but in the context of an outward SMTP delivery taking place via the &(smtp)& transport
becomes the same as &$tls_out_cipher$&.
+.new
+.vitem &$tls_in_cipher_std$&
+.vindex "&$tls_in_cipher_std$&"
+As above, but returning the RFC standard name for the cipher suite.
+.wen
+
.vitem &$tls_out_cipher$&
.vindex "&$tls_out_cipher$&"
This variable is
&<<CHAPTLS>>& for details of TLS support and chapter &<<CHAPsmtptrans>>& for
details of the &(smtp)& transport.
+,new
+.vitem &$tls_out_cipher_std$&
+.vindex "&$tls_out_cipher_std$&"
+As above, but returning the RFC standard name for the cipher suite.
+.wen
+
.vitem &$tls_out_dane$&
.vindex &$tls_out_dane$&
DANE active status. See section &<<SECDANE>>&.
used. If the expansion yields an empty string, no &'Received:'& header line is
added to the message. Otherwise, the string should start with the text
&"Received:"& and conform to the RFC 2822 specification for &'Received:'&
-header lines. The default setting is:
+header lines.
+.new
+The default setting is:
.code
received_header_text = Received: \
${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
- {${if def:sender_ident \
- {from ${quote_local_part:$sender_ident} }}\
- ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
+ {${if def:sender_ident \
+ {from ${quote_local_part:$sender_ident} }}\
+ ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
by $primary_hostname \
- ${if def:received_protocol {with $received_protocol}} \
- ${if def:tls_in_cipher {($tls_in_cipher)\n\t}}\
+ ${if def:received_protocol {with $received_protocol }}\
+ ${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}\
(Exim $version_number)\n\t\
${if def:sender_address \
{(envelope-from <$sender_address>)\n\t}}\
id $message_exim_id\
${if def:received_for {\n\tfor $received_for}}
.endd
+.wen
The reference to the TLS cipher is omitted when Exim is built without TLS
support. The use of conditional expansions ensures that this works for both
rather than being implicit for TLS-connection carried
client certificates only.
-The examples and discussion in this chapter assume that
+The examples and discussion in this chapter assume that
client-certificate authentication is being done.
The client must present a certificate,
JH/03 Debug output for ACL now gives the config file name and line number for
each verb.
+JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause.
+
Exim version 4.92
-----------------
2. A JSON lookup type, and JSON variants of the forall/any expansion conditions.
+ 3. Variables $tls_in_cipher_std, $tls_out_cipher_std giving the RFC names
+ for ciphersuites.
+
Version 4.92
--------------
string.o: $(HDRS) string.c
tls.o: $(HDRS) tls.c \
tls-gnu.c tlscert-gnu.c \
- tls-openssl.c tlscert-openssl.c
+ tls-openssl.c tlscert-openssl.c \
+ tls-cipher-stdname.c
tod.o: $(HDRS) tod.c
transport.o: $(HDRS) transport.c
tree.o: $(HDRS) tree.c
rda.c readconf.c receive.c retry.c rewrite.c rfc2047.c route.c search.c \
setenv.c environment.c \
sieve.c smtp_in.c smtp_out.c spool_in.c spool_out.c std-crypto.c store.c \
- string.c tls.c tlscert-gnu.c tlscert-openssl.c tls-gnu.c tls-openssl.c \
+ string.c tls.c tlscert-gnu.c tlscert-openssl.c tls-cipher-stdname.c \
+ tls-gnu.c tls-openssl.c \
tod.c transport.c tree.c verify.c version.c \
dkim.c dkim.h dkim_transport.c dmarc.c dmarc.h \
valgrind.h memcheck.h \
{ "tls_in_bits", vtype_int, &tls_in.bits },
{ "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
{ "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
+ { "tls_in_cipher_std", vtype_stringptr, &tls_in.cipher_stdname },
{ "tls_in_ocsp", vtype_int, &tls_in.ocsp },
{ "tls_in_ourcert", vtype_cert, &tls_in.ourcert },
{ "tls_in_peercert", vtype_cert, &tls_in.peercert },
{ "tls_out_bits", vtype_int, &tls_out.bits },
{ "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
{ "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
+ { "tls_out_cipher_std", vtype_stringptr, &tls_out.cipher_stdname },
#ifdef SUPPORT_DANE
{ "tls_out_dane", vtype_bool, &tls_out.dane_verified },
#endif
uschar *received_header_text = US
"Received: "
"${if def:sender_rcvhost {from $sender_rcvhost\n\t}"
- "{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}"
- "${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
+ "{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}"
+ "${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}"
"by $primary_hostname "
- "${if def:received_protocol {with $received_protocol}} "
- #ifdef SUPPORT_TLS
- "${if def:tls_cipher {($tls_cipher)\n\t}}"
- #endif
+ "${if def:received_protocol {with $received_protocol }}"
+#ifdef SUPPORT_TLS
+ "${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}"
+#endif
"(Exim $version_number)\n\t"
"${if def:sender_address {(envelope-from <$sender_address>)\n\t}}"
"id $message_exim_id"
int tlsa_usage; /* TLSA record(s) usage */
#endif
uschar *cipher; /* Cipher used */
+ const uschar *cipher_stdname; /* Cipher used, RFC version */
+
BOOL on_connect; /* For older MTAs that don't STARTTLS */
uschar *on_connect_ports; /* Ports always tls-on-connect */
void *ourcert; /* Certificate we presented, binary */
--- /dev/null
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) Jeremy Harris 2019 */
+/* See the file NOTICE for conditions of use and distribution. */
+
+/* Translate an IETF TLS ciphersuite code to an IETF ciphersuite name,
+for use when the TLS library do not provide such names.
