Ok@localhost> rejected RCPT <checkpm@test.ex>: Sender verify failed
result=1 postmaster=0 random=0
wrote negative callout cache address record for NOTok@elsewhere
LOG: MAIN REJECT
- H=[V4NET.0.0.2] U=root sender verify fail for <NOTok@elsewhere>: response to "RCPT TO:<NOTok@elsewhere>" from 127.0.0.1 [127.0.0.1] was: 550 NO
+ H=[V4NET.0.0.2] U=root sender verify fail for <NOTok@elsewhere>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<NOTok@elsewhere>: 550 NO
LOG: MAIN REJECT
H=[V4NET.0.0.2] U=root F=<NOTok@elsewhere> rejected RCPT <nocheckpm@test.ex>: Sender verify failed
LOG: smtp_connection MAIN
wrote callout cache domain record for two.test.ex:
result=1 postmaster=0 random=0
LOG: MAIN REJECT
- U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout
+ U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO:<r11@two.test.ex>
LOG: smtp_connection MAIN
SMTP connection from CALLER closed by QUIT
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
callout cache: no address record found for r11@two.test.ex
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
-SMTP timeout
SMTP(close)>>
+SMTP timeout
LOG: MAIN REJECT
- U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout
+ U=CALLER F=<x11@two.test.ex> temporarily rejected RCPT r11@two.test.ex: Could not complete recipient verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after initial connection
LOG: smtp_connection MAIN
SMTP connection from CALLER closed by QUIT
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
hostlist:
127.0.0.1:-1
checking status of 127.0.0.1
-127.0.0.1 [127.0.0.1]:1111 status = usable
+127.0.0.1 [127.0.0.1]:1111 retry-status = usable
delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userx@test.ex)
set_process_info: pppp delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userx@test.ex)
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
cmd buf flush ddd bytes
SMTP<< 250 OK
SMTP<< 550 NO
+ SMTP(closed)<<
Remote host closed connection in response to pipelined DATA
error for DATA ignored: pipelining is in use and there were no good recipients
ok=1 send_quit=1 send_rset=1 continue_more=0 yield=0 first_address is NULL
sequence=1 local_max=500 global_max=-1
SMTP>> RSET
cmd buf flush ddd bytes
+ SMTP(closed)<<
H=127.0.0.1 [127.0.0.1] Remote host closed connection in response to RSET
SMTP(close)>>
set_process_info: pppp delivering 10HmaX-0005vi-00: just tried 127.0.0.1 [127.0.0.1] for userx@test.ex: result OK
hostlist:
127.0.0.1:-1
checking status of 127.0.0.1
-127.0.0.1 [127.0.0.1]:1111 status = usable
+127.0.0.1 [127.0.0.1]:1111 retry-status = usable
delivering 10HmaZ-0005vi-00 to 127.0.0.1 [127.0.0.1] (CALLER@the.local.host.name)
set_process_info: pppp delivering 10HmaZ-0005vi-00 to 127.0.0.1 [127.0.0.1] (CALLER@the.local.host.name)
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... failed: Connection refused
127.0.0.1:-1
checking status of 127.0.0.1
no message retry record
-127.0.0.1 [127.0.0.1]:1111 status = unusable
+127.0.0.1 [127.0.0.1]:1111 retry-status = unusable
all IP addresses skipped or deferred at least one address
updating wait-t1 database
added to list for 127.0.0.1
DNS lookup of eximtesthost.test.ex (A) using fakens
DNS lookup of eximtesthost.test.ex (A) succeeded
local host has lowest MX
-host_find_bydns yield = HOST_FOUND_LOCAL (3); returned hosts:
+host_find_bydns yield = HOST_FOUND_LOCAL (4); returned hosts:
eximtesthost.test.ex ip4.ip4.ip4.ip4 MX=5
mxt1.test.ex in "@mx_any"? yes (matched "@mx_any")
mxt1.test.ex in "+anymx"? yes (matched "+anymx")
DNS lookup of eximtesthost.test.ex (A) using fakens
DNS lookup of eximtesthost.test.ex (A) succeeded
local host has lowest MX
-host_find_bydns yield = HOST_FOUND_LOCAL (3); returned hosts:
+host_find_bydns yield = HOST_FOUND_LOCAL (4); returned hosts:
eximtesthost.test.ex ip4.ip4.ip4.ip4 MX=5
mxt1.test.ex in "@mx_any"? yes (matched "@mx_any")
mxt1.test.ex in "+anymx"? yes (matched "+anymx")
-1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT teplevel ACL may not fail ('deny' verb used incorrectly)
+1999-03-02 09:44:33 ACL for QUIT returned ERROR: QUIT or not-QUIT toplevel ACL may not fail ('deny' verb used incorrectly)
******** SERVER ********
getting address for 127.0.0.1
checking status of 127.0.0.1
no message retry record
-127.0.0.1 [127.0.0.1]:1111 status = usable
+127.0.0.1 [127.0.0.1]:1111 retry-status = usable
delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex)
hosts_max_try limit reached with this host
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... failed: Connection refused
getting address for 127.0.0.1
checking status of 127.0.0.1
no message retry record
-127.0.0.1 [127.0.0.1]:1111 status = usable
+127.0.0.1 [127.0.0.1]:1111 retry-status = usable
delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex)
hosts_max_try limit reached with this host
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... failed: Connection refused
getting address for 127.0.0.1
checking status of 127.0.0.1
no message retry record
-127.0.0.1 [127.0.0.1]:1111 status = usable
+127.0.0.1 [127.0.0.1]:1111 retry-status = usable
delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex)
hosts_max_try limit reached with this host
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... failed: Connection refused
getting address for 127.0.0.1
checking status of 127.0.0.1
no message retry record
-127.0.0.1 [127.0.0.1]:1111 status = usable
+127.0.0.1 [127.0.0.1]:1111 retry-status = usable
delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex)
hosts_max_try limit reached with this host
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... failed: Connection refused
getting address for 127.0.0.1
checking status of 127.0.0.1
no message retry record
-127.0.0.1 [127.0.0.1]:1111 status = usable
+127.0.0.1 [127.0.0.1]:1111 retry-status = usable
delivering 10HmaZ-0005vi-00 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex)
hosts_max_try limit reached with this host
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... failed: Connection refused
getting address for 127.0.0.1
checking status of 127.0.0.1
no message retry record
-127.0.0.1 [127.0.0.1]:1111 status = usable
+127.0.0.1 [127.0.0.1]:1111 retry-status = usable
delivering 10HmaZ-0005vi-00 to 127.0.0.1 [127.0.0.1] (userx@myhost.test.ex)
hosts_max_try limit reached with this host
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... failed: Connection refused
>>> using ACL "connect"
>>> processing "accept"
>>> check acl = log
->>> using ACL "log"
->>> processing "accept"
->>> check logwrite = ===========================================================
+>>> using ACL "log"
+>>> processing "accept"
+>>> check logwrite = ===========================================================
LOG: ===========================================================
->>> check logwrite = sender_ip_address=[$sender_host_address]
+>>> check logwrite = sender_ip_address=[$sender_host_address]
>>> = sender_ip_address=[1.2.3.4]
LOG: sender_ip_address=[1.2.3.4]
->>> check logwrite = sender_host_authenticated=$sender_host_authenticated
+>>> check logwrite = sender_host_authenticated=$sender_host_authenticated
>>> = sender_host_authenticated=
LOG: sender_host_authenticated=
->>> check logwrite = authenticated_id=$authenticated_id
+>>> check logwrite = authenticated_id=$authenticated_id
>>> = authenticated_id=
LOG: authenticated_id=
->>> check logwrite = authenticated_sender=$authenticated_sender
+>>> check logwrite = authenticated_sender=$authenticated_sender
>>> = authenticated_sender=
LOG: authenticated_sender=
->>> check logwrite = interface_address=[$interface_address]
+>>> check logwrite = interface_address=[$interface_address]
>>> = interface_address=[]
LOG: interface_address=[]
->>> check logwrite = received_protocol=$received_protocol
+>>> check logwrite = received_protocol=$received_protocol
>>> = received_protocol=smtp
LOG: received_protocol=smtp
>>> looking up host name for 1.2.3.4
LOG: no host name found for IP address 1.2.3.4
->>> check logwrite = sender_host_name=$sender_host_name
+>>> check logwrite = sender_host_name=$sender_host_name
>>> = sender_host_name=
LOG: sender_host_name=
->>> check logwrite = sender_ident=$sender_ident
+>>> check logwrite = sender_ident=$sender_ident
>>> = sender_ident=
LOG: sender_ident=
->>> accept: condition test succeeded in ACL "log"
->>> end of ACL "log": ACCEPT
+>>> accept: condition test succeeded in ACL "log"
+>>> end of ACL "log": ACCEPT
>>> accept: condition test succeeded in ACL "connect"
>>> end of ACL "connect": ACCEPT
>>> host in hosts_connection_nolog? no (option unset)
>>> using ACL "connect"
>>> processing "accept"
>>> check acl = log
->>> using ACL "log"
->>> processing "accept"
->>> check logwrite = ===========================================================
+>>> using ACL "log"
+>>> processing "accept"
+>>> check logwrite = ===========================================================
LOG: ===========================================================
->>> check logwrite = sender_ip_address=[$sender_host_address]
+>>> check logwrite = sender_ip_address=[$sender_host_address]
>>> = sender_ip_address=[5.6.7.8]
LOG: sender_ip_address=[5.6.7.8]
->>> check logwrite = sender_host_authenticated=$sender_host_authenticated
+>>> check logwrite = sender_host_authenticated=$sender_host_authenticated
>>> = sender_host_authenticated=authname
LOG: sender_host_authenticated=authname
->>> check logwrite = authenticated_id=$authenticated_id
+>>> check logwrite = authenticated_id=$authenticated_id
>>> = authenticated_id=authid
LOG: authenticated_id=authid
->>> check logwrite = authenticated_sender=$authenticated_sender
+>>> check logwrite = authenticated_sender=$authenticated_sender
>>> = authenticated_sender=authsender
LOG: authenticated_sender=authsender
->>> check logwrite = interface_address=[$interface_address]
+>>> check logwrite = interface_address=[$interface_address]
>>> = interface_address=[9.10.11.12]
LOG: interface_address=[9.10.11.12]
->>> check logwrite = received_protocol=$received_protocol
+>>> check logwrite = received_protocol=$received_protocol
>>> = received_protocol=smtp
LOG: received_protocol=smtp
->>> check logwrite = sender_host_name=$sender_host_name
+>>> check logwrite = sender_host_name=$sender_host_name
>>> = sender_host_name=hostname
LOG: sender_host_name=hostname
->>> check logwrite = sender_ident=$sender_ident
+>>> check logwrite = sender_ident=$sender_ident
>>> = sender_ident=ident
LOG: sender_ident=ident
->>> accept: condition test succeeded in ACL "log"
->>> end of ACL "log": ACCEPT
+>>> accept: condition test succeeded in ACL "log"
+>>> end of ACL "log": ACCEPT
>>> accept: condition test succeeded in ACL "connect"
>>> end of ACL "connect": ACCEPT
>>> host in dsn_advertise_hosts? no (option unset)
>>> using ACL "mail"
>>> processing "accept"
>>> check acl = log
->>> using ACL "log"
->>> processing "accept"
->>> check logwrite = ===========================================================
+>>> using ACL "log"
+>>> processing "accept"
+>>> check logwrite = ===========================================================
LOG: ===========================================================
->>> check logwrite = sender_ip_address=[$sender_host_address]
+>>> check logwrite = sender_ip_address=[$sender_host_address]
>>> = sender_ip_address=[5.6.7.8]
LOG: sender_ip_address=[5.6.7.8]
->>> check logwrite = sender_host_authenticated=$sender_host_authenticated
+>>> check logwrite = sender_host_authenticated=$sender_host_authenticated
>>> = sender_host_authenticated=authname
LOG: sender_host_authenticated=authname
->>> check logwrite = authenticated_id=$authenticated_id
+>>> check logwrite = authenticated_id=$authenticated_id
>>> = authenticated_id=authid
LOG: authenticated_id=authid
->>> check logwrite = authenticated_sender=$authenticated_sender
+>>> check logwrite = authenticated_sender=$authenticated_sender
>>> = authenticated_sender=
LOG: authenticated_sender=
->>> check logwrite = interface_address=[$interface_address]
+>>> check logwrite = interface_address=[$interface_address]
>>> = interface_address=[9.10.11.12]
LOG: interface_address=[9.10.11.12]
->>> check logwrite = received_protocol=$received_protocol
+>>> check logwrite = received_protocol=$received_protocol
>>> = received_protocol=esmtpa
LOG: received_protocol=esmtpa
->>> check logwrite = sender_host_name=$sender_host_name
+>>> check logwrite = sender_host_name=$sender_host_name
>>> = sender_host_name=hostname
LOG: sender_host_name=hostname
->>> check logwrite = sender_ident=$sender_ident
+>>> check logwrite = sender_ident=$sender_ident
>>> = sender_ident=ident
LOG: sender_ident=ident
->>> accept: condition test succeeded in ACL "log"
->>> end of ACL "log": ACCEPT
+>>> accept: condition test succeeded in ACL "log"
+>>> end of ACL "log": ACCEPT
>>> check acl = auth
->>> using ACL "auth"
->>> processing "accept"
->>> check authenticated = *
+>>> using ACL "auth"
+>>> processing "accept"
+>>> check authenticated = *
>>> authname in "*"? yes (matched "*")
->>> check logwrite = +++ host is authenticated +++
+>>> check logwrite = +++ host is authenticated +++
LOG: +++ host is authenticated +++
->>> accept: condition test succeeded in ACL "auth"
->>> end of ACL "auth": ACCEPT
+>>> accept: condition test succeeded in ACL "auth"
+>>> end of ACL "auth": ACCEPT
>>> accept: condition test succeeded in ACL "mail"
>>> end of ACL "mail": ACCEPT
>>> using ACL "mail"
>>> processing "accept"
>>> check acl = log
->>> using ACL "log"
->>> processing "accept"
->>> check logwrite = ===========================================================
+>>> using ACL "log"
+>>> processing "accept"
+>>> check logwrite = ===========================================================
LOG: ===========================================================
->>> check logwrite = sender_ip_address=[$sender_host_address]
+>>> check logwrite = sender_ip_address=[$sender_host_address]
>>> = sender_ip_address=[5.6.7.8]
LOG: sender_ip_address=[5.6.7.8]
->>> check logwrite = sender_host_authenticated=$sender_host_authenticated
+>>> check logwrite = sender_host_authenticated=$sender_host_authenticated
>>> = sender_host_authenticated=authname
LOG: sender_host_authenticated=authname
->>> check logwrite = authenticated_id=$authenticated_id
+>>> check logwrite = authenticated_id=$authenticated_id
>>> = authenticated_id=authid
LOG: authenticated_id=authid
->>> check logwrite = authenticated_sender=$authenticated_sender
+>>> check logwrite = authenticated_sender=$authenticated_sender
>>> = authenticated_sender=<asender@a.domain>
LOG: authenticated_sender=<asender@a.domain>
->>> check logwrite = interface_address=[$interface_address]
+>>> check logwrite = interface_address=[$interface_address]
>>> = interface_address=[9.10.11.12]
LOG: interface_address=[9.10.11.12]
->>> check logwrite = received_protocol=$received_protocol
+>>> check logwrite = received_protocol=$received_protocol
>>> = received_protocol=esmtpa
LOG: received_protocol=esmtpa
->>> check logwrite = sender_host_name=$sender_host_name
+>>> check logwrite = sender_host_name=$sender_host_name
>>> = sender_host_name=hostname
LOG: sender_host_name=hostname
->>> check logwrite = sender_ident=$sender_ident
+>>> check logwrite = sender_ident=$sender_ident
>>> = sender_ident=ident
LOG: sender_ident=ident
->>> accept: condition test succeeded in ACL "log"
->>> end of ACL "log": ACCEPT
+>>> accept: condition test succeeded in ACL "log"
+>>> end of ACL "log": ACCEPT
>>> check acl = auth
->>> using ACL "auth"
->>> processing "accept"
->>> check authenticated = *
+>>> using ACL "auth"
+>>> processing "accept"
+>>> check authenticated = *
>>> authname in "*"? yes (matched "*")
->>> check logwrite = +++ host is authenticated +++
+>>> check logwrite = +++ host is authenticated +++
LOG: +++ host is authenticated +++
->>> accept: condition test succeeded in ACL "auth"
->>> end of ACL "auth": ACCEPT
+>>> accept: condition test succeeded in ACL "auth"
+>>> end of ACL "auth": ACCEPT
>>> accept: condition test succeeded in ACL "mail"
>>> end of ACL "mail": ACCEPT
Exim version x.yz ....
