users/heiko/exim.git
9 years agoAdd ref from logging chapter to slow_lookup_log main config option
Jeremy Harris [Sun, 26 Jul 2015 17:21:33 +0000 (18:21 +0100)]
Add ref from logging chapter to slow_lookup_log main config option

9 years agoCompiler quietening
Jeremy Harris [Sun, 28 Jun 2015 14:14:02 +0000 (15:14 +0100)]
Compiler quietening

9 years agoDocs: add detail on keys for lookups
Jeremy Harris [Sat, 25 Jul 2015 12:50:43 +0000 (13:50 +0100)]
Docs: add detail on keys for lookups

9 years agoClean docs for next release
Jeremy Harris [Sun, 26 Jul 2015 15:54:16 +0000 (16:54 +0100)]
Clean docs for next release

9 years agoDoc: parallel builds (make -j) work exim-4_86
Heiko Schlittermann (HS12-RIPE) [Thu, 23 Jul 2015 21:20:37 +0000 (23:20 +0200)]
Doc: parallel builds (make -j) work

9 years agoDocs: emphasize that the smtp_connection log selector applies to inbound exim-4_86_RC5
Jeremy Harris [Thu, 16 Jul 2015 15:25:53 +0000 (16:25 +0100)]
Docs: emphasize that the smtp_connection log selector applies to inbound

9 years agoAdd check on tls_auth pseudo-command. Bug 1659
Jeremy Harris [Wed, 15 Jul 2015 22:45:39 +0000 (23:45 +0100)]
Add check on tls_auth pseudo-command.  Bug 1659

9 years agoCompile with DISABLE_PRDR set
Phil Pennock [Sun, 12 Jul 2015 23:28:30 +0000 (23:28 +0000)]
Compile with DISABLE_PRDR set

9 years agoMultiple typo fixes.
Andreas Metzler [Sat, 4 Jul 2015 16:07:21 +0000 (18:07 +0200)]
Multiple typo fixes.

9 years agoBump LOCAL_SCAN_ABI_VERSION.
Andreas Metzler [Thu, 2 Jul 2015 06:48:58 +0000 (08:48 +0200)]
Bump LOCAL_SCAN_ABI_VERSION.

In 4.86 the size of struct recipient_item changed when EXPERIMENTAL_DSN
was made default. This broke the local scan ABI (rebuild required).
See <http://bugs.debian.org/790616>.

9 years agoChange note exim-4_86_RC4
Jeremy Harris [Sat, 27 Jun 2015 15:01:28 +0000 (16:01 +0100)]
Change note

9 years agoDocs: add note on string lists
Jeremy Harris [Thu, 25 Jun 2015 16:17:30 +0000 (17:17 +0100)]
Docs: add note on string lists

9 years agoFix error message for router headers_remove expansion failure
Jeremy Harris [Sun, 21 Jun 2015 13:36:01 +0000 (14:36 +0100)]
Fix error message for router headers_remove expansion failure
Associated with Bug 1533

9 years agoDoc: Fix typo
Heiko Schlittermann (HS12-RIPE) [Mon, 22 Jun 2015 21:10:13 +0000 (23:10 +0200)]
Doc: Fix typo

9 years agoDoc: Update dns_trust_aa documentation
Heiko Schlittermann (HS12) [Mon, 22 Jun 2015 20:02:30 +0000 (22:02 +0200)]
Doc: Update dns_trust_aa documentation

9 years agoDocs: mark up with changebars
Jeremy Harris [Mon, 22 Jun 2015 13:17:07 +0000 (14:17 +0100)]
Docs: mark up with changebars

9 years agoFix support of $spam_ variables at delivery time. Bug 1647
Jeremy Harris [Mon, 22 Jun 2015 12:21:04 +0000 (13:21 +0100)]
Fix support of $spam_ variables at delivery time.  Bug 1647

This change is forced on us by the documentation claiming clearly
the support is there, though the code does not and never has.
The doc change that introduced the claim is 7d9f747b5ef8

9 years agoTestsuite: fix operator precedence in dns_extract_auth_name()
Jeremy Harris [Mon, 22 Jun 2015 12:55:12 +0000 (14:55 +0200)]
Testsuite: fix operator precedence in dns_extract_auth_name()

9 years agoTestsuite: Add a first test for dns_trust_aa
Heiko Schlittermann (HS12) [Mon, 22 Jun 2015 09:44:36 +0000 (11:44 +0200)]
Testsuite: Add a first test for dns_trust_aa

9 years agoTestsuite: fakens may return AUTHORITY records
Heiko Schlittermann (HS12) [Mon, 22 Jun 2015 07:57:02 +0000 (09:57 +0200)]
Testsuite: fakens may return AUTHORITY records

If an entry in db.<zone> is prefixed with "AA ", fakens
will put a valid NS record into the AUTHORITY section of the
returned packet. This will be used by dns_trust_aa checks.

