tidying
[users/jgh/exim.git] / src / src / globals.c
index cb93a019288801760ead6154477b358023c7938b..1db5ece3297aacfcf8508739d8c3061d8aa9f728 100644 (file)
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2014 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* All the global variables are defined together in this one module, so
@@ -35,7 +35,7 @@ optionlist optionlist_auths[] = {
                  (void *)(offsetof(auth_instance, set_id)) }
 };
 
-int     optionlist_auths_size = sizeof(optionlist_auths)/sizeof(optionlist);
+int     optionlist_auths_size = nelem(optionlist_auths);
 
 /* An empty host aliases list. */
 
@@ -49,6 +49,7 @@ duplicate them here... */
 uschar *opt_perl_startup       = NULL;
 BOOL    opt_perl_at_start      = FALSE;
 BOOL    opt_perl_started       = FALSE;
+BOOL    opt_perl_taintmode     = FALSE;
 #endif
 
 #ifdef EXPAND_DLFUNC
@@ -83,7 +84,7 @@ uschar *oracle_servers         = NULL;
 uschar *pgsql_servers          = NULL;
 #endif
 
-#ifdef EXPERIMENTAL_REDIS
+#ifdef LOOKUP_REDIS
 uschar *redis_servers          = NULL;
 #endif
 
@@ -100,55 +101,51 @@ cluttered in several places (e.g. during logging) if we can always refer to
 them. Also, the tls_ variables are now always visible. */
 
 tls_support tls_in = {
- -1,   /* tls_active */
- 0,    /* tls_bits */
- FALSE,/* tls_certificate_verified */
-#ifdef EXPERIMENTAL_DANE
- FALSE,/* dane_verified */
- 0,    /* tlsa_usage */
+ .active =             -1,
+ .bits =               0,
+ .certificate_verified = FALSE,
+#ifdef SUPPORT_DANE
+ .dane_verified =      FALSE,
+ .tlsa_usage =         0,
 #endif
- NULL, /* tls_cipher */
- FALSE,/* tls_on_connect */
- NULL, /* tls_on_connect_ports */
- NULL, /* tls_ourcert */
- NULL, /* tls_peercert */
- NULL, /* tls_peerdn */
- NULL, /* tls_sni */
- 0     /* tls_ocsp */
+ .cipher =             NULL,
+ .on_connect =         FALSE,
+ .on_connect_ports =   NULL,
+ .ourcert =            NULL,
+ .peercert =           NULL,
+ .peerdn =             NULL,
+ .sni =                        NULL,
+ .ocsp =               OCSP_NOT_REQ
 };
 tls_support tls_out = {
- -1,   /* tls_active */
- 0,    /* tls_bits */
- FALSE,/* tls_certificate_verified */
-#ifdef EXPERIMENTAL_DANE
- FALSE,/* dane_verified */
- 0,    /* tlsa_usage */
+ .active =             -1,
+ .bits =               0,
+ .certificate_verified = FALSE,
+#ifdef SUPPORT_DANE
+ .dane_verified =      FALSE,
+ .tlsa_usage =         0,
 #endif
- NULL, /* tls_cipher */
- FALSE,/* tls_on_connect */
- NULL, /* tls_on_connect_ports */
- NULL, /* tls_ourcert */
- NULL, /* tls_peercert */
- NULL, /* tls_peerdn */
- NULL, /* tls_sni */
- 0     /* tls_ocsp */
+ .cipher =             NULL,
+ .on_connect =         FALSE,
+ .on_connect_ports =   NULL,
+ .ourcert =            NULL,
+ .peercert =           NULL,
+ .peerdn =             NULL,
+ .sni =                        NULL,
+ .ocsp =               OCSP_NOT_REQ
 };
 
 uschar *dsn_envid              = NULL;
 int     dsn_ret                = 0;
 const pcre  *regex_DSN         = NULL;
-BOOL    smtp_use_dsn           = FALSE;
 uschar *dsn_advertise_hosts    = NULL;
 
 #ifdef SUPPORT_TLS
 BOOL    gnutls_compat_mode     = FALSE;
 BOOL    gnutls_allow_auto_pkcs11 = FALSE;
-uschar *gnutls_require_mac     = NULL;
-uschar *gnutls_require_kx      = NULL;
-uschar *gnutls_require_proto   = NULL;
 uschar *openssl_options        = NULL;
 const pcre *regex_STARTTLS     = NULL;
-uschar *tls_advertise_hosts    = NULL;    /* This is deliberate */
+uschar *tls_advertise_hosts    = US"*";
 uschar *tls_certificate        = NULL;
 uschar *tls_crl                = NULL;
 /* This default matches NSS DH_MAX_P_BITS value at current time (2012), because
@@ -156,16 +153,18 @@ that's the interop problem which has been observed: GnuTLS suggesting a higher
 bit-count as "NORMAL" (2432) and Thunderbird dropping connection. */
 int     tls_dh_max_bits        = 2236;
 uschar *tls_dhparam            = NULL;
-#ifndef DISABLE_OCSP
+uschar *tls_eccurve            = US"auto";
+# ifndef DISABLE_OCSP
 uschar *tls_ocsp_file          = NULL;
-#endif
-BOOL    tls_offered            = FALSE;
+# endif
 uschar *tls_privatekey         = NULL;
 BOOL    tls_remember_esmtp     = FALSE;
 uschar *tls_require_ciphers    = NULL;
 uschar *tls_try_verify_hosts   = NULL;
 uschar *tls_verify_certificates= US"system";
 uschar *tls_verify_hosts       = NULL;
+#else  /*!SUPPORT_TLS*/
+uschar *tls_advertise_hosts    = NULL;
 #endif
 
 #ifndef DISABLE_PRDR
@@ -175,12 +174,21 @@ BOOL    prdr_requested         = FALSE;
 const pcre *regex_PRDR         = NULL;
 #endif
 
+#ifdef SUPPORT_I18N
+const pcre *regex_UTF8         = NULL;
+#endif
+
 /* Input-reading functions for messages, so we can use special ones for
 incoming TCP/IP. The defaults use stdin. We never need these for any
 stand-alone tests. */
 
-#ifndef STAND_ALONE
-int (*receive_getc)(void)      = stdin_getc;
+#if !defined(STAND_ALONE) && !defined(MACRO_PREDEF)
+int (*lwr_receive_getc)(unsigned) = stdin_getc;
+uschar * (*lwr_receive_getbuf)(unsigned *) = NULL;
+int (*lwr_receive_ungetc)(int) = stdin_ungetc;
+int (*receive_getc)(unsigned)  = stdin_getc;
+uschar * (*receive_getbuf)(unsigned *)  = NULL;
+void (*receive_get_cache)(void)= NULL;
 int (*receive_ungetc)(int)     = stdin_ungetc;
 int (*receive_feof)(void)      = stdin_feof;
 int (*receive_ferror)(void)    = stdin_ferror;
@@ -222,6 +230,8 @@ uschar *acl_arg[9]             = {NULL, NULL, NULL, NULL, NULL,
                                   NULL, NULL, NULL, NULL};
 int     acl_narg               = 0;
 
+int     acl_level             = 0;
+
 uschar *acl_not_smtp           = NULL;
 #ifdef WITH_CONTENT_SCAN
 uschar *acl_not_smtp_mime      = NULL;
@@ -313,76 +323,87 @@ uschar *acl_wherecodes[]       = { US"550",     /* RCPT */
 