configuration file is TESTSUITE/test-config
admin user
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
-considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_rcvhost
- result: false
- scanning: from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: from $sender_rcvhost
-
- result: from
-
- skipping: result is not used
-considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_ident
- result: true
-considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
-considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: $sender_ident
- result: CALLER
- expanding: from ${quote_local_part:$sender_ident}
- result: from CALLER
- condition: def:sender_helo_name
- result: false
- scanning: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (helo=$sender_helo_name)
-
- result: (helo=)
-
- skipping: result is not used
- expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}
- result: from CALLER
- condition: def:received_protocol
- result: true
-considering: with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: with $received_protocol
- result: with local
- condition: def:sender_address
- result: true
-considering: (envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (envelope-from <$sender_address>)
-
- result: (envelope-from <CALLER@test.ex>)
-
- condition: def:received_for
- result: false
- scanning:
- for $received_for}}
- expanding:
- for $received_for
- result:
- for
- skipping: result is not used
- expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- result: Received: from CALLER by the.local.host.name with local (Exim x.yz)
- (envelope-from <CALLER@test.ex>)
- id 10HmaX-0005vi-00
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_rcvhost
+ ├─────result: false
+ ┌───scanning: from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: from $sender_rcvhost
+
+ ├─────result: from
+
+ └───skipping: result is not used
+ ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_ident
+ ├─────result: true
+ ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol ╎}} (Exim $version_number)
+ ╎ ${if def:sender_address {(envelope-from <$sender_address>)
+ ╎ }}id $message_exim_id${if def:received_for {
+ ╎ for $received_for}}
+ ╎├──expanding: $sender_ident
+ ╎└─────result: CALLER
+ ├──expanding: from ${quote_local_part:$sender_ident}
+ └─────result: from CALLER
+ ├──condition: def:sender_helo_name
+ ├─────result: false
+ ┌───scanning: (helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (helo=$sender_helo_name)
+
+ ├─────result: (helo=)
+
+ └───skipping: result is not used
+ ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ └─────result: from CALLER
+ ├──condition: def:received_protocol
+ ├─────result: true
+ ┌considering: with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local
+ ├──condition: def:tls_cipher
+ ├─────result: false
+ ┌───scanning: ($tls_cipher)
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: ($tls_cipher)
+
+ ├─────result: ()
+
+ └───skipping: result is not used
+ ├──condition: def:sender_address
+ ├─────result: true
+ ┌considering: (envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (envelope-from <$sender_address>)
+
+ └─────result: (envelope-from <CALLER@test.ex>)
+
+ ├──condition: def:received_for
+ ├─────result: false
+ ┌───scanning:
+ for $received_for}}
+ ├──expanding:
+ for $received_for
+ ├─────result:
+ for
+ └───skipping: result is not used
+ ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ └─────result: Received: from CALLER by the.local.host.name with local (Exim x.yz)
+ (envelope-from <CALLER@test.ex>)
+ id 10HmaX-0005vi-00
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
LOG: MAIN
<= CALLER@test.ex U=CALLER P=local S=sss
created log directory TESTSUITE/spool/log
configuration file is TESTSUITE/test-config
trusted user
admin user
-considering: $domain
- expanding: $domain
- result: domain1.ex
+ ┌considering: $domain
+ ├──expanding: $domain
+ └─────result: domain1.ex
LOG: MAIN
== userx@domain1.ex R=smarthost T=smtp defer (-1): domain matches queue_smtp_domains, or -odqs set
LOG: MAIN
== userx@domain2.ex R=smarthost T=smtp defer (-1): domain matches queue_smtp_domains, or -odqs set
-considering: ${if or {{ !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
-considering: $h_list-id:$h_list-post:$h_list-subscribe:}{} }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
- expanding: $h_list-id:$h_list-post:$h_list-subscribe:
- result:
-considering: } }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
- expanding:
- result:
-considering: $h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
- expanding: $h_precedence:
- result:
-considering: (?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
- expanding: (?i)bulk|list|junk
- result: (?i)bulk|list|junk
-considering: $h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
- expanding: $h_auto-submitted:
- result:
-considering: (?i)auto-generated|auto-replied} }} {no}{yes}}
- expanding: (?i)auto-generated|auto-replied
- result: (?i)auto-generated|auto-replied
- condition: or {{ !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }}
- result: false
- scanning: no}{yes}}
- expanding: no
- result: no
- skipping: result is not used
-considering: yes}}
- expanding: yes
- result: yes
- expanding: ${if or {{ !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
- result: yes
+ ┌considering: ${if or {{ !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
+ ┌considering: $h_list-id:$h_list-post:$h_list-subscribe:}{} }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
+ ├──expanding: $h_list-id:$h_list-post:$h_list-subscribe:
+ └─────result:
+ ┌considering: } }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
+ ├──expanding:
+ └─────result:
+ ┌considering: $h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
+ ├──expanding: $h_precedence:
+ └─────result:
+ ┌considering: (?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
+ ├──expanding: (?i)bulk|list|junk
+ └─────result: (?i)bulk|list|junk
+ ┌considering: $h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
+ ├──expanding: $h_auto-submitted:
+ └─────result:
+ ┌considering: (?i)auto-generated|auto-replied} }} {no}{yes}}
+ ├──expanding: (?i)auto-generated|auto-replied
+ └─────result: (?i)auto-generated|auto-replied
+ ├──condition: or {{ !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }}
+ ├─────result: false
+ ┌───scanning: no}{yes}}
+ ├──expanding: no
+ ├─────result: no
+ └───skipping: result is not used
+ ┌considering: yes}}
+ ├──expanding: yes
+ └─────result: yes
+ ├──expanding: ${if or {{ !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} }{ match{$h_precedence:}{(?i)bulk|list|junk} }{ match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }} {no}{yes}}
+ └─────result: yes
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
Exim version x.yz ....
admin user
LOG: smtp_connection MAIN
SMTP connection from CALLER
-considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- result: the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
-considering: ${if match_domain {$sender_helo_name}{+dlist}}
-considering: $sender_helo_name}{+dlist}}
- expanding: $sender_helo_name
- result: ehlo.domain
-considering: +dlist}}
- expanding: +dlist
- result: +dlist
-considering: $domain
- expanding: $domain
- result: ehlo.domain
- condition: match_domain {$sender_helo_name}{+dlist}
- result: true
- expanding: ${if match_domain {$sender_helo_name}{+dlist}}
- result: true
-considering: domain=$domain/sender_domain=$sender_address_domain
- expanding: domain=$domain/sender_domain=$sender_address_domain
- result: domain=/sender_domain=sender.domain
-considering: domain=$domain/sender_domain=$sender_address_domain
- expanding: domain=$domain/sender_domain=$sender_address_domain
- result: domain=recipient.domain/sender_domain=sender.domain
-considering: domain=$domain/sender_domain=$sender_address_domain
- expanding: domain=$domain/sender_domain=$sender_address_domain
- result: domain=recipient.domain/sender_domain=sender.domain
+ ┌considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ ├──expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ └─────result: the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: ${if match_domain {$sender_helo_name}{+dlist}}
+ ┌considering: $sender_helo_name}{+dlist}}
+ ├──expanding: $sender_helo_name
+ └─────result: ehlo.domain
+ ┌considering: +dlist}}
+ ├──expanding: +dlist
+ └─────result: +dlist
+ ┌considering: $domain
+ ├──expanding: $domain
+ └─────result: ehlo.domain
+ ├──condition: match_domain {$sender_helo_name}{+dlist}
+ ├─────result: true
+ ├──expanding: ${if match_domain {$sender_helo_name}{+dlist}}
+ └─────result: true
+ ┌considering: domain=$domain/sender_domain=$sender_address_domain
+ ├──expanding: domain=$domain/sender_domain=$sender_address_domain
+ └─────result: domain=/sender_domain=sender.domain
+ ┌considering: domain=$domain/sender_domain=$sender_address_domain
+ ├──expanding: domain=$domain/sender_domain=$sender_address_domain
+ └─────result: domain=recipient.domain/sender_domain=sender.domain
+ ┌considering: domain=$domain/sender_domain=$sender_address_domain
+ ├──expanding: domain=$domain/sender_domain=$sender_address_domain
+ └─────result: domain=recipient.domain/sender_domain=sender.domain
LOG: smtp_connection MAIN
SMTP connection from CALLER closed by QUIT
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
SMTP<< data
SMTP>> 354 Enter message, ending with "." on a line by itself
search_tidyup called
-host in ignore_fromline_hosts? no (option unset)
>>Headers received:
search_tidyup called
--- /dev/null
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@localhost
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@localhost
+Attempting full verification using callout
+callout cache: no domain record found for localhost
+callout cache: no address record found for ok@localhost
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<ok@localhost>
+ SMTP<< 250 OK mail sender
+ SMTP<< 250 OK recipient
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for localhost:
+ result=1 postmaster=0 random=0
+wrote positive callout cache address record for ok@localhost
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@localhost
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@localhost
+Attempting full verification using callout
+callout cache: found domain record for localhost
+callout cache: found address record for ok@localhost
+callout cache: address record is positive
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@localhost
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@localhost
+Attempting full verification using callout
+callout cache: found domain record for localhost
+callout cache: address record expired for ok@localhost
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... failed: Connection refused
+connect: Connection refused
+LOG: MAIN REJECT
+ H=[V4NET.0.0.1] U=root sender verify defer for <ok@localhost>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : could not connect: Connection refused
+created log directory TESTSUITE/spool/log
+LOG: MAIN REJECT
+ H=[V4NET.0.0.1] U=root F=<ok@localhost> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying bad@localhost
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering bad@localhost
+Attempting full verification using callout
+callout cache: found domain record for localhost
+callout cache: no address record found for bad@localhost
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<bad@localhost>
+ SMTP<< 250 OK sender
+ SMTP<< 550 REJECTED rcpt
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for localhost:
+ result=1 postmaster=0 random=0
+wrote negative callout cache address record for bad@localhost
+LOG: MAIN REJECT
+ H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<bad@localhost>: 550 REJECTED rcpt
+LOG: MAIN REJECT
+ H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: (recipient): Sender verify failed
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying bad@localhost
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering bad@localhost
+Attempting full verification using callout
+callout cache: found domain record for localhost
+callout cache: found address record for bad@localhost
+callout cache: address record is negative
+LOG: MAIN REJECT
+ H=[V4NET.0.0.1] U=root sender verify fail for <bad@localhost>
+LOG: MAIN REJECT
+ H=[V4NET.0.0.1] U=root F=<bad@localhost> rejected RCPT <z@test.ex>: (recipient): Sender verify failed
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@localhost
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@localhost
+Attempting full verification using callout
+callout cache: found domain record for localhost
+callout cache: address record expired for ok@localhost
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<ok@localhost>
+ SMTP<< 550 REJECT mail from
+ SMTP<< 530 BAD SEQUENCE no sender accepted for rcpt
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for localhost:
+ result=3 postmaster=0 random=0
+LOG: MAIN REJECT
+ H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>: 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 REJECT mail from
+LOG: MAIN REJECT
+ H=[V4NET.0.0.1] U=root F=<ok@localhost> rejected RCPT <z@test.ex>: (mail): Sender verify failed
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@localhost
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@localhost
+Attempting full verification using callout
+callout cache: found domain record for localhost
+callout cache: domain gave initial rejection, or does not accept HELO or MAIL FROM:<>
+LOG: MAIN REJECT
+ H=[V4NET.0.0.1] U=root sender verify fail for <ok@localhost>
+LOG: MAIN REJECT
+ H=[V4NET.0.0.1] U=root F=<ok@localhost> rejected RCPT <z@test.ex>: (mail): Sender verify failed
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost
+Attempting full verification using callout
+callout cache: no domain record found for otherhost
+callout cache: no address record found for ok@otherhost
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<ok@otherhost>
+ SMTP<< 250 OK sender
+ SMTP<< 250 OK rcpt
+Cutthrough cancelled by presence of postmaster verify
+ SMTP>> RSET
+ SMTP<< 250 OK reset
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<postmaster@otherhost>
+ SMTP<< 250 OK sender
+ SMTP<< 550 NOT OK rcpt postmaster
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost:
+ result=1 postmaster=2 random=0
+wrote positive callout cache address record for ok@otherhost
+LOG: MAIN REJECT
+ H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>: 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:<postmaster@otherhost>: 550 NOT OK rcpt postmaster
+LOG: MAIN REJECT
+ H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost
+Attempting full verification using callout
+callout cache: found domain record for otherhost
+callout cache: domain does not accept RCPT TO:<postmaster@domain>
+LOG: MAIN REJECT
+ H=[V4NET.0.0.2] U=root sender verify fail for <ok@otherhost>
+LOG: MAIN REJECT
+ H=[V4NET.0.0.2] U=root F=<ok@otherhost> rejected RCPT <z@test.ex>: Sender verify failed
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost2
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost2
+Attempting full verification using callout
+callout cache: no domain record found for otherhost2
+callout cache: no address record found for ok@otherhost2
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<ok@otherhost2>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
+ SMTP>> RSET
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<postmaster@otherhost2>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost2:
+ result=1 postmaster=1 random=0
+wrote positive callout cache address record for ok@otherhost2
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost2
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost2
+Attempting full verification using callout
+callout cache: found domain record for otherhost2
+callout cache: domain accepts RCPT TO:<postmaster@domain>
+callout cache: found address record for ok@otherhost2
+callout cache: address record is positive
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost3
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost3
+Attempting full verification using callout
+callout cache: no domain record found for otherhost3
+callout cache: no address record found for ok@otherhost3
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost3>
+ SMTP<< 250 OK
+ SMTP<< 250 OK accepting that random recipient
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost3:
+ result=1 postmaster=0 random=1
+LOG: MAIN REJECT
+ H=[V4NET.0.0.3] U=root sender verify defer for <ok@otherhost3>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost3>" was: 250 OK accepting that random recipient
+LOG: MAIN REJECT
+ H=[V4NET.0.0.3] U=root F=<ok@otherhost3> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying otherok@otherhost3
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering otherok@otherhost3
+Attempting full verification using callout
+callout cache: found domain record for otherhost3
+callout cache: domain accepts random addresses
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost4
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost4
+Attempting full verification using callout
+callout cache: no domain record found for otherhost4
+callout cache: no address record found for ok@otherhost4
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost4>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost4:
+ result=1 postmaster=0 random=1
+LOG: MAIN REJECT
+ H=[V4NET.0.0.4] U=root sender verify defer for <ok@otherhost4>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : response to "RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost4>" was: 250 OK
+LOG: MAIN REJECT
+ H=[V4NET.0.0.4] U=root F=<ok@otherhost4> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost4
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost4
+Attempting full verification using callout
+callout cache: found domain record for otherhost4
+callout cache: domain accepts random addresses
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost41
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost41
+Attempting full verification using callout
+callout cache: no domain record found for otherhost41
+callout cache: no address record found for ok@otherhost41
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost41>
+ SMTP<< 250 OK
+ SMTP<< 550 NOT OK
+ SMTP>> RSET
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<ok@otherhost41>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
+ SMTP>> RSET
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<postmaster@otherhost41>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost41:
+ result=1 postmaster=1 random=2
+wrote positive callout cache address record for ok@otherhost41
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost41
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost41
+Attempting full verification using callout
+callout cache: found domain record for otherhost41
+callout cache: domain rejects random addresses
+callout cache: domain accepts RCPT TO:<postmaster@domain>
+callout cache: found address record for ok@otherhost41
+callout cache: address record is positive
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost21
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost21
+Attempting full verification using callout
+callout cache: no domain record found for otherhost21
+callout cache: no address record found for ok@otherhost21
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<ok@otherhost21>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
+ SMTP>> RSET
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<postmaster@otherhost21>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost21:
+ result=1 postmaster=1 random=0
+wrote positive callout cache address record for ok@otherhost21
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok2@otherhost21
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok2@otherhost21
+Attempting full verification using callout
+callout cache: found domain record for otherhost21
+callout cache: domain accepts RCPT TO:<postmaster@domain>
+callout cache: no address record found for ok2@otherhost21
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<ok2@otherhost21>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost21:
+ result=1 postmaster=1 random=0
+wrote positive callout cache address record for ok2@otherhost21
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost31
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost31
+Attempting full verification using callout
+callout cache: no domain record found for otherhost31
+callout cache: no address record found for ok@otherhost31
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost31>
+ SMTP<< 250 OK
+ SMTP<< 550 NOT OK
+ SMTP>> RSET
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<ok@otherhost31>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost31:
+ result=1 postmaster=0 random=2
+wrote positive callout cache address record for ok@otherhost31
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying okok@otherhost31
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering okok@otherhost31
+Attempting full verification using callout
+callout cache: found domain record for otherhost31
+callout cache: domain rejects random addresses
+callout cache: no address record found for okok@otherhost31
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<okok@otherhost31>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost31:
+ result=1 postmaster=0 random=2
+wrote positive callout cache address record for okok@otherhost31
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying okokok@otherhost31
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering okokok@otherhost31
+Attempting full verification using callout
+callout cache: domain record expired for otherhost31
+callout cache: no address record found for okokok@otherhost31
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost31>
+ SMTP<< 250 OK
+ SMTP<< 550 NOT OK
+ SMTP>> RSET
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<okokok@otherhost31>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost31:
+ result=1 postmaster=0 random=2
+wrote positive callout cache address record for okokok@otherhost31
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying okok@otherhost51
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering okok@otherhost51
+Attempting full verification using callout
+callout cache: no domain record found for otherhost51
+callout cache: no address record found for okok@otherhost51
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost51>
+ SMTP<< 250 OK
+SMTP timeout
+ SMTP(close)>>
+wrote callout cache domain record for otherhost51:
+ result=1 postmaster=0 random=0
+LOG: MAIN REJECT
+ H=[V4NET.0.0.5] U=root sender verify defer for <okok@otherhost51>: Could not complete sender verify callout: 127.0.0.1 [127.0.0.1] : SMTP timeout after RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost51>
+LOG: MAIN REJECT
+ H=[V4NET.0.0.5] U=root F=<okok@otherhost51> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying okokok@otherhost52
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering okokok@otherhost52
+Attempting full verification using callout
+callout cache: no domain record found for otherhost52
+callout cache: no address record found for okokok@otherhost52
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<okokok@otherhost52>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
+ SMTP>> RSET
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<pmsend@a.domain>
+ SMTP>> RCPT TO:<postmaster@otherhost52>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost52:
+ result=1 postmaster=1 random=0
+wrote positive callout cache address record for okokok@otherhost52
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+verifying Reply-To: header address abcd@x.y.z
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying abcd@x.y.z
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering abcd@x.y.z
+Attempting full verification using callout
+callout cache: no domain record found for x.y.z
+callout cache: no address record found for abcd@x.y.z/<somesender@a.domain>
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<somesender@a.domain>
+ SMTP>> RCPT TO:<abcd@x.y.z>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for x.y.z:
+ result=1 postmaster=0 random=0
+wrote positive callout cache address record for abcd@x.y.z/<somesender@a.domain>
+LOG: MAIN
+ <= ok7@otherhost53 H=[V4NET.0.0.7] U=root P=smtp S=sss
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+verifying Reply-To: header address abcd@x.y.z
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying abcd@x.y.z
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering abcd@x.y.z
+Attempting full verification using callout
+callout cache: found domain record for x.y.z
+callout cache: no address record found for abcd@x.y.z
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<abcd@x.y.z>
+ SMTP<< 250 OK
+SMTP timeout
+ SMTP(close)>>
+wrote callout cache domain record for x.y.z:
+ result=1 postmaster=0 random=0
+LOG: MAIN
+ <= ok7@otherhost53 H=[V4NET.0.0.8] U=root P=smtp S=sss
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying ok@otherhost9
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering ok@otherhost9
+Attempting full verification using callout
+callout cache: no domain record found for otherhost9
+callout cache: no address record found for ok@otherhost9
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<ok@otherhost9>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
+ SMTP>> RSET
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<>
+ SMTP>> RCPT TO:<postmaster@otherhost9>
+ SMTP<< 250 OK
+ SMTP<< 550 NOT OK
+ SMTP>> RCPT TO:<postmaster>
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for otherhost9:
+ result=1 postmaster=1 random=0
+wrote positive callout cache address record for ok@otherhost9
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from root
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Verifying z@test.ex
+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+Considering z@test.ex
+Attempting full verification using callout
+callout cache: no domain record found for test.ex
+callout cache: no address record found for z@test.ex/<postmaster@myhost.test.ex>
+interface=NULL port=1224
+Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
+ SMTP<< 220 Server ready
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-Yeah mate
+ 250-PIPELINING
+ 250 OK
+ SMTP>> MAIL FROM:<postmaster@myhost.test.ex>
+ SMTP>> RCPT TO:<myhost.test.ex-dddddddd-testing@test.ex>
+ SMTP<< 250 OK
+ SMTP<< 550 RANDOM IS BAD
+ SMTP>> RSET
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<postmaster@myhost.test.ex>
+ SMTP>> RCPT TO:<z@test.ex>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
+ SMTP>> RSET
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<pmsend@b.domain>
+ SMTP>> RCPT TO:<postmaster@test.ex>
+ SMTP<< 250 OK
+ SMTP<< 250 OK
+ SMTP>> QUIT
+ SMTP<< 250 OK
+ SMTP(close)>>
+wrote callout cache domain record for test.ex:
+ result=1 postmaster=1 random=2
+wrote positive callout cache address record for z@test.ex/<postmaster@myhost.test.ex>
+LOG: smtp_connection MAIN
+ SMTP connection from root closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
changed uid/gid: running as a daemon
uid=EXIM_UID gid=EXIM_GID pid=pppp
LOG: MAIN
- exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:1225 [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:1226
-set_process_info: pppp daemon(x.yz): no queue runs, listening for SMTP on [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:1225 [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:1226
+ exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:{1225,1226}
+set_process_info: pppp daemon(x.yz): no queue runs, listening for SMTP on [ip6:ip6:ip6:ip6:ip6:ip6:ip6:ip6]:{1225,1226}
daemon running with uid=EXIM_UID gid=EXIM_GID euid=EXIM_UID egid=EXIM_GID
Listening...
