exim.git
11 years agoDocument scripts/lookups-Makefile for new lookups.
Phil Pennock [Wed, 12 Dec 2012 01:18:22 +0000 (20:18 -0500)]
Document scripts/lookups-Makefile for new lookups.

Missing step for adding a new lookup noticed by Paul Gamble.

11 years agoOCSP/SNI: set correct callback.
Phil Pennock [Mon, 10 Dec 2012 00:23:06 +0000 (19:23 -0500)]
OCSP/SNI: set correct callback.

Caught by Jeremy; was wrong in (my) original commit, the dual-TLS work
had just renamed the variables and theoretically made it more visible.
I still missed it.

The server_sni context initialisation was setting the OCSP status
callback context parameter back on the original server_ctx instead of
the new server_sni context.

I guess OCSP and SNI aren't being used together in Exim much yet.

11 years agoFix tests 5400, 5401, 5410, 5420 to work under any user.
Jeremy Harris [Sun, 9 Dec 2012 14:27:37 +0000 (14:27 +0000)]
Fix tests 5400, 5401, 5410, 5420 to work under any user.

11 years agoNote build fixes in ChangeLog
Tony Finch [Fri, 7 Dec 2012 18:13:38 +0000 (18:13 +0000)]
Note build fixes in ChangeLog

11 years agoAvoid unnecessary rebuilds of lookup helper functions.
Tony Finch [Fri, 7 Dec 2012 18:06:47 +0000 (18:06 +0000)]
Avoid unnecessary rebuilds of lookup helper functions.

11 years agoAvoid spurious rebuilds of the dynamic lookups Makefile.
Tony Finch [Fri, 7 Dec 2012 17:44:42 +0000 (17:44 +0000)]
Avoid spurious rebuilds of the dynamic lookups Makefile.

This was noticable when re-building as a non-privileged user
after installing as root; lookups/Makefile had been rebuilt
by root and when it was rebuilt again by the unprivileged user
`mv` demanded confirmation before overwriting the file.

11 years agoFix tests 5401 and 5410 when not run under a user named eximtest.
Tony Finch [Fri, 7 Dec 2012 15:49:31 +0000 (15:49 +0000)]
Fix tests 5401 and 5410 when not run under a user named eximtest.

11 years agoFix test 5400 when not run under a user named eximtest.
Tony Finch [Fri, 7 Dec 2012 15:45:00 +0000 (15:45 +0000)]
Fix test 5400 when not run under a user named eximtest.

11 years agoA safer version of the check for gecos expansion.
Tony Finch [Fri, 7 Dec 2012 11:52:09 +0000 (11:52 +0000)]
A safer version of the check for gecos expansion.

11 years agoMore test updates following the retry fix.
Tony Finch [Fri, 7 Dec 2012 11:49:15 +0000 (11:49 +0000)]
More test updates following the retry fix.

Most of these are due to the changes in the logging of
ultimate timeout checks.

Test 0548 is more meaningfully affected. The test originally
failed to spot that the recipient-specific deferrals pushed
past the ultimate retry timeout.

11 years agoUpdate test 0357 following the retry fix.
Tony Finch [Thu, 6 Dec 2012 20:19:45 +0000 (20:19 +0000)]
Update test 0357 following the retry fix.

11 years agoMake gecos expansion work with test 0412 as well as 0254.
Tony Finch [Thu, 6 Dec 2012 20:16:39 +0000 (20:16 +0000)]
Make gecos expansion work with test 0412 as well as 0254.

11 years agoAdded DCC entry to Changelog as GF/01 (2nd attempt)
Graeme Fowler [Thu, 6 Dec 2012 20:04:21 +0000 (20:04 +0000)]
Added DCC entry to Changelog as GF/01 (2nd attempt)

11 years agoRevert "Added DCC entry to Changelog as GF/01"
Graeme Fowler [Thu, 6 Dec 2012 20:02:02 +0000 (20:02 +0000)]
Revert "Added DCC entry to Changelog as GF/01"

This reverts commit fee685ddb4cb1a995556b5cc35df907ae7a8ad62.

