exim.git
13 years agodoc-txt updates for the security changes
Phil Pennock [Wed, 15 Dec 2010 01:02:24 +0000 (20:02 -0500)]
doc-txt updates for the security changes

13 years agoImplement -D filtering, first pass.
Phil Pennock [Tue, 14 Dec 2010 08:42:36 +0000 (03:42 -0500)]
Implement -D filtering, first pass.

13 years agoDocument the change to system_filter_user's default.
Phil Pennock [Tue, 14 Dec 2010 07:17:32 +0000 (02:17 -0500)]
Document the change to system_filter_user's default.

13 years agoChange the default for system_filter_user.
Phil Pennock [Tue, 14 Dec 2010 05:30:30 +0000 (00:30 -0500)]
Change the default for system_filter_user.

If the system filter needs to be run as root, let that be explicitly
configured.  The default is now the Exim run-time user.

Document this, and a couple of other points, in IncompatibleChanges.

13 years agoAllow only absolute paths in TRUSTED_CONFIG_PREFIX_LIST, fix store leak
David Woodhouse [Sun, 12 Dec 2010 10:18:48 +0000 (10:18 +0000)]
Allow only absolute paths in TRUSTED_CONFIG_PREFIX_LIST, fix store leak

13 years agoSet FD_CLOEXEC on SMTP sockets after forking to handle the connection.
David Woodhouse [Sun, 12 Dec 2010 02:48:18 +0000 (02:48 +0000)]
Set FD_CLOEXEC on SMTP sockets after forking to handle the connection.

13 years agoAdd TRUSTED_CONFIG_PREFIX_FILE option
David Woodhouse [Sun, 12 Dec 2010 02:41:37 +0000 (02:41 +0000)]
Add TRUSTED_CONFIG_PREFIX_FILE option

(Bug 1044, CVE-2010-4345)

13 years agoRemove ALT_CONFIG_ROOT_ONLY build option, effectively making it always true.
David Woodhouse [Sat, 11 Dec 2010 23:39:54 +0000 (23:39 +0000)]
Remove ALT_CONFIG_ROOT_ONLY build option, effectively making it always true.

We *never* want the Exim user to be able to specify arbitrary configuration
files. Don't let them build it that way.

(Bug 1044, CVE-2010-4345)

13 years agoCheck configure file permissions even for non-default files if still privileged
David Woodhouse [Sat, 11 Dec 2010 14:09:17 +0000 (14:09 +0000)]
Check configure file permissions even for non-default files if still privileged

(Bug 1044, CVE-2010-4345)

13 years agoDon't allow a configure file which is writeable by the Exim user or group
David Woodhouse [Sat, 11 Dec 2010 13:44:55 +0000 (13:44 +0000)]
Don't allow a configure file which is writeable by the Exim user or group

(Bug 1044, CVE-2010-4345)

13 years agoAdd Valgrind hooks for memory pools
David Woodhouse [Thu, 9 Dec 2010 16:53:40 +0000 (16:53 +0000)]
Add Valgrind hooks for memory pools

It's useful to tell Valgrind when memory is undefined because it's been
freed by store_reset(), and when it's not supposed to be accessed because
although it's been allocated for the store it hasn't actually been given
out by store_get() yet.

14 years agoOpenSSL and XSL changes documented.
Phil Pennock [Sun, 5 Sep 2010 23:08:48 +0000 (19:08 -0400)]
OpenSSL and XSL changes documented.

Plus typo fixed.

14 years agoDocument the ClamAV ExtendedDetectionInfo response handling.
Phil Pennock [Sun, 5 Sep 2010 22:59:38 +0000 (18:59 -0400)]
Document the ClamAV ExtendedDetectionInfo response handling.

14 years agoOpenSSL 1.0.0 const fix for SSL_get_current_cipher
Phil Pennock [Sun, 11 Jul 2010 07:19:56 +0000 (00:19 -0700)]
OpenSSL 1.0.0 const fix for SSL_get_current_cipher

OpenSSL 1.0.0 changes SSL_get_current_cipher()'s return value to include
const.  It looks like a safe change for older OpenSSL, so treat it
appropriately and cast as needed.

