*~
*.bak
.*.swp
+0*.patch
+*.orig
+*.rej
+spec*.html
spec*.xml
spec.ps
spec.pdf
+spec.txt
filter*.xml
filter.ps
filter.pdf
+local_params
########################################################################
+.PHONY: local_params
+local_params:
+ echo .macro version > $@
+ echo $(EXIM_VER) >> $@
+ echo .endmacro >> $@
+ echo .macro fulldate >> $@
+ date "+%d %b %Y" >> $@
+ echo .endmacro >> $@
+ echo .macro year >> $@
+ date "+%Y" >> $@
+ echo .endmacro >> $@
+
############################### FILTER #################################
-filter.xml: filter.xfpt
+filter.xml: local_params filter.xfpt
xfpt filter.xfpt
filter-pr.xml: filter.xml Pre-xml
################################ SPEC ##################################
-spec.xml: spec.xfpt
+spec.xml: local_params spec.xfpt
xfpt spec.xfpt
spec-pr.xml: spec.xml Pre-xml
clean:; /bin/rm -rf exim.8 \
filter*.xml spec*.xml test*.xml \
- *.fo *.html *.pdf *.ps \
+ *.fo *.pdf *.ps \
+ filter*.html spec*.html test*.html \
filter*.txt spec*.txt test*.txt \
*.info* *.texinfo *.texi
.include stdflags
.include stdmacs
+.include ./local_params
.docbook
. /////////////////////////////////////////////////////////////////////////////
.endmacro
. ===========================================================================
+. Copyright year. Update this (only) when changing content.
+
+.macro copyyear
+2010
+.endmacro
+
+. ===========================================================================
. /////////////////////////////////////////////////////////////////////////////
. /////////////////////////////////////////////////////////////////////////////
<bookinfo>
<title>Exim's interfaces to mail filtering</title>
<titleabbrev>Exim filtering</titleabbrev>
-<date>23 November 2009</date>
+<date>
+.fulldate
+</date>
<author><firstname>Philip</firstname><surname>Hazel</surname></author>
<authorinitials>PH</authorinitials>
<revhistory><revision>
- <revnumber>4.80</revnumber>
- <date>17 May 2012</date>
+ <revnumber>
+.version
+ </revnumber>
+ <date>
+.fulldate
+ </date>
<authorinitials>PH</authorinitials>
</revision></revhistory>
-<copyright><year>2010</year><holder>University of Cambridge</holder></copyright>
+<copyright><year>
+.copyyear
+ </year><holder>University of Cambridge</holder></copyright>
</bookinfo>
.literal off
.chapter "Forwarding and filtering in Exim" "CHAPforandfilt"
This document describes the user interfaces to Exim's in-built mail filtering
-facilities, and is copyright © University of Cambridge 2007. It
-corresponds to Exim version 4.80.
+facilities, and is copyright © University of Cambridge ©year(). It
+corresponds to Exim version &version().
.book
. /////////////////////////////////////////////////////////////////////////////
-. These definitions set some parameters and save some typing. Remember that
-. the <bookinfo> element must also be updated for each new edition.
+. These definitions set some parameters and save some typing.
+. Update the Copyright year (only) when changing content.
. /////////////////////////////////////////////////////////////////////////////
-.set previousversion "4.75"
-.set version "4.80"
+.set previousversion "4.80"
+.include ./local_params
.set ACL "access control lists (ACLs)"
.set I " "
+.macro copyyear
+2012
+.endmacro
. /////////////////////////////////////////////////////////////////////////////
. Additional xfpt markup used by this document, over and above the default
<bookinfo>
<title>Specification of the Exim Mail Transfer Agent</title>
<titleabbrev>The Exim MTA</titleabbrev>
-<date>17 May 2012</date>
+<date>
+.fulldate
+</date>
<author><firstname>Exim</firstname><surname>Maintainers</surname></author>
<authorinitials>EM</authorinitials>
<revhistory><revision>
- <revnumber>4.80</revnumber>
- <date>17 May 2012</date>
+ <revnumber>
+.version
+ </revnumber>
+ <date>
+.fulldate
+ </date>
<authorinitials>EM</authorinitials>
</revision></revhistory>
-<copyright><year>2012</year><holder>University of Cambridge</holder></copyright>
+<copyright><year>
+.copyyear
+ </year><holder>University of Cambridge</holder></copyright>
</bookinfo>
.literal off
.new
.cindex "documentation"
-This edition of the Exim specification applies to version &version; of Exim.
+This edition of the Exim specification applies to version &version() of Exim.
Substantive changes from the &previousversion; edition are marked in some
renditions of the document; this paragraph is so marked if the rendition is
capable of showing a change indicator.
.cindex "distribution" "signing details"
.cindex "distribution" "public key"
.cindex "public key for signed distribution"
-The distributions are currently signed with Nigel Metheringham's GPG key. The
-corresponding public key is available from a number of keyservers, and there is
-also a copy in the file &_nigel-pubkey.asc_&. The signatures for the tar bundles are
-in:
+.new
+The distributions will be PGP signed by an individual key of the Release
+Coordinator. This key will have a uid containing an email address in the
+&'exim.org'& domain and will have signatures from other people, including
+other Exim maintainers. We expect that the key will be in the "strong set" of
+PGP keys. There should be a trust path to that key from Nigel Metheringham's
+PGP key, a version of which can be found in the release directory in the file
+&_nigel-pubkey.asc_&. All keys used will be available in public keyserver pools,
+such as &'pool.sks-keyservers.net'&.
+
+At time of last update, releases were being made by Phil Pennock and signed with
+key &'0x403043153903637F'&, although that key is expected to be replaced in 2013.
+A trust path from Nigel's key to Phil's can be observed at
+&url(https://www.security.spodhuis.org/exim-trustpath).
+.wen
+
+The signatures for the tar bundles are in:
.display
&_exim-n.nn.tar.gz.asc_&
&_exim-n.nn.tar.bz2.asc_&
.cindex "incorporated code"
.cindex "regular expressions" "library"
.cindex "PCRE"
+.cindex "OpenDMARC"
A number of pieces of external code are included in the Exim distribution.
.ilist
SOFTWARE.
.endblockquote
+.next
+.cindex "opendmarc" "acknowledgment"
+The DMARC implementation uses the OpenDMARC library which is Copyrighted by
+The Trusted Domain Project. Portions of Exim source which use OpenDMARC
+derived code are indicated in the respective source files. The full OpenDMARC
+license is provided in the LICENSE.opendmarc file contained in the distributed
+source code.
+
.next
Many people have contributed code fragments, some large, some small, that were
not covered by any specific licence requirements. It is assumed that the
&%verify_recipient%&, which independently control the use of the router for
sender and recipient verification. You can set these options directly if
you want a router to be used for only one type of verification.
+Note that cutthrough delivery is classed as a recipient verification
+for this purpose.
.next
If the &%address_test%& option is set false, the router is skipped when Exim is
run with the &%-bt%& option to test an address routing. This can be helpful
.next
Routers can be designated for use only when verifying an address, as
opposed to routing it for delivery. The &%verify_only%& option controls this.
+Again, cutthrough delibery counts as a verification.
.next
Individual routers can be explicitly skipped when running the routers to
check an address given in the SMTP EXPN command (see the &%expn%& option).
.section "Unpacking" "SECID23"
Exim is distributed as a gzipped or bzipped tar file which, when unpacked,
creates a directory with the name of the current release (for example,
-&_exim-&version;_&) into which the following files are placed:
+&_exim-&version()_&) into which the following files are placed:
.table2 140pt
.irow &_ACKNOWLEDGMENTS_& "contains some acknowledgments"
overridden if necessary.
-.new
.section "PCRE library" "SECTpcre"
.cindex "PCRE library"
Exim no longer has an embedded PCRE library as the vast majority of
PCRE support then you will need to obtain and build the current PCRE
from &url(ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/).
More information on PCRE is available at &url(http://www.pcre.org/).
-.wen
.section "DBM libraries" "SECTdb"
.cindex "DBM libraries" "discussion of"
TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
TLS_INCLUDE=-I/usr/local/openssl/include/
.endd
-.new
.cindex "pkg-config" "OpenSSL"
If you have &'pkg-config'& available, then instead you can just use:
.code
SUPPORT_TLS=yes
USE_OPENSSL_PC=openssl
.endd
-.wen
.cindex "USE_GNUTLS"
If GnuTLS is installed, you should set
.code
TLS_LIBS=-L/usr/gnu/lib -lgnutls -ltasn1 -lgcrypt
TLS_INCLUDE=-I/usr/gnu/include
.endd
-.new
.cindex "pkg-config" "GnuTLS"
If you have &'pkg-config'& available, then instead you can just use:
.code
USE_GNUTLS=yes
USE_GNUTLS_PC=gnutls
.endd
-.wen
You do not need to set TLS_INCLUDE if the relevant directory is already
specified in INCLUDE. Details of how to configure Exim to make use of TLS are
the subnet 192.168.1.0/24, and from all hosts in &'friendly.domain.example'&.
All other connections are denied. The daemon name used by &'tcpwrappers'&
can be changed at build time by setting TCP_WRAPPERS_DAEMON_NAME in
-in &_Local/Makefile_&, or by setting tcp_wrappers_daemon_name in the
+&_Local/Makefile_&, or by setting tcp_wrappers_daemon_name in the
configure file. Consult the &'tcpwrappers'& documentation for
further details.
binary, attempts to configure Exim to use it cause run time configuration
errors.
-.new
.cindex "pkg-config" "lookups"
.cindex "pkg-config" "authenticators"
Many systems now use a tool called &'pkg-config'& to encapsulate information
AUTH_HEIMDAL_GSSAPI=yes
AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
.endd
-.wen
.cindex "Perl" "including support for"
Exim can be linked with an embedded Perl interpreter, allowing Perl
For the utility programs, old versions are renamed by adding the suffix &_.O_&
to their names. The Exim binary itself, however, is handled differently. It is
installed under a name that includes the version number and the compile number,
-for example &_exim-&version;-1_&. The script then arranges for a symbolic link
+for example &_exim-&version()-1_&. The script then arranges for a symbolic link
called &_exim_& to point to the binary. If you are updating a previous version
of Exim, the script takes care to ensure that the name &_exim_& is never absent
from the directory (as seen by other processes).
This option is an alias for &%-bV%& and causes version information to be
displayed.
+.new
+.vitem &%-Ac%& &&&
+ &%-Am%&
+.oindex "&%-Ac%&"
+.oindex "&%-Am%&"
+These options are used by Sendmail for selecting configuration files and are
+ignored by Exim.
+.wen
+
.vitem &%-B%&<&'type'&>
.oindex "&%-B%&"
.cindex "8-bit characters"
if this is required. If the &%bi_command%& option is not set, calling Exim with
&%-bi%& is a no-op.
+.new
+. // Keep :help first, then the rest in alphabetical order
+.vitem &%-bI:help%&
+.oindex "&%-bI:help%&"
+.cindex "querying exim information"
+We shall provide various options starting &`-bI:`& for querying Exim for
+information. The output of many of these will be intended for machine
+consumption. This one is not. The &%-bI:help%& option asks Exim for a
+synopsis of supported options beginning &`-bI:`&. Use of any of these
+options shall cause Exim to exit after producing the requested output.
+
+.vitem &%-bI:dscp%&
+.oindex "&%-bI:dscp%&"
+.cindex "DSCP" "values"
+This option causes Exim to emit an alphabetically sorted list of all
+recognised DSCP names.
+
+.vitem &%-bI:sieve%&
+.oindex "&%-bI:sieve%&"
+.cindex "Sieve filter" "capabilities"
+This option causes Exim to emit an alphabetically sorted list of all supported
+Sieve protocol extensions on stdout, one per line. This is anticipated to be
+useful for ManageSieve (RFC 5804) implementations, in providing that protocol's
+&`SIEVE`& capability response line. As the precise list may depend upon
+compile-time build options, which this option will adapt to, this is the only
+way to guarantee a correct response.
+.wen
+
.vitem &%-bm%&
.oindex "&%-bm%&"
.cindex "local message reception"
This option runs an Exim receiving process that accepts an incoming,
-locally-generated message on the current input. The recipients are given as the
+locally-generated message on the standard input. The recipients are given as the
command arguments (except when &%-t%& is also present &-- see below). Each
argument can be a comma-separated list of RFC 2822 addresses. This is the
default option for selecting the overall action of an Exim call; it is assumed
If a list of configuration files was supplied, the value that is output here
is the name of the file that was actually used.
+.new
+.cindex "options" "hiding name of"
+If the &%-n%& flag is given, then for most modes of &%-bP%& operation the
+name will not be output.
+.wen
+
.cindex "daemon" "process id (pid)"
.cindex "pid (process id)" "of daemon"
If &%log_file_path%& or &%pid_file_path%& are given, the names of the
.vitem &%-G%&
.oindex "&%-G%&"
-.cindex "Sendmail compatibility" "&%-G%& option ignored"
-This is a Sendmail option which is ignored by Exim.
+.cindex "submission fixups, suppressing (command-line)"
+.new
+This option is equivalent to an ACL applying:
+.code
+control = suppress_local_fixups
+.endd
+for every message received. Note that Sendmail will complain about such
+bad formatting, where Exim silently just does not fix it up. This may change
+in future.
+
+As this affects audit information, the caller must be a trusted user to use
+this option.
+.wen
.vitem &%-h%&&~<&'number'&>
.oindex "&%-h%&"
no documentation for this option in Solaris 2.4 Sendmail, but the &'mailx'&
command in Solaris 2.4 uses it. See also &%-ti%&.
+.new
+.vitem &%-L%&&~<&'tag'&>
+.oindex "&%-L%&"
+.cindex "syslog" "process name; set with flag"
+This option is equivalent to setting &%syslog_processname%& in the config
+file and setting &%log_file_path%& to &`syslog`&.
+Its use is restricted to administrators. The configuration file has to be
+read and parsed, to determine access rights, before this is set and takes
+effect, so early configuration file errors will not honour this flag.
+
+The tag should not be longer than 32 characters.
+.wen
+
.vitem &%-M%&&~<&'message&~id'&>&~<&'message&~id'&>&~...
.oindex "&%-M%&"
.cindex "forcing delivery"
.vitem &%-n%&
.oindex "&%-n%&"
-.cindex "Sendmail compatibility" "&%-n%& option ignored"
-This option is interpreted by Sendmail to mean &"no aliasing"&. It is ignored
-by Exim.
+This option is interpreted by Sendmail to mean &"no aliasing"&.
+For normal modes of operation, it is ignored by Exim.
+When combined with &%-bP%& it suppresses the name of an option from being output.
.vitem &%-O%&&~<&'data'&>
.oindex "&%-O%&"
Provided
this error message is successfully sent, the Exim receiving process
exits with a return code of zero. If not, the return code is 2 if the problem
-is that the original message has no recipients, or 1 any other error. This is
-the default &%-oe%&&'x'& option if Exim is called as &'rmail'&.
+is that the original message has no recipients, or 1 for any other error.
+This is the default &%-oe%&&'x'& option if Exim is called as &'rmail'&.
.vitem &%-oem%&
.oindex "&%-oem%&"
It sets the incoming protocol and host name (for trusted callers). The
host name and its colon can be omitted when only the protocol is to be set.
Note the Exim already has two private options, &%-pd%& and &%-ps%&, that refer
-to embedded Perl. It is therefore impossible to set a protocol value of &`p`&
+to embedded Perl. It is therefore impossible to set a protocol value of &`d`&
or &`s`& using this option (but that does not seem a real limitation).
.vitem &%-q%&
.vitem &%-Tqt%&&~<&'times'&>
.oindex "&%-Tqt%&"
-This an option that is exclusively for use by the Exim testing suite. It is not
+This is an option that is exclusively for use by the Exim testing suite. It is not
recognized when Exim is run normally. It allows for the setting up of explicit
&"queue times"& so that various warning/retry features can be tested.
National Language Support extended characters in the body of the mail item"&).
It sets &%-x%& when calling the MTA from its &%mail%& command. Exim ignores
this option.
+
+.new
+.vitem &%-X%&&~<&'logfile'&>
+.oindex "&%-X%&"
+This option is interpreted by Sendmail to cause debug information to be sent
+to the named file. It is ignored by Exim.
+.wen
.endlist
.ecindex IIDclo1
The first three non-comment configuration lines are as follows:
.code
-domainlist local_domains = @
+domainlist local_domains = @
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1
.endd
fact authenticate until you complete the authenticator definitions.
.code
require message = relay not permitted
- domains = +local_domains : +relay_domains
+ domains = +local_domains : +relay_to_domains
.endd
This statement rejects the address if its domain is neither a local domain nor
one of the domains for which this host is a relay.
# server_set_id = $auth2
# server_prompts = :
# server_condition = Authentication is not yet configured
-# server_advertise_condition = ${if def:tls_cipher }
+# server_advertise_condition = ${if def:tls_in_cipher }
.endd
And the example LOGIN authenticator looks like this:
.code
# server_set_id = $auth1
# server_prompts = <| Username: | Password:
# server_condition = Authentication is not yet configured
-# server_advertise_condition = ${if def:tls_cipher }
+# server_advertise_condition = ${if def:tls_in_cipher }
.endd
The &%server_set_id%& option makes Exim remember the authenticated username
the DB_UNKNOWN option. This enables it to handle any of the types of database
that the library supports, and can be useful for accessing DBM files created by
other applications. (For earlier DB versions, DB_HASH is always used.)
-.new
.next
.cindex "lookup" "dbmjz"
.cindex "lookup" "dbm &-- embedded NULs"
authenticate incoming SMTP calls using the passwords from Cyrus SASL's
&_/etc/sasldb2_& file with the &(gsasl)& authenticator or Exim's own
&(cram_md5)& authenticator.
-.wen
.next
.cindex "lookup" "dbmnz"
.cindex "lookup" "dbm &-- terminating zero"
&`fail`& keyword causes a &'forced expansion failure'& &-- see section
&<<SECTforexpfai>>& for an explanation of what this means.
-.new
The supported DNS record types are A, CNAME, MX, NS, PTR, SPF, SRV, and TXT,
and, when Exim is compiled with IPv6 support, AAAA (and A6 if that is also
configured). If no type is given, TXT is assumed. When the type is PTR,
the data can be an IP address, written as normal; inversion and the addition of
&%in-addr.arpa%& or &%ip6.arpa%& happens automatically. For example:
-.wen
.code
${lookup dnsdb{ptr=192.168.4.5}{$value}fail}
.endd
.cindex "TXT record" "in &(dnsdb)& lookup"
.cindex "SPF record" "in &(dnsdb)& lookup"
-.new
For TXT records with multiple items of data, only the first item is returned,
unless a separator for them is specified using a comma after the separator
character followed immediately by the TXT record item separator. To concatenate
items without a separator, use a semicolon instead. For SPF records the
default behaviour is to concatenate multiple items without using a separator.
-.wen
.code
${lookup dnsdb{>\n,: txt=a.b.example}}
${lookup dnsdb{>\n; txt=a.b.example}}
The authorization code can be &"Y"& for yes, &"N"& for no, &"X"& for explicit
authorization required but absent, or &"?"& for unknown.
+.cindex "A+" "in &(dnsdb)& lookup"
+The pseudo-type A+ performs an A6 lookup (if configured) followed by an AAAA
+and then an A lookup. All results are returned; defer processing
+(see below) is handled separately for each lookup. Example:
+.code
+${lookup dnsdb {>; a+=$sender_helo_name}}
+.endd
+
.section "Multiple dnsdb lookups" "SECID67"
In the previous sections, &(dnsdb)& lookups for a single domain are described.
.endd
In a list, the syntax is similar. For example:
.code
-domainlist relay_domains = sqlite;/some/thing/sqlitedb \
+domainlist relay_to_domains = sqlite;/some/thing/sqlitedb \
select * from relays where ip='$sender_host_address';
.endd
The only character affected by the &%quote_sqlite%& operator is a single
subject having matched any of the patterns, it is in the set if the last item
was a negative one, but not if it was a positive one. For example, the list in
.code
-domainlist relay_domains = !a.b.c : *.b.c
+domainlist relay_to_domains = !a.b.c : *.b.c
.endd
matches any domain ending in &'.b.c'& except for &'a.b.c'&. Domains that match
neither &'a.b.c'& nor &'*.b.c'& do not match, because the last item in the
list is positive. However, if the setting were
.code
-domainlist relay_domains = !a.b.c
+domainlist relay_to_domains = !a.b.c
.endd
then all domains other than &'a.b.c'& would match because the last item in the
list is negative. In other words, a list that ends with a negative item behaves
respectively. Then there follows the name that you are defining, followed by an
equals sign and the list itself. For example:
.code
-hostlist relay_hosts = 192.168.23.0/24 : my.friend.example
+hostlist relay_from_hosts = 192.168.23.0/24 : my.friend.example
addresslist bad_senders = cdb;/etc/badsenders
.endd
A named list may refer to other named lists:
There are several types of pattern that require Exim to know the name of the
remote host. These are either wildcard patterns or lookups by name. (If a
complete hostname is given without any wildcarding, it is used to find an IP
-address to match against, as described in the section &<<SECThoslispatip>>&
+address to match against, as described in section &<<SECThoslispatip>>&
above.)
If the remote host name is not already known when Exim encounters one of these
operator.
If the query contains a reference to &$sender_host_name$&, Exim automatically
-looks up the host name if has not already done so. (See section
+looks up the host name if it has not already done so. (See section
&<<SECThoslispatnam>>& for comments on finding host names.)
Historical note: prior to release 4.30, Exim would always attempt to find a
surrounding the colons is ignored. For example:
.code
aol.com: spammer1 : spammer2 : ^[0-9]+$ :
-spammer3 : spammer4
+ spammer3 : spammer4
.endd
As in all colon-separated lists in Exim, a colon can be included in an item by
doubling.
This item inserts &"basic"& header lines. It is described with the &%header%&
expansion item below.
+
+.vitem "&*${acl{*&<&'name'&>&*}{*&<&'arg'&>&*}...}*&"
+.cindex "expansion" "calling an acl"
+.cindex "&%acl%&" "call from expansion"
+The name and zero to nine argument strings are first expanded separately. The expanded
+arguments are assigned to the variables &$acl_arg1$& to &$acl_arg9$& in order.
+Any unused are made empty. The variable &$acl_narg$& is set to the number of
+arguments. The named ACL (see chapter &<<CHAPACL>>&) is called
+and may use the variables; if another acl expansion is used the values
+are restored after it returns. If the ACL sets
+a value using a "message =" modifier and returns accept or deny, the value becomes
+the result of the expansion.
+If no message is set and the ACL returns accept or deny
+the expansion result is an empty string.
+If the ACL returns defer the result is a forced-fail. Otherwise the expansion fails.
+
+
.vitem "&*${dlfunc{*&<&'file'&>&*}{*&<&'function'&>&*}{*&<&'arg'&>&*}&&&
{*&<&'arg'&>&*}...}*&"
.cindex &%dlfunc%&
command does not succeed. If both strings are omitted, the result is contents
of the standard output/error on success, and nothing on failure.
+.vindex "&$run_in_acl$&"
+The standard output/error of the command is put in the variable &$value$&.
+In this ACL example, the output of a command is logged for the admin to
+troubleshoot:
+.code
+warn condition = ${run{/usr/bin/id}{yes}{no}}
+ log_message = Output of id: $value
+.endd
+If the command requires shell idioms, such as the > redirect operator, the
+shell must be invoked directly, such as with:
+.code
+${run{/bin/bash -c "/usr/bin/id >/tmp/id"}{yes}{yes}}
+.endd
+
.vindex "&$runrc$&"
The return code from the command is put in the variable &$runrc$&, and this
remains set afterwards, so in a filter file you can do things like this:
identifiers, base-36 digits. The number is converted to decimal and output as a
string.
+
.vitem &*${domain:*&<&'string'&>&*}*&
.cindex "domain" "extraction"
.cindex "expansion" "domain extraction"
be useful for processing the output of the MD5 and SHA-1 hashing functions.
+
+.vitem &*${hexquote:*&<&'string'&>&*}*&
+.cindex "quoting" "hex-encoded unprintable characters"
+.cindex "&%hexquote%& expansion item"
+This operator converts non-printable characters in a string into a hex
+escape form. Byte values between 33 (!) and 126 (~) inclusive are left
+as is, and other byte values are converted to &`\xNN`&, for example a
+byt value 127 is converted to &`\x7f`&.
+
+
.vitem &*${lc:*&<&'string'&>&*}*&
.cindex "case forcing in strings"
.cindex "string" "case forcing"
when &%length%& is used as an operator.
+.vitem &*${listcount:*&<&'string'&>&*}*&
+.cindex "expansion" "list item count"
+.cindex "list" "item count"
+.cindex "list" "count of items"
+.cindex "&%listcount%& expansion item"
+The string is interpreted as a list and the number of items is returned.
+
+
+.vitem &*${listnamed:*&<&'name'&>&*}*&&~and&~&*${list_*&<&'type'&>&*name*&>&*}*&
+.cindex "expansion" "named list"
+.cindex "&%listnamed%& expansion item"
+The name is interpreted as a named list and the content of the list is returned,
+expanding any referenced lists, re-quoting as needed for colon-separation.
+If the optional type if given it must be one of "a", "d", "h" or "l"
+and selects address-, domain-, host- or localpart- lists to search among respectively.
+Otherwise all types are searched in an undefined order and the first
+matching list is returned.
+
+
.vitem &*${local_part:*&<&'string'&>&*}*&
.cindex "expansion" "local part extraction"
.cindex "&%local_part%& expansion item"
supplied number and is at least 0. The quality of this randomness depends
on how Exim was built; the values are not suitable for keying material.
If Exim is linked against OpenSSL then RAND_pseudo_bytes() is used.
-.new
If Exim is linked against GnuTLS then gnutls_rnd(GNUTLS_RND_NONCE) is used,
for versions of GnuTLS with that function.
-.wen
Otherwise, the implementation may be arc4random(), random() seeded by
srandomdev() or srandom(), or a custom implementation even weaker than
random().
for DNS. For example,
.code
${reverse_ip:192.0.2.4}
-${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.3}
+${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.127}
.endd
returns
.code
4.2.0.192
-3.0.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2
+f.7.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2
.endd
.endd
Note that the general negation operator provides for inequality testing. The
two strings must take the form of optionally signed decimal integers,
-optionally followed by one of the letters &"K"& or &"M"& (in either upper or
-lower case), signifying multiplication by 1024 or 1024*1024, respectively.
+optionally followed by one of the letters &"K"&, &"M"& or &"G"& (in either upper or
+lower case), signifying multiplication by 1024, 1024*1024 or 1024*1024*1024, respectively.
As a special case, the numerical value of an empty string is taken as
zero.
10M, not if 10M is larger than &$message_size$&.
+.vitem &*acl&~{{*&<&'name'&>&*}{*&<&'arg1'&>&*}&&&
+ {*&<&'arg2'&>&*}...}*&
+.cindex "expansion" "calling an acl"
+.cindex "&%acl%&" "expansion condition"
+The name and zero to nine argument strings are first expanded separately. The expanded
+arguments are assigned to the variables &$acl_arg1$& to &$acl_arg9$& in order.
+Any unused are made empty. The variable &$acl_narg$& is set to the number of
+arguments. The named ACL (see chapter &<<CHAPACL>>&) is called
+and may use the variables; if another acl expansion is used the values
+are restored after it returns. If the ACL sets
+a value using a "message =" modifier the variable $value becomes
+the result of the expansion, otherwise it is empty.
+If the ACL returns accept the condition is true; if deny, false.
+If the ACL returns defer the result is a forced-fail.
+
.vitem &*bool&~{*&<&'string'&>&*}*&
.cindex "expansion" "boolean parsing"
.cindex "&%bool%& expansion condition"
The value of &$item$& is saved and restored while &*forany*& or &*forall*& is
being processed, to enable these expansion items to be nested.
+To scan a named list, expand it with the &*listnamed*& operator.
+
.vitem &*ge&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& &&&
&*gei&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*&
includes the case of letters, whereas for &%gti%& the comparison is
case-independent.
-.new
.vitem &*inlist&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& &&&
&*inlisti&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*&
.cindex "string" "comparison"
${if inlisti{Needle}{fOo:NeeDLE:bAr}}
${if forany{fOo:NeeDLE:bAr}{eqi{$item}{Needle}}}
.endd
-.wen
.vitem &*isip&~{*&<&'string'&>&*}*& &&&
&*isip4&~{*&<&'string'&>&*}*& &&&
.vitem &*match_ip&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*&
.cindex "&%match_ip%& expansion condition"
-.new
This condition matches an IP address to a list of IP address patterns. It must
be followed by two argument strings. The first (after expansion) must be an IP
address or an empty string. The second (not expanded) is a restricted host
list that can match only an IP address, not a host name. For example:
-.wen
.code
${if match_ip{$sender_host_address}{1.2.3.4:5.6.7.8}{...}{...}}
.endd
.endd
.endlist ilist
-.new
Note that <&'string2'&> is not itself subject to string expansion, unless
Exim was built with the EXPAND_LISTMATCH_RHS option.
-.wen
Consult section &<<SECThoslispatip>>& for further details of these patterns.
have their local parts matched casefully. Domains are always matched
caselessly.
-.new
Note that <&'string2'&> is not itself subject to string expansion, unless
Exim was built with the EXPAND_LISTMATCH_RHS option.
-.wen
&*Note*&: Host lists are &'not'& supported in this way. This is because
hosts have two identities: a name and an IP address, and it is not clear
negative response to an AUTH command, including (for example) an attempt to use
an undefined mechanism.
-.new
.vitem &$av_failed$&
.cindex "content scanning" "AV scanner failure"
This variable is available when Exim is compiled with the content-scanning
extension. It is set to &"0"& by default, but will be set to &"1"& if any
problem occurs with the virus scanner (specified by &%av_scanner%&) during
the ACL malware condition.
-.wen
.vitem &$body_linecount$&
.cindex "message body" "line count"
be terminated by colon or white space, because it may contain a wide variety of
characters. Note also that braces must &'not'& be used.
+.vitem &$headers_added$&
+.vindex "&$headers_added$&"
+Within an ACL this variable contains the headers added so far by
+the ACL modifier add_header (section &<<SECTaddheadacl>>&).
+The headers are a newline-separated list.
+
.vitem &$home$&
.vindex "&$home$&"
When the &%check_local_user%& option is set for a router, the user's home
.vindex "&$return_size_limit$&"
This is an obsolete name for &$bounce_return_size_limit$&.
+.vitem &$router_name$&
+.cindex "router" "name"
+.cindex "name" "of router"
+.vindex "&$router_name$&"
+During the running of a router this variable contains its name.
+
.vitem &$runrc$&
.cindex "return code" "from &%run%& expansion"
.vindex "&$runrc$&"
received. It is empty if there was no successful authentication. See also
&$authenticated_id$&.
+.new
+.vitem &$sender_host_dnssec$&
+.vindex "&$sender_host_dnssec$&"
+If &$sender_host_name$& has been populated (by reference, &%hosts_lookup%& or
+otherwise) then this boolean will have been set true if, and only if, the
+resolver library states that the reverse DNS was authenticated data. At all
+other times, this variable is false.
+
+It is likely that you will need to coerce DNSSEC support on in the resolver
+library, by setting:
+.code
+dns_use_dnssec = 1
+.endd
+
+Exim does not perform DNSSEC validation itself, instead leaving that to a
+validating resolver (eg, unbound, or bind with suitable configuration).
+
+Exim does not (currently) check to see if the forward DNS was also secured
+with DNSSEC, only the reverse DNS.
+
+If you have changed &%host_lookup_order%& so that &`bydns`& is not the first
+mechanism in the list, then this variable will be false.
+.wen
+
+
.vitem &$sender_host_name$&
.vindex "&$sender_host_name$&"
When a message is received from a remote host, this variable contains the
command, which can be found in the separate document entitled &'Exim's
interfaces to mail filtering'&.
-.new
-.vitem &$tls_bits$&
-.vindex "&$tls_bits$&"
-Contains an approximation of the TLS cipher's bit-strength; the meaning of
+.vitem &$tls_in_bits$&
+.vindex "&$tls_in_bits$&"
+Contains an approximation of the TLS cipher's bit-strength
+on the inbound connection; the meaning of
this depends upon the TLS implementation used.
If TLS has not been negotiated, the value will be 0.
The value of this is automatically fed into the Cyrus SASL authenticator
when acting as a server, to specify the "external SSF" (a SASL term).
-.wen
-.vitem &$tls_certificate_verified$&
-.vindex "&$tls_certificate_verified$&"
+The deprecated &$tls_bits$& variable refers to the inbound side
+except when used in the context of an outbound SMTP delivery, when it refers to
+the outbound.
+
+.vitem &$tls_out_bits$&
+.vindex "&$tls_out_bits$&"
+Contains an approximation of the TLS cipher's bit-strength
+on an outbound SMTP connection; the meaning of
+this depends upon the TLS implementation used.
+If TLS has not been negotiated, the value will be 0.
+
+.vitem &$tls_in_certificate_verified$&
+.vindex "&$tls_in_certificate_verified$&"
This variable is set to &"1"& if a TLS certificate was verified when the
message was received, and &"0"& otherwise.
-.vitem &$tls_cipher$&
+The deprecated &$tls_certificate_verfied$& variable refers to the inbound side
+except when used in the context of an outbound SMTP delivery, when it refers to
+the outbound.
+
+.vitem &$tls_out_certificate_verified$&
+.vindex "&$tls_out_certificate_verified$&"
+This variable is set to &"1"& if a TLS certificate was verified when an
+outbound SMTP connection was made,
+and &"0"& otherwise.
+
+.vitem &$tls_in_cipher$&
+.vindex "&$tls_in_cipher$&"
.vindex "&$tls_cipher$&"
When a message is received from a remote host over an encrypted SMTP
connection, this variable is set to the cipher suite that was negotiated, for
&$tls_cipher$& for emptiness is one way of distinguishing between encrypted and
non-encrypted connections during ACL processing.
-The &$tls_cipher$& variable retains its value during message delivery, except
-when an outward SMTP delivery takes place via the &(smtp)& transport. In this
-case, &$tls_cipher$& is cleared before any outgoing SMTP connection is made,
+The deprecated &$tls_cipher$& variable is the same as &$tls_in_cipher$& during message reception,
+but in the context of an outward SMTP delivery taking place via the &(smtp)& transport
+becomes the same as &$tls_out_cipher$&.
+
+.vitem &$tls_out_cipher$&
+.vindex "&$tls_out_cipher$&"
+This variable is
+cleared before any outgoing SMTP connection is made,
and then set to the outgoing cipher suite if one is negotiated. See chapter
&<<CHAPTLS>>& for details of TLS support and chapter &<<CHAPsmtptrans>>& for
details of the &(smtp)& transport.