11 years agoAdded DCC entry to Changelog as GF/01
Graeme Fowler [Thu, 6 Dec 2012 19:59:51 +0000 (19:59 +0000)]
Added DCC entry to Changelog as GF/01

11 years agoFix my earlier "fix" for intermittently deliverable recipients.
Tony Finch [Thu, 6 Dec 2012 19:28:27 +0000 (19:28 +0000)]
Fix my earlier "fix" for intermittently deliverable recipients.

Only do the ultimate address timeout check if there is an address
retry record and there is not a domain retry record; this implies
that previous attempts to handle the address had the retry_use_local_parts
option turned on. We use this as an approximation for the destination
being like a local delivery, as in LMTP.

11 years agoCorrect gecos expansion when From: is a prefix of the username.
Tony Finch [Thu, 6 Dec 2012 19:11:28 +0000 (19:11 +0000)]
Correct gecos expansion when From: is a prefix of the username.

Test 0254 submits a message to Exim with the header

  Resent-From: f

When I ran the test suite under the user fanf2, Exim expanded
the header to contain my full name, whereas it should have added
a Resent-Sender: header. It erroneously treats any prefix of the
username as equal to the username.

This change corrects that bug.

11 years agoExplain the 3 SSL_CTX we have
Phil Pennock [Sun, 2 Dec 2012 23:55:49 +0000 (18:55 -0500)]
Explain the 3 SSL_CTX we have

11 years agoFix eximon build.
Jeremy Harris [Sun, 2 Dec 2012 18:47:28 +0000 (18:47 +0000)]
Fix eximon build.

11 years agoAdd retry timeout fix to ChangeLog
Tony Finch [Fri, 30 Nov 2012 16:01:00 +0000 (16:01 +0000)]
Add retry timeout fix to ChangeLog

11 years agoFix ultimate retry timeouts for intermittently deliverable recipients.
Tony Finch [Thu, 29 Nov 2012 18:39:52 +0000 (18:39 +0000)]
Fix ultimate retry timeouts for intermittently deliverable recipients.

When a queue runner is handling a message, Exim first routes the
recipient addresses, during which it prunes them based on the retry
hints database. After that it attempts to deliver the message to
any remaining recipients. It then updates the hints database using
the retry rules.

So if a recipient address works intermittently, it can get repeatedly
deferred at routing time. The retry hints record remains fresh so the
address never reaches the final cutoff time.

This is a fairly common occurrence when a user is bumping up against
their storage quota. Exim had some logic in its local delivery code
to deal with this. However it did not apply to per-recipient defers
in remote deliveries, e.g. over LMTP to a separate IMAP message store.

This commit adds a proper retry rule check during routing so that
the final cutoff time is checked against the message's age. I also
took the opportunity to unify three very similar blocks of code.

I suspect this new check makes the old local delivery cutoff check
redundant, but I have not verified this so I left the code in place.

11 years agoUse new .copyyear macro
Phil Pennock [Tue, 27 Nov 2012 01:07:48 +0000 (20:07 -0500)]
Use new .copyyear macro

11 years agoRevert copyright years to manual-update. Bug 1318.
Jeremy Harris [Sun, 25 Nov 2012 14:22:42 +0000 (14:22 +0000)]
Revert copyright years to manual-update.  Bug 1318.

11 years agoInsert version number and date into documentation at build time. Bug 1318.
Jeremy Harris [Sat, 24 Nov 2012 22:51:55 +0000 (22:51 +0000)]
Insert version number and date into documentation at build time.  Bug 1318.

Write a temp file with macro definitions from the makefile, and include it
from the doc sources.  Pass the version to make from the perl script.

It is still needed to manually update the previous-version number and
changebar indicators (.new/.wen) manually.

11 years agoDCC debug and logging tidy
Graeme Fowler [Fri, 23 Nov 2012 09:39:42 +0000 (09:39 +0000)]
DCC debug and logging tidy

11 years agoFix merge problem.
Jeremy Harris [Fri, 23 Nov 2012 01:33:31 +0000 (01:33 +0000)]
Fix merge problem.

11 years agoCheck syscall return values.
Jeremy Harris [Fri, 23 Nov 2012 00:52:43 +0000 (00:52 +0000)]
Check syscall return values.

Mostly just compiler-quietening rather than intelligent error-handling.
This deals with complaints of "attribute warn_unused_result" during an rpm
build for SL6 (probably for Fedora also).

