From 77cc1ad3058e4ef7ae82adb914ccff0be9fe2c8b Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Sat, 3 Apr 2021 09:29:13 +0200 Subject: [PATCH] update doc --- doc/doc-docbook/spec.xfpt | 45 ++++++++++++++++++++++++++++++++++++++- doc/doc-txt/NewStuff | 45 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+), 1 deletion(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index cf4953786..cbb7045a3 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -228,6 +228,14 @@ failure report bounce message + + de-tainting + tainting, de-tainting + + + detainting + tainting, de-tainting + dialup intermittently connected hosts @@ -9474,7 +9482,22 @@ reasons, .cindex "tainted data" expansion .cindex expansion "tainted data" and expansion of data deriving from the sender (&"tainted data"&) -is not permitted. +.new +is not permitted (including acessing a file using a tainted name). +The main config option &%allow_insecure_tainted_data%& can be used as +mitigation during uprades to more secure configurations. +.wen + +.new +Common ways of obtaining untainted equivalents of variables with +tainted values +.cindex "tainted data" "de-tainting" +come down to using the tainted value as a lookup key in a trusted database. +This database could be the filesystem structure, +or the password file, +or accessed via a DBMS. +Specific methods are indexed under &"de-tainting"&. +.wen @@ -14410,6 +14433,8 @@ listed in more than one group. .section "Miscellaneous" "SECID96" .table2 +.row &%add_environment%& "environment variables" +.row &%allow_insecure_tainted_data%& "turn taint errors into warnings" .row &%bi_command%& "to run for &%-bi%& command line option" .row &%debug_store%& "do extra internal checks" .row &%disable_ipv6%& "do no IPv6 processing" @@ -15017,6 +15042,18 @@ domains (defined in the named domain list &%local_domains%& in the default configuration). This &"magic string"& matches the domain literal form of all the local host's IP addresses. +.new +.option allow_insecure_tainted_data main boolean false +.cindex "de-tainting" +.oindex "allow_insecure_tainted_data" +The handling of tainted data may break older (pre 4.94) configurations. +Setting this option to "true" turns taint errors (which result in a temporary +message rejection) into warnings. This option is meant as mitigation only +and deprecated already today. Future releases of Exim may ignore it. +The &%taint%& log selector can be used to suppress even the warnings. +.wen + + .option allow_mx_to_ip main boolean false .cindex "MX record" "pointing to IP address" @@ -38159,6 +38196,7 @@ selection marked by asterisks: &` smtp_protocol_error `& SMTP protocol errors &` smtp_syntax_error `& SMTP syntax errors &` subject `& contents of &'Subject:'& on <= lines +&`*taint `& taint errors or warnings &`*tls_certificate_verified `& certificate verification status &`*tls_cipher `& TLS cipher suite on <= and => lines &` tls_peerdn `& TLS peer DN on <= and => lines @@ -38552,6 +38590,11 @@ using a CA trust anchor, &`CA=dane`& if using a DNS trust anchor, and &`CV=no`& if not. .next +.cindex "log" "Taint warnings" +&%taint%&: Log warnings about tainted data. This selector can't be +turned of if &%allow_insecure_tainted_data%& is false (which is the +default). +.next .cindex "log" "TLS cipher" .cindex "TLS" "logging cipher" &%tls_cipher%&: When a message is sent or received over an encrypted diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 16dec8808..ba697c2fa 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -6,6 +6,51 @@ Before a formal release, there may be quite a lot of detail so that people can test from the snapshots or the Git before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.95 +------------ + + 1. The fast-ramp two phase queue run support, previously experimental, is + now supported by default. + + 2. The native SRS support, previously experimental, is now supported. It is + not built unless specified in the Local/Makefile. + + 3. TLS resumption support, previously experimental, is now supported and + included in default builds. + + 4. Single-key LMDB lookups, previously experimental, are now supported. + The support is not built unless specified in the Local/Makefile. + + 5. Option "message_linelength_limit" on the smtp transport to enforce (by + default) the RFC 998 character limit. + + 6. An option to ignore the cache on a lookup. + + 7. Quota checking during reception (i.e. at SMTP time) for appendfile- + transport-managed quotas. + + 8. Sqlite lookups accept a "file=" option to specify a per-operation + db file, replacing the previous prefix to the SQL string (which had + issues when the SQL used tainted values). + + 9. Lsearch lookups accept a "ret=full" option, to return both the portion + of the line matching the key, and the remainder. + +10. A command-line option to have a daemon not create a notifier socket. + +11. Faster TLS startup. When various configuration options contain no + expandable elements, the information can be preloaded and cached rather + than the provious behaviour of always loading at startup time for every + connection. This helps particularly for the CA bundle. + +12. Proxy Protocol Timeout is configurable via "proxy_protocol_timeout" + main config option. + +13. Option "smtp_accept_msx_per_connection" is now expanded. + +13. A main config option "allow_insecure_tainted_data" allows to turn + taint errors into warnings. + Version 4.94 ------------ -- 2.30.2