 BOOL    active_local_from_check = FALSE;
 BOOL    active_local_sender_retain = FALSE;
-int     body_8bitmime = 0;
 BOOL    accept_8bitmime        = TRUE; /* deliberately not RFC compliant */
+uschar *add_environment        = NULL;
 address_item  *addr_duplicate  = NULL;
 
 address_item address_defaults = {
-  NULL,                 /* next */
-  NULL,                 /* parent */
-  NULL,                 /* first */
-  NULL,                 /* dupof */
-  NULL,                 /* start_router */
-  NULL,                 /* router */
-  NULL,                 /* transport */
-  NULL,                 /* host_list */
-  NULL,                 /* host_used */
-  NULL,                 /* fallback_hosts */
-  NULL,                 /* reply */
-  NULL,                 /* retries */
-  NULL,                 /* address */
-  NULL,                 /* unique */
-  NULL,                 /* cc_local_part */
-  NULL,                 /* lc_local_part */
-  NULL,                 /* local_part */
-  NULL,                 /* prefix */
-  NULL,                 /* suffix */
-  NULL,                 /* domain */
-  NULL,                 /* address_retry_key */
-  NULL,                 /* domain_retry_key */
-  NULL,                 /* current_dir */
-  NULL,                 /* home_dir */
-  NULL,                 /* message */
-  NULL,                 /* user_message */
-  NULL,                 /* onetime_parent */
-  NULL,                 /* pipe_expandn */
-  NULL,                 /* return_filename */
-  NULL,                 /* self_hostname */
-  NULL,                 /* shadow_message */
-  #ifdef SUPPORT_TLS
-  NULL,                 /* cipher */
-  NULL,                        /* ourcert */
-  NULL,                        /* peercert */
-  NULL,                 /* peerdn */
-  OCSP_NOT_REQ,         /* ocsp */
-  #endif
-  NULL,                        /* authenticator */
-  NULL,                        /* auth_id */
-  NULL,                        /* auth_sndr */
-  NULL,                 /* dsn_orcpt */
-  0,                    /* dsn_flags */
-  0,                    /* dsn_aware */
-  (uid_t)(-1),          /* uid */
-  (gid_t)(-1),          /* gid */
-  0,                    /* flags */
-  { 0 },                /* domain_cache - any larger array should be zeroed */
-  { 0 },                /* localpart_cache - ditto */
-  -1,                   /* mode */
-  0,                    /* more_errno */
-  ERRNO_UNKNOWNERROR,   /* basic_errno */
-  0,                    /* child_count */
-  -1,                   /* return_file */
-  SPECIAL_NONE,         /* special_action */
-  DEFER,                /* transport_return */
-  {                     /* fields that are propagated to children */
-    NULL,               /* address_data */
-    NULL,               /* domain_data */
-    NULL,               /* localpart_data */
-    NULL,               /* errors_address */
-    NULL,               /* extra_headers */
-    NULL,               /* remove_headers */
+  .next =              NULL,
+  .parent =            NULL,
+  .first =             NULL,
+  .dupof =             NULL,
+  .start_router =      NULL,
+  .router =            NULL,
+  .transport =         NULL,
+  .host_list =         NULL,
+  .host_used =         NULL,
+  .fallback_hosts =    NULL,
+  .reply =             NULL,
+  .retries =           NULL,
+  .address =           NULL,
+  .unique =            NULL,
+  .cc_local_part =     NULL,
+  .lc_local_part =     NULL,
+  .local_part =                NULL,
+  .prefix =            NULL,
+  .suffix =            NULL,
+  .domain =            NULL,
+  .address_retry_key = NULL,
+  .domain_retry_key =  NULL,
+  .current_dir =       NULL,
+  .home_dir =          NULL,
+  .message =           NULL,
+  .user_message =      NULL,
+  .onetime_parent =    NULL,
+  .pipe_expandn =      NULL,
+  .return_filename =   NULL,
+  .self_hostname =     NULL,
+  .shadow_message =    NULL,
+#ifdef SUPPORT_TLS
+  .cipher =            NULL,
+  .ourcert =           NULL,
+  .peercert =          NULL,
+  .peerdn =            NULL,
+  .ocsp =              OCSP_NOT_REQ,
+#endif
+#ifdef EXPERIMENTAL_DSN_INFO
+  .smtp_greeting =     NULL,
+  .helo_response =     NULL,
+#endif
+  .authenticator =     NULL,
+  .auth_id =           NULL,
+  .auth_sndr =         NULL,
+  .dsn_orcpt =         NULL,
+  .dsn_flags =         0,
+  .dsn_aware =         0,
+  .uid =               (uid_t)(-1),
+  .gid =               (gid_t)(-1),
+  .flags =             { 0 },
+  .domain_cache =      { 0 },                /* domain_cache - any larger array should be zeroed */
+  .localpart_cache =   { 0 },                /* localpart_cache - ditto */
+  .mode =              -1,
+  .more_errno =                0,
+  .delivery_usec =     0,
+  .basic_errno =       ERRNO_UNKNOWNERROR,
+  .child_count =       0,
+  .return_file =       -1,
+  .special_action =    SPECIAL_NONE,
+  .transport_return =  DEFER,
+  .prop = {                                    /* fields that are propagated to children */
+    .address_data =    NULL,
+    .domain_data =     NULL,
+    .localpart_data =  NULL,
+    .errors_address =  NULL,
+    .extra_headers =   NULL,
+    .remove_headers =  NULL,
 #ifdef EXPERIMENTAL_SRS
-    NULL,               /* srs_sender */
+    .srs_sender =      NULL,
+#endif
+    .ignore_error =    FALSE,
+#ifdef SUPPORT_I18N
+    .utf8_msg =                FALSE,
+    .utf8_downcvt =    FALSE,
+    .utf8_downcvt_maybe = FALSE
 #endif
   }
 };
@@ -399,7 +420,15 @@ BOOL    allow_domain_literals  = FALSE;
 BOOL    allow_mx_to_ip         = FALSE;
 BOOL    allow_unqualified_recipient = TRUE;    /* For local messages */
 BOOL    allow_unqualified_sender = TRUE;       /* Reset for SMTP */
-BOOL    allow_utf8_domains     = FALSE;
+BOOL    allow_utf8_domains     = FALSE;
+
+#ifdef EXPERIMENTAL_ARC
+struct arc_set *arc_received   = NULL;
+int     arc_received_instance  = 0;
+int     arc_oldest_pass                = 0;
+const uschar *arc_state                = NULL;
+#endif
+
 uschar *authenticated_fail_id  = NULL;
 uschar *authenticated_id       = NULL;
 uschar *authenticated_sender   = NULL;
@@ -407,22 +436,22 @@ BOOL    authentication_failed  = FALSE;
 auth_instance  *auths          = NULL;
 uschar *auth_advertise_hosts   = US"*";
 auth_instance auth_defaults    = {
-    NULL,                      /* chain pointer */
-    NULL,                      /* name */
-    NULL,                      /* info */
-    NULL,                      /* private options block pointer */
-    NULL,                      /* driver_name */
-    NULL,                      /* advertise_condition */
-    NULL,                      /* client_condition */
-    NULL,                      /* public_name */
-    NULL,                      /* set_id */
-    NULL,                      /* set_client_id */
-    NULL,                      /* server_mail_auth_condition */
-    NULL,                      /* server_debug_string */
-    NULL,                      /* server_condition */
-    FALSE,                     /* client */
-    FALSE,                     /* server */
-    FALSE                      /* advertised */
+    .next =            NULL,
+    .name =            NULL,
+    .info =            NULL,
+    .options_block =   NULL,
+    .driver_name =     NULL,
+    .advertise_condition = NULL,
+    .client_condition =        NULL,
+    .public_name =     NULL,
+    .set_id =          NULL,
+    .set_client_id =   NULL,
+    .mail_auth_condition = NULL,
+    .server_debug_string = NULL,
+    .server_condition =        NULL,
+    .client =          FALSE,
+    .server =          FALSE,
+    .advertised =      FALSE
 };
 