11 years agoFix 64b build.
Jeremy Harris [Sat, 17 Nov 2012 21:47:26 +0000 (21:47 +0000)]
Fix 64b build.

11 years agoDovecot: robustness; better msg on missing mech.
Phil Pennock [Tue, 20 Nov 2012 04:44:33 +0000 (23:44 -0500)]
Dovecot: robustness; better msg on missing mech.

If the dovecot protocol response doesn't include the MECH message for
the SMTP AUTH protocol the client has requested, that's not a protocol
failure, don't log it as such.  Instead, explicitly log that it didn't
advertise the mechanism we're looking for.  This lets administrators fix
either their Exim or their Dovecot configurations.

Also: make the Dovecot handling more resistant to bad data from the auth
server; handle too many fields with debug-log message to explain what's
going on, permit lines of 8192 length per spec and detect if the line is
too long, so that we can fail auth instead of becoming unsynchronised.

Stop using the CUID from the server as the AUTH id counter.  They're
different, by my reading of the spec.

TESTED: works against Dovecot 2.1.10.

Thanks to Brady Catherman for reporting the problem with diagnosis.

12 years agoMore compiler quietening.
Jeremy Harris [Sun, 18 Nov 2012 17:03:38 +0000 (17:03 +0000)]
More compiler quietening.

12 years agoMore compiler quietening.
Jeremy Harris [Sun, 18 Nov 2012 15:57:59 +0000 (15:57 +0000)]
More compiler quietening.

12 years agoMore compiler quitening.
Jeremy Harris [Sat, 17 Nov 2012 23:16:58 +0000 (23:16 +0000)]
More compiler quitening.

12 years agoFix initializer for struct tls_support, per edc33b5f1aca and 817d9f576cd.
Jeremy Harris [Sat, 17 Nov 2012 21:32:08 +0000 (21:32 +0000)]
Fix initializer for struct tls_support, per edc33b5f1aca and 817d9f576cd.

12 years agoConfigure should stop on error.
Phil Pennock [Sat, 17 Nov 2012 03:28:10 +0000 (22:28 -0500)]
Configure should stop on error.

Set the POSIX -e option on the #! line invoking /bin/sh.
If any of the sub-commands fail, the Configure as a whole should fail.

12 years agoAuth info from transports must be tracked per-address.
Jeremy Harris [Fri, 9 Nov 2012 00:19:09 +0000 (00:19 +0000)]
Auth info from transports must be tracked per-address.

12 years agoEnsure that recipient is well-defined for expansion-called acl at RCPT-time.
Jeremy Harris [Thu, 8 Nov 2012 00:37:32 +0000 (00:37 +0000)]
Ensure that recipient is well-defined for expansion-called acl at RCPT-time.

12 years agoChangeLog update for NTLM/server_set_id
Phil Pennock [Wed, 7 Nov 2012 07:09:19 +0000 (02:09 -0500)]
ChangeLog update for NTLM/server_set_id

12 years agoFix server_set_id for SPA/NTLM auth.
Phil Pennock [Wed, 7 Nov 2012 06:53:37 +0000 (01:53 -0500)]
Fix server_set_id for SPA/NTLM auth.

Broken in 4.80 release, commit 08488c86.

We need to leave $auth1 available after the authenticator returns, so
that server_set_id can be evaluated by the caller.  We need to do this
whether we succeed or fail, because server_set_id only makes it into
$authenticated_id if we return OK, but is logged regardless.

Updated test config to set server_set_id; updated logs.

12 years agoAdd optional authenticated_sender info to A= elements of log lines; bug 1314.
Jeremy Harris [Tue, 6 Nov 2012 22:31:54 +0000 (22:31 +0000)]
Add optional authenticated_sender info to A= elements of log lines; bug 1314.

New log_selector, smtp_mailauth, to enable.

12 years agoDocs fixup
Jeremy Harris [Mon, 5 Nov 2012 00:29:47 +0000 (00:29 +0000)]
Docs fixup

12 years agoAdd A= to delivery log lines, and a client_set_id option to authenticators.
Jeremy Harris [Sun, 4 Nov 2012 23:24:28 +0000 (23:24 +0000)]
Add A= to delivery log lines, and a client_set_id option to authenticators.

