Jeremy Harris [Tue, 18 Oct 2016 22:35:35 +0000 (23:35 +0100)]
Avoid pure-ACK TCP segments during command phase
Heiko Schlittermann (HS12-RIPE) [Sun, 16 Oct 2016 22:14:55 +0000 (00:14 +0200)]
Testsuite: Check version of binary against current git revision
Jeremy Harris [Sun, 16 Oct 2016 18:28:01 +0000 (19:28 +0100)]
Tidying: coverity issues
Jeremy Harris [Sun, 16 Oct 2016 17:08:33 +0000 (18:08 +0100)]
Fix sender-verify callout to not use trigger-message SIZE
Broken-by: 9094b84b4cce
Jeremy Harris [Sun, 16 Oct 2016 15:34:18 +0000 (16:34 +0100)]
Tidying: coverity issues
Jeremy Harris [Sun, 16 Oct 2016 14:29:20 +0000 (15:29 +0100)]
Queuefile: avoid using buffered I/O - no point for a block-copy
and it meant (an admittedly ingnorable) Coverity whine about a FILE leak
Take the oppurtunity to constify a utility function
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 22:26:31 +0000 (00:26 +0200)]
Testsuite: revert some of the modernish Perl constructs
Solaris10 needs to be supported, they use Perl 5.8
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 21:51:43 +0000 (23:51 +0200)]
Testsuite: re-insert munge expression about size/inode
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 21:01:36 +0000 (23:01 +0200)]
Testsuite: detect "hidden" IPs
`ifconfig -a` doesn't show all addresses, it skippes addresses that
do not have a label. `ip a` show even these.
Bonus: some small cosmetical changes to get a more modern Perl
style.
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 20:48:26 +0000 (22:48 +0200)]
Testsuite: stabilize disk space/inode munging
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 20:52:23 +0000 (22:52 +0200)]
Testsuite: add tests/munges for configure owner
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 19:53:47 +0000 (21:53 +0200)]
Include 'Configure owner' in -bV output
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 13:38:21 +0000 (15:38 +0200)]
Testsuite: add clarification about the permissions of the trusted-configs file
Jeremy Harris [Sat, 1 Oct 2016 18:50:24 +0000 (19:50 +0100)]
tidying
Jeremy Harris [Sat, 15 Oct 2016 19:29:30 +0000 (20:29 +0100)]
Queuefile: refactor
Jeremy Harris [Sat, 15 Oct 2016 17:56:16 +0000 (18:56 +0100)]
Testsuite: for queuefile transport, avoid using named-queues as part of test
Also avoid using aux-var as a testing temporary area
Andrew Colin Kissa [Sat, 15 Oct 2016 17:33:31 +0000 (18:33 +0100)]
New: queuefile transport, under EXPERIMENTAL_QUEUEFILE
Jeremy Harris [Fri, 14 Oct 2016 12:57:01 +0000 (13:57 +0100)]
Testsuite: (named queues) add testcase for 3rd-party queue transfer
Jeremy Harris [Wed, 12 Oct 2016 12:40:19 +0000 (13:40 +0100)]
Docs: add warning on SNI-dependent certfile expansion needing a good default
Jeremy Harris [Mon, 10 Oct 2016 19:24:34 +0000 (20:24 +0100)]
Lazy-create builtin macros
By only filling out the internal macro representation for the builtin macros
when a config line includes an underscore followed by a letter which might be one
we should save startup effort on configs which never use a builtin.
Jeremy Harris [Mon, 10 Oct 2016 13:20:30 +0000 (14:20 +0100)]
Fix check for commandline macro definition
Without this, mailq (done by unpriv user) and daemon SIGHUP handling fail
Broken-by: c0b9d3e87264
Jeremy Harris [Sun, 9 Oct 2016 13:14:57 +0000 (14:14 +0100)]
Docs: add section on builtin macros
Phil Pennock [Sun, 29 May 2016 06:31:18 +0000 (02:31 -0400)]
DH parameters update, new values & default
* Add three new Exim-specific DH parameter constants; state provenance,
but no way for others to verify; this is a signed commit, which is
about as much as we can do for the truly paranoid: provide an audit
trail.
* Add the RFC 7919 DH primes
+ No TLS feature negotiation, per 7919, but the DH primes can be used
if folks so choose
* Fixed broken format string in util/gen_pkcs3.c
* Tried to make gen_pkcs3.c support q values.