14 years agoGuidance on contributing to Exim.
Phil Pennock [Wed, 7 Jul 2010 21:00:40 +0000 (14:00 -0700)]
Guidance on contributing to Exim.

14 years agoUse public http: URLs for XSL includes.
Phil Pennock [Tue, 6 Jul 2010 03:31:07 +0000 (20:31 -0700)]
Use public http: URLs for XSL includes.

Adjust OS-Fixups, document how this works in HowItWorks.txt

14 years agoRework clamd response handling to be more robust.
Phil Pennock [Sun, 5 Sep 2010 20:29:07 +0000 (16:29 -0400)]
Rework clamd response handling to be more robust.

In particular, clamd's ExtendedDetectionInfo option broke our parsing.

14 years agoMerge ssh://tahini.csx.cam.ac.uk/home/git/exim
John Jetmore [Tue, 20 Jul 2010 02:18:51 +0000 (21:18 -0500)]
Merge ssh://tahini.csx.cam.ac.uk/home/git/exim

14 years agoSomehow in learning how to use git I lost half the changes needed to fix the collisio...
John Jetmore [Tue, 20 Jul 2010 02:10:33 +0000 (21:10 -0500)]
Somehow in learning how to use git I lost half the changes needed to fix the collision between 0383.f and 0383.F on HFS+.  this is the second half of 04a45836676516936d791202928e249b711c03ee

14 years agoBugzilla #1006: Keep EHLO attributes in case STARTTLS errors are ignored
Tom Kistner [Mon, 19 Jul 2010 09:47:27 +0000 (11:47 +0200)]
Bugzilla #1006: Keep EHLO attributes in case STARTTLS errors are ignored

Applied patch submitted by Micha Lenk. Thanks!

14 years agoThe test architecture can't support having the testsuite user and the Exim user the...
John Jetmore [Sat, 17 Jul 2010 02:53:24 +0000 (22:53 -0400)]
The test architecture can't support having the testsuite user and the Exim user the same.  restrict it in runtest and add a note about it in the README

14 years agoChange to allow test 0383 to work on HFS+ (non-case-sensitive FS)
John Jetmore [Fri, 16 Jul 2010 02:20:58 +0000 (03:20 +0100)]
Change to allow test 0383 to work on HFS+ (non-case-sensitive FS)

14 years agoFix malware regression for cmdline scanner introduced in PP/08.
Phil Pennock [Sun, 4 Jul 2010 20:42:34 +0000 (13:42 -0700)]
Fix malware regression for cmdline scanner introduced in PP/08.
Notification from Dr Andrew Aitchison.

(Also: make the PP/08 description more complete)

14 years agoadded expansion tests for bool{} and bool_lax{}
John Jetmore [Mon, 14 Jun 2010 21:07:16 +0000 (21:07 +0000)]
added expansion tests for bool{} and bool_lax{}

14 years agoprint sizeof(off_t) in initial -bV output. Refuse to tun tests is sizeof(off_t)...
John Jetmore [Mon, 14 Jun 2010 20:30:12 +0000 (20:30 +0000)]
print sizeof(off_t) in initial -bV output.  Refuse to tun tests is sizeof(off_t) > 32.

14 years agoClarify that the ACL framework is not invoked for -bmalware, so that using
Phil Pennock [Mon, 14 Jun 2010 18:51:09 +0000 (18:51 +0000)]
Clarify that the ACL framework is not invoked for -bmalware, so that using
ACL variables in av_scanner blindly will not work.

14 years agoRemove logic branch which can use PRIdMAX for SIZE_T_FMT because it fails
Phil Pennock [Sun, 13 Jun 2010 08:26:40 +0000 (08:26 +0000)]
Remove logic branch which can use PRIdMAX for SIZE_T_FMT because it fails
when size_t is 32-bit but the system supports 64-bit integers.

