exim.git
9 years agoTLS authenticator
Jeremy Harris [Thu, 4 Jun 2015 19:28:25 +0000 (20:28 +0100)]
TLS authenticator

9 years agorefactor build script
Jeremy Harris [Sun, 31 May 2015 22:04:01 +0000 (23:04 +0100)]
refactor build script

9 years agoAdjust my maintainership status to reflect reality
Phil Pennock [Fri, 29 May 2015 19:52:50 +0000 (15:52 -0400)]
Adjust my maintainership status to reflect reality

9 years agoOpenSSL: guard X509_check_host against LibreSSL
Phil Pennock [Fri, 29 May 2015 19:46:47 +0000 (15:46 -0400)]
OpenSSL: guard X509_check_host against LibreSSL

LibreSSL's fork does not have this new function; as well as adding a
`LIBRESSL_VERSION_NUMBER` value, that project bumped the OpenSSL version
number in such a way as to conflict with our existing version checks.

* Add a guard.
* Add commentary, suggesting how to avoid getting into twistier knots
  with API divergence.

Reported by Jasper Wallace, who provided a slightly different patch.

Fixes bug 1635

9 years agoTestsuite: Add $USER to env if missing
Heiko Schlittermann (HS12) [Wed, 27 May 2015 21:41:35 +0000 (23:41 +0200)]
Testsuite: Add $USER to env if missing

9 years agoExpand docs re. logs dir, and make eximon logs dir match exim's. Bug 1324
Andreas Metzler [Wed, 27 May 2015 12:05:03 +0000 (13:05 +0100)]
Expand docs re. logs dir, and make eximon logs dir match exim's.  Bug 1324

9 years agoNote MAIL commands in -bS batch, to avoid smtp_no_mail logline. Bug 1346
Jeremy Harris [Wed, 27 May 2015 11:41:08 +0000 (12:41 +0100)]
Note MAIL commands in -bS batch, to avoid smtp_no_mail logline.  Bug 1346

9 years agoFix some typos in EDITME
Heiko Schlittermann (HS12) [Tue, 26 May 2015 20:44:23 +0000 (22:44 +0200)]
Fix some typos in EDITME

9 years agoTLS: Enable ECDHE on OpenSSL, just the NIST P-256 curve. Bug 1397
Phil Pennock [Tue, 26 May 2015 09:48:46 +0000 (10:48 +0100)]
TLS: Enable ECDHE on OpenSSL, just the NIST P-256 curve.  Bug 1397

Original by Phil Pennock; tweaked by JH.

9 years agoNew ${env {NAME}} expansion. Bug 1604
Jeremy Harris [Sat, 23 May 2015 20:48:26 +0000 (21:48 +0100)]
New ${env {NAME}} expansion.  Bug 1604

9 years agoTestsuite: move test.again.dns and test.fail.dns handling to fakens
Jeremy Harris [Sat, 23 May 2015 17:07:58 +0000 (18:07 +0100)]
Testsuite: move test.again.dns and test.fail.dns handling to fakens

9 years agotidying
Jeremy Harris [Sat, 23 May 2015 16:45:48 +0000 (17:45 +0100)]
tidying

9 years agoDANE: do not fail/defer message due to TLSA lookup but dane is only requested
Jeremy Harris [Fri, 22 May 2015 17:32:04 +0000 (18:32 +0100)]
DANE: do not fail/defer message due to TLSA lookup but dane is only requested

9 years agoFix DANE for multiple-MX when all TLSA lookup defer. Bug 1634
Jeremy Harris [Thu, 21 May 2015 22:22:16 +0000 (23:22 +0100)]
Fix DANE for multiple-MX when all TLSA lookup defer.  Bug 1634

9 years agoTestsuite: Check debug message if we requested AD but got AA
Heiko Schlittermann (HS12) [Wed, 20 May 2015 21:08:21 +0000 (23:08 +0200)]
Testsuite: Check debug message if we requested AD but got AA

9 years agoTestsuite: Add support for authoritive answer to fakens
Heiko Schlittermann (HS12) [Wed, 20 May 2015 21:07:33 +0000 (23:07 +0200)]
Testsuite: Add support for authoritive answer to fakens

9 years agoAdd DNS debug aid if we requested AD but got AA
Heiko Schlittermann (HS12) [Wed, 13 May 2015 21:50:23 +0000 (23:50 +0200)]
Add DNS debug aid if we requested AD but got AA

If the resolver we ask is authoritive (AA) for some domain,
we never ever get the AD (authentic data) bit in the answer.