 uschar *auth_defer_msg         = US"reason not recorded";
@@ -455,39 +484,53 @@ int     bmi_deliver            = 1;
 int     bmi_run                = 0;
 uschar *bmi_verdicts           = NULL;
 #endif
+int     bsmtp_transaction_linecount = 0;
+int     body_8bitmime          = 0;
 int     body_linecount         = 0;
 int     body_zerocount         = 0;
 uschar *bounce_message_file    = NULL;
 uschar *bounce_message_text    = NULL;
 uschar *bounce_recipient       = NULL;
 BOOL    bounce_return_body     = TRUE;
+int     bounce_return_linesize_limit = 998;
 BOOL    bounce_return_message  = TRUE;
 int     bounce_return_size_limit = 100*1024;
 uschar *bounce_sender_authentication = NULL;
-int     bsmtp_transaction_linecount = 0;
 
+uschar *callout_address        = NULL;
 int     callout_cache_domain_positive_expire = 7*24*60*60;
 int     callout_cache_domain_negative_expire = 3*60*60;
 int     callout_cache_positive_expire = 24*60*60;
 int     callout_cache_negative_expire = 2*60*60;
 uschar *callout_random_local_part = US"$primary_hostname-$tod_epoch-testing";
 uschar *check_dns_names_pattern= US"(?i)^(?>(?(1)\\.|())[^\\W](?>[a-z0-9/_-]*[^\\W])?)+(\\.?)$";
-int     check_log_inodes       = 0;
-int     check_log_space        = 0;
+int     check_log_inodes       = 100;
+int     check_log_space        = 10*1024;      /* 10K Kbyte == 10MB */
 BOOL    check_rfc2047_length   = TRUE;
-int     check_spool_inodes     = 0;
-int     check_spool_space      = 0;
-uschar *client_authenticator  = NULL;
-uschar *client_authenticated_id = NULL;
-uschar *client_authenticated_sender = NULL;
+int     check_spool_inodes     = 100;
+int     check_spool_space      = 10*1024;      /* 10K Kbyte == 10MB */
+
+uschar *chunking_advertise_hosts = US"*";
+unsigned chunking_datasize     = 0;
+unsigned chunking_data_left    = 0;
+BOOL    chunking_offered       = FALSE;
+chunking_state_t chunking_state= CHUNKING_NOT_OFFERED;
+const pcre *regex_CHUNKING     = NULL;
+
+uschar *client_authenticator   = NULL;
+uschar *client_authenticated_id = NULL;
+uschar *client_authenticated_sender = NULL;
 int     clmacro_count          = 0;
 uschar *clmacros[MAX_CLMACROS];
+BOOL    commandline_checks_require_admin = FALSE;
 BOOL    config_changed         = FALSE;
 FILE   *config_file            = NULL;
-uschar *config_filename        = NULL;
+const uschar *config_filename  = NULL;
 int     config_lineno          = 0;
 #ifdef CONFIGURE_GROUP
 gid_t   config_gid             = CONFIGURE_GROUP;
+#else
+gid_t   config_gid             = 0;
 #endif
 uschar *config_main_filelist   = US CONFIGURE_FILE
                          "\0<-----------Space to patch configure_filename->";
@@ -496,9 +539,12 @@ uschar *config_main_directory  = NULL;
 
 #ifdef CONFIGURE_OWNER
 uid_t   config_uid             = CONFIGURE_OWNER;
+#else
+uid_t   config_uid             = 0;
 #endif
 
 int     connection_max_messages= -1;
+uschar *continue_proxy_cipher  = NULL;
 uschar *continue_hostname      = NULL;
 uschar *continue_host_address  = NULL;
 BOOL    continue_more          = FALSE;
@@ -507,9 +553,12 @@ uschar *continue_transport     = NULL;
 
 uschar *csa_status             = NULL;
 cut_t   cutthrough = {
-  FALSE,                               /* delivery: when to attempt */
-  -1,                                  /* fd: open connection */
-  0,                                   /* nrcpt: number of addresses */
+  .callout_hold_only = FALSE,                          /* verify-only: normal delivery */
+  .delivery =          FALSE,                          /* when to attempt */
+  .defer_pass =                FALSE,                          /* on defer: spool locally */
+  .is_tls =            FALSE,                          /* not a TLS conn yet */
+  .fd =                        -1,                             /* open connection */
+  .nrcpt =             0,                              /* number of addresses */
 };
 
