users/heiko/exim.git
3 years agoAUTH: avoid logging creds on ACL denial
Jeremy Harris [Mon, 25 Jan 2021 14:55:06 +0000 (14:55 +0000)]
AUTH: avoid logging creds on ACL denial

3 years agoTFO: cleanup the TCP pure ack of SMTP banner
Jeremy Harris [Sat, 23 Jan 2021 23:15:58 +0000 (23:15 +0000)]
TFO: cleanup the TCP pure ack of SMTP banner

3 years agoMove QUICKACK disable as early as possible in server handling
Jeremy Harris [Sat, 23 Jan 2021 21:28:28 +0000 (21:28 +0000)]
Move QUICKACK disable as early as possible in server handling

3 years agoFix getting non-TLS QUIT in FIN segment
Jeremy Harris [Fri, 22 Jan 2021 19:58:54 +0000 (19:58 +0000)]
Fix getting non-TLS QUIT in FIN segment

Linux was behaving oddly with the TCP_CORK method, and using MSG_MORE
is one fewer syscall.

3 years agoTLS: on Linux when sockopt TCP_FASTOPEN_CONNECT is available, use TFO for TLS-on...
Jeremy Harris [Thu, 21 Jan 2021 22:02:18 +0000 (22:02 +0000)]
TLS: on Linux when sockopt TCP_FASTOPEN_CONNECT is available, use TFO for TLS-on-connect client connections

3 years ago Avoid bare TCP ACKs during TLS-on-connect startup.
Jeremy Harris [Thu, 21 Jan 2021 17:34:55 +0000 (17:34 +0000)]
Avoid bare TCP ACKs during TLS-on-connect startup.

    We can't get the QUICKACK turned off on the accepted socket fast enough to
    stop the ACK for the ClientHello - but we get the rest, under OpenSSL.

3 years agoTestsuite: TLS server testcase consolidation
Jeremy Harris [Thu, 21 Jan 2021 13:06:31 +0000 (13:06 +0000)]
Testsuite: TLS server testcase consolidation

3 years agoTestsuite: shuffling
Jeremy Harris [Thu, 21 Jan 2021 12:23:41 +0000 (12:23 +0000)]
Testsuite: shuffling

3 years agoTestsuite: TLS client testcase consolidation
Jeremy Harris [Wed, 20 Jan 2021 20:44:21 +0000 (20:44 +0000)]
Testsuite: TLS client testcase consolidation

3 years agoTestsuite: case for TLS client tls-on-connect
Jeremy Harris [Tue, 19 Jan 2021 22:12:16 +0000 (22:12 +0000)]
Testsuite: case for TLS client tls-on-connect

3 years agomalware: use sendfile for ClamAV TCP
Jeremy Harris [Sun, 17 Jan 2021 20:42:10 +0000 (20:42 +0000)]
malware: use sendfile for ClamAV TCP

3 years agoTestsuite: testcase for ClamAV over TCP
Jeremy Harris [Sun, 17 Jan 2021 19:59:51 +0000 (19:59 +0000)]
Testsuite: testcase for ClamAV over TCP

3 years agomalware: fix ClamAV file send corking
Jeremy Harris [Sat, 16 Jan 2021 21:00:34 +0000 (21:00 +0000)]
malware: fix ClamAV file send corking

3 years agodocs infrastructure notes
Jeremy Harris [Sat, 16 Jan 2021 12:59:19 +0000 (12:59 +0000)]
docs infrastructure notes

3 years agoDocs: indexing
Jeremy Harris [Sat, 16 Jan 2021 11:46:56 +0000 (11:46 +0000)]
Docs: indexing

3 years agoHints DB: harden against corrupt files by ignoring unexpected size records
Jeremy Harris [Mon, 11 Jan 2021 19:48:12 +0000 (19:48 +0000)]
Hints DB: harden against corrupt files by ignoring unexpected size records

3 years agoAuths: in plaintext authenticator, fix parsing of consecutive circuflex. Bug 2687
Jeremy Harris [Tue, 12 Jan 2021 15:36:09 +0000 (15:36 +0000)]
Auths: in plaintext authenticator, fix parsing of consecutive circuflex.  Bug 2687