12 years agoTrack ACL context through ${acl expansions. Bug 1305.
Jeremy Harris [Mon, 29 Oct 2012 22:14:16 +0000 (22:14 +0000)]
Track ACL context through ${acl expansions. Bug 1305.

Rather than pass "where" around all the string-expansion calls I've
used a global; and unpleasant mismatch with the existing "where"
tracking done for nested ACL calls.

12 years agoQuieten complaining compilers.
Jeremy Harris [Sun, 28 Oct 2012 16:48:49 +0000 (16:48 +0000)]
Quieten complaining compilers.

12 years agoUpdate testsuite outputs to match 333b9d.
Jeremy Harris [Sat, 27 Oct 2012 14:04:11 +0000 (15:04 +0100)]
Update testsuite outputs to match 333b9d.

12 years ago4.81 to 4.82
Phil Pennock [Sat, 27 Oct 2012 00:33:33 +0000 (20:33 -0400)]
4.81 to 4.82

Avoiding confusion of 4.80.1 vs 4.81, we went with skipping to 4.82 instead.

12 years agoMerge 4.80.1 security fix in.
Phil Pennock [Sat, 27 Oct 2012 00:30:27 +0000 (20:30 -0400)]
Merge 4.80.1 security fix in.

Merge commit '4263f395efd136dece52d765dfcff3c96f17506e'

Amendment to ChangeLog to handle changes.

12 years agoMerge branch 'master' of git://git.exim.org/exim
Jeremy Harris [Thu, 25 Oct 2012 22:05:18 +0000 (23:05 +0100)]
Merge branch 'master' of git://git.exim.org/exim

12 years agoSave/restore $acl_arg1 ... across acl calls, making them local variables.
Jeremy Harris [Thu, 25 Oct 2012 21:28:01 +0000 (22:28 +0100)]
Save/restore $acl_arg1 ... across acl calls, making them local variables.

12 years agoSECURITY: DKIM DNS buffer overflow protection
Phil Pennock [Thu, 25 Oct 2012 03:26:29 +0000 (23:26 -0400)]
SECURITY: DKIM DNS buffer overflow protection

CVE-2012-5671

malloc/heap overflow, with a 60kB window of overwrite.
Requires DNS under control of person sending email, leaves plenty of
evidence, but is very likely exploitable on OSes that have not been
well hardened.

12 years agoExample tune for clarity (reverse_ip)
Phil Pennock [Wed, 17 Oct 2012 21:40:38 +0000 (17:40 -0400)]
Example tune for clarity (reverse_ip)

Use a last octet which will highlight the hex nature in the example.
> ${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.127}
f.7.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2

12 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Tue, 16 Oct 2012 03:21:07 +0000 (20:21 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

12 years agoAdjust debug output to indicate a test, not result
Todd Lyons [Tue, 16 Oct 2012 03:20:12 +0000 (20:20 -0700)]
Adjust debug output to indicate a test, not result

12 years agoNote post-DATA ACL ordering.
Phil Pennock [Tue, 16 Oct 2012 00:23:13 +0000 (20:23 -0400)]
Note post-DATA ACL ordering.

DKIM, then MIME, then DATA.

(Also CHID12 -> CHAPdkim)

12 years agoAvoid reset of store pool in expand when a ${acl is used; it may have side-effects...
Jeremy Harris [Sun, 14 Oct 2012 20:34:24 +0000 (21:34 +0100)]
Avoid reset of store pool in expand when a ${acl is used; it may have side-effects that must
be persistent.

12 years agoDoc fix: log field M8S=, in details section
Phil Pennock [Sun, 7 Oct 2012 00:20:14 +0000 (20:20 -0400)]
Doc fix: log field M8S=, in details section

12 years agoMove Wolfgang's ack to current section
Phil Pennock [Sun, 7 Oct 2012 00:03:30 +0000 (20:03 -0400)]
Move Wolfgang's ack to current section

12 years agoLogging-only patch for 8BITMIME; bug 817.
Jeremy Harris [Thu, 4 Oct 2012 22:23:50 +0000 (23:23 +0100)]
Logging-only patch for 8BITMIME; bug 817.