-.vitem &$tls_peerdn$&
+.vitem &$tls_in_peerdn$&
+.vindex "&$tls_in_peerdn$&"
.vindex "&$tls_peerdn$&"
When a message is received from a remote host over an encrypted SMTP
connection, and Exim is configured to request a certificate from the client,
the value of the Distinguished Name of the certificate is made available in the
-&$tls_peerdn$& during subsequent processing. Like &$tls_cipher$&, the
-value is retained during message delivery, except during outbound SMTP
-deliveries.
+&$tls_in_peerdn$& during subsequent processing.
-.new
-.vitem &$tls_sni$&
+The deprecated &$tls_peerdn$& variable refers to the inbound side
+except when used in the context of an outbound SMTP delivery, when it refers to
+the outbound.
+
+.vitem &$tls_out_peerdn$&
+.vindex "&$tls_out_peerdn$&"
+When a message is being delivered to a remote host over an encrypted SMTP
+connection, and Exim is configured to request a certificate from the server,
+the value of the Distinguished Name of the certificate is made available in the
+&$tls_out_peerdn$& during subsequent processing.
+
+.vitem &$tls_in_sni$&
+.vindex "&$tls_in_sni$&"
.vindex "&$tls_sni$&"
.cindex "TLS" "Server Name Indication"
When a TLS session is being established, if the client sends the Server
a different certificate to be presented (and optionally a different key to be
used) to the client, based upon the value of the SNI extension.
-The value will be retained for the lifetime of the message. During outbound
-SMTP deliveries, it reflects the value of the &%tls_sni%& option on
+The deprecated &$tls_sni$& variable refers to the inbound side
+except when used in the context of an outbound SMTP delivery, when it refers to
+the outbound.
+
+.vitem &$tls_out_sni$&
+.vindex "&$tls_out_sni$&"
+.cindex "TLS" "Server Name Indication"
+During outbound
+SMTP deliveries, this variable reflects the value of the &%tls_sni%& option on
the transport.
-.wen
.vitem &$tod_bsdinbox$&
.vindex "&$tod_bsdinbox$&"
This variable contains the UTC date and time in &"Zulu"& format, as specified
by ISO 8601, for example: 20030221154023Z.
+.vitem &$transport_name$&
+.cindex "transport" "name"
+.cindex "name" "of transport"
+.vindex "&$transport_name$&"
+During the running of a transport, this variable contains its name.
+
.vitem &$value$&
.vindex "&$value$&"
This variable contains the result of an expansion lookup, extraction operation,
.endd
To specify listening on the default port on specific interfaces only:
.code
-local_interfaces = 192.168.34.67 : 192.168.34.67
+local_interfaces = 10.0.0.67 : 192.168.34.67
.endd
&*Warning*&: Such a setting excludes listening on the loopback interfaces.
.section "TLS" "SECID108"
.table2
.row &%gnutls_compat_mode%& "use GnuTLS compatibility mode"
+.row &%gnutls_enable_pkcs11%& "allow GnuTLS to autoload PKCS11 modules"
.row &%openssl_options%& "adjust OpenSSL compatibility options"
.row &%tls_advertise_hosts%& "advertise TLS to these hosts"
.row &%tls_certificate%& "location of server certificate"
.row &%dns_ipv4_lookup%& "only v4 lookup for these domains"
.row &%dns_retrans%& "parameter for resolver"
.row &%dns_retry%& "parameter for resolver"
+.row &%dns_use_dnssec%& "parameter for resolver"
.row &%dns_use_edns0%& "parameter for resolver"
.row &%hold_domains%& "hold delivery for these domains"
.row &%local_interfaces%& "for routing checks"
Those options that undergo string expansion before use are marked with
†.
-.new
.option accept_8bitmime main boolean true
.cindex "8BITMIME"
.cindex "8-bit characters"
+.cindex "log" "selectors"
+.cindex "log" "8BITMIME"
This option causes Exim to send 8BITMIME in its response to an SMTP
EHLO command, and to accept the BODY= parameter on MAIL commands.
However, though Exim is 8-bit clean, it is not a protocol converter, and it
.display
&url(http://cr.yp.to/smtp/8bitmime.html)
.endd
-.wen
+
+To log received 8BITMIME status use
+.code
+log_selector = +8bitmime
+.endd
.option acl_not_smtp main string&!! unset
.cindex "&ACL;" "for non-SMTP messages"
is encrypted using TLS, you can make use of the fact that the value of this
option is expanded, with a setting like this:
.code
-auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
+auth_advertise_hosts = ${if eq{$tls_in_cipher}{}{}{*}}
.endd
-.vindex "&$tls_cipher$&"
-If &$tls_cipher$& is empty, the session is not encrypted, and the result of
+.vindex "&$tls_in_cipher$&"
+If &$tls_in_cipher$& is empty, the session is not encrypted, and the result of
the expansion is empty, thus matching no hosts. Otherwise, the result of the
expansion is *, which matches all hosts.
.new
+.option dns_use_dnssec main integer -1
+.cindex "DNS" "resolver options"
+.cindex "DNS" "DNSSEC"
+If this option is set to a non-negative number then Exim will initialise the
+DNS resolver library to either use or not use DNSSEC, overriding the system
+default. A value of 0 coerces DNSSEC off, a value of 1 coerces DNSSEC on.
+
+If the resolver library does not support DNSSEC then this option has no effect.
+.wen
+
+
.option dns_use_edns0 main integer -1
.cindex "DNS" "resolver options"
.cindex "DNS" "EDNS0"
on.
If the resolver library does not support EDNS0 then this option has no effect.
-.wen
.option drop_cr main boolean false
server. This reduces security slightly, but improves interworking with older
implementations of TLS.
+
+.new
+option gnutls_enable_pkcs11 main boolean unset
+This option will let GnuTLS (2.12.0 or later) autoload PKCS11 modules with
+the p11-kit configuration files in &_/etc/pkcs11/modules/_&.
+
+See
+&url(http://www.gnu.org/software/gnutls/manual/gnutls.html#Smart-cards-and-HSMs)
+for documentation.
+.wen
+
+
+
.option headers_charset main string "see below"
This option sets a default character set for translating from encoded MIME
&"words"& in header lines, when referenced by an &$h_xxx$& expansion item. The
adjusted lightly. An unrecognised item will be detected at startup, by
invoking Exim with the &%-bV%& flag.
-.new
Historical note: prior to release 4.80, Exim defaulted this value to
"+dont_insert_empty_fragments", which may still be needed for compatibility
with some clients, but which lowers security by increasing exposure to
some now infamous attacks.
-.wen
An example:
.code
.next
&`no_tlsv1_2`&
.next
+&`safari_ecdhe_ecdsa_bug`&
+.next
&`single_dh_use`&
.next
&`single_ecdh_use`&
&`tls_rollback_bug`&
.endlist
+.new
+As an aside, the &`safari_ecdhe_ecdsa_bug`& item is a misnomer and affects
+all clients connecting using the MacOS SecureTransport TLS facility prior
+to MacOS 10.8.4, including email clients. If you see old MacOS clients failing
+to negotiate TLS then this option value might help, provided that your OpenSSL
+release is new enough to contain this work-around. This may be a situation
+where you have to upgrade OpenSSL to get buggy clients working.
+.wen
+
.option oracle_servers main "string list" unset
.cindex "Oracle" "server list"
${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
by $primary_hostname \
${if def:received_protocol {with $received_protocol}} \
- ${if def:tls_cipher {($tls_cipher)\n\t}}\
+ ${if def:tls_in_cipher {($tls_in_cipher)\n\t}}\
(Exim $version_number)\n\t\
${if def:sender_address \
{(envelope-from <$sender_address>)\n\t}}\
. Allow this long option name to split; give it unsplit as a fifth argument
. for the automatic .oindex that is generated by .option.
-.option "smtp_accept_max_per_ &~&~connection" main integer 1000 &&&
+.option "smtp_accept_max_per_connection" main integer 1000 &&&
smtp_accept_max_per_connection
.cindex "SMTP" "limiting incoming message count"
.cindex "limit" "messages per SMTP connection"
use when sending messages as a client, you must set the &%tls_certificate%&
option in the relevant &(smtp)& transport.
-.new
-If the option contains &$tls_sni$& and Exim is built against OpenSSL, then
+If the option contains &$tls_out_sni$& and Exim is built against OpenSSL, then
if the OpenSSL build supports TLS extensions and the TLS client sends the
Server Name Indication extension, then this option and others documented in
&<<SECTtlssni>>& will be re-expanded.
-.wen
.option tls_crl main string&!! unset
.cindex "TLS" "server certificate revocation list"
This option specifies a certificate revocation list. The expanded value must
be the name of a file that contains a CRL in PEM format.
-.new
See &<<SECTtlssni>>& for discussion of when this option might be re-expanded.
-.wen
-.new
.option tls_dh_max_bits main integer 2236
.cindex "TLS" "D-H bit count"
The number of bits used for Diffie-Hellman key-exchange may be suggested by
Note that the value passed to GnuTLS for *generating* a new prime may be a
little less than this figure, because GnuTLS is inexact and may produce a
larger prime than requested.
-.wen
.option tls_dhparam main string&!! unset
.cindex "TLS" "D-H parameters for server"
-.new
The value of this option is expanded and indicates the source of DH parameters
to be used by Exim.
Some of these will be too small to be accepted by clients.
Some may be too large to be accepted by clients.
-.wen
.option tls_on_connect_ports main "string list" unset
key is assumed to be in the same file as the server's certificates. See chapter
&<<CHAPTLS>>& for further details.
-.new
See &<<SECTtlssni>>& for discussion of when this option might be re-expanded.
-.wen
.option tls_remember_esmtp main boolean false
Thus the values defined should be considered public data. To avoid this,
use OpenSSL with a directory.
-.new
See &<<SECTtlssni>>& for discussion of when this option might be re-expanded.
-.wen
+
+A forced expansion failure or setting to an empty string is equivalent to
+being unset.
.option tls_verify_hosts main "host list&!!" unset
If the result is any other value, the router is run (as this is the last
precondition to be evaluated, all the other preconditions must be true).
-This option is unique in that multiple &%condition%& options may be present.
+This option is unusual in that multiple &%condition%& options may be present.
All &%condition%& options must succeed.
The &%condition%& option provides a means of applying custom conditions to the
.option debug_print routers string&!! unset
.cindex "testing" "variables in drivers"
If this option is set and debugging is enabled (see the &%-d%& command line
-option), the string is expanded and included in the debugging output.
+option) or in address-testing mode (see the &%-bt%& command line option),
+the string is expanded and included in the debugging output.
If expansion of the string fails, the error message is written to the debugging
output, and Exim carries on processing.
This option is provided to help with checking out the values of variables and
variables it references. The output happens after checks for &%domains%&,
&%local_parts%&, and &%check_local_user%& but before any other preconditions
are tested. A newline is added to the text if it does not end with one.
+The variable &$router_name$& contains the name of the router.
the expansion is forced to fail, the option has no effect. Other expansion
failures are treated as configuration errors.
+Unlike most options, &%headers_add%& can be specified multiple times
+for a router; all listed headers are added.
+
&*Warning 1*&: The &%headers_add%& option cannot be used for a &(redirect)&
router that has the &%one_time%& option set.
the option has no effect. Other expansion failures are treated as configuration
errors.
+Unlike most options, &%headers_remove%& can be specified multiple times
+for a router; all listed headers are removed.
+
&*Warning 1*&: The &%headers_remove%& option cannot be used for a &(redirect)&
router that has the &%one_time%& option set.
.cindex "EXPN" "with &%verify_only%&"
.oindex "&%-bv%&"
.cindex "router" "used only when verifying"
-If this option is set, the router is used only when verifying an address or
+If this option is set, the router is used only when verifying an address,
+delivering in cutthrough mode or
testing with the &%-bv%& option, not when actually doing a delivery, testing
with the &%-bt%& option, or running the SMTP EXPN command. It can be further
restricted to verifying only senders or recipients by means of
.option verify_recipient routers&!? boolean true
If this option is false, the router is skipped when verifying recipient
-addresses
+addresses,
+delivering in cutthrough mode
or testing recipient verification using &%-bv%&.
See section &<<SECTrouprecon>>& for a list of the order in which preconditions
are evaluated.
case routing fails.
-.new
.section "Declining addresses by dnslookup" "SECTdnslookupdecline"
.cindex "&(dnslookup)& router" "declines"
There are a few cases where a &(dnslookup)& router will decline to accept
&%check_secondary_mx%& is set on this router but the local host can
not be found in the MX records (see below)
.endlist
-.wen
.endd
is interpreted as a pipe with a rather strange command name, and no arguments.
+.new
+Note that the above example assumes that the text comes from a lookup source
+of some sort, so that the quotes are part of the data. If composing a
+redirect router with a &%data%& option directly specifying this command, the
+quotes will be used by the configuration parser to define the extent of one
+string, but will not be passed down into the redirect router itself. There
+are two main approaches to get around this: escape quotes to be part of the
+data itself, or avoid using this mechanism and instead create a custom
+transport with the &%command%& option set and reference that transport from
+an &%accept%& router.
+.wen
+
.next
.cindex "file" "in redirection list"
.cindex "address redirection" "to file"
option is not working properly, &%debug_print%& could be used to output the
variables it references. A newline is added to the text if it does not end with
one.
+The variables &$transport_name$& and &$router_name$& contain the name of the
+transport and the router that called it.
.option delivery_date_add transports boolean false
is forced to fail, no action is taken. Other expansion failures are treated as
errors and cause the delivery to be deferred.
+Unlike most options, &%headers_add%& can be specified multiple times
+for a transport; all listed headers are added.
+
.option headers_only transports boolean false
is forced to fail, no action is taken. Other expansion failures are treated as
errors and cause the delivery to be deferred.
+Unlike most options, &%headers_remove%& can be specified multiple times
+for a router; all listed headers are added.
+
.option headers_rewrite transports string unset
.option transport_filter_timeout transports time 5m
.cindex "transport" "filter, timeout"
-When Exim is reading the output of a transport filter, it a applies a timeout
+When Exim is reading the output of a transport filter, it applies a timeout
that can be set by this option. Exceeding the timeout is normally treated as a
temporary delivery failure. However, if a transport filter is used with a
&(pipe)& transport, a timeout in the transport filter is treated in the same
section &<<SECTmaildirdelivery>>& below.
-.new
.option maildir_use_size_file appendfile&!! boolean false
.cindex "maildir format" "&_maildirsize_& file"
The result of string expansion for this option must be a valid boolean value.
quota from the &%quota%& option of the transport. If &%quota%& is unset, the
value is zero. See &%maildir_quota_directory_regex%& above and section
&<<SECTmaildirdelivery>>& below for further details.
-.wen
.option maildirfolder_create_regex appendfile string unset
.cindex "maildir format" "&_maildirfolder_& file"
.vindex "&$address_pipe$&"
A router redirects an address directly to a pipe command (for example, from an
alias or forward file). In this case, &$address_pipe$& contains the text of the
-pipe command, and the &%command%& option on the transport is ignored. If only
-one address is being transported (&%batch_max%& is not greater than one, or
-only one address was redirected to this pipe command), &$local_part$& contains
-the local part that was redirected.
+pipe command, and the &%command%& option on the transport is ignored unless
+&%force_command%& is set. If only one address is being transported
+(&%batch_max%& is not greater than one, or only one address was redirected to
+this pipe command), &$local_part$& contains the local part that was redirected.
.endlist
avoids any problems with spaces or shell metacharacters, and is of use when a
&(pipe)& transport is handling groups of addresses in a batch.
+If &%force_command%& is enabled on the transport, Special handling takes place
+for an argument that consists of precisely the text &`$address_pipe`&. It
+is handled similarly to &$pipe_addresses$& above. It is expanded and each
+argument is inserted in the argument list at that point
+&'as a separate argument'&. The &`$address_pipe`& item does not need to be
+the only item in the argument; in fact, if it were then &%force_command%&
+should behave as a no-op. Rather, it should be used to adjust the command
+run while preserving the argument vector separation.
+
After splitting up into arguments and expansion, the resulting command is run
in a subprocess directly from the transport, &'not'& under a shell. The
message that is being delivered is supplied on the standard input, and the
frozen in Exim's queue instead.
+.option force_command pipe boolean false
+.cindex "force command"
+.cindex "&(pipe)& transport", "force command"
+Normally when a router redirects an address directly to a pipe command
+the &%command%& option on the transport is ignored. If &%force_command%&
+is set, the &%command%& option will used. This is especially
+useful for forcing a wrapper or additional argument to be added to the
+command. For example:
+.code
+command = /usr/bin/remote_exec myhost -- $address_pipe
+force_command
+.endd
+
+Note that &$address_pipe$& is handled specially in &%command%& when
+&%force_command%& is set, expanding out to the original argument vector as
+separate items, similarly to a Unix shell &`"$@"`& construct.
+
.option ignore_status pipe boolean false
If this option is true, the status returned by the subprocess that is set up to
run the command is ignored, and Exim behaves as if zero had been returned.
are in force when any authenticators are run and when the
&%authenticated_sender%& option is expanded.
+These variables are deprecated in favour of &$tls_in_cipher$& et. al.
+and will be removed in a future release.
+
.section "Private options for smtp" "SECID146"
.cindex "options" "&(smtp)& transport"
The expansion happens after the outgoing connection has been made and TLS
started, if required. This means that the &$host$&, &$host_address$&,
-&$tls_cipher$&, and &$tls_peerdn$& variables are set according to the
+&$tls_out_cipher$&, and &$tls_out_peerdn$& variables are set according to the
particular connection.
If the SMTP session is not authenticated, the expansion of
details.
+.new
+.option dscp smtp string&!! unset
+.cindex "DCSP" "outbound"
+This option causes the DSCP value associated with a socket to be set to one
+of a number of fixed strings or to numeric value.
+The &%-bI:dscp%& option may be used to ask Exim which names it knows of.
+Common values include &`throughput`&, &`mincost`&, and on newer systems
+&`ef`&, &`af41`&, etc. Numeric values may be in the range 0 to 0x3F.
+
+The outbound packets from Exim will be marked with this value in the header
+(for IPv4, the TOS field; for IPv6, the TCLASS field); there is no guarantee
+that these values will have any effect, not be stripped by networking
+equipment, or do much of anything without cooperation with your Network
+Engineer and those of all network operators between the source and destination.
+.wen
+
.option fallback_hosts smtp "string list" unset
.cindex "fallback" "hosts specified on transport"
Exim will not try to start a TLS session when delivering to any host that
matches this list. See chapter &<<CHAPTLS>>& for details of TLS.
+.option hosts_verify_avoid_tls smtp "host list&!!" *
+.cindex "TLS" "avoiding for certain hosts"
+Exim will not try to start a TLS session for a verify callout,
+or when delivering in cutthrough mode,
+to any host that matches this list.
+Note that the default is to not use TLS.
+
.option hosts_max_try smtp integer 5
.cindex "host" "maximum number to try"
deliveries into closed message stores. Exim also has support for running LMTP
over a pipe to a local process &-- see chapter &<<CHAPLMTP>>&.
-.new
If this option is set to &"smtps"&, the default vaule for the &%port%& option
changes to &"smtps"&, and the transport initiates TLS immediately after
connecting, as an outbound SSL-on-connect, instead of using STARTTLS to upgrade.
The Internet standards bodies strongly discourage use of this mode.
-.wen
.option retry_include_ip_address smtp boolean true
be the name of a file that contains a CRL in PEM format.
+.new
+.option tls_dh_min_bits smtp integer 1024
+.cindex "TLS" "Diffie-Hellman minimum acceptable size"
+When establishing a TLS session, if a ciphersuite which uses Diffie-Hellman
+key agreement is negotiated, the server will provide a large prime number
+for use. This option establishes the minimum acceptable size of that number.
+If the parameter offered by the server is too small, then the TLS handshake
+will fail.
+
+Only supported when using GnuTLS.
+.wen
+
+
.option tls_privatekey smtp string&!! unset
.cindex "TLS" "client private key, location of"
.vindex "&$host$&"
-.new
.option tls_sni smtp string&!! unset
.cindex "TLS" "Server Name Indication"
.vindex "&$tls_sni$&"
-If this option is set then it sets the $tls_sni variable and causes any
+If this option is set then it sets the $tls_out_sni variable and causes any
TLS session to pass this value as the Server Name Indication extension to
the remote side, which can be used by the remote side to select an appropriate
certificate and private key for the session.
See &<<SECTtlssni>>& for more information.
-OpenSSL only, also requiring a build of OpenSSL that supports TLS extensions.
-.wen
+Note that for OpenSSL, this feature requires a build of OpenSSL that supports
+TLS extensions.
+
.code
AUTH_CRAM_MD5=yes
AUTH_CYRUS_SASL=yes
-.new
AUTH_DOVECOT=yes
AUTH_GSASL=yes
AUTH_HEIMDAL_GSSAPI=yes
-.wen
AUTH_PLAINTEXT=yes
AUTH_SPA=yes
.endd
in &_Local/Makefile_&, respectively. The first of these supports the CRAM-MD5
authentication mechanism (RFC 2195), and the second provides an interface to
the Cyrus SASL authentication library.
-.new
The third is an interface to Dovecot's authentication system, delegating the
work via a socket interface.
The fourth provides an interface to the GNU SASL authentication library, which
the PLAIN authentication mechanism (RFC 2595) or the LOGIN mechanism, which is
not formally documented, but used by several MUAs. The seventh authenticator
supports Microsoft's &'Secure Password Authentication'& mechanism.
-.wen
The authenticators are configured using the same syntax as other drivers (see
section &<<SECTfordricon>>&). If no authenticators are required, no
authenticators, followed by general discussion of the way authentication works
in Exim.
-.new
&*Beware:*& the meaning of &$auth1$&, &$auth2$&, ... varies on a per-driver and
per-mechanism basis. Please read carefully to determine which variables hold
account labels such as usercodes and which hold passwords or other
to a client to help it select an account and credentials to use. In some
mechanisms, the client and server provably agree on the realm, but clients
typically can not treat the realm as secure data to be blindly trusted.
-.wen
used, for example, to skip plain text authenticators when the connection is not
encrypted by a setting such as:
.code
-client_condition = ${if !eq{$tls_cipher}{}}
+client_condition = ${if !eq{$tls_out_cipher}{}}
.endd
-(Older documentation incorrectly states that &$tls_cipher$& contains the cipher
-used for incoming messages. In fact, during SMTP delivery, it contains the
-cipher used for the delivery.)
+
+
+.option client_set_id authenticators string&!! unset
+When client authentication succeeds, this condition is expanded; the
+result is used in the log lines for outbound messasges.
+Typically it will be the user name used for authentication.
.option driver authenticators string unset
is used directly to control authentication. See section &<<SECTplainserver>>&
for details.
-.new
For the &(gsasl)& authenticator, this option is required for various
mechanisms; see chapter &<<CHAPgsasl>>& for details.
-.wen
For the other authenticators, &%server_condition%& can be used as an additional
authentication or authorization mechanism that is applied after the other
advertisement of a particular mechanism to encrypted connections, by a setting
such as:
.code
-server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
+server_advertise_condition = ${if eq{$tls_in_cipher}{}{no}{yes}}
.endd
-.vindex "&$tls_cipher$&"
-If the session is encrypted, &$tls_cipher$& is not empty, and so the expansion
+.vindex "&$tls_in_cipher$&"
+If the session is encrypted, &$tls_in_cipher$& is not empty, and so the expansion
yields &"yes"&, which allows the advertisement to happen.
When an Exim server receives an AUTH command from a client, it rejects it
Note that this expansion explicitly forces failure if the lookup fails
because &$auth1$& contains an unknown user name.
-.new
As another example, if you wish to re-use a Cyrus SASL sasldb2 file without
using the relevant libraries, you need to know the realm to specify in the
lookup and then ask for the &"userPassword"& attribute for that user in that
dbmjz{/etc/sasldb2}}
server_set_id = $auth1
.endd
-.wen
.section "Using cram_md5 as a client" "SECID177"
.cindex "options" "&(cram_md5)& authenticator (client)"
changing the server keytab might need to be communicated down to the Kerberos
layer independently. The mechanism for doing so is dependent upon the Kerberos
implementation.
-.new
+
For example, for older releases of Heimdal, the environment variable KRB5_KTNAME
may be set to point to an alternative keytab file. Exim will pass this
variable through from its own inherited environment when started as root or the
environment variable. In practice, for those releases, the Cyrus authenticator
is not a suitable interface for GSSAPI (Kerberos) support. Instead, consider
the &(heimdal_gssapi)& authenticator, described in chapter &<<CHAPheimdalgss>>&
-.wen
.section "Using cyrus_sasl as a server" "SECID178"
server_set_id = $auth1
.endd
-.new
.option server_realm cyrus_sasl string&!! unset
This specifies the SASL realm that the server claims to be in.
-.wen
.option server_service cyrus_sasl string &`smtp`&
. ////////////////////////////////////////////////////////////////////////////
. ////////////////////////////////////////////////////////////////////////////
-.new
.chapter "The gsasl authenticator" "CHAPgsasl"
.scindex IIDgsaslauth1 "&(gsasl)& authenticator"
.scindex IIDgsaslauth2 "authenticators" "&(gsasl)&"
server_condition = yes
.endd
-.wen
. ////////////////////////////////////////////////////////////////////////////
. ////////////////////////////////////////////////////////////////////////////
-.new
.chapter "The heimdal_gssapi authenticator" "CHAPheimdalgss"
.scindex IIDheimdalgssauth1 "&(heimdal_gssapi)& authenticator"
.scindex IIDheimdalgssauth2 "authenticators" "&(heimdal_gssapi)&"
GSS Display Name.
.endlist
-.wen
. ////////////////////////////////////////////////////////////////////////////
. ////////////////////////////////////////////////////////////////////////////
The &%tls_verify_certificates%& option must contain the name of a file, not the
name of a directory (for OpenSSL it can be either).
.next
-.new
The default value for &%tls_dhparam%& differs for historical reasons.
-.wen
.next
-.vindex "&$tls_peerdn$&"
+.vindex "&$tls_in_peerdn$&"
+.vindex "&$tls_out_peerdn$&"
Distinguished Name (DN) strings reported by the OpenSSL library use a slash for
separating fields; GnuTLS uses commas, in accordance with RFC 2253. This
-affects the value of the &$tls_peerdn$& variable.
+affects the value of the &$tls_in_peerdn$& and &$tls_out_peerdn$& variables.
.next
OpenSSL identifies cipher suites using hyphens as separators, for example:
DES-CBC3-SHA. GnuTLS historically used underscores, for example:
.next
The &%tls_require_ciphers%& options operate differently, as described in the
sections &<<SECTreqciphssl>>& and &<<SECTreqciphgnu>>&.
+.next
.new
+The &%tls_dh_min_bits%& SMTP transport option is only honoured by GnuTLS.
+When using OpenSSL, this option is ignored.
+(If an API is found to let OpenSSL be configured in this way,
+let the Exim Maintainers know and we'll likely use it).
+.wen
.next
Some other recently added features may only be available in one or the other.
This should be documented with the feature. If the documentation does not
explicitly state that the feature is infeasible in the other TLS
implementation, then patches are welcome.
-.wen
.endlist
.section "GnuTLS parameter computation" "SECTgnutlsparam"
-.new
This section only applies if &%tls_dhparam%& is set to &`historic`& or to
an explicit path; if the latter, then the text about generation still applies,
but not the chosen filename.
bounds, as GnuTLS has been observed to overshoot. Note the check step in the
procedure above. There is no sane procedure available to Exim to double-check
the size of the generated prime, so it might still be too large.
-.wen
.section "Requiring specific ciphers in OpenSSL" "SECTreqciphssl"
not be moved to the end of the list.
.endlist
-.new
The OpenSSL &'ciphers(1)'& command may be used to test the results of a given
string:
.code
{DEFAULT}\
{HIGH:!MD5:!SHA1}}
.endd
-.wen
-.new
.section "Requiring specific ciphers or other parameters in GnuTLS" &&&
"SECTreqciphgnu"
.cindex "GnuTLS" "specifying parameters for"
{NORMAL:%COMPAT}\
{SECURE128}}
.endd
-.wen
.section "Configuring an Exim server to use TLS" "SECID182"
.endd
is set, the SSL library is initialized for the use of Diffie-Hellman ciphers
with the parameters contained in the file.
-.new
Set this to &`none`& to disable use of DH entirely, by making no prime
available:
.code
openssl dhparam
.endd
for a way of generating file data.
-.wen
The strings supplied for these three options are expanded every time a client
host connects. It is therefore possible to use different certificates and keys
.cindex "cipher" "logging"
.cindex "log" "TLS cipher"
-.vindex "&$tls_cipher$&"
-The variable &$tls_cipher$& is set to the cipher suite that was negotiated for
+.vindex "&$tls_in_cipher$&"
+The variable &$tls_in_cipher$& is set to the cipher suite that was negotiated for
an incoming TLS connection. It is included in the &'Received:'& header of an
incoming message (by default &-- you can, of course, change this), and it is
also included in the log line that records a message's arrival, keyed by
&"X="&, unless the &%tls_cipher%& log selector is turned off. The &%encrypted%&
condition can be used to test for specific cipher suites in ACLs.
-(For outgoing SMTP deliveries, &$tls_cipher$& is reset &-- see section
-&<<SECID185>>&.)
Once TLS has been established, the ACLs that run for subsequent SMTP commands
can check the name of the cipher suite and vary their actions accordingly. The
contexts is known as TLS_RSA_WITH_3DES_EDE_CBC_SHA. Check the OpenSSL or GnuTLS
documentation for more details.
+For outgoing SMTP deliveries, &$tls_out_cipher$& is used and logged
+(again depending on the &%tls_cipher%& log selector).
+
.section "Requesting and verifying client certificates" "SECID183"
.cindex "certificate" "verification of client"
example, you can insist on a certificate before accepting a message for
relaying, but not when the message is destined for local delivery.
-.vindex "&$tls_peerdn$&"
+.vindex "&$tls_in_peerdn$&"
When a client supplies a certificate (whether it verifies or not), the value of
the Distinguished Name of the certificate is made available in the variable
-&$tls_peerdn$& during subsequent processing of the message.
+&$tls_in_peerdn$& during subsequent processing of the message.
.cindex "log" "distinguished name"
Because it is often a long text string, it is not included in the log line or
&'Received:'& header by default. You can arrange for it to be logged, keyed by
&"DN="&, by setting the &%tls_peerdn%& log selector, and you can use
&%received_header_text%& to change the &'Received:'& header. When no
-certificate is supplied, &$tls_peerdn$& is empty.
+certificate is supplied, &$tls_in_peerdn$& is empty.
.section "Revoked certificates" "SECID184"
which the client is connected. Forced failure of an expansion causes Exim to
behave as if the relevant option were unset.
-.vindex &$tls_bits$&
-.vindex &$tls_cipher$&
-.vindex &$tls_peerdn$&
-.vindex &$tls_sni$&
+.vindex &$tls_out_bits$&
+.vindex &$tls_out_cipher$&
+.vindex &$tls_out_peerdn$&
+.vindex &$tls_out_sni$&
Before an SMTP connection is established, the
-&$tls_bits$&, &$tls_cipher$&, &$tls_peerdn$& and &$tls_sni$&
+&$tls_out_bits$&, &$tls_out_cipher$&, &$tls_out_peerdn$& and &$tls_out_sni$&
variables are emptied. (Until the first connection, they contain the values
that were set when the message was received.) If STARTTLS is subsequently
successfully obeyed, these variables are set to the relevant values for the
-.new
.section "Use of TLS Server Name Indication" "SECTtlssni"
.cindex "TLS" "Server Name Indication"
-.vindex "&$tls_sni$&"
-.oindex "&%tls_sni%&"
+.vindex "&$tls_in_sni$&"
+.oindex "&%tls_in_sni%&"
With TLS1.0 or above, there is an extension mechanism by which extra
information can be included at various points in the protocol. One of these
extensions, documented in RFC 6066 (and before that RFC 4366) is
The &%tls_sni%& option on an SMTP transport is an expanded string; the result,
if not empty, will be sent on a TLS session as part of the handshake. There's
nothing more to it. Choosing a sensible value not derived insecurely is the
-only point of caution. The &$tls_sni$& variable will be set to this string
+only point of caution. The &$tls_out_sni$& variable will be set to this string
for the lifetime of the client connection (including during authentication).
-Except during SMTP client sessions, if &$tls_sni$& is set then it is a string
+Except during SMTP client sessions, if &$tls_in_sni$& is set then it is a string
received from a client.
It can be logged with the &%log_selector%& item &`+tls_sni`&.
-If the string &`tls_sni`& appears in the main section's &%tls_certificate%&
+If the string &`tls_in_sni`& appears in the main section's &%tls_certificate%&
option (prior to expansion) then the following options will be re-expanded
during TLS session handshake, to permit alternative values to be chosen:
When Exim is built against GnuTLS, SNI support is available as of GnuTLS
0.5.10. (Its presence predates the current API which Exim uses, so if Exim
built, then you have SNI support).
-.wen
.cindex "certificate" "self-signed"
You can create a self-signed certificate using the &'req'& command provided
with OpenSSL, like this:
+. ==== Do not shorten the duration here without reading and considering
+. ==== the text below. Please leave it at 9999 days.
.code
openssl req -x509 -newkey rsa:1024 -keyout file1 -out file2 \
-days 9999 -nodes
prompting for the passphrase. This is not helpful if you are going to use
this certificate and key in an MTA, where prompting is not possible.
+. ==== I expect to still be working 26 years from now. The less technical
+. ==== debt I create, in terms of storing up trouble for my later years, the
+. ==== happier I will be then. We really have reached the point where we
+. ==== should start, at the very least, provoking thought and making folks
+. ==== pause before proceeding, instead of leaving all the fixes until two
+. ==== years before 2^31 seconds after the 1970 Unix epoch.
+. ==== -pdp, 2012
+NB: we are now past the point where 9999 days takes us past the 32-bit Unix
+epoch. If your system uses unsigned time_t (most do) and is 32-bit, then
+the above command might produce a date in the past. Think carefully about
+the lifetime of the systems you're deploying, and either reduce the duration
+of the certificate or reconsider your platform deployment. (At time of
+writing, reducing the duration is the most likely choice, but the inexorable
+progression of time takes us steadily towards an era where this will not
+be a sensible resolution).
+
A self-signed certificate made in this way is sufficient for testing, and
may be adequate for all your requirements if you are mainly interested in
encrypting transfers, and not in secure identification.
and try again later, but that is their problem, though it does waste some of
your resources.