14 years agoaccount for new information TLS log line added in tls-openssl.c 1.23
John Jetmore [Sat, 12 Jun 2010 18:10:00 +0000 (18:10 +0000)]
account for new information TLS log line added in tls-openssl.c 1.23

14 years agoremoved extraneous "\n" from the end of some log_write lines, removed "magic" string...
John Jetmore [Sat, 12 Jun 2010 17:56:32 +0000 (17:56 +0000)]
removed extraneous "\n" from the end of some log_write lines, removed "magic" string " => " from a non-delivery log line

14 years agoAdd tcp_wrappers_daemon_name (closes: bug #278)
John Jetmore [Sat, 12 Jun 2010 15:21:25 +0000 (15:21 +0000)]
Add tcp_wrappers_daemon_name (closes: bug #278)
(I honestly have no memory of writing this patch...)

14 years agoiaddressing bug 966 and my own concerns, stop sending non-panic error to panic log...
John Jetmore [Sat, 12 Jun 2010 13:54:38 +0000 (13:54 +0000)]
iaddressing bug 966 and my own concerns, stop sending non-panic error to panic log in dkim.c

14 years agoMinor doc updates:
Phil Pennock [Wed, 9 Jun 2010 01:30:16 +0000 (01:30 +0000)]
Minor doc updates:
 * -bmalware, note that not running as invoking user and emphasize that it's
   for debugging Exim, not for general scanning.
 * permit_codedump ?  coRedump.
 * Anon SSL lacking cert has been confirmed, fix works, remove the
   "(I believe)" (which also might have been inferred to mean I did the
   diagnosis; I didn't, I just convinced myself that Martin's analysis was
   correct).

14 years agoanother change related to Date/Message-Id order, just took me a while to realize...
John Jetmore [Tue, 8 Jun 2010 13:34:28 +0000 (13:34 +0000)]
another change related to Date/Message-Id order, just took me a while to realize how it was related.

14 years agolog/5101 - header order, plus new wording for appendfile to dir from MBX security...
John Jetmore [Tue, 8 Jun 2010 13:05:51 +0000 (13:05 +0000)]
log/5101 - header order, plus new wording for appendfile to dir from MBX security checks
stdout/0390 - allow for new option permit_coredump in output (from bug 834)

14 years agoRun when EXIM_USER=notroot specified.
Phil Pennock [Mon, 7 Jun 2010 18:25:57 +0000 (18:25 +0000)]
Run when EXIM_USER=notroot specified.

14 years agoFor the new SIZE_T_FMT, if not C99 then our size_t conversion specifier
Phil Pennock [Mon, 7 Jun 2010 18:09:07 +0000 (18:09 +0000)]
For the new SIZE_T_FMT, if not C99 then our size_t conversion specifier
should use PRIdMAX; this was disabled because I was testing the other logic
and forgot to restore before commit.  Bleh, sorry.
Add #if to protect against unused variable complaints for this too.

14 years agoBoth bool{} and bool_lax{} should ignore trailing whitespace.
Phil Pennock [Mon, 7 Jun 2010 08:42:15 +0000 (08:42 +0000)]
Both bool{} and bool_lax{} should ignore trailing whitespace.

14 years agoAdded bool_lax{} expansion operator, which uses Router condition logic to
Phil Pennock [Mon, 7 Jun 2010 08:23:20 +0000 (08:23 +0000)]
Added bool_lax{} expansion operator, which uses Router condition logic to
determine whether or not a string is true.
Switch the multiple-condition logic to use bool_lax{}.
Add note where we combine multiple conditions regarding the memory leak.

14 years agoAllow Routers to have multiple conditions, IF each one yields a strict bool.
Phil Pennock [Mon, 7 Jun 2010 07:09:10 +0000 (07:09 +0000)]
Allow Routers to have multiple conditions, IF each one yields a strict bool.
Fixes: #816
14 years agoClean up compiler warnings from { gcc -Wall }, many of which I introduced with
Phil Pennock [Mon, 7 Jun 2010 00:12:42 +0000 (00:12 +0000)]
Clean up compiler warnings from { gcc -Wall }, many of which I introduced with
the ClamAV and openssl_options patches in this release.

Logic in buildconfig.c for adjusting some print format strings assumed that
long ints were four bytes; adjust to test this against reality, to remove
spurious warnings on my dev box (FreeBSD/amd64).

Note: this commit adds a buildconfig.h dependency upon inttypes.h, which was in
SUSv2, so should be safe.