 BOOL    daemon_listen          = FALSE;
@@ -528,41 +577,47 @@ uschar *dccifd_options         = US"header";
 BOOL    debug_daemon           = FALSE;
 int     debug_fd               = -1;
 FILE   *debug_file             = NULL;
-bit_table debug_options[]      = {
-  { US"acl",            D_acl },
-  { US"all",            D_all },
-  { US"auth",           D_auth },
-  { US"deliver",        D_deliver },
-  { US"dns",            D_dns },
-  { US"dnsbl",          D_dnsbl },
-  { US"exec",           D_exec },
-  { US"expand",         D_expand },
-  { US"filter",         D_filter },
-  { US"hints_lookup",   D_hints_lookup },
-  { US"host_lookup",    D_host_lookup },
-  { US"ident",          D_ident },
-  { US"interface",      D_interface },
-  { US"lists",          D_lists },
-  { US"load",           D_load },
-  { US"local_scan",     D_local_scan },
-  { US"lookup",         D_lookup },
-  { US"memory",         D_memory },
-  { US"pid",            D_pid },
-  { US"process_info",   D_process_info },
-  { US"queue_run",      D_queue_run },
-  { US"receive",        D_receive },
-  { US"resolver",       D_resolver },
-  { US"retry",          D_retry },
-  { US"rewrite",        D_rewrite },
-  { US"route",          D_route },
-  { US"timestamp",      D_timestamp },
-  { US"tls",            D_tls },
-  { US"transport",      D_transport },
-  { US"uid",            D_uid },
-  { US"verify",         D_verify }
+int     debug_notall[]         = {
+  Di_memory,
+  -1
 };
-int     debug_options_count    = sizeof(debug_options)/sizeof(bit_table);
+bit_table debug_options[]      = { /* must be in alphabetical order */
+  BIT_TABLE(D, acl),
+  BIT_TABLE(D, all),
+  BIT_TABLE(D, auth),
+  BIT_TABLE(D, deliver),
+  BIT_TABLE(D, dns),
+  BIT_TABLE(D, dnsbl),
+  BIT_TABLE(D, exec),
+  BIT_TABLE(D, expand),
+  BIT_TABLE(D, filter),
+  BIT_TABLE(D, hints_lookup),
+  BIT_TABLE(D, host_lookup),
+  BIT_TABLE(D, ident),
+  BIT_TABLE(D, interface),
+  BIT_TABLE(D, lists),
+  BIT_TABLE(D, load),
+  BIT_TABLE(D, local_scan),
+  BIT_TABLE(D, lookup),
+  BIT_TABLE(D, memory),
+  BIT_TABLE(D, pid),
+  BIT_TABLE(D, process_info),
+  BIT_TABLE(D, queue_run),
+  BIT_TABLE(D, receive),
+  BIT_TABLE(D, resolver),
+  BIT_TABLE(D, retry),
+  BIT_TABLE(D, rewrite),
+  BIT_TABLE(D, route),
+  BIT_TABLE(D, timestamp),
+  BIT_TABLE(D, tls),
+  BIT_TABLE(D, transport),
+  BIT_TABLE(D, uid),
+  BIT_TABLE(D, verify),
+};
+int     debug_options_count    = nelem(debug_options);
+
 unsigned int debug_selector    = 0;
+BOOL    debug_store            = FALSE;
 int     delay_warning[DELAY_WARNING_SIZE] = { DELAY_WARNING_SIZE, 1, 24*60*60 };
 uschar *delay_warning_condition=
   US"${if or {"
@@ -603,11 +658,6 @@ uschar *deliver_selectstring   = NULL;
 BOOL    deliver_selectstring_regex = FALSE;
 uschar *deliver_selectstring_sender = NULL;
 BOOL    deliver_selectstring_sender_regex = FALSE;
-#ifdef WITH_OLD_DEMIME
-int     demime_errorlevel      = 0;
-int     demime_ok              = 0;
-uschar *demime_reason          = NULL;
-#endif
 BOOL    disable_callout_flush  = FALSE;
 BOOL    disable_delay_flush    = FALSE;
 #ifdef ENABLE_DISABLE_FSYNC
@@ -617,13 +667,17 @@ BOOL    disable_ipv6           = FALSE;
 BOOL    disable_logging        = FALSE;
 
 #ifndef DISABLE_DKIM
+BOOL    dkim_collect_input       = FALSE;
 uschar *dkim_cur_signer          = NULL;
+BOOL    dkim_disable_verify      = FALSE;
+int     dkim_key_length          = 0;
 uschar *dkim_signers             = NULL;
 uschar *dkim_signing_domain      = NULL;
 uschar *dkim_signing_selector    = NULL;
+uschar *dkim_verify_overall      = NULL;
 uschar *dkim_verify_signers      = US"$dkim_signers";
-BOOL    dkim_collect_input       = FALSE;
-BOOL    dkim_disable_verify      = FALSE;
+uschar *dkim_verify_status      = NULL;
+uschar *dkim_verify_reason      = NULL;
 #endif
 #ifdef EXPERIMENTAL_DMARC
 BOOL    dmarc_has_been_checked  = FALSE;
@@ -642,13 +696,14 @@ BOOL    dmarc_enable_forensic   = FALSE;
 uschar *dns_again_means_nonexist = NULL;
 int     dns_csa_search_limit   = 5;
 BOOL    dns_csa_use_reverse    = TRUE;
-#ifdef EXPERIMENTAL_DANE
+#ifdef SUPPORT_DANE
 int     dns_dane_ok            = -1;
 #endif
 uschar *dns_ipv4_lookup        = NULL;
 int     dns_retrans            = 0;
 int     dns_retry              = 0;
 int     dns_dnssec_ok          = -1; /* <0 = not coerced */
+uschar *dns_trust_aa           = NULL;
 int     dns_use_edns0          = -1; /* <0 = not coerced */
 uschar *dnslist_domain         = NULL;
 uschar *dnslist_matched        = NULL;
@@ -668,9 +723,9 @@ uschar *errors_copy            = NULL;
 int     error_handling         = ERRORS_SENDER;
 uschar *errors_reply_to        = NULL;
 int     errors_sender_rc       = EXIT_FAILURE;
-#ifdef EXPERIMENTAL_EVENT
+#ifndef DISABLE_EVENT
 uschar *event_action             = NULL;       /* expansion for delivery events */
-uschar *event_data               = NULL;       /* auxilary data variable for event */
+uschar *event_data               = NULL;       /* auxiliary data variable for event */
 int     event_defer_errno        = 0;
 const uschar *event_name         = NULL;       /* event name variable */
 #endif
@@ -682,6 +737,7 @@ uschar *exim_path              = US BIN_DIRECTORY "/exim"
                         "\0<---------------Space to patch exim_path->";
 uid_t   exim_uid               = EXIM_UID;
 BOOL    exim_uid_set           = TRUE;          /* This uid is always set */
+int     expand_level          = 0;             /* Nesting depth, indent for debug */
 int     expand_forbid          = 0;
 int     expand_nlength[EXPAND_MAXN+1];
 int     expand_nmax            = -1;
@@ -704,9 +760,6 @@ uschar *filter_test_sfile      = NULL;
 uschar *filter_test_ufile      = NULL;
 uschar *filter_thisaddress     = NULL;
 int     finduser_retries       = 0;
-#ifdef WITH_OLD_DEMIME
-uschar *found_extension        = NULL;
-#endif
 uid_t   fixed_never_users[]    = { FIXED_NEVER_USERS };
 uschar *freeze_tell            = NULL;
 uschar *freeze_tell_config     = NULL;
@@ -724,22 +777,23 @@ int     header_maxsize         = HEADER_MAXSIZE;
 int     header_line_maxsize    = 0;
 
 header_name header_names[] = {
-  { US"bcc",            3, TRUE,  htype_bcc },
-  { US"cc",             2, TRUE,  htype_cc },
-  { US"date",           4, TRUE,  htype_date },
-  { US"delivery-date", 13, FALSE, htype_delivery_date },
-  { US"envelope-to",   11, FALSE, htype_envelope_to },
-  { US"from",           4, TRUE,  htype_from },
-  { US"message-id",    10, TRUE,  htype_id },
-  { US"received",       8, FALSE, htype_received },
-  { US"reply-to",       8, FALSE, htype_reply_to },
-  { US"return-path",   11, FALSE, htype_return_path },
-  { US"sender",         6, TRUE,  htype_sender },
-  { US"subject",        7, FALSE, htype_subject },
-  { US"to",             2, TRUE,  htype_to }
+  /* name              len     allow_resent    htype */
+  { US"bcc",            3,     TRUE,           htype_bcc },
+  { US"cc",             2,     TRUE,           htype_cc },
+  { US"date",           4,     TRUE,           htype_date },
+  { US"delivery-date", 13,     FALSE,          htype_delivery_date },
+  { US"envelope-to",   11,     FALSE,          htype_envelope_to },
+  { US"from",           4,     TRUE,           htype_from },
+  { US"message-id",    10,     TRUE,           htype_id },
+  { US"received",       8,     FALSE,          htype_received },
+  { US"reply-to",       8,     FALSE,          htype_reply_to },
+  { US"return-path",   11,     FALSE,          htype_return_path },
+  { US"sender",         6,     TRUE,           htype_sender },
+  { US"subject",        7,     FALSE,          htype_subject },
+  { US"to",             2,     TRUE,           htype_to }
 };
 