+The &%acl_smtp_data%& ACL is run after both the &%acl_smtp_dkim%& and
+the &%acl_smtp_mime%& ACLs.
+
.section "The SMTP DKIM ACL" "SECTDKIMACL"
The &%acl_smtp_dkim%& ACL is available only when Exim is compiled with DKIM support
received, and is executed for each DKIM signature found in a message. If not
otherwise specified, the default action is to accept.
-For details on the operation of DKIM, see chapter &<<CHID12>>&.
+This ACL is evaluated before &%acl_smtp_mime%& and &%acl_smtp_data%&.
+
+For details on the operation of DKIM, see chapter &<<CHAPdkim>>&.
.section "The SMTP MIME ACL" "SECID194"
The &%acl_smtp_mime%& option is available only when Exim is compiled with the
content-scanning extension. For details, see chapter &<<CHAPexiscan>>&.
+This ACL is evaluated after &%acl_smtp_dkim%& but before &%acl_smtp_data%&.
+
.section "The QUIT ACL" "SECTQUITACL"
.cindex "QUIT, ACL for"
.section "The not-QUIT ACL" "SECTNOTQUITACL"
.vindex &$acl_smtp_notquit$&
The not-QUIT ACL, specified by &%acl_smtp_notquit%&, is run in most cases when
-an SMTP session ends without sending QUIT. However, when Exim itself is is bad
+an SMTP session ends without sending QUIT. However, when Exim itself is in bad
trouble, such as being unable to write to its log files, this ACL is not run,
because it might try to do things (such as write to log files) that make the
situation even worse.
If &%log_message%& is not present, a &%warn%& verb just checks its conditions
and obeys any &"immediate"& modifiers (such as &%control%&, &%set%&,
-&%logwrite%&, and &%add_header%&) that appear before the first failing
-condition. There is more about adding header lines in section
+&%logwrite%&, &%add_header%&, and &%remove_header%&) that appear before the
+first failing condition. There is more about adding header lines in section
&<<SECTaddheadacl>>&.
If any condition on a &%warn%& statement cannot be completed (that is, there is
warning is generated. The &%control%& modifier affects the way an incoming
message is handled.
-The positioning of the modifiers in an ACL statement important, because the
+The positioning of the modifiers in an ACL statement is important, because the
processing of a verb ceases as soon as its outcome is known. Only those
modifiers that have already been encountered will take effect. For example,
consider this use of the &%message%& modifier:
.vitem &*delay*&&~=&~<&'time'&>
.cindex "&%delay%& ACL modifier"
.oindex "&%-bh%&"
-This modifier may appear in any ACL. It causes Exim to wait for the time
-interval before proceeding. However, when testing Exim using the &%-bh%&
-option, the delay is not actually imposed (an appropriate message is output
-instead). The time is given in the usual Exim notation, and the delay happens
-as soon as the modifier is processed. In an SMTP session, pending output is
-flushed before the delay is imposed.
+This modifier may appear in any ACL except notquit. It causes Exim to wait for
+the time interval before proceeding. However, when testing Exim using the
+&%-bh%& option, the delay is not actually imposed (an appropriate message is
+output instead). The time is given in the usual Exim notation, and the delay
+happens as soon as the modifier is processed. In an SMTP session, pending
+output is flushed before the delay is imposed.
Like &%control%&, &%delay%& can be used with &%accept%& or &%deny%&, for
example:
This modifier sets up a message that is used as part of the log message if the
ACL denies access or a &%warn%& statement's conditions are true. For example:
.code
-require log_message = wrong cipher suite $tls_cipher
+require log_message = wrong cipher suite $tls_in_cipher
encrypted = DES-CBC3-SHA
.endd
&%log_message%& is also used when recipients are discarded by &%discard%&. For
effect.
+.vitem &*remove_header*&&~=&~<&'text'&>
+This modifier specifies one or more header names in a colon-separated list
+ that are to be removed from an incoming message, assuming, of course, that
+the message is ultimately accepted. For details, see section &<<SECTremoveheadacl>>&.
+
+
.vitem &*set*&&~<&'acl_name'&>&~=&~<&'value'&>
.cindex "&%set%& ACL modifier"
This modifier puts a value into one of the ACL variables (see section
&<<SECTaclvariables>>&).
+
+
+.vitem &*udpsend*&&~=&~<&'parameters'&>
+This modifier sends a UDP packet, for purposes such as statistics
+collection or behaviour monitoring. The parameters are expanded, and
+the result of the expansion must be a colon-separated list consisting
+of a destination server, port number, and the packet contents. The
+server can be specified as a host name or IPv4 or IPv6 address. The
+separator can be changed with the usual angle bracket syntax. For
+example, you might want to collect information on which hosts connect
+when:
+.code
+udpsend = <; 2001:dB8::dead:beef ; 1234 ;\
+ $tod_zulu $sender_host_address
+.endd
.endlist
is what is wanted for subsequent tests.
+.new
+.vitem &*control&~=&~cutthrough_delivery*&
+.cindex "&ACL;" "cutthrough routing"
+.cindex "cutthrough" "requesting"
+This option requests delivery be attempted while the item is being received.
+It is usable in the RCPT ACL and valid only for single-recipient mails forwarded
+from one SMTP connection to another. If a recipient-verify callout connection is
+requested in the same ACL it is held open and used for the data, otherwise one is made
+after the ACL completes. Note that routers are used in verify mode.
+
+Should the ultimate destination system positively accept or reject the mail,
+a corresponding indication is given to the source system and nothing is queued.
+If there is a temporary error the item is queued for later delivery in the
+usual fashion. If the item is successfully delivered in cutthrough mode the log line
+is tagged with ">>" rather than "=>" and appears before the acceptance "<="
+line.
+
+Delivery in this mode avoids the generation of a bounce mail to a (possibly faked)
+sender when the destination system is doing content-scan based rejection.
+.wen
+
+
+.new
.vitem &*control&~=&~debug/*&<&'options'&>
.cindex "&ACL;" "enabling debug logging"
.cindex "debugging" "enabling from an ACL"
control = debug/opts=+expand+acl
control = debug/tag=.$message_exim_id/opts=+expand
.endd
+.wen
+
+
+.new
+.vitem &*control&~=&~dkim_disable_verify*&
+.cindex "disable DKIM verify"
+.cindex "DKIM" "disable verify"
+This control turns off DKIM verification processing entirely. For details on
+the operation and configuration of DKIM, see chapter &<<CHAPdkim>>&.
+.wen
+
+
+.new
+.vitem &*control&~=&~dscp/*&<&'value'&>
+.cindex "&ACL;" "setting DSCP value"
+.cindex "DSCP" "inbound"
+This option causes the DSCP value associated with the socket for the inbound
+connection to be adjusted to a given value, given as one of a number of fixed
+strings or to numeric value.
+The &%-bI:dscp%& option may be used to ask Exim which names it knows of.
+Common values include &`throughput`&, &`mincost`&, and on newer systems
+&`ef`&, &`af41`&, etc. Numeric values may be in the range 0 to 0x3F.
+
+The outbound packets from Exim will be marked with this value in the header
+(for IPv4, the TOS field; for IPv6, the TCLASS field); there is no guarantee
+that these values will have any effect, not be stripped by networking
+equipment, or do much of anything without cooperation with your Network
+Engineer and those of all network operators between the source and destination.
+.wen
.vitem &*control&~=&~enforce_sync*& &&&
.section "Adding header lines in ACLs" "SECTaddheadacl"
.cindex "header lines" "adding in an ACL"
.cindex "header lines" "position of added lines"
-.cindex "&%message%& ACL modifier"
+.cindex "&%add_header%& ACL modifier"
The &%add_header%& modifier can be used to add one or more extra header lines
to an incoming message, as in this example:
.code
any ACL verb, including &%deny%& (though this is potentially useful only in a
RCPT ACL).
-If the data for the &%add_header%& modifier contains one or more newlines that
+Leading and trailing newlines are removed from
+the data for the &%add_header%& modifier; if it then
+contains one or more newlines that
are not followed by a space or a tab, it is assumed to contain multiple header
lines. Each one is checked for valid syntax; &`X-ACL-Warn:`& is added to the
front of any line that is not a valid header line.
are included in the entry that is written to the reject log.
.cindex "header lines" "added; visibility of"
-Header lines are not visible in string expansions until they are added to the
+Header lines are not visible in string expansions
+of message headers
+until they are added to the
message. It follows that header lines defined in the MAIL, RCPT, and predata
ACLs are not visible until the DATA ACL and MIME ACLs are run. Similarly,
header lines that are added by the DATA or MIME ACLs are not visible in those
this, you can use ACL variables, as described in section
&<<SECTaclvariables>>&.
-The &%add_header%& modifier acts immediately it is encountered during the
+The list of headers yet to be added is given by the &%$headers_added%& variable.
+
+The &%add_header%& modifier acts immediately as it is encountered during the
processing of an ACL. Notice the difference between these two cases:
.display
&`accept add_header = ADDED: some text`&
+.section "Removing header lines in ACLs" "SECTremoveheadacl"
+.cindex "header lines" "removing in an ACL"
+.cindex "header lines" "position of removed lines"
+.cindex "&%remove_header%& ACL modifier"
+The &%remove_header%& modifier can be used to remove one or more header lines
+from an incoming message, as in this example:
+.code
+warn message = Remove internal headers
+ remove_header = x-route-mail1 : x-route-mail2
+.endd
+The &%remove_header%& modifier is permitted in the MAIL, RCPT, PREDATA, DATA,
+MIME, and non-SMTP ACLs (in other words, those that are concerned with
+receiving a message). The message must ultimately be accepted for
+&%remove_header%& to have any significant effect. You can use &%remove_header%&
+with any ACL verb, including &%deny%&, though this is really not useful for
+any verb that doesn't result in a delivered message.
+
+More than one header can be removed at the same time by using a colon separated
+list of header names. The header matching is case insensitive. Wildcards are
+not permitted, nor is list expansion performed, so you cannot use hostlists to
+create a list of headers, however both connection and message variable expansion
+are performed (&%$acl_c_*%& and &%$acl_m_*%&), illustrated in this example:
+.code
+warn hosts = +internal_hosts
+ set acl_c_ihdrs = x-route-mail1 : x-route-mail2
+warn message = Remove internal headers
+ remove_header = $acl_c_ihdrs
+.endd
+Removed header lines are accumulated during the MAIL, RCPT, and predata ACLs.
+They are removed from the message before processing the DATA and MIME ACLs.
+There is no harm in attempting to remove the same header twice nor is removing
+a non-existent header. Further header lines to be removed may be accumulated
+during the DATA and MIME ACLs, after which they are removed from the message,
+if present. In the case of non-SMTP messages, headers to be removed are
+accumulated during the non-SMTP ACLs, and are removed from the message after
+all the ACLs have run. If a message is rejected after DATA or by the non-SMTP
+ACL, there really is no effect because there is no logging of what headers
+would have been removed.
+
+.cindex "header lines" "removed; visibility of"
+Header lines are not visible in string expansions until the DATA phase when it
+is received. Any header lines removed in the MAIL, RCPT, and predata ACLs are
+not visible in the DATA ACL and MIME ACLs. Similarly, header lines that are
+removed by the DATA or MIME ACLs are still visible in those ACLs. Because of
+this restriction, you cannot use header lines as a way of controlling data
+passed between (for example) the MAIL and RCPT ACLs. If you want to do this,
+you should instead use ACL variables, as described in section
+&<<SECTaclvariables>>&.
+
+The &%remove_header%& modifier acts immediately as it is encountered during the
+processing of an ACL. Notice the difference between these two cases:
+.display
+&`accept remove_header = X-Internal`&
+&` `&<&'some condition'&>
+
+&`accept `&<&'some condition'&>
+&` remove_header = X-Internal`&
+.endd
+In the first case, the header line is always removed, whether or not the
+condition is true. In the second case, the header line is removed only if the
+condition is true. Multiple occurrences of &%remove_header%& may occur in the
+same ACL statement. All those that are encountered before a condition fails
+are honoured.
+
+&*Warning*&: This facility currently applies only to header lines that are
+present during ACL processing. It does NOT remove header lines that are added
+in a system filter or in a router or transport.
+
+
+
+
.section "ACL conditions" "SECTaclconditions"
.cindex "&ACL;" "conditions; list of"
-Some of conditions listed in this section are available only when Exim is
+Some of the conditions listed in this section are available only when Exim is
compiled with the content-scanning extension. They are included here briefly
for completeness. More detailed descriptions can be found in the discussion on
content scanning in chapter &<<CHAPexiscan>>&.
.vitem &*acl&~=&~*&<&'name&~of&~acl&~or&~ACL&~string&~or&~file&~name&~'&>
.cindex "&ACL;" "nested"
.cindex "&ACL;" "indirect"
+.cindex "&ACL;" "arguments"
.cindex "&%acl%& ACL condition"
The possible values of the argument are the same as for the
&%acl_smtp_%&&'xxx'& options. The named or inline ACL is run. If it returns
condition false. This means that further processing of the &%warn%& verb
ceases, but processing of the ACL continues.
+If the argument is a named ACL, up to nine space-separated optional values
+can be appended; they appear within the called ACL in $acl_arg1 to $acl_arg9,
+and $acl_narg is set to the count of values.
+Previous values of these variables are restored after the call returns.
+The name and values are expanded separately.
+
If the nested &%acl%& returns &"drop"& and the outer condition denies access,
the connection is dropped. If it returns &"discard"&, the verb must be
&%accept%& or &%discard%&, and the action is taken immediately &-- no further
.endd
-.vitem &*hosts&~=&~*&<&'&~host&~list'&>
+.vitem &*hosts&~=&~*&<&'host&~list'&>
.cindex "&%hosts%& ACL condition"
.cindex "host" "ACL checking"
.cindex "&ACL;" "testing the client host"
If the DNS lookup yields both 127.0.0.1 and 127.0.0.2, the condition is
false because 127.0.0.1 matches.
.next
-If &`!==`& or &`!=&&`& is used, the condition is true there is at least one
+If &`!==`& or &`!=&&`& is used, the condition is true if there is at least one
looked up IP address that does not match. Consider:
.code
dnslists = a.b.c!=&0.0.0.1
LHLO is used instead of HELO if the transport's &%protocol%& option is
set to &"lmtp"&.
+The callout may use EHLO, AUTH and/or STARTTLS given appropriate option
+settings.
+
A recipient callout check is similar. By default, it also uses an empty address
for the sender. This default is chosen because most hosts do not make use of
the sender address when verifying a recipient. Using the same address means
In the main part of the configuration, you put the following definitions:
.code
-domainlist local_domains = my.dom1.example : my.dom2.example
-domainlist relay_domains = friend1.example : friend2.example
-hostlist relay_hosts = 192.168.45.0/24
+domainlist local_domains = my.dom1.example : my.dom2.example
+domainlist relay_to_domains = friend1.example : friend2.example
+hostlist relay_from_hosts = 192.168.45.0/24
.endd
Now you can use these definitions in the ACL that is run for every RCPT
command:
.code
acl_check_rcpt:
- accept domains = +local_domains : +relay_domains
- accept hosts = +relay_hosts
+ accept domains = +local_domains : +relay_to_domains
+ accept hosts = +relay_from_hosts
.endd
The first statement accepts any RCPT command that contains an address in
the local or relay domains. For any other domain, control passes to the second
.endd
Exim does not check the syntax of these added header lines.
+Multiple &%headers_add%& options for a single router or transport can be
+specified; the values will be concatenated (with a separating newline
+added) before expansion.
+
The result of expanding &%headers_remove%& must consist of a colon-separated
list of header names. This is confusing, because header names themselves are
often terminated by colons. In this case, the colons are the list separators,
.code
headers_remove = return-receipt-to:acknowledge-to
.endd
+
+Multiple &%headers_remove%& options for a single router or transport can be
+specified; the values will be concatenated (with a separating colon
+added) before expansion.
+
When &%headers_add%& or &%headers_remove%& is specified on a router, its value
is expanded at routing time, and then associated with all addresses that are
accepted by that router, and also with any new addresses that it generates. If
If the remote server advertises support for the STARTTLS command, and Exim
was built to support TLS encryption, it tries to start a TLS session unless the
server matches &%hosts_avoid_tls%&. See chapter &<<CHAPTLS>>& for more details.
+Either a match in that or &%hosts_verify_avoid_tls%& apply when the transport
+is called for verification.
If the remote server advertises support for the AUTH command, Exim scans
the authenticators configuration for any suitable client settings, as described
&`<=`& message arrival
&`=>`& normal message delivery
&`->`& additional address in same delivery
+&`>>`& cutthrough message delivery
&`*>`& delivery suppressed by &%-N%&
&`**`& delivery failed; address bounced
&`==`& delivery deferred; temporary problem
last of these is given in parentheses after the final address. The R and T
fields record the router and transport that were used to process the address.
+If SMTP AUTH was used for the delivery there is an additional item A=
+followed by the name of the authenticator that was used.
+If an authenticated identification was set up by the authenticator's &%client_set_id%&
+option, this is logged too, separated by a colon from the authenticator name.
+
If a shadow transport was run after a successful local delivery, the log line
for the successful delivery has an item added on the end, of the form
.display
down a single SMTP connection, an asterisk follows the IP address in the log
lines for the second and subsequent messages.
+.cindex "delivery" "cutthrough; logging"
+.cindex "cutthrough" "logging"
+When delivery is done in cutthrough mode it is flagged with &`>>`& and the log
+line precedes the reception line, since cutthrough waits for a possible
+rejection from the destination in case it can reject the sourced item.
+
The generation of a reply message by a filter file gets logged as a
&"delivery"& to the addressee, preceded by &">"&.
A summary of the field identifiers that are used in log lines is shown in
the following table:
.display
-&`A `& authenticator name (and optional id)
+&`A `& authenticator name (and optional id and sender)
&`C `& SMTP confirmation on delivery
&` `& command list for &"no mail in SMTP session"&
&`CV `& certificate verification status
The list of optional log items is in the following table, with the default
selection marked by asterisks:
.display
+&` 8bitmime `& received 8BITMIME status
&`*acl_warn_skipped `& skipped &%warn%& statement in ACL
&` address_rewrite `& address rewriting
&` all_parents `& all parents in => lines
&`*sender_verify_fail `& sender verification failures
&`*size_reject `& rejection because too big
&`*skip_delivery `& delivery skipped in a queue run
-&` smtp_confirmation `& SMTP confirmation on => lines
+&`*smtp_confirmation `& SMTP confirmation on => lines
&` smtp_connection `& SMTP connections
&` smtp_incomplete_transaction`& incomplete SMTP transactions
+&` smtp_mailauth `& AUTH argument to MAIL commands
&` smtp_no_mail `& session with no MAIL commands
&` smtp_protocol_error `& SMTP protocol errors
&` smtp_syntax_error `& SMTP syntax errors
More details on each of these items follows:
.ilist
+.cindex "8BITMIME"
+.cindex "log" "8BITMIME"
+&%8bitmime%&: This causes Exim to log any 8BITMIME status of received messages,
+which may help in tracking down interoperability issues with ancient MTAs
+that are not 8bit clean. This is added to the &"<="& line, tagged with
+&`M8S=`& and a value of &`0`&, &`7`& or &`8`&, corresponding to "not given",
+&`7BIT`& and &`8BITMIME`& respectively.
+.next
.cindex "&%warn%& ACL verb" "log when skipping"
&%acl_warn_skipped%&: When an ACL &%warn%& statement is skipped because one of
its conditions cannot be evaluated, a log line to this effect is written if
setting of 10 for &%smtp_accep_max_nonmail%&, the connection will in any case
have been aborted before 20 non-mail commands are processed.
.next
+&%smtp_mailauth%&: A third subfield with the authenticated sender,
+colon-separated, is appended to the A= item for a message arrival or delivery
+log line, if an AUTH argument to the SMTP MAIL command (see &<<SECTauthparamail>>&)
+was accepted or used.
+.next
.cindex "log" "SMTP protocol error"
.cindex "SMTP" "logging protocol error"
&%smtp_protocol_error%&: A log line is written for every SMTP protocol error
+.section "Running local commands" "SECTsecconslocalcmds"
+There are a number of ways in which an administrator can configure Exim to run
+commands based upon received, untrustworthy, data. Further, in some
+configurations a user who can control a &_.forward_& file can also arrange to
+run commands. Configuration to check includes, but is not limited to:
+
+.ilist
+Use of &%use_shell%& in the pipe transport: various forms of shell command
+injection may be possible with this option present. It is dangerous and should
+be used only with considerable caution. Consider constraints which whitelist
+allowed characters in a variable which is to be used in a pipe transport that
+has &%use_shell%& enabled.
+.next
+A number of options such as &%forbid_filter_run%&, &%forbid_filter_perl%&,
+&%forbid_filter_dlfunc%& and so forth which restrict facilities available to
+&_.forward_& files in a redirect router. If Exim is running on a central mail
+hub to which ordinary users do not have shell access, but home directories are
+NFS mounted (for instance) then administrators should review the list of these
+forbid options available, and should bear in mind that the options that may
+need forbidding can change as new features are added between releases.
+.next
+The &%${run...}%& expansion item does not use a shell by default, but
+administrators can configure use of &_/bin/sh_& as part of the command.
+Such invocations should be viewed with prejudicial suspicion.
+.next
+Administrators who use embedded Perl are advised to explore how Perl's
+taint checking might apply to their usage.
+.next
+Use of &%${expand...}%& is somewhat analagous to shell's eval builtin and
+administrators are well advised to view its use with suspicion, in case (for
+instance) it allows a local-part to contain embedded Exim directives.
+.next
+Use of &%${match_local_part...}%& and friends becomes more dangerous if
+Exim was built with EXPAND_LISTMATCH_RHS defined: the second string in
+each can reference arbitrary lists and files, rather than just being a list
+of opaque strings.
+The EXPAND_LISTMATCH_RHS option was added and set false by default because of
+real-world security vulnerabilities caused by its use with untrustworthy data
+injected in, for SQL injection attacks.
+Consider the use of the &%inlisti%& expansion condition instead.
+.endlist
+
+
+
.section "IPv4 source routing" "SECID272"
.cindex "source routing" "in IP packets"
.cindex "IP source routing"
. ////////////////////////////////////////////////////////////////////////////
. ////////////////////////////////////////////////////////////////////////////
-.chapter "Support for DKIM (DomainKeys Identified Mail)" "CHID12" &&&
+.chapter "Support for DKIM (DomainKeys Identified Mail)" "CHAPdkim" &&&
"DKIM Support"
.cindex "DKIM"
.vitem &%dkim_status%&
ACL condition that checks a colon-separated list of possible DKIM verification
-results agains the actual result of verification. This is typically used
+results against the actual result of verification. This is typically used
to restrict an ACL verb to a list of verification outcomes, for example:
.code
Edit &_src/drtables.c_&, adding conditional code to pull in the private header
and create a table entry as is done for all the other drivers and lookup types.
.next
+Edit &_scripts/lookups-Makefile_& if this is a new lookup; there is a for-loop
+near the bottom, ranging the &`name_mod`& variable over a list of all lookups.
+Add your &`NEWDRIVER`& to that list.
+As long as the dynamic module would be named &_newdriver.so_&, you can use the
+simple form that most lookups have.
+.next
Edit &_Makefile_& in the appropriate sub-directory (&_src/routers_&,
&_src/transports_&, &_src/auths_&, or &_src/lookups_&); add a line for the new
driver or lookup type and add it to the definition of OBJ.
Change log file for Exim from version 4.21
-------------------------------------------
+Exim version 4.82
+-----------------
+
+PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities.
+
+PP/02 Make -n do something, by making it not do something.
+ When combined with -bP, the name of an option is not output.
+
+PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured
+ by GnuTLS.
+
+PP/04 First step towards DNSSEC, provide $sender_host_dnssec for
+ $sender_host_name and config options to manage this, and basic check
+ routines.
+
+PP/05 DSCP support for outbound connections and control modifier for inbound.
+
+PP/06 Cyrus SASL: set local and remote IP;port properties for driver.
+ (Only plugin which currently uses this is kerberos4, which nobody should
+ be using, but we should make it available and other future plugins might
+ conceivably use it, even though it would break NAT; stuff *should* be
+ using channel bindings instead).
+
+PP/07 Handle "exim -L <tag>" to indicate to use syslog with tag as the process
+ name; added for Sendmail compatibility; requires admin caller.
+ Handle -G as equivalent to "control = suppress_local_fixups" (we used to
+ just ignore it); requires trusted caller.
+ Also parse but ignore: -Ac -Am -X<logfile>
+ Bugzilla 1117.
+
+TL/01 Bugzilla 1258 - Refactor MAIL FROM optional args processing.
+
+TL/02 Add +smtp_confirmation as a default logging option.
+
+TL/03 Bugzilla 198 - Implement remove_header ACL modifier.
+ Patch by Magnus Holmgren from 2007-02-20.
+
+TL/04 Bugzilla 1281 - Spec typo.
+ Bugzilla 1283 - Spec typo.
+ Bugzilla 1290 - Spec grammar fixes.
+
+TL/05 Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
+
+TL/06 Add Experimental DMARC support using libopendmarc libraries.
+
+TL/07 Fix an out of order global option causing a segfault. Reported to dev
+ mailing list by by Dmitry Isaikin.
+
+JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
+
+JH/02 Support "G" suffix to numbers in ${if comparisons.
+
+PP/08 Handle smtp transport tls_sni option forced-fail for OpenSSL.
+
+NM/01 Bugzilla 1197 - Spec typo
+ Bugzilla 1196 - Spec examples corrections
+
+JH/03 Add expansion operators ${listnamed:name} and ${listcount:string}
+
+PP/09 Add gnutls_enable_pkcs11 option.
+
+PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
+ Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
+
+JH/04 Add expansion item ${acl {name}{arg}...}, expansion condition
+ "acl {{name}{arg}...}", and optional args on acl condition
+ "acl = name arg..."
+
+JH/05 Permit multiple router/transport headers_add/remove lines.
+
+JH/06 Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination.
+
+JH/07 Avoid using a waiting database for a single-message-only transport.
+ Performance patch from Paul Fisher. Bugzilla 1262.
+
+JH/08 Strip leading/trailing newlines from add_header ACL modifier data.
+ Bugzilla 884.
+
+JH/09 Add $headers_added variable, with content from use of ACL modifier
+ add_header (but not yet added to the message). Bugzilla 199.
+
+JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line.
+ Pulled from Bugzilla 817 by Wolfgang Breyha.
+
+PP/11 SECURITY: protect DKIM DNS decoding from remote exploit.
+ CVE-2012-5671
+
+JH/11 Add A= logging on delivery lines, and a client_set_id option on
+ authenticators.
+
+JH/12 Add optional authenticated_sender logging to A= and a log_selector
+ for control.
+
+PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29.
+
+PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not
+ advertise SMTP AUTH mechanism to us, instead of a generic
+ protocol violation error. Also, make Exim more robust to bad
+ data from the Dovecot auth socket.
+
+TF/01 Fix ultimate retry timeouts for intermittently deliverable recipients.
+
+ When a queue runner is handling a message, Exim first routes the
+ recipient addresses, during which it prunes them based on the retry
+ hints database. After that it attempts to deliver the message to
+ any remaining recipients. It then updates the hints database using
+ the retry rules.
+
+ So if a recipient address works intermittently, it can get repeatedly
+ deferred at routing time. The retry hints record remains fresh so the
+ address never reaches the final cutoff time.
+
+ This is a fairly common occurrence when a user is bumping up against
+ their storage quota. Exim had some logic in its local delivery code
+ to deal with this. However it did not apply to per-recipient defers
+ in remote deliveries, e.g. over LMTP to a separate IMAP message store.
+
+ This change adds a proper retry rule check during routing so that the
+ final cutoff time is checked against the message's age. We only do
+ this check if there is an address retry record and there is not a
+ domain retry record; this implies that previous attempts to handle
+ the address had the retry_use_local_parts option turned on. We use
+ this as an approximation for the destination being like a local
+ delivery, as in LMTP.
+
+ I suspect this new check makes the old local delivery cutoff check
+ redundant, but I have not verified this so I left the code in place.
+
+TF/02 Correct gecos expansion when From: is a prefix of the username.
+
+ Test 0254 submits a message to Exim with the header
+
+ Resent-From: f
+
+ When I ran the test suite under the user fanf2, Exim expanded
+ the header to contain my full name, whereas it should have added
+ a Resent-Sender: header. It erroneously treats any prefix of the
+ username as equal to the username.
+
+ This change corrects that bug.
+
+GF/01 DCC debug and logging tidyup
+ Error conditions log to paniclog rather than rejectlog.
+ Debug lines prefixed by "DCC: " to remove any ambiguity.
+
+TF/03 Avoid unnecessary rebuilds of lookup-related code.
+
+PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
+ Bug spotted by Jeremy Harris; was flawed since initial commit.
+ Would have resulted in OCSP responses post-SNI triggering an Exim
+ NULL dereference and crash.
+
+JH/13 Add $router_name and $transport_name variables. Bugzilla 308.
+
+PP/15 Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd.
+ Bug detection, analysis and fix by Samuel Thibault.
+ Bugzilla 1331, Debian bug #698092.
+
+SC/01 Update eximstats to watch out for senders sending 'HELO [IpAddr]'
+
+JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt).
+ Server implementation by Todd Lyons, client by JH.
+ Only enabled when compiled with EXPERIMENTAL_PRDR. A new
+ config variable "prdr_enable" controls whether the server
+ advertises the facility. If the client requests PRDR a new
+ acl_data_smtp_prdr ACL is called once for each recipient, after
+ the body content is received and before the acl_smtp_data ACL.
+ The client is controlled by bolth of: a hosts_try_prdr option
+ on the smtp transport, and the server advertisement.
+ Default client logging of deliveries and rejections involving
+ PRDR are flagged with the string "PRDR".
+
+PP/16 Fix problems caused by timeouts during quit ACLs trying to double
+ fclose(). Diagnosis by Todd Lyons.
+
+PP/17 Update configure.default to handle IPv6 localhost better.
+ Patch by Alain Williams (plus minor tweaks).
+ Bugzilla 880.
+
+PP/18 OpenSSL made graceful with empty tls_verify_certificates setting.
+ This is now consistent with GnuTLS, and is now documented: the
+ previous undocumented portable approach to treating the option as
+ unset was to force an expansion failure. That still works, and
+ an empty string is now equivalent.
+
+PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
+ clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
+ not performing validation itself.
+
+PP/20 Added force_command boolean option to pipe transport.
+ Patch from Nick Koston, of cPanel Inc.
+
+JH/15 AUTH support on callouts (and hence cutthrough-deliveries).
+ Bugzilla 321, 823.
+
+PP/21 Fix eximon continuous updating with timestamped log-files.
+ Broken in a format-string cleanup in 4.80, missed when I repaired the
+ other false fix of the same issue.
+ Report and fix from Heiko Schlichting.
+ Bugzilla 1363.
+
+PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
+ Report from Prashanth Katuri.
+
+PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options.
+ It's SecureTransport, so affects any MacOS clients which use the
+ system-integrated TLS libraries, including email clients.
+
+
+Exim version 4.80.1
+-------------------
+
+PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
+ CVE-2012-5671
+ This, or similar/improved, will also be change PP/11 of 4.82.
+
+
Exim version 4.80
-----------------
NM/33 Bugzilla 898: Transport filter timeout fix.
Patch by Todd Rinaldo.
-NM/34 Bugzilla 901: Fix sign/unsigned and UTF mistmatches.
+NM/34 Bugzilla 901: Fix sign/unsigned and UTF mismatches.
Patch by Serge Demonchaux.
NM/35 Bugzilla 39: Base64 decode bug fixes.
MD5 was once very popular. It still is far too popular. Real world attacks
have been proven possible against MD5. Including an attack against PKI
(Public Key Infrastructure) certificates used for SSL/TLS. In that attack,
-the attackers got a certificate for one identity but we able to then public a
-certificate with the same signature but a different identity. This undermines
-the whole purpose of having certificates.
+the attackers got a certificate for one identity but were able to then publish
+a certificate with the same signature but a different identity. This
+undermines the whole purpose of having certificates.
So GnuTLS stopped trusting any certificate with an MD5-based hash used in it.
The world has been hurriedly moving away from MD5 in certificates for a while.
DH, Diffie-Hellman (or Diffie-Hellman-Merkle, or something naming Williamson)
is the common name for a way for two parties to a communication stream to
exchange some private random data so that both end up with a shared secret
-which no evesdropper can get. It does not provide for proof of the identity
+which no eavesdropper can get. It does not provide for proof of the identity
of either party, so on its own is subject to man-in-the-middle attacks, but is
often combined with systems which do provide such proof, improving them by
separating the session key (the shared secret) from the long-term identity,
To do this, the server sends to the client a very large prime number; this is
in the clear, an attacker can see it. This is not a problem; it's so not a
problem, that there are standard named primes which applications can use, and
-which a future release of Exim will probably support.
+which Exim now supports.
The size of the prime number affects how difficult it is to break apart the
shared secret and decrypt the data. As time passes, the size required to
One of the new pieces of the GnuTLS API is a means for an application to ask
it for guidance and advice on how large some numbers should be. This is not
-entirely internal to GnuTLS since generating the numbers is slow, an
+entirely internal to GnuTLS, since generating the numbers is slow, an
application might want to use a standard prime, etc. So, in an attempt to get
away from being involved in cryptographic policy, and to get rid of a
hard-coded "1024" in Exim's source-code, we switched to asking GnuTLS how many
-bits should be in the prime number generated for use for Diffie-Hellman. To
-give back to GnuTLS for use We can ask for various sizes, and did not expose
-this to the administrator but instead just asked for "NORMAL" protection.
+bits should be in the prime number generated for use for Diffie-Hellman. We
+then give this number straight back to GnuTLS when generating a DH prime.
+We can ask for various sizes, and did not expose this to the administrator but
+instead just asked for "NORMAL" protection.
Literally:
dh_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL);
test from the snapshots or the CVS before the documentation is updated. Once
the documentation is updated, this file is reduced to a short list.
+Version 4.82
+------------
+
+ 1. New command-line option -bI:sieve will list all supported sieve extensions
+ of this Exim build on standard output, one per line.
+ ManageSieve (RFC 5804) providers managing scripts for use by Exim should
+ query this to establish the correct list to include in the protocol's
+ SIEVE capability line.
+
+ 2. If the -n option is combined with the -bP option, then the name of an
+ emitted option is not output, only the value (if visible to you).
+ For instance, "exim -n -bP pid_file_path" should just emit a pathname
+ followed by a newline, and no other text.