Exim version x.yz ....
changed uid/gid: running as a daemon
uid=EXIM_UID gid=EXIM_GID pid=pppp
LOG: MAIN
- exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:1227 [127.0.0.1]:1225
-set_process_info: pppp daemon(x.yz): no queue runs, listening for SMTP on [127.0.0.1]:1227 [127.0.0.1]:1225
+ exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:{1227,1225}
+set_process_info: pppp daemon(x.yz): no queue runs, listening for SMTP on [127.0.0.1]:{1227,1225}
daemon running with uid=EXIM_UID gid=EXIM_GID euid=EXIM_UID egid=EXIM_GID
Listening...
Exim version x.yz ....
SMTP<< 250 OK
SMTP<< 250 Accepted
SMTP<< 354 Enter message, ending with "." on a line by itself
- SMTP<< 250 OK id=10HmaZ-0005vi-00
- SMTP>> EHLO myhost.test.ex
+ SMTP<< 250 OK id=10HmbA-0005vi-00
+LOG: MAIN
+ => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+LOG: MAIN
+ Completed
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
+ SMTP>> RCPT TO:<userz@test.ex>
+ SMTP>> DATA
cmd buf flush ddd bytes
- SMTP<< 250-myhost.test.ex Hello localhost [127.0.0.1]
- 250-SIZE 52428800
- 250-8BITMIME
- 250-PIPELINING
- 250-STARTTLS
- 250 HELP
+ SMTP<< 250 OK
+ SMTP<< 250 Accepted
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+ SMTP<< 250 OK id=10HmbB-0005vi-00
SMTP(close)>>
LOG: MAIN
- => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
+ => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00"
LOG: MAIN
Completed
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
Exim version x.yz ....
configuration file is TESTSUITE/test-config
trusted user
admin user
- SMTP>> STARTTLS
-cmd buf flush ddd bytes
- SMTP<< 220 TLS go ahead
- SMTP>> EHLO myhost.test.ex
-cmd buf flush ddd bytes
- SMTP<< 250-myhost.test.ex Hello localhost [127.0.0.1]
- 250-SIZE 52428800
- 250-8BITMIME
- 250-PIPELINING
- 250 HELP
SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
SMTP>> RCPT TO:<usery@test.ex>
SMTP>> DATA
SMTP<< 250 OK
SMTP<< 250 Accepted
SMTP<< 354 Enter message, ending with "." on a line by itself
- SMTP<< 250 OK id=10HmbA-0005vi-00
+ SMTP<< 250 OK id=10HmbC-0005vi-00
SMTP>> QUIT
cmd buf flush ddd bytes
SMTP(close)>>
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
LOG: MAIN
- => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+ => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
SMTP<< 250 OK
SMTP<< 250 Accepted
SMTP<< 354 Enter message, ending with "." on a line by itself
- SMTP<< 250 OK id=10HmaZ-0005vi-00
- SMTP>> EHLO myhost.test.ex
+ SMTP<< 250 OK id=10HmbA-0005vi-00
+LOG: MAIN
+ => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+LOG: MAIN
+ Completed
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
+ SMTP>> RCPT TO:<userz@test.ex>
+ SMTP>> DATA
cmd buf flush ddd bytes
- SMTP<< 250-myhost.test.ex Hello localhost [127.0.0.1]
- 250-SIZE 52428800
- 250-8BITMIME
- 250-PIPELINING
- 250-STARTTLS
- 250 HELP
+ SMTP<< 250 OK
+ SMTP<< 250 Accepted
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+ SMTP<< 250 OK id=10HmbB-0005vi-00
SMTP(close)>>
LOG: MAIN
- => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
+ => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00"
LOG: MAIN
Completed
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
Exim version x.yz ....
configuration file is TESTSUITE/test-config
trusted user
admin user
- SMTP>> STARTTLS
-cmd buf flush ddd bytes
- SMTP<< 220 TLS go ahead
- SMTP>> EHLO myhost.test.ex
-cmd buf flush ddd bytes
- SMTP<< 250-myhost.test.ex Hello localhost [127.0.0.1]
- 250-SIZE 52428800
- 250-8BITMIME
- 250-PIPELINING
- 250 HELP
SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
- SMTP>> RCPT TO:<userx@test.ex>
+ SMTP>> RCPT TO:<usery@test.ex>
SMTP>> DATA
cmd buf flush ddd bytes
SMTP<< 250 OK
SMTP<< 250 Accepted
SMTP<< 354 Enter message, ending with "." on a line by itself
- SMTP<< 250 OK id=10HmbA-0005vi-00
+ SMTP<< 250 OK id=10HmbC-0005vi-00
SMTP>> QUIT
cmd buf flush ddd bytes
SMTP(close)>>
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
LOG: MAIN
- => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+ => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
Exim version x.yz ....
configuration file is TESTSUITE/test-config
admin user
-considering: ${perl{foo}{arg1}}
-considering: foo}{arg1}}
- expanding: foo
- result: foo
-considering: arg1}}
- expanding: arg1
- result: arg1
+ ┌considering: ${perl{foo}{arg1}}
+ ┌considering: foo}{arg1}}
+ ├──expanding: foo
+ └─────result: foo
+ ┌considering: arg1}}
+ ├──expanding: arg1
+ └─────result: arg1
Starting Perl interpreter
- expanding: ${perl{foo}{arg1}}
- result: Subroutine foo called with args: arg1
-considering: ${perl{foo_undef}}
-considering: foo_undef}}
- expanding: foo_undef
- result: foo_undef
-failed to expand: ${perl{foo_undef}}
- error message: Perl subroutine "foo_undef" returned undef to force failure
-failure was forced
-considering: ${perl{debug_write}{debug from Perl\n}}
-considering: debug_write}{debug from Perl\n}}
- expanding: debug_write
- result: debug_write
-considering: debug from Perl\n}}
- expanding: debug from Perl\n
- result: debug from Perl
-
+ ├──expanding: ${perl{foo}{arg1}}
+ └─────result: Subroutine foo called with args: arg1
+ ┌considering: ${perl{foo_undef}}
+ ┌considering: foo_undef}}
+ ├──expanding: foo_undef
+ └─────result: foo_undef
+ ├failed to expand: ${perl{foo_undef}}
+ ├───error message: Perl subroutine "foo_undef" returned undef to force failure
+ └failure was forced
+ ┌considering: ${perl{debug_write}{debug from Perl\n}}
+ ┌considering: debug_write}{debug from Perl\n}}
+ ├──expanding: debug_write
+ └─────result: debug_write
+ ┌considering: debug from Perl\n}}
+ ├──expanding: debug from Perl\n
+ └─────result: debug from Perl
+
debug from Perl
- expanding: ${perl{debug_write}{debug from Perl\n}}
- result: Wrote debug
-considering: ${perl{log_write}{log from Perl}}
-considering: log_write}{log from Perl}}
- expanding: log_write
- result: log_write
-considering: log from Perl}}
- expanding: log from Perl
- result: log from Perl
+ ├──expanding: ${perl{debug_write}{debug from Perl\n}}
+ └─────result: Wrote debug
+ ┌considering: ${perl{log_write}{log from Perl}}
+ ┌considering: log_write}{log from Perl}}
+ ├──expanding: log_write
+ └─────result: log_write
+ ┌considering: log from Perl}}
+ ├──expanding: log from Perl
+ └─────result: log from Perl
LOG: MAIN
log from Perl
- expanding: ${perl{log_write}{log from Perl}}
- result: Wrote log
+ ├──expanding: ${perl{log_write}{log from Perl}}
+ └─────result: Wrote log
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
LOG: smtp_connection MAIN
SMTP connection from CALLER
250-SIZE 52428800
250-8BITMIME
250-ETRN
+250-VRFY
250-EXPN
250-PIPELINING
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
+1999-03-02 09:44:33 10HmaY-0005vi-00 malware acl condition: f-prot6d [127.0.0.1]:1111 : unable to read from socket (Connection timed out)
--- /dev/null
+
+******** SERVER ********
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)
+>>> xxx in helo_lookup_domains? no (end of list)
+>>> processing "accept"
+>>> accept: condition test succeeded in inline ACL
+>>> end of inline ACL: ACCEPT
+>>> host in ignore_fromline_hosts? no (option unset)
+LOG: 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded]
+>>> processing "accept"
+>>> check logwrite = signer: test.ex bits: 1024
+LOG: 10HmaX-0005vi-00 signer: test.ex bits: 1024
+>>> accept: condition test succeeded in inline ACL
+>>> end of inline ACL: ACCEPT
+LOG: 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net
+++ /dev/null
-
-******** SERVER ********
--- /dev/null
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+Connecting to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:1225 ... connected
+ SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ SMTP>> EHLO myhost.test.ex
+cmd buf flush ddd bytes
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250 HELP
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
+ SMTP>> RCPT TO:<d@test.ex>
+ SMTP>> DATA
+cmd buf flush ddd bytes
+ SMTP<< 250 OK
+ SMTP<< 250 Accepted
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+PDKIM (checking verify key)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+ Raw record: v=DKIM1\;{SP}p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB
+ v=DKIM1\
+ p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB
+ Error while parsing public key record
+WARNING: bad dkim key in dns
+PDKIM (finished checking verify key)<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+content{CR}{LF}
+PDKIM [test.ex] Body bytes hashed: 9
+PDKIM [test.ex] Body hash computed: fc06f48221d98ad6106c3845b33a2a41152482ab9e697f736ad26db4853fa657
+PDKIM >> Header data for hash, canonicalized, in sequence >>>>>>>>>>>>>>
+sender:CALLER_NAME{SP}<CALLER@myhost.test.ex>{CR}{LF}
+message-id:<E10HmbD-0005vi-00@myhost.test.ex>{CR}{LF}
+from:nobody@example.com{CR}{LF}
+PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>
+dkim-signature:v=1;{SP}a=rsa-sha256;{SP}q=dns/txt;{SP}c=relaxed/relaxed;{SP}d=test.ex;{SP}s=sel_bad;{SP}h=Date:Sender:Message-Id:From:Reply-To:Subject:To:Cc:MIME-Version:{SP}Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:{SP}Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:{SP}In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:{SP}List-Post:List-Owner:List-Archive;{SP}bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=;{SP}b=;
+ SMTP<< 250 OK id=10HmbE-0005vi-00
+ SMTP>> QUIT
+cmd buf flush ddd bytes
+ SMTP(close)>>
+LOG: MAIN
+ => d@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbE-0005vi-00"
+LOG: MAIN
+ Completed
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+
+******** SERVER ********
--- /dev/null
+
+******** SERVER ********
--- /dev/null
+### sha256, 1024b + message in 1 chunk
+### sha256, 1024b + message in 2 chunks
+
+******** SERVER ********
+### sha256, 1024b + message in 1 chunk
+### sha256, 1024b + message in 2 chunks
+++ /dev/null
-LOG: host_lookup_failed MAIN
- dnssec fail on MX for mx-unsec-a-unsec.test.ex
-LOG: host_lookup_failed MAIN
- dnssec fail on MX for mx-unsec-a-sec.test.ex
-LOG: host_lookup_failed MAIN
- dnssec fail on A for a-unsec.test.ex
processing "accept"
check verify = recipient
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-routing "FAIL cannot route this one=(FAIL)"@some.host
+routing "FAIL cannot route this one (FAIL)"@some.host
--------> b router <--------
-local_part=fail cannot route this one=(fail) domain=some.host
+local_part=fail cannot route this one (fail) domain=some.host
checking senders
y in ""? no (end of list)
x@y in ":"? no (end of list)
b router skipped: senders mismatch
--------> q router <--------
-local_part=FAIL cannot route this one=(FAIL) domain=some.host
+local_part=FAIL cannot route this one (FAIL) domain=some.host
checking domains
some.host in "test.ex"? no (end of list)
some.host in "! +local_domains"? yes (end of list)
calling q router
-q router called for "FAIL cannot route this one=(FAIL)"@some.host: domain = some.host
+q router called for "FAIL cannot route this one (FAIL)"@some.host: domain = some.host
requires uid=CALLER_UID gid=CALLER_GID current_directory=/
not running as root: cannot change uid/gid
subprocess will run with uid=EXIM_UID gid=EXIM_GID
-command wrote: FAIL cannot route this one=(FAIL)
+command wrote: FAIL cannot route this one (FAIL)
q router forced address failure
----------- end verify ------------
accept: condition test failed in inline ACL
end of inline ACL: implicit DENY
LOG: MAIN REJECT
- H=(some.name) [V4NET.2.3.4] F=<x@y> rejected RCPT <"FAIL cannot route this one=(FAIL)"@some.host>: cannot route this one=(FAIL)
+ H=(some.name) [V4NET.2.3.4] F=<x@y> rejected RCPT <"FAIL cannot route this one (FAIL)"@some.host>: cannot route this one (FAIL)
LOG: smtp_connection MAIN
SMTP connection from (some.name) [V4NET.2.3.4] closed by QUIT
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from CALLER
-considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ ├──expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ └─────result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
in dsn_advertise_hosts? no (option unset)
in pipelining_advertise_hosts? yes (matched "*")
in chunking_advertise_hosts? no (end of list)
in tls_advertise_hosts? yes (matched "*")
-considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
-considering: SERVER}{server}{queue}{cutthrough}}
- expanding: SERVER
- result: SERVER
-considering: server}{queue}{cutthrough}}
- expanding: server
- result: server
- condition: eq {SERVER}{server}
- result: false
- scanning: queue}{cutthrough}}
- expanding: queue
- result: queue
- skipping: result is not used
-considering: cutthrough}}
- expanding: cutthrough
- result: cutthrough
- expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
- result: cutthrough
+ ┌considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ ┌considering: SERVER}{server}{queue}{cutthrough}}
+ ├──expanding: SERVER
+ └─────result: SERVER
+ ┌considering: server}{queue}{cutthrough}}
+ ├──expanding: server
+ └─────result: server
+ ├──condition: eq {SERVER}{server}
+ ├─────result: false
+ ┌───scanning: queue}{cutthrough}}
+ ├──expanding: queue
+ ├─────result: queue
+ └───skipping: result is not used
+ ┌considering: cutthrough}}
+ ├──expanding: cutthrough
+ └─────result: cutthrough
+ ├──expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ └─────result: cutthrough
using ACL "cutthrough"
processing "accept"
check control = cutthrough_delivery
check verify = recipient
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: userx
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: userx
domain.com in "*"? yes (matched "*")
----------- end verify ------------
accept: condition test succeeded in ACL "cutthrough"
----------- start cutthrough setup ------------
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: userx
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: userx
domain.com in "*"? yes (matched "*")
Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
-considering: $primary_hostname
- expanding: $primary_hostname
- result: myhost.test.ex
+ ┌considering: $primary_hostname
+ ├──expanding: $primary_hostname
+ └─────result: myhost.test.ex
SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
127.0.0.1 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO myhost.test.ex