+This file is #included by the tls-<library>.c file.
+
+Values for these tables pulled on 2019/02/03 from
+https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml */
+
+
+
+static const uschar * ctb_00[] = {
+[0x00] = US "TLS_NULL_WITH_NULL_NULL",
+[0x01] = US "TLS_RSA_WITH_NULL_MD5",
+[0x02] = US "TLS_RSA_WITH_NULL_SHA",
+[0x03] = US "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
+[0x04] = US "TLS_RSA_WITH_RC4_128_MD5",
+[0x05] = US "TLS_RSA_WITH_RC4_128_SHA",
+[0x06] = US "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
+[0x07] = US "TLS_RSA_WITH_IDEA_CBC_SHA",
+[0x08] = US "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
+[0x09] = US "TLS_RSA_WITH_DES_CBC_SHA",
+[0x0A] = US "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x0B] = US "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
+[0x0C] = US "TLS_DH_DSS_WITH_DES_CBC_SHA",
+[0x0D] = US "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
+[0x0E] = US "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
+[0x0F] = US "TLS_DH_RSA_WITH_DES_CBC_SHA",
+[0x10] = US "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x11] = US "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
+[0x12] = US "TLS_DHE_DSS_WITH_DES_CBC_SHA",
+[0x13] = US "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
+[0x14] = US "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
+[0x15] = US "TLS_DHE_RSA_WITH_DES_CBC_SHA",
+[0x16] = US "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x17] = US "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5",
+[0x18] = US "TLS_DH_anon_WITH_RC4_128_MD5",
+[0x19] = US "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",
+[0x1A] = US "TLS_DH_anon_WITH_DES_CBC_SHA",
+[0x1B] = US "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",
+
+[0x1E] = US "TLS_KRB5_WITH_DES_CBC_SHA",
+[0x1F] = US "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
+[0x20] = US "TLS_KRB5_WITH_RC4_128_SHA",
+[0x21] = US "TLS_KRB5_WITH_IDEA_CBC_SHA",
+[0x22] = US "TLS_KRB5_WITH_DES_CBC_MD5",
+[0x23] = US "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
+[0x24] = US "TLS_KRB5_WITH_RC4_128_MD5",
+[0x25] = US "TLS_KRB5_WITH_IDEA_CBC_MD5",
+[0x26] = US "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
+[0x27] = US "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
+[0x28] = US "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
+[0x29] = US "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
+[0x2A] = US "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
+[0x2B] = US "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
+[0x2C] = US "TLS_PSK_WITH_NULL_SHA",
+[0x2D] = US "TLS_DHE_PSK_WITH_NULL_SHA",
+[0x2E] = US "TLS_RSA_PSK_WITH_NULL_SHA",
+[0x2F] = US "TLS_RSA_WITH_AES_128_CBC_SHA",
+[0x30] = US "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
+[0x31] = US "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
+[0x32] = US "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
+[0x33] = US "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
+[0x34] = US "TLS_DH_anon_WITH_AES_128_CBC_SHA",
+[0x35] = US "TLS_RSA_WITH_AES_256_CBC_SHA",
+[0x36] = US "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
+[0x37] = US "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
+[0x38] = US "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
+[0x39] = US "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
+[0x3A] = US "TLS_DH_anon_WITH_AES_256_CBC_SHA",
+[0x3B] = US "TLS_RSA_WITH_NULL_SHA256",
+[0x3C] = US "TLS_RSA_WITH_AES_128_CBC_SHA256",
+[0x3D] = US "TLS_RSA_WITH_AES_256_CBC_SHA256",
+[0x3E] = US "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
+[0x3F] = US "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
+[0x40] = US "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
+[0x41] = US "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
+[0x42] = US "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
+[0x43] = US "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
+[0x44] = US "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
+[0x45] = US "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
+[0x46] = US "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA",
+
+[0x67] = US "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
+[0x68] = US "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
+[0x69] = US "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
+[0x6A] = US "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
+[0x6B] = US "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
+[0x6C] = US "TLS_DH_anon_WITH_AES_128_CBC_SHA256",
+[0x6D] = US "TLS_DH_anon_WITH_AES_256_CBC_SHA256",
+
+[0x84] = US "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
+[0x85] = US "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
+[0x86] = US "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
+[0x87] = US "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
+[0x88] = US "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
+[0x89] = US "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA",
+[0x8A] = US "TLS_PSK_WITH_RC4_128_SHA",
+[0x8B] = US "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x8C] = US "TLS_PSK_WITH_AES_128_CBC_SHA",
+[0x8D] = US "TLS_PSK_WITH_AES_256_CBC_SHA",
+[0x8E] = US "TLS_DHE_PSK_WITH_RC4_128_SHA",
+[0x8F] = US "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x90] = US "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
+[0x91] = US "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
+[0x92] = US "TLS_RSA_PSK_WITH_RC4_128_SHA",
+[0x93] = US "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x94] = US "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
+[0x95] = US "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
+[0x96] = US "TLS_RSA_WITH_SEED_CBC_SHA",
+[0x97] = US "TLS_DH_DSS_WITH_SEED_CBC_SHA",
+[0x98] = US "TLS_DH_RSA_WITH_SEED_CBC_SHA",
+[0x99] = US "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
+[0x9A] = US "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
+[0x9B] = US "TLS_DH_anon_WITH_SEED_CBC_SHA",
+[0x9C] = US "TLS_RSA_WITH_AES_128_GCM_SHA256",
+[0x9D] = US "TLS_RSA_WITH_AES_256_GCM_SHA384",
+[0x9E] = US "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
+[0x9F] = US "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
+[0xA0] = US "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
+[0xA1] = US "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
+[0xA2] = US "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
+[0xA3] = US "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
+[0xA4] = US "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
+[0xA5] = US "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
+[0xA6] = US "TLS_DH_anon_WITH_AES_128_GCM_SHA256",
+[0xA7] = US "TLS_DH_anon_WITH_AES_256_GCM_SHA384",
+[0xA8] = US "TLS_PSK_WITH_AES_128_GCM_SHA256",
+[0xA9] = US "TLS_PSK_WITH_AES_256_GCM_SHA384",
+[0xAA] = US "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
+[0xAB] = US "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
+[0xAC] = US "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
+[0xAD] = US "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
+[0xAE] = US "TLS_PSK_WITH_AES_128_CBC_SHA256",
+[0xAF] = US "TLS_PSK_WITH_AES_256_CBC_SHA384",
+[0xB0] = US "TLS_PSK_WITH_NULL_SHA256",
+[0xB1] = US "TLS_PSK_WITH_NULL_SHA384",
+[0xB2] = US "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
+[0xB3] = US "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
+[0xB4] = US "TLS_DHE_PSK_WITH_NULL_SHA256",