+
+ 3. When built with SUPPORT_TLS and USE_GNUTLS, the SMTP transport driver now
+ has a "tls_dh_min_bits" option, to set the minimum acceptable number of
+ bits in the Diffie-Hellman prime offered by a server (in DH ciphersuites)
+ acceptable for security. (Option accepted but ignored if using OpenSSL).
+ Defaults to 1024, the old value. May be lowered only to 512, or raised as
+ far as you like. Raising this may hinder TLS interoperability with other
+ sites and is not currently recommended. Lowering this will permit you to
+ establish a TLS session which is not as secure as you might like.
+
+ Unless you really know what you are doing, leave it alone.
+
+ 4. If not built with DISABLE_DNSSEC, Exim now has the main option
+ dns_dnssec_ok; if set to 1 then Exim will initialise the resolver library
+ to send the DO flag to your recursive resolver. If you have a recursive
+ resolver, which can set the Authenticated Data (AD) flag in results, Exim
+ can now detect this. Exim does not perform validation itself, instead
+ relying upon a trusted path to the resolver.
+
+ Current status: work-in-progress; $sender_host_dnssec variable added.
+
+ 5. DSCP support for outbound connections: on a transport using the smtp driver,
+ set "dscp = ef", for instance, to cause the connections to have the relevant
+ DSCP (IPv4 TOS or IPv6 TCLASS) value in the header.
+
+ Similarly for inbound connections, there is a new control modifier, dscp,
+ so "warn control = dscp/ef" in the connect ACL, or after authentication.
+
+ Supported values depend upon system libraries. "exim -bI:dscp" to list the
+ ones Exim knows of. You can also set a raw number 0..0x3F.
+
+ 6. The -G command-line flag is no longer ignored; it is now equivalent to an
+ ACL setting "control = suppress_local_fixups". The -L command-line flag
+ is now accepted and forces use of syslog, with the provided tag as the
+ process name. A few other flags used by Sendmail are now accepted and
+ ignored.
+
+ 7. New cutthrough routing feature. Requested by a "control = cutthrough_delivery"
+ ACL modifier; works for single-recipient mails which are recieved on and
+ deliverable via SMTP. Using the connection made for a recipient verify,
+ if requested before the verify, or a new one made for the purpose while
+ the inbound connection is still active. The bulk of the mail item is copied
+ direct from the inbound socket to the outbound (as well as the spool file).
+ When the source notifies the end of data, the data acceptance by the destination
+ is negociated before the acceptance is sent to the source. If the destination
+ does not accept the mail item, for example due to content-scanning, the item
+ is not accepted from the source and therefore there is no need to generate
+ a bounce mail. This is of benefit when providing a secondary-MX service.
+ The downside is that delays are under the control of the ultimate destination
+ system not your own.
+
+ The Recieved-by: header on items delivered by cutthrough is generated
+ early in reception rather than at the end; this will affect any timestamp
+ included. The log line showing delivery is recorded before that showing
+ reception; it uses a new ">>" tag instead of "=>".
+
+ To support the feature, verify-callout connections can now use ESMTP and TLS.
+ The usual smtp transport options are honoured, plus a (new, default everything)
+ hosts_verify_avoid_tls.
+
+ New variable families named tls_in_cipher, tls_out_cipher etc. are introduced
+ for specific access to the information for each connection. The old names
+ are present for now but deprecated.
+
+ Not yet supported: IGNOREQUOTA, SIZE, PIPELINING.
+
+ 8. New expansion operators ${listnamed:name} to get the content of a named list
+ and ${listcount:string} to count the items in a list.
+
+ 9. New global option "gnutls_enable_pkcs11", defaults false. The GnuTLS
+ rewrite in 4.80 combines with GnuTLS 2.12.0 or later, to autoload PKCS11
+ modules. For some situations this is desirable, but we expect admin in
+ those situations to know they want the feature. More commonly, it means
+ that GUI user modules get loaded and are broken by the setuid Exim being
+ unable to access files specified in environment variables and passed
+ through, thus breakage. So we explicitly inhibit the PKCS11 initialisation
+ unless this new option is set.
+
+10. The "acl = name" condition on an ACL now supports optional arguments.
+ New expansion item "${acl {name}{arg}...}" and expansion condition
+ "acl {{name}{arg}...}" are added. In all cases up to nine arguments
+ can be used, appearing in $acl_arg1 to $acl_arg9 for the called ACL.
+ Variable $acl_narg contains the number of arguments. If the ACL sets
+ a "message =" value this becomes the result of the expansion item,
+ or the value of $value for the expansion condition. If the ACL returns
+ accept the expansion condition is true; if reject, false. A defer
+ return results in a forced fail.
+
+11. Routers and transports can now have multiple headers_add and headers_remove
+ option lines. The concatenated list is used.
+
+12. New ACL modifier "remove_header" can remove headers before message gets
+ handled by routers/transports.
+
+13. New dnsdb lookup pseudo-type "a+". A sequence of "a6" (if configured),
+ "aaaa" and "a" lookups is done and the full set of results returned.
+
+14. New expansion variable $headers_added with content from ACL add_header
+ modifier (but not yet added to messsage).
+
+15. New 8bitmime status logging option for received messages. Log field "M8S".
+
+16. New authenticated_sender logging option, adding to log field "A".
+
+17. New expansion variables $router_name and $transport_name. Useful
+ particularly for debug_print as -bt commandline option does not
+ require privilege whereas -d does.
+
+18. If built with EXPERIMENTAL_PRDR, per-recipient data responses per a
+ proposed extension to SMTP from Eric Hall.
+
+19. The pipe transport has gained the force_command option, to allow
+ decorating commands from user .forward pipe aliases with prefix
+ wrappers, for instance.
+
+20. Callout connections can now AUTH; the same controls as normal delivery
+ connections apply.
+
+
Version 4.80
------------
then henceforth you will have to maintain your own local patches to strip
the safeties off.
- 8. There is a new expansion operator, bool_lax{}. Where bool{} uses the ACL
+ 8. There is a new expansion condition, bool_lax{}. Where bool{} uses the ACL
condition logic to determine truth/failure and will fail to expand many
strings, bool_lax{} uses the router condition logic, where most strings
do evaluate true.
Note: bool{00} is false, bool_lax{00} is true.
- 9. Routers now support multiple "condition" tests,
+ 9. Routers now support multiple "condition" tests.
10. There is now a runtime configuration option "tcp_wrappers_daemon_name".
Setting this allows an admin to define which entry in the tcpwrappers
acl_smtp_auth string* unset main 4.00
acl_smtp_connect string* unset main 4.11
acl_smtp_data string* unset main 4.00
+acl_smtp_data_prdr string* unset main 4.82 with expreimental_prdr
+acl_smtp_dkim string* unset main 4.70 unless disable_dkim
acl_smtp_etrn string* unset main 4.00
acl_smtp_expn string* unset main 4.00
acl_smtp_helo string* unset main 4.20
disable_ipv6 boolean false main 4.61
disable_logging boolean false routers 4.11
false transports 4.11
+dmarc_forensic_sender string unset main 4.82 if experimental_dmarc
+dmarc_history_file string unset main 4.82 if experimental_dmarc
+dmarc_tld_file string unset main 4.82 if experimental_dmarc
dns_again_means_nonexist domain list unset main 1.89
dns_check_names_pattern string + main 2.11
dns_csa_search_limit integer 5 main 4.60
dns_retrans time 0s main 1.60
dns_retry integer 0 main 1.60
dns_search_parents boolean false smtp
+dns_use_dnssec integer -1 main 4.82
dns_use_edns0 integer -1 main 4.76
domains domain list unset routers 4.00
driver string unset authenticators
unset routers 4.00
unset transports
drop_cr boolean false main 4.00 became a no-op in 4.21
+dscp string unset smtp 4.82
dsn_from string* + main 4.67
envelope_to_add boolean false transports
envelope_to_remove boolean true main
forbid_pipe boolean false redirect 4.00
forbid_sieve_filter boolean false redirect 4.44
forbid_smtp_code boolean false redirect 4.63
+force_command boolean false pipe 4.82
freeze_exec_fail boolean false pipe 1.89
freeze_signal boolean false pipe 4.75
freeze_tell boolean false main 4.00 replaces freeze_tell_mailmaster
gecos_pattern string unset main
gethostbyname boolean false smtp
gnutls_compat_mode boolean unset main 4.70
+gnutls_enable_pkcs11 boolean false main 4.82
gnutls_require_kx string* unset main 4.67 deprecated, warns
string* unset smtp 4.67 deprecated, warns
gnutls_require_mac string* unset main 4.67 deprecated, warns
hosts_randomize boolean false manualroute 4.00
false smtp 3.14
hosts_require_auth host list unset smtp 4.00
+hosts_require_ocsp host list unset smtp 4.82 if experimental_ocsp
hosts_require_tls host list unset smtp 3.20
hosts_treat_as_local domain list unset main 1.95
hosts_try_auth host list unset smtp 4.00
+hosts_try_prdr host list unset smtp 4.82 if experimental_prdr
ibase_servers string unset main 4.23
ignore_bounce_errors_after time 0s main 4.00
ignore_eacces boolean false redirect 4.00
port integer 0 iplookup 4.00
string "smtp" smtp
preserve_message_logs boolean false main
+prdr_enable boolean false main 4.82 if experimental_prdr
primary_hostname string + main
print_topbitchars boolean false main 1.89
process_log_path string unset main 4.21
tls_certificate string* unset main 3.20
unset smtp 3.20
tls_dh_max_bits integer 2236 main 4.80
+tls_dh_min_bits integer 1024 smtp 4.82
tls_dhparam string* unset main 3.20
+tls_ocsp_file string* unset main 4.80 if experimental_ocsp
tls_on_connect_ports string unset main 4.43
tls_privatekey string* unset main 3.20
unset smtp 3.20
-bh Test incoming SMTP call, omitting callouts
-bhc Test incoming SMTP call, with callouts
-bi * Run <command>bi_command</command>
+-bI:help Show list of accepted -bI:<tag> options
-bm Accept message on standard input
-bmalware + Invoke configured malware scanning against supplied filename
-bnq Don't qualify addresses in locally submitted messages
DELIVER_IN_BUFFER_SIZE optional*
DELIVER_OUT_BUFFER_SIZE optional*
DISABLE_DKIM optional disables DKIM support
+DISABLE_DNSSEC optional disables attempts to use DNSSEC
DISABLE_D_OPTION optional disables -D option
ERRNO_QUOTA optional* error code for system quota failures
EXICYCLOG_MAX optional number of old log files to keep
While a feature is experimental, there will be a build-time
option whose name starts "EXPERIMENTAL_" that must be set in
order to include the feature. This file contains information
-about experimenatal features, all of which are unstable and
-liable to incompatibile change.
+about experimental features, all of which are unstable and
+liable to incompatible change.
+
+
+PRDR support
+--------------------------------------------------------------
+
+Per-Recipient Data Reponse is an SMTP extension proposed by Eric Hall
+in a (now-expired) IETF draft from 2007. It's not hit mainstream
+use, but has apparently been implemented in the META1 MTA.
+
+There is mention at http://mail.aegee.org/intern/sendmail.html
+of a patch to sendmail "to make it PRDR capable".
+
+ ref: http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt
+
+If Exim is built with EXPERIMENTAL_PRDR there is a new config
+boolean "prdr_enable" which controls whether PRDR is advertised
+as part of an EHLO response, a new "acl_data_smtp_prdr" ACL
+(called for each recipient, after data arrives but before the
+data ACL), and a new smtp transport option "hosts_try_prdr".
+
+PRDR may be used to support per-user content filtering. Without it
+one must defer any recipient after the first that has a different
+content-filter configuration. With PRDR, the RCPT-time check
+for this can be disabled when the MAIL-time $smtp_command included
+"PRDR". Any required difference in behaviour of the main DATA-time
+ACL should however depend on the PRDR-time ACL having run, as Exim
+will avoid doing so in some situations (eg. single-recipient mails).
+
OCSP Stapling support
--------------------------------------------------------------
-X509 PKI certificates expire and can be revoked; to handle this, the
+X.509 PKI certificates expire and can be revoked; to handle this, the
clients need some way to determine if a particular certificate, from a
particular Certificate Authority (CA), is still valid. There are three
main ways to do so.
proof expires. The downside is that it requires server support.
If Exim is built with EXPERIMENTAL_OCSP and it was built with OpenSSL,
-then it gains one new option: "tls_ocsp_file".
+then it gains a new global option: "tls_ocsp_file".
The file specified therein is expected to be in DER format, and contain
an OCSP proof. Exim will serve it as part of the TLS handshake. This
Exim will check for a valid next update timestamp in the OCSP proof;
if not present, or if the proof has expired, it will be ignored.
+Also, given EXPERIMENTAL_OCSP and OpenSSL, the smtp transport gains
+a "hosts_require_ocsp" option; a host-list for which an OCSP Stapling
+is requested and required for the connection to proceed. The host(s)
+should also be in "hosts_require_tls", and "tls_verify_certificates"
+configured for the transport.
+
+For the client to be able to verify the stapled OCSP the server must
+also supply, in its stapled information, any intermediate
+certificates for the chain leading to the OCSP proof from the signer
+of the server certificate. There may be zero or one such. These
+intermediate certificates should be added to the server OCSP stapling
+file (named by tls_ocsp_file).
+
At this point in time, we're gathering feedback on use, to determine if
it's worth adding complexity to the Exim daemon to periodically re-fetch
-OCSP files and somehow handling multiple files. There is no client support
-for OCSP in Exim, this is feature expected to be used by mail clients.
+OCSP files and somehow handling multiple files.
+
+ A helper script "ocsp_fetch.pl" for fetching a proof from a CA
+ OCSP server is supplied. The server URL may be included in the
+ server certificate, if the CA is helpful.
+
+ One fail mode seen was the OCSP Signer cert expiring before the end
+ of vailidity of the OCSP proof. The checking done by Exim/OpenSSL
+ noted this as invalid overall, but the re-fetch script did not.
You can now run SPF checks in incoming SMTP by using the "spf"
ACL condition in either the MAIL, RCPT or DATA ACLs. When
-using it in the RCPT ACL, you can make the checks dependend on
+using it in the RCPT ACL, you can make the checks dependent on
the RCPT address (or domain), so you can check SPF records
only for certain target domains. This gives you the
possibility to opt-out certain customers that do not want
When the spf_guess condition has run, it sets up the same expansion
variables as when spf condition is run, described above.
-Additionally, since Best-guess is not standarized, you may redefine
+Additionally, since Best-guess is not standardized, you may redefine
what "Best-guess" means to you by redefining spf_guess variable in
global config. For example, the following:
After that "$dcc_header" contains the X-DCC-Header.
-Returnvalues are:
+Return values are:
fail for overall "R", "G" from dccifd
defer for overall "T" from dccifd
accept for overall "A", "S" from dccifd
If you want to pass even more headers in the middle of the
DATA stage you can set
$acl_m_dcc_add_header
-to tell the DCC routines add more information; eg, you might set
+to tell the DCC routines to add more information; eg, you might set
this to some results from ClamAV. Be careful. Header syntax is
not checked and is added "as is".
+In case you've troubles with sites sending the same queue items from several
+hosts and fail to get through greylisting you can use
+$acl_m_dcc_override_client_ip
+
+Setting $acl_m_dcc_override_client_ip to an IP address overrides the default
+of $sender_host_address. eg. use the following ACL in DATA stage:
+
+ warn set acl_m_dcc_override_client_ip = \
+ ${lookup{$sender_helo_name}nwildlsearch{/etc/mail/multipleip_sites}{$value}{}}
+ condition = ${if def:acl_m_dcc_override_client_ip}
+ log_message = dbg: acl_m_dcc_override_client_ip set to \
+ $acl_m_dcc_override_client_ip
+
+Then set something like
+# cat /etc/mail/multipleip_sites
+mout-xforward.gmx.net 82.165.159.12
+mout.gmx.net 212.227.15.16
+
+Use a reasonable IP. eg. one the sending cluster acutally uses.
+
+DMARC Support
+--------------------------------------------------------------
+
+DMARC combines feedback from SPF, DKIM, and header From: in order
+to attempt to provide better indicators of the authenticity of an
+email. This document does not explain the fundamentals, you
+should read and understand how it works by visiting the website at
+http://www.dmarc.org/.
+
+DMARC support is added via the libopendmarc library. Visit:
+
+ http://sourceforge.net/projects/opendmarc/
+
+to obtain a copy, or find it in your favorite rpm package
+repository. If building from source, this description assumes
+that headers will be in /usr/local/include, and that the libraries
+are in /usr/local/lib.
+
+1. To compile Exim with DMARC support, you must first enable SPF.
+Please read the above section on enabling the EXPERIMENTAL_SPF
+feature. You must also have DKIM support, so you cannot set the
+DISABLE_DKIM feature. Once both of those conditions have been met
+you can enable DMARC in Local/Makefile:
+
+EXPERIMENTAL_DMARC=yes
+LDFLAGS += -lopendmarc
+# CFLAGS += -I/usr/local/include
+# LDFLAGS += -L/usr/local/lib
+
+The first line sets the feature to include the correct code, and
+the second line says to link the libopendmarc libraries into the
+exim binary. The commented out lines should be uncommented if you
+built opendmarc from source and installed in the default location.
+Adjust the paths if you installed them elsewhere, but you do not
+need to uncomment them if an rpm (or you) installed them in the
+package controlled locations (/usr/include and /usr/lib).
+
+
+2. Use the following global settings to configure DMARC:
+
+Required:
+dmarc_tld_file Defines the location of a text file of valid
+ top level domains the opendmarc library uses
+ during domain parsing. Maintained by Mozilla,
+ the most current version can be downloaded
+ from a link at http://publicsuffix.org/list/.
+
+Optional:
+dmarc_history_file Defines the location of a file to log results
+ of dmarc verification on inbound emails. The
+ contents are importable by the opendmarc tools
+ which will manage the data, send out DMARC
+ reports, and expire the data. Make sure the
+ directory of this file is writable by the user
+ exim runs as.
+
+dmarc_forensic_sender The email address to use when sending a
+ forensic report detailing alignment failures
+ if a sender domain's dmarc record specifies it
+ and you have configured Exim to send them.
+ Default: do-not-reply@$default_hostname
+
+
+3. By default, the DMARC processing will run for any remote,
+non-authenticated user. It makes sense to only verify DMARC
+status of messages coming from remote, untrusted sources. You can
+use standard conditions such as hosts, senders, etc, to decide that
+DMARC verification should *not* be performed for them and disable
+DMARC with a control setting:
+
+ control = dmarc_verify_disable
+
+A DMARC record can also specify a "forensic address", which gives
+exim an email address to submit reports about failed alignment.
+Exim does not do this by default because in certain conditions it
+results in unintended information leakage (what lists a user might
+be subscribed to, etc). You must configure exim to submit forensic
+reports to the owner of the domain. If the DMARC record contains a
+forensic address and you specify the control statement below, then
+exim will send these forensic emails. It's also advised that you
+configure a dmarc_forensic_sender because the default sender address
+construction might be inadequate.
+
+ control = dmarc_forensic_enable
+
+(AGAIN: You can choose not to send these forensic reports by simply
+not putting the dmarc_forensic_enable control line at any point in
+your exim config. If you don't tell it to send them, it will not
+send them.)
+
+There are no options to either control. Both must appear before
+the DATA acl.
+
+
+4. You can now run DMARC checks in incoming SMTP by using the
+"dmarc_status" ACL condition in the DATA ACL. You are required to
+call the spf condition first in the ACLs, then the "dmarc_status"
+condition. Putting this condition in the ACLs is required in order
+for a DMARC check to actually occur. All of the variables are set
+up before the DATA ACL, but there is no actual DMARC check that
+occurs until a "dmarc_status" condition is encountered in the ACLs.
+
+The dmarc_status condition takes a list of strings on its
+right-hand side. These strings describe recommended action based
+on the DMARC check. To understand what the policy recommendations
+mean, refer to the DMARC website above. Valid strings are:
+
+ o accept The DMARC check passed and the library recommends
+ accepting the email.
+ o reject The DMARC check failed and the library recommends
+ rejecting the email.
+ o quarantine The DMARC check failed and the library recommends
+ keeping it for further inspection.
+ o norecord No policy section in the DMARC record for this
+ sender domain.
+ o nofrom Unable to determine the domain of the sender.
+ o none There is no DMARC record for this sender domain.
+ o error Library error or dns error.
+
+You can prefix each string with an exclamation mark to invert its
+meaning, for example "!accept" will match all results but
+"accept". The string list is evaluated left-to-right in a
+short-circuit fashion. When a string matches the outcome of the
+DMARC check, the condition succeeds. If none of the listed
+strings matches the outcome of the DMARC check, the condition
+fails.
+
+Of course, you can also use any other lookup method that Exim
+supports, including LDAP, Postgres, MySQL, etc, as long as the
+result is a list of colon-separated strings;
+
+Several expansion variables are set before the DATA ACL is
+processed, and you can use them in this ACL. The following
+expansion variables are available:
+
+ o $dmarc_status
+ This is a one word status indicating what the DMARC library
+ thinks of the email.
+
+ o $dmarc_status_text
+ This is a slightly longer, human readable status.
+
+ o $dmarc_used_domain
+ This is the domain which DMARC used to look up the DMARC
+ policy record.
+
+ o $dmarc_ar_header
+ This is the entire Authentication-Results header which you can
+ add using an add_header modifier.
+
+
+5. How to enable DMARC advanced operation:
+By default, Exim's DMARC configuration is intended to be
+non-intrusive and conservative. To facilitate this, Exim will not
+create any type of logging files without explicit configuration by
+you, the admin. Nor will Exim send out any emails/reports about
+DMARC issues without explicit configuration by you, the admin (other
+than typical bounce messages that may come about due to ACL
+processing or failure delivery issues).
+
+In order to log statistics suitable to be imported by the opendmarc
+tools, you need to:
+a. Configure the global setting dmarc_history_file.
+b. Configure cron jobs to call the appropriate opendmarc history
+ import scripts and truncating the dmarc_history_file.
+
+In order to send forensic reports, you need to:
+a. Configure the global setting dmarc_forensic_sender.
+b. Configure, somewhere before the DATA ACL, the control option to
+ enable sending DMARC forensic reports.
+
+
+6. Example usage:
+(RCPT ACL)
+ warn domains = +local_domains
+ hosts = +local_hosts
+ control = dmarc_verify_disable
+
+ warn !domains = +screwed_up_dmarc_records
+ control = dmarc_enable_forensic
+
+(DATA ACL)
+ warn dmarc_status = accept : none : off
+ !authenticated = *
+ log_message = DMARC DEBUG: $dmarc_status $dmarc_used_domain
+ add_header = $dmarc_ar_header
+
+ warn dmarc_status = !accept
+ !authenticated = *
+ log_message = DMARC DEBUG: '$dmarc_status' for $dmarc_used_domain
+
+ warn dmarc_status = quarantine
+ !authenticated = *
+ set $acl_m_quarantine = 1
+ # Do something in a transport with this flag variable
+
+ deny dmarc_status = reject
+ !authenticated = *
+ message = Message from $domain_used_domain failed sender's DMARC policy, REJECT
+
+
+
DBL (Database Logging)
--------------------------------------------------------------
mkdir($dir);
- my @cmd =
- ( $genpath, '--spec', $spec, '--filter', $filter, '--latest', $context->{trelease}, '--tmpl', $templates, '--docroot', $dir );
+ my @cmd = (
+ $genpath, '--spec', $spec, '--filter',
+ $filter, '--latest', $context->{trelease}, '--tmpl',
+ $templates, '--docroot', $dir, '--localstatic'
+ );
print "Executing ", join( ' ', @cmd ), "\n";
system(@cmd);
my $context = shift;
my $docdir = File::Spec->catdir( $context->{release_tree}, 'doc', 'doc-docbook' );
- system("cd '$docdir' && ./OS-Fixups && make everything") == 0
+ system("cd '$docdir' && ./OS-Fixups && make EXIM_VER=$context->{release} everything") == 0
|| croak "Doc build failed";
copy_docbook_files($context);
--- /dev/null
+ACKNOWLEDGMENTS encoding=utf-8
EXIM ACKNOWLEDGEMENTS
+This file is divided into two parts. The first is the original list maintained
+by Exim's author, Philip Hazel, before he retired. That has two sub-lists of
+contributors. The second main part is an attempt to bring this up-to-date,
+using information from ChangeLog and git.
+
+Names may well occur more than once.
+
+There was a five year gap. It is unlikely that this file is complete.
+If you contributed and are not listed, then *please* let us know. Even if you
+don't much care, we want to acknowledge your help. A contribution isn't just
+code, it includes reporting real bugs, helping with tracking problems down,
+documentation fixes and more.
+
+(Note that we have patches from folks in various countries and Latin1 is not
+ sufficient to handle all of their names acceptably.
+ This file should be in UTF-8).
+
+-Phil Pennock, pp The Exim Maintainers.
+
+============================8< cut here >8==============================
+
I have not been very good at keeping a proper record of all the people who have
sent in patches and other contributions to Exim. I am going to try to do better
in the future by keeping a record in this file. First, I'll put a list of all
Lists created: 20 November 2002
Last updated (by PH): 22 August 2007
- Note: at current time, Exim is maintained in git; the commit messages
- typically credit sources, at the very least. Also the ChangeLog file
- will record who provided patches. This file is not very up-to-date.
- -Phil Pennock, 2012
-
THE OLD LIST
Alan Barratt First code for relay checking
Tom Kistner SPA server code
Writing and maintaining the content scanning
extension (exiscan)
-Jürgen Kreileder Fix for cyrus_sasl advertisement problem
+Jürgen Kreileder Fix for cyrus_sasl advertisement problem
Friso Kuipers Patch for GDBM problem
Matthias Lederhofer Diagnosing and patching obscure and subtle socket bug
Chris Liddiard Fix for bug in exiqsumm
control=freeze/no_tell basic code
Erik ? patch to use select() instead of poll() on OS X
****
+
+============================8< cut here >8==============================
+
+The Exim Maintainers Lists
+==========================
+
+We'll start with the Exim Maintainers, who are the people with commit
+access to the master git repository and a couple more folk; then we'll list
+known contributors since the lists above. Then we list the folks who work
+to make Exim available on various operating systems as porters/packagers.
+
+For the Maintainers, we may list primary focus area. All maintainers
+will have contributed to work outside those areas. The maintainers'
+contributions are initialled in ChangeLog. Changes from before maintainership
+should be listed as a contributor.
+
+For other contributors, we will attempt to track all contributions. Note that
+the entries per-person were added initially by scanning back through the
+ChangeLog and git, so are not in chronological order.
+
+[ With names from all over the world, we need one sort order. I've arbitrarily
+ decreed it to be "normal British address-book sort order, but based on family
+ name rather than whichever comes last and using whatever seems sanest for
+ sort order of characters which do not collate onto an English character",
+ which should handle the majority of cases. If it is not adequate for some
+ situation, we'll resolve it then.
+ We leave out titles and honourifics, just names and handles. ]
+
+
+Maintainers
+-----------
+Steve Campbell eximstats maintainer.
+Mike Cardwell Exim webmaster.
+Tony Finch Unbreaks lots of things. Ratelimit code.
+Graeme Fowler
+Michael Haardt Maintains Sieve support, works on DKIM.
+Jeremy Harris
+Philip Hazel Retired.
+ Originating architect and author of the Exim project.
+John Jetmore
+Tom Kistner DKIM. Content scanning. SPA.
+Todd Lyons
+Nigel Metheringham Transitioning out of Default Victim status.
+Phil Pennock Release Coordinator. Breaks lots of things.
+David Woodhouse Dynamic modules. Security.
+
+
+Contributors
+------------
+Andrew Aitchison Spotted cmdline AV scanner regression with -bmalware
+Simon Arlott Code for outbound SSL-on-connect
+ Patch implementing %M datestamping in log filenames
+ Patch restoring SIGPIPE handler for child_open_uid
+ Patch fixing NUL term/init of DKIM strings
+ Patch fixing dnsdb TXT record handling for DKIM
+ Patch speeding up DomainKeys signing
+Dmitry Banschikov Path to check for LDAP TLS initialisation errors
+René Berber Pointed out mistake in build instructions for QNX
+Johannes Berg Maintained dynamically loadable module code out-of-tree
+ Patch expanding spamd_address if contains $
+Jasen Betts Spotted lack of docs re bool{} on empty string
+ and typo fixes
+Wolfgang Breyha DCC integration; expandable spamd_address
+ Patch handling IPv6 addresses for SPF
+ Patch fixing DKIM verification when signature header
+ not prepended
+ Unbroke Cyrus SASL auth after incorrect SSF addition
+ Logging of 8bitmime reception
+David Brownlee Patch improving local interface IP address detection
+Eugene Bujak Security patch fixing buffer overflow in string_format
+Adam Ciarcinski Patch for TLS-enabled LDAP (alternative to ldaps)
+Dennis Davis Patches fixing compilation in older compilers
+ Reported dynlookup framework build issues on Solaris
+Serge Demonchaux Maintained dynamically loadable module code out-of-tree
+ Patch fixing sign/unsigned and UTF mismatches
+Uwe Doering Patch fixing DKIM multiple signature generation
+Maxim Dounin Patch portability of accept() len
+Frank Elsner Fixed build reliability by exporting LC_ALL=C
+Paul Fisher Diagnosed smtp_cmd_buffer_size affecting GSSAPI SASL
+ initial response, raised buffer size
+ Patch adjusting connection_max_messages wait-DB usage
+Oliver Fleischmann Patches fixing compilation in older compilers
+Julian Gilbey Helped improve userforward local_part_suffix docs
+Richard Godbee Patch fixing usage fprintf
+Steve Haslam Maintained dynamically loadable module code out-of-tree
+Oliver Heesakkers Debugged dynamic lookup build issues for LOOKUP_foo.
+Dmitry Isaikin Spotted short writes to local files
+ Patch for format string regression
+Alun Jones Patch for NULL dereference in localhost_number
+Brad Jorsch Patches fixing Resent-*: header handling
+John Hall Updated PCRE to 7.4 (when in-tree)
+Jeremy Harris Patch to log authentication information in reject log
+ Reported a ${extract error message typo
+Jakob Hirsch Patch implementing freeze_signal on pipe transports
+ Suggested X-Envelope-Sender: for content-scanning
+ Patch fixing Base64 decode bugs
+John Horne Patch adding $av_failed
+ Patch escaping log text after lookup expansion defer
+ Documentation fixes
+ Pointed out ClamAV ExtendedDetectionInfo compat issue
+Regid Ichira Documentation fixes
+Andreas M. Kirchwitz Let /dev/null have normal permissions (4.73 fallout)
+J. Nick Koston Patch adding force_command pipe transport option
+Roberto Lima Patch letting exicyclog rotate paniclog
+Todd Lyons Patch handling TAB in MAIL arguments
+Christof Meerwald Provided insight & suggested patch for GnuTLS update
+Andreas Metzler Patch upgrading PolarSSL (DKIM)
+ Reported delivery logging problems (4.73 fallout)
+ Patch to build without WITH_CONTENT_SCAN
+ Patches fixing docs for max_rcpts, relay hosts/domains
+ Documentation fixes
+Kirill Miazine Multiple patches improving Dovecot authenticator
+Robert Millan Wrote SPF Best Guess support
+Marcin Mirosław Running static analysis tools for us, catching issues
+Dirk Mueller Patch extending use of our printf() compiler checking
+Andrey Oktyabrski Patch fixing wide character breakage in rfc2047 coding
+ Patch keeping SQL errors from being returned over SMTP
+Phil Pennock Patch adding gnutls_compat_mode
+ Patches adding bool{} and later bool_lax{}
+ Patch for TLS library version reporting build/runtime
+ Patch letting EXPN work under TLS
+ More patches built up & applied when became maintainer
+Mark Daniel Reidel Patch adding f-protd malware scanner support
+Steven A Reisman Pointed out ${eval:x % 0} SIGFPE
+Todd Rinaldo Patch fixing transport filter timeout
+Dan Rosenberg Security notification & patch for hardlink attack on
+ sticky mail directory
+ Security notification of race condition in MBX locking
+Jay Rouman Kept our copyright claim in the 21st century, not 11th
+ Drew attention to SSL docs and epoch issue on 32bit
+Heiko Schlittermann Patch making maildir_use_size_file expand
+ Patch fixing maildir quota file races
+ Patch fixing make parallelisation
+ Updates to eximstats, exiwhat
+Janne Snabb TLS extensive debugging & failure root cause analysis
+ Added SPF record type support to dnsdb lookup
+Jan Srzednicki Patch improving Dovecot authenticator
+ Reported crash in Dovecot authenticator
+Samuel Thibault Patch fixing IPv6 interface address detection on Hurd
+Martin Tscholak Reported issue with TLS anonymous ciphersuites
+Stephen Usher Patch fixing use of Oracle's LDAP libraries on Solaris
+Holger Weiß Patch leting ${run} return more data than OS pipe
+ buffer size
+Moritz Wilhelmy Pointed out PCRE_PRERELEASE glitch
+Alain Williams Patch supporting MySQL stored procedures
+Mark Zealey Patch updating $message_linecount for maildir_tag
+ Patch improving spamd server selection
+
+
+Packagers
+---------
+Mark Baker Debian, through Exim 3
+Hilko Bengen Debian, Exim 4, current(*) maintenance
+Tim Cutts Debian, initial packaging
+Marc Haber Debian, Exim 4, current(*) maintenance
+Steve Haslam Debian, Exim 4
+Andreas Metzler Debian, current(*) maintenance
+Christian Perrier Debian, current(*) maintenance
+
+(*) Current as of our last information as of release: Exim 4.82
+
+
+# vim: set fileencoding=utf-8 expandtab :
--- /dev/null
+Copyright (c) 2009, 2010, 2012, The Trusted Domain Project.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ * Neither the name of The Trusted Domain Project nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+Portions of this project are also covered by the Sendmail Open Source
+License, available in this distribution in the file "LICENSE.Sendmail".
+See the copyright notice(s) in each file to determine whether or not it is
+covered by both licenses.