9 years agoAdd DNS debug aid if we requsted AD but got AA
Heiko Schlittermann (HS12) [Wed, 13 May 2015 21:50:23 +0000 (23:50 +0200)]
Add DNS debug aid if we requsted AD but got AA

If the resolver we ask is authoritive (AA) for some domain,
we never ever get the AD (authentic data) bit in the answer.

9 years agoChange HELO-verify forward case from byname to bydns and add DNSSEC tracking
Jeremy Harris [Tue, 19 May 2015 19:28:42 +0000 (20:28 +0100)]
Change HELO-verify forward case from byname to bydns and add DNSSEC tracking

9 years agoChange host_lookup re-forward from byname to bydns; checking DNSSEC
Jeremy Harris [Tue, 19 May 2015 21:32:38 +0000 (22:32 +0100)]
Change host_lookup re-forward from byname to bydns; checking DNSSEC

9 years agostruct dnssec_domains
Jeremy Harris [Sun, 17 May 2015 20:57:46 +0000 (21:57 +0100)]
struct dnssec_domains

9 years agoTestsuite: avoid tryng to run in net 10.
Jeremy Harris [Tue, 19 May 2015 16:41:35 +0000 (17:41 +0100)]
Testsuite: avoid tryng to run in net 10.

9 years agoTestsuite: Add ad= to even more outputs
Heiko Schlittermann (HS12) [Mon, 18 May 2015 21:40:27 +0000 (23:40 +0200)]
Testsuite: Add ad= to even more outputs

9 years agoShow the DNSSEC status (ad=) always in -bt/-bv output
Heiko Schlittermann (HS12) [Mon, 18 May 2015 14:32:58 +0000 (16:32 +0200)]
Show the DNSSEC status (ad=) always in -bt/-bv output

9 years agoFix truncated dns-lookup return record handling
Jeremy Harris [Mon, 18 May 2015 14:18:53 +0000 (15:18 +0100)]
Fix truncated dns-lookup return record handling

9 years agoTestsuite: move manyhome.test,ex handling from exim to fakens
Jeremy Harris [Mon, 18 May 2015 13:05:27 +0000 (14:05 +0100)]
Testsuite: move manyhome.test,ex handling from exim to fakens

9 years agoRemove word "rejected" from ACL-discard log lines. Bug 1632
Jeremy Harris [Sun, 17 May 2015 17:08:53 +0000 (18:08 +0100)]
Remove word "rejected" from ACL-discard log lines.  Bug 1632

9 years agoTestsuite: Munge the output to fit the ad=… lines
Heiko Schlittermann (HS12) [Sat, 16 May 2015 20:24:38 +0000 (22:24 +0200)]
Testsuite: Munge the output to fit the ad=… lines

9 years agotidying
Jeremy Harris [Sat, 16 May 2015 16:47:53 +0000 (17:47 +0100)]
tidying

9 years agoCallout: additional debug on cache operations
Jeremy Harris [Fri, 15 May 2015 10:01:31 +0000 (11:01 +0100)]
Callout: additional debug on cache operations

9 years agoTestsuite: reverted: Output of path to fakens
Heiko Schlittermann (HS12) [Thu, 14 May 2015 22:56:21 +0000 (00:56 +0200)]
Testsuite: reverted: Output of path to fakens

This partially reverts 5f3d09836.