250-PIPELINING
250-STARTTLS
250 HELP
-considering: ${if eq {$address_data}{usery}{*}{:}}
-considering: $address_data}{usery}{*}{:}}
- expanding: $address_data
- result: userx
-considering: usery}{*}{:}}
- expanding: usery
- result: usery
- condition: eq {$address_data}{usery}
- result: false
- scanning: *}{:}}
- expanding: *
- result: *
- skipping: result is not used
-considering: :}}
- expanding: :
- result: :
- expanding: ${if eq {$address_data}{usery}{*}{:}}
- result: :
+ ┌considering: ${if eq {$address_data}{usery}{*}{:}}
+ ┌considering: $address_data}{usery}{*}{:}}
+ ├──expanding: $address_data
+ └─────result: userx
+ ┌considering: usery}{*}{:}}
+ ├──expanding: usery
+ └─────result: usery
+ ├──condition: eq {$address_data}{usery}
+ ├─────result: false
+ ┌───scanning: *}{:}}
+ ├──expanding: *
+ ├─────result: *
+ └───skipping: result is not used
+ ┌considering: :}}
+ ├──expanding: :
+ └─────result: :
+ ├──expanding: ${if eq {$address_data}{usery}{*}{:}}
+ └─────result: :
127.0.0.1 in hosts_avoid_tls? no (end of list)
-considering: ${if eq {$address_data}{userz}{*}{:}}
-considering: $address_data}{userz}{*}{:}}
- expanding: $address_data
- result: userx
-considering: userz}{*}{:}}
- expanding: userz
- result: userz
- condition: eq {$address_data}{userz}
- result: false
- scanning: *}{:}}
- expanding: *
- result: *
- skipping: result is not used
-considering: :}}
- expanding: :
- result: :
- expanding: ${if eq {$address_data}{userz}{*}{:}}
- result: :
+ ┌considering: ${if eq {$address_data}{userz}{*}{:}}
+ ┌considering: $address_data}{userz}{*}{:}}
+ ├──expanding: $address_data
+ └─────result: userx
+ ┌considering: userz}{*}{:}}
+ ├──expanding: userz
+ └─────result: userz
+ ├──condition: eq {$address_data}{userz}
+ ├─────result: false
+ ┌───scanning: *}{:}}
+ ├──expanding: *
+ ├─────result: *
+ └───skipping: result is not used
+ ┌considering: :}}
+ ├──expanding: :
+ └─────result: :
+ ├──expanding: ${if eq {$address_data}{userz}{*}{:}}
+ └─────result: :
127.0.0.1 in hosts_verify_avoid_tls? no (end of list)
SMTP>> STARTTLS
cmd buf flush ddd bytes
250-8BITMIME
250-PIPELINING
250 HELP
+127.0.0.1 in hosts_avoid_pipelining? no (option unset)
+using PIPELINING
+not using DSN
127.0.0.1 in hosts_require_auth? no (option unset)
- SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
-cmd buf flush ddd bytes
- SMTP<< 250 OK
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
SMTP>> RCPT TO:<userx@domain.com>
cmd buf flush ddd bytes
+ SMTP<< 250 OK
SMTP<< 250 Accepted
holding verify callout open for cutthrough delivery
----------- end cutthrough setup ------------
end of inline ACL: ACCEPT
SMTP>> DATA
SMTP<< 354 Enter message, ending with "." on a line by itself
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
-considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_rcvhost
- result: false
- scanning: from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: from $sender_rcvhost
-
- result: from
-
- skipping: result is not used
-considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_ident
- result: true
-considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
-considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: $sender_ident
- result: CALLER
- expanding: from ${quote_local_part:$sender_ident}
- result: from CALLER
- condition: def:sender_helo_name
- result: true
-considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (helo=$sender_helo_name)
-
- result: (helo=myhost.test.ex)
-
- expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}
- result: from CALLER (helo=myhost.test.ex)
-
- condition: def:received_protocol
- result: true
-considering: with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: with $received_protocol
- result: with local-esmtp
- condition: def:sender_address
- result: true
-considering: (envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (envelope-from <$sender_address>)
-
- result: (envelope-from <CALLER@myhost.test.ex>)
-
- condition: def:received_for
- result: true
-considering:
- for $received_for}}
- expanding:
- for $received_for
- result:
- for userx@domain.com
- expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- result: Received: from CALLER (helo=myhost.test.ex)
- by myhost.test.ex with local-esmtp (Exim x.yz)
- (envelope-from <CALLER@myhost.test.ex>)
- id 10HmaX-0005vi-00
- for userx@domain.com
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_rcvhost
+ ├─────result: false
+ ┌───scanning: from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: from $sender_rcvhost
+
+ ├─────result: from
+
+ └───skipping: result is not used
+ ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_ident
+ ├─────result: true
+ ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol ╎}} (Exim $version_number)
+ ╎ ${if def:sender_address {(envelope-from <$sender_address>)
+ ╎ }}id $message_exim_id${if def:received_for {
+ ╎ for $received_for}}
+ ╎├──expanding: $sender_ident
+ ╎└─────result: CALLER
+ ├──expanding: from ${quote_local_part:$sender_ident}
+ └─────result: from CALLER
+ ├──condition: def:sender_helo_name
+ ├─────result: true
+ ┌considering: (helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (helo=$sender_helo_name)
+
+ └─────result: (helo=myhost.test.ex)
+
+ ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ └─────result: from CALLER (helo=myhost.test.ex)
+
+ ├──condition: def:received_protocol
+ ├─────result: true
+ ┌considering: with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_cipher
+ ├─────result: false
+ ┌───scanning: ($tls_cipher)
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: ($tls_cipher)
+
+ ├─────result: ()
+
+ └───skipping: result is not used
+ ├──condition: def:sender_address
+ ├─────result: true
+ ┌considering: (envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (envelope-from <$sender_address>)
+
+ └─────result: (envelope-from <CALLER@myhost.test.ex>)
+
+ ├──condition: def:received_for
+ ├─────result: true
+ ┌considering:
+ for $received_for}}
+ ├──expanding:
+ for $received_for
+ └─────result:
+ for userx@domain.com
+ ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ └─────result: Received: from CALLER (helo=myhost.test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaX-0005vi-00
+ for userx@domain.com
----------- start cutthrough headers send -----------
----------- done cutthrough headers send ------------
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
SMTP>> .
SMTP<< 250 OK id=10HmaY-0005vi-00
LOG: MAIN
in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from CALLER
-considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ ├──expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ └─────result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
in dsn_advertise_hosts? no (option unset)
in pipelining_advertise_hosts? yes (matched "*")
in chunking_advertise_hosts? no (end of list)
in tls_advertise_hosts? yes (matched "*")
-considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
-considering: SERVER}{server}{queue}{cutthrough}}
- expanding: SERVER
- result: SERVER
-considering: server}{queue}{cutthrough}}
- expanding: server
- result: server
- condition: eq {SERVER}{server}
- result: false
- scanning: queue}{cutthrough}}
- expanding: queue
- result: queue
- skipping: result is not used
-considering: cutthrough}}
- expanding: cutthrough
- result: cutthrough
- expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
- result: cutthrough
+ ┌considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ ┌considering: SERVER}{server}{queue}{cutthrough}}
+ ├──expanding: SERVER
+ └─────result: SERVER
+ ┌considering: server}{queue}{cutthrough}}
+ ├──expanding: server
+ └─────result: server
+ ├──condition: eq {SERVER}{server}
+ ├─────result: false
+ ┌───scanning: queue}{cutthrough}}
+ ├──expanding: queue
+ ├─────result: queue
+ └───skipping: result is not used
+ ┌considering: cutthrough}}
+ ├──expanding: cutthrough
+ └─────result: cutthrough
+ ├──expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ └─────result: cutthrough
using ACL "cutthrough"
processing "accept"
check control = cutthrough_delivery
check verify = recipient
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: usery
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: usery
domain.com in "*"? yes (matched "*")
----------- end verify ------------
accept: condition test succeeded in ACL "cutthrough"
----------- start cutthrough setup ------------
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: usery
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: usery
domain.com in "*"? yes (matched "*")
Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
-considering: $primary_hostname
- expanding: $primary_hostname
- result: myhost.test.ex
+ ┌considering: $primary_hostname
+ ├──expanding: $primary_hostname
+ └─────result: myhost.test.ex
SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
127.0.0.1 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO myhost.test.ex
250-PIPELINING
250-STARTTLS
250 HELP
-considering: ${if eq {$address_data}{usery}{*}{:}}
-considering: $address_data}{usery}{*}{:}}
- expanding: $address_data
- result: usery
-considering: usery}{*}{:}}
- expanding: usery
- result: usery
- condition: eq {$address_data}{usery}
- result: true
-considering: *}{:}}
- expanding: *
- result: *
- scanning: :}}
- expanding: :
- result: :
- skipping: result is not used
- expanding: ${if eq {$address_data}{usery}{*}{:}}
- result: *
+ ┌considering: ${if eq {$address_data}{usery}{*}{:}}
+ ┌considering: $address_data}{usery}{*}{:}}
+ ├──expanding: $address_data
+ └─────result: usery
+ ┌considering: usery}{*}{:}}
+ ├──expanding: usery
+ └─────result: usery
+ ├──condition: eq {$address_data}{usery}
+ ├─────result: true
+ ┌considering: *}{:}}
+ ├──expanding: *
+ └─────result: *
+ ┌───scanning: :}}
+ ├──expanding: :
+ ├─────result: :
+ └───skipping: result is not used
+ ├──expanding: ${if eq {$address_data}{usery}{*}{:}}
+ └─────result: *
127.0.0.1 in hosts_avoid_tls? yes (matched "*")
+127.0.0.1 in hosts_avoid_pipelining? no (option unset)
+using PIPELINING
+not using DSN
127.0.0.1 in hosts_require_auth? no (option unset)
- SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
-cmd buf flush ddd bytes
- SMTP<< 250 OK
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
SMTP>> RCPT TO:<usery@domain.com>
cmd buf flush ddd bytes
+ SMTP<< 250 OK
SMTP<< 250 Accepted
holding verify callout open for cutthrough delivery
----------- end cutthrough setup ------------
end of inline ACL: ACCEPT
SMTP>> DATA
SMTP<< 354 Enter message, ending with "." on a line by itself
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
-considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_rcvhost
- result: false
- scanning: from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: from $sender_rcvhost
-
- result: from
-
- skipping: result is not used
-considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_ident
- result: true
-considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
-considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: $sender_ident
- result: CALLER
- expanding: from ${quote_local_part:$sender_ident}
- result: from CALLER
- condition: def:sender_helo_name
- result: true
-considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (helo=$sender_helo_name)
-
- result: (helo=myhost.test.ex)
-
- expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}
- result: from CALLER (helo=myhost.test.ex)
-
- condition: def:received_protocol
- result: true
-considering: with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: with $received_protocol
- result: with local-esmtp
- condition: def:sender_address
- result: true
-considering: (envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (envelope-from <$sender_address>)
-
- result: (envelope-from <CALLER@myhost.test.ex>)
-
- condition: def:received_for
- result: true
-considering:
- for $received_for}}
- expanding:
- for $received_for
- result:
- for usery@domain.com
- expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- result: Received: from CALLER (helo=myhost.test.ex)
- by myhost.test.ex with local-esmtp (Exim x.yz)
- (envelope-from <CALLER@myhost.test.ex>)
- id 10HmaZ-0005vi-00
- for usery@domain.com
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_rcvhost
+ ├─────result: false
+ ┌───scanning: from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: from $sender_rcvhost
+
+ ├─────result: from
+
+ └───skipping: result is not used
+ ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_ident
+ ├─────result: true
+ ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol ╎}} (Exim $version_number)
+ ╎ ${if def:sender_address {(envelope-from <$sender_address>)
+ ╎ }}id $message_exim_id${if def:received_for {
+ ╎ for $received_for}}
+ ╎├──expanding: $sender_ident
+ ╎└─────result: CALLER
+ ├──expanding: from ${quote_local_part:$sender_ident}
+ └─────result: from CALLER
+ ├──condition: def:sender_helo_name
+ ├─────result: true
+ ┌considering: (helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (helo=$sender_helo_name)
+
+ └─────result: (helo=myhost.test.ex)
+
+ ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ └─────result: from CALLER (helo=myhost.test.ex)
+
+ ├──condition: def:received_protocol
+ ├─────result: true
+ ┌considering: with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_cipher
+ ├─────result: false
+ ┌───scanning: ($tls_cipher)
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: ($tls_cipher)
+
+ ├─────result: ()
+
+ └───skipping: result is not used
+ ├──condition: def:sender_address
+ ├─────result: true
+ ┌considering: (envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (envelope-from <$sender_address>)
+
+ └─────result: (envelope-from <CALLER@myhost.test.ex>)
+
+ ├──condition: def:received_for
+ ├─────result: true
+ ┌considering:
+ for $received_for}}
+ ├──expanding:
+ for $received_for
+ └─────result:
+ for usery@domain.com
+ ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ └─────result: Received: from CALLER (helo=myhost.test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaZ-0005vi-00
+ for usery@domain.com
----------- start cutthrough headers send -----------
----------- done cutthrough headers send ------------
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
SMTP>> .