+[0xB5] = US "TLS_DHE_PSK_WITH_NULL_SHA384",
+[0xB6] = US "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
+[0xB7] = US "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
+[0xB8] = US "TLS_RSA_PSK_WITH_NULL_SHA256",
+[0xB9] = US "TLS_RSA_PSK_WITH_NULL_SHA384",
+[0xBA] = US "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBB] = US "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBC] = US "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBD] = US "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBE] = US "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0xBF] = US "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256",
+[0xC0] = US "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC1] = US "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC2] = US "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC3] = US "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC4] = US "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
+[0xC5] = US "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
+};
+static const uschar * ctb_13[] = {
+[0x01] = US "TLS_AES_128_GCM_SHA256",
+[0x02] = US "TLS_AES_256_GCM_SHA384",
+[0x03] = US "TLS_CHACHA20_POLY1305_SHA256",
+[0x04] = US "TLS_AES_128_CCM_SHA256",
+[0x05] = US "TLS_AES_128_CCM_8_SHA256",
+};
+static const uschar * ctb_c0[] = {
+[0x01] = US "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+[0x02] = US "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+[0x03] = US "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+[0x04] = US "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+[0x05] = US "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+[0x06] = US "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+[0x07] = US "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+[0x08] = US "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+[0x09] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+[0x0A] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+[0x0B] = US "TLS_ECDH_RSA_WITH_NULL_SHA",
+[0x0C] = US "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+[0x0D] = US "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x0E] = US "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+[0x0F] = US "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+[0x10] = US "TLS_ECDHE_RSA_WITH_NULL_SHA",
+[0x11] = US "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+[0x12] = US "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x13] = US "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+[0x14] = US "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+[0x15] = US "TLS_ECDH_anon_WITH_NULL_SHA",
+[0x16] = US "TLS_ECDH_anon_WITH_RC4_128_SHA",
+[0x17] = US "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+[0x18] = US "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+[0x19] = US "TLS_ECDH_anon_WITH_AES_256_CBC_SHA",
+[0x1A] = US "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
+[0x1B] = US "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
+[0x1C] = US "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
+[0x1D] = US "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
+[0x1E] = US "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
+[0x1F] = US "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
+[0x20] = US "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
+[0x21] = US "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
+[0x22] = US "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
+[0x23] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+[0x24] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+[0x25] = US "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
+[0x26] = US "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
+[0x27] = US "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+[0x28] = US "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+[0x29] = US "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
+[0x2A] = US "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
+[0x2B] = US "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+[0x2C] = US "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+[0x2D] = US "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+[0x2E] = US "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
+[0x2F] = US "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+[0x30] = US "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+[0x31] = US "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
+[0x32] = US "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
+[0x33] = US "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
+[0x34] = US "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
+[0x35] = US "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
+[0x36] = US "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
+[0x37] = US "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
+[0x38] = US "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
+[0x39] = US "TLS_ECDHE_PSK_WITH_NULL_SHA",
+[0x3A] = US "TLS_ECDHE_PSK_WITH_NULL_SHA256",
+[0x3B] = US "TLS_ECDHE_PSK_WITH_NULL_SHA384",
+[0x3C] = US "TLS_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x3D] = US "TLS_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x3E] = US "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256",
+[0x3F] = US "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384",
+[0x40] = US "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x41] = US "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x42] = US "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256",
+[0x43] = US "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384",
+[0x44] = US "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x45] = US "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x46] = US "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256",
+[0x47] = US "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384",
+[0x48] = US "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256",
+[0x49] = US "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384",
+[0x4A] = US "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256",
+[0x4B] = US "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384",
+[0x4C] = US "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x4D] = US "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x4E] = US "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256",
+[0x4F] = US "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384",
+[0x50] = US "TLS_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x51] = US "TLS_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x52] = US "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x53] = US "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x54] = US "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x55] = US "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x56] = US "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256",
+[0x57] = US "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384",
+[0x58] = US "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256",
+[0x59] = US "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384",
+[0x5A] = US "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256",
+[0x5B] = US "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384",
+[0x5C] = US "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256",
+[0x5D] = US "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384",