14 years agoBuild without WITH_CONTENT_SCAN.
Phil Pennock [Sun, 6 Jun 2010 22:46:33 +0000 (22:46 +0000)]
Build without WITH_CONTENT_SCAN.
Broken by -bmalware option added while reworking ClamAV to new API.
Path from Andreas Metzler (adjusted slightly).

14 years agoNo longer permit the exim user to be root. Fixes: #752
Phil Pennock [Sun, 6 Jun 2010 02:46:13 +0000 (02:46 +0000)]
No longer permit the exim user to be root.  Fixes: #752

14 years agoImplement --version. Fixes: #973
Phil Pennock [Sun, 6 Jun 2010 02:08:50 +0000 (02:08 +0000)]
Implement --version.  Fixes: #973

14 years agoLight documentation dusting from patch provided by John Horne.
Phil Pennock [Sun, 6 Jun 2010 01:35:41 +0000 (01:35 +0000)]
Light documentation dusting from patch provided by John Horne.
Fixes: #922
14 years agoImplement "control = debug" ACL control. Fixes: #937
Phil Pennock [Sun, 6 Jun 2010 00:25:46 +0000 (00:25 +0000)]
Implement "control = debug" ACL control.  Fixes: #937

14 years agoNew expansion operator: reverse_ip
Phil Pennock [Sat, 5 Jun 2010 23:50:18 +0000 (23:50 +0000)]
New expansion operator: reverse_ip

14 years agoUpdate OptionLists. (Claim for 4.72 because 4.73 not yet complete and don't
Phil Pennock [Sat, 5 Jun 2010 21:42:53 +0000 (21:42 +0000)]
Update OptionLists.  (Claim for 4.72 because 4.73 not yet complete and don't
want to claim have *more* than we do, but okay to make a lesser claim).

Typo fix in RFC reference in spec.xfpt.

14 years agoClamAV INSTREAM scanning by default, unless built with WITH_OLD_CLAMAV_STREAM.
Phil Pennock [Sat, 5 Jun 2010 11:13:29 +0000 (11:13 +0000)]
ClamAV INSTREAM scanning by default, unless built with WITH_OLD_CLAMAV_STREAM.
New command-line option, -bmalware (restricted to admin_user).
Fixes: #926
14 years agoDeal with anonymous SSL giving us no peer certificate.
Phil Pennock [Sat, 5 Jun 2010 10:34:29 +0000 (10:34 +0000)]
Deal with anonymous SSL giving us no peer certificate.

14 years agoHandle SASL Initial Response.
Phil Pennock [Sat, 5 Jun 2010 10:16:36 +0000 (10:16 +0000)]
Handle SASL Initial Response.
See discussion at:
  http://lists.exim.org/lurker/message/20090125.014515.3746c882.en.html
and the code is "correct by inspection", for whatever that's worth.

14 years agoAdd permit_coredump pipe transport option. Fixes: #834
Phil Pennock [Sat, 5 Jun 2010 10:04:43 +0000 (10:04 +0000)]
Add permit_coredump pipe transport option.  Fixes: #834

14 years agoDoh, fix the error message to say SSL_read not SSL_write.
Phil Pennock [Sat, 5 Jun 2010 09:36:11 +0000 (09:36 +0000)]
Doh, fix the error message to say SSL_read not SSL_write.

14 years agoLog a diagnostic when an SSL write fails, to help admins debug SSL interop issues.
Phil Pennock [Sat, 5 Jun 2010 09:32:31 +0000 (09:32 +0000)]
Log a diagnostic when an SSL write fails, to help admins debug SSL interop issues.
Fixes: #995
14 years agoAdd an openssl_options main configuration option, to allow administrators to
Phil Pennock [Sat, 5 Jun 2010 09:10:08 +0000 (09:10 +0000)]
Add an openssl_options main configuration option, to allow administrators to
shoot themselves in each foot in turn.  The default value is chosen to avoid
a change in behaviour, but since it is disabling a security countermeasure,
I'd like to change the default to be "no options".  Fixes: #994