SMTP<< 250 OK id=10HmbA-0005vi-00
LOG: MAIN
in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from CALLER
-considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ ├──expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ └─────result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
in dsn_advertise_hosts? no (option unset)
in pipelining_advertise_hosts? yes (matched "*")
in chunking_advertise_hosts? no (end of list)
in tls_advertise_hosts? yes (matched "*")
-considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
-considering: SERVER}{server}{queue}{cutthrough}}
- expanding: SERVER
- result: SERVER
-considering: server}{queue}{cutthrough}}
- expanding: server
- result: server
- condition: eq {SERVER}{server}
- result: false
- scanning: queue}{cutthrough}}
- expanding: queue
- result: queue
- skipping: result is not used
-considering: cutthrough}}
- expanding: cutthrough
- result: cutthrough
- expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
- result: cutthrough
+ ┌considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ ┌considering: SERVER}{server}{queue}{cutthrough}}
+ ├──expanding: SERVER
+ └─────result: SERVER
+ ┌considering: server}{queue}{cutthrough}}
+ ├──expanding: server
+ └─────result: server
+ ├──condition: eq {SERVER}{server}
+ ├─────result: false
+ ┌───scanning: queue}{cutthrough}}
+ ├──expanding: queue
+ ├─────result: queue
+ └───skipping: result is not used
+ ┌considering: cutthrough}}
+ ├──expanding: cutthrough
+ └─────result: cutthrough
+ ├──expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ └─────result: cutthrough
using ACL "cutthrough"
processing "accept"
check control = cutthrough_delivery
check verify = recipient
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: usery
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: usery
domain.com in "*"? yes (matched "*")
----------- end verify ------------
accept: condition test succeeded in ACL "cutthrough"
----------- start cutthrough setup ------------
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: usery
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: usery
domain.com in "*"? yes (matched "*")
Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
-considering: $primary_hostname
- expanding: $primary_hostname
- result: myhost.test.ex
+ ┌considering: $primary_hostname
+ ├──expanding: $primary_hostname
+ └─────result: myhost.test.ex
SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
127.0.0.1 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO myhost.test.ex
250-PIPELINING
250-STARTTLS
250 HELP
-considering: ${if eq {$address_data}{usery}{*}{:}}
-considering: $address_data}{usery}{*}{:}}
- expanding: $address_data
- result: usery
-considering: usery}{*}{:}}
- expanding: usery
- result: usery
- condition: eq {$address_data}{usery}
- result: true
-considering: *}{:}}
- expanding: *
- result: *
- scanning: :}}
- expanding: :
- result: :
- skipping: result is not used
- expanding: ${if eq {$address_data}{usery}{*}{:}}
- result: *
+ ┌considering: ${if eq {$address_data}{usery}{*}{:}}
+ ┌considering: $address_data}{usery}{*}{:}}
+ ├──expanding: $address_data
+ └─────result: usery
+ ┌considering: usery}{*}{:}}
+ ├──expanding: usery
+ └─────result: usery
+ ├──condition: eq {$address_data}{usery}
+ ├─────result: true
+ ┌considering: *}{:}}
+ ├──expanding: *
+ └─────result: *
+ ┌───scanning: :}}
+ ├──expanding: :
+ ├─────result: :
+ └───skipping: result is not used
+ ├──expanding: ${if eq {$address_data}{usery}{*}{:}}
+ └─────result: *
127.0.0.1 in hosts_avoid_tls? yes (matched "*")
+127.0.0.1 in hosts_avoid_pipelining? no (option unset)
+using PIPELINING
+not using DSN
127.0.0.1 in hosts_require_auth? no (option unset)
- SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
-cmd buf flush ddd bytes
- SMTP<< 250 OK
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
SMTP>> RCPT TO:<usery@domain.com>
cmd buf flush ddd bytes
+ SMTP<< 250 OK
SMTP<< 250 Accepted
holding verify callout open for cutthrough delivery
----------- end cutthrough setup ------------
end of inline ACL: ACCEPT
SMTP>> DATA
SMTP<< 354 Enter message, ending with "." on a line by itself
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
-considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_rcvhost
- result: false
- scanning: from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: from $sender_rcvhost
-
- result: from
-
- skipping: result is not used
-considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_ident
- result: true
-considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
-considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: $sender_ident
- result: CALLER
- expanding: from ${quote_local_part:$sender_ident}
- result: from CALLER
- condition: def:sender_helo_name
- result: true
-considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (helo=$sender_helo_name)
-
- result: (helo=myhost.test.ex)
-
- expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}
- result: from CALLER (helo=myhost.test.ex)
-
- condition: def:received_protocol
- result: true
-considering: with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: with $received_protocol
- result: with local-esmtp
- condition: def:sender_address
- result: true
-considering: (envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (envelope-from <$sender_address>)
-
- result: (envelope-from <CALLER@myhost.test.ex>)
-
- condition: def:received_for
- result: true
-considering:
- for $received_for}}
- expanding:
- for $received_for
- result:
- for usery@domain.com
- expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- result: Received: from CALLER (helo=myhost.test.ex)
- by myhost.test.ex with local-esmtp (Exim x.yz)
- (envelope-from <CALLER@myhost.test.ex>)
- id 10HmbB-0005vi-00
- for usery@domain.com
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_rcvhost
+ ├─────result: false
+ ┌───scanning: from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: from $sender_rcvhost
+
+ ├─────result: from
+
+ └───skipping: result is not used
+ ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_ident
+ ├─────result: true
+ ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol ╎}} (Exim $version_number)
+ ╎ ${if def:sender_address {(envelope-from <$sender_address>)
+ ╎ }}id $message_exim_id${if def:received_for {
+ ╎ for $received_for}}
+ ╎├──expanding: $sender_ident
+ ╎└─────result: CALLER
+ ├──expanding: from ${quote_local_part:$sender_ident}
+ └─────result: from CALLER
+ ├──condition: def:sender_helo_name
+ ├─────result: true
+ ┌considering: (helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (helo=$sender_helo_name)
+
+ └─────result: (helo=myhost.test.ex)
+
+ ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ └─────result: from CALLER (helo=myhost.test.ex)
+
+ ├──condition: def:received_protocol
+ ├─────result: true
+ ┌considering: with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_cipher
+ ├─────result: false
+ ┌───scanning: ($tls_cipher)
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: ($tls_cipher)
+
+ ├─────result: ()
+
+ └───skipping: result is not used
+ ├──condition: def:sender_address
+ ├─────result: true
+ ┌considering: (envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (envelope-from <$sender_address>)
+
+ └─────result: (envelope-from <CALLER@myhost.test.ex>)
+
+ ├──condition: def:received_for
+ ├─────result: true
+ ┌considering:
+ for $received_for}}
+ ├──expanding:
+ for $received_for
+ └─────result:
+ for usery@domain.com
+ ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ └─────result: Received: from CALLER (helo=myhost.test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmbB-0005vi-00
+ for usery@domain.com
----------- start cutthrough headers send -----------
----------- done cutthrough headers send ------------
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
SMTP>> .
SMTP<< 250 OK id=10HmbC-0005vi-00
LOG: MAIN
in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from CALLER
-considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ ├──expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ └─────result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
in dsn_advertise_hosts? no (option unset)
in pipelining_advertise_hosts? yes (matched "*")
in chunking_advertise_hosts? no (end of list)
in tls_advertise_hosts? yes (matched "*")
-considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
-considering: SERVER}{server}{queue}{cutthrough}}
- expanding: SERVER
- result: SERVER
-considering: server}{queue}{cutthrough}}
- expanding: server
- result: server
- condition: eq {SERVER}{server}
- result: false
- scanning: queue}{cutthrough}}
- expanding: queue
- result: queue
- skipping: result is not used
-considering: cutthrough}}
- expanding: cutthrough
- result: cutthrough
- expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
- result: cutthrough
+ ┌considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ ┌considering: SERVER}{server}{queue}{cutthrough}}
+ ├──expanding: SERVER
+ └─────result: SERVER
+ ┌considering: server}{queue}{cutthrough}}
+ ├──expanding: server
+ └─────result: server
+ ├──condition: eq {SERVER}{server}
+ ├─────result: false
+ ┌───scanning: queue}{cutthrough}}
+ ├──expanding: queue
+ ├─────result: queue
+ └───skipping: result is not used
+ ┌considering: cutthrough}}
+ ├──expanding: cutthrough
+ └─────result: cutthrough
+ ├──expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ └─────result: cutthrough
using ACL "cutthrough"
processing "accept"
check control = cutthrough_delivery
check verify = recipient
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: userx
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: userx
domain.com in "*"? yes (matched "*")
----------- end verify ------------
accept: condition test succeeded in ACL "cutthrough"
----------- start cutthrough setup ------------
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: userx
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: userx
domain.com in "*"? yes (matched "*")
Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
-considering: $primary_hostname
- expanding: $primary_hostname
- result: myhost.test.ex
+ ┌considering: $primary_hostname
+ ├──expanding: $primary_hostname
+ └─────result: myhost.test.ex
SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
127.0.0.1 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO myhost.test.ex
250-PIPELINING
250-STARTTLS
250 HELP
-considering: ${if eq {$address_data}{usery}{*}{:}}
-considering: $address_data}{usery}{*}{:}}
- expanding: $address_data
- result: userx
-considering: usery}{*}{:}}
- expanding: usery
- result: usery
- condition: eq {$address_data}{usery}
- result: false
- scanning: *}{:}}
- expanding: *
- result: *
- skipping: result is not used
-considering: :}}
- expanding: :
- result: :
- expanding: ${if eq {$address_data}{usery}{*}{:}}
- result: :
+ ┌considering: ${if eq {$address_data}{usery}{*}{:}}
+ ┌considering: $address_data}{usery}{*}{:}}
+ ├──expanding: $address_data
+ └─────result: userx
+ ┌considering: usery}{*}{:}}
+ ├──expanding: usery
+ └─────result: usery
+ ├──condition: eq {$address_data}{usery}
+ ├─────result: false
+ ┌───scanning: *}{:}}
+ ├──expanding: *
+ ├─────result: *
+ └───skipping: result is not used
+ ┌considering: :}}
+ ├──expanding: :
+ └─────result: :
+ ├──expanding: ${if eq {$address_data}{usery}{*}{:}}
+ └─────result: :
127.0.0.1 in hosts_avoid_tls? no (end of list)
-considering: ${if eq {$address_data}{userz}{*}{:}}
-considering: $address_data}{userz}{*}{:}}
- expanding: $address_data
- result: userx
-considering: userz}{*}{:}}
- expanding: userz
- result: userz
- condition: eq {$address_data}{userz}
- result: false
- scanning: *}{:}}
- expanding: *
- result: *
- skipping: result is not used
-considering: :}}
- expanding: :
- result: :
- expanding: ${if eq {$address_data}{userz}{*}{:}}
- result: :
+ ┌considering: ${if eq {$address_data}{userz}{*}{:}}
+ ┌considering: $address_data}{userz}{*}{:}}
+ ├──expanding: $address_data
+ └─────result: userx
+ ┌considering: userz}{*}{:}}
+ ├──expanding: userz
+ └─────result: userz
+ ├──condition: eq {$address_data}{userz}
+ ├─────result: false
+ ┌───scanning: *}{:}}
+ ├──expanding: *
+ ├─────result: *
+ └───skipping: result is not used
+ ┌considering: :}}
+ ├──expanding: :
+ └─────result: :
+ ├──expanding: ${if eq {$address_data}{userz}{*}{:}}
+ └─────result: :
127.0.0.1 in hosts_verify_avoid_tls? no (end of list)
SMTP>> STARTTLS
cmd buf flush ddd bytes
250-8BITMIME
250-PIPELINING
250 HELP
+127.0.0.1 in hosts_avoid_pipelining? no (option unset)
+using PIPELINING
+not using DSN
127.0.0.1 in hosts_require_auth? no (option unset)
- SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
-cmd buf flush ddd bytes
- SMTP<< 250 OK
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
SMTP>> RCPT TO:<userx@domain.com>
cmd buf flush ddd bytes
+ SMTP<< 250 OK
SMTP<< 250 Accepted
holding verify callout open for cutthrough delivery
----------- end cutthrough setup ------------
end of inline ACL: ACCEPT
SMTP>> DATA
SMTP<< 354 Enter message, ending with "." on a line by itself
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
-considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_rcvhost
- result: false
- scanning: from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: from $sender_rcvhost
-
- result: from
-
- skipping: result is not used
-considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_ident
- result: true
-considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
-considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: $sender_ident
- result: CALLER
- expanding: from ${quote_local_part:$sender_ident}
- result: from CALLER
- condition: def:sender_helo_name
- result: true
-considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (helo=$sender_helo_name)
-
- result: (helo=myhost.test.ex)
-
- expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}
- result: from CALLER (helo=myhost.test.ex)
-
- condition: def:received_protocol
- result: true
-considering: with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: with $received_protocol
- result: with local-esmtp
- condition: def:sender_address
- result: true
-considering: (envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (envelope-from <$sender_address>)
-
- result: (envelope-from <CALLER@myhost.test.ex>)
-
- condition: def:received_for
- result: true
-considering:
- for $received_for}}
- expanding:
- for $received_for
- result:
- for userx@domain.com
- expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- result: Received: from CALLER (helo=myhost.test.ex)
- by myhost.test.ex with local-esmtp (Exim x.yz)
- (envelope-from <CALLER@myhost.test.ex>)
- id 10HmaX-0005vi-00
- for userx@domain.com
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_rcvhost
+ ├─────result: false
+ ┌───scanning: from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: from $sender_rcvhost
+
+ ├─────result: from
+
+ └───skipping: result is not used
+ ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_ident
+ ├─────result: true
+ ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol ╎}} (Exim $version_number)
+ ╎ ${if def:sender_address {(envelope-from <$sender_address>)
+ ╎ }}id $message_exim_id${if def:received_for {
+ ╎ for $received_for}}
+ ╎├──expanding: $sender_ident
+ ╎└─────result: CALLER
+ ├──expanding: from ${quote_local_part:$sender_ident}
+ └─────result: from CALLER
+ ├──condition: def:sender_helo_name
+ ├─────result: true
+ ┌considering: (helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (helo=$sender_helo_name)
+
+ └─────result: (helo=myhost.test.ex)
+
+ ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ └─────result: from CALLER (helo=myhost.test.ex)
+
+ ├──condition: def:received_protocol
+ ├─────result: true
+ ┌considering: with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_cipher
+ ├─────result: false
+ ┌───scanning: ($tls_cipher)
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: ($tls_cipher)
+
+ ├─────result: ()
+
+ └───skipping: result is not used
+ ├──condition: def:sender_address
+ ├─────result: true
+ ┌considering: (envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (envelope-from <$sender_address>)
+
+ └─────result: (envelope-from <CALLER@myhost.test.ex>)
+
+ ├──condition: def:received_for
+ ├─────result: true
+ ┌considering:
+ for $received_for}}
+ ├──expanding:
+ for $received_for
+ └─────result:
+ for userx@domain.com
+ ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ └─────result: Received: from CALLER (helo=myhost.test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaX-0005vi-00
+ for userx@domain.com
----------- start cutthrough headers send -----------
----------- done cutthrough headers send ------------
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
SMTP>> .
SMTP<< 250 OK id=10HmaY-0005vi-00
LOG: MAIN
in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from CALLER
-considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ ├──expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ └─────result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
in dsn_advertise_hosts? no (option unset)
in pipelining_advertise_hosts? yes (matched "*")
in chunking_advertise_hosts? no (end of list)
in tls_advertise_hosts? yes (matched "*")
-considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
-considering: SERVER}{server}{queue}{cutthrough}}
- expanding: SERVER
- result: SERVER
-considering: server}{queue}{cutthrough}}
- expanding: server
- result: server
- condition: eq {SERVER}{server}
- result: false
- scanning: queue}{cutthrough}}
- expanding: queue
- result: queue
- skipping: result is not used
-considering: cutthrough}}
- expanding: cutthrough
- result: cutthrough
- expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
- result: cutthrough
+ ┌considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ ┌considering: SERVER}{server}{queue}{cutthrough}}
+ ├──expanding: SERVER
+ └─────result: SERVER
+ ┌considering: server}{queue}{cutthrough}}
+ ├──expanding: server
+ └─────result: server
+ ├──condition: eq {SERVER}{server}
+ ├─────result: false
+ ┌───scanning: queue}{cutthrough}}
+ ├──expanding: queue
+ ├─────result: queue
+ └───skipping: result is not used
+ ┌considering: cutthrough}}
+ ├──expanding: cutthrough
+ └─────result: cutthrough
+ ├──expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ └─────result: cutthrough
using ACL "cutthrough"
processing "accept"
check control = cutthrough_delivery
check verify = recipient
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: usery
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: usery
domain.com in "*"? yes (matched "*")
----------- end verify ------------
accept: condition test succeeded in ACL "cutthrough"
----------- start cutthrough setup ------------
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: usery
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: usery
domain.com in "*"? yes (matched "*")
Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
-considering: $primary_hostname
- expanding: $primary_hostname
- result: myhost.test.ex
+ ┌considering: $primary_hostname
+ ├──expanding: $primary_hostname
+ └─────result: myhost.test.ex
SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
127.0.0.1 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO myhost.test.ex
250-PIPELINING
250-STARTTLS
250 HELP
-considering: ${if eq {$address_data}{usery}{*}{:}}
-considering: $address_data}{usery}{*}{:}}
- expanding: $address_data
- result: usery
-considering: usery}{*}{:}}
- expanding: usery
- result: usery
- condition: eq {$address_data}{usery}
- result: true
-considering: *}{:}}
- expanding: *
- result: *
- scanning: :}}
- expanding: :
- result: :
- skipping: result is not used
- expanding: ${if eq {$address_data}{usery}{*}{:}}
- result: *
+ ┌considering: ${if eq {$address_data}{usery}{*}{:}}
+ ┌considering: $address_data}{usery}{*}{:}}
+ ├──expanding: $address_data
+ └─────result: usery
+ ┌considering: usery}{*}{:}}
+ ├──expanding: usery
+ └─────result: usery
+ ├──condition: eq {$address_data}{usery}
+ ├─────result: true
+ ┌considering: *}{:}}
+ ├──expanding: *
+ └─────result: *
+ ┌───scanning: :}}
+ ├──expanding: :
+ ├─────result: :
+ └───skipping: result is not used
+ ├──expanding: ${if eq {$address_data}{usery}{*}{:}}
+ └─────result: *
127.0.0.1 in hosts_avoid_tls? yes (matched "*")
+127.0.0.1 in hosts_avoid_pipelining? no (option unset)
+using PIPELINING
+not using DSN
127.0.0.1 in hosts_require_auth? no (option unset)
- SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
-cmd buf flush ddd bytes
- SMTP<< 250 OK
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
SMTP>> RCPT TO:<usery@domain.com>
cmd buf flush ddd bytes
+ SMTP<< 250 OK
SMTP<< 250 Accepted
holding verify callout open for cutthrough delivery
----------- end cutthrough setup ------------
end of inline ACL: ACCEPT
SMTP>> DATA
SMTP<< 354 Enter message, ending with "." on a line by itself
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
-considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_rcvhost
- result: false
- scanning: from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: from $sender_rcvhost
-
- result: from
-
- skipping: result is not used
-considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_ident
- result: true
-considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
-considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: $sender_ident
- result: CALLER
- expanding: from ${quote_local_part:$sender_ident}
- result: from CALLER
- condition: def:sender_helo_name
- result: true
-considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (helo=$sender_helo_name)
-
- result: (helo=myhost.test.ex)
-
- expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}
- result: from CALLER (helo=myhost.test.ex)
-
- condition: def:received_protocol
- result: true
-considering: with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: with $received_protocol
- result: with local-esmtp
- condition: def:sender_address
- result: true
-considering: (envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (envelope-from <$sender_address>)
-
- result: (envelope-from <CALLER@myhost.test.ex>)
-
- condition: def:received_for
- result: true
-considering:
- for $received_for}}
- expanding:
- for $received_for
- result:
- for usery@domain.com
- expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- result: Received: from CALLER (helo=myhost.test.ex)
- by myhost.test.ex with local-esmtp (Exim x.yz)
- (envelope-from <CALLER@myhost.test.ex>)
- id 10HmaZ-0005vi-00
- for usery@domain.com
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_rcvhost
+ ├─────result: false
+ ┌───scanning: from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: from $sender_rcvhost
+
+ ├─────result: from
+
+ └───skipping: result is not used
+ ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_ident
+ ├─────result: true
+ ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol ╎}} (Exim $version_number)
+ ╎ ${if def:sender_address {(envelope-from <$sender_address>)
+ ╎ }}id $message_exim_id${if def:received_for {
+ ╎ for $received_for}}
+ ╎├──expanding: $sender_ident
+ ╎└─────result: CALLER
+ ├──expanding: from ${quote_local_part:$sender_ident}
+ └─────result: from CALLER
+ ├──condition: def:sender_helo_name
+ ├─────result: true
+ ┌considering: (helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (helo=$sender_helo_name)
+
+ └─────result: (helo=myhost.test.ex)
+
+ ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ └─────result: from CALLER (helo=myhost.test.ex)
+
+ ├──condition: def:received_protocol
+ ├─────result: true
+ ┌considering: with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_cipher
+ ├─────result: false
+ ┌───scanning: ($tls_cipher)
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: ($tls_cipher)
+
+ ├─────result: ()
+
+ └───skipping: result is not used
+ ├──condition: def:sender_address
+ ├─────result: true
+ ┌considering: (envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (envelope-from <$sender_address>)
+
+ └─────result: (envelope-from <CALLER@myhost.test.ex>)
+
+ ├──condition: def:received_for
+ ├─────result: true
+ ┌considering:
+ for $received_for}}
+ ├──expanding:
+ for $received_for
+ └─────result:
+ for usery@domain.com
+ ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ └─────result: Received: from CALLER (helo=myhost.test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaZ-0005vi-00
+ for usery@domain.com
----------- start cutthrough headers send -----------
----------- done cutthrough headers send ------------
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
SMTP>> .