+ Turns out, q doesn't affect the PEM and that's not a mistake in my
initialisation; I've checked with a cryptographer, we're losing some
server-side optimizations but not any security properties for our
scenario.
Fixes: 1895
Jeremy Harris [Sat, 8 Oct 2016 18:21:41 +0000 (19:21 +0100)]
Fix callouts connection fallback from TLS to cleartext. Bug 1897
Jeremy Harris [Wed, 5 Oct 2016 12:03:01 +0000 (13:03 +0100)]
Docs: add another index entry for delay_warning
Jeremy Harris [Mon, 3 Oct 2016 23:11:32 +0000 (00:11 +0100)]
Testsuite: for CHUNKING set sender name explicitly
for consistent chunk size on different platforms
Jeremy Harris [Mon, 3 Oct 2016 16:00:05 +0000 (17:00 +0100)]
Testsuite: for CHUNKING rewrite sender name in headers to consistent value
for consistent chunk size on different test platforms
Jeremy Harris [Sun, 2 Oct 2016 18:58:19 +0000 (19:58 +0100)]
Close logfile after a while waiting for non-smtp input. Bug 1891
Jeremy Harris [Sun, 2 Oct 2016 16:39:18 +0000 (17:39 +0100)]
Avoid parsing cost for auto-macro creates
Jeremy Harris [Sun, 2 Oct 2016 13:03:09 +0000 (14:03 +0100)]
Logging: connection_reject log selector should apply also to the connect acl
Jeremy Harris [Fri, 30 Sep 2016 13:59:04 +0000 (14:59 +0100)]
Fix mime ACL filename decode
A latent bug (uninitialised memory referred to by $mime_decoded_filename)
uncovered by
40c90bca9f7e
Jeremy Harris [Thu, 29 Sep 2016 22:18:54 +0000 (23:18 +0100)]
Fix checking for -D option use
Broken-by: c0b9d3e87264
Jeremy Harris [Thu, 29 Sep 2016 21:56:02 +0000 (22:56 +0100)]
Feature macros should be uppercase
Jeremy Harris [Thu, 29 Sep 2016 21:44:14 +0000 (22:44 +0100)]
Debug: fix openssl tls_close() debug output
Jeremy Harris [Thu, 29 Sep 2016 20:25:47 +0000 (21:25 +0100)]
Testsuite: tidying
Jeremy Harris [Wed, 28 Sep 2016 21:24:00 +0000 (22:24 +0100)]
Refactor driver feature-macro generation to be driven by existing tables
Would like to do lookup drivers too but unsure about dyn-linked variants
Jeremy Harris [Wed, 28 Sep 2016 18:41:08 +0000 (19:41 +0100)]
Default to filesystem space/inode checking enabled
Jeremy Harris [Tue, 27 Sep 2016 22:23:52 +0000 (23:23 +0100)]
Drain socket to get clean TCP FINs
Jeremy Harris [Sun, 25 Sep 2016 21:59:36 +0000 (22:59 +0100)]
Add automatic macros for config-file options. Bug 1819
Jeremy Harris [Sat, 24 Sep 2016 16:59:51 +0000 (17:59 +0100)]
Docs: fix quotes
Jeremy Harris [Sat, 24 Sep 2016 16:11:19 +0000 (17:11 +0100)]
Delivery: fix memory leak
Jeremy Harris [Fri, 23 Sep 2016 08:24:16 +0000 (09:24 +0100)]
Doc: add clarification for DKIM example
Jeremy Harris [Thu, 22 Sep 2016 21:55:49 +0000 (22:55 +0100)]
Defend against symlink attack by another process running as exim
Reported-by:
http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/
Jeremy Harris [Thu, 22 Sep 2016 18:59:48 +0000 (19:59 +0100)]
Routing: avoid doing the one_time replacement operation when a redirect leaves the address unchanged
When done, in combination with a defer the retry would see the address as delivered, hence losing mail.