+[0x5E] = US "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256",
+[0x5F] = US "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384",
+[0x60] = US "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x61] = US "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x62] = US "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256",
+[0x63] = US "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384",
+[0x64] = US "TLS_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x65] = US "TLS_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x66] = US "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x67] = US "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x68] = US "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x69] = US "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x6A] = US "TLS_PSK_WITH_ARIA_128_GCM_SHA256",
+[0x6B] = US "TLS_PSK_WITH_ARIA_256_GCM_SHA384",
+[0x6C] = US "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256",
+[0x6D] = US "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384",
+[0x6E] = US "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256",
+[0x6F] = US "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",
+[0x70] = US "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",
+[0x71] = US "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",
+[0x72] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x73] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x74] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x75] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x76] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x77] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x78] = US "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
+[0x79] = US "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384",
+[0x7A] = US "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x7B] = US "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x7C] = US "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x7D] = US "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x7E] = US "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x7F] = US "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x80] = US "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256",
+[0x81] = US "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384",
+[0x82] = US "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256",
+[0x83] = US "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384",
+[0x84] = US "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256",
+[0x85] = US "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384",
+[0x86] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x87] = US "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x88] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x89] = US "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x8A] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x8B] = US "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x8C] = US "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256",
+[0x8D] = US "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384",
+[0x8E] = US "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256",
+[0x8F] = US "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384",
+[0x90] = US "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256",
+[0x91] = US "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384",
+[0x92] = US "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256",
+[0x93] = US "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384",
+[0x94] = US "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x95] = US "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x96] = US "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x97] = US "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x98] = US "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x99] = US "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x9A] = US "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
+[0x9B] = US "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+[0x9C] = US "TLS_RSA_WITH_AES_128_CCM",
+[0x9D] = US "TLS_RSA_WITH_AES_256_CCM",
+[0x9E] = US "TLS_DHE_RSA_WITH_AES_128_CCM",
+[0x9F] = US "TLS_DHE_RSA_WITH_AES_256_CCM",
+[0xA0] = US "TLS_RSA_WITH_AES_128_CCM_8",
+[0xA1] = US "TLS_RSA_WITH_AES_256_CCM_8",
+[0xA2] = US "TLS_DHE_RSA_WITH_AES_128_CCM_8",
+[0xA3] = US "TLS_DHE_RSA_WITH_AES_256_CCM_8",
+[0xA4] = US "TLS_PSK_WITH_AES_128_CCM",
+[0xA5] = US "TLS_PSK_WITH_AES_256_CCM",
+[0xA6] = US "TLS_DHE_PSK_WITH_AES_128_CCM",
+[0xA7] = US "TLS_DHE_PSK_WITH_AES_256_CCM",
+[0xA8] = US "TLS_PSK_WITH_AES_128_CCM_8",
+[0xA9] = US "TLS_PSK_WITH_AES_256_CCM_8",
+[0xAA] = US "TLS_PSK_DHE_WITH_AES_128_CCM_8",
+[0xAB] = US "TLS_PSK_DHE_WITH_AES_256_CCM_8",
+[0xAC] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
+[0xAD] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
+[0xAE] = US "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
+[0xAF] = US "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
+[0xB0] = US "TLS_ECCPWD_WITH_AES_128_GCM_SHA256",
+[0xB1] = US "TLS_ECCPWD_WITH_AES_256_GCM_SHA384",
+[0xB2] = US "TLS_ECCPWD_WITH_AES_128_CCM_SHA256",
+[0xB3] = US "TLS_ECCPWD_WITH_AES_256_CCM_SHA384",
+[0xB4] = US "TLS_SHA256_SHA256",
+[0xB5] = US "TLS_SHA384_SHA384",
+};
+static const uschar * ctb_cc[] = {
+[0xA8] = US "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+[0xA9] = US "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+[0xAA] = US "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+[0xAB] = US "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",
+[0xAC] = US "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
+[0xAD] = US "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
+[0xAE] = US "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256",
+};
+static const uschar * ctb_d0[] = {
+[0x01] = US "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256",
+[0x02] = US "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384",
+[0x03] = US "TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256",
+
+[0x05] = US "TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256",
+};
+
+static const uschar *
+cipher_stdname_tb(uschar idx, const uschar ** tb, int lim)
+{
+return idx >= lim ? NULL : tb[idx];
+}
+
+static const uschar *
+cipher_stdname(uschar id0, uschar id1)
+{
+switch (id0)
+ {
+ case 0x00: return cipher_stdname_tb(id1, ctb_00, nelem(ctb_00));
+ case 0x13: return cipher_stdname_tb(id1, ctb_13, nelem(ctb_00));
+ case 0xc0: return cipher_stdname_tb(id1, ctb_c0, nelem(ctb_c0));
+ case 0xcc: return cipher_stdname_tb(id1, ctb_cc, nelem(ctb_cc));
+ case 0xd0: return cipher_stdname_tb(id1, ctb_d0, nelem(ctb_d0));
+ default: return NULL;
+ }
+}
+
+/* vi: aw ai sw=2
+*/
+/* End of tls-cipher-stdname.c */
# include <gnutls/dane.h>
#endif
+#include "tls-cipher-stdname.c"
+
+
/* GnuTLS 2 vs 3
GnuTLS 3 only:
* Extract peer information *
*************************************************/
+static const uschar *
+cipher_stdname_kcm(gnutls_kx_algorithm_t kx, gnutls_cipher_algorithm_t cipher,
+ gnutls_mac_algorithm_t mac)
+{
+uschar cs_id[2];
+gnutls_kx_algorithm_t kx_i;
+gnutls_cipher_algorithm_t cipher_i;
+gnutls_mac_algorithm_t mac_i;
+
+for (size_t i = 0;
+ gnutls_cipher_suite_info(i, cs_id, &kx_i, &cipher_i, &mac_i, NULL);
+ i++)
+ if (kx_i == kx && cipher_i == cipher && mac_i == mac)
+ return cipher_stdname(cs_id[0], cs_id[1]);
+return NULL;
+}
+
+
+
/* Called from both server and client code.