+
+THIS SOFTWARE IS PROVIDED BY THE OPENDKIM PROJECT ''AS IS'' AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE OPENDKIM PROJECT BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
$(SHELL) -c "test -d $$builddir -a -r $$builddir/version.c || \
(mkdir $$builddir; cd $$builddir; $(SHELL) ../scripts/MakeLinks)";
+checks:
+ $(SHELL) scripts/source_checks
+
# The "configure" target ensures that the build directory exists, then arranges
# to build the main makefile from inside the build directory, by calling the
# Configure-Makefile script. This does its own dependency checking because of
# the optional files.
-configure: build-directory
+configure: checks build-directory
@cd build-$(buildname); \
- build=$(build) $(SHELL) ../scripts/Configure-Makefile; \
- $(SHELL) ../scripts/lookups-Makefile
+ build=$(build) $(SHELL) ../scripts/Configure-Makefile
# The "makefile" target forces a rebuild of the makefile (as opposed to
# "configure", which doesn't force it).
makefile: build-directory
@cd build-$(buildname); $(RM_COMMAND) -f Makefile; \
- build=$(build) $(SHELL) ../scripts/Configure-Makefile; \
- $(SHELL) ../scripts/lookups-Makefile
+ build=$(build) $(SHELL) ../scripts/Configure-Makefile
# The installation commands are kept in a separate script, which expects
# to be run from inside the build directory.
OBJ_WITH_CONTENT_SCAN = malware.o mime.o regex.o spam.o spool_mbox.o
OBJ_WITH_OLD_DEMIME = demime.o
-OBJ_EXPERIMENTAL = bmi_spam.o spf.o srs.o dcc.o
+OBJ_EXPERIMENTAL = bmi_spam.o spf.o srs.o dcc.o dmarc.o
# Targets for final binaries; the main one has a build number which is
# updated each time. We don't bother with that for the auxiliaries.
spf.o: $(HDRS) spf.h spf.c
srs.o: $(HDRS) srs.h srs.c
dcc.o: $(HDRS) dcc.h dcc.c
+dmarc.o: $(HDRS) dmarc.h dmarc.c
# The module containing tables of available lookups, routers, auths, and
# transports must be rebuilt if any of them are. However, because the makefiles
# When using parallel make, we don't have the dependency to force building
# in the sub-directory unless we force that dependency:
-$(OBJ_LOOKUPS): buildlookups
+$(OBJ_LOOKUPS): lookups/lookups.a
# The exim monitor's private modules - the sources live in a private
# subdirectory. The final binary combines the private modules with some
# There's no setting of CFLAGS here, to allow the system default
# for "make" to be the default.
-PORTOBJFORMAT!= test -x /usr/bin/objformat && /usr/bin/objformat || echo aout
-
CHOWN_COMMAND=/usr/sbin/chown
STRIP_COMMAND=/usr/bin/strip
CHMOD_COMMAND=/bin/chmod
X11=/usr/local
.endif
+# nb: FreeBSD is entirely elf; objformat was removed prior to FreeBSD 7
+# http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.bin/objformat/Attic/objformat.c
+# deleted Jan 2007.
+#
+# So if this fails, you're on an ancient unsupported FreeBSD release *and*
+# running GUI software, which seems both unusual and unwise.
+#
+# http://www.freebsd.org/doc/handbook/binary-formats.html suggests that the
+# switch to default to ELF came with FreeBSD 3. elf(5) claims ELF support
+# introduced in FreeBSD 2.2.6.
+#
XINCLUDE=-I$(X11)/include
-XLFLAGS=-L$(X11)/lib
-.if ${PORTOBJFORMAT} == "elf"
-XLFLAGS+=-Wl,-rpath,${X11}/lib
-.endif
+XLFLAGS=-L$(X11)/lib -Wl,-rpath,${X11}/lib
X11_LD_LIB=$(X11)/lib
EXIWHAT_PS_ARG=-ax
# Exim: OS-specific make file for Linux. This is for modern Linuxes,
# which use libc6.
+#
+# For Linux, we assume GNU Make; at time of writing, the only extension
+# used is ?= which is actually portable to other maintained Make variants,
+# just is not POSIX.
HAVE_ICONV=yes
CHGRP_COMMAND=look_for_it
CHMOD_COMMAND=look_for_it
-CFLAGS=-O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-CFLAGS_DYNAMIC=-shared -rdynamic
+# Preserve CFLAGS and CFLAGS_DYNAMIC from the caller/environment
+CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+CFLAGS_DYNAMIC ?= -shared -rdynamic
DBMLIB = -ldb
USE_DB = yes
with the list of interfaces, and there is no need to call SIOCGIFADDR for each
individual address. Mostly, making the second call does no harm, but on Linux
when there are IP aliases, it causes things to go wrong. This also happens on
-BSDI. Therefore, there is now a macro to cut it out, called
+BSDI and GNU Hurd. Therefore, there is now a macro to cut it out, called
SIOCGIFCONF_GIVES_ADDR.
Note that, if IPv6 support is configured, Exim cannot find the IPv6 addresses
#define CRYPT_H
#define GLIBC_IP_OPTIONS
-#define HAVE_MMAP
#define HAVE_BSD_GETLOADAVG
+#define HAVE_MMAP
#define HAVE_SYS_VFS_H
#define NO_IP_VAR_H
#define SIG_IGN_WORKS
+#define SIOCGIFCONF_GIVES_ADDR
#define F_FREESP O_TRUNC
typedef struct flock flock_t;
#endif /* __linux__ */
+/* Some folks running "unusual" setups with very old libc environments have
+found that _GNU_SOURCE=1 before <features.h> is not sufficient to define some
+constants needed for 64-bit arithmetic. If you encounter build errors based
+on LLONG_MIN being undefined and various other escape hatches have not helped,
+then change the 0 to 1 in the next block. */
+
+#if 0
+# define LLONG_MIN LONG_LONG_MIN
+# define LLONG_MAX LONG_LONG_MAX
+#endif
+
+
/* End */
THE EXIM MAIL TRANSFER AGENT VERSION 4
--------------------------------------
-Copyright (c) 1995 - 2005 University of Cambridge.
+Copyright (c) 1995 - 2012 University of Cambridge.
See the file NOTICE for conditions of use and distribution.
There is a book about Exim by Philip Hazel called "The Exim SMTP Mail Server",
install, and run Exim. For straightforward installations on operating systems
to which Exim has already been ported, the building process is as follows:
-. Ensure that the top-level Exim directory (e.g. exim-4.40) is the current
+. Ensure that the top-level Exim directory (e.g. exim-4.80) is the current
directory (containing the files and directories listed above).
. Edit the file called src/EDITME and put the result in a new file called
that might affect a running system.
+Exim version 4.82
+-----------------
+
+ * New option gnutls_enable_pkcs11 defaults false; if you have GnuTLS 2.12.0
+ or later and do want PKCS11 modules to be autoloaded, then set this option.
+
+ * A per-transport wait-<name> database is no longer updated if the transport
+ sets "connection_max_messages" to 1, as it can not be used and causes
+ unnecessary serialisation and load. External tools tracking the state of
+ Exim by the hints databases may need modification to take this into account.
+
+
Exim version 4.80
-----------------
int string_datestamp_type = -1;
BOOL timestamps_utc = FALSE;
-BOOL tls_certificate_verified = FALSE;
-uschar *tls_cipher = NULL;
-uschar *tls_peerdn = NULL;
-#ifdef SUPPORT_TLS
-uschar *tls_sni = NULL;
-#endif
+tls_support tls_in = {
+ -1, /* tls_active */
+ 0, /* bits */
+ FALSE, /* tls_certificate_verified */
+ NULL, /* tls_cipher */
+ FALSE, /* tls_on_connect */
+ NULL, /* tls_on_connect_ports */
+ NULL, /* tls_peerdn */
+ NULL /* tls_sni */
+};
tree_node *tree_duplicates = NULL;
tree_node *tree_nonrecipients = NULL;
#include "local_scan.h"
#include "structs.h"
#include "globals.h"
+#include "dbstuff.h"
#include "functions.h"
#include "osfunctions.h"
#include "store.h"
if (log_datestamping)
{
uschar log_file_wanted[256];
- string_format(log_file_wanted, sizeof(log_file_wanted), "%s", CS log_file);
+ /* Do *not* use "%s" here, we need the %D datestamp in the log_file to
+ * be expanded! */
+ string_format(log_file_wanted, sizeof(log_file_wanted), CS log_file);
if (Ustrcmp(log_file_wanted, log_file_open) != 0)
{
if (LOG != NULL)
-#! /bin/sh
+#! /bin/sh -e
# A script to be called to run all the other configuring scripts manually.
mft=$mf-t
mftt=$mf-tt
-look_mf=lookups/Makefile.predynamic
-look_mft=${look_mf}-t
+look_mf=lookups/Makefile
+look_mf_pre=${look_mf}.predynamic
+look_mf_post=${look_mf}.postdynamic
# Ensure the temporary does not exist and start the new one by setting
# the OSTYPE and ARCHTYPE variables.
rm -f $mftt
# make the lookups Makefile with the definitions
+# the auxiliary script generates $look_mf_post from $look_mf_pre
-## prepend stuff here; eg: grep LOOKUP_ $mft > $look_mft
-## cat ../src/lookups/Makefile >> $look_mft
-cp ../src/lookups/Makefile $look_mft
+cp ../src/lookups/Makefile $look_mf_pre
+../scripts/lookups-Makefile
# See if there is a definition of EXIM_PERL in what we have built so far.
# If so, run Perl to find the default values for PERL_CC, PERL_CCOPTS,
# If the new makefile is the same as the existing one, say so, and just
# update the timestamp. Otherwise remove the old and install the new.
-if [ -s $mf ] && cmp -s $mft $mf && [ -s $look_mf ] && cmp -s $look_mft $look_mf
+if [ -s $mf ] && cmp -s $mft $mf && [ -s $look_mf ] && cmp -s $look_mf_post $look_mf
then echo ">>> rebuilt $mf unchanged"
echo " "
touch $mf || exit
- rm -f $mft
-elif rm -f $mf $look_mf
+ rm -f $mft $look_mf_pre $look_mf_post
+elif rm -f $mf $look_mf $look_mf_pre
mv $mft $mf
- mv $look_mft $look_mf
+ mv $look_mf_post $look_mf
then echo ">>> New $mf & $look_mf installed"
echo '>>> Use "make makefile" if you need to force rebuilding of the makefile'
echo " "
ln -s ../src/version.c version.c
ln -s ../src/dkim.c dkim.c
ln -s ../src/dkim.h dkim.h
+ln -s ../src/dmarc.c dmarc.c
+ln -s ../src/dmarc.h dmarc.h
ln -s ../src/valgrind.h valgrind.h
ln -s ../src/memcheck.h memcheck.h
fi
input=lookups/Makefile.predynamic
-target=lookups/Makefile
-defs_source=Makefile
+target=lookups/Makefile.postdynamic
+defs_source=Makefile-t
tag_marker='MAGIC-TAG-MODS-OBJ-RULES-GO-HERE'
tab=' '
# nb: do not permit leading whitespace for this, as CFLAGS_DYNAMIC is exported
# to the lookups subdir via a line with leading whitespace which otherwise
# matches
-if grep -q "^CFLAGS_DYNAMIC[ $tab]*=" "$defs_source"
+if grep -q "^CFLAGS_DYNAMIC[ $tab?:]*=" "$defs_source"
then
# we have a definition, we're good to go
+ echo >&2 ">>> Creating lookups/Makefile for building dynamic modules"
enable_dynamic=yes
else
- echo >&2 "Missing CFLAGS_DYNAMIC inhibits building dynamic module lookup"
+ echo >&2 ">>> Creating lookups/Makefile without dynamic module support"
enable_dynamic=''
# We always do something now, since there should always be a lookup,
# and now we need to run in order to put the OBJ=$(OBJ)+ rules in. So we
# continue on.
fi
-tmp="$target.t"
-
# For the want_ checks, we need to let the user override values from the make
# command-line, not just check the Makefile.
if want_dynamic "$lookup_name"
then
if [ -z "$enable_dynamic" ]; then
- echo >&2 "Inhibited dynamic modules prevents building dynamic $lookup_name"
+ echo >&2 "Missing CFLAGS_DYNAMIC prevents building dynamic $lookup_name"
exit 1
fi
MODS="${MODS} ${mod_name}.so"
fi
}
+rm -f "$target"
exec 5>&1
-exec > "$tmp"
+exec > "$target"
sed -n "1,/$tag_marker/p" < "$input"
sed -n "/$tag_marker/,\$p" < "$input"
exec >&5
-mv "$tmp" "$target"
+# Configure-Makefile will move $target into place
# vim: set ft=sh sw=2 :
--- /dev/null
+#!/bin/sh
+
+cd src;
+
+# Tables with struct items
+while read file table
+do
+ : $file $table
+ < $file \
+ perl -e '$/= undef; while (<>) { print $1 if /(?<='$table'\[\])\s*=\s*{\n(([^}].*\n)+)/m }' \
+ | awk '/{ (US)?"/ {print $2}' \
+ | awk -F\" '{print $2}' \
+ | LANG=C sort -c \
+ || exit 1
+done <<-END
+ readconf.c optionlist_config
+ globals.c optionlist_auths
+ globals.c debug_options
+ globals.c header_names
+ globals.c log_options
+ expand.c item_table
+ transport.c optionlist_transports
+ route.c optionlist_routers
+ transports/appendfile.c appendfile_transport_options
+ transports/autoreply.c autoreply_transport_options
+ transports/lmtp.c lmtp_transport_options
+ transports/pipe.c pipe_transport_options
+ transports/smtp.c smtp_transport_options
+ expand.c var_table
+END
+
+# Tables with just string items
+while read file table
+do
+ : $file $table
+ < $file \
+ perl -e '$/= undef; while (<>) { print $1 if /(?<='$table'\[\])\s*=\s*{\s?(([^}]*)+)}/m }' \
+ | awk -F\" '/"/ {print $2}' \
+ | LANG=C sort -c \
+ || exit 1
+
+done <<-END
+ expand.c item_table
+ expand.c op_table_underscore
+ expand.c op_table_main
+ expand.c cond_table
+ acl.c verbs
+ acl.c conditions
+END
+
# DISABLE_DKIM=yes
+#------------------------------------------------------------------------------
+# By default, Exim has support for checking the AD bit in a DNS response, to
+# determine if DNSSEC validation was successful. If your system libraries
+# do not support that bit, then set DISABLE_DNSSEC to "yes"
+
+# DISABLE_DNSSEC=yes
+
+
#------------------------------------------------------------------------------
# Compiling Exim with experimental features. These are documented in
# experimental-spec.txt. "Experimental" means that the way these features are
# EXPERIMENTAL_OCSP=yes
+# Uncomment the following line to add DMARC checking capability, implemented
+# using libopendmarc libraries.
+# EXPERIMENTAL_DMARC=yes
+# CFLAGS += -I/usr/local/include
+# LDFLAGS += -lopendmarc
+
+# Uncomment the following line to add Per-Recipient-Data-Response support.
+# EXPERIMENTAL_PRDR=yes
+
# This feature allows to write log information about a completed
# delivery into a database
# EXPERIMENTAL_DBL=yes
+
###############################################################################
# THESE ARE THINGS YOU MIGHT WANT TO SPECIFY #
###############################################################################
/* ACL verbs */
-static uschar *verbs[] =
- { US"accept", US"defer", US"deny", US"discard", US"drop", US"require",
+static uschar *verbs[] = {
+ US"accept",
+ US"defer",
+ US"deny",
+ US"discard",
+ US"drop",
+ US"require",
US"warn" };
/* For each verb, the conditions for which "message" or "log_message" are used
#ifndef DISABLE_DKIM
ACLC_DKIM_SIGNER,
ACLC_DKIM_STATUS,
+#endif
+#ifdef EXPERIMENTAL_DMARC
+ ACLC_DMARC_STATUS,
#endif
ACLC_DNSLISTS,
ACLC_DOMAINS,
#ifdef WITH_CONTENT_SCAN
ACLC_REGEX,
#endif
+ ACLC_REMOVE_HEADER,
ACLC_SENDER_DOMAINS,
ACLC_SENDERS,
ACLC_SET,
ACLC_SPF,
ACLC_SPF_GUESS,
#endif
+ ACLC_UDPSEND,
ACLC_VERIFY };
/* ACL conditions/modifiers: "delay", "control", "continue", "endpass",
#ifndef DISABLE_DKIM
US"dkim_signers",
US"dkim_status",
+#endif
+#ifdef EXPERIMENTAL_DMARC
+ US"dmarc_status",
#endif
US"dnslists",
US"domains",
#ifdef WITH_CONTENT_SCAN
US"regex",
#endif
+ US"remove_header",
US"sender_domains", US"senders", US"set",
#ifdef WITH_CONTENT_SCAN
US"spam",
US"spf",
US"spf_guess",
#endif
+ US"udpsend",
US"verify" };
#ifndef DISABLE_DKIM
CONTROL_DKIM_VERIFY,
#endif
+ #ifdef EXPERIMENTAL_DMARC
+ CONTROL_DMARC_VERIFY,
+ CONTROL_DMARC_FORENSIC,
+ #endif
+ CONTROL_DSCP,
CONTROL_ERROR,
CONTROL_CASEFUL_LOCAL_PART,
CONTROL_CASELOWER_LOCAL_PART,
+ CONTROL_CUTTHROUGH_DELIVERY,
CONTROL_ENFORCE_SYNC,
CONTROL_NO_ENFORCE_SYNC,
CONTROL_FREEZE,
#ifndef DISABLE_DKIM
US"dkim_disable_verify",
#endif
+ #ifdef EXPERIMENTAL_DMARC
+ US"dmarc_disable_verify",
+ US"dmarc_enable_forensic",
+ #endif
+ US"dscp",
US"error",
US"caseful_local_part",
US"caselower_local_part",
+ US"cutthrough_delivery",
US"enforce_sync",
US"no_enforce_sync",
US"freeze",
checking functions. */
static uschar cond_expand_at_top[] = {
- TRUE, /* acl */
+ FALSE, /* acl */
TRUE, /* add_header */
FALSE, /* authenticated */
#ifdef EXPERIMENTAL_BRIGHTMAIL
#ifndef DISABLE_DKIM
TRUE, /* dkim_signers */
TRUE, /* dkim_status */
+#endif
+#ifdef EXPERIMENTAL_DMARC
+ TRUE, /* dmarc_status */
#endif
TRUE, /* dnslists */
FALSE, /* domains */
#ifdef WITH_CONTENT_SCAN
TRUE, /* regex */
#endif
+ TRUE, /* remove_header */
FALSE, /* sender_domains */
FALSE, /* senders */
TRUE, /* set */
TRUE, /* spf */
TRUE, /* spf_guess */
#endif
+ TRUE, /* udpsend */
TRUE /* verify */
};
#ifndef DISABLE_DKIM
FALSE, /* dkim_signers */
FALSE, /* dkim_status */
+#endif
+#ifdef EXPERIMENTAL_DMARC
+ FALSE, /* dmarc_status */
#endif
FALSE, /* dnslists */
FALSE, /* domains */
#ifdef WITH_CONTENT_SCAN
FALSE, /* regex */
#endif
+ TRUE, /* remove_header */
FALSE, /* sender_domains */
FALSE, /* senders */
TRUE, /* set */
FALSE, /* spf */
FALSE, /* spf_guess */
#endif
+ TRUE, /* udpsend */
FALSE /* verify */
};
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* add_header */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ #ifdef EXPERIMENTAL_PRDR
+ (1<<ACL_WHERE_PRDR)|
+ #endif
(1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)|
(1<<ACL_WHERE_DKIM)|
(1<<ACL_WHERE_NOTSMTP_START)),
(1<<ACL_WHERE_AUTH)| /* bmi_optin */
(1<<ACL_WHERE_CONNECT)|(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_MIME)|
+ #ifdef EXPERIMENTAL_PRDR
+ (1<<ACL_WHERE_PRDR)|
+ #endif
(1<<ACL_WHERE_ETRN)|(1<<ACL_WHERE_EXPN)|
(1<<ACL_WHERE_MAILAUTH)|
(1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_STARTTLS)|
#ifdef EXPERIMENTAL_DCC
(unsigned int)
- ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)), /* dcc */
+ ~((1<<ACL_WHERE_DATA)| /* dcc */
+ #ifdef EXPERIMENTAL_PRDR
+ (1<<ACL_WHERE_PRDR)|
+ #endif /* EXPERIMENTAL_PRDR */
+ (1<<ACL_WHERE_NOTSMTP)),
#endif
#ifdef WITH_CONTENT_SCAN
#ifdef WITH_OLD_DEMIME
(unsigned int)
- ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)), /* demime */
+ ~((1<<ACL_WHERE_DATA)| /* demime */
+ #ifdef EXPERIMENTAL_PRDR
+ (1<<ACL_WHERE_PRDR)|
+ #endif /* EXPERIMENTAL_PRDR */
+ (1<<ACL_WHERE_NOTSMTP)),
#endif
#ifndef DISABLE_DKIM
~(1<<ACL_WHERE_DKIM), /* dkim_status */
#endif
+ #ifdef EXPERIMENTAL_DMARC
+ (unsigned int)
+ ~(1<<ACL_WHERE_DATA), /* dmarc_status */
+ #endif
+
(1<<ACL_WHERE_NOTSMTP)| /* dnslists */
(1<<ACL_WHERE_NOTSMTP_START),
(unsigned int)
- ~(1<<ACL_WHERE_RCPT), /* domains */
+ ~((1<<ACL_WHERE_RCPT) /* domains */
+ #ifdef EXPERIMENTAL_PRDR
+ |(1<<ACL_WHERE_PRDR)
+ #endif
+ ),
(1<<ACL_WHERE_NOTSMTP)| /* encrypted */
(1<<ACL_WHERE_CONNECT)|
(1<<ACL_WHERE_NOTSMTP_START),
(unsigned int)
- ~(1<<ACL_WHERE_RCPT), /* local_parts */
+ ~((1<<ACL_WHERE_RCPT) /* local_parts */
+ #ifdef EXPERIMENTAL_PRDR
+ |(1<<ACL_WHERE_PRDR)
+ #endif
+ ),
0, /* log_message */
#ifdef WITH_CONTENT_SCAN
(unsigned int)
- ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)), /* malware */
+ ~((1<<ACL_WHERE_DATA)| /* malware */
+ #ifdef EXPERIMENTAL_PRDR
+ (1<<ACL_WHERE_PRDR)|
+ #endif /* EXPERIMENTAL_PRDR */
+ (1<<ACL_WHERE_NOTSMTP)),
#endif
0, /* message */
#ifdef WITH_CONTENT_SCAN
(unsigned int)
- ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* regex */
+ ~((1<<ACL_WHERE_DATA)| /* regex */
+ #ifdef EXPERIMENTAL_PRDR
+ (1<<ACL_WHERE_PRDR)|
+ #endif /* EXPERIMENTAL_PRDR */
+ (1<<ACL_WHERE_NOTSMTP)|
(1<<ACL_WHERE_MIME)),
#endif
+ (unsigned int)
+ ~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* remove_header */
+ (1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ #ifdef EXPERIMENTAL_PRDR
+ (1<<ACL_WHERE_PRDR)|
+ #endif
+ (1<<ACL_WHERE_MIME)|(1<<ACL_WHERE_NOTSMTP)|
+ (1<<ACL_WHERE_NOTSMTP_START)),
+
(1<<ACL_WHERE_AUTH)|(1<<ACL_WHERE_CONNECT)| /* sender_domains */
(1<<ACL_WHERE_HELO)|
(1<<ACL_WHERE_MAILAUTH)|(1<<ACL_WHERE_QUIT)|
#ifdef WITH_CONTENT_SCAN
(unsigned int)
- ~((1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)), /* spam */
+ ~((1<<ACL_WHERE_DATA)| /* spam */
+ #ifdef EXPERIMENTAL_PRDR
+ (1<<ACL_WHERE_PRDR)|
+ #endif /* EXPERIMENTAL_PRDR */
+ (1<<ACL_WHERE_NOTSMTP)),
#endif
#ifdef EXPERIMENTAL_SPF
(1<<ACL_WHERE_NOTSMTP_START),
#endif
+ 0, /* udpsend */
+
/* Certain types of verify are always allowed, so we let it through
always and check in the verify function itself */
#ifndef DISABLE_DKIM
(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dkim_disable_verify */
+ #ifdef EXPERIMENTAL_PRDR
+ (1<<ACL_WHERE_PRDR)|
+ #endif /* EXPERIMENTAL_PRDR */
(1<<ACL_WHERE_NOTSMTP_START),
#endif
+ #ifdef EXPERIMENTAL_DMARC
+ (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dmarc_disable_verify */
+ (1<<ACL_WHERE_NOTSMTP_START),
+ (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP)| /* dmarc_enable_forensic */
+ (1<<ACL_WHERE_NOTSMTP_START),
+ #endif
+
+ (1<<ACL_WHERE_NOTSMTP)|
+ (1<<ACL_WHERE_NOTSMTP_START)|
+ (1<<ACL_WHERE_NOTQUIT), /* dscp */
+
0, /* error */
(unsigned int)
(unsigned int)
~(1<<ACL_WHERE_RCPT), /* caselower_local_part */
+ (unsigned int)
+ 0, /* cutthrough_delivery */
+
(1<<ACL_WHERE_NOTSMTP)| /* enforce_sync */
(1<<ACL_WHERE_NOTSMTP_START),
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* freeze */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_MIME)),
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* queue_only */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */
(1<<ACL_WHERE_NOTSMTP)|(1<<ACL_WHERE_MIME)),
(unsigned int)
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* no_mbox_unspool */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ // (1<<ACL_WHERE_PRDR)| /* Not allow one user to freeze for all */
(1<<ACL_WHERE_MIME)),
#endif
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* fakedefer */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ #ifdef EXPERIMENTAL_PRDR
+ (1<<ACL_WHERE_PRDR)|
+ #endif /* EXPERIMENTAL_PRDR */
(1<<ACL_WHERE_MIME)),
(unsigned int)
~((1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT)| /* fakereject */
(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|
+ #ifdef EXPERIMENTAL_PRDR
+ (1<<ACL_WHERE_PRDR)|
+ #endif /* EXPERIMENTAL_PRDR */
(1<<ACL_WHERE_MIME)),
(1<<ACL_WHERE_NOTSMTP)| /* no_multiline */
#ifndef DISABLE_DKIM
{ US"dkim_disable_verify", CONTROL_DKIM_VERIFY, FALSE },
#endif
+#ifdef EXPERIMENTAL_DMARC
+ { US"dmarc_disable_verify", CONTROL_DMARC_VERIFY, FALSE },
+ { US"dmarc_enable_forensic", CONTROL_DMARC_FORENSIC, FALSE },
+#endif
+ { US"dscp", CONTROL_DSCP, TRUE },
{ US"caseful_local_part", CONTROL_CASEFUL_LOCAL_PART, FALSE },
{ US"caselower_local_part", CONTROL_CASELOWER_LOCAL_PART, FALSE },
{ US"enforce_sync", CONTROL_ENFORCE_SYNC, FALSE },
{ US"fakedefer", CONTROL_FAKEDEFER, TRUE },
{ US"fakereject", CONTROL_FAKEREJECT, TRUE },
{ US"submission", CONTROL_SUBMISSION, TRUE },
- { US"suppress_local_fixups", CONTROL_SUPPRESS_LOCAL_FIXUPS, FALSE }
+ { US"suppress_local_fixups", CONTROL_SUPPRESS_LOCAL_FIXUPS, FALSE },
+ { US"cutthrough_delivery", CONTROL_CUTTHROUGH_DELIVERY, FALSE }
};
/* Support data structures for Client SMTP Authorization. acl_verify_csa()
/* Enable recursion between acl_check_internal() and acl_check_condition() */
-static int acl_check_internal(int, address_item *, uschar *, int, uschar **,
- uschar **);
+static int acl_check_wargs(int, address_item *, uschar *, int, uschar **,
+ uschar **);
/*************************************************
uschar *p, *q;
int hlen = Ustrlen(hstring);
-/* An empty string does nothing; otherwise add a final newline if necessary. */
+/* Ignore any leading newlines */
+while (*hstring == '\n') hstring++, hlen--;
+/* An empty string does nothing; ensure exactly one final newline. */
if (hlen <= 0) return;
-if (hstring[hlen-1] != '\n') hstring = string_sprintf("%s\n", hstring);
+if (hstring[--hlen] != '\n') hstring = string_sprintf("%s\n", hstring);
+else while(hstring[--hlen] == '\n') hstring[hlen+1] = '\0';
/* Loop for multiple header lines, taking care about continuations */
+/*************************************************
+* List the added header lines *
+*************************************************/
+uschar *
+fn_hdrs_added(void)
+{
+uschar * ret = NULL;
+header_line * h = acl_added_headers;
+uschar * s;
+uschar * cp;
+int size = 0;
+int ptr = 0;
+
+if (!h) return NULL;
+
+do
+ {
+ s = h->text;
+ while ((cp = Ustrchr(s, '\n')) != NULL)
+ {
+ if (cp[1] == '\0') break;
+
+ /* contains embedded newline; needs doubling */
+ ret = string_cat(ret, &size, &ptr, s, cp-s+1);
+ ret = string_cat(ret, &size, &ptr, US"\n", 1);
+ s = cp+1;
+ }
+ /* last bit of header */
+
+ ret = string_cat(ret, &size, &ptr, s, cp-s+1); /* newline-sep list */
+ }
+while((h = h->next));
+
+ret[ptr-1] = '\0'; /* overwrite last newline */
+return ret;
+}
+
+
+/*************************************************
+* Set up removed header line(s) *
+*************************************************/
+
+/* This function is called by the remove_header modifier. The argument is
+treated as a sequence of header names which are added to a colon separated
+list, provided there isn't an identical one already there.
+
+Argument: string of header names
+Returns: nothing
+*/
+
+static void
+setup_remove_header(uschar *hnames)
+{
+if (*hnames != 0)
+ {
+ if (acl_removed_headers == NULL)
+ acl_removed_headers = hnames;
+ else
+ acl_removed_headers = string_sprintf("%s : %s", acl_removed_headers, hnames);
+ }
+}
+
+
/*************************************************
* Handle warnings *
test whether it was successful or not. (This is for optional verification; for
mandatory verification, the connection doesn't last this long.) */
- if (tls_certificate_verified) return OK;
+ if (tls_in.certificate_verified) return OK;
*user_msgptr = US"no verified certificate";
return FAIL;
+/*************************************************
+* The udpsend ACL modifier *
+*************************************************/
+
+/* Called by acl_check_condition() below.
+
+Arguments:
+ arg the option string for udpsend=
+ log_msgptr for error messages
+
+Returns: OK - Completed.
+ DEFER - Problem with DNS lookup.
+ ERROR - Syntax error in options.
+*/
+
+static int
+acl_udpsend(uschar *arg, uschar **log_msgptr)
+{
+int sep = 0;
+uschar *hostname;
+uschar *portstr;
+uschar *portend;
+host_item *h;
+int portnum;
+int host_af;
+int len;
+int r, s;
+
+hostname = string_nextinlist(&arg, &sep, NULL, 0);
+portstr = string_nextinlist(&arg, &sep, NULL, 0);
+
+if (hostname == NULL)
+ {
+ *log_msgptr = US"missing destination host in \"udpsend\" modifier";
+ return ERROR;
+ }
+if (portstr == NULL)
+ {
+ *log_msgptr = US"missing destination port in \"udpsend\" modifier";
+ return ERROR;
+ }
+if (arg == NULL)
+ {
+ *log_msgptr = US"missing datagram payload in \"udpsend\" modifier";
+ return ERROR;
+ }
+portnum = Ustrtol(portstr, &portend, 10);
+if (*portend != '\0')
+ {
+ *log_msgptr = US"bad destination port in \"udpsend\" modifier";
+ return ERROR;
+ }
+
+/* Make a single-item host list. */
+h = store_get(sizeof(host_item));
+memset(h, 0, sizeof(host_item));
+h->name = hostname;
+h->port = portnum;
+h->mx = MX_NONE;
+
+if (string_is_ip_address(hostname, NULL))
+ h->address = hostname, r = HOST_FOUND;
+else
+ r = host_find_byname(h, NULL, 0, NULL, FALSE);
+if (r == HOST_FIND_FAILED || r == HOST_FIND_AGAIN)
+ {
+ *log_msgptr = US"DNS lookup failed in \"udpsend\" modifier";
+ return DEFER;
+ }
+
+HDEBUG(D_acl)
+ debug_printf("udpsend [%s]:%d %s\n", h->address, portnum, arg);
+
+host_af = (Ustrchr(h->address, ':') == NULL)? AF_INET:AF_INET6;
+r = s = ip_socket(SOCK_DGRAM, host_af);
+if (r < 0) goto defer;
+r = ip_connect(s, host_af, h->address, portnum, 1);
+if (r < 0) goto defer;
+len = Ustrlen(arg);
+r = send(s, arg, len, MSG_NOSIGNAL);
+if (r < 0) goto defer;
+if (r < len)
+ {
+ *log_msgptr =
+ string_sprintf("\"udpsend\" truncated from %d to %d octets", len, r);
+ return DEFER;
+ }
+
+HDEBUG(D_acl)
+ debug_printf("udpsend %d bytes\n", r);
+
+return OK;
+
+defer:
+*log_msgptr = string_sprintf("\"udpsend\" failed: %s", strerror(errno));
+return DEFER;
+}
+
+
+
/*************************************************
* Handle conditions/modifiers on an ACL item *
*************************************************/
"discard" verb. */
case ACLC_ACL:
- rc = acl_check_internal(where, addr, arg, level+1, user_msgptr, log_msgptr);
- if (rc == DISCARD && verb != ACL_ACCEPT && verb != ACL_DISCARD)
- {
- *log_msgptr = string_sprintf("nested ACL returned \"discard\" for "
- "\"%s\" command (only allowed with \"accept\" or \"discard\")",
- verbs[verb]);
- return ERROR;
- }
+ rc = acl_check_wargs(where, addr, arg, level+1, user_msgptr, log_msgptr);
+ if (rc == DISCARD && verb != ACL_ACCEPT && verb != ACL_DISCARD)
+ {
+ *log_msgptr = string_sprintf("nested ACL returned \"discard\" for "
+ "\"%s\" command (only allowed with \"accept\" or \"discard\")",
+ verbs[verb]);
+ return ERROR;
+ }
break;
case ACLC_AUTHENTICATED:
#ifndef DISABLE_DKIM
case CONTROL_DKIM_VERIFY:
dkim_disable_verify = TRUE;
+ #ifdef EXPERIMENTAL_DMARC
+ /* Since DKIM was blocked, skip DMARC too */
+ dmarc_disable_verify = TRUE;
+ dmarc_enable_forensic = FALSE;
+ #endif
+ break;
+ #endif
+
+ #ifdef EXPERIMENTAL_DMARC
+ case CONTROL_DMARC_VERIFY:
+ dmarc_disable_verify = TRUE;
+ break;
+
+ case CONTROL_DMARC_FORENSIC:
+ dmarc_enable_forensic = TRUE;
break;
#endif
+ case CONTROL_DSCP:
+ if (*p == '/')
+ {
+ int fd, af, level, optname, value;
+ /* If we are acting on stdin, the setsockopt may fail if stdin is not
+ a socket; we can accept that, we'll just debug-log failures anyway. */
+ fd = fileno(smtp_in);
+ af = ip_get_address_family(fd);
+ if (af < 0)
+ {
+ HDEBUG(D_acl)
+ debug_printf("smtp input is probably not a socket [%s], not setting DSCP\n",
+ strerror(errno));
+ break;
+ }
+ if (dscp_lookup(p+1, af, &level, &optname, &value))
+ {
+ if (setsockopt(fd, level, optname, &value, sizeof(value)) < 0)
+ {
+ HDEBUG(D_acl) debug_printf("failed to set input DSCP[%s]: %s\n",
+ p+1, strerror(errno));
+ }
+ else
+ {
+ HDEBUG(D_acl) debug_printf("set input DSCP to \"%s\"\n", p+1);
+ }
+ }
+ else
+ {
+ *log_msgptr = string_sprintf("unrecognised DSCP value in \"control=%s\"", arg);
+ return ERROR;
+ }
+ }
+ else
+ {
+ *log_msgptr = string_sprintf("syntax error in \"control=%s\"", arg);
+ return ERROR;
+ }
+ break;
+
case CONTROL_ERROR:
return ERROR;
case CONTROL_SUPPRESS_LOCAL_FIXUPS:
suppress_local_fixups = TRUE;
break;
+
+ case CONTROL_CUTTHROUGH_DELIVERY:
+ if (deliver_freeze)
+ {
+ *log_msgptr = string_sprintf("\"control=%s\" on frozen item", arg);
+ return ERROR;
+ }
+ if (queue_only_policy)
+ {
+ *log_msgptr = string_sprintf("\"control=%s\" on queue-only item", arg);
+ return ERROR;
+ }
+ cutthrough_delivery = TRUE;
+ break;
}
break;
break;
#endif
+ #ifdef EXPERIMENTAL_DMARC
+ case ACLC_DMARC_STATUS:
+ if (!dmarc_has_been_checked)
+ dmarc_process();
+ dmarc_has_been_checked = TRUE;
+ /* used long way of dmarc_exim_expand_query() in case we need more
+ * view into the process in the future. */
+ rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS),
+ &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
+ break;
+ #endif
+
case ACLC_DNSLISTS:
rc = verify_check_dnsbl(&arg);
break;
writing is poorly documented. */
case ACLC_ENCRYPTED:
- if (tls_cipher == NULL) rc = FAIL; else
+ if (tls_in.cipher == NULL) rc = FAIL; else
{
uschar *endcipher = NULL;
- uschar *cipher = Ustrchr(tls_cipher, ':');
- if (cipher == NULL) cipher = tls_cipher; else
+ uschar *cipher = Ustrchr(tls_in.cipher, ':');
+ if (cipher == NULL) cipher = tls_in.cipher; else
{
endcipher = Ustrchr(++cipher, ':');
if (endcipher != NULL) *endcipher = 0;
break;
#endif
+ case ACLC_REMOVE_HEADER:
+ setup_remove_header(arg);
+ break;
+
case ACLC_SENDER_DOMAINS:
{
uschar *sdomain;
break;
#endif
+ case ACLC_UDPSEND:
+ rc = acl_udpsend(arg, log_msgptr);
+ break;
+
/* If the verb is WARN, discard any user message from verification, because
such messages are SMTP responses, not header additions. The latter come
only from explicit "message" modifiers. However, put the user message into
}
+
+
+/* Same args as acl_check_internal() above, but the string s is
+the name of an ACL followed optionally by up to 9 space-separated arguments.