9 years agoBefore importing a certificate, free any previous one. Bug 1648
Jeremy Harris [Mon, 22 Jun 2015 09:32:01 +0000 (10:32 +0100)]
Before importing a certificate, free any previous one.  Bug 1648
Second try

9 years agoExtract NS/SOA in dns_extract_auth_name() more precisly.
Heiko Schlittermann (HS12) [Sun, 21 Jun 2015 15:06:37 +0000 (17:06 +0200)]
Extract NS/SOA in dns_extract_auth_name() more precisly.

9 years agoFix and extend the checks in dns_is_secure()
Heiko Schlittermann (HS12) [Sun, 21 Jun 2015 15:03:50 +0000 (17:03 +0200)]
Fix and extend the checks in dns_is_secure()

9 years agoChange note
Jeremy Harris [Sun, 21 Jun 2015 18:07:47 +0000 (19:07 +0100)]
Change note

9 years agoBefore importing a certificate, free any previous one. Bug 1648
Jeremy Harris [Sun, 21 Jun 2015 17:17:09 +0000 (18:17 +0100)]
Before importing a certificate, free any previous one.  Bug 1648

Because the SSL libraries do not use Exim's heap management
this was a memory-leak in "exim -bp".

9 years agoDocs: add warning on list-sep in headerss_remove
Jeremy Harris [Sun, 21 Jun 2015 13:26:16 +0000 (14:26 +0100)]
Docs: add warning on list-sep in headerss_remove

9 years agoDocs typo exim-4_86_RC3
Jeremy Harris [Sat, 20 Jun 2015 16:46:42 +0000 (17:46 +0100)]
Docs typo

9 years agoFix build script. Bug 1646
Gedalya [Sat, 20 Jun 2015 13:33:14 +0000 (14:33 +0100)]
Fix build script.  Bug 1646

9 years agoAdd docs and massage coding standards for dns_trust_aa
Jeremy Harris [Sat, 20 Jun 2015 14:20:54 +0000 (15:20 +0100)]
Add docs and massage coding standards for dns_trust_aa

9 years agoAdd dns_trust_aa
Heiko Schlittermann (HS12) [Fri, 19 Jun 2015 22:45:00 +0000 (00:45 +0200)]
Add dns_trust_aa

This new global option allows to trust the AA bit for
specific domains the same way we'd trust the AD bit.

9 years agoDocs: clarify notes on .ifdef Bug 1155
Jeremy Harris [Tue, 16 Jun 2015 18:56:28 +0000 (19:56 +0100)]
Docs: clarify notes on .ifdef   Bug 1155

9 years agoDocs: clarify notes on Events
Jeremy Harris [Mon, 15 Jun 2015 16:43:43 +0000 (17:43 +0100)]
Docs: clarify notes on Events

9 years agoDSN: fix null deref when bounce is due to conn-timeout. Bug 1630
Wolfgang Breyha [Mon, 15 Jun 2015 13:52:36 +0000 (14:52 +0100)]
DSN: fix null deref when bounce is due to conn-timeout.  Bug 1630

9 years agoClarify that preceding 10ca4f was provided by Wolfgang Breyha
Wolfgang Breyha [Mon, 15 Jun 2015 14:43:43 +0000 (15:43 +0100)]
Clarify that preceding 10ca4f was provided by Wolfgang Breyha

Massaged by JH

9 years agoAdd tls_eccurve main config option. Bug 1397
Jeremy Harris [Tue, 26 May 2015 15:36:08 +0000 (16:36 +0100)]
Add tls_eccurve  main config option.  Bug 1397

Patch from Suse, massaged by JH

9 years agominor tidying
Jeremy Harris [Fri, 12 Jun 2015 16:19:09 +0000 (17:19 +0100)]
minor tidying

9 years agoDoc fix: server_secret expansions should fail exim-4_86_RC2
Phil Pennock [Sat, 13 Jun 2015 01:07:05 +0000 (01:07 +0000)]
Doc fix: server_secret expansions should fail

The `cyrusless_sasl` authenticator example failed to explicitly fail if
no result was found from the lookup.  Using `server_secret`, we should
_always_ fail instead of expanding to an empty string.