-int header_names_size          = sizeof(header_names)/sizeof(header_name);
+int header_names_size          = nelem(header_names);
 
 BOOL    header_rewritten       = FALSE;
 uschar *helo_accept_junk_hosts = NULL;
@@ -773,6 +827,7 @@ BOOL    ignore_fromline_local  = FALSE;
 uschar *ignore_fromline_hosts  = NULL;
 BOOL    inetd_wait_mode        = FALSE;
 int     inetd_wait_timeout     = -1;
+uschar *initial_cwd            = NULL;
 uschar *interface_address      = NULL;
 int     interface_port         = -1;
 BOOL    is_inetd               = FALSE;
@@ -780,6 +835,8 @@ uschar *iterate_item           = NULL;
 
 int     journal_fd             = -1;
 
+uschar *keep_environment       = NULL;
+
 int     keep_malformed         = 4*24*60*60;    /* 4 days */
 
 uschar *eldap_dn               = NULL;
@@ -804,84 +861,107 @@ uid_t   local_user_uid         = (uid_t)(-1);
 tree_node *localpartlist_anchor= NULL;
 int     localpartlist_count    = 0;
 uschar *log_buffer             = NULL;
-unsigned int log_extra_selector = LX_default;
+
+int     log_default[]          = { /* for initializing log_selector */
+  Li_acl_warn_skipped,
+  Li_connection_reject,
+  Li_delay_delivery,
+  Li_dkim,
+  Li_dnslist_defer,
+  Li_etrn,
+  Li_host_lookup_failed,
+  Li_lost_incoming_connection,
+  Li_outgoing_interface, /* see d_log_interface in deliver.c */
+  Li_queue_run,
+  Li_rejected_header,
+  Li_retry_defer,
+  Li_sender_verify_fail,
+  Li_size_reject,
+  Li_skip_delivery,
+  Li_smtp_confirmation,
+  Li_tls_certificate_verified,
+  Li_tls_cipher,
+  -1
+};
+
 uschar *log_file_path          = US LOG_FILE_PATH
                            "\0<--------------Space to patch log_file_path->";
 
-/* Those log options with L_xxx identifiers have values less than 0x800000 and
-are the ones that get put into log_write_selector. They can be used in calls to
-log_write() to test for the bit. The options with LX_xxx identifiers have
-values greater than 0x80000000 and are put into log_extra_selector (without the
-top bit). They are never used in calls to log_write(), but are tested
-independently. This separation became necessary when the number of log
-selectors was getting close to filling a 32-bit word. */
-
-/* Note that this list must be in alphabetical order. */
-
-bit_table log_options[]        = {
-  { US"8bitmime",                     LX_8bitmime },
-  { US"acl_warn_skipped",             LX_acl_warn_skipped },
-  { US"address_rewrite",              L_address_rewrite },
-  { US"all",                          L_all },
-  { US"all_parents",                  L_all_parents },
-  { US"arguments",                    LX_arguments },
-  { US"connection_reject",            L_connection_reject },
-  { US"delay_delivery",               L_delay_delivery },
-  { US"deliver_time",                 LX_deliver_time },
-  { US"delivery_size",                LX_delivery_size },
-  { US"dnslist_defer",                L_dnslist_defer },
-  { US"etrn",                         L_etrn },
-  { US"host_lookup_failed",           L_host_lookup_failed },
-  { US"ident_timeout",                LX_ident_timeout },
-  { US"incoming_interface",           LX_incoming_interface },
-  { US"incoming_port",                LX_incoming_port },
-  { US"lost_incoming_connection",     L_lost_incoming_connection },
-  { US"outgoing_port",                LX_outgoing_port },
-  { US"pid",                          LX_pid },
-#ifdef EXPERIMENTAL_PROXY
-  { US"proxy",                        LX_proxy },
+int     log_notall[]           = {
+  -1
+};
+bit_table log_options[]        = { /* must be in alphabetical order */
+  BIT_TABLE(L, 8bitmime),
+  BIT_TABLE(L, acl_warn_skipped),
+  BIT_TABLE(L, address_rewrite),
+  BIT_TABLE(L, all),
+  BIT_TABLE(L, all_parents),
+  BIT_TABLE(L, arguments),
+  BIT_TABLE(L, connection_reject),
+  BIT_TABLE(L, delay_delivery),
+  BIT_TABLE(L, deliver_time),
+  BIT_TABLE(L, delivery_size),
+#ifndef DISABLE_DKIM
+  BIT_TABLE(L, dkim),
+  BIT_TABLE(L, dkim_verbose),
 #endif
-  { US"queue_run",                    L_queue_run },
-  { US"queue_time",                   LX_queue_time },
-  { US"queue_time_overall",           LX_queue_time_overall },
-  { US"received_recipients",          LX_received_recipients },
-  { US"received_sender",              LX_received_sender },
-  { US"rejected_header",              LX_rejected_header },
-  { US"rejected_headers",             LX_rejected_header },
-  { US"retry_defer",                  L_retry_defer },
-  { US"return_path_on_delivery",      LX_return_path_on_delivery },
-  { US"sender_on_delivery",           LX_sender_on_delivery },
-  { US"sender_verify_fail",           LX_sender_verify_fail },
-  { US"size_reject",                  L_size_reject },
-  { US"skip_delivery",                L_skip_delivery },
-  { US"smtp_confirmation",            LX_smtp_confirmation },
-  { US"smtp_connection",              L_smtp_connection },
-  { US"smtp_incomplete_transaction",  L_smtp_incomplete_transaction },
-  { US"smtp_mailauth",                LX_smtp_mailauth },
-  { US"smtp_no_mail",                 LX_smtp_no_mail },
-  { US"smtp_protocol_error",          L_smtp_protocol_error },
-  { US"smtp_syntax_error",            L_smtp_syntax_error },
-  { US"subject",                      LX_subject },
-  { US"tls_certificate_verified",     LX_tls_certificate_verified },
-  { US"tls_cipher",                   LX_tls_cipher },
-  { US"tls_peerdn",                   LX_tls_peerdn },
-  { US"tls_sni",                      LX_tls_sni },
-  { US"unknown_in_list",              LX_unknown_in_list }
+  BIT_TABLE(L, dnslist_defer),
+  BIT_TABLE(L, dnssec),
+  BIT_TABLE(L, etrn),
+  BIT_TABLE(L, host_lookup_failed),
+  BIT_TABLE(L, ident_timeout),
+  BIT_TABLE(L, incoming_interface),
+  BIT_TABLE(L, incoming_port),
+  BIT_TABLE(L, lost_incoming_connection),
+  BIT_TABLE(L, millisec),
+  BIT_TABLE(L, outgoing_interface),
+  BIT_TABLE(L, outgoing_port),
+  BIT_TABLE(L, pid),
+#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
+  BIT_TABLE(L, proxy),
+#endif
+  BIT_TABLE(L, queue_run),
+  BIT_TABLE(L, queue_time),
+  BIT_TABLE(L, queue_time_overall),
+  BIT_TABLE(L, receive_time),
+  BIT_TABLE(L, received_recipients),
+  BIT_TABLE(L, received_sender),
+  BIT_TABLE(L, rejected_header),
+  { US"rejected_headers", Li_rejected_header },
+  BIT_TABLE(L, retry_defer),
+  BIT_TABLE(L, return_path_on_delivery),
+  BIT_TABLE(L, sender_on_delivery),
+  BIT_TABLE(L, sender_verify_fail),
+  BIT_TABLE(L, size_reject),
+  BIT_TABLE(L, skip_delivery),
+  BIT_TABLE(L, smtp_confirmation),
+  BIT_TABLE(L, smtp_connection),
+  BIT_TABLE(L, smtp_incomplete_transaction),
+  BIT_TABLE(L, smtp_mailauth),
+  BIT_TABLE(L, smtp_no_mail),
+  BIT_TABLE(L, smtp_protocol_error),
+  BIT_TABLE(L, smtp_syntax_error),
+  BIT_TABLE(L, subject),
+  BIT_TABLE(L, tls_certificate_verified),
+  BIT_TABLE(L, tls_cipher),
+  BIT_TABLE(L, tls_peerdn),
+  BIT_TABLE(L, tls_sni),
+  BIT_TABLE(L, unknown_in_list),
 };
+int     log_options_count      = nelem(log_options);
 