14 years agotwo more header order changes
John Jetmore [Sat, 5 Jun 2010 03:08:01 +0000 (03:08 +0000)]
two more header order changes

14 years agofix output for SSL logging format change
John Jetmore [Sat, 5 Jun 2010 02:45:01 +0000 (02:45 +0000)]
fix output for SSL logging format change

14 years agomunge caller's GECOS in output to make more portable across test accounts
John Jetmore [Sat, 5 Jun 2010 02:25:16 +0000 (02:25 +0000)]
munge caller's GECOS in output to make more portable across test accounts

14 years agoruntest - trim trailing whitespace from otherwise un-rewritten host lines in munge...
John Jetmore [Sat, 5 Jun 2010 01:58:39 +0000 (01:58 +0000)]
runtest - trim trailing whitespace from otherwise un-rewritten host lines in munge function
0190, 0244, 0297, 0350, 0430 - standardize trailing whitespace
0403 - lingering header order fix, fix change in lookup type encoding after dkim lookup type removal

14 years agoWith a few minor exceptions for tests that had additional concerns and tests I don...
John Jetmore [Fri, 4 Jun 2010 18:20:51 +0000 (18:20 +0000)]
With a few minor exceptions for tests that had additional concerns and tests I don't have working in my environment yet, this should be the last of the header-order-related changes

14 years agoupdating test suite - rolling back incomplete fix for header order change (header...
John Jetmore [Thu, 3 Jun 2010 17:24:39 +0000 (17:24 +0000)]
updating test suite - rolling back incomplete fix for header order change (header order changed back to old behavior)

14 years agoAdded DISABLE_DKIM option to EDITME, leaving some breadcrumbs about it being turned...
John Jetmore [Thu, 3 Jun 2010 15:20:41 +0000 (15:20 +0000)]
Added DISABLE_DKIM option to EDITME, leaving some breadcrumbs about it being turned on by default

14 years agoAdded some release maintenance stuff
Nigel Metheringham [Thu, 3 Jun 2010 12:00:38 +0000 (12:00 +0000)]
Added some release maintenance stuff

14 years agoInclude check_rfc2047_length in configure.default to raise the visibility
Phil Pennock [Thu, 3 Jun 2010 08:19:13 +0000 (08:19 +0000)]
Include check_rfc2047_length in configure.default to raise the visibility
because we're seeing more Russian administrators get bitten by this.

Idealism says this option is set correctly by default.  Pragmatism says not.
There's a good argument for the idealism but if we see the problems escalate
then the idealism will have lost and we should, IMO, switch.

14 years agoDocument Date/Message-Id/Resent-* as first 4.73 patch.
Phil Pennock [Thu, 3 Jun 2010 05:43:24 +0000 (05:43 +0000)]
Document Date/Message-Id/Resent-* as first 4.73 patch.

14 years agoThe Date: and Message-Id: headers should normally be *appended* to a message,
Phil Pennock [Thu, 3 Jun 2010 05:40:27 +0000 (05:40 +0000)]
The Date: and Message-Id: headers should normally be *appended* to a message,
and only *prepended* when are Resent-* headers.  Regression was introduced
with the prepend logic in Exim 4.70, for bug #607.

14 years agoupdates to test suite - roll back lookup changes after dkim lookup removed, strip... exim-4_72
John Jetmore [Thu, 3 Jun 2010 02:42:19 +0000 (02:42 +0000)]
updates to test suite - roll back lookup changes after dkim lookup removed, strip OpenSSL version info

14 years agoMy understanding of the new dnsdb txt lookup syntax was flawed.
Phil Pennock [Tue, 1 Jun 2010 11:21:30 +0000 (11:21 +0000)]
My understanding of the new dnsdb txt lookup syntax was flawed.
Fixed the description and the last example.

14 years agoProvide a NewStuff description for 4.72.
Phil Pennock [Tue, 1 Jun 2010 11:13:54 +0000 (11:13 +0000)]
Provide a NewStuff description for 4.72.
Don't blame Dan Rosenberg for the incomplete hack I applied to the MBX case.

14 years agoRevert previous incorrect change to XSL files. exim-4_72_RC2
Nigel Metheringham [Sun, 30 May 2010 18:16:12 +0000 (18:16 +0000)]
Revert previous incorrect change to XSL files.