12 years agoAdd smarthost Router to default config, commented-out.
Phil Pennock [Fri, 5 Oct 2012 19:33:07 +0000 (15:33 -0400)]
Add smarthost Router to default config, commented-out.

This is a very common requirement for the portion of the user-base who need the most assistance.

12 years agoAdd expansion variable $headers_added returning newline-sep list of headers
Jeremy Harris [Thu, 4 Oct 2012 22:05:04 +0000 (23:05 +0100)]
Add expansion variable $headers_added returning newline-sep list of headers
added in ACLs.  Bug 199.

12 years agoStrip leading/trailing newlines on list of headers for addition; bug 884.
Jeremy Harris [Thu, 4 Oct 2012 21:21:09 +0000 (22:21 +0100)]
Strip leading/trailing newlines on list of headers for addition; bug 884.

NB: this means a bare "X-ACL-Warn:" header is harder to add.

12 years agoReleases signed by Phil's key, not Nigel's.
Phil Pennock [Thu, 4 Oct 2012 02:00:13 +0000 (22:00 -0400)]
Releases signed by Phil's key, not Nigel's.

State a more general policy of PGP signing, mention trust paths, cite
the main public keyserver pool, provide a link to a trustpath display
between Nigel's key and Phil's.

Provide Phil's current PGP keyid (noting will change in 2013).

Bounce via a redirector, on Phil's security site, because:
 (1) xfpt barfs on &url(..) where the URL contains an ampersand
 (2) No ampersands means less debugging across various platforms
 (3) The redirector is https: with a public cert, where www.exim.org
     does not have a cert (with that name, at this time).

All keys cited in 0xLong form (16 hex characters).

Nits:
 (1) URL is given with https:// on one line, the rest on the next
 (2) using alt text does not give the URL in the .txt format, despite
     the docs, because we build .txt from w3m -dump, so the HTML form is
     used.
 (3) Ideally, we'll get around to having https://www.exim.org/ exist and
     be usable for this redirect.

Side-effects:
 (1) My name is in The Spec for the first time. :)

12 years agoUnbreak non-ipv6 build.
Jeremy Harris [Thu, 27 Sep 2012 21:00:55 +0000 (22:00 +0100)]
Unbreak non-ipv6 build.

My commit 3a7963704c519 broke compilation without HAVE_IPv6.  Rework.

12 years agoAdd doc caveats on cutthrough-delivery vs. verify-mode routers.
Jeremy Harris [Mon, 24 Sep 2012 19:33:56 +0000 (20:33 +0100)]
Add doc caveats on cutthrough-delivery vs. verify-mode routers.

12 years agoFix expected test output file with return before linefeed.
Jeremy Harris [Mon, 24 Sep 2012 19:32:39 +0000 (20:32 +0100)]
Fix expected test output file with return before linefeed.

12 years agoTypo in debug output.
Todd Lyons [Mon, 17 Sep 2012 16:11:58 +0000 (09:11 -0700)]
Typo in debug output.

12 years agoMinor doc nits re bug 1262.
Phil Pennock [Wed, 12 Sep 2012 00:14:42 +0000 (20:14 -0400)]
Minor doc nits re bug 1262.

Update src comment to be clearer about why it's safe for "state of this transport" to affect other deliveries.
Mention change in externally observable state in README.UPDATING.
Reference bugzilla entry in ChangeLog.
Update Paul's credit in ACKNOWLEDGMENTS.

12 years agoAvoid using a waiting db for single-message-only transports. Performance
Jeremy Harris [Tue, 11 Sep 2012 22:11:16 +0000 (23:11 +0100)]
Avoid using a waiting db for single-message-only transports.  Performance
bug 1262 and patch from Paul Fisher.  Testcase 0288 exercises.

12 years agoUpdate manual on the logging of cutthrough-mode deliveries.
Jeremy Harris [Sun, 9 Sep 2012 18:01:55 +0000 (19:01 +0100)]
Update manual on the logging of cutthrough-mode deliveries.

12 years agominor nits.
Phil Pennock [Thu, 6 Sep 2012 01:01:29 +0000 (21:01 -0400)]
minor nits.