Doc-fix only.

9 years agoTestsuite: additional EC encryptions seen
Jeremy Harris [Wed, 10 Jun 2015 20:33:06 +0000 (21:33 +0100)]
Testsuite: additional EC encryptions seen

9 years agoTestsuite: Increase test delays and retry rule times
Jeremy Harris [Wed, 10 Jun 2015 19:37:33 +0000 (20:37 +0100)]
Testsuite: Increase test delays and retry rule times
to allow slow hosts more reliable testing

9 years agoTestsuite: less agressive PID-hiding
Jeremy Harris [Tue, 9 Jun 2015 22:00:39 +0000 (23:00 +0100)]
Testsuite: less agressive PID-hiding

9 years agoTestsuite: quietening
Jeremy Harris [Tue, 9 Jun 2015 21:08:49 +0000 (22:08 +0100)]
Testsuite: quietening

9 years agoRevert "Show the DNSSEC status (ad=) always in -bt/-bv output"
Heiko Schlittermann (HS12) [Tue, 9 Jun 2015 20:14:26 +0000 (22:14 +0200)]
Revert "Show the DNSSEC status (ad=) always in -bt/-bv output"

This reverts commit e7a1b6ff65f1bebbc290f2a4fd7554fde00ae2f6.
It's not production grade, since the wording (ad vs. trusted)
is not final yet.

9 years agoTestsuite: avoid IPv6 to avoid "no route to host" log lines
Jeremy Harris [Tue, 9 Jun 2015 15:46:12 +0000 (16:46 +0100)]
Testsuite: avoid IPv6 to avoid "no route to host" log lines

9 years agoTighter guard for POLLRDHUP
Jeremy Harris [Tue, 9 Jun 2015 12:02:18 +0000 (13:02 +0100)]
Tighter guard for POLLRDHUP

9 years agoTruncate delay when peer closes connection. Bug 348
Jeremy Harris [Mon, 8 Jun 2015 20:48:50 +0000 (21:48 +0100)]
Truncate delay when peer closes connection.  Bug 348

This is now possible on Linux, at least.

9 years agoTestsuite: avoid IPv6 interfaces to avoid extra debug stderr lines
Jeremy Harris [Sun, 7 Jun 2015 21:07:24 +0000 (22:07 +0100)]
Testsuite: avoid IPv6 interfaces to avoid extra debug stderr lines

9 years agoContent scan: Use ETIMEDOUT not ETIME, as having better portability. Bug 1640
Andreas Metzler [Sun, 7 Jun 2015 14:16:35 +0000 (15:16 +0100)]
Content scan: Use ETIMEDOUT not ETIME, as having better portability.  Bug 1640

9 years agoPRDR: enable server-side in the default config
Jeremy Harris [Sat, 6 Jun 2015 20:59:05 +0000 (21:59 +0100)]
PRDR: enable server-side in the default config

9 years agoLogging: add log_selector items in the default config. Bug 1333
Jeremy Harris [Sat, 6 Jun 2015 20:43:29 +0000 (21:43 +0100)]
Logging: add log_selector items in the default config.  Bug 1333

9 years agoDoc: Add DKIM info in main sections. Bug 1607
Jeremy Harris [Sat, 6 Jun 2015 19:53:21 +0000 (20:53 +0100)]
Doc: Add DKIM info in main sections.  Bug 1607

9 years agoDSN: fix null deref when bounce is due to conn-timeout. Bug 1630
Wolfgang Breyha [Sat, 6 Jun 2015 19:07:04 +0000 (20:07 +0100)]
DSN: fix null deref when bounce is due to conn-timeout.  Bug 1630

9 years agoSpamd: add missing initialiser. Rspamd mode was incorrectly sometimes seen.
Jeremy Harris [Sat, 6 Jun 2015 18:35:16 +0000 (19:35 +0100)]
Spamd: add missing initialiser.  Rspamd mode was incorrectly sometimes seen.