Only this is allowed to set state->peerdn and state->have_set_peerdn
and we use that to detect double-calls.
static int
peer_status(exim_gnutls_state_st *state, uschar ** errstr)
{
-uschar cipherbuf[256];
const gnutls_datum_t *cert_list;
int old_pool, rc;
unsigned int cert_list_size = 0;
mac = gnutls_mac_get(state->session);
kx = gnutls_kx_get(state->session);
-string_format(cipherbuf, sizeof(cipherbuf),
- "%s:%s:%d",
- gnutls_protocol_get_name(protocol),
- gnutls_cipher_suite_get_name(kx, cipher, mac),
- (int) gnutls_cipher_get_key_size(cipher) * 8);
-
-/* I don't see a way that spaces could occur, in the current GnuTLS
-code base, but it was a concern in the old code and perhaps older GnuTLS
-releases did return "TLS 1.0"; play it safe, just in case. */
-for (uschar * p = cipherbuf; *p != '\0'; ++p)
- if (isspace(*p))
- *p = '-';
old_pool = store_pool;
-store_pool = POOL_PERM;
-state->ciphersuite = string_copy(cipherbuf);
+ {
+ store_pool = POOL_PERM;
+ state->ciphersuite = string_sprintf("%s:%s:%d",
+ gnutls_protocol_get_name(protocol),
+ gnutls_cipher_suite_get_name(kx, cipher, mac),
+ (int) gnutls_cipher_get_key_size(cipher) * 8);
+
+ /* I don't see a way that spaces could occur, in the current GnuTLS
+ code base, but it was a concern in the old code and perhaps older GnuTLS
+ releases did return "TLS 1.0"; play it safe, just in case. */
+
+ for (uschar * p = state->ciphersuite; *p; p++) if (isspace(*p)) *p = '-';
+ state->tlsp->cipher = state->ciphersuite;
+
+ state->tlsp->cipher_stdname = cipher_stdname_kcm(kx, cipher, mac);
+ }
store_pool = old_pool;
-state->tlsp->cipher = state->ciphersuite;
/* tls_peerdn */
cert_list = gnutls_certificate_get_peers(state->session, &cert_list_size);
-if (cert_list == NULL || cert_list_size == 0)
+if (!cert_list || cert_list_size == 0)
{
DEBUG(D_tls) debug_printf("TLS: no certificate from peer (%p & %d)\n",
cert_list, cert_list_size);
# define EXIM_HAVE_OPENSSL_DH_BITS
# define EXIM_HAVE_OPENSSL_TLS_METHOD
# define EXIM_HAVE_OPENSSL_KEYLOG
+# define EXIM_HAVE_OPENSSL_CIPHER_GET_ID
# else
# define EXIM_NEED_OPENSSL_INIT
# endif
# if OPENSSL_VERSION_NUMBER >= 0x010101000L
# define OPENSSL_HAVE_KEYLOG_CB
# define OPENSSL_HAVE_NUM_TICKETS
+# define EXIM_HAVE_OPENSSL_CIPHER_STD_NAME
# endif
#endif
# include <openssl/x509v3.h>
#endif
+#ifndef EXIM_HAVE_OPENSSL_CIPHER_STD_NAME
+# ifndef EXIM_HAVE_OPENSSL_CIPHER_GET_ID
+# define SSL_CIPHER_get_id(c) (c->id)
+# endif
+# include "tls-cipher-stdname.c"
+#endif
+
/*************************************************
* OpenSSL option parse *
*************************************************/
/*
Argument: pointer to an SSL structure for the connection
- buffer to use for answer
- size of buffer
pointer to number of bits for cipher
-Returns: nothing
+Returns: pointer to allocated string in perm-pool
*/
-static void
-construct_cipher_name(SSL *ssl, uschar *cipherbuf, int bsize, int *bits)
+static uschar *
+construct_cipher_name(SSL * ssl, int * bits)
{
+int pool = store_pool;
/* With OpenSSL 1.0.0a, 'c' needs to be const but the documentation doesn't
yet reflect that. It should be a safe change anyway, even 0.9.8 versions have
the accessor functions use const in the prototype. */
const uschar * ver = CUS SSL_get_version(ssl);
const SSL_CIPHER * c = (const SSL_CIPHER *) SSL_get_current_cipher(ssl);
+uschar * s;
SSL_CIPHER_get_bits(c, bits);
-string_format(cipherbuf, bsize, "%s:%s:%u", ver,
- SSL_CIPHER_get_name(c), *bits);
+store_pool = POOL_PERM;
+s = string_sprintf("%s:%s:%u", ver, SSL_CIPHER_get_name(c), *bits);
+store_pool = pool;
+DEBUG(D_tls) debug_printf("Cipher: %s\n", s);
+return s;
+}
+
-DEBUG(D_tls) debug_printf("Cipher: %s\n", cipherbuf);
+/* Get IETF-standard name for ciphersuite.