9 years agoTestsuite: missing output file
Jeremy Harris [Thu, 14 May 2015 19:57:44 +0000 (20:57 +0100)]
Testsuite: missing output file

9 years agoTestsuite: Check dnssec_{request,require}_domains for dnslookup
Heiko Schlittermann (HS12) [Wed, 13 May 2015 06:59:31 +0000 (08:59 +0200)]
Testsuite: Check dnssec_{request,require}_domains for dnslookup

9 years agoTestsuite: locate fakens relative to the config_main_directory
Heiko Schlittermann (HS12) [Tue, 12 May 2015 20:01:08 +0000 (22:01 +0200)]
Testsuite: locate fakens relative to the config_main_directory

This makes the test configs more intuitive, because the
spool_directory=SPOOL/spool does not need to be there anymore,
except we really need a spool directory.

9 years agoOutput dnssec status in -bt/-bv mode
Heiko Schlittermann (HS12) [Mon, 11 May 2015 20:15:32 +0000 (22:15 +0200)]
Output dnssec status in -bt/-bv mode

Currently this feature is enabled only if running_in_test_harness,
because I don't want to break anything else.

9 years agoDiagnostic debug message if fakens is not found
Heiko Schlittermann (HS12) [Mon, 11 May 2015 20:14:31 +0000 (22:14 +0200)]
Diagnostic debug message if fakens is not found

9 years agoDo not use the A lookup following an AAAA for setting the FQDN. Bug 1588
Jeremy Harris [Sun, 10 May 2015 22:13:41 +0000 (23:13 +0100)]
Do not use the A lookup following an AAAA for setting the FQDN.  Bug 1588

Normally benign, it bites when the pair was led to by a CNAME;
modern usage is to not canoicalize the domain to a cname target
(and we were inconsistent anyway for A-only vs AAAA+A).

9 years agoDocs: Fix a single letter typo
Heiko Schlittermann (HS12) [Sun, 10 May 2015 21:30:25 +0000 (23:30 +0200)]
Docs: Fix a single letter typo

9 years agoOverride DISABLE_DNSSEC when EXPERIMENTAL_DANE is in use
Heiko Schlittermann (HS12) [Sun, 10 May 2015 20:48:28 +0000 (22:48 +0200)]
Override DISABLE_DNSSEC when EXPERIMENTAL_DANE is in use

9 years agoAdd feature tag for DNSSEC
Heiko Schlittermann (HS12) [Sun, 10 May 2015 20:47:59 +0000 (22:47 +0200)]
Add feature tag for DNSSEC

9 years agoDocs: Make build unicode resistant
Heiko Schlittermann (HS12) [Sun, 10 May 2015 14:01:44 +0000 (16:01 +0200)]
Docs: Make build unicode resistant

Force LC_ALL=C for spec.txt. Add an additional build target:
spec.utf8.

9 years agoSupport SOA lookup in dnsdb lookups. Bug 286
Jeremy Harris [Sat, 9 May 2015 18:21:15 +0000 (19:21 +0100)]
Support SOA lookup in dnsdb lookups.  Bug 286

9 years agoAdd retrans/retry options to dnsdb lookup. Bug 1539
Jeremy Harris [Sat, 9 May 2015 16:05:49 +0000 (17:05 +0100)]
Add retrans/retry options to dnsdb lookup.  Bug 1539

9 years agoTestsuite: fix build on older Linuxen
Jeremy Harris [Fri, 8 May 2015 11:10:57 +0000 (12:10 +0100)]
Testsuite: fix build on older Linuxen

9 years ago Log lengthy DNS lookups. Bug 514
Jeremy Harris [Thu, 7 May 2015 20:36:22 +0000 (21:36 +0100)]
Log lengthy DNS lookups.  Bug 514

    Original by <derrick.rice@gmail.com>, massaged by JH

9 years agoTestsuite: Fix the [U]pdate for new testcases
Heiko Schlittermann (HS12) [Wed, 6 May 2015 21:16:59 +0000 (23:16 +0200)]
Testsuite: Fix the [U]pdate for new testcases

9 years agoLog reason for defer, on a hostlist dns-lookup temporary error. Bug 1328
Jeremy Harris [Tue, 5 May 2015 21:50:56 +0000 (22:50 +0100)]
Log reason for defer, on a hostlist dns-lookup temporary error.  Bug 1328

9 years agoTestsuite: fix testcase sequencing
Jeremy Harris [Tue, 5 May 2015 20:24:17 +0000 (21:24 +0100)]
Testsuite: fix testcase sequencing