Reported-by: Andreas Metzler
9 years agoGuard routing against a null-deref. Bug 1639
Jeremy Harris [Fri, 5 Jun 2015 14:30:33 +0000 (15:30 +0100)]
Guard routing against a null-deref.  Bug 1639

9 years agorelease tooling: unbreak website build when not verbose
Phil Pennock [Fri, 5 Jun 2015 04:44:20 +0000 (00:44 -0400)]
release tooling: unbreak website build when not verbose

9 years agorelease tooling: let make cmd be overriden exim-4_86_RC1
Phil Pennock [Fri, 5 Jun 2015 03:31:50 +0000 (23:31 -0400)]
release tooling: let make cmd be overriden

Also let tar flag actually take an argument

9 years agoCopyright year updates (things touched in 2015)
Phil Pennock [Fri, 5 Jun 2015 02:43:13 +0000 (22:43 -0400)]
Copyright year updates (things touched in 2015)

Update current year in docs and banner copyright in src/src/globals.c

Rest of changes from:

    vi $(git whatchanged --since=2015-01-01 | grep '^:100' | sed -n 's/^[^M]*M//p' | sort -u | fgrep -v test/)

Note that there are a lot of changes made because of const propagation;
I opted to include the copyright year updates in that, but we could be
doing a better job with who gets the copyright credit for these changes.

Changes visible with:

    git diff $(git rev-list -n1 --before="2015-01-01" master)

9 years agoTLS authenticator
Jeremy Harris [Thu, 4 Jun 2015 19:28:25 +0000 (20:28 +0100)]
TLS authenticator

9 years agorefactor build script
Jeremy Harris [Sun, 31 May 2015 22:04:01 +0000 (23:04 +0100)]
refactor build script

9 years agoAdjust my maintainership status to reflect reality
Phil Pennock [Fri, 29 May 2015 19:52:50 +0000 (15:52 -0400)]
Adjust my maintainership status to reflect reality

9 years agoOpenSSL: guard X509_check_host against LibreSSL
Phil Pennock [Fri, 29 May 2015 19:46:47 +0000 (15:46 -0400)]
OpenSSL: guard X509_check_host against LibreSSL

LibreSSL's fork does not have this new function; as well as adding a
`LIBRESSL_VERSION_NUMBER` value, that project bumped the OpenSSL version
number in such a way as to conflict with our existing version checks.

* Add a guard.
* Add commentary, suggesting how to avoid getting into twistier knots
  with API divergence.

Reported by Jasper Wallace, who provided a slightly different patch.

Fixes bug 1635

9 years agoTestsuite: Add $USER to env if missing
Heiko Schlittermann (HS12) [Wed, 27 May 2015 21:41:35 +0000 (23:41 +0200)]
Testsuite: Add $USER to env if missing

9 years agoExpand docs re. logs dir, and make eximon logs dir match exim's. Bug 1324
Andreas Metzler [Wed, 27 May 2015 12:05:03 +0000 (13:05 +0100)]
Expand docs re. logs dir, and make eximon logs dir match exim's.  Bug 1324

9 years agoNote MAIL commands in -bS batch, to avoid smtp_no_mail logline. Bug 1346
Jeremy Harris [Wed, 27 May 2015 11:41:08 +0000 (12:41 +0100)]
Note MAIL commands in -bS batch, to avoid smtp_no_mail logline.  Bug 1346

9 years agoFix some typos in EDITME
Heiko Schlittermann (HS12) [Tue, 26 May 2015 20:44:23 +0000 (22:44 +0200)]
Fix some typos in EDITME

9 years agoTLS: Enable ECDHE on OpenSSL, just the NIST P-256 curve. Bug 1397
Phil Pennock [Tue, 26 May 2015 09:48:46 +0000 (10:48 +0100)]
TLS: Enable ECDHE on OpenSSL, just the NIST P-256 curve.  Bug 1397

Original by Phil Pennock; tweaked by JH.