-int     log_options_count      = sizeof(log_options)/sizeof(bit_table);
 int     log_reject_target      = 0;
+unsigned int log_selector[log_selector_size]; /* initialized in main() */
 uschar *log_selector_string    = NULL;
 FILE   *log_stderr             = NULL;
 BOOL    log_testing_mode       = FALSE;
 BOOL    log_timezone           = FALSE;
-unsigned int log_write_selector= L_default;
 uschar *login_sender_address   = NULL;
 uschar *lookup_dnssec_authenticated = NULL;
 int     lookup_open_max        = 25;
 uschar *lookup_value           = NULL;
 
-macro_item  *macros            = NULL;
+macro_item *macros_user        = NULL;
 uschar *mailstore_basename     = NULL;
 #ifdef WITH_CONTENT_SCAN
 uschar *malware_name           = NULL;  /* Virus Name */
@@ -906,8 +986,9 @@ int     message_linecount      = 0;
 BOOL    message_logs           = TRUE;
 int     message_size           = 0;
 uschar *message_size_limit     = US"50M";
-#ifdef EXPERIMENTAL_INTERNATIONAL
+#ifdef SUPPORT_I18N
 BOOL    message_smtputf8       = FALSE;
+int     message_utf8_downconvert = 0;  /* -1 ifneeded; 0 never; 1 always */
 #endif
 uschar  message_subdir[2]      = { 0, 0 };
 uschar *message_reference      = NULL;
@@ -940,6 +1021,9 @@ BOOL    no_mbox_unspool        = FALSE;
 #endif
 BOOL    no_multiline_responses = FALSE;
 
+const int on                   = 1;    /* for setsockopt */
+const int off                  = 0;
+
 uid_t   original_euid;
 gid_t   originator_gid;
 uschar *originator_login       = NULL;
@@ -963,14 +1047,14 @@ int     process_info_len       = 0;
 uschar *process_log_path       = NULL;
 BOOL    prod_requires_admin    = TRUE;
 
-#ifdef EXPERIMENTAL_PROXY
-uschar *proxy_host_address     = US"";
-int     proxy_host_port        = 0;
-uschar *proxy_required_hosts   = US"";
+#if defined(SUPPORT_PROXY) || defined(SUPPORT_SOCKS)
+uschar *hosts_proxy            = US"";
+uschar *proxy_external_address = US"";
+int     proxy_external_port    = 0;
+uschar *proxy_local_address    = US"";
+int     proxy_local_port       = 0;
 BOOL    proxy_session          = FALSE;
 BOOL    proxy_session_failed   = FALSE;
-uschar *proxy_target_address   = US"";
-int     proxy_target_port      = 0;
 #endif
 
 uschar *prvscheck_address      = NULL;
@@ -984,6 +1068,7 @@ BOOL    queue_2stage           = FALSE;
 uschar *queue_domains          = NULL;
 int     queue_interval         = -1;
 BOOL    queue_list_requires_admin = TRUE;
+uschar *queue_name             = US"";
 BOOL    queue_only             = FALSE;
 uschar *queue_only_file        = NULL;
 int     queue_only_load        = -1;
@@ -994,7 +1079,7 @@ BOOL    queue_run_first_delivery = FALSE;
 BOOL    queue_run_force        = FALSE;
 BOOL    queue_run_in_order     = FALSE;
 BOOL    queue_run_local        = FALSE;
-int     queue_run_max          = 5;
+uschar *queue_run_max          = US"5";
 pid_t   queue_run_pid          = (pid_t)0;
 int     queue_run_pipe         = -1;
 BOOL    queue_running          = FALSE;
@@ -1044,7 +1129,8 @@ uschar *received_header_text   = US
 
 int     received_headers_max   = 30;
 uschar *received_protocol      = NULL;
-int     received_time          = 0;
+struct timeval received_time   = { 0, 0 };
+struct timeval received_time_taken = { 0, 0 };
 uschar *recipient_data         = NULL;
 uschar *recipient_unqualified_hosts = NULL;
 uschar *recipient_verify_failure = NULL;
@@ -1060,8 +1146,9 @@ const pcre *regex_From         = NULL;
 const pcre *regex_IGNOREQUOTA  = NULL;
 const pcre *regex_PIPELINING   = NULL;
 const pcre *regex_SIZE         = NULL;
-const pcre *regex_smtp_code    = NULL;
 const pcre *regex_ismsgid      = NULL;
+const pcre *regex_smtp_code    = NULL;
+uschar *regex_vars[REGEX_VARS];
 #ifdef WHITELIST_D_MACROS
 const pcre *regex_whitelisted_macro = NULL;
 #endif
@@ -1086,81 +1173,83 @@ uid_t   root_uid               = ROOT_UID;
 
 router_instance  *routers  = NULL;
 router_instance  router_defaults = {
-    NULL,                      /* chain pointer */
-    NULL,                      /* name */
-    NULL,                      /* info */
-    NULL,                      /* private options block pointer */
-    NULL,                      /* driver name */
+    .next =                    NULL,
+    .name =                    NULL,
+    .info =                    NULL,
+    .options_block =           NULL,
+    .driver_name =             NULL,
 