Broken-by: f41e05066084
Replaces:  0368847fd98d

9 years agoI18N: new ${imapfolder_<sep>:<string>} expansion item. Bug 420
Jeremy Harris [Mon, 4 May 2015 16:02:27 +0000 (17:02 +0100)]
I18N: new ${imapfolder_<sep>:<string>} expansion item.  Bug 420

9 years agoTestsuite: Patch for lost server -> exim interlock
Jeremy Harris [Mon, 4 May 2015 22:38:46 +0000 (23:38 +0100)]
Testsuite: Patch for lost server -> exim interlock
This is an interim workaround.

Broken-by: f41e05066084
9 years agoTestsuite: fix scripts for daemon interlock
Jeremy Harris [Mon, 4 May 2015 21:26:27 +0000 (22:26 +0100)]
Testsuite: fix scripts for daemon interlock

Broken-by: f41e05066084
9 years agoTestsuite: allow long server startup delay after big file write
Jeremy Harris [Sun, 3 May 2015 15:15:15 +0000 (16:15 +0100)]
Testsuite: allow long server startup delay after big file write

Needed for running on an SD-card filesystem

9 years agoTestsuite: interlock daemon startup with testcase run
Jeremy Harris [Sun, 3 May 2015 13:17:19 +0000 (14:17 +0100)]
Testsuite: interlock daemon startup with testcase run

Required for running on an SD card filesystem, which is subject
to obscene delays (possibly flash background processing).

9 years agoexigrep: fallback to $PATH if zcat is missing. BUG 1575
Heiko Schlittermann (HS12) [Sun, 26 Apr 2015 21:20:29 +0000 (23:20 +0200)]
exigrep: fallback to $PATH if zcat is missing. BUG 1575

9 years agoInvert default for iconv() 2nd arg type, to match SUSv3. Bug 1161
Jeremy Harris [Sun, 26 Apr 2015 17:31:14 +0000 (18:31 +0100)]
Invert default for iconv() 2nd arg type, to match SUSv3.  Bug 1161

Probably most of the lesser-used builds are already broken;
this won't fix them

9 years agoMIME: recode 2231-to-2047 safely. Bug 466
Jeremy Harris [Sun, 26 Apr 2015 15:25:11 +0000 (16:25 +0100)]
MIME: recode 2231-to-2047 safely.  Bug 466

The original expansion was vulnerable to odd filenames.

9 years agoMIME: Support RFC2231 for filenames. Bug 466
Jeremy Harris [Sat, 25 Apr 2015 23:05:08 +0000 (00:05 +0100)]
MIME: Support RFC2231 for filenames.  Bug 466

Patch originally from Alexander Shikoff, heavily reworked by JH.

9 years agoMake dnssec_request_domains/dnssec_require_domains generic
Heiko Schlittermann (HS12) [Thu, 9 Apr 2015 15:30:58 +0000 (17:30 +0200)]
Make dnssec_request_domains/dnssec_require_domains generic

Not only the dnslookup router should use DNSSEC for lookups. The
manualroute and even queryprogram router may just generate a host list.
The names then need to be resolved, optionally via DNSSEC.

9 years agoTestsuite: add hint about usernames
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:10:15 +0000 (23:10 +0200)]
Testsuite: add hint about usernames

9 years agoTestsuite: add more help about options to client.c
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:15:03 +0000 (23:15 +0200)]
Testsuite: add more help about options to client.c

9 years agoTestsuite: add support for -FLAVOUR option
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:27:22 +0000 (23:27 +0200)]
Testsuite: add support for -FLAVOUR option

This feature allows to save test results as as a "flavo(u)r".
E.g. Debian/8 uses special lib-OpenSSL settings. This results
in less verbose output of some SSL related tests.

9 years agoTestsuite: add support for relative name of exim
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:28:26 +0000 (23:28 +0200)]
Testsuite: add support for relative name of exim

The runtest script converts a relative name of the binary to an
absolute name. This is mainly a comfort feature.