9 years agoNew ${env {NAME}} expansion. Bug 1604
Jeremy Harris [Sat, 23 May 2015 20:48:26 +0000 (21:48 +0100)]
New ${env {NAME}} expansion.  Bug 1604

9 years agoTestsuite: move test.again.dns and test.fail.dns handling to fakens
Jeremy Harris [Sat, 23 May 2015 17:07:58 +0000 (18:07 +0100)]
Testsuite: move test.again.dns and test.fail.dns handling to fakens

9 years agotidying
Jeremy Harris [Sat, 23 May 2015 16:45:48 +0000 (17:45 +0100)]
tidying

9 years agoDANE: do not fail/defer message due to TLSA lookup but dane is only requested
Jeremy Harris [Fri, 22 May 2015 17:32:04 +0000 (18:32 +0100)]
DANE: do not fail/defer message due to TLSA lookup but dane is only requested

9 years agoFix DANE for multiple-MX when all TLSA lookup defer. Bug 1634
Jeremy Harris [Thu, 21 May 2015 22:22:16 +0000 (23:22 +0100)]
Fix DANE for multiple-MX when all TLSA lookup defer.  Bug 1634

9 years agoTestsuite: Check debug message if we requested AD but got AA
Heiko Schlittermann (HS12) [Wed, 20 May 2015 21:08:21 +0000 (23:08 +0200)]
Testsuite: Check debug message if we requested AD but got AA

9 years agoTestsuite: Add support for authoritive answer to fakens
Heiko Schlittermann (HS12) [Wed, 20 May 2015 21:07:33 +0000 (23:07 +0200)]
Testsuite: Add support for authoritive answer to fakens

9 years agoAdd DNS debug aid if we requested AD but got AA
Heiko Schlittermann (HS12) [Wed, 13 May 2015 21:50:23 +0000 (23:50 +0200)]
Add DNS debug aid if we requested AD but got AA

If the resolver we ask is authoritive (AA) for some domain,
we never ever get the AD (authentic data) bit in the answer.

9 years agoAdd DNS debug aid if we requsted AD but got AA
Heiko Schlittermann (HS12) [Wed, 13 May 2015 21:50:23 +0000 (23:50 +0200)]
Add DNS debug aid if we requsted AD but got AA

If the resolver we ask is authoritive (AA) for some domain,
we never ever get the AD (authentic data) bit in the answer.

9 years agoChange HELO-verify forward case from byname to bydns and add DNSSEC tracking
Jeremy Harris [Tue, 19 May 2015 19:28:42 +0000 (20:28 +0100)]
Change HELO-verify forward case from byname to bydns and add DNSSEC tracking

9 years agoChange host_lookup re-forward from byname to bydns; checking DNSSEC
Jeremy Harris [Tue, 19 May 2015 21:32:38 +0000 (22:32 +0100)]
Change host_lookup re-forward from byname to bydns; checking DNSSEC

9 years agostruct dnssec_domains
Jeremy Harris [Sun, 17 May 2015 20:57:46 +0000 (21:57 +0100)]
struct dnssec_domains

9 years agoTestsuite: avoid tryng to run in net 10.
Jeremy Harris [Tue, 19 May 2015 16:41:35 +0000 (17:41 +0100)]
Testsuite: avoid tryng to run in net 10.

9 years agoTestsuite: Add ad= to even more outputs
Heiko Schlittermann (HS12) [Mon, 18 May 2015 21:40:27 +0000 (23:40 +0200)]
Testsuite: Add ad= to even more outputs

9 years agoShow the DNSSEC status (ad=) always in -bt/-bv output
Heiko Schlittermann (HS12) [Mon, 18 May 2015 14:32:58 +0000 (16:32 +0200)]
Show the DNSSEC status (ad=) always in -bt/-bv output

9 years agoFix truncated dns-lookup return record handling
Jeremy Harris [Mon, 18 May 2015 14:18:53 +0000 (15:18 +0100)]
Fix truncated dns-lookup return record handling

9 years agoTestsuite: move manyhome.test,ex handling from exim to fakens
Jeremy Harris [Mon, 18 May 2015 13:05:27 +0000 (14:05 +0100)]
Testsuite: move manyhome.test,ex handling from exim to fakens

9 years agoRemove word "rejected" from ACL-discard log lines. Bug 1632
Jeremy Harris [Sun, 17 May 2015 17:08:53 +0000 (18:08 +0100)]
Remove word "rejected" from ACL-discard log lines.  Bug 1632