+Argument: pointer to an SSL structure for the connection
+Returns: pointer to string
+*/
+
+static const uschar *
+cipher_stdname_ssl(SSL * ssl)
+{
+#ifdef EXIM_HAVE_OPENSSL_CIPHER_STD_NAME
+return CUS SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl));
+#else
+ushort id = 0xffff & SSL_CIPHER_get_id(SSL_get_current_cipher(ssl));
+return cipher_stdname(id >> 8, id & 0xff);
+#endif
}
uschar * expciphers;
tls_ext_ctx_cb * cbinfo;
static uschar peerdn[256];
-static uschar cipherbuf[256];
/* Check for previous activation */
peer_cert(server_ssl, &tls_in, peerdn, sizeof(peerdn));
+tls_in.cipher = construct_cipher_name(server_ssl, &tls_in.bits);
+tls_in.cipher_stdname = cipher_stdname_ssl(server_ssl);
+
DEBUG(D_tls)
{
uschar buf[2048];
- if (SSL_get_shared_ciphers(server_ssl, CS buf, sizeof(buf)) != NULL)
+ if (SSL_get_shared_ciphers(server_ssl, CS buf, sizeof(buf)))
debug_printf("Shared ciphers: %s\n", buf);
#ifdef EXIM_HAVE_OPENSSL_KEYLOG
#endif
}
-construct_cipher_name(server_ssl, cipherbuf, sizeof(cipherbuf), &tls_in.bits);
-tls_in.cipher = cipherbuf;
-
/* Record the certificate we presented */
{
X509 * crt = SSL_get_certificate(server_ssl);
static uschar peerdn[256];
uschar * expciphers;
int rc;
-static uschar cipherbuf[256];
#ifndef DISABLE_OCSP
BOOL request_ocsp = FALSE;
peer_cert(exim_client_ctx->ssl, tlsp, peerdn, sizeof(peerdn));
-construct_cipher_name(exim_client_ctx->ssl, cipherbuf, sizeof(cipherbuf), &tlsp->bits);
-tlsp->cipher = cipherbuf;
+tlsp->cipher = construct_cipher_name(exim_client_ctx->ssl, &tlsp->bits);
+tlsp->cipher_stdname = cipher_stdname_ssl(exim_client_ctx->ssl);
/* Record the certificate we presented */
{
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
1999-03-02 09:44:33 Peer did not present a cert
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=no S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss
1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
1999-03-02 09:44:33 Peer did not present a cert
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=no S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
1999-03-02 09:44:33 Our cert SN: <CN=server1.example.com>
1999-03-02 09:44:33 Peer cert:
1999-03-02 09:44:33 sha1 fingerprint E75D537E478758010505D4F339B00DFD73728088
1999-03-02 09:44:33 sha256 fingerprint E251FA7D0372CB784294CF92B243DCE53FDDABD9F58A1B89226586C07C82CAC6
1999-03-02 09:44:33 der_b64 MIIDuDCCAqCgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwNzEUMBIGA1UEChMLZXhhbXBsZS5jb20xHzAdBgNVBAMTFmNsaWNhIFNpZ25pbmcgQ2VydCByc2EwHhcNMTIxMTAxMTI0MDA0WhcNMzcxMjAxMTI0MDA0WjAeMRwwGgYDVQQDExNzZXJ2ZXIyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52Rfiv2Igy0NiaKN5gc0VPLbEoHngkdJWv3wEORp+iFl6skQRbsCylT8djJ2pvHstFpnzSodF3Wwjj2/EDuj3iKBzN9HeXJOvJz8j9Si1xkgCxJeUjPGgYcvKdxybaZAOpi9l3xwPCCEXN4JBq/WaQQ9+eP1PczeMNfvFtXma+VcHXG743ttPOv7eSMr0JxQl3zjQvYGOhFP/KAw6jh/N6YPqii9kV0cC/ubeVzpqJ5/+hndx5YrmAu39N5qzwWujhDPkFNSgCJUhfkEiMaQiPxFxDTbUzWnQ5jpAQ5El4WJVkGWkqxose1bOjSSNzFPJt59YtxxJC3IWN3UtGODTwIDAQABo4HmMIHjMA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTgYDVR0jBEcwRYANQUFidHdDeGNYZ2IwUaExpC8wLTEUMBIGA1UEChMLZXhhbXBsZS5jb20xFTATBgNVBAMTDGNsaWNhIENBIHJzYYIBQjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vc2NwLmV4YW1wbGUuY29tLzApBgNVHREEIjAgghNzZXJ2ZXIyLmV4YW1wbGUuY29tggkqLnRlc3QuZXgwDQYJKoZIhvcNAQELBQADggEBALHOkZkvHLpNm0QSof09vmmdNFE6/+0TCIoPExeqqSOsy4NsF+Ha46WttjJRSVtbhRxF8jxEU7btPiFgQUaOcJZTwQPDhmQSOPNO8GS46oJ57aQ7U7O+X3M1sVS5Pa2IzE6vrJSh349/CNbTA8WPQdWLlxVJhJXAcZNtaEu6lCsZuDSMTpAsW5I4+snyrm3yvP5t0eD28K5LgCKePX962drkAOP6XGQ51VnbMQ7b1TSdQedtYKIpR3VKUvG5Ky/+0c+Rmwfi2aQ8oXXwekzJyS5jvovdVVsdhO68It+Rz/zursN5Pn+Gj1YuQNUs2nDrGHN+VIIFpgWUjLZO4bcJctY=
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:ke-RSA-AES256-SHA:xxx CV=yes DN="/CN=server2.example.com" S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server2.example.com" S=sss
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 Our cert SN: <CN=server1.example_ec.com>
1999-03-02 09:44:33 Peer did not present a cert
-1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLSv1:ke-ECDSA-AES256-SHA:xxx CV=no S=sss
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLS1.x:ke-ECDSA-AES256-SHAnnn:xxx CV=no S=sss
s/(could not connect to .*: Connection) reset by peer$/$1 refused/;
# ======== TLS certificate algorithms ========
+ #
+ # In Received: headers, convert RFC 8314 style ciphersuite to
+ # the older (comment) style, keeping only the Auth element
+ # (discarding kex, cipher, mac). For TLS 1.3 there is no kex
+ # element (and no _WITH); insert a spurious "RSA".