9 years agoTestsuite: check the TRUSTED_CONFIG_LIST content
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:29:33 +0000 (23:29 +0200)]
Testsuite: check the TRUSTED_CONFIG_LIST content

The testsuite relies on trusted configs. Exim needs to be compiled with
the TRUSTED_CONFIG_LIST option. The file mentioned in the
TRUSTED_CONFIG_LIST needs to meet several conditions.

9 years agoTestsuite: Auto-detect missing sbin directories
Heiko Schlittermann (HS12) [Tue, 7 Apr 2015 19:44:00 +0000 (21:44 +0200)]
Testsuite: Auto-detect missing sbin directories

The runtest script maps bin directories to
matching sbin directories, if they are not already included
in the $PATH. This is mainly a comfort feature to find
ifconfig on some systems automatically.

9 years agoTestsuite: unify the fs dependend error messages
Heiko Schlittermann (HS12) [Mon, 6 Apr 2015 21:18:41 +0000 (23:18 +0200)]
Testsuite: unify the fs dependend error messages

9 years agoTestsuite: wait for queue runner finish (more)
Heiko Schlittermann (HS12) [Sat, 25 Apr 2015 16:43:27 +0000 (18:43 +0200)]
Testsuite: wait for queue runner finish (more)

9 years agoTestsuite: wait for queue runner finish
Heiko Schlittermann (HS12) [Fri, 24 Apr 2015 22:42:16 +0000 (00:42 +0200)]
Testsuite: wait for queue runner finish

9 years agoDKIM: Wrap signature header (more) in line with RFC 5322 and RFC 4871
Jasen Betts [Fri, 24 Apr 2015 16:32:32 +0000 (17:32 +0100)]
DKIM: Wrap signature header (more) in line with RFC 5322 and RFC 4871

9 years agoTestsuite: Fix check_dir_size() fs dependencies
Jeremy Harris [Fri, 24 Apr 2015 15:29:15 +0000 (17:29 +0200)]
Testsuite: Fix check_dir_size() fs dependencies

9 years agoUTF8: Cert namechecks always use a-label
Jeremy Harris [Wed, 22 Apr 2015 19:26:56 +0000 (20:26 +0100)]
UTF8: Cert namechecks always use a-label

9 years agoUTF8: docs update. Bug 1516
Jeremy Harris [Wed, 22 Apr 2015 12:31:47 +0000 (13:31 +0100)]
UTF8: docs update.  Bug 1516

9 years agoUTF8: mua_wrapper
Jeremy Harris [Tue, 21 Apr 2015 22:59:07 +0000 (23:59 +0100)]
UTF8: mua_wrapper

9 years agoUTF8: MSA callouts
Jeremy Harris [Tue, 21 Apr 2015 21:40:43 +0000 (22:40 +0100)]
UTF8: MSA callouts

9 years agoUTF8: MSA downconversions
Jeremy Harris [Mon, 20 Apr 2015 15:48:36 +0000 (16:48 +0100)]
UTF8: MSA downconversions

9 years agoTestsuite: be more tolerant of slow filesystem
Jeremy Harris [Sun, 19 Apr 2015 20:44:45 +0000 (21:44 +0100)]
Testsuite: be more tolerant of slow filesystem

9 years agoUTF8: GnuTLS testcase outputs
Jeremy Harris [Sun, 19 Apr 2015 19:24:49 +0000 (20:24 +0100)]
UTF8: GnuTLS testcase outputs

9 years agoTestsuite: fix content-scanner interface tests
Jeremy Harris [Sun, 19 Apr 2015 18:13:58 +0000 (19:13 +0100)]
Testsuite: fix content-scanner interface tests

9 years agoFix signedness bug in SPA authenticator
Jeremy Harris [Sat, 18 Apr 2015 18:12:19 +0000 (19:12 +0100)]
Fix signedness bug in SPA authenticator

9 years agoTestsuite: split out tests requiring IPv6
Jeremy Harris [Sat, 18 Apr 2015 17:03:51 +0000 (18:03 +0100)]
Testsuite: split out tests requiring IPv6