SMTP<< 250 OK id=10HmbA-0005vi-00
LOG: MAIN
in hosts_connection_nolog? no (option unset)
LOG: smtp_connection MAIN
SMTP connection from CALLER
-considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
- result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ ├──expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ └─────result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
in dsn_advertise_hosts? no (option unset)
in pipelining_advertise_hosts? yes (matched "*")
in chunking_advertise_hosts? no (end of list)
in tls_advertise_hosts? yes (matched "*")
-considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
-considering: SERVER}{server}{queue}{cutthrough}}
- expanding: SERVER
- result: SERVER
-considering: server}{queue}{cutthrough}}
- expanding: server
- result: server
- condition: eq {SERVER}{server}
- result: false
- scanning: queue}{cutthrough}}
- expanding: queue
- result: queue
- skipping: result is not used
-considering: cutthrough}}
- expanding: cutthrough
- result: cutthrough
- expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
- result: cutthrough
+ ┌considering: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ ┌considering: SERVER}{server}{queue}{cutthrough}}
+ ├──expanding: SERVER
+ └─────result: SERVER
+ ┌considering: server}{queue}{cutthrough}}
+ ├──expanding: server
+ └─────result: server
+ ├──condition: eq {SERVER}{server}
+ ├─────result: false
+ ┌───scanning: queue}{cutthrough}}
+ ├──expanding: queue
+ ├─────result: queue
+ └───skipping: result is not used
+ ┌considering: cutthrough}}
+ ├──expanding: cutthrough
+ └─────result: cutthrough
+ ├──expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ └─────result: cutthrough
using ACL "cutthrough"
processing "accept"
check control = cutthrough_delivery
check verify = recipient
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: usery
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: usery
domain.com in "*"? yes (matched "*")
----------- end verify ------------
accept: condition test succeeded in ACL "cutthrough"
----------- start cutthrough setup ------------
domain.com in "test.ex : *.test.ex"? no (end of list)
domain.com in "! +local_domains"? yes (end of list)
-considering: $local_part
- expanding: $local_part
- result: usery
+ ┌considering: $local_part
+ ├──expanding: $local_part
+ └─────result: usery
domain.com in "*"? yes (matched "*")
Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
-considering: $primary_hostname
- expanding: $primary_hostname
- result: myhost.test.ex
+ ┌considering: $primary_hostname
+ ├──expanding: $primary_hostname
+ └─────result: myhost.test.ex
SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
127.0.0.1 in hosts_avoid_esmtp? no (option unset)
SMTP>> EHLO myhost.test.ex
250-PIPELINING
250-STARTTLS
250 HELP
-considering: ${if eq {$address_data}{usery}{*}{:}}
-considering: $address_data}{usery}{*}{:}}
- expanding: $address_data
- result: usery
-considering: usery}{*}{:}}
- expanding: usery
- result: usery
- condition: eq {$address_data}{usery}
- result: true
-considering: *}{:}}
- expanding: *
- result: *
- scanning: :}}
- expanding: :
- result: :
- skipping: result is not used
- expanding: ${if eq {$address_data}{usery}{*}{:}}
- result: *
+ ┌considering: ${if eq {$address_data}{usery}{*}{:}}
+ ┌considering: $address_data}{usery}{*}{:}}
+ ├──expanding: $address_data
+ └─────result: usery
+ ┌considering: usery}{*}{:}}
+ ├──expanding: usery
+ └─────result: usery
+ ├──condition: eq {$address_data}{usery}
+ ├─────result: true
+ ┌considering: *}{:}}
+ ├──expanding: *
+ └─────result: *
+ ┌───scanning: :}}
+ ├──expanding: :
+ ├─────result: :
+ └───skipping: result is not used
+ ├──expanding: ${if eq {$address_data}{usery}{*}{:}}
+ └─────result: *
127.0.0.1 in hosts_avoid_tls? yes (matched "*")
+127.0.0.1 in hosts_avoid_pipelining? no (option unset)
+using PIPELINING
+not using DSN
127.0.0.1 in hosts_require_auth? no (option unset)
- SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
-cmd buf flush ddd bytes
- SMTP<< 250 OK
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
SMTP>> RCPT TO:<usery@domain.com>
cmd buf flush ddd bytes
+ SMTP<< 250 OK
SMTP<< 250 Accepted
holding verify callout open for cutthrough delivery
----------- end cutthrough setup ------------
end of inline ACL: ACCEPT
SMTP>> DATA
SMTP<< 354 Enter message, ending with "." on a line by itself
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
-considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_rcvhost
- result: false
- scanning: from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: from $sender_rcvhost
-
- result: from
-
- skipping: result is not used
-considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- condition: def:sender_ident
- result: true
-considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
-considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: $sender_ident
- result: CALLER
- expanding: from ${quote_local_part:$sender_ident}
- result: from CALLER
- condition: def:sender_helo_name
- result: true
-considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (helo=$sender_helo_name)
-
- result: (helo=myhost.test.ex)
-
- expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}
- result: from CALLER (helo=myhost.test.ex)
-
- condition: def:received_protocol
- result: true
-considering: with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: with $received_protocol
- result: with local-esmtp
- condition: def:sender_address
- result: true
-considering: (envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- expanding: (envelope-from <$sender_address>)
-
- result: (envelope-from <CALLER@myhost.test.ex>)
-
- condition: def:received_for
- result: true
-considering:
- for $received_for}}
- expanding:
- for $received_for
- result:
- for usery@domain.com
- expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
- }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
- ${if def:sender_address {(envelope-from <$sender_address>)
- }}id $message_exim_id${if def:received_for {
- for $received_for}}
- result: Received: from CALLER (helo=myhost.test.ex)
- by myhost.test.ex with local-esmtp (Exim x.yz)
- (envelope-from <CALLER@myhost.test.ex>)
- id 10HmbB-0005vi-00
- for usery@domain.com
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_rcvhost
+ ├─────result: false
+ ┌───scanning: from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: from $sender_rcvhost
+
+ ├─────result: from
+
+ └───skipping: result is not used
+ ┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──condition: def:sender_ident
+ ├─────result: true
+ ┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol ╎}} (Exim $version_number)
+ ╎ ${if def:sender_address {(envelope-from <$sender_address>)
+ ╎ }}id $message_exim_id${if def:received_for {
+ ╎ for $received_for}}
+ ╎├──expanding: $sender_ident
+ ╎└─────result: CALLER
+ ├──expanding: from ${quote_local_part:$sender_ident}
+ └─────result: from CALLER
+ ├──condition: def:sender_helo_name
+ ├─────result: true
+ ┌considering: (helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (helo=$sender_helo_name)
+
+ └─────result: (helo=myhost.test.ex)
+
+ ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ └─────result: from CALLER (helo=myhost.test.ex)
+
+ ├──condition: def:received_protocol
+ ├─────result: true
+ ┌considering: with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_cipher
+ ├─────result: false
+ ┌───scanning: ($tls_cipher)
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: ($tls_cipher)
+
+ ├─────result: ()
+
+ └───skipping: result is not used
+ ├──condition: def:sender_address
+ ├─────result: true
+ ┌considering: (envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: (envelope-from <$sender_address>)
+
+ └─────result: (envelope-from <CALLER@myhost.test.ex>)
+
+ ├──condition: def:received_for
+ ├─────result: true
+ ┌considering:
+ for $received_for}}
+ ├──expanding:
+ for $received_for
+ └─────result:
+ for usery@domain.com
+ ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
+ }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ └─────result: Received: from CALLER (helo=myhost.test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmbB-0005vi-00
+ for usery@domain.com
----------- start cutthrough headers send -----------
----------- done cutthrough headers send ------------
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
SMTP>> .
SMTP<< 250 OK id=10HmbC-0005vi-00
LOG: MAIN
>>> Attempting full verification using callout
>>> callout cache: no domain record found for dane256ee.test.ex
>>> callout cache: no address record found for rcptuser@dane256ee.test.ex
->>> interface=NULL port=1225
->>> Connecting to dane256ee.test.ex [ip4.ip4.ip4.ip4]:1225 ... connected
MUNGED: ::1 will be omitted in what follows
>>> get[host|ipnode]byname[2] looked up these IP addresses:
>>> name=thishost.test.ex address=127.0.0.1
>>> ip4.ip4.ip4.ip4 in hosts_require_dane? yes (end of list)
+>>> interface=NULL port=1225
+>>> Connecting to dane256ee.test.ex [ip4.ip4.ip4.ip4]:1225 ... connected
>>> SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> ip4.ip4.ip4.ip4 in hosts_avoid_esmtp? no (option unset)
>>> SMTP>> EHLO myhost.test.ex
>>> 250-8BITMIME
>>> 250-PIPELINING
>>> 250 HELP
+>>> ip4.ip4.ip4.ip4 in hosts_avoid_pipelining? no (option unset)
>>> ip4.ip4.ip4.ip4 in hosts_require_auth? no (option unset)
->>> SMTP>> MAIL FROM:<>
->>> cmd buf flush 14 bytes
->>> SMTP<< 250 OK
+>>> SMTP>> MAIL FROM:<> SIZE=ssss
>>> SMTP>> RCPT TO:<rcptuser@dane256ee.test.ex>
->>> cmd buf flush 38 bytes
+>>> cmd buf flush 62 bytes
+>>> SMTP<< 250 OK
>>> SMTP<< 250 Accepted
>>> SMTP>> QUIT
>>> cmd buf flush 6 bytes
> reduce: +abc
> reduce: 6
> reduce: 9
+> # Check for extract corrupting reduce's
+> reduce: a , b
>
> listnamed: *.aa.bb : ^\Nxxx(.*)
> listnamed: *.aa.bb : ^\Nxxx(.*)
>>> data
??? 354
<<< 354 Enter message, ending with "." on a line by itself
+>>>
>>> Testing
>>> .
??? 250
>>> data
??? 354
<<< 354 Enter message, ending with "." on a line by itself
+>>>
>>> Testing 2
>>> .
??? 250
>>> data
??? 354
<<< 354 Enter message, ending with "." on a line by itself
+>>>
>>> Testing 3
>>> .
??? 250
>>> data
??? 354
<<< 354 Enter message, ending with "." on a line by itself
+>>>
>>> Testing 4
>>> .
??? 250
220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
252 Administrative prohibition\r
599 custom reject\r
+250 <ok_with_dom@test.ex> is deliverable\r
501 unqual: recipient address must contain a domain\r
501 empty address\r
550 Administrative prohibition\r
221 the.local.host.name closing connection\r
+**** SMTP testing session as if from host 3.3.3.3
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 <acceptable@test.ex> is deliverable\r
+221 the.local.host.name closing connection\r
+
**** SMTP testing session as if from host 2.2.2.2
**** but without any ident (RFC 1413) callback.
**** This is not for real!
End of script
Listening on port 1224 ...
Connection request from [127.0.0.1]
-550 Go away
+550 Go away (A)
QUIT
250 OK
End of script
Connection request from [127.0.0.1]
220 Connected OK
EHLO the.local.host.name
-550 Go away
+550 Go away (B)
HELO the.local.host.name
-550 Go away
+550 Go away (C)
QUIT
250 OK
End of script
250- wotcher
250-SIZE
250 OK
-MAIL FROM:<>
+MAIL FROM:<> SIZE=ssss
250 OK
RCPT TO:<ok@localhost1>
250 OK
550-Rejected after DATA: could not verify "From:" header address\r
550 bad@domain: Unrouteable address\r
250 OK\r
-451-could not connect to V4NET.0.0.0 [V4NET.0.0.0]: Network Error\r
+451-Could not complete sender verify callout: V4NET.0.0.0 [V4NET.0.0.0] : could not connect: Network Error\r
451-Could not complete sender verify callout for <callout@x>.\r
451-The mail server(s) for the domain may be temporarily unreachable, or\r
451-they may be permanently unreachable from this server. In the latter case,\r
250-mail.test.ex Hello something [V4NET.0.0.0]\r
250-SIZE 52428800\r
250-8BITMIME\r
+250-VRFY\r
250-PIPELINING\r
250 HELP\r
250 OK\r
354 Enter message, ending with "." on a line by itself\r
250 OK id=10HmaX-0005vi-00\r
221 myhost.test.ex closing connection\r
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> HELO test
+??? 250
+<<< 250 myhost.test.ex Hello localhost [127.0.0.1]
+>>> MAIL FROM:<>
+??? 250
+<<< 250 OK
+>>> RCPT TO:<x@y>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> .
+??? 250
+<<< 250 OK id=10HmbA-0005vi-00
+>>> QUIT
+End of script
> 9 >>sock error<<
> 10 >>ANSWER-10
<<
+> 11 >>ANSWER-11
+<<
>
******** SERVER ********
QUERY-10
>LF>ANSWER-10
>*eof
+Listening on port 1224 ...
+Connection request from [ip4.ip4.ip4.ip4]
+>LF>ANSWER-11
+>*eof
End of script
221 myhost.test.ex closing connection\r
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250 OK\r
-250 Accepted\r
+451 Could not complete sender verify callout\r
221 myhost.test.ex closing connection\r
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250 OK\r
221 myhost.test.ex closing connection\r
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250 OK\r
-250 Accepted\r
+451 Could not complete sender verify callout\r
221 myhost.test.ex closing connection\r
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250 OK\r
250 Accepted\r
221 the.local.host.name closing connection\r
+++++++++++++++++++++++++++
+07-Mar-2000 12:21:52 other.ex callout=accept postmaster=unknown random=unknown
07-Mar-2000 12:21:52 r1@test.ex callout=accept
07-Mar-2000 12:21:52 r1@test.ex/<postmaster@the.local.host.name> callout=accept
07-Mar-2000 12:21:52 r1@test.ex/<s1@test.ex> callout=accept
250 Accepted\r
221 the.local.host.name closing connection\r
+++++++++++++++++++++++++++
+07-Mar-2000 12:21:52 other.ex callout=accept postmaster=unknown random=unknown
07-Mar-2000 12:21:52 r12@three.test.ex callout=accept
07-Mar-2000 12:21:52 r1@test.ex callout=accept
07-Mar-2000 12:21:52 r1@test.ex/<postmaster@the.local.host.name> callout=accept
From: CALLER_NAME <CALLER@myhost.test.ex>
Date: Tue, 2 Mar 1999 09:44:33 +0000
-This is a test message.
+1:This is a test message.
.
450 TEMPERROR
250 OK
From: CALLER_NAME <CALLER@myhost.test.ex>
Date: Tue, 2 Mar 1999 09:44:33 +0000
-This is a test message.
+2: This is a test message.
.
450 TEMPERROR
QUIT
From: CALLER_NAME <CALLER@myhost.test.ex>
Date: Tue, 2 Mar 1999 09:44:33 +0000
-This is a test message.
+2: This is a test message.
.