+The name and args are separately expanded. Args go into $acl_arg globals. */
+static int
+acl_check_wargs(int where, address_item *addr, uschar *s, int level,
+ uschar **user_msgptr, uschar **log_msgptr)
+{
+uschar * tmp;
+uschar * tmp_arg[9]; /* must match acl_arg[] */
+uschar * sav_arg[9]; /* must match acl_arg[] */
+int sav_narg;
+uschar * name;
+int i;
+int ret;
+
+if (!(tmp = string_dequote(&s)) || !(name = expand_string(tmp)))
+ goto bad;
+
+for (i = 0; i < 9; i++)
+ {
+ while (*s && isspace(*s)) s++;
+ if (!*s) break;
+ if (!(tmp = string_dequote(&s)) || !(tmp_arg[i] = expand_string(tmp)))
+ {
+ tmp = name;
+ goto bad;
+ }
+ }
+
+sav_narg = acl_narg;
+acl_narg = i;
+for (i = 0; i < acl_narg; i++)
+ {
+ sav_arg[i] = acl_arg[i];
+ acl_arg[i] = tmp_arg[i];
+ }
+while (i < 9)
+ {
+ sav_arg[i] = acl_arg[i];
+ acl_arg[i++] = NULL;
+ }
+
+ret = acl_check_internal(where, addr, name, level, user_msgptr, log_msgptr);
+
+acl_narg = sav_narg;
+for (i = 0; i < 9; i++) acl_arg[i] = sav_arg[i];
+return ret;
+
+bad:
+if (expand_string_forcedfail) return ERROR;
+*log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s",
+ tmp, expand_string_message);
+return search_find_defer?DEFER:ERROR;
+}
+
+
+
/*************************************************
* Check access using an ACL *
*************************************************/
+/* Alternate interface for ACL, used by expansions */
+int
+acl_eval(int where, uschar *s, uschar **user_msgptr, uschar **log_msgptr)
+{
+address_item adb;
+address_item *addr = NULL;
+
+*user_msgptr = *log_msgptr = NULL;
+sender_verified_failed = NULL;
+ratelimiters_cmd = NULL;
+log_reject_target = LOG_MAIN|LOG_REJECT;
+
+if (where == ACL_WHERE_RCPT)
+ {
+ adb = address_defaults;
+ addr = &adb;
+ addr->address = expand_string(US"$local_part@$domain");
+ addr->domain = deliver_domain;
+ addr->local_part = deliver_localpart;
+ addr->cc_local_part = deliver_localpart;
+ addr->lc_local_part = deliver_localpart;
+ }
+
+return acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr);
+}
+
+
+
/* This is the external interface for ACL checks. It sets up an address and the
expansions for $domain and $local_part when called after RCPT, then calls
acl_check_internal() to do the actual work.
DEFER can't tell at the moment
ERROR disaster
*/
+int acl_where = ACL_WHERE_UNKNOWN;
int
acl_check(int where, uschar *recipient, uschar *s, uschar **user_msgptr,
ratelimiters_cmd = NULL;
log_reject_target = LOG_MAIN|LOG_REJECT;
-if (where == ACL_WHERE_RCPT)
+#ifdef EXPERIMENTAL_PRDR
+if (where == ACL_WHERE_RCPT || where == ACL_WHERE_PRDR )
+#else
+if (where == ACL_WHERE_RCPT )
+#endif
{
adb = address_defaults;
addr = &adb;
deliver_localpart = addr->local_part;
}
+acl_where = where;
rc = acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr);
+acl_where = ACL_WHERE_UNKNOWN;
+
+/* Cutthrough - if requested,
+and WHERE_RCPT and not yet opened conn as result of recipient-verify,
+and rcpt acl returned accept,
+and first recipient (cancel on any subsequents)
+open one now and run it up to RCPT acceptance.
+A failed verify should cancel cutthrough request.
+
+Initial implementation: dual-write to spool.
+Assume the rxd datastream is now being copied byte-for-byte to an open cutthrough connection.
+
+Cease cutthrough copy on rxd final dot; do not send one.
+
+On a data acl, if not accept and a cutthrough conn is open, hard-close it (no SMTP niceness).
+
+On data acl accept, terminate the dataphase on an open cutthrough conn. If accepted or
+perm-rejected, reflect that to the original sender - and dump the spooled copy.
+If temp-reject, close the conn (and keep the spooled copy).
+If conn-failure, no action (and keep the spooled copy).
+*/
+switch (where)
+{
+case ACL_WHERE_RCPT:
+#ifdef EXPERIMENTAL_PRDR
+case ACL_WHERE_PRDR:
+#endif
+ if( rcpt_count > 1 )
+ cancel_cutthrough_connection("more than one recipient");
+ else if (rc == OK && cutthrough_delivery && cutthrough_fd < 0)
+ open_cutthrough_connection(addr);
+ break;
+
+case ACL_WHERE_PREDATA:
+ if( rc == OK )
+ cutthrough_predata();
+ else
+ cancel_cutthrough_connection("predata acl not ok");
+ break;
+
+case ACL_WHERE_QUIT:
+case ACL_WHERE_NOTQUIT:
+ cancel_cutthrough_connection("quit or notquit");
+ break;
+
+default:
+ break;
+}
deliver_domain = deliver_localpart = deliver_address_data =
sender_address_data = NULL;
}
-
/*************************************************
* Create ACL variable *
*************************************************/
#define spa_bytes_add(ptr, header, buf, count) \
{ \
-if (buf && count) \
+if (buf != NULL && count) \
{ \
SSVAL(&ptr->header.len,0,count); \
SSVAL(&ptr->header.maxlen,0,count); \
is defined. However, some compilers don't like compiling empty modules, so keep
them happy with a dummy when skipping the rest. Make it reference itself to
stop picky compilers complaining that it is unused, and put in a dummy argument
-to stop even pickier compilers complaining about infinite loops. */
+to stop even pickier compilers complaining about infinite loops.
+Then use a mutually-recursive pair as gcc is just getting stupid. */
#ifndef SUPPORT_PAM
-static void dummy(int x) { dummy(x-1); }
+static void dummy(int x);
+static void dummy2(int x) { dummy(x-1); }
+static void dummy(int x) { dummy2(x-1); }
#else /* SUPPORT_PAM */
#ifdef PAM_H_IN_PAM
empty modules, so keep them happy with a dummy when skipping the rest. Make it
reference itself to stop picky compilers complaining that it is unused, and put
in a dummy argument to stop even pickier compilers complaining about infinite
-loops. */
+loops. Then use a mutually-recursive pair as gcc is just getting stupid. */
#ifndef RADIUS_CONFIG_FILE
-static void dummy(int x) { dummy(x-1); }
+static void dummy(int x);
+static void dummy2(int x) { dummy(x-1); }
+static void dummy(int x) { dummy2(x-1); }
#else /* RADIUS_CONFIG_FILE */
loops. */
#ifndef AUTH_CYRUS_SASL
-static void dummy(int x) { dummy(x-1); }
+static void dummy(int x);
+static void dummy2(int x) { dummy(x-1); }
+static void dummy(int x) { dummy2(x-1); }
#else
sasl_callback_t cbs[]={{SASL_CB_LIST_END, NULL, NULL}};
sasl_conn_t *conn;
char *realm_expanded;
-int rc, firsttime=1, clen, *negotiated_ssf_ptr=NULL, negotiated_ssf;
+int rc, i, firsttime=1, clen, *negotiated_ssf_ptr=NULL, negotiated_ssf;
unsigned int inlen, outlen;
input=data;
return DEFER;
}
-if (tls_cipher)
+if (tls_in.cipher)
{
- rc = sasl_setprop(conn, SASL_SSF_EXTERNAL, (sasl_ssf_t *) &tls_bits);
+ rc = sasl_setprop(conn, SASL_SSF_EXTERNAL, (sasl_ssf_t *) &tls_in.bits);
if (rc != SASL_OK)
{
HDEBUG(D_auth) debug_printf("Cyrus SASL EXTERNAL SSF set %d failed: %s\n",
- tls_bits, sasl_errstring(rc, NULL, NULL));
+ tls_in.bits, sasl_errstring(rc, NULL, NULL));
auth_defer_msg = US"couldn't set Cyrus SASL EXTERNAL SSF";
sasl_done();
return DEFER;
}
else
- HDEBUG(D_auth) debug_printf("Cyrus SASL set EXTERNAL SSF to %d\n", tls_bits);
+ HDEBUG(D_auth) debug_printf("Cyrus SASL set EXTERNAL SSF to %d\n", tls_in.bits);
}
else
HDEBUG(D_auth) debug_printf("Cyrus SASL: no TLS, no EXTERNAL SSF set\n");
+/* So sasl_setprop() documents non-shorted IPv6 addresses which is incredibly
+annoying; looking at cyrus-imapd-2.3.x source, the IP address is constructed
+with their iptostring() function, which just wraps
+getnameinfo(..., NI_NUMERICHOST|NI_NUMERICSERV), which is equivalent to the
+inet_ntop which we wrap in our host_ntoa() function.
+
+So the docs are too strict and we shouldn't worry about :: contractions. */
+
+/* Set properties for remote and local host-ip;port */
+for (i=0; i < 2; ++i)
+ {
+ struct sockaddr_storage ss;
+ int (*query)(int, struct sockaddr *, socklen_t *);
+ int propnum, port;
+ const uschar *label;
+ uschar *address, *address_port;
+ const char *s_err;
+ socklen_t sslen;
+
+ if (i)
+ {
+ query = &getpeername;
+ propnum = SASL_IPREMOTEPORT;
+ label = CUS"peer";
+ }
+ else
+ {
+ query = &getsockname;
+ propnum = SASL_IPLOCALPORT;
+ label = CUS"local";
+ }
+
+ sslen = sizeof(ss);
+ rc = query(fileno(smtp_in), (struct sockaddr *) &ss, &sslen);
+ if (rc < 0)
+ {
+ HDEBUG(D_auth)
+ debug_printf("Failed to get %s address information: %s\n",
+ label, strerror(errno));
+ break;
+ }
+
+ address = host_ntoa(-1, &ss, NULL, &port);
+ address_port = string_sprintf("%s;%d", address, port);
+
+ rc = sasl_setprop(conn, propnum, address_port);
+ if (rc != SASL_OK)
+ {
+ s_err = sasl_errdetail(conn);
+ HDEBUG(D_auth)
+ debug_printf("Failed to set %s SASL property: [%d] %s\n",
+ label, rc, s_err ? s_err : "<unknown reason>");
+ break;
+ }
+ HDEBUG(D_auth) debug_printf("Cyrus SASL set %s hostport to: %s\n",
+ label, address_port);
+ }
+
rc=SASL_CONTINUE;
while(rc==SASL_CONTINUE)
ceased doing that. The biggest change is to use unbuffered I/O on the socket
because using C buffered I/O gives problems on some operating systems. PH */
+/* Protocol specifications:
+ * Dovecot 1, protocol version 1.1
+ * http://wiki.dovecot.org/Authentication%20Protocol
+ *
+ * Dovecot 2, protocol version 1.1
+ * http://wiki2.dovecot.org/Design/AuthProtocol
+ */
+
#include "../exim.h"
#include "dovecot.h"
#define VERSION_MAJOR 1
#define VERSION_MINOR 0
+/* http://wiki.dovecot.org/Authentication%20Protocol
+"The maximum line length isn't defined,
+ but it's currently expected to fit into 8192 bytes"
+*/
+#define DOVECOT_AUTH_MAXLINELEN 8192
+
+/* This was hard-coded as 8.
+AUTH req C->S sends {"AUTH", id, mechanism, service } + params, 5 defined for
+Dovecot 1; Dovecot 2 (same protocol version) defines 9.
+
+Master->Server sends {"USER", id, userid} + params, 6 defined.
+Server->Client only gives {"OK", id} + params, unspecified, only 1 guaranteed.
+
+We only define here to accept S->C; max seen is 3+<unspecified>, plus the two
+for the command and id, where unspecified might include _at least_ user=...
+
+So: allow for more fields than we ever expect to see, while aware that count
+can go up without changing protocol version.
+The cost is the length of an array of pointers on the stack.
+*/
+#define DOVECOT_AUTH_MAXFIELDCOUNT 16
+
/* Options specific to the authentication mechanism. */
optionlist auth_dovecot_options[] = {
{
/* Static variables for reading from the socket */
static uschar sbuffer[256];
-static int sbp;
+static int socket_buffer_left;
ablock->client = FALSE;
}
-static int strcut(uschar *str, uschar **ptrs, int nptrs)
+/*************************************************
+ * "strcut" to split apart server lines *
+ *************************************************/
+
+/* Dovecot auth protocol uses TAB \t as delimiter; a line consists
+of a command-name, TAB, and then any parameters, each separated by a TAB.
+A parameter can be param=value or a bool, just param.
+
+This function modifies the original str in-place, inserting NUL characters.
+It initialises ptrs entries, setting all to NULL and only setting
+non-NULL N entries, where N is the return value, the number of fields seen
+(one more than the number of tabs).
+
+Note that the return value will always be at least 1, is the count of
+actual fields (so last valid offset into ptrs is one less).
+*/
+
+static int
+strcut(uschar *str, uschar **ptrs, int nptrs)
{
- uschar *tmp = str;
+ uschar *last_sub_start = str;
+ uschar *lastvalid = str + Ustrlen(str);
int n;
for (n = 0; n < nptrs; n++)
while (*str) {
if (*str == '\t') {
if (n <= nptrs) {
- *ptrs++ = tmp;
- tmp = str + 1;
- *str = 0;
+ *ptrs++ = last_sub_start;
+ last_sub_start = str + 1;
+ *str = '\0';
}
n++;
}
str++;
}
- if (n < nptrs)
- *ptrs = tmp;
+ if (last_sub_start < lastvalid) {
+ if (n <= nptrs) {
+ *ptrs = last_sub_start;
+ } else {
+ HDEBUG(D_auth) debug_printf("dovecot: warning: too many results from tab-splitting; saw %d fields, room for %d\n", n, nptrs);
+ n = nptrs;
+ }
+ } else {
+ n--;
+ HDEBUG(D_auth) debug_printf("dovecot: warning: ignoring trailing tab\n");
+ }
+
+ return n <= nptrs ? n : nptrs;
+}
- return n;
+static void debug_strcut(uschar **ptrs, int nlen, int alen) ARG_UNUSED;
+static void
+debug_strcut(uschar **ptrs, int nlen, int alen)
+{
+ int i;
+ debug_printf("%d read but unreturned bytes; strcut() gave %d results: ",
+ socket_buffer_left, nlen);
+ for (i = 0; i < nlen; i++) {
+ debug_printf(" {%s}", ptrs[i]);
+ }
+ if (nlen < alen)
+ debug_printf(" last is %s\n", ptrs[i] ? ptrs[i] : US"<null>");
+ else
+ debug_printf(" (max for capacity)\n");
}
#define CHECK_COMMAND(str, arg_min, arg_max) do { \
for (;;)
{
- if (sbp == 0)
+ if (socket_buffer_left == 0)
{
- sbp = read(fd, sbuffer, sizeof(sbuffer));
- if (sbp == 0) { if (count == 0) return NULL; else break; }
+ socket_buffer_left = read(fd, sbuffer, sizeof(sbuffer));
+ if (socket_buffer_left == 0) { if (count == 0) return NULL; else break; }
p = 0;
}
- while (p < sbp)
+ while (p < socket_buffer_left)
{
if (count >= n - 1) break;
s[count++] = sbuffer[p];
if (sbuffer[p++] == '\n') break;
}
- memmove(sbuffer, sbuffer + p, sbp - p);
- sbp -= p;
+ memmove(sbuffer, sbuffer + p, socket_buffer_left - p);
+ socket_buffer_left -= p;
if (s[count-1] == '\n' || count >= n - 1) break;
}
-s[count] = 0;
+s[count] = '\0';
return s;
}
auth_dovecot_options_block *ob =
(auth_dovecot_options_block *)(ablock->options_block);
struct sockaddr_un sa;
- uschar buffer[4096];
- uschar *args[8];
+ uschar buffer[DOVECOT_AUTH_MAXLINELEN];
+ uschar *args[DOVECOT_AUTH_MAXFIELDCOUNT];
uschar *auth_command;
uschar *auth_extra_data = US"";
+ uschar *p;
int nargs, tmp;
- int cuid = 0, cont = 1, found = 0, fd, ret = DEFER;
+ int crequid = 1, cont = 1, fd, ret = DEFER;
+ BOOL found = FALSE;
HDEBUG(D_auth) debug_printf("dovecot authentication\n");
auth_defer_msg = US"authentication socket protocol error";
- sbp = 0; /* Socket buffer pointer */
+ socket_buffer_left = 0; /* Global, used to read more than a line but return by line */
while (cont) {
if (dc_gets(buffer, sizeof(buffer), fd) == NULL)
OUT("authentication socket read error or premature eof");
-
- buffer[Ustrlen(buffer) - 1] = 0;
+ p = buffer + Ustrlen(buffer) - 1;
+ if (*p != '\n') {
+ OUT("authentication socket protocol line too long");
+ }
+ *p = '\0';
HDEBUG(D_auth) debug_printf("received: %s\n", buffer);
nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0]));
+ /* HDEBUG(D_auth) debug_strcut(args, nargs, sizeof(args) / sizeof(args[0])); */
/* Code below rewritten by Kirill Miazine (km@krot.org). Only check commands that
Exim will need. Original code also failed if Dovecot server sent unknown
command. E.g. COOKIE in version 1.1 of the protocol would cause troubles. */
- if (Ustrcmp(args[0], US"CUID") == 0) {
- CHECK_COMMAND("CUID", 1, 1);
- cuid = Uatoi(args[1]);
- } else if (Ustrcmp(args[0], US"VERSION") == 0) {
+ /* pdp: note that CUID is a per-connection identifier sent by the server,
+ which increments at server discretion.
+ By contrast, the "id" field of the protocol is a connection-specific request
+ identifier, which needs to be unique per request from the client and is not
+ connected to the CUID value, so we ignore CUID from server. It's purely for
+ diagnostics. */
+ if (Ustrcmp(args[0], US"VERSION") == 0) {
CHECK_COMMAND("VERSION", 2, 2);
if (Uatoi(args[1]) != VERSION_MAJOR)
OUT("authentication socket protocol version mismatch");
} else if (Ustrcmp(args[0], US"MECH") == 0) {
CHECK_COMMAND("MECH", 1, INT_MAX);
if (strcmpic(US args[1], ablock->public_name) == 0)
- found = 1;
+ found = TRUE;
} else if (Ustrcmp(args[0], US"DONE") == 0) {
CHECK_COMMAND("DONE", 0, 0);
cont = 0;
}
}
- if (!found)
+ if (!found) {
+ auth_defer_msg = string_sprintf("Dovecot did not advertise mechanism \"%s\" to us", ablock->public_name);
goto out;
+ }
/* Added by PH: data must not contain tab (as it is
b64 it shouldn't, but check for safety). */
/* Added by PH: extra fields when TLS is in use or if the TCP/IP
connection is local. */
- if (tls_cipher != NULL)
+ if (tls_in.cipher != NULL)
auth_extra_data = string_sprintf("secured\t%s%s",
- tls_certificate_verified? "valid-client-cert" : "",
- tls_certificate_verified? "\t" : "");
+ tls_in.certificate_verified? "valid-client-cert" : "",
+ tls_in.certificate_verified? "\t" : "");
else if (interface_address != NULL &&
Ustrcmp(sender_host_address, interface_address) == 0)
auth_extra_data = US"secured\t";
Subsequently, the command was modified to add "secured" and "valid-client-
cert" when relevant.
-
- The auth protocol is documented here:
- http://wiki.dovecot.org/Authentication_Protocol
****************************************************************************/
auth_command = string_sprintf("VERSION\t%d\t%d\nCPID\t%d\n"
"AUTH\t%d\t%s\tservice=smtp\t%srip=%s\tlip=%s\tnologin\tresp=%s\n",
- VERSION_MAJOR, VERSION_MINOR, getpid(), cuid,
+ VERSION_MAJOR, VERSION_MINOR, getpid(), crequid,
ablock->public_name, auth_extra_data, sender_host_address,
interface_address, data ? (char *) data : "");
HDEBUG(D_auth) debug_printf("received: %s\n", buffer);
nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0]));
- if (Uatoi(args[1]) != cuid)
+ if (Uatoi(args[1]) != crequid)
OUT("authentication socket connection id mismatch");
switch (toupper(*args[0])) {
goto out;
}
- temp = string_sprintf("CONT\t%d\t%s\n", cuid, data);
+ temp = string_sprintf("CONT\t%d\t%s\n", crequid, data);
if (write(fd, temp, Ustrlen(temp)) < 0)
OUT("authentication socket write error");
break;
#ifndef AUTH_GSASL
/* dummy function to satisfy compilers when we link in an "empty" file. */
-static void dummy(int x) { dummy(x-1); }
+static void dummy(int x);
+static void dummy2(int x) { dummy(x-1); }
+static void dummy(int x) { dummy2(x-1); }
#else
#include <gsasl.h>
#ifndef AUTH_HEIMDAL_GSSAPI
/* dummy function to satisfy compilers when we link in an "empty" file. */
-static void dummy(int x) { dummy(x-1); }
+static void dummy(int x);
+static void dummy2(int x) { dummy(x-1); }
+static void dummy(int x) { dummy2(x-1); }
#else
#include <gssapi/gssapi.h>
/***************************************************************/
/* Put the username in $auth1 and $1. The former is now the preferred variable;
-the latter is the original variable. */
+the latter is the original variable. These have to be out of stack memory, and
+need to be available once known even if not authenticated, for error messages
+(server_set_id, which only makes it to authenticated_id if we return OK) */
-auth_vars[0] = expand_nstring[1] = msgbuf;
+auth_vars[0] = expand_nstring[1] = string_copy(msgbuf);
expand_nlength[1] = Ustrlen(msgbuf);
expand_nmax = 1;
-/* clean up globals which aren't referenced, but still shouldn't be left
-pointing to stack memory */
-#define CLEANUP_RETURN(Code) do { auth_vars[0] = expand_nstring[1] = NULL; \
- expand_nlength[1] = expand_nmax = 0; return (Code); } while (0);
-
debug_print_string(ablock->server_debug_string); /* customized debug */
/* look up password */
{
DEBUG(D_auth) debug_printf("auth_spa_server(): forced failure while "
"expanding spa_serverpassword\n");
- CLEANUP_RETURN(FAIL);
+ return FAIL;
}
else
{
DEBUG(D_auth) debug_printf("auth_spa_server(): error while expanding "
"spa_serverpassword: %s\n", expand_string_message);
- CLEANUP_RETURN(DEFER);
+ return DEFER;
}
}
24) == 0)
/* success. we have a winner. */
{
- int rc = auth_check_serv_cond(ablock);
- CLEANUP_RETURN(rc);
+ return auth_check_serv_cond(ablock);
}
/* Expand server_condition as an authorization check (PH) */
-CLEANUP_RETURN(FAIL);
+return FAIL;
}
}
/* how many bits Exim, as a client, demands must be in D-H */
- /* as of GnuTLS 2.12.x, we ask for "normal" for D-H PK; before that, we
- specify the number of bits. We've stuck with the historical value, but
- it can be overridden. */
- else if ((strcmp(name, "EXIM_CLIENT_DH_MIN_BITS") == 0) ||
+ /* 1024 is a historical figure; some sites actually use lower, so we
+ permit the value to be lowered "dangerously" low, but not "insanely"
+ low. Though actually, 1024 is becoming "dangerous". */
+ else if ((strcmp(name, "EXIM_CLIENT_DH_MIN_MIN_BITS") == 0) ||
+ (strcmp(name, "EXIM_CLIENT_DH_DEFAULT_MIN_BITS") == 0) ||
(strcmp(name, "EXIM_SERVER_DH_BITS_PRE2_12") == 0))
{
long nv;
char *end;
nv = strtol(value, &end, 10);
- if (end != value && *end == '\0' && nv >= 1000 && nv < 50000)
+ if (end != value && *end == '\0' && nv >= 512 && nv < 500000)
{
fprintf(new, "%s\n", value);
}
#define DELIVER_IN_BUFFER_SIZE 8192
#define DELIVER_OUT_BUFFER_SIZE 8192
#define DISABLE_DKIM
+#define DISABLE_DNSSEC
#define DISABLE_D_OPTION
#define ENABLE_DISABLE_FSYNC
#define EXIMDB_LOCK_TIMEOUT 60
#define EXIMDB_LOCKFILE_MODE 0640
#define EXIMDB_MODE 0640
-#define EXIM_CLIENT_DH_MIN_BITS
+#define EXIM_CLIENT_DH_MIN_MIN_BITS 512
+#define EXIM_CLIENT_DH_DEFAULT_MIN_BITS 1024
#define EXIM_GNUTLS_LIBRARY_LOG_LEVEL
#define EXIM_SERVER_DH_BITS_PRE2_12
#define EXIM_PERL
/* EXPERIMENTAL features */
#define EXPERIMENTAL_BRIGHTMAIL
#define EXPERIMENTAL_DCC
+#define EXPERIMENTAL_DMARC
#define EXPERIMENTAL_OCSP
+#define EXPERIMENTAL_PRDR
#define EXPERIMENTAL_SPF
#define EXPERIMENTAL_SRS
#define EXPERIMENTAL_DBL
#define ROOT_UID 0
#define ROOT_GID 0
-/* Sizes for integer arithmetic. Go for 64bit; can be overridden in OS/os.h-FOO */
-#ifndef int_eximarith_t
- #define int_eximarith_t int64_t
-#endif
-#ifndef PR_EXIM_ARITH
- #define PR_EXIM_ARITH "%" PRId64 /* C99 standard, printf %lld */
-#endif
-#ifndef SC_EXIM_ARITH
- #define SC_EXIM_ARITH "%" SCNi64 /* scanf incl. 0x prefix */
-#endif
-#ifndef SC_EXIM_DEC
- #define SC_EXIM_DEC "%" SCNd64 /* scanf decimal */
-#endif
+/* Sizes for integer arithmetic.
+Go for 64bit; can be overridden in OS/Makefile-FOO
+If you make it a different number of bits, provide a definition
+for EXIM_64B_MAX and _MIN in OS/oh.h-FOO */
+#define int_eximarith_t int64_t
+#define PR_EXIM_ARITH "%" PRId64 /* C99 standard, printf %lld */
+#define SC_EXIM_ARITH "%" SCNi64 /* scanf incl. 0x prefix */
+#define SC_EXIM_DEC "%" SCNd64 /* scanf decimal */
/* End of config.h.defaults */
domainlist local_domains = @
domainlist relay_to_domains =
-hostlist relay_from_hosts = 127.0.0.1
+hostlist relay_from_hosts = localhost
+# (We rely upon hostname resolution working for localhost, because the default
+# uncommented configuration needs to work in IPv4-only environments.)
# Most straightforward access control requirements can be obtained by
# appropriate settings of the above options. In more complicated situations,
# to any other host on the Internet. Such a setting commonly refers to a
# complete local network as well as the localhost. For example:
#
-# hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/16
+# hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 192.168.0.0/16
#
# The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you
# have to include 127.0.0.1 if you want to allow processes on your host to send
# SMTP mail by using the loopback address. A number of MUAs use this method of
-# sending mail.
+# sending mail. Often, connections are made to "localhost", which might be ::1
+# on IPv6-enabled hosts. Do not forget CIDR for your IPv6 networks.
# All three of these lists may contain many different kinds of item, including
# wildcarded names, regular expressions, and file lookups. See the reference
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
+# if ipv6-enabled then instead use:
+# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
no_more
+# This alternative router can be used when you want to send all mail to a
+# server which handles DNS lookups for you; an ISP will typically run such
+# a server for their customers. If you uncomment "smarthost" then you
+# should comment out "dnslookup" above. Setting a real hostname in route_data
+# wouldn't hurt either.