Jeremy Harris [Thu, 22 Sep 2016 18:29:49 +0000 (19:29 +0100)]
Routing: for efficiency, avoid complexifying the "condition" string until the second is read from config
Jeremy Harris [Sun, 18 Sep 2016 21:47:22 +0000 (22:47 +0100)]
ACL: merge the tables used for codition/modifier decode
Jeremy Harris [Sun, 18 Sep 2016 17:14:29 +0000 (18:14 +0100)]
ACL: bsearch for controls
Jeremy Harris [Thu, 15 Sep 2016 22:58:57 +0000 (23:58 +0100)]
tidying
Jeremy Harris [Thu, 15 Sep 2016 20:43:22 +0000 (21:43 +0100)]
Docs: mention Perl manpages for PCRE. Bug 1881
Jeremy Harris [Tue, 13 Sep 2016 22:49:09 +0000 (23:49 +0100)]
Logging: fix errno decodes
Jeremy Harris [Tue, 13 Sep 2016 22:41:55 +0000 (23:41 +0100)]
Auth: fix error check in CRAM-MD5
Jeremy Harris [Wed, 7 Sep 2016 20:58:04 +0000 (21:58 +0100)]
tidying
Jeremy Harris [Sat, 10 Sep 2016 20:37:56 +0000 (21:37 +0100)]
Log EHLO response on getting conn-close response for HELO. Bug 1832
Jeremy Harris [Sat, 10 Sep 2016 20:36:33 +0000 (21:36 +0100)]
Reduce space used by flags in smtp transport
Jeremy Harris [Sun, 11 Sep 2016 12:30:45 +0000 (13:30 +0100)]
Make BOOL unsigned; fix resulting latent bugs
Jeremy Harris [Sun, 4 Sep 2016 13:54:18 +0000 (14:54 +0100)]
Cutthrough: option to reflect 4xx errors from target to initiator
Jeremy Harris [Sun, 4 Sep 2016 13:46:42 +0000 (14:46 +0100)]
Testsuite: missing output file
Jeremy Harris [Sat, 3 Sep 2016 12:43:33 +0000 (13:43 +0100)]
Docs: prettify code examples. Bug 1284
Jeremy Harris [Sat, 3 Sep 2016 12:33:57 +0000 (13:33 +0100)]
Docs: add note on strict DKIM verification
Jeremy Harris [Thu, 1 Sep 2016 20:08:32 +0000 (21:08 +0100)]
Testsuite: fix GnuTLS OCSP testing
Jeremy Harris [Thu, 1 Sep 2016 18:20:11 +0000 (19:20 +0100)]
Support "G" multiplier on integer configuration values
Jeremy Harris [Thu, 1 Sep 2016 18:02:06 +0000 (19:02 +0100)]
Testsuite: fix spool-space testcase for larger disks
Jeremy Harris [Sat, 20 Aug 2016 16:52:15 +0000 (17:52 +0100)]
Tidying: coverity issues
Jeremy Harris [Thu, 1 Sep 2016 17:25:58 +0000 (18:25 +0100)]
CHUNKING: after rejecting a pipelined SMTP command, flush any followon BDAT data
Jeremy Harris [Sun, 21 Aug 2016 22:44:06 +0000 (23:44 +0100)]
Add automatic macros for compile-time feature options
Jeremy Harris [Mon, 22 Aug 2016 11:34:21 +0000 (12:34 +0100)]
Testsuite: fix macro conflict (X vs. HEADERS_MAXSIZE)
Jeremy Harris [Sun, 21 Aug 2016 12:05:55 +0000 (13:05 +0100)]
tidying
Jeremy Harris [Sun, 14 Aug 2016 20:00:46 +0000 (21:00 +0100)]
Expansions: more debug verbosity in expansion conditions
Jeremy Harris [Fri, 12 Aug 2016 13:50:00 +0000 (14:50 +0100)]
Tidying: coverity issues
Jeremy Harris [Fri, 19 Aug 2016 14:52:18 +0000 (15:52 +0100)]
Testsuite: rework timing of time-dependent testcase
Jeremy Harris [Thu, 18 Aug 2016 20:27:55 +0000 (21:27 +0100)]
Delivery: fix transmission down an already-open connection, when
one of the group of addresses is unsuitable for it. Bug 1874
Broken-by: 3070ceeeed05, fa41615da702.
Jeremy Harris [Tue, 16 Aug 2016 15:26:31 +0000 (16:26 +0100)]
Delivery: same-host checking for transport runs should include port from address give by routing
Jeremy Harris [Wed, 17 Aug 2016 18:42:49 +0000 (19:42 +0100)]
tidying
Jeremy Harris [Sun, 14 Aug 2016 21:19:59 +0000 (22:19 +0100)]
Testsuite: add progress detail to log of troublesome testcase
Tony Meyer [Sun, 14 Aug 2016 15:09:02 +0000 (16:09 +0100)]
DMARC: send forensic reports for reject & quarantine results, and "none" policy. Bug 1846
Jeremy Harris [Sun, 14 Aug 2016 14:11:04 +0000 (15:11 +0100)]
Expansions: new ${escape8bit:<string>} operator. Bug 1863
Andrew Colin Kissa [Sun, 14 Aug 2016 12:45:08 +0000 (13:45 +0100)]
LMDB: introduce as Experimental. Bug 1856
Jasen Betts [Thu, 11 Aug 2016 22:31:57 +0000 (23:31 +0100)]
ACL: Ensure that acl_smtp_notquit is called for a conndrop between data-go-ahead and data-ack.