450 TEMPERROR
QUIT
hosts_avoid_pipelining =
hosts_max_try = 5
hosts_max_try_hardlimit = 50
+hosts_noproxy_tls = *
no_hosts_override
no_hosts_randomize
hosts_require_auth =
end of ACL "chk_data": ACCEPT
calling local_scan(); timeout=300
local_scan() returned 0 NULL
-considering: ${tod_full}
- expanding: ${tod_full}
- result: Tue, 2 Mar 1999 09:44:33 +0000
+ ┌considering: ${tod_full}
+ ├──expanding: ${tod_full}
+ └─────result: Tue, 2 Mar 1999 09:44:33 +0000
Writing spool header file: TESTSUITE/spool//input//hdr.pppp
DSN: Write SPOOL :-dsn_envid NULL
DSN: Write SPOOL :-dsn_ret 0
--- /dev/null
+# Exim Configuration (X)
+# 1 "TESTSUITE/test-config"
+# 1 "TESTSUITE/test-config"
+# 1 "TESTSUITE/confs/0577./aaa"
+# 1 "TESTSUITE/confs/0577./aaa"
+# 1 "TESTSUITE/confs/0577./aaa"
+# 1 "TESTSUITE/test-config"
--- /dev/null
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+451 Could not complete sender verify callout\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+550-Verification failed for <bad@localhost>\r
+550-Called: 127.0.0.1\r
+550-Sent: RCPT TO:<bad@localhost>\r
+550-Response: 550 REJECTED rcpt\r
+550 Sender verify failed\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+550-Verification failed for <bad@localhost>\r
+550-Previous (cached) callout verification failure\r
+550 Sender verify failed\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+550-Callback setup failed while verifying <ok@localhost>\r
+550-Called: 127.0.0.1\r
+550-Sent: MAIL FROM:<>\r
+550-Response: 550 REJECT mail from\r
+550-The initial connection, or a HELO or MAIL FROM:<> command was\r
+550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards\r
+550-RFC requirements, and stops you from receiving standard bounce\r
+550-messages. This host does not accept mail from domains whose servers\r
+550-refuse bounces.\r
+550 Sender verify failed\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+550-Callback setup failed while verifying <ok@localhost>\r
+550-(result of an earlier callout reused).\r
+550-The initial connection, or a HELO or MAIL FROM:<> command was\r
+550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards\r
+550-RFC requirements, and stops you from receiving standard bounce\r
+550-messages. This host does not accept mail from domains whose servers\r
+550-refuse bounces.\r
+550 Sender verify failed\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+550-Postmaster verification failed while checking <ok@otherhost>\r
+550-Called: 127.0.0.1\r
+550-Sent: RCPT TO:<postmaster@otherhost>\r
+550-Response: 550 NOT OK rcpt postmaster\r
+550-Several RFCs state that you are required to have a postmaster\r
+550-mailbox for each mail domain. This host does not accept mail\r
+550-from domains whose servers reject the postmaster address.\r
+550 Sender verify failed\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+550-Postmaster verification failed while checking <ok@otherhost>\r
+550-(result of earlier verification reused).\r
+550-Several RFCs state that you are required to have a postmaster\r
+550-mailbox for each mail domain. This host does not accept mail\r
+550-from domains whose servers reject the postmaster address.\r
+550 Sender verify failed\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+451 Could not complete sender verify callout\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+451 Could not complete sender verify callout\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+451 Could not complete sender verify callout\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaX-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaY-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+
+******** SERVER ********
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<ok@localhost>
+250 OK mail sender
+250 OK recipient
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<bad@localhost>
+250 OK sender
+550 REJECTED rcpt
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<ok@localhost>
+550 REJECT mail from
+530 BAD SEQUENCE no sender accepted for rcpt
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<ok@otherhost>
+250 OK sender
+250 OK rcpt
+RSET
+250 OK reset
+MAIL FROM:<>
+RCPT TO:<postmaster@otherhost>
+250 OK sender
+550 NOT OK rcpt postmaster
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<ok@otherhost2>
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM:<>
+RCPT TO:<postmaster@otherhost2>
+250 OK
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost3>
+250 OK
+250 OK accepting that random recipient
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost4>
+250 OK
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost41>
+250 OK
+550 NOT OK
+RSET
+250 OK
+MAIL FROM:<>
+RCPT TO:<ok@otherhost41>
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM:<>
+RCPT TO:<postmaster@otherhost41>
+250 OK
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<ok@otherhost21>
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM:<>
+RCPT TO:<postmaster@otherhost21>
+250 OK
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<ok2@otherhost21>
+250 OK
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost31>
+250 OK
+550 NOT OK
+RSET
+250 OK
+MAIL FROM:<>
+RCPT TO:<ok@otherhost31>
+250 OK
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<okok@otherhost31>
+250 OK
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost31>
+250 OK
+550 NOT OK
+RSET
+250 OK
+MAIL FROM:<>
+RCPT TO:<okokok@otherhost31>
+250 OK
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<myhost.test.ex-dddddddd-testing@otherhost51>
+250 OK
+*sleep 2
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<okokok@otherhost52>
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM:<pmsend@a.domain>
+RCPT TO:<postmaster@otherhost52>
+250 OK
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<somesender@a.domain>
+RCPT TO:<abcd@x.y.z>
+250 OK
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<abcd@x.y.z>
+250 OK
+*sleep 2
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<>
+RCPT TO:<ok@otherhost9>
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM:<>
+RCPT TO:<postmaster@otherhost9>
+250 OK
+550 NOT OK
+RCPT TO:<postmaster>
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-Yeah mate
+250-PIPELINING
+250 OK
+MAIL FROM:<postmaster@myhost.test.ex>
+RCPT TO:<myhost.test.ex-dddddddd-testing@test.ex>
+250 OK
+550 RANDOM IS BAD
+RSET
+250 OK
+MAIL FROM:<postmaster@myhost.test.ex>
+RCPT TO:<z@test.ex>
+250 OK
+250 OK
+RSET
+250 OK
+MAIL FROM:<pmsend@b.domain>
+RCPT TO:<postmaster@test.ex>
+250 OK
+250 OK
+QUIT
+250 OK
+End of script
--- /dev/null
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> EHLO test
+??? 250-
+<<< 250-myhost.test.ex Hello test [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250 HELP
+<<< 250 HELP
+>>> MAIL FROM:<>
+??? 250
+<<< 250 OK
+>>> RCPT TO:<"name with spaces"@test.ex>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> Subject: test
+>>>
+>>> body
+>>> .
+??? 250
+<<< 250 OK id=10HmaX-0005vi-00
+>>> QUIT
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
??? 221
<<< 221 testhost.test.ex closing connection
End of script
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 testhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo tester
+??? 250-
+<<< 250-testhost.test.ex Hello tester [127.0.0.1]
+??? 250-SIZE
+<<< 250-SIZE 52428800
+??? 250-8BITMIME
+<<< 250-8BITMIME
+??? 250-PIPELINING
+<<< 250-PIPELINING
+??? 250-CHUNKING
+<<< 250-CHUNKING
+??? 250 HELP
+<<< 250 HELP
+>>> mail from:someone@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 87 last
+>>> To: Susan@random.com\n
+>>> From: Sam@random.com
+>>> Subject: This is a Bodyless test message
+>>>
+??? 552
+<<< 552 Message header not CRLF terminated
+>>> quit
+??? 221
+<<< 221 testhost.test.ex closing connection
+End of script
-
-******** SERVER ********
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250 CHUNKING
-MAIL FROM:<>
-250 OK
-RCPT TO:<a@test.ex>
-250 OK
-BDAT 329 LAST
-250 OK
-QUIT
-225 OK
-Expected EOF read from client
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 testhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo tester
+??? 250-
+<<< 250-testhost.test.ex Hello tester [127.0.0.1]
+??? 250-SIZE
+<<< 250-SIZE 52428800
+??? 250-8BITMIME
+<<< 250-8BITMIME
+??? 250-CHUNKING
+<<< 250-CHUNKING
+??? 250 HELP
+<<< 250 HELP
+>>> mail from:someone1@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 88 last
+>>> To: Susan@random.com
+>>> From: Sam@random.com
+>>> Subject: This is a bodyless test message
+>>>
+??? 250-
+<<< 250- 88 byte chunk, total 88
+??? 250
+<<< 250 OK id=10HmaX-0005vi-00
+>>> quit
+??? 221
+<<< 221 testhost.test.ex closing connection
End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250 CHUNKING
-MAIL FROM:<>
-250 good mail cmd
-RCPT TO:<b@test.ex>
-250 acceptable rcpt cmd
-BDAT 329 LAST
-Unxpected EOF read from client
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250 CHUNKING
-MAIL FROM:<>
-250 OK
-RCPT TO:<c@test.ex>
-250 OK
-BDAT 329 LAST
-250 OK
-
-Comparison failed - bailing out
-Expected: QUIT
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250 CHUNKING
-MAIL FROM:<>
-250 OK
-RCPT TO:<d@test.ex>
-250 OK
-BDAT 329 LAST
-500 oops
-QUIT
-225 OK
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 testhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo tester
+??? 250-
+<<< 250-testhost.test.ex Hello tester [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-CHUNKING
+??? 250
+<<< 250 HELP
+>>> mail from:someone2@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 100
+>>> To: Susan@random.com
+>>> From: Sam@random.com
+>>> Subject: This is a bodyfull test message
+>>>
+>>> 1234567890
+??? 250
+<<< 250 100 byte chunk received
+>>> noop
+??? 250
+<<< 250 OK
+>>> bdat 0 last
+??? 250-
+<<< 250- 0 byte chunk, total 100
+??? 250
+<<< 250 OK id=10HmaY-0005vi-00
+>>> mail from:someone3@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 10
+>>> To: Susan@
+??? 250
+<<< 250 10 byte chunk received
+>>> bdat 78 last
+>>> random.com
+>>> From: Sam@random.com
+>>> Subject: This is a bodyless test message
+>>>
+??? 250-
+<<< 250- 78 byte chunk, total 88
+??? 250
+<<< 250 OK id=10HmaZ-0005vi-00
+>>> quit
+??? 221
+<<< 221 testhost.test.ex closing connection
End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250 CHUNKING
-MAIL FROM:<>
-250 OK
-RCPT TO:<e@test.ex>
-250 OK
-BDAT 329 LAST
-400 not right now
-QUIT
-225 OK
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 testhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo tester
+??? 250-
+<<< 250-testhost.test.ex Hello tester [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-CHUNKING
+??? 250
+<<< 250 HELP
+>>> mail from:someone2A@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 100
+>>> To: Susan@random.com
+>>> From: Sam@random.com
+>>> Subject: This is a bodyfull test message
+>>>
+>>> 1234567890
+??? 250
+<<< 250 100 byte chunk received
+>>> noop
+??? 250
+<<< 250 OK
+>>> bdat 0 last
+??? 250-
+<<< 250- 0 byte chunk, total 100
+??? 250
+<<< 250 OK id=10HmbA-0005vi-00
+>>> mail from:someone3A@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 10
+>>> To: Susan@
+??? 250
+<<< 250 10 byte chunk received
+>>> bdat 78 last
+>>> random.com
+>>> From: Sam@random.com
+>>> Subject: This is a bodyless test message
+>>>
+??? 250-
+<<< 250- 78 byte chunk, total 88
+??? 250
+<<< 250 OK id=10HmbB-0005vi-00
+>>> quit
+??? 221
+<<< 221 testhost.test.ex closing connection
End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<p@test.ex>
-BDAT 329 LAST
-250 OK mail
-250 OK rcpt
-250 OK bdat
-QUIT
-225 OK
-Expected EOF read from client
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 testhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo tester
+??? 250-
+<<< 250-testhost.test.ex Hello tester [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-CHUNKING
+??? 250
+<<< 250 HELP
+>>> mail from:someone4@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 89 last
+>>> To: Susan@random.com
+>>> From: Sam@random.com
+>>> Subject: This is a bodyless test message
+>>>
+??? 421
+<<< 421 testhost.test.ex SMTP incoming data timeout - closing connection.
End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<q@test.ex>
-BDAT 329 LAST
-Unxpected EOF read from client
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<r@test.ex>
-BDAT 329 LAST
-250 OK mail
-250 OK rcpt
-250 OK bdat
-
-Comparison failed - bailing out
-Expected: QUIT
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<s@test.ex>
-BDAT 329 LAST
-550 unacceptable mail-from
-550 rcpt ungood lacking mail-from
-500 bdat ungood lacking mail-from
-QUIT
-225 OK
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 testhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo tester
+??? 250-
+<<< 250-testhost.test.ex Hello tester [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-CHUNKING
+??? 250
+<<< 250 HELP
+>>> mail from:someone5@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 88
+>>> To: Susan@random.com
+>>> From: Sam@random.com
+>>> Subject: This is a bodyless test message
+>>>
+??? 250
+<<< 250 88 byte chunk received
+>>> bdat 0
+??? 504
+<<< 504 zero size for BDAT command
+>>> quit
+??? 221
+<<< 221 testhost.test.ex closing connection
End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<s1@test.ex>
-BDAT 330 LAST
-450 greylisted mail-from
-550 rcpt ungood lacking mail-from
-500 bdat ungood lacking mail-from
-QUIT
-225 OK
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 testhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo tester
+??? 250-
+<<< 250-testhost.test.ex Hello tester [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-CHUNKING
+??? 250
+<<< 250 HELP
+>>> mail from:someone6@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 88
+>>> To: Susan@random.com
+>>> From: Sam@random.com
+>>> Subject: This is a bodyless test message
+>>>
+??? 250
+<<< 250 88 byte chunk received
+>>> data
+??? 503
+<<< 503 only BDAT permissible after non-LAST BDAT
+>>> RSET
+??? 250
+<<< 250 Reset OK
+>>> EHLO tester
+??? 250-
+<<< 250-testhost.test.ex Hello tester [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-CHUNKING
+??? 250
+<<< 250 HELP
+>>> mail from:someone7@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 88
+>>> To: Susan@random.com
+>>> From: Sam@random.com
+>>> Subject: This is a bodyless test message
+>>>
+??? 250
+<<< 250 88 byte chunk received
+>>> data
+??? 503
+<<< 503 only BDAT permissible after non-LAST BDAT
+>>> data
+??? 503
+<<< 503 only RSET accepted now
+>>> quit
+??? 221
+<<< 221 testhost.test.ex closing connection
End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<t@test.ex>
-BDAT 329 LAST
-250 OK mail
-550 no such recipient
-500 oops bdat
-QUIT
-225 OK
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 testhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo tester
+??? 250-
+<<< 250-testhost.test.ex Hello tester [127.0.0.1]
+??? 250-SIZE
+<<< 250-SIZE 52428800
+??? 250-8BITMIME
+<<< 250-8BITMIME
+??? 250-CHUNKING
+<<< 250-CHUNKING
+??? 250 HELP
+<<< 250 HELP
+>>> mail from:someone8@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 88 last\r\nTo: Susan@random.com
+>>> From: Sam@random.com
+>>> Subject: This is a bodyless test message
+>>>
+??? 250-
+<<< 250- 88 byte chunk, total 88
+??? 250
+<<< 250 OK id=10HmbD-0005vi-00
+>>> quit
+??? 221
+<<< 221 testhost.test.ex closing connection
End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<u@test.ex>
-BDAT 329 LAST
-250 OK mail
-250 OK rcpt
-500 oops bdat
-QUIT
-225 OK
-End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<v@test.ex>
-BDAT 329 LAST
-250 OK mail
-250 OK rcpt
-400 not right now bdat
-QUIT
-225 OK
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 testhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo tester
+??? 250-
+<<< 250-testhost.test.ex Hello tester [127.0.0.1]
+??? 250-SIZE
+<<< 250-SIZE 52428800
+??? 250-8BITMIME
+<<< 250-8BITMIME
+??? 250-CHUNKING
+<<< 250-CHUNKING
+??? 250 HELP
+<<< 250 HELP
+>>> mail from:someone9@some.domain
+??? 250
+<<< 250 OK
+>>> rcpt to:CALLER@test.ex
+??? 250
+<<< 250 Accepted
+>>> bdat 1\r\nTbdat 87 last
+>>> To: Susan@random.com
+>>> From: Sam@random.com
+>>> Subject: This is a bodyless test message
+>>>
+??? 554 SMTP synchronization error
+<<< 554 SMTP synchronization error
End of script
+++ /dev/null
-
-******** SERVER ********
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250 CHUNKING
-MAIL FROM:<>
-250 OK
-RCPT TO:<a@test.ex>
-250 OK
-BDAT 295
-250 OK nonlast bdat
-BDAT 8380 LAST
-250 OK bdat
-QUIT
-225 OK
-Expected EOF read from client
-End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250 CHUNKING
-MAIL FROM:<>
-250 OK
-RCPT TO:<d@test.ex>
-250 OK
-BDAT 295
-500 oops bdat-nonlast
-QUIT
-225 OK
-End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<p@test.ex>
-BDAT 295
-250 OK mail
-250 OK rcpt
-250 OK nonlast bdat
-BDAT 8380 LAST
-250 OK bdat
-QUIT
-225 OK
-Expected EOF read from client
-End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<s@test.ex>
-BDAT 295
-550 unacceptable mail-from
-550 rcpt ungood lacking mail-from
-500 bdat (nonlast) ungood lacking mail-from
-QUIT
-225 OK