3 years agoDocs: change note
Jeremy Harris [Tue, 12 Jan 2021 15:33:54 +0000 (15:33 +0000)]
Docs: change note

3 years agochannel binding notes
Jeremy Harris [Sun, 10 Jan 2021 20:10:21 +0000 (20:10 +0000)]
channel binding notes

3 years agoUtilities: harden exim_tidydb against corrupt wait-records. Bug 2343
Jeremy Harris [Sat, 9 Jan 2021 13:08:35 +0000 (13:08 +0000)]
Utilities: harden exim_tidydb against corrupt wait-records.  Bug 2343

3 years agoBSD: avoid delay on continued-connection
Jeremy Harris [Mon, 4 Jan 2021 17:59:23 +0000 (17:59 +0000)]
BSD: avoid delay on continued-connection

Broken-by: 6454662ecb
3 years agoAuthenticators: feature handling for upcoming GSASL version
Jeremy Harris [Fri, 1 Jan 2021 17:31:04 +0000 (17:31 +0000)]
Authenticators: feature handling for upcoming GSASL version

3 years agoFreeBSD: packet coalescing
Jeremy Harris [Fri, 1 Jan 2021 14:43:04 +0000 (14:43 +0000)]
FreeBSD: packet coalescing

3 years agomalware: avoid partial packets, sending to ClamAV
Jeremy Harris [Fri, 1 Jan 2021 14:31:14 +0000 (14:31 +0000)]
malware: avoid partial packets, sending to ClamAV

3 years agoFreeBSD: harden against ClamAV connection errors
Jeremy Harris [Fri, 1 Jan 2021 13:25:29 +0000 (13:25 +0000)]
FreeBSD: harden against ClamAV connection errors

3 years agoAvoid needless socket close
Jeremy Harris [Fri, 1 Jan 2021 12:09:37 +0000 (12:09 +0000)]
Avoid needless socket close

3 years agomalware: avoid slurping entire spoolfile for sending to ClamAV
Jeremy Harris [Thu, 31 Dec 2020 22:18:30 +0000 (22:18 +0000)]
malware: avoid slurping entire spoolfile for sending to ClamAV

3 years agoTFO: better observability (slightly) on FreeBSD
Jeremy Harris [Thu, 31 Dec 2020 21:52:02 +0000 (21:52 +0000)]
TFO: better observability (slightly) on FreeBSD

3 years agotypo
Jeremy Harris [Mon, 28 Dec 2020 20:20:44 +0000 (20:20 +0000)]
typo

3 years agoLogging: make placement of continued-delivery asterisk consistent
Jeremy Harris [Mon, 28 Dec 2020 18:31:24 +0000 (18:31 +0000)]
Logging: make placement of continued-delivery asterisk consistent

3 years agoGSASL: More recent versions of the library no longer need a hack for channel-binding
Jeremy Harris [Sun, 27 Dec 2020 20:51:42 +0000 (20:51 +0000)]
GSASL: More recent versions of the library no longer need a hack for channel-binding

3 years agoFix build on GNU/Hurd [supports openat()]. Bug 2608
Jeremy Harris [Sat, 26 Dec 2020 18:55:29 +0000 (18:55 +0000)]
Fix build on GNU/Hurd [supports openat()].  Bug 2608

3 years agoFix build warning on 32-bit int platfowms. Bug 2678
Jeremy Harris [Sat, 26 Dec 2020 18:18:33 +0000 (18:18 +0000)]
Fix build warning on 32-bit int platfowms.  Bug 2678

3 years agoExpansions: Reduce memory use of ${listcount }
Jeremy Harris [Thu, 24 Dec 2020 21:05:40 +0000 (21:05 +0000)]
Expansions: Reduce memory use of ${listcount }

3 years agoReplace internal string-expansion call with a direct recursion
Jeremy Harris [Thu, 24 Dec 2020 21:04:34 +0000 (21:04 +0000)]
Replace internal string-expansion call with a direct recursion

