Jeremy Harris [Thu, 4 Jun 2015 19:28:25 +0000 (20:28 +0100)]
TLS authenticator
Jeremy Harris [Sun, 31 May 2015 22:04:01 +0000 (23:04 +0100)]
refactor build script
Phil Pennock [Fri, 29 May 2015 19:52:50 +0000 (15:52 -0400)]
Adjust my maintainership status to reflect reality
Phil Pennock [Fri, 29 May 2015 19:46:47 +0000 (15:46 -0400)]
OpenSSL: guard X509_check_host against LibreSSL
LibreSSL's fork does not have this new function; as well as adding a
`LIBRESSL_VERSION_NUMBER` value, that project bumped the OpenSSL version
number in such a way as to conflict with our existing version checks.
* Add a guard.
* Add commentary, suggesting how to avoid getting into twistier knots
with API divergence.
Reported by Jasper Wallace, who provided a slightly different patch.
Fixes bug 1635
Heiko Schlittermann (HS12) [Wed, 27 May 2015 21:41:35 +0000 (23:41 +0200)]
Testsuite: Add $USER to env if missing
Andreas Metzler [Wed, 27 May 2015 12:05:03 +0000 (13:05 +0100)]
Expand docs re. logs dir, and make eximon logs dir match exim's. Bug 1324
Jeremy Harris [Wed, 27 May 2015 11:41:08 +0000 (12:41 +0100)]
Note MAIL commands in -bS batch, to avoid smtp_no_mail logline. Bug 1346
Heiko Schlittermann (HS12) [Tue, 26 May 2015 20:44:23 +0000 (22:44 +0200)]
Fix some typos in EDITME
Phil Pennock [Tue, 26 May 2015 09:48:46 +0000 (10:48 +0100)]
TLS: Enable ECDHE on OpenSSL, just the NIST P-256 curve. Bug 1397
Original by Phil Pennock; tweaked by JH.
Jeremy Harris [Sat, 23 May 2015 20:48:26 +0000 (21:48 +0100)]
New ${env {NAME}} expansion. Bug 1604
Jeremy Harris [Sat, 23 May 2015 17:07:58 +0000 (18:07 +0100)]
Testsuite: move test.again.dns and test.fail.dns handling to fakens
Jeremy Harris [Sat, 23 May 2015 16:45:48 +0000 (17:45 +0100)]
tidying
Jeremy Harris [Fri, 22 May 2015 17:32:04 +0000 (18:32 +0100)]
DANE: do not fail/defer message due to TLSA lookup but dane is only requested
Jeremy Harris [Thu, 21 May 2015 22:22:16 +0000 (23:22 +0100)]
Fix DANE for multiple-MX when all TLSA lookup defer. Bug 1634
Heiko Schlittermann (HS12) [Wed, 20 May 2015 21:08:21 +0000 (23:08 +0200)]
Testsuite: Check debug message if we requested AD but got AA
Heiko Schlittermann (HS12) [Wed, 20 May 2015 21:07:33 +0000 (23:07 +0200)]
Testsuite: Add support for authoritive answer to fakens
Heiko Schlittermann (HS12) [Wed, 13 May 2015 21:50:23 +0000 (23:50 +0200)]
Add DNS debug aid if we requested AD but got AA
If the resolver we ask is authoritive (AA) for some domain,
we never ever get the AD (authentic data) bit in the answer.
Heiko Schlittermann (HS12) [Wed, 13 May 2015 21:50:23 +0000 (23:50 +0200)]
Add DNS debug aid if we requsted AD but got AA
If the resolver we ask is authoritive (AA) for some domain,
we never ever get the AD (authentic data) bit in the answer.
Jeremy Harris [Tue, 19 May 2015 19:28:42 +0000 (20:28 +0100)]
Change HELO-verify forward case from byname to bydns and add DNSSEC tracking
Jeremy Harris [Tue, 19 May 2015 21:32:38 +0000 (22:32 +0100)]
Change host_lookup re-forward from byname to bydns; checking DNSSEC
Jeremy Harris [Sun, 17 May 2015 20:57:46 +0000 (21:57 +0100)]
struct dnssec_domains
Jeremy Harris [Tue, 19 May 2015 16:41:35 +0000 (17:41 +0100)]
Testsuite: avoid tryng to run in net 10.