+
+ s/^\s+by .+ with .+ \K tls TLS_.*?([^_]+)_WITH.+$/(TLS1.x:ke-\1-AES256-SHAnnn:xxx)/;
+ s/^\s+by .+ with .+ \K tls TLS_.+$/(TLS1.x:ke-RSA-AES256-SHAnnn:xxx)/;
+
# Test machines might have various different TLS library versions supporting
# different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we
# treat the standard algorithms the same.
s! DN="[^,"]*\K,!/!;
',
'rejectlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /',
- 'mail' => 's/ \(TLS[^)]*\)/ (TLS_proto_and_cipher)/',
+ 'mail' => 's/^\s+by .+ with .+ \K tls TLS_.+$/(TLS_proto_and_cipher)/;
+ s/ \(TLS[^)]*\)/ (TLS_proto_and_cipher)/;
+ ',
},
'debug_pid' =>
└─────result: Tue, 2 Mar 1999 09:44:33 +0000
┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├─────result: false
┌───scanning: from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└───skipping: result is not used
┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:sender_ident
├─────result: true
┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ ╎ }}(Exim $version_number)
╎ ${if def:sender_address {(envelope-from <$sender_address>)
╎ }}id $message_exim_id${if def:received_for {
╎ for $received_for}}
├──condition: def:sender_helo_name
├─────result: false
┌───scanning: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└─────result: from CALLER
├──condition: def:received_protocol
├─────result: true
- ┌considering: with $received_protocol}} (Exim $version_number)
+ ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
- ├──expanding: with $received_protocol
- └─────result: with local
+ ├──expanding: with $received_protocol
+ └─────result: with local
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+ ┌───scanning: tls $tls_in_cipher_std
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: tls $tls_in_cipher_std
+
+ ├─────result: tls
+
+ └───skipping: result is not used
├──condition: def:sender_address
├─────result: true
┌considering: (envelope-from <$sender_address>)
└───skipping: result is not used
├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└─────result: Tue, 2 Mar 1999 09:44:33 +0000
┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├─────result: false
┌───scanning: from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└───skipping: result is not used
┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:sender_ident
├─────result: true
┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ ╎ }}(Exim $version_number)
╎ ${if def:sender_address {(envelope-from <$sender_address>)
╎ }}id $message_exim_id${if def:received_for {
╎ for $received_for}}
├──condition: def:sender_helo_name
├─────result: false
┌───scanning: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└─────result: from CALLER
├──condition: def:received_protocol
├─────result: true
- ┌considering: with $received_protocol}} (Exim $version_number)
+ ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
- ├──expanding: with $received_protocol
- └─────result: with local
+ ├──expanding: with $received_protocol
+ └─────result: with local
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+ ┌───scanning: tls $tls_in_cipher_std
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: tls $tls_in_cipher_std
+
+ ├─────result: tls
+
+ └───skipping: result is not used
├──condition: def:sender_address
├─────result: true
┌considering: (envelope-from <$sender_address>)
└───skipping: result is not used
├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└─────result: Tue, 2 Mar 1999 09:44:33 +0000
┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├─────result: false
┌───scanning: from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└───skipping: result is not used
┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:sender_ident
├─────result: true
┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ ╎ }}(Exim $version_number)
╎ ${if def:sender_address {(envelope-from <$sender_address>)
╎ }}id $message_exim_id${if def:received_for {
╎ for $received_for}}
├──condition: def:sender_helo_name
├─────result: true
┌considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:received_protocol
├─────result: true
- ┌considering: with $received_protocol}} (Exim $version_number)
+ ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
- ├──expanding: with $received_protocol
- └─────result: with local-esmtp
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+ ┌───scanning: tls $tls_in_cipher_std
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: tls $tls_in_cipher_std
+
+ ├─────result: tls
+
+ └───skipping: result is not used
├──condition: def:sender_address
├─────result: true
┌considering: (envelope-from <$sender_address>)
for userx@domain.com
├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└─────result: Tue, 2 Mar 1999 09:44:33 +0000
┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├─────result: false
┌───scanning: from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└───skipping: result is not used
┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:sender_ident
├─────result: true
┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ ╎ }}(Exim $version_number)
╎ ${if def:sender_address {(envelope-from <$sender_address>)
╎ }}id $message_exim_id${if def:received_for {
╎ for $received_for}}
├──condition: def:sender_helo_name
├─────result: true
┌considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:received_protocol
├─────result: true
- ┌considering: with $received_protocol}} (Exim $version_number)
+ ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+ ┌───scanning: tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
- ├──expanding: with $received_protocol
- └─────result: with local-esmtp
+ ├──expanding: tls $tls_in_cipher_std
+
+ ├─────result: tls
+
+ └───skipping: result is not used
├──condition: def:sender_address
├─────result: true
┌considering: (envelope-from <$sender_address>)
for usery@domain.com
├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└─────result: Tue, 2 Mar 1999 09:44:33 +0000
┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├─────result: false
┌───scanning: from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└───skipping: result is not used
┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:sender_ident
├─────result: true
┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ ╎ }}(Exim $version_number)
╎ ${if def:sender_address {(envelope-from <$sender_address>)
╎ }}id $message_exim_id${if def:received_for {
╎ for $received_for}}