Some whitespace changes; 4.73 item 8: bool_lax{} is an expansion condition, not e. operator.
Fix a comma to a period.

12 years agoAdd dnsdb lookup pseudo-type "a+". Addresses bug 1269.
Jeremy Harris [Wed, 5 Sep 2012 20:38:23 +0000 (21:38 +0100)]
Add dnsdb lookup pseudo-type "a+".   Addresses bug 1269.

12 years agoBugtrack 1290 - Spec grammar fixes.
Todd Lyons [Mon, 27 Aug 2012 15:17:25 +0000 (08:17 -0700)]
Bugtrack 1290 - Spec grammar fixes.

Submitted by Regid.

12 years agoBugtrack 1285 - Add docs for omitted dkim_disable_verify.
Todd Lyons [Thu, 16 Aug 2012 15:37:49 +0000 (08:37 -0700)]
Bugtrack 1285 - Add docs for omitted dkim_disable_verify.

Fixed spec docbook file to pass validation when building spec.txt.
Adjust Makefile to not delete html, but not version controlled
  index.html.

12 years agoBugtrack 1283 - Spec typo fix.
Todd Lyons [Thu, 16 Aug 2012 00:16:43 +0000 (17:16 -0700)]
Bugtrack 1283 - Spec typo fix.

12 years agoBugtrack 1281 - Spec typo fix.
Todd Lyons [Tue, 14 Aug 2012 17:31:20 +0000 (10:31 -0700)]
Bugtrack 1281 - Spec typo fix.

12 years agoFix trailing whitespace
Todd Lyons [Fri, 27 Jul 2012 21:40:05 +0000 (14:40 -0700)]
Fix trailing whitespace

12 years agoFix trailing whitespace in STDOUT file.
Todd Lyons [Fri, 27 Jul 2012 21:31:45 +0000 (14:31 -0700)]
Fix trailing whitespace in STDOUT file.

12 years agoBug #198: Add remove_header ACL modifier.
Todd Lyons [Thu, 26 Jul 2012 20:31:20 +0000 (13:31 -0700)]
Bug #198: Add remove_header ACL modifier.

Used patch from Magnus Holmgren dated 2007-02-20.
Added documentation.
Added tests to detect proper operation.

12 years agoAdd example ACL usage of ${run in exim spec.
Todd Lyons [Thu, 19 Jul 2012 15:59:08 +0000 (08:59 -0700)]
Add example ACL usage of ${run in exim spec.

12 years agoDoc fixes from Regid Ichira & Andreas Metzler
Phil Pennock [Mon, 16 Jul 2012 19:21:14 +0000 (12:21 -0700)]
Doc fixes from Regid Ichira & Andreas Metzler

12 years agoDoc note re 9999 days & 32bit time (SSL certs)
Phil Pennock [Thu, 12 Jul 2012 22:42:08 +0000 (15:42 -0700)]
Doc note re 9999 days & 32bit time (SSL certs)

Thanks to Jay Rouman for highlighting that there can be rollover.
I have chosen *not* to reduce the duration, but to leave it and instead
provoke thought on the part of those deploying systems, if this bites them.

12 years agoAdd CONTINUE to runtest script
Todd Lyons [Mon, 9 Jul 2012 15:38:58 +0000 (08:38 -0700)]
Add CONTINUE to runtest script

12 years agoAdd check for inlist and !inlist in test 0002.
Todd Lyons [Sun, 8 Jul 2012 23:36:02 +0000 (16:36 -0700)]
Add check for inlist and !inlist in test 0002.

12 years agoMerge branch 'master' of git://git.exim.org/exim
Jeremy Harris [Sun, 8 Jul 2012 21:53:30 +0000 (22:53 +0100)]
Merge branch 'master' of git://git.exim.org/exim

12 years agoMultiple headers_add/remove options per router/transport - fixes bug 337
Jeremy Harris [Sun, 8 Jul 2012 21:49:18 +0000 (22:49 +0100)]
Multiple headers_add/remove options per router/transport - fixes bug 337

12 years agoMake +smtp_confirmation be a default logging option.
Todd Lyons [Fri, 6 Jul 2012 21:56:11 +0000 (14:56 -0700)]
Make +smtp_confirmation be a default logging option.