14 years agoAdded changelog entry for MBX fix
Nigel Metheringham [Sun, 30 May 2010 18:01:48 +0000 (18:01 +0000)]
Added changelog entry for MBX fix

14 years agoFix documentation version numbers
Nigel Metheringham [Sat, 29 May 2010 19:26:31 +0000 (19:26 +0000)]
Fix documentation version numbers

14 years agoDKIM DNS TXT record bug fix. Fixes: #967
Nigel Metheringham [Sat, 29 May 2010 19:23:25 +0000 (19:23 +0000)]
DKIM DNS TXT record bug fix.  Fixes: #967

14 years agoNull initialise DKIM variable. Fixes: #986
Nigel Metheringham [Sat, 29 May 2010 19:16:50 +0000 (19:16 +0000)]
Null initialise DKIM variable.  Fixes: #986

14 years agoNull terminate pdkim string. Fixes: #985
Nigel Metheringham [Sat, 29 May 2010 19:14:06 +0000 (19:14 +0000)]
Null terminate pdkim string.  Fixes: #985

14 years agoStripped excess debug newline yet again...
Nigel Metheringham [Sat, 29 May 2010 18:59:18 +0000 (18:59 +0000)]
Stripped excess debug newline yet again...

14 years agoAdded previously missed changelog entries
Nigel Metheringham [Sat, 29 May 2010 17:09:09 +0000 (17:09 +0000)]
Added previously missed changelog entries

14 years agoProtect against symlink attacks on MBX lockfile in /tmp as best we can:
Phil Pennock [Sat, 29 May 2010 12:11:48 +0000 (12:11 +0000)]
Protect against symlink attacks on MBX lockfile in /tmp as best we can:
 * if system supports O_NOFOLLOW, use it, protection complete
 * else detect the attack "too late" and abort, where at worst an empty file
   has been created as the attacked user
Our hands are tied by not changing the locking algorithm.

fixes: bug #989

14 years agoUpdates to make doc build on tahini exim-4_72_RC1
Nigel Metheringham [Fri, 28 May 2010 15:38:18 +0000 (15:38 +0000)]
Updates to make doc build on tahini

14 years agoPrevent hardlink attack on mbox sticky mail directory. fixes: bug #988
Nigel Metheringham [Wed, 26 May 2010 12:26:00 +0000 (12:26 +0000)]
Prevent hardlink attack on mbox sticky mail directory. fixes: bug #988

14 years agoJJ/03 installed exipick 20100323.0, fixing doc bug (debian 574778)
John Jetmore [Tue, 23 Mar 2010 14:06:48 +0000 (14:06 +0000)]
JJ/03 installed exipick 20100323.0, fixing doc bug (debian 574778)

14 years agoAdded umask to procmail example Fixes: #671
Nigel Metheringham [Fri, 5 Mar 2010 16:28:04 +0000 (16:28 +0000)]
Added umask to procmail example  Fixes: #671

14 years agoFix for unknown responses from Dovecot authenticator. Fixes: #954
Nigel Metheringham [Fri, 5 Mar 2010 16:26:46 +0000 (16:26 +0000)]
Fix for unknown responses from Dovecot authenticator.  Fixes: #954

14 years agoFix for unknown responses from Dovecot authenticator. Fixes: #954
Nigel Metheringham [Fri, 5 Mar 2010 16:11:11 +0000 (16:11 +0000)]
Fix for unknown responses from Dovecot authenticator.  Fixes: #954

14 years agoDocumentation fix for max_rcpts. Fixes: #955
Nigel Metheringham [Fri, 5 Mar 2010 16:08:14 +0000 (16:08 +0000)]
Documentation fix for max_rcpts.  Fixes: #955

14 years agoSpacing change on Makefile directives (syntax fix). Fixes: #961
Nigel Metheringham [Fri, 5 Mar 2010 16:03:59 +0000 (16:03 +0000)]
Spacing change on Makefile directives (syntax fix).  Fixes: #961