Heiko Schlittermann (HS12) [Mon, 18 May 2015 21:40:27 +0000 (23:40 +0200)]
Testsuite: Add ad= to even more outputs
Heiko Schlittermann (HS12) [Mon, 18 May 2015 14:32:58 +0000 (16:32 +0200)]
Show the DNSSEC status (ad=) always in -bt/-bv output
Jeremy Harris [Mon, 18 May 2015 14:18:53 +0000 (15:18 +0100)]
Fix truncated dns-lookup return record handling
Jeremy Harris [Mon, 18 May 2015 13:05:27 +0000 (14:05 +0100)]
Testsuite: move manyhome.test,ex handling from exim to fakens
Jeremy Harris [Sun, 17 May 2015 17:08:53 +0000 (18:08 +0100)]
Remove word "rejected" from ACL-discard log lines. Bug 1632
Heiko Schlittermann (HS12) [Sat, 16 May 2015 20:24:38 +0000 (22:24 +0200)]
Testsuite: Munge the output to fit the ad=… lines
Jeremy Harris [Sat, 16 May 2015 16:47:53 +0000 (17:47 +0100)]
tidying
Jeremy Harris [Fri, 15 May 2015 10:01:31 +0000 (11:01 +0100)]
Callout: additional debug on cache operations
Heiko Schlittermann (HS12) [Thu, 14 May 2015 22:56:21 +0000 (00:56 +0200)]
Testsuite: reverted: Output of path to fakens
This partially reverts
5f3d09836.
Jeremy Harris [Thu, 14 May 2015 19:57:44 +0000 (20:57 +0100)]
Testsuite: missing output file
Heiko Schlittermann (HS12) [Wed, 13 May 2015 06:59:31 +0000 (08:59 +0200)]
Testsuite: Check dnssec_{request,require}_domains for dnslookup
Heiko Schlittermann (HS12) [Tue, 12 May 2015 20:01:08 +0000 (22:01 +0200)]
Testsuite: locate fakens relative to the config_main_directory
This makes the test configs more intuitive, because the
spool_directory=SPOOL/spool does not need to be there anymore,
except we really need a spool directory.
Heiko Schlittermann (HS12) [Mon, 11 May 2015 20:15:32 +0000 (22:15 +0200)]
Output dnssec status in -bt/-bv mode
Currently this feature is enabled only if running_in_test_harness,
because I don't want to break anything else.
Heiko Schlittermann (HS12) [Mon, 11 May 2015 20:14:31 +0000 (22:14 +0200)]
Diagnostic debug message if fakens is not found
Jeremy Harris [Sun, 10 May 2015 22:13:41 +0000 (23:13 +0100)]
Do not use the A lookup following an AAAA for setting the FQDN. Bug 1588
Normally benign, it bites when the pair was led to by a CNAME;
modern usage is to not canoicalize the domain to a cname target
(and we were inconsistent anyway for A-only vs AAAA+A).
Heiko Schlittermann (HS12) [Sun, 10 May 2015 21:30:25 +0000 (23:30 +0200)]
Docs: Fix a single letter typo
Heiko Schlittermann (HS12) [Sun, 10 May 2015 20:48:28 +0000 (22:48 +0200)]
Override DISABLE_DNSSEC when EXPERIMENTAL_DANE is in use
Heiko Schlittermann (HS12) [Sun, 10 May 2015 20:47:59 +0000 (22:47 +0200)]
Add feature tag for DNSSEC
Heiko Schlittermann (HS12) [Sun, 10 May 2015 14:01:44 +0000 (16:01 +0200)]
Docs: Make build unicode resistant
Force LC_ALL=C for spec.txt. Add an additional build target:
spec.utf8.
Jeremy Harris [Sat, 9 May 2015 18:21:15 +0000 (19:21 +0100)]
Support SOA lookup in dnsdb lookups. Bug 286
Jeremy Harris [Sat, 9 May 2015 16:05:49 +0000 (17:05 +0100)]
Add retrans/retry options to dnsdb lookup. Bug 1539
Jeremy Harris [Fri, 8 May 2015 11:10:57 +0000 (12:10 +0100)]
Testsuite: fix build on older Linuxen
Jeremy Harris [Thu, 7 May 2015 20:36:22 +0000 (21:36 +0100)]
Log lengthy DNS lookups. Bug 514
Original by <derrick.rice@gmail.com>, massaged by JH
Heiko Schlittermann (HS12) [Wed, 6 May 2015 21:16:59 +0000 (23:16 +0200)]
Testsuite: Fix the [U]pdate for new testcases
Jeremy Harris [Tue, 5 May 2015 21:50:56 +0000 (22:50 +0100)]
Log reason for defer, on a hostlist dns-lookup temporary error. Bug 1328
Jeremy Harris [Tue, 5 May 2015 20:24:17 +0000 (21:24 +0100)]
Testsuite: fix testcase sequencing
Broken-by: f41e05066084
Replaces:
0368847fd98d
Jeremy Harris [Mon, 4 May 2015 16:02:27 +0000 (17:02 +0100)]
I18N: new ${imapfolder_<sep>:<string>} expansion item. Bug 420
Jeremy Harris [Mon, 4 May 2015 22:38:46 +0000 (23:38 +0100)]
Testsuite: Patch for lost server -> exim interlock
This is an interim workaround.