3 years agoConvert more cases of list-walking to use self-assigned memory for the list-item
Jeremy Harris [Thu, 24 Dec 2020 20:59:29 +0000 (20:59 +0000)]
Convert more cases of list-walking to use self-assigned memory for the list-item

3 years agoFix ${listextract } from a tainted list
Jeremy Harris [Wed, 23 Dec 2020 22:35:04 +0000 (22:35 +0000)]
Fix ${listextract } from a tainted list

3 years agoFix local delivery delay when combined with remote callout/hold. Bug 2599
Jeremy Harris [Sun, 20 Dec 2020 15:49:39 +0000 (15:49 +0000)]
Fix local delivery delay when combined with remote callout/hold.  Bug 2599

3 years agoFix the PIPE_CONNECT feature control in the template Makefile, the
Jeremy Harris [Thu, 17 Dec 2020 09:59:23 +0000 (09:59 +0000)]
Fix the PIPE_CONNECT feature control in the template Makefile, the
default having changed to "included" for 4.93

Broken-by: 81344b40e3
3 years agoRemove the X_ prefix from the PIPE_CONNECT SMTP service extension keyword.
Jeremy Harris [Thu, 17 Dec 2020 09:39:59 +0000 (09:39 +0000)]
Remove the X_ prefix from the PIPE_CONNECT SMTP service extension keyword.

3 years agoFix matching of long addresses. Bug 2677
Jeremy Harris [Wed, 16 Dec 2020 19:07:51 +0000 (19:07 +0000)]
Fix matching of long addresses.  Bug 2677

3 years agoDocs: add info on router variable evaluation order
Jeremy Harris [Wed, 2 Dec 2020 10:14:23 +0000 (10:14 +0000)]
Docs: add info on router variable evaluation order

3 years agoARC: harden parsing of signing spec. Bug 2639
Jeremy Harris [Tue, 24 Nov 2020 22:11:09 +0000 (22:11 +0000)]
ARC: harden parsing of signing spec.  Bug 2639

3 years agoDocs: wording fixes.
u34 [Tue, 24 Nov 2020 21:53:48 +0000 (21:53 +0000)]
Docs: wording fixes.

3 years agoDocs: list $spam_ variables in expansions chapter
Jeremy Harris [Mon, 23 Nov 2020 12:17:14 +0000 (12:17 +0000)]
Docs: list $spam_ variables in expansions chapter

3 years agoLogging: add I= element to transport-defer lines. Bug 2675
Jeremy Harris [Thu, 19 Nov 2020 19:05:54 +0000 (19:05 +0000)]
Logging: add I= element to transport-defer lines.  Bug 2675

4 years agoMore taint notes
Jeremy Harris [Thu, 12 Nov 2020 22:16:50 +0000 (22:16 +0000)]
More taint notes

4 years agoDocs: clarify client-side auth options for smtp transport
Jeremy Harris [Tue, 10 Nov 2020 22:33:40 +0000 (22:33 +0000)]
Docs: clarify client-side auth options for smtp transport

4 years agoMore taint discussion in docs
Jeremy Harris [Tue, 10 Nov 2020 21:10:56 +0000 (21:10 +0000)]
More taint discussion in docs

4 years agotidying
Jeremy Harris [Wed, 28 Oct 2020 19:52:12 +0000 (19:52 +0000)]
tidying

4 years agoTestsuite: ignore cert-rotation debug output
Jeremy Harris [Tue, 3 Nov 2020 13:15:15 +0000 (13:15 +0000)]
Testsuite: ignore cert-rotation debug output

4 years agoFix spurious logging of select error
Jeremy Harris [Tue, 3 Nov 2020 13:14:11 +0000 (13:14 +0000)]
Fix spurious logging of select error

4 years agotypo
Jeremy Harris [Mon, 2 Nov 2020 22:34:54 +0000 (22:34 +0000)]
typo

4 years agokevent: handle OpenBSD API anomaly, redux
Jeremy Harris [Mon, 2 Nov 2020 22:31:34 +0000 (22:31 +0000)]
kevent: handle OpenBSD API anomaly, redux