+
+# smarthost:
+# driver = manualroute
+# domains = ! +local_domains
+# transport = remote_smtp
+# route_data = MAIL.HOSTNAME.FOR.CENTRAL.SERVER.EXAMPLE
+# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1
+# no_more
+
+
# The remaining routers handle addresses in the local domain(s), that is those
# domains that are defined by "domainlist local_domains" above.
# server_set_id = $auth2
# server_prompts = :
# server_condition = Authentication is not yet configured
-# server_advertise_condition = ${if def:tls_cipher }
+# server_advertise_condition = ${if def:tls_in_cipher }
# LOGIN authentication has traditional prompts and responses. There is no
# authorization ID in this mechanism, so unlike PLAIN the username and
# server_set_id = $auth1
# server_prompts = <| Username: | Password:
# server_condition = Authentication is not yet configured
-# server_advertise_condition = ${if def:tls_cipher }
+# server_advertise_condition = ${if def:tls_in_cipher }
######################################################################
/* Check for a tls-on-connect port */
- if (host_is_tls_on_connect_port(interface_port)) tls_on_connect = TRUE;
+ if (host_is_tls_on_connect_port(interface_port)) tls_in.on_connect = TRUE;
/* Expand smtp_active_hostname if required. We do not do this any earlier,
because it may depend on the local interface address (indeed, that is most
the data structures if necessary. */
#ifdef SUPPORT_TLS
- tls_close(FALSE);
+ tls_close(FALSE, FALSE);
#endif
/* Reset SIGHUP and SIGCHLD in the child in both cases. */
if (Ustat(buffer, &statbuf) >= 0 && statbuf.st_uid != exim_uid)
{
DEBUG(D_hints_lookup) debug_printf("ensuring %s is owned by exim\n", buffer);
- (void)Uchown(buffer, exim_uid, exim_gid);
+ if (Uchown(buffer, exim_uid, exim_gid))
+ DEBUG(D_hints_lookup) debug_printf("failed setting %s to owned by exim\n", buffer);
}
}
}
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) Wolfgang Breyha 2005-2012
+/* Copyright (c) Wolfgang Breyha 2005-2013
* Vienna University Computer Center
* wbreyha@gmx.net
* See the file NOTICE for conditions of use and distribution.
int retval, rsp;
rsp = write(socket, buffer, Ustrlen(buffer));
DEBUG(D_acl)
- debug_printf("Result of the write() = %d\n", rsp);
+ debug_printf("DCC: Result of the write() = %d\n", rsp);
if(rsp < 0)
{
DEBUG(D_acl)
- debug_printf("Error writing buffer to socket: %s\n", strerror(errno));
+ debug_printf("DCC: Error writing buffer to socket: %s\n", strerror(errno));
retval = errno;
- } else {
+ }
+ else {
DEBUG(D_acl)
- debug_printf("Wrote buffer to socket:\n%s\n", buffer);
+ debug_printf("DCC: Wrote buffer to socket:\n%s\n", buffer);
retval = 0;
}
return retval;
int sep = 0;
uschar *list = *listptr;
FILE *data_file;
- uschar *dcc_daemon_ip = US"";
uschar *dcc_default_ip_option = US"127.0.0.1";
- uschar *dcc_ip_option = US"";
uschar *dcc_helo_option = US"localhost";
uschar *dcc_reject_message = US"Rejected by DCC";
uschar *xtra_hdrs = NULL;
+ uschar *override_client_ip = NULL;
/* from local_scan */
int i, j, k, c, retval, sockfd, resp, line;
/* opts is what we send as dccifd options - see man dccifd */
/* We don't support any other option than 'header' so just copy that */
bzero(opts,sizeof(opts));
- Ustrncpy(opts, "header", sizeof(opts)-1);
- Ustrncpy(client_ip, dcc_ip_option, sizeof(client_ip)-1);
- /* If the dcc_client_ip is not provided use the
- * sender_host_address or 127.0.0.1 if it is NULL */
- DEBUG(D_acl)
- debug_printf("my_ip_option = %s - client_ip = %s - sender_host_address = %s\n", dcc_ip_option, client_ip, sender_host_address);
- if(!(Ustrcmp(client_ip, ""))){
- /* Do we have a sender_host_address or is it NULL? */
- if(sender_host_address){
- Ustrncpy(client_ip, sender_host_address, sizeof(client_ip)-1);
- } else {
- /* sender_host_address is NULL which means it comes from localhost */
- Ustrncpy(client_ip, dcc_default_ip_option, sizeof(client_ip)-1);
- }
+ Ustrncpy(opts, dccifd_options, sizeof(opts)-1);
+ /* if $acl_m_dcc_override_client_ip is set use it */
+ if (((override_client_ip = expand_string(US"$acl_m_dcc_override_client_ip")) != NULL) &&
+ (override_client_ip[0] != '\0')) {
+ Ustrncpy(client_ip, override_client_ip, sizeof(client_ip)-1);
+ DEBUG(D_acl)
+ debug_printf("DCC: Client IP (overridden): %s\n", client_ip);
+ }
+ else if(sender_host_address) {
+ /* else if $sender_host_address is available use that? */
+ Ustrncpy(client_ip, sender_host_address, sizeof(client_ip)-1);
+ DEBUG(D_acl)
+ debug_printf("DCC: Client IP (sender_host_address): %s\n", client_ip);
+ }
+ else {
+ /* sender_host_address is NULL which means it comes from localhost */
+ Ustrncpy(client_ip, dcc_default_ip_option, sizeof(client_ip)-1);
+ DEBUG(D_acl)
+ debug_printf("DCC: Client IP (default): %s\n", client_ip);
}
- DEBUG(D_acl)
- debug_printf("Client IP: %s\n", client_ip);
- Ustrncpy(sockip, dcc_daemon_ip, sizeof(sockip)-1);
/* strncat(opts, my_request, strlen(my_request)); */
Ustrcat(opts, "\n");
Ustrncat(opts, client_ip, sizeof(opts)-Ustrlen(opts)-1);
* Now creating the socket connection *
**************************************/
- /* If there is a dcc_daemon_ip, we use a tcp socket, otherwise a UNIX socket */
+ /* If sockip contains an ip, we use a tcp socket, otherwise a UNIX socket */
if(Ustrcmp(sockip, "")){
ipaddress = gethostbyname((char *)sockip);
bzero((char *) &serv_addr_in, sizeof(serv_addr_in));
serv_addr_in.sin_port = htons(portnr);
if ((sockfd = socket(AF_INET, SOCK_STREAM,0)) < 0){
DEBUG(D_acl)
- debug_printf("Creating socket failed: %s\n", strerror(errno));
- log_write(0,LOG_REJECT,"Creating socket failed: %s\n", strerror(errno));
+ debug_printf("DCC: Creating TCP socket connection failed: %s\n", strerror(errno));
+ log_write(0,LOG_PANIC,"DCC: Creating TCP socket connection failed: %s\n", strerror(errno));
/* if we cannot create the socket, defer the mail */
(void)fclose(data_file);
return retval;
/* Now connecting the socket (INET) */
if (connect(sockfd, (struct sockaddr *)&serv_addr_in, sizeof(serv_addr_in)) < 0){
DEBUG(D_acl)
- debug_printf("Connecting socket failed: %s\n", strerror(errno));
- log_write(0,LOG_REJECT,"Connecting socket failed: %s\n", strerror(errno));
+ debug_printf("DCC: Connecting to TCP socket failed: %s\n", strerror(errno));
+ log_write(0,LOG_PANIC,"DCC: Connecting to TCP socket failed: %s\n", strerror(errno));
/* if we cannot contact the socket, defer the mail */
(void)fclose(data_file);
return retval;
Ustrcpy(serv_addr.sun_path, sockpath);
if ((sockfd = socket(AF_UNIX, SOCK_STREAM,0)) < 0){
DEBUG(D_acl)
- debug_printf("Creating socket failed: %s\n", strerror(errno));
- log_write(0,LOG_REJECT,"Creating socket failed: %s\n", strerror(errno));
+ debug_printf("DCC: Creating UNIX socket connection failed: %s\n", strerror(errno));
+ log_write(0,LOG_PANIC,"DCC: Creating UNIX socket connection failed: %s\n", strerror(errno));
/* if we cannot create the socket, defer the mail */
(void)fclose(data_file);
return retval;
/* Now connecting the socket (UNIX) */
if (connect(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0){
DEBUG(D_acl)
- debug_printf("Connecting socket failed: %s\n", strerror(errno));
- log_write(0,LOG_REJECT,"Connecting socket failed: %s\n", strerror(errno));
+ debug_printf("DCC: Connecting to UNIX socket failed: %s\n", strerror(errno));
+ log_write(0,LOG_PANIC,"DCC: Connecting to UNIX socket failed: %s\n", strerror(errno));
/* if we cannot contact the socket, defer the mail */
(void)fclose(data_file);
return retval;
}
/* the socket is open, now send the options to dccifd*/
DEBUG(D_acl)
- debug_printf("\n---------------------------\nSocket opened; now sending input\n-----------------\n");
+ debug_printf("\nDCC: ---------------------------\nDCC: Socket opened; now sending input\nDCC: -----------------\n");
/* First, fill in the input buffer */
Ustrncpy(sendbuf, opts, sizeof(sendbuf));
Ustrncat(sendbuf, from, sizeof(sendbuf)-Ustrlen(sendbuf)-1);
DEBUG(D_acl)
{
- debug_printf("opts = %s\nsender = %s\nrcpt count = %d\n", opts, from, recipients_count);
- debug_printf("Sending options:\n****************************\n");
+ debug_printf("DCC: opts = %s\nDCC: sender = %s\nDCC: rcpt count = %d\n", opts, from, recipients_count);
+ debug_printf("DCC: Sending options:\nDCC: ****************************\n");
}
/* let's send each of the recipients to dccifd */
for (i = 0; i < recipients_count; i++){
DEBUG(D_acl)
- debug_printf("recipient = %s\n",recipients_list[i].address);
+ debug_printf("DCC: recipient = %s\n",recipients_list[i].address);
if(Ustrlen(sendbuf) + Ustrlen(recipients_list[i].address) > sizeof(sendbuf))
{
DEBUG(D_acl)
- debug_printf("Writing buffer: %s\n", sendbuf);
+ debug_printf("DCC: Writing buffer: %s\n", sendbuf);
flushbuffer(sockfd, sendbuf);
bzero(sendbuf, sizeof(sendbuf));
}
Ustrncat(sendbuf, "\n", sizeof(sendbuf)-Ustrlen(sendbuf)-1);
/* Now we send the input buffer */
DEBUG(D_acl)
- debug_printf("%s\n****************************\n", sendbuf);
+ debug_printf("DCC: %s\nDCC: ****************************\n", sendbuf);
flushbuffer(sockfd, sendbuf);
/* now send the message */
/* First send the headers */
/* Now send the headers */
DEBUG(D_acl)
- debug_printf("Sending headers:\n****************************\n");
+ debug_printf("DCC: Sending headers:\nDCC: ****************************\n");
Ustrncpy(sendbuf, dcchdr->text, sizeof(sendbuf)-2);
while((dcchdr=dcchdr->next)) {
if(dcchdr->slen > sizeof(sendbuf)-2) {
Ustrncat(sendbuf, "\n", sizeof(sendbuf)-Ustrlen(sendbuf)-1);
flushbuffer(sockfd, sendbuf);
DEBUG(D_acl)
- debug_printf("\n****************************\n%s", sendbuf);
+ debug_printf("\nDCC: ****************************\n%s", sendbuf);
/* Clear the input buffer */
bzero(sendbuf, sizeof(sendbuf));
/* now send the body */
DEBUG(D_acl)
- debug_printf("Writing body:\n****************************\n");
+ debug_printf("DCC: Writing body:\nDCC: ****************************\n");
(void)fseek(data_file, SPOOL_DATA_START_OFFSET, SEEK_SET);
while((fread(sendbuf, 1, sizeof(sendbuf)-1, data_file)) > 0) {
flushbuffer(sockfd, sendbuf);
bzero(sendbuf, sizeof(sendbuf));
}
DEBUG(D_acl)
- debug_printf("\n****************************\n");
+ debug_printf("\nDCC: ****************************\n");
/* shutdown() the socket */
if(shutdown(sockfd, 1) < 0){
DEBUG(D_acl)
- debug_printf("Couldn't shutdown socket: %s\n", strerror(errno));
- log_write(0,LOG_MAIN,"Couldn't shutdown socket: %s\n", strerror(errno));
+ debug_printf("DCC: Couldn't shutdown socket: %s\n", strerror(errno));
+ log_write(0,LOG_MAIN,"DCC: Couldn't shutdown socket: %s\n", strerror(errno));
/* If there is a problem with the shutdown()
* defer the mail. */
(void)fclose(data_file);
return retval;
}
DEBUG(D_acl)
- debug_printf("\n-------------------------\nInput sent.\n-------------------------\n");
+ debug_printf("\nDCC: -------------------------\nDCC: Input sent.\nDCC: -------------------------\n");
/********************************
* receiving output from dccifd *
********************************/
DEBUG(D_acl)
- debug_printf("\n-------------------------------------\nNow receiving output from server\n-----------------------------------\n");
+ debug_printf("\nDCC: -------------------------------------\nDCC: Now receiving output from server\nDCC: -----------------------------------\n");
/******************************************************************
* We should get 3 lines: *
/* How much did we get from the socket */
c = Ustrlen(recvbuf) + 1;
DEBUG(D_acl)
- debug_printf("Length of the output buffer is: %d\nOutput buffer is:\n------------\n%s\n-----------\n", c, recvbuf);
+ debug_printf("DCC: Length of the output buffer is: %d\nDCC: Output buffer is:\nDCC: ------------\nDCC: %s\nDCC: -----------\n", c, recvbuf);
/* Now let's read each character and see what we've got */
for(i = 0; i < c; i++) {
* return value accordingly */
if(recvbuf[i] == 'A') {
DEBUG(D_acl)
- debug_printf("Overall result = A\treturning OK\n");
+ debug_printf("DCC: Overall result = A\treturning OK\n");
Ustrcpy(dcc_return_text, "Mail accepted by DCC");
dcc_result = US"A";
retval = OK;
}
else if(recvbuf[i] == 'R') {
DEBUG(D_acl)
- debug_printf("Overall result = R\treturning FAIL\n");
+ debug_printf("DCC: Overall result = R\treturning FAIL\n");
dcc_result = US"R";
retval = FAIL;
if(sender_host_name) {
}
else if(recvbuf[i] == 'S') {
DEBUG(D_acl)
- debug_printf("Overall result = S\treturning OK\n");
+ debug_printf("DCC: Overall result = S\treturning OK\n");
Ustrcpy(dcc_return_text, "Not all recipients accepted by DCC");
/* Since we're in an ACL we want a global result
* so we accept for all */
}
else if(recvbuf[i] == 'G') {
DEBUG(D_acl)
- debug_printf("Overall result = G\treturning FAIL\n");
+ debug_printf("DCC: Overall result = G\treturning FAIL\n");
Ustrcpy(dcc_return_text, "Greylisted by DCC");
dcc_result = US"G";
retval = FAIL;
}
else if(recvbuf[i] == 'T') {
DEBUG(D_acl)
- debug_printf("Overall result = T\treturning DEFER\n");
+ debug_printf("DCC: Overall result = T\treturning DEFER\n");
retval = DEFER;
log_write(0,LOG_MAIN,"Temporary error with DCC: %s\n", recvbuf);
Ustrcpy(dcc_return_text, "Temporary error with DCC");
}
else {
DEBUG(D_acl)
- debug_printf("Overall result = something else\treturning DEFER\n");
+ debug_printf("DCC: Overall result = something else\treturning DEFER\n");
retval = DEFER;
log_write(0,LOG_MAIN,"Unknown DCC response: %s\n", recvbuf);
Ustrcpy(dcc_return_text, "Unknown DCC response");
/* We're on the first line but not on the first character,
* there must be something wrong. */
DEBUG(D_acl)
- debug_printf("Line = %d but i = %d != 0 character is %c - This is wrong!\n", line, i, recvbuf[i]);
+ debug_printf("DCC: Line = %d but i = %d != 0 character is %c - This is wrong!\n", line, i, recvbuf[i]);
log_write(0,LOG_MAIN,"Wrong header from DCC, output is %s\n", recvbuf);
}
}
}
else {
DEBUG(D_acl)
- debug_printf("We got more output than we can store in the X-DCC header. Truncating at 120 characters.\n");
+ debug_printf("DCC: We got more output than we can store in the X-DCC header. Truncating at 120 characters.\n");
}
}
else {
/* Wrong line number. There must be a problem with the output. */
DEBUG(D_acl)
- debug_printf("Wrong line number in output. Line number is %d\n", line);
+ debug_printf("DCC: Wrong line number in output. Line number is %d\n", line);
}
}
}
/* Now let's sum up what we've got. */
DEBUG(D_acl)
- debug_printf("\n--------------------------\nOverall result = %d\nX-DCC header: %sReturn message: %s\ndcc_result: %s\n", retval, dcc_header_str, dcc_return_text, dcc_result);
+ debug_printf("\nDCC: --------------------------\nDCC: Overall result = %d\nDCC: X-DCC header: %sReturn message: %s\nDCC: dcc_result: %s\n", retval, dcc_header_str, dcc_return_text, dcc_result);
/* We only add the X-DCC header if it starts with X-DCC */
if(!(Ustrncmp(dcc_header_str, "X-DCC", 5))){
}
else {
DEBUG(D_acl)
- debug_printf("Wrong format of the X-DCC header: %s\n", dcc_header_str);
+ debug_printf("DCC: Wrong format of the X-DCC header: %s\n", dcc_header_str);
}
/* check if we should add additional headers passed in acl_m_dcc_add_header */
Ustrcat(dcc_xtra_hdrs, "\n");
header_add(' ', "%s", dcc_xtra_hdrs);
DEBUG(D_acl)
- debug_printf("adding additional headers in $acl_m_dcc_add_header: %s", dcc_xtra_hdrs);
+ debug_printf("DCC: adding additional headers in $acl_m_dcc_add_header: %s", dcc_xtra_hdrs);
}
}
dcc_ok = 1;
/* Now return to exim main process */
DEBUG(D_acl)
- debug_printf("Before returning to exim main process:\nreturn_text = %s - retval = %d\ndcc_result = %s\n", dcc_return_text, retval, dcc_result);
+ debug_printf("DCC: Before returning to exim main process:\nDCC: return_text = %s - retval = %d\nDCC: dcc_result = %s\n", dcc_return_text, retval, dcc_result);
(void)fclose(data_file);
dcc_rc = retval;
+/* If msg is NULL this is a delivery log and logchar is used. Otherwise
+this is a nonstandard call; no two-characher delivery flag is written
+but sender-host and sender are prefixed and "msg" is inserted in the log line.
+
+Arguments:
+ flags passed to log_write()
+*/
+void
+delivery_log(int flags, address_item * addr, int logchar, uschar * msg)
+{
+uschar *log_address;
+int size = 256; /* Used for a temporary, */
+int ptr = 0; /* expanding buffer, for */
+uschar *s; /* building log lines; */
+void *reset_point; /* released afterwards. */
+
+
+/* Log the delivery on the main log. We use an extensible string to build up
+the log line, and reset the store afterwards. Remote deliveries should always
+have a pointer to the host item that succeeded; local deliveries can have a
+pointer to a single host item in their host list, for use by the transport. */
+
+s = reset_point = store_get(size);
+
+log_address = string_log_address(addr, (log_write_selector & L_all_parents) != 0, TRUE);
+if (msg)
+ s = string_append(s, &size, &ptr, 3, host_and_ident(TRUE), US" ", log_address);
+else
+ {
+ s[ptr++] = logchar;
+ s = string_append(s, &size, &ptr, 2, US"> ", log_address);
+ }
+
+if ((log_extra_selector & LX_sender_on_delivery) != 0 || msg)
+ s = string_append(s, &size, &ptr, 3, US" F=<", sender_address, US">");
+
+#ifdef EXPERIMENTAL_SRS
+if(addr->p.srs_sender)
+ s = string_append(s, &size, &ptr, 3, US" SRS=<", addr->p.srs_sender, US">");
+#endif
+#ifdef EXPERIMENTAL_DBL
+ dbl_delivery_ip = NULL; /* presume no successful remote delivery */
+#endif
+
+/* You might think that the return path must always be set for a successful
+delivery; indeed, I did for some time, until this statement crashed. The case
+when it is not set is for a delivery to /dev/null which is optimised by not
+being run at all. */
+
+if (used_return_path != NULL &&
+ (log_extra_selector & LX_return_path_on_delivery) != 0)
+ s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">");
+
+if (msg)
+ s = string_append(s, &size, &ptr, 2, US" ", msg);
+
+/* For a delivery from a system filter, there may not be a router */
+if (addr->router != NULL)
+ s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name);
+
+s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name);
+
+if ((log_extra_selector & LX_delivery_size) != 0)
+ s = string_append(s, &size, &ptr, 2, US" S=",
+ string_sprintf("%d", transport_count));
+
+/* Local delivery */
+
+if (addr->transport->info->local)
+ {
+ if (addr->host_list != NULL)
+ s = string_append(s, &size, &ptr, 2, US" H=", addr->host_list->name);
+ if (addr->shadow_message != NULL)
+ s = string_cat(s, &size, &ptr, addr->shadow_message,
+ Ustrlen(addr->shadow_message));
+ }
+
+/* Remote delivery */
+
+else
+ {
+ if (addr->host_used != NULL)
+ {
+ s = string_append(s, &size, &ptr, 5, US" H=", addr->host_used->name,
+ US" [", addr->host_used->address, US"]");
+ if ((log_extra_selector & LX_outgoing_port) != 0)
+ s = string_append(s, &size, &ptr, 2, US":", string_sprintf("%d",
+ addr->host_used->port));
+ if (continue_sequence > 1)
+ s = string_cat(s, &size, &ptr, US"*", 1);
+ }
+
+ #ifdef SUPPORT_TLS
+ if ((log_extra_selector & LX_tls_cipher) != 0 && addr->cipher != NULL)
+ s = string_append(s, &size, &ptr, 2, US" X=", addr->cipher);
+ if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
+ addr->cipher != NULL)
+ s = string_append(s, &size, &ptr, 2, US" CV=",
+ testflag(addr, af_cert_verified)? "yes":"no");
+ if ((log_extra_selector & LX_tls_peerdn) != 0 && addr->peerdn != NULL)
+ s = string_append(s, &size, &ptr, 3, US" DN=\"",
+ string_printing(addr->peerdn), US"\"");
+ #endif
+
+ if (addr->authenticator)
+ {
+ s = string_append(s, &size, &ptr, 2, US" A=", addr->authenticator);
+ if (addr->auth_id)
+ {
+ s = string_append(s, &size, &ptr, 2, US":", addr->auth_id);
+ if (log_extra_selector & LX_smtp_mailauth && addr->auth_sndr)
+ s = string_append(s, &size, &ptr, 2, US":", addr->auth_sndr);
+ }
+ }
+
+ #ifdef EXPERIMENTAL_PRDR
+ if (addr->flags & af_prdr_used)
+ s = string_append(s, &size, &ptr, 1, US" PRDR");
+ #endif
+
+ if ((log_extra_selector & LX_smtp_confirmation) != 0 &&
+ addr->message != NULL)
+ {
+ int i;
+ uschar *p = big_buffer;
+ uschar *ss = addr->message;
+ *p++ = '\"';
+ for (i = 0; i < 100 && ss[i] != 0; i++)
+ {
+ if (ss[i] == '\"' || ss[i] == '\\') *p++ = '\\';
+ *p++ = ss[i];
+ }
+ *p++ = '\"';
+ *p = 0;
+ s = string_append(s, &size, &ptr, 2, US" C=", big_buffer);
+ }
+ }
+
+/* Time on queue and actual time taken to deliver */
+
+if ((log_extra_selector & LX_queue_time) != 0)
+ {
+ s = string_append(s, &size, &ptr, 2, US" QT=",
+ readconf_printtime(time(NULL) - received_time));
+ }
+
+if ((log_extra_selector & LX_deliver_time) != 0)
+ {
+ s = string_append(s, &size, &ptr, 2, US" DT=",
+ readconf_printtime(addr->more_errno));
+ }
+
+/* string_cat() always leaves room for the terminator. Release the
+store we used to build the line after writing it. */
+
+s[ptr] = 0;
+log_write(0, flags, "%s", s);
+#ifdef EXPERIMENTAL_DBL
+DEBUG(D_deliver)
+ {
+ debug_printf(" DBL(Delivery): dbl_delivery_query=|%s| dbl_delivery_IP=%s\n", dbl_delivery_query, dbl_delivery_ip);
+ }
+if (dbl_delivery_ip != NULL && dbl_delivery_query != NULL)
+ expand_string(dbl_delivery_query);
+#endif
+store_reset(reset_point);
+return;
+}
+
+
+
/*************************************************
* Actions at the end of handling an address *
*************************************************/
(void)close(addr->return_file);
}
-/* Create the address string for logging. Must not do this earlier, because
-an OK result may be changed to FAIL when a pipe returns text. */
-
-log_address = string_log_address(addr,
- (log_write_selector & L_all_parents) != 0, result == OK);
-
/* The sucess case happens only after delivery by a transport. */
if (result == OK)
child_done(addr, now);
}
- /* Log the delivery on the main log. We use an extensible string to build up
- the log line, and reset the store afterwards. Remote deliveries should always
- have a pointer to the host item that succeeded; local deliveries can have a
- pointer to a single host item in their host list, for use by the transport. */
-
- s = reset_point = store_get(size);
- s[ptr++] = logchar;
-
- s = string_append(s, &size, &ptr, 2, US"> ", log_address);
-
- if ((log_extra_selector & LX_sender_on_delivery) != 0)
- s = string_append(s, &size, &ptr, 3, US" F=<", sender_address, US">");
-
- #ifdef EXPERIMENTAL_SRS
- if(addr->p.srs_sender)
- s = string_append(s, &size, &ptr, 3, US" SRS=<", addr->p.srs_sender, US">");
- #endif
- #ifdef EXPERIMENTAL_DBL
- dbl_delivery_ip = NULL; /* presume no successful remote delivery */
- #endif
-
- /* You might think that the return path must always be set for a successful
- delivery; indeed, I did for some time, until this statement crashed. The case
- when it is not set is for a delivery to /dev/null which is optimised by not
- being run at all. */
-
- if (used_return_path != NULL &&
- (log_extra_selector & LX_return_path_on_delivery) != 0)
- s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">");
-
- /* For a delivery from a system filter, there may not be a router */
-
- if (addr->router != NULL)
- s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name);
-
- s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name);
-
- if ((log_extra_selector & LX_delivery_size) != 0)
- s = string_append(s, &size, &ptr, 2, US" S=",
- string_sprintf("%d", transport_count));
-
- /* Local delivery */
-
- if (addr->transport->info->local)
- {
- if (addr->host_list != NULL)
- s = string_append(s, &size, &ptr, 2, US" H=", addr->host_list->name);
- if (addr->shadow_message != NULL)
- s = string_cat(s, &size, &ptr, addr->shadow_message,
- Ustrlen(addr->shadow_message));
- }
-
- /* Remote delivery */
-
- else
- {
- if (addr->host_used != NULL)
- {
- s = string_append(s, &size, &ptr, 5, US" H=", addr->host_used->name,
- US" [", addr->host_used->address, US"]");
- if ((log_extra_selector & LX_outgoing_port) != 0)
- s = string_append(s, &size, &ptr, 2, US":", string_sprintf("%d",
- addr->host_used->port));
- if (continue_sequence > 1)
- s = string_cat(s, &size, &ptr, US"*", 1);
- #ifdef EXPERIMENTAL_DBL
- dbl_delivery_ip = string_copy(addr->host_used->address);
- dbl_delivery_port = addr->host_used->port;
- dbl_delivery_fqdn = string_copy(addr->host_used->name);
- dbl_delivery_local_part = string_copy(addr->local_part);
- dbl_delivery_domain = string_copy(addr->domain);
- dbl_delivery_confirmation = string_copy(addr->message);
- #endif
- }
- #ifdef SUPPORT_TLS
- if ((log_extra_selector & LX_tls_cipher) != 0 && addr->cipher != NULL)
- s = string_append(s, &size, &ptr, 2, US" X=", addr->cipher);
- if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
- addr->cipher != NULL)
- s = string_append(s, &size, &ptr, 2, US" CV=",
- testflag(addr, af_cert_verified)? "yes":"no");
- if ((log_extra_selector & LX_tls_peerdn) != 0 && addr->peerdn != NULL)
- s = string_append(s, &size, &ptr, 3, US" DN=\"",
- string_printing(addr->peerdn), US"\"");
- #endif
-
- if ((log_extra_selector & LX_smtp_confirmation) != 0 &&
- addr->message != NULL)
- {
- int i;
- uschar *p = big_buffer;
- uschar *ss = addr->message;
- *p++ = '\"';
- for (i = 0; i < 100 && ss[i] != 0; i++)
- {
- if (ss[i] == '\"' || ss[i] == '\\') *p++ = '\\';
- *p++ = ss[i];
- }
- *p++ = '\"';
- *p = 0;
- s = string_append(s, &size, &ptr, 2, US" C=", big_buffer);
- }
- }
-
- /* Time on queue and actual time taken to deliver */
-
- if ((log_extra_selector & LX_queue_time) != 0)
- {
- s = string_append(s, &size, &ptr, 2, US" QT=",
- readconf_printtime(time(NULL) - received_time));
- }
-
- if ((log_extra_selector & LX_deliver_time) != 0)
- {
- s = string_append(s, &size, &ptr, 2, US" DT=",
- readconf_printtime(addr->more_errno));
- }
-
- /* string_cat() always leaves room for the terminator. Release the
- store we used to build the line after writing it. */
-
- s[ptr] = 0;
- log_write(0, LOG_MAIN, "%s", s);
- #ifdef EXPERIMENTAL_DBL
- DEBUG(D_deliver)
- {
- debug_printf(" DBL(Delivery): dbl_delivery_query=|%s| dbl_delivery_IP=%s\n", dbl_delivery_query, dbl_delivery_ip);
- }
- if (dbl_delivery_ip != NULL && dbl_delivery_query != NULL)
- expand_string(dbl_delivery_query);
- #endif
- store_reset(reset_point);
+ delivery_log(LOG_MAIN, addr, logchar, NULL);
}
log. */
s = reset_point = store_get(size);
+
+ /* Create the address string for logging. Must not do this earlier, because
+ an OK result may be changed to FAIL when a pipe returns text. */
+
+ log_address = string_log_address(addr,
+ (log_write_selector & L_all_parents) != 0, result == OK);
+
s = string_cat(s, &size, &ptr, log_address, Ustrlen(log_address));
/* Either driver_name contains something and driver_kind contains
/* Build up the log line for the message and main logs */
s = reset_point = store_get(size);
+
+ /* Create the address string for logging. Must not do this earlier, because
+ an OK result may be changed to FAIL when a pipe returns text. */
+
+ log_address = string_log_address(addr,
+ (log_write_selector & L_all_parents) != 0, result == OK);
+
s = string_cat(s, &size, &ptr, log_address, Ustrlen(log_address));
if ((log_extra_selector & LX_sender_on_delivery) != 0)
set_process_info("delivering %s to %s using %s", message_id,
addr->local_part, addr->transport->name);
+ /* Setting this global in the subprocess means we need never clear it */
+ transport_name = addr->transport->name;
+
/* If a transport filter has been specified, set up its argument list.
Any errors will get put into the address, and FALSE yielded. */
int i;
int local_part_length = Ustrlen(addr2->local_part);
uschar *s;
+ int ret;
- (void)write(pfd[pipe_write], (void *)&(addr2->transport_return), sizeof(int));
- (void)write(pfd[pipe_write], (void *)&transport_count, sizeof(transport_count));
- (void)write(pfd[pipe_write], (void *)&(addr2->flags), sizeof(addr2->flags));
- (void)write(pfd[pipe_write], (void *)&(addr2->basic_errno), sizeof(int));
- (void)write(pfd[pipe_write], (void *)&(addr2->more_errno), sizeof(int));
- (void)write(pfd[pipe_write], (void *)&(addr2->special_action), sizeof(int));
- (void)write(pfd[pipe_write], (void *)&(addr2->transport),
- sizeof(transport_instance *));
+ if( (ret = write(pfd[pipe_write], (void *)&(addr2->transport_return), sizeof(int))) != sizeof(int)
+ || (ret = write(pfd[pipe_write], (void *)&transport_count, sizeof(transport_count))) != sizeof(transport_count)
+ || (ret = write(pfd[pipe_write], (void *)&(addr2->flags), sizeof(addr2->flags))) != sizeof(addr2->flags)
+ || (ret = write(pfd[pipe_write], (void *)&(addr2->basic_errno), sizeof(int))) != sizeof(int)
+ || (ret = write(pfd[pipe_write], (void *)&(addr2->more_errno), sizeof(int))) != sizeof(int)
+ || (ret = write(pfd[pipe_write], (void *)&(addr2->special_action), sizeof(int))) != sizeof(int)
+ || (ret = write(pfd[pipe_write], (void *)&(addr2->transport),
+ sizeof(transport_instance *))) != sizeof(transport_instance *)
/* For a file delivery, pass back the local part, in case the original
was only part of the final delivery path. This gives more complete
logging. */
- if (testflag(addr2, af_file))
- {
- (void)write(pfd[pipe_write], (void *)&local_part_length, sizeof(int));
- (void)write(pfd[pipe_write], addr2->local_part, local_part_length);
- }
+ || (testflag(addr2, af_file)
+ && ( (ret = write(pfd[pipe_write], (void *)&local_part_length, sizeof(int))) != sizeof(int)
+ || (ret = write(pfd[pipe_write], addr2->local_part, local_part_length)) != local_part_length
+ )
+ )
+ )
+ log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n",
+ ret == -1 ? strerror(errno) : "short write");
/* Now any messages */
for (i = 0, s = addr2->message; i < 2; i++, s = addr2->user_message)
{
int message_length = (s == NULL)? 0 : Ustrlen(s) + 1;
- (void)write(pfd[pipe_write], (void *)&message_length, sizeof(int));
- if (message_length > 0) (void)write(pfd[pipe_write], s, message_length);
+ if( (ret = write(pfd[pipe_write], (void *)&message_length, sizeof(int))) != sizeof(int)
+ || (message_length > 0 && (ret = write(pfd[pipe_write], s, message_length)) != message_length)
+ )
+ log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n",
+ ret == -1 ? strerror(errno) : "short write");
}
}
to do, which is for the ultimate address timeout. */
if (!ok)
- {
- retry_config *retry =
- retry_find_config(retry_key+2, addr2->domain,
- retry_record->basic_errno,
- retry_record->more_errno);
-
- DEBUG(D_deliver|D_retry)
- {
- debug_printf("retry time not reached for %s: "
- "checking ultimate address timeout\n", addr2->address);
- debug_printf(" now=%d first_failed=%d next_try=%d expired=%d\n",
- (int)now, (int)retry_record->first_failed,
- (int)retry_record->next_try, retry_record->expired);
- }
-
- if (retry != NULL && retry->rules != NULL)
- {
- retry_rule *last_rule;
- for (last_rule = retry->rules;
- last_rule->next != NULL;
- last_rule = last_rule->next);
- DEBUG(D_deliver|D_retry)
- debug_printf(" received_time=%d diff=%d timeout=%d\n",
- received_time, (int)now - received_time, last_rule->timeout);
- if (now - received_time > last_rule->timeout) ok = TRUE;
- }
- else
- {
- DEBUG(D_deliver|D_retry)
- debug_printf("no retry rule found: assume timed out\n");
- ok = TRUE; /* No rule => timed out */
- }
-
- DEBUG(D_deliver|D_retry)
- {
- if (ok) debug_printf("on queue longer than maximum retry for "
- "address - allowing delivery\n");
- }
- }
+ ok = retry_ultimate_address_timeout(retry_key, addr2->domain,
+ retry_record, now);
}
}
else DEBUG(D_retry) debug_printf("no retry record exists\n");
break;
#endif
+ case 'C': /* client authenticator information */
+ switch (*ptr++)
+ {
+ case '1':
+ addr->authenticator = (*ptr)? string_copy(ptr) : NULL;
+ break;
+ case '2':
+ addr->auth_id = (*ptr)? string_copy(ptr) : NULL;
+ break;
+ case '3':
+ addr->auth_sndr = (*ptr)? string_copy(ptr) : NULL;
+ break;
+ }
+ while (*ptr++);
+ break;
+
+#ifdef EXPERIMENTAL_PRDR
+ case 'P':
+ addr->flags |= af_prdr_used; break;
+#endif
+
case 'A':
if (addr == NULL)
{
+static void
+rmt_dlv_checked_write(int fd, void * buf, int size)
+{
+int ret = write(fd, buf, size);
+if(ret != size)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed writing transport result to pipe: %s\n",
+ ret == -1 ? strerror(errno) : "short write");
+}
+
/*************************************************
* Do remote deliveries *
*************************************************/
deliver_set_expansions(addr);
+ /* Ensure any transport-set auth info is fresh */
+ addr->authenticator = addr->auth_id = addr->auth_sndr = NULL;
+
/* Compute the return path, expanding a new one if required. The old one
must be set first, as it might be referred to in the expansion. */
int fd = pfd[pipe_write];
host_item *h;
- /* There are weird circumstances in which logging is disabled */
+ /* Setting this global in the subprocess means we need never clear it */
+ transport_name = tp->name;
+ /* There are weird circumstances in which logging is disabled */
disable_logging = tp->disable_logging;
/* Show pids on debug output if parallelism possible */
{
if (h->address == NULL || h->status < hstatus_unusable) continue;
sprintf(CS big_buffer, "H%c%c%s", h->status, h->why, h->address);
- (void)write(fd, big_buffer, Ustrlen(big_buffer+3) + 4);
+ rmt_dlv_checked_write(fd, big_buffer, Ustrlen(big_buffer+3) + 4);
}
/* The number of bytes written. This is the same for each address. Even
big_buffer[0] = 'S';
memcpy(big_buffer+1, &transport_count, sizeof(transport_count));
- (void)write(fd, big_buffer, sizeof(transport_count) + 1);
+ rmt_dlv_checked_write(fd, big_buffer, sizeof(transport_count) + 1);
- /* Information about what happened to each address. Three item types are
- used: an optional 'X' item first, for TLS information, followed by 'R'
- items for any retry settings, and finally an 'A' item for the remaining
- data. */
+ /* Information about what happened to each address. Four item types are
+ used: an optional 'X' item first, for TLS information, then an optional "C"
+ item for any client-auth info followed by 'R' items for any retry settings,
+ and finally an 'A' item for the remaining data. */
for(; addr != NULL; addr = addr->next)
{
/* The certificate verification status goes into the flags */
- if (tls_certificate_verified) setflag(addr, af_cert_verified);
+ if (tls_out.certificate_verified) setflag(addr, af_cert_verified);
/* Use an X item only if there's something to send */
if (addr->cipher != NULL)
{
ptr = big_buffer;
- *ptr++ = 'X';
- sprintf(CS ptr, "%.128s", addr->cipher);
+ sprintf(CS ptr, "X%.128s", addr->cipher);
while(*ptr++);
if (addr->peerdn == NULL) *ptr++ = 0; else
{
sprintf(CS ptr, "%.512s", addr->peerdn);
while(*ptr++);
}
- (void)write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
}
#endif
+ if (client_authenticator)
+ {
+ ptr = big_buffer;
+ sprintf(CS big_buffer, "C1%.64s", client_authenticator);
+ while(*ptr++);
+ rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ }
+ if (client_authenticated_id)
+ {
+ ptr = big_buffer;
+ sprintf(CS big_buffer, "C2%.64s", client_authenticated_id);
+ while(*ptr++);
+ rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ }
+ if (client_authenticated_sender)
+ {
+ ptr = big_buffer;
+ sprintf(CS big_buffer, "C3%.64s", client_authenticated_sender);
+ while(*ptr++);
+ rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
+ }
+
+ #ifdef EXPERIMENTAL_PRDR
+ if (addr->flags & af_prdr_used) rmt_dlv_checked_write(fd, "P", 1);
+ #endif
+
/* Retry information: for most success cases this will be null. */
for (r = addr->retries; r != NULL; r = r->next)
sprintf(CS ptr, "%.512s", r->message);
while(*ptr++);
}
- (void)write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
}
/* The rest of the information goes in an 'A' item. */
memcpy(ptr, &(addr->host_used->port), sizeof(addr->host_used->port));
ptr += sizeof(addr->host_used->port);
}
- (void)write(fd, big_buffer, ptr - big_buffer);
+ rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer);
}
/* Add termination flag, close the pipe, and that's it. The character
big_buffer[0] = 'Z';
big_buffer[1] = (continue_transport == NULL)? '0' : '1';
- (void)write(fd, big_buffer, 2);
+ rmt_dlv_checked_write(fd, big_buffer, 2);
(void)close(fd);
exit(EXIT_SUCCESS);
}
int process_recipients = RECIP_ACCEPT;
open_db dbblock;
open_db *dbm_file;
+extern int acl_where;
uschar *info = (queue_run_pid == (pid_t)0)?
string_sprintf("delivering %s", id) :
update_spool = FALSE;
remove_journal = TRUE;
+/* Set a known context for any ACLs we call via expansions */
+acl_where = ACL_WHERE_DELIVERY;
+
/* Reset the random number generator, so that if several delivery processes are
started from a queue runner that has already used random numbers (for sorting),
they don't all get the same sequence. */
will be far too many attempts for an address that gets a 4xx error. In
fact, after such an error, we should not get here because, the host should
not be remembered as one this message needs. However, there was a bug that
- used to cause this to happen, so it is best to be on the safe side. */
+ used to cause this to happen, so it is best to be on the safe side.