Broken-by: f41e05066084
Jeremy Harris [Mon, 4 May 2015 21:26:27 +0000 (22:26 +0100)]
Testsuite: fix scripts for daemon interlock
Broken-by: f41e05066084
Jeremy Harris [Sun, 3 May 2015 15:15:15 +0000 (16:15 +0100)]
Testsuite: allow long server startup delay after big file write
Needed for running on an SD-card filesystem
Jeremy Harris [Sun, 3 May 2015 13:17:19 +0000 (14:17 +0100)]
Testsuite: interlock daemon startup with testcase run
Required for running on an SD card filesystem, which is subject
to obscene delays (possibly flash background processing).
Heiko Schlittermann (HS12) [Sun, 26 Apr 2015 21:20:29 +0000 (23:20 +0200)]
exigrep: fallback to $PATH if zcat is missing. BUG 1575
Jeremy Harris [Sun, 26 Apr 2015 17:31:14 +0000 (18:31 +0100)]
Invert default for iconv() 2nd arg type, to match SUSv3. Bug 1161
Probably most of the lesser-used builds are already broken;
this won't fix them
Jeremy Harris [Sun, 26 Apr 2015 15:25:11 +0000 (16:25 +0100)]
MIME: recode 2231-to-2047 safely. Bug 466
The original expansion was vulnerable to odd filenames.
Jeremy Harris [Sat, 25 Apr 2015 23:05:08 +0000 (00:05 +0100)]
MIME: Support RFC2231 for filenames. Bug 466
Patch originally from Alexander Shikoff, heavily reworked by JH.
Heiko Schlittermann (HS12) [Thu, 9 Apr 2015 15:30:58 +0000 (17:30 +0200)]
Make dnssec_request_domains/dnssec_require_domains generic
Not only the dnslookup router should use DNSSEC for lookups. The
manualroute and even queryprogram router may just generate a host list.
The names then need to be resolved, optionally via DNSSEC.
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:10:15 +0000 (23:10 +0200)]
Testsuite: add hint about usernames
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:15:03 +0000 (23:15 +0200)]
Testsuite: add more help about options to client.c
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:27:22 +0000 (23:27 +0200)]
Testsuite: add support for -FLAVOUR option
This feature allows to save test results as as a "flavo(u)r".
E.g. Debian/8 uses special lib-OpenSSL settings. This results
in less verbose output of some SSL related tests.
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:28:26 +0000 (23:28 +0200)]
Testsuite: add support for relative name of exim
The runtest script converts a relative name of the binary to an
absolute name. This is mainly a comfort feature.
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:29:33 +0000 (23:29 +0200)]
Testsuite: check the TRUSTED_CONFIG_LIST content
The testsuite relies on trusted configs. Exim needs to be compiled with
the TRUSTED_CONFIG_LIST option. The file mentioned in the
TRUSTED_CONFIG_LIST needs to meet several conditions.
Heiko Schlittermann (HS12) [Tue, 7 Apr 2015 19:44:00 +0000 (21:44 +0200)]
Testsuite: Auto-detect missing sbin directories
The runtest script maps bin directories to
matching sbin directories, if they are not already included
in the $PATH. This is mainly a comfort feature to find
ifconfig on some systems automatically.