4 years agoPass authenticator pubname through spool. Bug 2648
Jeremy Harris [Sat, 31 Oct 2020 23:58:11 +0000 (23:58 +0000)]
Pass authenticator pubname through spool.  Bug 2648

4 years agoLDAP: fix taint-check in server list walk. Bug 2646
Jeremy Harris [Fri, 30 Oct 2020 12:46:05 +0000 (12:46 +0000)]
LDAP: fix taint-check in server list walk.  Bug 2646

4 years agoFix build on platforms lacking TIOCOUTQ ioctl
Jeremy Harris [Fri, 30 Oct 2020 12:43:39 +0000 (12:43 +0000)]
Fix build on platforms lacking TIOCOUTQ ioctl

4 years agoFix build on platforms lacking TIOCOUTQ ioctl
Jeremy Harris [Thu, 29 Oct 2020 21:37:42 +0000 (21:37 +0000)]
Fix build on platforms lacking TIOCOUTQ ioctl

4 years agoDebug: show stalled send-data count on message-errors
Jeremy Harris [Thu, 29 Oct 2020 20:09:25 +0000 (20:09 +0000)]
Debug: show stalled send-data count on message-errors

4 years agoDocs: index smtp transport timeouts
Jeremy Harris [Wed, 28 Oct 2020 18:36:34 +0000 (18:36 +0000)]
Docs: index smtp transport timeouts

4 years agoAvoid manually-counted long strings
Jeremy Harris [Wed, 28 Oct 2020 00:43:53 +0000 (00:43 +0000)]
Avoid manually-counted long strings

4 years agoDocs: another detaint mention
Jeremy Harris [Mon, 26 Oct 2020 17:55:53 +0000 (17:55 +0000)]
Docs: another detaint mention

4 years agoRevert "Testsuite: allow 1s timing slop in dumpdb output"
Jeremy Harris [Tue, 13 Oct 2020 19:06:08 +0000 (20:06 +0100)]
Revert "Testsuite: allow 1s timing slop in dumpdb output"

This reverts commit 625cd9501315e1010ecbf8718c88c8b79ce09e94.

4 years agoTestsuite: munge & delay for early selfsign generate
Jeremy Harris [Tue, 13 Oct 2020 18:59:43 +0000 (19:59 +0100)]
Testsuite: munge & delay for early selfsign generate

Broken-by: 48e9099006
4 years ago TLS: pre-generate and load server selfsigned cert, when one is to be used
Jeremy Harris [Tue, 13 Oct 2020 16:12:33 +0000 (17:12 +0100)]
TLS: pre-generate and load server selfsigned cert, when one is to be used

4 years agoTestsuite: case-number shuffling
Jeremy Harris [Sun, 11 Oct 2020 11:42:20 +0000 (12:42 +0100)]
Testsuite: case-number shuffling

4 years agoTestsuite: more time for loaded test platforms
Jeremy Harris [Sun, 11 Oct 2020 09:50:35 +0000 (10:50 +0100)]
Testsuite: more time for loaded test platforms

4 years agoDocs: Mention issues with TLS client cert and Exim <= 4.85
Heiko Schlittermann (HS12-RIPE) [Sat, 10 Oct 2020 16:56:50 +0000 (18:56 +0200)]
Docs: Mention issues with TLS client cert and Exim <= 4.85

cb1d783072c488a4a558607b2ee122efba95aa4b
8c40856083f3a2e89350ab3aacfb95256fbadd9d

> Author: Jeremy Harris <jgh146exb@wizmail.org>
> Date:   Sun Nov 23 16:10:30 2014 +0000
>
>    Support use of system default CA bundle

4 years agoTestsuite & OpenSSL debug: regularise debug output, and fix test munging
Jeremy Harris [Sat, 10 Oct 2020 17:18:01 +0000 (18:18 +0100)]
Testsuite & OpenSSL debug: regularise debug output, and fix test munging