-    NULL,                      /* address_data */
+    .address_data =            NULL,
 #ifdef EXPERIMENTAL_BRIGHTMAIL
-    NULL,                      /* bmi_rule */
+    .bmi_rule =                        NULL,
 #endif
-    NULL,                      /* cannot_route_message */
-    NULL,                      /* condition */
-    NULL,                      /* current_directory */
-    NULL,                      /* debug_string */
-    NULL,                      /* domains */
-    NULL,                      /* errors_to */
-    NULL,                      /* expand_gid */
-    NULL,                      /* expand_uid */
-    NULL,                      /* expand_more */
-    NULL,                      /* expand_unseen */
-    NULL,                      /* extra_headers */
-    NULL,                      /* fallback_hosts */
-    NULL,                      /* home_directory */
-    NULL,                      /* ignore_target_hosts */
-    NULL,                      /* local_parts */
-    NULL,                      /* pass_router_name */
-    NULL,                      /* prefix */
-    NULL,                      /* redirect_router_name */
-    NULL,                      /* remove_headers */
-    NULL,                      /* require_files */
-    NULL,                      /* router_home_directory */
-    US"freeze",                /* self */
-    NULL,                      /* senders */
-    NULL,                      /* suffix */
-    NULL,                      /* translate_ip_address */
-    NULL,                      /* transport_name */
-
-    TRUE,                      /* address_test */
+    .cannot_route_message =    NULL,
+    .condition =               NULL,
+    .current_directory =       NULL,
+    .debug_string =            NULL,
+    .domains =                 NULL,
+    .errors_to =               NULL,
+    .expand_gid =              NULL,
+    .expand_uid =              NULL,
+    .expand_more =             NULL,
+    .expand_unseen =           NULL,
+    .extra_headers =           NULL,
+    .fallback_hosts =          NULL,
+    .home_directory =          NULL,
+    .ignore_target_hosts =     NULL,
+    .local_parts =             NULL,
+    .pass_router_name =                NULL,
+    .prefix =                  NULL,
+    .redirect_router_name =    NULL,
+    .remove_headers =          NULL,
+    .require_files =           NULL,
+    .router_home_directory =   NULL,
+    .self =                    US"freeze",
+    .senders =                 NULL,
+    .suffix =                  NULL,
+    .translate_ip_address =    NULL,
+    .transport_name =          NULL,
+
+    .address_test =            TRUE,
 #ifdef EXPERIMENTAL_BRIGHTMAIL
-    FALSE,                     /* bmi_deliver_alternate */
-    FALSE,                     /* bmi_deliver_default */
-    FALSE,                     /* bmi_dont_deliver */
+    .bmi_deliver_alternate =   FALSE,
+    .bmi_deliver_default =     FALSE,
+    .bmi_dont_deliver =                FALSE,
 #endif
-    TRUE,                      /* expn */
-    FALSE,                     /* caseful_local_part */
-    FALSE,                     /* check_local_user */
-    FALSE,                     /* disable_logging */
-    FALSE,                     /* fail_verify_recipient */
-    FALSE,                     /* fail_verify_sender */
-    FALSE,                     /* gid_set */
-    FALSE,                     /* initgroups */
-    TRUE_UNSET,                /* log_as_local */
-    TRUE,                      /* more */
-    FALSE,                     /* pass_on_timeout */
-    FALSE,                     /* prefix_optional */
-    TRUE,                      /* repeat_use */
-    TRUE_UNSET,                /* retry_use_local_part - fudge "unset" */
-    FALSE,                     /* same_domain_copy_routing */
-    FALSE,                     /* self_rewrite */
-    FALSE,                     /* suffix_optional */
-    FALSE,                     /* verify_only */
-    TRUE,                      /* verify_recipient */
-    TRUE,                      /* verify_sender */
-    FALSE,                     /* uid_set */
-    FALSE,                     /* unseen */
-    FALSE,                     /* dsn_lasthop */
-
-    self_freeze,               /* self_code */
-    (uid_t)(-1),               /* uid */
-    (gid_t)(-1),               /* gid */
-
-    NULL,                      /* fallback_hostlist */
-    NULL,                      /* transport instance */
-    NULL,                      /* pass_router */
-    NULL                       /* redirect_router */
+    .expn =                    TRUE,
+    .caseful_local_part =      FALSE,
+    .check_local_user =                FALSE,
+    .disable_logging =         FALSE,
+    .fail_verify_recipient =   FALSE,
+    .fail_verify_sender =      FALSE,
+    .gid_set =                 FALSE,
+    .initgroups =              FALSE,
+    .log_as_local =            TRUE_UNSET,
+    .more =                    TRUE,
+    .pass_on_timeout =         FALSE,
+    .prefix_optional =         FALSE,
+    .repeat_use =              TRUE,
+    .retry_use_local_part =    TRUE_UNSET,
+    .same_domain_copy_routing =        FALSE,
+    .self_rewrite =            FALSE,
+    .suffix_optional =         FALSE,
+    .verify_only =             FALSE,
+    .verify_recipient =                TRUE,
+    .verify_sender =           TRUE,
+    .uid_set =                 FALSE,
+    .unseen =                  FALSE,
+    .dsn_lasthop =             FALSE,
+
+    .self_code =               self_freeze,
+    .uid =                     (uid_t)(-1),
+    .gid =                     (gid_t)(-1),
+
+    .fallback_hostlist =       NULL,
+    .transport =               NULL,
+    .pass_router =             NULL,
+    .redirect_router =         NULL,
+
+    .dnssec =                  { NULL, NULL },            /* dnssec_domains {require,request} */
 };
 
 uschar *router_name            = NULL;
@@ -1191,10 +1280,12 @@ uschar *sender_address_unrewritten = NULL;
 uschar *sender_data            = NULL;
 unsigned int sender_domain_cache[(MAX_NAMED_LIST * 2)/32];
 uschar *sender_fullhost        = NULL;
+BOOL    sender_helo_dnssec     = FALSE;
 uschar *sender_helo_name       = NULL;
 uschar **sender_host_aliases   = &no_aliases;
 uschar *sender_host_address    = NULL;
 uschar *sender_host_authenticated = NULL;
+uschar *sender_host_auth_pubname  = NULL;
 unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32];
 BOOL    sender_host_dnssec     = FALSE;
 uschar *sender_host_name       = NULL;
@@ -1219,6 +1310,7 @@ uschar *sending_ip_address     = NULL;
 int     sending_port           = -1;
 SIGNAL_BOOL sigalrm_seen       = FALSE;
 uschar **sighup_argv           = NULL;
+int     slow_lookup_log        = 0;    /* millisecs, zero disables */
 int     smtp_accept_count      = 0;
 BOOL    smtp_accept_keepalive  = TRUE;
 int     smtp_accept_max        = 20;
@@ -1239,7 +1331,7 @@ BOOL    smtp_check_spool_space = TRUE;
 int     smtp_ch_index          = 0;
 uschar *smtp_cmd_argument      = NULL;
 uschar *smtp_cmd_buffer        = NULL;
-time_t  smtp_connection_start  = 0;
+struct timeval smtp_connection_start  = {0,0};
 uschar  smtp_connection_had[SMTP_HBUFF_SIZE];
 int     smtp_connect_backlog   = 20;
 double  smtp_delay_mail        = 0.0;
@@ -1271,10 +1363,10 @@ int     smtp_rlr_base          = 0;
 double  smtp_rlr_factor        = 0.0;
 int     smtp_rlr_limit         = 0;
 int     smtp_rlr_threshold     = INT_MAX;
-BOOL    smtp_use_pipelining    = FALSE;
-BOOL    smtp_use_size          = FALSE;
-#ifdef EXPERIMENTAL_INTERNATIONAL
-uschar *smtputf8_advertise_hosts = US"*";
+unsigned smtp_peer_options     = 0;
+unsigned smtp_peer_options_wrap= 0;
+#ifdef SUPPORT_I18N
+uschar *smtputf8_advertise_hosts = US"*";      /* overridden under test-harness */
 #endif
 