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:18:41 +0000 (23:18 +0200)]
Testsuite: unify the fs dependend error messages
Heiko Schlittermann (HS12) [Sat, 25 Apr 2015 16:43:27 +0000 (18:43 +0200)]
Testsuite: wait for queue runner finish (more)
Heiko Schlittermann (HS12) [Fri, 24 Apr 2015 22:42:16 +0000 (00:42 +0200)]
Testsuite: wait for queue runner finish
Jasen Betts [Fri, 24 Apr 2015 16:32:32 +0000 (17:32 +0100)]
DKIM: Wrap signature header (more) in line with RFC 5322 and RFC 4871
Jeremy Harris [Fri, 24 Apr 2015 15:29:15 +0000 (17:29 +0200)]
Testsuite: Fix check_dir_size() fs dependencies
Jeremy Harris [Wed, 22 Apr 2015 19:26:56 +0000 (20:26 +0100)]
UTF8: Cert namechecks always use a-label
Jeremy Harris [Wed, 22 Apr 2015 12:31:47 +0000 (13:31 +0100)]
UTF8: docs update. Bug 1516
Jeremy Harris [Tue, 21 Apr 2015 22:59:07 +0000 (23:59 +0100)]
UTF8: mua_wrapper
Jeremy Harris [Tue, 21 Apr 2015 21:40:43 +0000 (22:40 +0100)]
UTF8: MSA callouts
Jeremy Harris [Mon, 20 Apr 2015 15:48:36 +0000 (16:48 +0100)]
UTF8: MSA downconversions
Jeremy Harris [Sun, 19 Apr 2015 20:44:45 +0000 (21:44 +0100)]
Testsuite: be more tolerant of slow filesystem
Jeremy Harris [Sun, 19 Apr 2015 19:24:49 +0000 (20:24 +0100)]
UTF8: GnuTLS testcase outputs
Jeremy Harris [Sun, 19 Apr 2015 18:13:58 +0000 (19:13 +0100)]
Testsuite: fix content-scanner interface tests
Jeremy Harris [Sat, 18 Apr 2015 18:12:19 +0000 (19:12 +0100)]
Fix signedness bug in SPA authenticator
Jeremy Harris [Sat, 18 Apr 2015 17:03:51 +0000 (18:03 +0100)]
Testsuite: split out tests requiring IPv6
Jeremy Harris [Sat, 18 Apr 2015 14:48:58 +0000 (15:48 +0100)]
UTF8: Avoid treating a punycoded dns lookup as an implicit redirection
Heiko Schlittermann (HS12) [Mon, 13 Apr 2015 21:40:58 +0000 (22:40 +0100)]
Fix more build dependencies
Jeremy Harris [Mon, 13 Apr 2015 21:00:40 +0000 (22:00 +0100)]
UTF8: split up testcases
Heiko Schlittermann (HS12) [Thu, 9 Apr 2015 19:49:47 +0000 (21:49 +0200)]
Stabilize test 3000 - Perl hash
A Perl hash in scalar context returns a true value. Nothing else.
Currently it's information about the internal storage, something like
n/m, used buckets/allocated buckets. But this seems to change from run
to run between 1/8 and 2/8.
Heiko Schlittermann [Mon, 13 Apr 2015 14:55:04 +0000 (15:55 +0100)]
Fix build dependency. Bug 1611
Jeremy Harris [Mon, 13 Apr 2015 08:35:54 +0000 (09:35 +0100)]
Fix with-TLS non-International build
Jeremy Harris [Mon, 13 Apr 2015 07:36:38 +0000 (08:36 +0100)]
Do not build International by default
Jeremy Harris [Sun, 12 Apr 2015 23:18:54 +0000 (00:18 +0100)]
Merge branch 'SMTPUTF8_1516'. Bug 1516
This adds limited support for the ESMTP option SMTPUTF8
under the EXPERIMENTAL_INTERNATIONAL compile define
Jeremy Harris [Sun, 12 Apr 2015 23:15:51 +0000 (00:15 +0100)]
tidying
Jeremy Harris [Sun, 12 Apr 2015 21:54:36 +0000 (22:54 +0100)]
non-smtp input
Jeremy Harris [Sun, 12 Apr 2015 17:47:03 +0000 (18:47 +0100)]
client helo
Jeremy Harris [Sun, 12 Apr 2015 14:18:51 +0000 (15:18 +0100)]
tls
Jeremy Harris [Sat, 11 Apr 2015 17:08:18 +0000 (18:08 +0100)]
DNS lookups never use UTF-8
Jeremy Harris [Sat, 11 Apr 2015 16:40:37 +0000 (17:40 +0100)]
Permit underbar in dns name component; needed for srv, csa, dane...
Jeremy Harris [Sat, 11 Apr 2015 15:06:56 +0000 (16:06 +0100)]
forwarding
Jeremy Harris [Sat, 11 Apr 2015 14:33:17 +0000 (15:33 +0100)]
Rename substructure for ease of debugging
Jeremy Harris [Thu, 9 Apr 2015 21:15:53 +0000 (22:15 +0100)]
sender verify callout
Jeremy Harris [Thu, 9 Apr 2015 20:25:45 +0000 (21:25 +0100)]
utf8 recipient
Jeremy Harris [Wed, 8 Apr 2015 20:33:51 +0000 (21:33 +0100)]
recipient verify callout
Jeremy Harris [Tue, 7 Apr 2015 21:15:43 +0000 (22:15 +0100)]
bounce message
Jeremy Harris [Mon, 6 Apr 2015 13:07:31 +0000 (14:07 +0100)]
smtp output, no remote support