Bug 1872
Jeremy Harris [Thu, 11 Aug 2016 19:22:37 +0000 (20:22 +0100)]
Defensive coding in ${run }
Bug 1870
Jeremy Harris [Thu, 11 Aug 2016 19:17:07 +0000 (20:17 +0100)]
tidying
Bug 1870
Jeremy Harris [Thu, 11 Aug 2016 11:48:50 +0000 (12:48 +0100)]
Testsuite: missing output files
Jeremy Harris [Tue, 9 Aug 2016 22:32:46 +0000 (23:32 +0100)]
Testsuite: nail down hostname for CHUNKING test cases
Jeremy Harris [Tue, 9 Aug 2016 16:46:41 +0000 (17:46 +0100)]
Docs: more index entries for header lines
Leonhard Knauff [Mon, 8 Aug 2016 20:48:20 +0000 (21:48 +0100)]
Radius: Fix authentication for Radius libraries that return REJECT_RC. Bug 1850
Jeremy Harris [Mon, 8 Aug 2016 20:07:55 +0000 (21:07 +0100)]
DKIM: reduce memory usage (2nd go)
Jeremy Harris [Mon, 8 Aug 2016 15:26:14 +0000 (16:26 +0100)]
Testsuite: accept debug & testscript output sizes varying with testhost name
Jeremy Harris [Mon, 8 Aug 2016 13:30:44 +0000 (14:30 +0100)]
Testsuite: account for change in debug
Broken-by: fb6833e0a559
Jeremy Harris [Sat, 6 Aug 2016 23:03:56 +0000 (00:03 +0100)]
CHUNKING/DKIM: fix handling of lines having a leading dot
Jeremy Harris [Sun, 7 Aug 2016 22:19:02 +0000 (23:19 +0100)]
Revert "DKIM: reduce memory usage"
This reverts commit
dea4897244b409bf91dc60a7e5e4b3d06f123dd6.
It appears to induce spurious behaviour, seen in the testsuite. Possibly
the sha_hash update calls think the memory they are passed will still
be around later (eg. at sha_finish time)? A pity, since currently
we are allocating for the entire message body - which could easily
be MB or (future) GB.
Jeremy Harris [Sun, 7 Aug 2016 14:14:59 +0000 (15:14 +0100)]
CHUNKING: fix transmit with long headers
When the buffer used for SMTP commands and message headers filled to flush
point, protocol sequencing was wrong.
Jeremy Harris [Sat, 6 Aug 2016 22:01:13 +0000 (23:01 +0100)]
DKIM: reduce memory usage
Jeremy Harris [Sat, 6 Aug 2016 17:28:18 +0000 (18:28 +0100)]
Routing: in a dnslookup, fix fail_defer_domains to defer on missing MX record. Bug 1867
Jeremy Harris [Sat, 6 Aug 2016 14:51:01 +0000 (15:51 +0100)]
Fix DISABLE_DKIM build & test. Fix build on systems lacking MAX in standard includes.
Broken-by: 44bc8f0c2f35
Jeremy Harris [Sat, 6 Aug 2016 13:04:45 +0000 (14:04 +0100)]
Merge branch 'CHUNKING'
Jeremy Harris [Thu, 4 Aug 2016 23:26:23 +0000 (00:26 +0100)]
tidying
Jeremy Harris [Thu, 4 Aug 2016 19:31:20 +0000 (20:31 +0100)]
Docs: add warning on non-ASCII results from SpamAssassin. Bug 1863
Jeremy Harris [Thu, 4 Aug 2016 14:26:05 +0000 (15:26 +0100)]
Merge branch 'fakereject'
Jeremy Harris [Tue, 19 Jul 2016 22:53:35 +0000 (23:53 +0100)]
Logging: visibility of fakereject
Jeremy Harris [Thu, 4 Aug 2016 12:26:27 +0000 (13:26 +0100)]
DKIM: log error on overlong input line
Jeremy Harris [Wed, 20 Jul 2016 11:40:28 +0000 (12:40 +0100)]
Named queues: Add queue name to "queued by ACL" log line