4 years agokevent: handle OpenBSD API anomaly
Jeremy Harris [Sat, 10 Oct 2020 15:06:02 +0000 (16:06 +0100)]
kevent: handle OpenBSD API anomaly

4 years agokevent: fix directory check
Jeremy Harris [Sat, 10 Oct 2020 14:04:53 +0000 (15:04 +0100)]
kevent: fix directory check

4 years agoOpenBSD, NetBSD: TLS preload
Jeremy Harris [Sat, 10 Oct 2020 09:25:40 +0000 (10:25 +0100)]
OpenBSD, NetBSD: TLS preload

NetBSD is not actually really supported by the project, but a user
did pop up this year asking for a build

4 years agoMore debug for fail cases in kevent set-watch
Jeremy Harris [Sat, 10 Oct 2020 09:02:53 +0000 (10:02 +0100)]
More debug for fail cases in kevent set-watch

4 years agoUnbreak no-TLS build
Jeremy Harris [Fri, 9 Oct 2020 22:01:14 +0000 (23:01 +0100)]
Unbreak no-TLS build

Broken-by: dc4ab0a186
4 years agoFreeBSD: TLS: preload configuration items
Jeremy Harris [Thu, 8 Oct 2020 12:30:41 +0000 (13:30 +0100)]
FreeBSD: TLS: preload configuration items

4 years agoTestsuite: allow 1s timing slop in dumpdb output
Jeremy Harris [Thu, 8 Oct 2020 09:24:59 +0000 (10:24 +0100)]
Testsuite: allow 1s timing slop in dumpdb output

4 years agoUnbreak non-ipv6 build
Jeremy Harris [Mon, 5 Oct 2020 16:52:04 +0000 (17:52 +0100)]
Unbreak non-ipv6 build

Broken-by: 261fc93208
4 years agoGnuTLS: when library too old for system CA bundle support, do not default options...
Jeremy Harris [Sun, 4 Oct 2020 22:08:45 +0000 (23:08 +0100)]
GnuTLS: when library too old for system CA bundle support, do not default options to using it

4 years agoDebug output: regularise host lookup tracing
Jeremy Harris [Mon, 5 Oct 2020 14:28:10 +0000 (15:28 +0100)]
Debug output: regularise host lookup tracing

4 years agoAdd proxy_protocol_timeout main config option.
Heiko Schlittermann (HS12-RIPE) [Sun, 4 Oct 2020 10:22:01 +0000 (12:22 +0200)]
Add proxy_protocol_timeout main config option.

4 years agoTestsuite: Allow input lines starting with ":<cmd>:", like ":sleep:".
Heiko Schlittermann (HS12-RIPE) [Mon, 5 Oct 2020 06:59:25 +0000 (08:59 +0200)]
Testsuite: Allow input lines starting with ":<cmd>:", like ":sleep:".

This somehow mimics the behaviour of the client tool, but works for
*any* input line that is sent to the application. This reverts the
unfortunate take abusing the client's special notation '>>> '.

Currently implemented:

        - :eval:
        - :neol:
        - :sleep:

4 years agoTestsuite: README: improve searchability of ">>> ", "??? ", …
Heiko Schlittermann (HS12-RIPE) [Mon, 5 Oct 2020 06:59:16 +0000 (08:59 +0200)]
Testsuite: README: improve searchability of ">>> ", "??? ", …

4 years agoTestsuite: missing stdout file
Jeremy Harris [Sun, 4 Oct 2020 16:16:37 +0000 (17:16 +0100)]
Testsuite: missing stdout file
Testsuite: library version variances

Broken-by: 6a9cf7f890
4 years agoUnbreak build on non-inotify platforms
Jeremy Harris [Sun, 4 Oct 2020 14:34:29 +0000 (15:34 +0100)]
Unbreak build on non-inotify platforms

Broken-by: 6a9cf7f890
4 years agoFix build on earlier library version
Jeremy Harris [Sun, 4 Oct 2020 13:15:09 +0000 (14:15 +0100)]
Fix build on earlier library version