9 years agoUTF8: Avoid treating a punycoded dns lookup as an implicit redirection
Jeremy Harris [Sat, 18 Apr 2015 14:48:58 +0000 (15:48 +0100)]
UTF8: Avoid treating a punycoded dns lookup as an implicit redirection

9 years agoFix more build dependencies
Heiko Schlittermann (HS12) [Mon, 13 Apr 2015 21:40:58 +0000 (22:40 +0100)]
Fix more build dependencies

9 years agoUTF8: split up testcases
Jeremy Harris [Mon, 13 Apr 2015 21:00:40 +0000 (22:00 +0100)]
UTF8: split up testcases

9 years agoStabilize test 3000 - Perl hash
Heiko Schlittermann (HS12) [Thu, 9 Apr 2015 19:49:47 +0000 (21:49 +0200)]
Stabilize test 3000 - Perl hash

A Perl hash in scalar context returns a true value. Nothing else.
Currently it's information about the internal storage, something like
n/m, used buckets/allocated buckets. But this seems to change from run
to run between 1/8 and 2/8.

9 years agoFix build dependency. Bug 1611
Heiko Schlittermann [Mon, 13 Apr 2015 14:55:04 +0000 (15:55 +0100)]
Fix build dependency.  Bug 1611

9 years agoFix with-TLS non-International build
Jeremy Harris [Mon, 13 Apr 2015 08:35:54 +0000 (09:35 +0100)]
Fix with-TLS non-International build

9 years agoDo not build International by default
Jeremy Harris [Mon, 13 Apr 2015 07:36:38 +0000 (08:36 +0100)]
Do not build International by default

9 years agoMerge branch 'SMTPUTF8_1516'. Bug 1516
Jeremy Harris [Sun, 12 Apr 2015 23:18:54 +0000 (00:18 +0100)]
Merge branch 'SMTPUTF8_1516'.  Bug 1516

This adds limited support for the ESMTP option SMTPUTF8
under the EXPERIMENTAL_INTERNATIONAL compile define

9 years agotidying
Jeremy Harris [Sun, 12 Apr 2015 23:15:51 +0000 (00:15 +0100)]
tidying

9 years agonon-smtp input
Jeremy Harris [Sun, 12 Apr 2015 21:54:36 +0000 (22:54 +0100)]
non-smtp input

9 years agoclient helo
Jeremy Harris [Sun, 12 Apr 2015 17:47:03 +0000 (18:47 +0100)]
client helo

9 years agotls
Jeremy Harris [Sun, 12 Apr 2015 14:18:51 +0000 (15:18 +0100)]
tls

9 years agoDNS lookups never use UTF-8
Jeremy Harris [Sat, 11 Apr 2015 17:08:18 +0000 (18:08 +0100)]
DNS lookups never use UTF-8

9 years agoPermit underbar in dns name component; needed for srv, csa, dane...
Jeremy Harris [Sat, 11 Apr 2015 16:40:37 +0000 (17:40 +0100)]
Permit underbar in dns name component; needed for srv, csa, dane...

9 years agoforwarding
Jeremy Harris [Sat, 11 Apr 2015 15:06:56 +0000 (16:06 +0100)]
forwarding

9 years agoRename substructure for ease of debugging
Jeremy Harris [Sat, 11 Apr 2015 14:33:17 +0000 (15:33 +0100)]
Rename substructure for ease of debugging

9 years agosender verify callout
Jeremy Harris [Thu, 9 Apr 2015 21:15:53 +0000 (22:15 +0100)]
sender verify callout

9 years agoutf8 recipient
Jeremy Harris [Thu, 9 Apr 2015 20:25:45 +0000 (21:25 +0100)]
utf8 recipient

9 years agorecipient verify callout
Jeremy Harris [Wed, 8 Apr 2015 20:33:51 +0000 (21:33 +0100)]
recipient verify callout

9 years agobounce message
Jeremy Harris [Tue, 7 Apr 2015 21:15:43 +0000 (22:15 +0100)]
bounce message

9 years agosmtp output, no remote support
Jeremy Harris [Mon, 6 Apr 2015 13:07:31 +0000 (14:07 +0100)]
smtp output, no remote support