14 years agoSpacing change on Makefile directives (syntax fix). Fixes: #961
Nigel Metheringham [Fri, 5 Mar 2010 16:03:59 +0000 (16:03 +0000)]
Spacing change on Makefile directives (syntax fix).  Fixes: #961

14 years agoSupport mysql stored procedures. Fixes: #965
Nigel Metheringham [Fri, 5 Mar 2010 15:59:29 +0000 (15:59 +0000)]
Support mysql stored procedures.  Fixes: #965

14 years agoAdding exipick 20100222.0, --input-dir and --finput
John Jetmore [Tue, 23 Feb 2010 03:01:55 +0000 (03:01 +0000)]
Adding exipick 20100222.0, --input-dir and --finput

14 years agoBug fix for yesterday's change, which worked in a production system
Michael Haardt [Fri, 19 Feb 2010 10:30:13 +0000 (10:30 +0000)]
Bug fix for yesterday's change, which worked in a production system
for quite some time and broke right after comitting it to CVS.

14 years agoTreat the transport option dkim_domain as a colon separated list, not
Michael Haardt [Thu, 18 Feb 2010 12:09:15 +0000 (12:09 +0000)]
Treat the transport option dkim_domain as a colon separated list, not
as a single string, and sign the message with each element, omitting
multiple occurences of the same signer.

The transport option dkim_domain should be renamed to dkim_add_signers.
The values of dkim_selector and dkim_private_key are expanded for
each signer available in $dkim_domain.  It is unclear if signatures
for domains that already signed the mail should be omitted and if we
need a new variable for signatures to omit or if it could be hardcoded,
but this question is independent of this patch.

14 years agoReset environment for 4.72 development
Nigel Metheringham [Mon, 4 Jan 2010 19:35:49 +0000 (19:35 +0000)]
Reset environment for 4.72 development

14 years agoUpdating exipick from 20061117.2 to 20100104.1, adding $max_received_linelength,...
John Jetmore [Mon, 4 Jan 2010 18:16:54 +0000 (18:16 +0000)]
Updating exipick from 20061117.2 to 20100104.1, adding $max_received_linelength, $data_path, and $header_path variables; fixing documentation bugs and typos

14 years agoImprove log output when DKIM signing operation fails.
Tom Kistner [Tue, 15 Dec 2009 08:23:15 +0000 (08:23 +0000)]
Improve log output when DKIM signing operation fails.

14 years agoPDKIM: Upgrade PolarSSL files to upstream version 0.12.1. Thanks to Andreas Metzler...
Tom Kistner [Mon, 7 Dec 2009 13:05:07 +0000 (13:05 +0000)]
PDKIM: Upgrade PolarSSL files to upstream version 0.12.1. Thanks to Andreas Metzler for doing the work!

14 years agoEnsure version numbers all updated exim-4_71
Nigel Metheringham [Mon, 23 Nov 2009 13:22:05 +0000 (13:22 +0000)]
Ensure version numbers all updated

14 years agoCorrect header sorting for testsuite. Required manual patching, so maybe errors...
Nigel Metheringham [Mon, 23 Nov 2009 13:04:49 +0000 (13:04 +0000)]
Correct header sorting for testsuite.  Required manual patching, so maybe errors.  Fixes: #919

14 years agofix for running testsuite with non-ancient gnutls. Fixes: #918
Nigel Metheringham [Mon, 23 Nov 2009 12:47:11 +0000 (12:47 +0000)]
fix for running testsuite with non-ancient gnutls.  Fixes: #918

14 years agoRecommitted change to remove excess newline from debug output
Nigel Metheringham [Mon, 23 Nov 2009 12:34:51 +0000 (12:34 +0000)]
Recommitted change to remove excess newline from debug output

14 years agoChangelog corrections. Fixes: #920, #921
Nigel Metheringham [Mon, 23 Nov 2009 12:27:52 +0000 (12:27 +0000)]
Changelog corrections.  Fixes: #920, #921

14 years agoDKIM: fix wrong "pass" result on bodyhash mismatch
Tom Kistner [Mon, 23 Nov 2009 08:34:05 +0000 (08:34 +0000)]
DKIM: fix wrong "pass" result on bodyhash mismatch