-End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<t@test.ex>
-BDAT 295
-250 OK mail
-550 no such recipient
-500 oops nonlast bdat - no rcpt
-QUIT
-225 OK
-End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<t1@test.ex>
-RCPT TO:<t2@test.ex>
-BDAT 279
-250 OK mail
-550 no such recipient
-250 good recipient
-200 OK nonlast bdat
-BDAT 8380 LAST
-250 OK bdat
-QUIT
-225 OK
-End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<u@test.ex>
-BDAT 295
-250 OK mail
-250 OK rcpt
-500 oops nonlast bdat
-QUIT
-225 OK
-End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<v@test.ex>
-BDAT 295
-250 OK mail
-250 OK rcpt
-250 OK nonlast bdat
-BDAT 8380 LAST
-500 oops bdat
-QUIT
-225 OK
-End of script
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Greetings
-EHLO testhost.test.ex
-250-Hello there
-250-PIPELINING
-250 CHUNKING
-MAIL FROM:<>
-RCPT TO:<p@test.ex>
-BDAT 8191
-250 OK mail
-250 OK rcpt
-250 OK nonlast bdat
-BDAT 807 LAST
-250 OK bdat
-QUIT
-225 OK
-Expected EOF read from client
-End of script
--- /dev/null
+
+******** SERVER ********
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250 CHUNKING
+MAIL FROM:<>
+250 OK
+RCPT TO:<a@test.ex>
+250 OK
+BDAT 329 LAST
+250 OK
+QUIT
+225 OK
+Expected EOF read from client
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250 CHUNKING
+MAIL FROM:<>
+250 good mail cmd
+RCPT TO:<b@test.ex>
+250 acceptable rcpt cmd
+BDAT 329 LAST
+Unexpected EOF read from client
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250 CHUNKING
+MAIL FROM:<>
+250 OK
+RCPT TO:<c@test.ex>
+250 OK
+BDAT 329 LAST
+250 OK
+
+Comparison failed - bailing out
+Expected: QUIT
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250 CHUNKING
+MAIL FROM:<>
+250 OK
+RCPT TO:<d@test.ex>
+250 OK
+BDAT 329 LAST
+500 oops
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250 CHUNKING
+MAIL FROM:<>
+250 OK
+RCPT TO:<e@test.ex>
+250 OK
+BDAT 329 LAST
+400 not right now
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<p@test.ex>
+BDAT 329 LAST
+250 OK mail
+250 OK rcpt
+250 OK bdat
+QUIT
+225 OK
+Expected EOF read from client
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<q@test.ex>
+BDAT 329 LAST
+Unexpected EOF read from client
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<r@test.ex>
+BDAT 329 LAST
+250 OK mail
+250 OK rcpt
+250 OK bdat
+
+Comparison failed - bailing out
+Expected: QUIT
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<s@test.ex>
+BDAT 329 LAST
+550 unacceptable mail-from
+550 rcpt ungood lacking mail-from
+500 bdat ungood lacking mail-from
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<s1@test.ex>
+BDAT 330 LAST
+450 greylisted mail-from
+550 rcpt ungood lacking mail-from
+500 bdat ungood lacking mail-from
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<t@test.ex>
+BDAT 329 LAST
+250 OK mail
+550 no such recipient
+500 oops bdat
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<u@test.ex>
+BDAT 329 LAST
+250 OK mail
+250 OK rcpt
+500 oops bdat
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<v@test.ex>
+BDAT 329 LAST
+250 OK mail
+250 OK rcpt
+400 not right now bdat
+QUIT
+225 OK
+End of script
--- /dev/null
+
+******** SERVER ********
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250 CHUNKING
+MAIL FROM:<>
+250 OK
+RCPT TO:<a@test.ex>
+250 OK
+BDAT 295
+250 OK nonlast bdat
+BDAT 8380 LAST
+250 OK bdat
+QUIT
+225 OK
+Expected EOF read from client
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250 CHUNKING
+MAIL FROM:<>
+250 OK
+RCPT TO:<d@test.ex>
+250 OK
+BDAT 295
+500 oops bdat-nonlast
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<p@test.ex>
+BDAT 295
+250 OK mail
+250 OK rcpt
+250 OK nonlast bdat
+BDAT 8380 LAST
+250 OK bdat
+QUIT
+225 OK
+Expected EOF read from client
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<s@test.ex>
+BDAT 295
+550 unacceptable mail-from
+550 rcpt ungood lacking mail-from
+500 bdat (nonlast) ungood lacking mail-from
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<t@test.ex>
+BDAT 295
+250 OK mail
+550 no such recipient
+500 oops nonlast bdat - no rcpt
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<t1@test.ex>
+RCPT TO:<t2@test.ex>
+BDAT 279
+250 OK mail
+550 no such recipient
+250 good recipient
+200 OK nonlast bdat
+BDAT 8380 LAST
+250 OK bdat
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<u@test.ex>
+BDAT 295
+250 OK mail
+250 OK rcpt
+500 oops nonlast bdat
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<v@test.ex>
+BDAT 295
+250 OK mail
+250 OK rcpt
+250 OK nonlast bdat
+BDAT 8380 LAST
+500 oops bdat
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<u@test.ex>
+BDAT 295
+250 OK mail
+250 OK rcpt
+400 oops nonlast bdat
+QUIT
+225 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Greetings
+EHLO testhost.test.ex
+250-Hello there
+250-PIPELINING
+250 CHUNKING
+MAIL FROM:<>
+RCPT TO:<p@test.ex>
+BDAT 8191
+250 OK mail
+250 OK rcpt
+250 OK nonlast bdat
+BDAT 807 LAST
+250 OK bdat
+QUIT
+225 OK
+Expected EOF read from client
+End of script
> a=localhost.test.ex 127.0.0.1
> a=localhost.test.ex 127.0.0.1
>
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 myhost.test.ex Hello CALLER at test\r
+250 OK\r
+451 Temporary local problem - please try later\r
+221 myhost.test.ex closing connection\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250 HELP\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250 HELP\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH MYLOGIN PLAIN EXPLAIN EXPANDED EXPANDFAIL DEFER LOGIN\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250 HELP\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH CRAM-MD5\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH CRAM-MD5\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250 HELP\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH CRAM-MD5\r
250-SIZE 52428800\r
250-8BITMIME\r
250-ETRN\r
+250-VRFY\r
250-EXPN\r
250-PIPELINING\r
250-AUTH CRAM-MD5\r
--- /dev/null
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmbA-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+550 Administrative prohibition\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+451 Temporary local problem - please try later\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaY-0005vi-00\r
+221 myhost.test.ex closing connection\r
+
+******** SERVER ********
+Listening on port 1224 ...
+Connection request from [IP_LOOPBACK_ADDR]
+<SCAN FILE TESTSUITE/spool/scan/10HmbA-0005vi-00/10HmbA-0005vi-00.eml
+>0 <clean>
+>*eof
+End of script
+Listening on port 1224 ...
+Connection request from [IP_LOOPBACK_ADDR]
+<SCAN FILE TESTSUITE/spool/scan/10HmaZ-0005vi-00/10HmaZ-0005vi-00.eml
+>0 <infected: EICAR_Test_File> DIR/spool/scan/10HmbB-0005vi-00/10HmbB-0005vi-00.eml
+>*eof
+End of script
+Listening on port 1224 ...
+Connection request from [IP_LOOPBACK_ADDR]
+<SCAN FILE TESTSUITE/spool/scan/10HmaX-0005vi-00/10HmaX-0005vi-00.eml
+*sleep 3
+End of script
+Listening on port 1224 ...
+Connection request from [IP_LOOPBACK_ADDR]
+<SCAN FILE TESTSUITE/spool/scan/10HmaY-0005vi-00/10HmaY-0005vi-00.eml
+*sleep 3
+End of script
--- /dev/null
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> HELO clientname
+??? 250
+<<< 250 myhost.test.ex Hello clientname [IP_LOOPBACK_ADDR]
+>>> MAIL FROM:<a@test.ex>
+??? 250
+<<< 250 OK
+>>> RCPT TO:<b@test.ex>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> Subject: test
+>>>
+>>> body
+>>> .
+??? 250
+<<< 250 OK id=10HmaX-0005vi-00
+>>> QUIT
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+>>> PROXY TCP4 127.0.0.2 127.42.42.42 64000 25
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> HELO clientname
+??? 250
+<<< 250 myhost.test.ex Hello clientname [127.0.0.2]
+>>> MAIL FROM:<c@test.ex>
+??? 250
+<<< 250 OK
+>>> RCPT TO:<d@test.ex>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> Subject: test
+>>>
+>>> body
+>>> .
+??? 250
+<<< 250 OK id=10HmaY-0005vi-00
+>>> QUIT
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+>>> \x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A\x21\x11\x00\x0c\xc0\xa8\x00\x0f\xc0\xa8\x00\x05\xc2\x95\x04\x01
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> HELO clientname
+??? 250
+<<< 250 myhost.test.ex Hello clientname [192.168.0.15]
+>>> MAIL FROM:<e@test.ex>
+??? 250
+<<< 250 OK
+>>> RCPT TO:<f@test.ex>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> Subject: test
+>>>
+>>> body
+>>> .
+??? 250
+<<< 250 OK id=10HmaZ-0005vi-00
+>>> QUIT
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-533 mailbox name not allowed\r
+533 no support for internationalised mailbox name\r
221 the.local.host.name closing connection\r
220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250-the.local.host.name Hello CALLER at client.ffail\r
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-533 mailbox name not allowed\r
+533 no support for internationalised mailbox name\r
221 the.local.host.name closing connection\r
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-550-Callback setup failed while verifying <userA@test.ex>\r
-550-533 mailbox name not allowed\r
-550-The initial connection, or a HELO or MAIL FROM:<> command was\r
-550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards\r
-550-RFC requirements, and stops you from receiving standard bounce\r
-550-messages. This host does not accept mail from domains whose servers\r
-550-refuse bounces.\r
+550-Verification failed for <userA@test.ex>\r
+550-533 no support for internationalised mailbox name\r
550 Sender verify failed\r
221 the.local.host.name closing connection\r
220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-550-Callback setup failed while verifying <userB.જેઠીમધ@test.ex>\r
-550-533 mailbox name not allowed\r
-550-The initial connection, or a HELO or MAIL FROM:<> command was\r
-550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards\r
-550-RFC requirements, and stops you from receiving standard bounce\r
-550-messages. This host does not accept mail from domains whose servers\r
-550-refuse bounces.\r
+550-Verification failed for <userB.જેઠીમધ@test.ex>\r
+550-533 no support for internationalised mailbox name\r
550 Sender verify failed\r
221 the.local.host.name closing connection\r
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-533 mailbox name not allowed\r
+533 no support for internationalised mailbox name\r
221 the.local.host.name closing connection\r
220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250-the.local.host.name Hello CALLER at client.ffail\r
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-533 mailbox name not allowed\r
+533 no support for internationalised mailbox name\r
221 the.local.host.name closing connection\r
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-550-Callback setup failed while verifying <userA@test.ex>\r
-550-533 mailbox name not allowed\r
-550-The initial connection, or a HELO or MAIL FROM:<> command was\r
-550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards\r
-550-RFC requirements, and stops you from receiving standard bounce\r
-550-messages. This host does not accept mail from domains whose servers\r
-550-refuse bounces.\r
+550-Verification failed for <userA@test.ex>\r
+550-533 no support for internationalised mailbox name\r
550 Sender verify failed\r
221 the.local.host.name closing connection\r
220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-550-Callback setup failed while verifying <userB.જેઠીમધ@test.ex>\r
-550-533 mailbox name not allowed\r
-550-The initial connection, or a HELO or MAIL FROM:<> command was\r
-550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards\r
-550-RFC requirements, and stops you from receiving standard bounce\r
-550-messages. This host does not accept mail from domains whose servers\r
-550-refuse bounces.\r
+550-Verification failed for <userB.જેઠીમધ@test.ex>\r
+550-533 no support for internationalised mailbox name\r
550 Sender verify failed\r
221 the.local.host.name closing connection\r
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-533 mailbox name not allowed\r
+533 no support for internationalised mailbox name\r
221 the.local.host.name closing connection\r
220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250-the.local.host.name Hello CALLER at client.ffail\r
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-533 mailbox name not allowed\r
+533 no support for internationalised mailbox name\r
221 the.local.host.name closing connection\r
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-550-Callback setup failed while verifying <userA@test.ex>\r
-550-533 mailbox name not allowed\r
-550-The initial connection, or a HELO or MAIL FROM:<> command was\r
-550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards\r
-550-RFC requirements, and stops you from receiving standard bounce\r
-550-messages. This host does not accept mail from domains whose servers\r
-550-refuse bounces.\r
+550-Verification failed for <userA@test.ex>\r
+550-533 no support for internationalised mailbox name\r
550 Sender verify failed\r
221 the.local.host.name closing connection\r
220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250-SMTPUTF8\r
250 HELP\r
250 OK\r
-550-Callback setup failed while verifying <userB.જેઠીમધ@test.ex>\r
-550-533 mailbox name not allowed\r
-550-The initial connection, or a HELO or MAIL FROM:<> command was\r
-550-rejected. Refusing MAIL FROM:<> does not help fight spam, disregards\r
-550-RFC requirements, and stops you from receiving standard bounce\r
-550-messages. This host does not accept mail from domains whose servers\r
-550-refuse bounces.\r
+550-Verification failed for <userB.જેઠીમધ@test.ex>\r
+550-533 no support for internationalised mailbox name\r
550 Sender verify failed\r
221 the.local.host.name closing connection\r
--- /dev/null
+### sha256, 1024b + message in 1 chunk
+Connecting to 127.0.0.1 port 1224 ... connected
+??? 220
+<<< 220 testhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> EHLO xxx
+??? 250-
+<<< 250-testhost.test.ex Hello xxx [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-CHUNKING
+??? 250
+<<< 250 HELP
+>>> MAIL FROM:<CALLER@bloggs.com>
+??? 250
+<<< 250 OK
+>>> RCPT TO:<a@test.ex>
+??? 250
+<<< 250 Accepted
+>>> BDAT 557 LAST
+>>> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to
+>>> :date:message-id:subject; s=sel; bh=ZS4D3qDAC7osugrdWUTQc9HUuaSC
+>>> +ScH3/NkwGGOlT0=; b=ncPDYKtCsFuFA7wXHxagsZUh3Rpu0dK6Dl7FbkGykEwU
+>>> L/MoAe0D+Aynz+yO0k3d4vGZ6Q2sEJ4MaOZI27ezOSBsBnEhw+0uOaxE6HZew5VD
+>>> owfSxfXTkyfJd0CHdtYoXT0OqngTBOtAv87u1T4aLRDY1yAqasVuvLV7V80d4tQ=
+>>> From: mrgus@text.ex
+>>> To: bakawolf@yahoo.com
+>>> Date: Tue, 2 Mar 1999 09:44:33 +0000
+>>> Message-ID: <qwerty1234@disco-zombie.net>
+>>> Subject: simple test
+>>>
+>>> Line 1: This is a simple test.
+>>> Line 2: This is a simple test.
+??? 250- 557
+<<< 250- 557 byte chunk, total 557
+??? 250
+<<< 250 OK id=10HmaX-0005vi-00
+>>> QUIT
+??? 221
+<<< 221 testhost.test.ex closing connection
+End of script
+### sha256, 1024b + message in 2 chunks
+Connecting to 127.0.0.1 port 1224 ... connected
+??? 220
+<<< 220 testhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> EHLO xxx
+??? 250-
+<<< 250-testhost.test.ex Hello xxx [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-CHUNKING
+??? 250
+<<< 250 HELP
+>>> MAIL FROM:<CALLER@bloggs.com>
+??? 250
+<<< 250 OK
+>>> RCPT TO:<a@test.ex>
+??? 250
+<<< 250 Accepted
+>>> BDAT 525
+>>> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to
+>>> :date:message-id:subject; s=sel; bh=ZS4D3qDAC7osugrdWUTQc9HUuaSC
+>>> +ScH3/NkwGGOlT0=; b=ncPDYKtCsFuFA7wXHxagsZUh3Rpu0dK6Dl7FbkGykEwU
+>>> L/MoAe0D+Aynz+yO0k3d4vGZ6Q2sEJ4MaOZI27ezOSBsBnEhw+0uOaxE6HZew5VD
+>>> owfSxfXTkyfJd0CHdtYoXT0OqngTBOtAv87u1T4aLRDY1yAqasVuvLV7V80d4tQ=
+>>> From: mrgus@text.ex
+>>> To: bakawolf@yahoo.com
+>>> Date: Tue, 2 Mar 1999 09:44:33 +0000
+>>> Message-ID: <qwerty1234@disco-zombie.net>
+>>> Subject: simple test
+>>>
+>>> Line 1: This is a simple test.
+??? 250 525
+<<< 250 525 byte chunk received
+>>> BDAT 32 LAST
+>>> Line 2: This is a simple test.
+??? 250- 32
+<<< 250- 32 byte chunk, total 557
+??? 250
+<<< 250 OK id=10HmaY-0005vi-00
+>>> QUIT
+??? 221
+<<< 221 testhost.test.ex closing connection
+End of script
+
+******** SERVER ********
+### sha256, 1024b + message in 1 chunk
+### sha256, 1024b + message in 2 chunks
-user@mx-unsec-a-unsec.test.ex cannot be resolved at this time: host lookup did not complete
-user@mx-unsec-a-sec.test.ex cannot be resolved at this time: host lookup did not complete
-user@mx-sec-a-unsec.test.ex is undeliverable: all relevant MX records point to non-existent hosts
+user@mx-unsec-a-unsec.test.ex cannot be resolved at this time: host lookup done insecurely
+user@mx-unsec-a-sec.test.ex cannot be resolved at this time: host lookup done insecurely
+user@mx-sec-a-unsec.test.ex cannot be resolved at this time: host lookup done insecurely
user@mx-sec-a-sec.test.ex
router = dnslookup, transport = smtp
host a-sec.test.ex [V4NET.0.0.100] MX=5 AD
250-PIPELINING\r
250 HELP\r
250 OK\r
-550 cannot route this one=(FAIL)\r
+550 cannot route this one (FAIL)\r
221 myhost.test.ex closing connection\r
git://git.exim.org / exim.git / commitdiff