 #ifdef WITH_CONTENT_SCAN
@@ -1285,7 +1377,7 @@ uschar *spam_action            = NULL;
 uschar *spam_score             = NULL;
 uschar *spam_score_int         = NULL;
 #endif
-#ifdef EXPERIMENTAL_SPF
+#ifdef SUPPORT_SPF
 uschar *spf_guess              = US"v=spf1 a/24 mx/24 ptr ?all";
 uschar *spf_header_comment     = NULL;
 uschar *spf_received           = NULL;
@@ -1296,6 +1388,8 @@ uschar *spf_smtp_comment       = NULL;
 BOOL    split_spool_directory  = FALSE;
 uschar *spool_directory        = US SPOOL_DIRECTORY
                            "\0<--------------Space to patch spool_directory->";
+BOOL    spool_file_wireformat  = FALSE;
+BOOL    spool_wireformat       = FALSE;
 #ifdef EXPERIMENTAL_SRS
 uschar *srs_config             = NULL;
 uschar *srs_db_address         = NULL;
@@ -1325,6 +1419,7 @@ BOOL    suppress_local_fixups_default = FALSE;
 BOOL    synchronous_delivery   = FALSE;
 BOOL    syslog_duplication     = TRUE;
 int     syslog_facility        = LOG_MAIL;
+BOOL    syslog_pid             = TRUE;
 uschar *syslog_processname     = US"exim";
 BOOL    syslog_timestamp       = TRUE;
 uschar *system_filter          = NULL;
@@ -1340,7 +1435,13 @@ uid_t   system_filter_uid      = (uid_t)-1;
 BOOL    system_filter_uid_set  = FALSE;
 BOOL    system_filtering       = FALSE;
 
+BOOL    tcp_fastopen_ok        = FALSE;
+blob   tcp_fastopen_nodata    = { .data = NULL, .len = 0 };
+BOOL    tcp_in_fastopen        = FALSE;
+BOOL    tcp_in_fastopen_logged = FALSE;
 BOOL    tcp_nodelay            = TRUE;
+int     tcp_out_fastopen       = 0;
+BOOL    tcp_out_fastopen_logged= FALSE;
 #ifdef USE_TCP_WRAPPERS
 uschar *tcp_wrappers_daemon_name = US TCP_WRAPPERS_DAEMON_NAME;
 #endif
@@ -1352,58 +1453,59 @@ BOOL    timestamps_utc         = FALSE;
 transport_instance  *transports = NULL;
 
 transport_instance  transport_defaults = {
-    NULL,                     /* chain pointer */
-    NULL,                     /* name */
-    NULL,                     /* info */
-    NULL,                     /* private options block pointer */
-    NULL,                     /* driver name */
-    NULL,                     /* setup entry point */
-    1,                        /* batch_max */
-    NULL,                     /* batch_id */
-    NULL,                     /* home_dir */
-    NULL,                     /* current_dir */
-    NULL,                     /* expand-multi-domain */
-    TRUE,                     /* multi-domain */
-    FALSE,                    /* overrides_hosts */
-    100,                      /* max_addresses */
-    500,                      /* connection_max_messages */
-    FALSE,                    /* deliver_as_creator */
-    FALSE,                    /* disable_logging */
-    FALSE,                    /* initgroups */
-    FALSE,                    /* uid_set */
-    FALSE,                    /* gid_set */
-    (uid_t)(-1),              /* uid */
-    (gid_t)(-1),              /* gid */
-    NULL,                     /* expand_uid */
-    NULL,                     /* expand_gid */
-    NULL,                     /* warn_message */
-    NULL,                     /* shadow */
-    NULL,                     /* shadow_condition */
-    NULL,                     /* filter_command */
-    NULL,                     /* add_headers */
-    NULL,                     /* remove_headers */
-    NULL,                     /* return_path */
-    NULL,                     /* debug_string */
-    NULL,                     /* message_size_limit */
-    NULL,                     /* headers_rewrite */
-    NULL,                     /* rewrite_rules */
-    0,                        /* rewrite_existflags */
-    300,                      /* filter_timeout */
-    FALSE,                    /* body_only */
-    FALSE,                    /* delivery_date_add */
-    FALSE,                    /* envelope_to_add */
-    FALSE,                    /* headers_only */
-    FALSE,                    /* rcpt_include_affixes */
-    FALSE,                    /* return_path_add */
-    FALSE,                    /* return_output */
-    FALSE,                    /* return_fail_output */
-    FALSE,                    /* log_output */
-    FALSE,                    /* log_fail_output */
-    FALSE,                    /* log_defer_output */
-    TRUE_UNSET                /* retry_use_local_part: BOOL, but set neither
-                                 1 nor 0 so can detect unset */
-#ifdef EXPERIMENTAL_EVENT
-   ,NULL                     /* event_action */
+    .next =                    NULL,
+    .name =                    NULL,
+    .info =                    NULL,
+    .options_block =           NULL,
+    .driver_name =             NULL,
+    .setup =                   NULL,
+    .batch_max =               1,
+    .batch_id =                        NULL,
+    .home_dir =                        NULL,
+    .current_dir =             NULL,
+    .expand_multi_domain =     NULL,
+    .multi_domain =            TRUE,
+    .overrides_hosts =         FALSE,
+    .max_addresses =           100,
+    .connection_max_messages = 500,
+    .deliver_as_creator =      FALSE,
+    .disable_logging =         FALSE,
+    .initgroups =              FALSE,
+    .uid_set =                 FALSE,
+    .gid_set =                 FALSE,
+    .uid =                     (uid_t)(-1),
+    .gid =                     (gid_t)(-1),
+    .expand_uid =              NULL,
+    .expand_gid =              NULL,
+    .warn_message =            NULL,
+    .shadow =                  NULL,
+    .shadow_condition =                NULL,
+    .filter_command =          NULL,
+    .add_headers =             NULL,
+    .remove_headers =          NULL,
+    .return_path =             NULL,
+    .debug_string =            NULL,
+    .max_parallel =            NULL,
+    .message_size_limit =      NULL,
+    .headers_rewrite =         NULL,
+    .rewrite_rules =           NULL,
+    .rewrite_existflags =      0,
+    .filter_timeout =          300,
+    .body_only =               FALSE,
+    .delivery_date_add =       FALSE,
+    .envelope_to_add =         FALSE,
+    .headers_only =            FALSE,
+    .rcpt_include_affixes =    FALSE,
+    .return_path_add =         FALSE,
+    .return_output =           FALSE,
+    .return_fail_output =      FALSE,
+    .log_output =              FALSE,
+    .log_fail_output =         FALSE,
+    .log_defer_output =                FALSE,
+    .retry_use_local_part =    TRUE_UNSET,     /* retry_use_local_part: BOOL, but set neither
+                                                1 nor 0 so can detect unset */
+#ifndef DISABLE_EVENT
+   .event_action =             NULL
 #endif
 };
 
@@ -1457,8 +1559,8 @@ uschar *uucp_from_sender       = US"$1";
 
 uschar *verify_mode           = NULL;
 uschar *version_copyright      =
- US"Copyright (c) University of Cambridge, 1995 - 2014\n"
-   "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2014";
+ US"Copyright (c) University of Cambridge, 1995 - 2018\n"
+   "(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017";
 uschar *version_date           = US"?";
 uschar *version_cnumber        = US"????";
 uschar *version_string         = US"?";