12 years agoFix bug 1267 - inlist/i were ignoring negation.
Jeremy Harris [Thu, 5 Jul 2012 22:59:20 +0000 (23:59 +0100)]
Fix bug 1267 - inlist/i were ignoring negation.

Fix the acl condition also; and make editor brace-matching a
little better.

12 years agoDelay expansion of smtp transport option "authenticated_sender"
Jeremy Harris [Thu, 5 Jul 2012 21:52:08 +0000 (22:52 +0100)]
Delay expansion of smtp transport option "authenticated_sender"
after connection startup, to match documentation - bug 1144.

12 years agoInclude the static files within the HTML documentation dir
Nigel Metheringham [Mon, 2 Jul 2012 14:11:50 +0000 (15:11 +0100)]
Include the static files within the HTML documentation dir

12 years agoMerge branch 'acl'
Jeremy Harris [Sun, 1 Jul 2012 15:01:29 +0000 (16:01 +0100)]
Merge branch 'acl'

12 years agogit/ACKNOWLEDGMENTS: coerce charset of git tools
Phil Pennock [Wed, 27 Jun 2012 20:13:20 +0000 (13:13 -0700)]
git/ACKNOWLEDGMENTS: coerce charset of git tools

github seems to assume content is 8bit.

12 years agoAcl expansions: tests and documentation
Jeremy Harris [Wed, 27 Jun 2012 19:55:23 +0000 (20:55 +0100)]
Acl expansions: tests and documentation

12 years agoLet Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
Phil Pennock [Mon, 25 Jun 2012 10:27:47 +0000 (03:27 -0700)]
Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.

Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
We just add CFLAGS_DYNAMIC too and some comments.

Non-POSIX syntax, but fairly portable; GNU make gained it in 1998,
we believe even very old systems should handle it fine.

12 years agoChange acl expansion-condition syntax to "acl {{name} {arg1}{arg2}...}"
Jeremy Harris [Sun, 24 Jun 2012 16:14:48 +0000 (17:14 +0100)]
Change acl expansion-condition syntax to "acl {{name} {arg1}{arg2}...}"
to match saslauthd condition.

12 years agoMerge branch 'acl-args' into acl
Jeremy Harris [Sun, 24 Jun 2012 15:57:06 +0000 (16:57 +0100)]
Merge branch 'acl-args' into acl

12 years agoAdd gnutls_enable_pkcs11 option.
Phil Pennock [Sun, 24 Jun 2012 09:55:29 +0000 (02:55 -0700)]
Add gnutls_enable_pkcs11 option.

GnuTLS 2.12.0 adds PKCS11 support using p11-kit and by default will
autoload modules, which interoperates badly with GNOME keyring
integration, configured via paths in environment variables, and Exim
invoked by the user (eg, mailq) will then try to load the modules, fail
and spew warnings from the module for a library loaded by a library.

http://www.gnu.org/software/gnutls/manual/gnutls.html#Smart-cards-and-HSMs
documents that to prevent this, explicitly init PKCS11 before calling
gnutls_global_init().  So we do so, unless the admin sets the new
option.

Reported by Andreas Metzler, who confirmed that the added calls fixed
the problem for him.

12 years agoAdd acl call as an expansion condition
Jeremy Harris [Thu, 14 Jun 2012 22:24:16 +0000 (23:24 +0100)]
Add acl call as an expansion condition

12 years agoAdd args to trad. modifier acl call method
Jeremy Harris [Thu, 14 Jun 2012 19:44:58 +0000 (20:44 +0100)]
Add args to trad. modifier acl call method

12 years agoUse custom variables for ACL args, up to nine. Add an arg-count variable.
Jeremy Harris [Tue, 12 Jun 2012 21:50:52 +0000 (22:50 +0100)]
Use custom variables for ACL args, up to nine.  Add an arg-count variable.

12 years agoAdd ${acl {name}{arg}} expansion item.
Jeremy Harris [Mon, 11 Jun 2012 21:00:11 +0000 (22:00 +0100)]
Add ${acl {name}{arg}} expansion item.

12 years agoMerge branch 'lists'
Jeremy Harris [Tue, 12 Jun 2012 20:43:58 +0000 (21:43 +0100)]
Merge branch 'lists'