├──condition: def:sender_helo_name
├─────result: true
┌considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:received_protocol
├─────result: true
- ┌considering: with $received_protocol}} (Exim $version_number)
+ ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+ ┌───scanning: tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
- ├──expanding: with $received_protocol
- └─────result: with local-esmtp
+ ├──expanding: tls $tls_in_cipher_std
+
+ ├─────result: tls
+
+ └───skipping: result is not used
├──condition: def:sender_address
├─────result: true
┌considering: (envelope-from <$sender_address>)
for usery@domain.com
├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└─────result: Tue, 2 Mar 1999 09:44:33 +0000
┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├─────result: false
┌───scanning: from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└───skipping: result is not used
┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:sender_ident
├─────result: true
┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ ╎ }}(Exim $version_number)
╎ ${if def:sender_address {(envelope-from <$sender_address>)
╎ }}id $message_exim_id${if def:received_for {
╎ for $received_for}}
├──condition: def:sender_helo_name
├─────result: true
┌considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:received_protocol
├─────result: true
- ┌considering: with $received_protocol}} (Exim $version_number)
+ ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
- ├──expanding: with $received_protocol
- └─────result: with local-esmtp
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+ ┌───scanning: tls $tls_in_cipher_std
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: tls $tls_in_cipher_std
+
+ ├─────result: tls
+
+ └───skipping: result is not used
├──condition: def:sender_address
├─────result: true
┌considering: (envelope-from <$sender_address>)
for userx@domain.com
├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└─────result: Tue, 2 Mar 1999 09:44:33 +0000
┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├─────result: false
┌───scanning: from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└───skipping: result is not used
┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:sender_ident
├─────result: true
┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ ╎ }}(Exim $version_number)
╎ ${if def:sender_address {(envelope-from <$sender_address>)
╎ }}id $message_exim_id${if def:received_for {
╎ for $received_for}}
├──condition: def:sender_helo_name
├─────result: true
┌considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:received_protocol
├─────result: true
- ┌considering: with $received_protocol}} (Exim $version_number)
+ ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+ ┌───scanning: tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
- ├──expanding: with $received_protocol
- └─────result: with local-esmtp
+ ├──expanding: tls $tls_in_cipher_std
+
+ ├─────result: tls
+
+ └───skipping: result is not used
├──condition: def:sender_address
├─────result: true
┌considering: (envelope-from <$sender_address>)
for usery@domain.com
├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└─────result: Tue, 2 Mar 1999 09:44:33 +0000
┌considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├─────result: false
┌───scanning: from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
└───skipping: result is not used
┌considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:sender_ident
├─────result: true
┌considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
╎┌considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ ╎ }}(Exim $version_number)
╎ ${if def:sender_address {(envelope-from <$sender_address>)
╎ }}id $message_exim_id${if def:received_for {
╎ for $received_for}}
├──condition: def:sender_helo_name
├─────result: true
┌considering: (helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
├──condition: def:received_protocol
├─────result: true
- ┌considering: with $received_protocol}} (Exim $version_number)
+ ┌considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
+ ${if def:sender_address {(envelope-from <$sender_address>)
+ }}id $message_exim_id${if def:received_for {
+ for $received_for}}
+ ├──expanding: with $received_protocol
+ └─────result: with local-esmtp
+ ├──condition: def:tls_in_cipher_std
+ ├─────result: false
+ ┌───scanning: tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
- ├──expanding: with $received_protocol
- └─────result: with local-esmtp
+ ├──expanding: tls $tls_in_cipher_std
+
+ ├─────result: tls
+
+ └───skipping: result is not used
├──condition: def:sender_address
├─────result: true
┌considering: (envelope-from <$sender_address>)
for usery@domain.com
├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
- }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol}} (Exim $version_number)
+ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
+ }}(Exim $version_number)
${if def:sender_address {(envelope-from <$sender_address>)
}}id $message_exim_id${if def:received_for {
for $received_for}}
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> noop
????554 Security failure
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> helo rhu.barb
??? 250
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> mail from:<userx@test.ex>
??? 250
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> mail from:<userx@test.ex>
??? 250
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> noop
????554 Security failure
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> mail from:<userx@test.ex>
??? 250
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> noop
????554 Security failure
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> mail from:<userx@test.ex>
??? 250
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> mail from:<userx@test.ex>
??? 250
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> noop
????554 Security failure
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> mail from:<CALLER@test.ex>
??? 250
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> mail from:<"name with spaces"@test.ex>
??? 250
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> noop
????554
??? 220
<<< 220 TLS go ahead
Attempting to start TLS
-SSL connection using ke-RSA-AES256-SHA
+SSL connection using ke-RSA-AES256-SHAnnn
Succeeded in starting TLS
>>> mail from:<CALLER@test.ex>
??? 250
git://git.exim.org / exim.git / commitdiff