Broken-by: 6a9cf7f890
4 years agoTestsuite: missing log file
Jeremy Harris [Sun, 4 Oct 2020 11:48:33 +0000 (12:48 +0100)]
Testsuite: missing log file

Broken-by: 6a9cf7f890
4 years agoFix non-OCSP build
Jeremy Harris [Sun, 4 Oct 2020 11:37:12 +0000 (12:37 +0100)]
Fix non-OCSP build

Broken-by: 6a9cf7f890
4 years agoTestsuite: TLS system CA dirs vary across platforms
Jeremy Harris [Sun, 4 Oct 2020 11:00:00 +0000 (12:00 +0100)]
Testsuite: TLS system CA dirs vary across platforms

Broken-by: 6a9cf7f890
4 years agoGnuTLS: fix build on earlier library version.
Jeremy Harris [Sun, 4 Oct 2020 10:43:04 +0000 (11:43 +0100)]
GnuTLS: fix build on earlier library version.

Broken-by: 6a9cf7f890
4 years agoMerge branch 'hs/fix-proxy-bh' (Closes 2656) master
Heiko Schlittermann (HS12-RIPE) [Sun, 4 Oct 2020 10:33:18 +0000 (12:33 +0200)]
Merge branch 'hs/fix-proxy-bh' (Closes 2656)

4 years agoTestsuite: Add test for proxy and -bh (Bug 2656)
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 16:58:11 +0000 (18:58 +0200)]
Testsuite: Add test for proxy and -bh (Bug 2656)

4 years agoUse ALARM() to set deadline on reading the proxy header (Bug 2656)
Heiko Schlittermann (HS12-RIPE) [Fri, 2 Oct 2020 06:19:12 +0000 (08:19 +0200)]
Use ALARM() to set deadline on reading the proxy header (Bug 2656)

4 years agoReplace recv() by read() (Bug 2656)
Heiko Schlittermann (HS12-RIPE) [Fri, 2 Oct 2020 06:17:39 +0000 (08:17 +0200)]
Replace recv() by read() (Bug 2656)

4 years agoTestsuite: Provide '>>> ' for script input to allow binary data (take 2)
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 17:43:48 +0000 (19:43 +0200)]
Testsuite: Provide '>>> ' for script input to allow binary data (take 2)

This mimics the '>>> ' prefix known for the test client. Any line prefixed
with '>>> ' will be processed by Perl's string eval().

As '>>> ' is generic and documented, it replaces the (undocumented)
'\NONL\' tag.

The client input lines starting with '>>> ' are now changed to '\>>> '
to avoid evaluation by the runtest script. (Test 4030, 1101).

4 years agoTestsuite: add .editorconfig to keep the trailing spaces
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 21:32:56 +0000 (23:32 +0200)]
Testsuite: add .editorconfig to keep the trailing spaces

4 years agoTLS: preload configuration items
Jeremy Harris [Sat, 3 Oct 2020 19:59:15 +0000 (20:59 +0100)]
TLS: preload configuration items

4 years agotidying
Jeremy Harris [Mon, 7 Sep 2020 18:56:49 +0000 (19:56 +0100)]
tidying

4 years agoTestsuite: Use 127.x.x.x for PROXY v2
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 13:24:31 +0000 (15:24 +0200)]
Testsuite: Use 127.x.x.x for PROXY v2

This avoids depencies on DNS timeouts on the host running the testsuite.

4 years agoRevert "Testsuite: Provide '>>> ' for script input to allow binary data"
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 18:00:21 +0000 (20:00 +0200)]
Revert "Testsuite: Provide '>>> ' for script input to allow binary data"

This reverts commit f7ec095232186edba2b7137594bfdd7d7b7f9504.

4 years agoTestsuite: Provide '>>> ' for script input to allow binary data
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 17:43:48 +0000 (19:43 +0200)]
Testsuite: Provide '>>> ' for script input to allow binary data

This mimics the '>>> ' prefix for the test client. Any line prefixed
with '>>> ' will be processed by Perl's string eval().

As '>>> ' is generic and documented, it replaces the
(undocumented) '\NONL\' tag.