9 years agoTestsuite: Munge the output to fit the ad=… lines
Heiko Schlittermann (HS12) [Sat, 16 May 2015 20:24:38 +0000 (22:24 +0200)]
Testsuite: Munge the output to fit the ad=… lines

9 years agotidying
Jeremy Harris [Sat, 16 May 2015 16:47:53 +0000 (17:47 +0100)]
tidying

9 years agoCallout: additional debug on cache operations
Jeremy Harris [Fri, 15 May 2015 10:01:31 +0000 (11:01 +0100)]
Callout: additional debug on cache operations

9 years agoTestsuite: reverted: Output of path to fakens
Heiko Schlittermann (HS12) [Thu, 14 May 2015 22:56:21 +0000 (00:56 +0200)]
Testsuite: reverted: Output of path to fakens

This partially reverts 5f3d09836.

9 years agoTestsuite: missing output file
Jeremy Harris [Thu, 14 May 2015 19:57:44 +0000 (20:57 +0100)]
Testsuite: missing output file

9 years agoTestsuite: Check dnssec_{request,require}_domains for dnslookup check-ad
Heiko Schlittermann (HS12) [Wed, 13 May 2015 06:59:31 +0000 (08:59 +0200)]
Testsuite: Check dnssec_{request,require}_domains for dnslookup

9 years agoTestsuite: locate fakens relative to the config_main_directory
Heiko Schlittermann (HS12) [Tue, 12 May 2015 20:01:08 +0000 (22:01 +0200)]
Testsuite: locate fakens relative to the config_main_directory

This makes the test configs more intuitive, because the
spool_directory=SPOOL/spool does not need to be there anymore,
except we really need a spool directory.

9 years agoOutput dnssec status in -bt/-bv mode
Heiko Schlittermann (HS12) [Mon, 11 May 2015 20:15:32 +0000 (22:15 +0200)]
Output dnssec status in -bt/-bv mode

Currently this feature is enabled only if running_in_test_harness,
because I don't want to break anything else.

9 years agoDiagnostic debug message if fakens is not found
Heiko Schlittermann (HS12) [Mon, 11 May 2015 20:14:31 +0000 (22:14 +0200)]
Diagnostic debug message if fakens is not found

9 years agoDo not use the A lookup following an AAAA for setting the FQDN. Bug 1588
Jeremy Harris [Sun, 10 May 2015 22:13:41 +0000 (23:13 +0100)]
Do not use the A lookup following an AAAA for setting the FQDN.  Bug 1588

Normally benign, it bites when the pair was led to by a CNAME;
modern usage is to not canoicalize the domain to a cname target
(and we were inconsistent anyway for A-only vs AAAA+A).

9 years agoDocs: Fix a single letter typo
Heiko Schlittermann (HS12) [Sun, 10 May 2015 21:30:25 +0000 (23:30 +0200)]
Docs: Fix a single letter typo

9 years agoOverride DISABLE_DNSSEC when EXPERIMENTAL_DANE is in use
Heiko Schlittermann (HS12) [Sun, 10 May 2015 20:48:28 +0000 (22:48 +0200)]
Override DISABLE_DNSSEC when EXPERIMENTAL_DANE is in use

9 years agoAdd feature tag for DNSSEC
Heiko Schlittermann (HS12) [Sun, 10 May 2015 20:47:59 +0000 (22:47 +0200)]
Add feature tag for DNSSEC

9 years agoDocs: Make build unicode resistant
Heiko Schlittermann (HS12) [Sun, 10 May 2015 14:01:44 +0000 (16:01 +0200)]
Docs: Make build unicode resistant

Force LC_ALL=C for spec.txt. Add an additional build target:
spec.utf8.

9 years agoSupport SOA lookup in dnsdb lookups. Bug 286
Jeremy Harris [Sat, 9 May 2015 18:21:15 +0000 (19:21 +0100)]
Support SOA lookup in dnsdb lookups.  Bug 286

9 years agoAdd retrans/retry options to dnsdb lookup. Bug 1539
Jeremy Harris [Sat, 9 May 2015 16:05:49 +0000 (17:05 +0100)]
Add retrans/retry options to dnsdb lookup.  Bug 1539

9 years agoTestsuite: fix build on older Linuxen
Jeremy Harris [Fri, 8 May 2015 11:10:57 +0000 (12:10 +0100)]
Testsuite: fix build on older Linuxen