+
+ Even if we haven't reached the retry time in the hints, there is one more
+ check to do, which is for the ultimate address timeout. We only do this
+ check if there is an address retry record and there is not a domain retry
+ record; this implies that previous attempts to handle the address had the
+ retry_use_local_parts option turned on. We use this as an approximation
+ for the destination being like a local delivery, for example delivery over
+ LMTP to an IMAP message store. In this situation users are liable to bump
+ into their quota and thereby have intermittently successful deliveries,
+ which keep the retry record fresh, which can lead to us perpetually
+ deferring messages. */
else if (((queue_running && !deliver_force) || continue_hostname != NULL)
&&
||
(address_retry_record != NULL &&
now < address_retry_record->next_try))
- )
+ &&
+ (domain_retry_record != NULL ||
+ address_retry_record == NULL ||
+ !retry_ultimate_address_timeout(addr->address_retry_key,
+ addr->domain, address_retry_record, now)))
{
addr->message = US"retry time not reached";
addr->basic_errno = ERRNO_RRETRY;
that the mode is correct - the group setting doesn't always seem to get
set automatically. */
- (void)fcntl(journal_fd, F_SETFD, fcntl(journal_fd, F_GETFD) | FD_CLOEXEC);
- (void)fchown(journal_fd, exim_uid, exim_gid);
- (void)fchmod(journal_fd, SPOOL_MODE);
+ if( fcntl(journal_fd, F_SETFD, fcntl(journal_fd, F_GETFD) | FD_CLOEXEC)
+ || fchown(journal_fd, exim_uid, exim_gid)
+ || fchmod(journal_fd, SPOOL_MODE)
+ )
+ {
+ int ret = Uunlink(spoolname);
+ log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't set perms on journal file %s: %s",
+ spoolname, strerror(errno));
+ if(ret && errno != ENOENT)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s",
+ spoolname, strerror(errno));
+ return DELIVER_NOT_ATTEMPTED;
+ }
}
+
/* Now we can get down to the business of actually doing deliveries. Local
deliveries are done first, then remote ones. If ever the problems of how to
handle fallback transports are figured out, this section can be put into a loop
regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
#endif
+ #ifdef EXPERIMENTAL_PRDR
+ if (regex_PRDR == NULL) regex_PRDR =
+ regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE);
+ #endif
+
/* Now sort the addresses if required, and do the deliveries. The yield of
do_remote_deliveries is FALSE when mua_wrapper is set and all addresses
cannot be delivered in one transaction. */
released. */
search_tidyup();
+acl_where = ACL_WHERE_UNKNOWN;
return final_yield;
}
/* Set the ownership if necessary. */
- if (use_chown) (void)Uchown(buffer, exim_uid, exim_gid);
+ if (use_chown && Uchown(buffer, exim_uid, exim_gid))
+ {
+ if (!panic) return FALSE;
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "Failed to set owner on directory \"%s\": %s\n", buffer, strerror(errno));
+ }
/* It appears that any mode bits greater than 0777 are ignored by
mkdir(), at least on some operating systems. Therefore, if the mode
"%.*s", (int)len, (char *)((rr->data)+rr_offset));
rr_offset+=len;
answer_offset+=len;
+ if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
+ return PDKIM_FAIL;
+ }
}
}
else return PDKIM_FAIL;
rc = NULL;
goto CLEANUP;
}
- (void)read(privkey_fd,big_buffer,(big_buffer_size-2));
+ if (read(privkey_fd,big_buffer,(big_buffer_size-2)) < 0) {
+ log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s",
+ dkim_private_key_expanded);
+ rc = NULL;
+ goto CLEANUP;
+ }
(void)close(privkey_fd);
dkim_private_key_expanded = big_buffer;
}
--- /dev/null
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+/* Experimental DMARC support.
+ Copyright (c) Todd Lyons <tlyons@exim.org> 2012, 2013
+ License: GPL */
+
+/* Portions Copyright (c) 2012, 2013, The Trusted Domain Project;
+ All rights reserved, licensed for use per LICENSE.opendmarc. */
+
+/* Code for calling dmarc checks via libopendmarc. Called from acl.c. */
+
+#include "exim.h"
+#ifdef EXPERIMENTAL_DMARC
+#if !defined EXPERIMENTAL_SPF
+#error SPF must also be enabled for DMARC
+#elif defined DISABLE_DKIM
+#error DKIM must also be enabled for DMARC
+#else
+
+#include "functions.h"
+#include "dmarc.h"
+#include "pdkim/pdkim.h"
+
+OPENDMARC_LIB_T dmarc_ctx;
+DMARC_POLICY_T *dmarc_pctx = NULL;
+OPENDMARC_STATUS_T libdm_status, action, dmarc_policy;
+OPENDMARC_STATUS_T da, sa, action;
+BOOL dmarc_abort = FALSE;
+uschar *dmarc_pass_fail = US"skipped";
+extern pdkim_signature *dkim_signatures;
+header_line *from_header = NULL;
+extern SPF_response_t *spf_response;
+int dmarc_spf_ares_result = 0;
+uschar *spf_sender_domain = NULL;
+uschar *spf_human_readable = NULL;
+u_char *header_from_sender = NULL;
+int history_file_status = DMARC_HIST_OK;
+uschar *dkim_history_buffer= NULL;
+
+/* Accept an error_block struct, initialize if empty, parse to the
+ * end, and append the two strings passed to it. Used for adding
+ * variable amounts of value:pair data to the forensic emails. */
+
+static error_block *
+add_to_eblock(error_block *eblock, uschar *t1, uschar *t2)
+{
+ error_block *eb = malloc(sizeof(error_block));
+ if (eblock == NULL)
+ eblock = eb;
+ else
+ {
+ /* Find the end of the eblock struct and point it at eb */
+ error_block *tmp = eblock;
+ while(tmp->next != NULL)
+ tmp = tmp->next;
+ tmp->next = eb;
+ }
+ eb->text1 = t1;
+ eb->text2 = t2;
+ eb->next = NULL;
+ return eblock;
+}
+
+/* dmarc_init sets up a context that can be re-used for several
+ messages on the same SMTP connection (that come from the
+ same host with the same HELO string) */
+
+int dmarc_init()
+{
+ int *netmask = NULL; /* Ignored */
+ int is_ipv6 = 0;
+ char *tld_file = (dmarc_tld_file == NULL) ?
+ "/etc/exim/opendmarc.tlds" :
+ (char *)dmarc_tld_file;
+
+ /* Set some sane defaults. Also clears previous results when
+ * multiple messages in one connection. */
+ dmarc_pctx = NULL;
+ dmarc_status = US"none";
+ dmarc_abort = FALSE;
+ dmarc_pass_fail = US"skipped";
+ dmarc_used_domain = US"";
+ header_from_sender = NULL;
+ spf_sender_domain = NULL;
+ spf_human_readable = NULL;
+
+ /* ACLs have "control=dmarc_disable_verify" */
+ if (dmarc_disable_verify == TRUE)
+ return OK;
+
+ (void) memset(&dmarc_ctx, '\0', sizeof dmarc_ctx);
+ dmarc_ctx.nscount = 0;
+ libdm_status = opendmarc_policy_library_init(&dmarc_ctx);
+ if (libdm_status != DMARC_PARSE_OKAY)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to init library: %s",
+ opendmarc_policy_status_to_str(libdm_status));
+ dmarc_abort = TRUE;
+ }
+ if (dmarc_tld_file == NULL)
+ dmarc_abort = TRUE;
+ else if (opendmarc_tld_read_file(tld_file, NULL, NULL, NULL))
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to load tld list %s: %d",
+ tld_file, errno);
+ dmarc_abort = TRUE;
+ }
+ if (sender_host_address == NULL)
+ dmarc_abort = TRUE;
+ /* This catches locally originated email and startup errors above. */
+ if ( dmarc_abort == FALSE )
+ {
+ is_ipv6 = string_is_ip_address(sender_host_address, netmask);
+ is_ipv6 = (is_ipv6 == 6) ? TRUE :
+ (is_ipv6 == 4) ? FALSE : FALSE;
+ dmarc_pctx = opendmarc_policy_connect_init(sender_host_address, is_ipv6);
+ if (dmarc_pctx == NULL )
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure creating policy context: ip=%s",
+ sender_host_address);
+ dmarc_abort = TRUE;
+ }
+ }
+
+ return OK;
+}
+
+
+/* dmarc_store_data stores the header data so that subsequent
+ * dmarc_process can access the data */
+
+int dmarc_store_data(header_line *hdr) {
+ /* No debug output because would change every test debug output */
+ if (dmarc_disable_verify != TRUE)
+ from_header = hdr;
+ return OK;
+}
+
+
+/* dmarc_process adds the envelope sender address to the existing
+ context (if any), retrieves the result, sets up expansion
+ strings and evaluates the condition outcome. */
+
+int dmarc_process() {
+ int sr, origin; /* used in SPF section */
+ int dmarc_spf_result = 0; /* stores spf into dmarc conn ctx */
+ pdkim_signature *sig = NULL;
+ BOOL has_dmarc_record = TRUE;
+ u_char **ruf; /* forensic report addressees, if called for */
+
+ /* ACLs have "control=dmarc_disable_verify" */
+ if (dmarc_disable_verify == TRUE)
+ {
+ dmarc_ar_header = dmarc_auth_results_header(from_header, NULL);
+ return OK;
+ }
+
+ /* Store the header From: sender domain for this part of DMARC.
+ * If there is no from_header struct, then it's likely this message
+ * is locally generated and relying on fixups to add it. Just skip
+ * the entire DMARC system if we can't find a From: header....or if
+ * there was a previous error.
+ */
+ if (from_header == NULL || dmarc_abort == TRUE)
+ dmarc_abort = TRUE;
+ else
+ {
+ /* I strongly encourage anybody who can make this better to contact me directly!
+ * <cannonball> Is this an insane way to extract the email address from the From: header?
+ * <jgh_hm> it's sure a horrid layer-crossing....
+ * <cannonball> I'm not denying that :-/
+ * <jgh_hm> there may well be no better though
+ */
+ header_from_sender = expand_string(
+ string_sprintf("${domain:${extract{1}{:}{${addresses:%s}}}}",
+ from_header->text) );
+ /* The opendmarc library extracts the domain from the email address, but
+ * only try to store it if it's not empty. Otherwise, skip out of DMARC. */
+ if (strcmp( CCS header_from_sender, "") == 0)
+ dmarc_abort = TRUE;
+ libdm_status = (dmarc_abort == TRUE) ?
+ DMARC_PARSE_OKAY :
+ opendmarc_policy_store_from_domain(dmarc_pctx, header_from_sender);
+ if (libdm_status != DMARC_PARSE_OKAY)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "failure to store header From: in DMARC: %s, header was '%s'",
+ opendmarc_policy_status_to_str(libdm_status), from_header->text);
+ dmarc_abort = TRUE;
+ }
+ }
+
+ /* Skip DMARC if connection is SMTP Auth. Temporarily, admin should
+ * instead do this in the ACLs. */
+ if (dmarc_abort == FALSE && sender_host_authenticated == NULL)
+ {
+ /* Use the envelope sender domain for this part of DMARC */
+ spf_sender_domain = expand_string(US"$sender_address_domain");
+ if ( spf_response == NULL )
+ {
+ /* No spf data means null envelope sender so generate a domain name
+ * from the sender_helo_name */
+ if (spf_sender_domain == NULL)
+ {
+ spf_sender_domain = sender_helo_name;
+ log_write(0, LOG_MAIN, "DMARC using synthesized SPF sender domain = %s\n",
+ spf_sender_domain);
+ DEBUG(D_receive)
+ debug_printf("DMARC using synthesized SPF sender domain = %s\n", spf_sender_domain);
+ }
+ dmarc_spf_result = DMARC_POLICY_SPF_OUTCOME_NONE;
+ dmarc_spf_ares_result = ARES_RESULT_UNKNOWN;
+ origin = DMARC_POLICY_SPF_ORIGIN_HELO;
+ spf_human_readable = US"";
+ }
+ else
+ {
+ sr = spf_response->result;
+ dmarc_spf_result = (sr == SPF_RESULT_NEUTRAL) ? DMARC_POLICY_SPF_OUTCOME_NONE :
+ (sr == SPF_RESULT_PASS) ? DMARC_POLICY_SPF_OUTCOME_PASS :
+ (sr == SPF_RESULT_FAIL) ? DMARC_POLICY_SPF_OUTCOME_FAIL :
+ (sr == SPF_RESULT_SOFTFAIL) ? DMARC_POLICY_SPF_OUTCOME_TMPFAIL :
+ DMARC_POLICY_SPF_OUTCOME_NONE;
+ dmarc_spf_ares_result = (sr == SPF_RESULT_NEUTRAL) ? ARES_RESULT_NEUTRAL :
+ (sr == SPF_RESULT_PASS) ? ARES_RESULT_PASS :
+ (sr == SPF_RESULT_FAIL) ? ARES_RESULT_FAIL :
+ (sr == SPF_RESULT_SOFTFAIL) ? ARES_RESULT_SOFTFAIL :
+ (sr == SPF_RESULT_NONE) ? ARES_RESULT_NONE :
+ (sr == SPF_RESULT_TEMPERROR) ? ARES_RESULT_TEMPERROR :
+ (sr == SPF_RESULT_PERMERROR) ? ARES_RESULT_PERMERROR :
+ ARES_RESULT_UNKNOWN;
+ origin = DMARC_POLICY_SPF_ORIGIN_MAILFROM;
+ spf_human_readable = (uschar *)spf_response->header_comment;
+ DEBUG(D_receive)
+ debug_printf("DMARC using SPF sender domain = %s\n", spf_sender_domain);
+ }
+ if (strcmp( CCS spf_sender_domain, "") == 0)
+ dmarc_abort = TRUE;
+ if (dmarc_abort == FALSE)
+ {
+ libdm_status = opendmarc_policy_store_spf(dmarc_pctx, spf_sender_domain,
+ dmarc_spf_result, origin, spf_human_readable);
+ if (libdm_status != DMARC_PARSE_OKAY)
+ log_write(0, LOG_MAIN|LOG_PANIC, "failure to store spf for DMARC: %s",
+ opendmarc_policy_status_to_str(libdm_status));
+ }
+
+ /* Now we cycle through the dkim signature results and put into
+ * the opendmarc context, further building the DMARC reply. */
+ sig = dkim_signatures;
+ dkim_history_buffer = US"";
+ while (sig != NULL)
+ {
+ int dkim_result, dkim_ares_result, vs, ves;
+ vs = sig->verify_status;
+ ves = sig->verify_ext_status;
+ dkim_result = ( vs == PDKIM_VERIFY_PASS ) ? DMARC_POLICY_DKIM_OUTCOME_PASS :
+ ( vs == PDKIM_VERIFY_FAIL ) ? DMARC_POLICY_DKIM_OUTCOME_FAIL :
+ ( vs == PDKIM_VERIFY_INVALID ) ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
+ DMARC_POLICY_DKIM_OUTCOME_NONE;
+ libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, (uschar *)sig->domain,
+ dkim_result, US"");
+ DEBUG(D_receive)
+ debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain);
+ if (libdm_status != DMARC_PARSE_OKAY)
+ log_write(0, LOG_MAIN|LOG_PANIC, "failure to store dkim (%s) for DMARC: %s",
+ sig->domain, opendmarc_policy_status_to_str(libdm_status));
+
+ dkim_ares_result = ( vs == PDKIM_VERIFY_PASS ) ? ARES_RESULT_PASS :
+ ( vs == PDKIM_VERIFY_FAIL ) ? ARES_RESULT_FAIL :
+ ( vs == PDKIM_VERIFY_NONE ) ? ARES_RESULT_NONE :
+ ( vs == PDKIM_VERIFY_INVALID ) ?
+ ( ves == PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE ? ARES_RESULT_PERMERROR :
+ ves == PDKIM_VERIFY_INVALID_BUFFER_SIZE ? ARES_RESULT_PERMERROR :
+ ves == PDKIM_VERIFY_INVALID_PUBKEY_PARSING ? ARES_RESULT_PERMERROR :
+ ARES_RESULT_UNKNOWN ) :
+ ARES_RESULT_UNKNOWN;
+ dkim_history_buffer = string_sprintf("%sdkim %s %d\n", dkim_history_buffer,
+ sig->domain, dkim_ares_result);
+ sig = sig->next;
+ }
+ libdm_status = opendmarc_policy_query_dmarc(dmarc_pctx, US"");
+ switch (libdm_status)
+ {
+ case DMARC_DNS_ERROR_NXDOMAIN:
+ case DMARC_DNS_ERROR_NO_RECORD:
+ DEBUG(D_receive)
+ debug_printf("DMARC no record found for %s\n", header_from_sender);
+ has_dmarc_record = FALSE;
+ break;
+ case DMARC_PARSE_OKAY:
+ DEBUG(D_receive)
+ debug_printf("DMARC record found for %s\n", header_from_sender);
+ break;
+ case DMARC_PARSE_ERROR_BAD_VALUE:
+ DEBUG(D_receive)
+ debug_printf("DMARC record parse error for %s\n", header_from_sender);
+ has_dmarc_record = FALSE;
+ break;
+ default:
+ /* everything else, skip dmarc */
+ DEBUG(D_receive)
+ debug_printf("DMARC skipping (%d), unsure what to do with %s",
+ libdm_status, from_header->text);
+ has_dmarc_record = FALSE;
+ break;
+ }
+ /* Can't use exim's string manipulation functions so allocate memory
+ * for libopendmarc using its max hostname length definition. */
+ uschar *dmarc_domain = (uschar *)calloc(DMARC_MAXHOSTNAMELEN, sizeof(uschar));
+ libdm_status = opendmarc_policy_fetch_utilized_domain(dmarc_pctx, dmarc_domain,
+ DMARC_MAXHOSTNAMELEN-1);
+ dmarc_used_domain = string_copy(dmarc_domain);
+ free(dmarc_domain);
+ if (libdm_status != DMARC_PARSE_OKAY)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "failure to read domainname used for DMARC lookup: %s",
+ opendmarc_policy_status_to_str(libdm_status));
+ }
+ libdm_status = opendmarc_get_policy_to_enforce(dmarc_pctx);
+ dmarc_policy = libdm_status;
+ switch(libdm_status)
+ {
+ case DMARC_POLICY_ABSENT: /* No DMARC record found */
+ dmarc_status = US"norecord";
+ dmarc_pass_fail = US"temperror";
+ dmarc_status_text = US"No DMARC record";
+ action = DMARC_RESULT_ACCEPT;
+ break;
+ case DMARC_FROM_DOMAIN_ABSENT: /* No From: domain */
+ dmarc_status = US"nofrom";
+ dmarc_pass_fail = US"temperror";
+ dmarc_status_text = US"No From: domain found";
+ action = DMARC_RESULT_ACCEPT;
+ break;
+ case DMARC_POLICY_NONE: /* Accept and report */
+ dmarc_status = US"none";
+ dmarc_pass_fail = US"none";
+ dmarc_status_text = US"None, Accept";
+ action = DMARC_RESULT_ACCEPT;
+ break;
+ case DMARC_POLICY_PASS: /* Explicit accept */
+ dmarc_status = US"accept";
+ dmarc_pass_fail = US"pass";
+ dmarc_status_text = US"Accept";
+ action = DMARC_RESULT_ACCEPT;
+ break;
+ case DMARC_POLICY_REJECT: /* Explicit reject */
+ dmarc_status = US"reject";
+ dmarc_pass_fail = US"fail";
+ dmarc_status_text = US"Reject";
+ action = DMARC_RESULT_REJECT;
+ break;
+ case DMARC_POLICY_QUARANTINE: /* Explicit quarantine */
+ dmarc_status = US"quarantine";
+ dmarc_pass_fail = US"fail";
+ dmarc_status_text = US"Quarantine";
+ action = DMARC_RESULT_QUARANTINE;
+ break;
+ default:
+ dmarc_status = US"temperror";
+ dmarc_pass_fail = US"temperror";
+ dmarc_status_text = US"Internal Policy Error";
+ action = DMARC_RESULT_TEMPFAIL;
+ break;
+ }
+
+ libdm_status = opendmarc_policy_fetch_alignment(dmarc_pctx, &da, &sa);
+ if (libdm_status != DMARC_PARSE_OKAY)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "failure to read DMARC alignment: %s",
+ opendmarc_policy_status_to_str(libdm_status));
+ }
+
+ if (has_dmarc_record == TRUE)
+ {
+ log_write(0, LOG_MAIN, "DMARC results: spf_domain=%s dmarc_domain=%s "
+ "spf_align=%s dkim_align=%s enforcement='%s'",
+ spf_sender_domain, dmarc_used_domain,
+ (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?"yes":"no",
+ (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?"yes":"no",
+ dmarc_status_text);
+ history_file_status = dmarc_write_history_file();
+ /* Now get the forensic reporting addresses, if any */
+ ruf = opendmarc_policy_fetch_ruf(dmarc_pctx, NULL, 0, 1);
+ dmarc_send_forensic_report(ruf);
+ }
+ }
+
+ /* set some global variables here */
+ dmarc_ar_header = dmarc_auth_results_header(from_header, NULL);
+
+ /* shut down libopendmarc */
+ if ( dmarc_pctx != NULL )
+ (void) opendmarc_policy_connect_shutdown(dmarc_pctx);
+ if ( dmarc_disable_verify == FALSE )
+ (void) opendmarc_policy_library_shutdown(&dmarc_ctx);
+
+ return OK;
+}
+
+int dmarc_write_history_file()
+{
+ int history_file_fd;
+ ssize_t written_len;
+ int tmp_ans;
+ u_char **rua; /* aggregate report addressees */
+ uschar *history_buffer = NULL;
+
+ if (dmarc_history_file == NULL)
+ return DMARC_HIST_DISABLED;
+ history_file_fd = log_create(dmarc_history_file);
+
+ if (history_file_fd < 0)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "failure to create DMARC history file: %s",
+ dmarc_history_file);
+ return DMARC_HIST_FILE_ERR;
+ }
+
+ /* Generate the contents of the history file */
+ history_buffer = string_sprintf("job %s\n", message_id);
+ history_buffer = string_sprintf("%sreporter %s\n", history_buffer, primary_hostname);
+ history_buffer = string_sprintf("%sreceived %ld\n", history_buffer, time(NULL));
+ history_buffer = string_sprintf("%sipaddr %s\n", history_buffer, sender_host_address);
+ history_buffer = string_sprintf("%sfrom %s\n", history_buffer, header_from_sender);
+ history_buffer = string_sprintf("%smfrom %s\n", history_buffer,
+ expand_string(US"$sender_address_domain"));
+
+ if (spf_response != NULL)
+ history_buffer = string_sprintf("%sspf %d\n", history_buffer, dmarc_spf_ares_result);
+ // history_buffer = string_sprintf("%sspf -1\n", history_buffer);
+
+ history_buffer = string_sprintf("%s%s", history_buffer, dkim_history_buffer);
+ history_buffer = string_sprintf("%spdomain %s\n", history_buffer, dmarc_used_domain);
+ history_buffer = string_sprintf("%spolicy %d\n", history_buffer, dmarc_policy);
+
+ rua = opendmarc_policy_fetch_rua(dmarc_pctx, NULL, 0, 1);
+ if (rua != NULL)
+ {
+ for (tmp_ans = 0; rua[tmp_ans] != NULL; tmp_ans++)
+ {
+ history_buffer = string_sprintf("%srua %s\n", history_buffer, rua[tmp_ans]);
+ }
+ }
+ else
+ history_buffer = string_sprintf("%srua -\n", history_buffer);
+
+ opendmarc_policy_fetch_pct(dmarc_pctx, &tmp_ans);
+ history_buffer = string_sprintf("%spct %d\n", history_buffer, tmp_ans);
+
+ opendmarc_policy_fetch_adkim(dmarc_pctx, &tmp_ans);
+ history_buffer = string_sprintf("%sadkim %d\n", history_buffer, tmp_ans);
+
+ opendmarc_policy_fetch_aspf(dmarc_pctx, &tmp_ans);
+ history_buffer = string_sprintf("%saspf %d\n", history_buffer, tmp_ans);
+
+ opendmarc_policy_fetch_p(dmarc_pctx, &tmp_ans);
+ history_buffer = string_sprintf("%sp %d\n", history_buffer, tmp_ans);
+
+ opendmarc_policy_fetch_sp(dmarc_pctx, &tmp_ans);
+ history_buffer = string_sprintf("%ssp %d\n", history_buffer, tmp_ans);
+
+ history_buffer = string_sprintf("%salign_dkim %d\n", history_buffer, da);
+ history_buffer = string_sprintf("%salign_spf %d\n", history_buffer, sa);
+ history_buffer = string_sprintf("%saction %d\n", history_buffer, action);
+
+ /* Write the contents to the history file */
+ DEBUG(D_receive)
+ debug_printf("DMARC logging history data for opendmarc reporting%s\n",
+ (host_checking || running_in_test_harness) ? " (not really)" : "");
+ if (host_checking || running_in_test_harness)
+ {
+ DEBUG(D_receive)
+ debug_printf("DMARC history data for debugging:\n%s", history_buffer);
+ }
+ else
+ {
+ written_len = write_to_fd_buf(history_file_fd,
+ history_buffer,
+ Ustrlen(history_buffer));
+ if (written_len == 0)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "failure to write to DMARC history file: %s",
+ dmarc_history_file);
+ return DMARC_HIST_WRITE_ERR;
+ }
+ (void)close(history_file_fd);
+ }
+ return DMARC_HIST_OK;
+}
+
+void dmarc_send_forensic_report(u_char **ruf)
+{
+ int c;
+ uschar *recipient, *save_sender;
+ BOOL send_status = FALSE;
+ error_block *eblock = NULL;
+ FILE *message_file = NULL;
+
+ /* Earlier ACL does not have *required* control=dmarc_enable_forensic */
+ if (dmarc_enable_forensic == FALSE)
+ return;
+
+ if ((dmarc_policy == DMARC_POLICY_REJECT && action == DMARC_RESULT_REJECT) ||
+ (dmarc_policy == DMARC_POLICY_QUARANTINE && action == DMARC_RESULT_QUARANTINE) )
+ {
+ if (ruf != NULL)
+ {
+ eblock = add_to_eblock(eblock, US"Sender Domain", dmarc_used_domain);
+ eblock = add_to_eblock(eblock, US"Sender IP Address", sender_host_address);
+ eblock = add_to_eblock(eblock, US"Received Date", tod_stamp(tod_full));
+ eblock = add_to_eblock(eblock, US"SPF Alignment",
+ (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?US"yes":US"no");
+ eblock = add_to_eblock(eblock, US"DKIM Alignment",
+ (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?US"yes":US"no");
+ eblock = add_to_eblock(eblock, US"DMARC Results", dmarc_status_text);
+ /* Set a sane default envelope sender */
+ dsn_from = dmarc_forensic_sender ? dmarc_forensic_sender :
+ dsn_from ? dsn_from :
+ string_sprintf("do-not-reply@%s",primary_hostname);
+ for (c = 0; ruf[c] != NULL; c++)
+ {
+ recipient = string_copylc(ruf[c]);
+ if (Ustrncmp(recipient, "mailto:",7))
+ continue;
+ /* Move to first character past the colon */
+ recipient += 7;
+ DEBUG(D_receive)
+ debug_printf("DMARC forensic report to %s%s\n", recipient,
+ (host_checking || running_in_test_harness) ? " (not really)" : "");
+ if (host_checking || running_in_test_harness)
+ continue;
+ save_sender = sender_address;
+ sender_address = recipient;
+ send_status = moan_to_sender(ERRMESS_DMARC_FORENSIC, eblock,
+ header_list, message_file, FALSE);
+ sender_address = save_sender;
+ if (send_status == FALSE)
+ log_write(0, LOG_MAIN|LOG_PANIC, "failure to send DMARC forensic report to %s",
+ recipient);
+ }
+ }
+ }
+}
+
+uschar *dmarc_exim_expand_query(int what)
+{
+ if (dmarc_disable_verify || !dmarc_pctx)
+ return dmarc_exim_expand_defaults(what);
+
+ switch(what) {
+ case DMARC_VERIFY_STATUS:
+ return(dmarc_status);
+ default:
+ return US"";
+ }
+}
+
+uschar *dmarc_exim_expand_defaults(int what)
+{
+ switch(what) {
+ case DMARC_VERIFY_STATUS:
+ return (dmarc_disable_verify) ?
+ US"off" :
+ US"none";
+ default:
+ return US"";
+ }
+}
+
+uschar *dmarc_auth_results_header(header_line *from_header, uschar *hostname)
+{
+ uschar *hdr_tmp = US"";
+
+ /* Allow a server hostname to be passed to this function, but is
+ * currently unused */
+ if (hostname == NULL)
+ hostname = primary_hostname;
+ hdr_tmp = string_sprintf("%s %s;", DMARC_AR_HEADER, hostname);
+
+#if 0
+ /* I don't think this belongs here, but left it here commented out
+ * because it was a lot of work to get working right. */
+ if (spf_response != NULL) {
+ uschar *dmarc_ar_spf = US"";
+ int sr = 0;
+ sr = spf_response->result;
+ dmarc_ar_spf = (sr == SPF_RESULT_NEUTRAL) ? US"neutral" :
+ (sr == SPF_RESULT_PASS) ? US"pass" :
+ (sr == SPF_RESULT_FAIL) ? US"fail" :
+ (sr == SPF_RESULT_SOFTFAIL) ? US"softfail" :
+ US"none";
+ hdr_tmp = string_sprintf("%s spf=%s (%s) smtp.mail=%s;",
+ hdr_tmp, dmarc_ar_spf_result,
+ spf_response->header_comment,
+ expand_string(US"$sender_address") );
+ }
+#endif
+ hdr_tmp = string_sprintf("%s dmarc=%s",
+ hdr_tmp, dmarc_pass_fail);
+ if (header_from_sender)
+ hdr_tmp = string_sprintf("%s header.from=%s",
+ hdr_tmp, header_from_sender);
+ return hdr_tmp;
+}
+
+#endif /* EXPERIMENTAL_SPF */
+#endif /* EXPERIMENTAL_DMARC */
+
+// vim:sw=2 expandtab
--- /dev/null
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Experimental DMARC support.
+ Copyright (c) Todd Lyons <tlyons@exim.org> 2012, 2013
+ License: GPL */
+
+/* Portions Copyright (c) 2012, 2013, The Trusted Domain Project;
+ All rights reserved, licensed for use per LICENSE.opendmarc. */
+
+#ifdef EXPERIMENTAL_DMARC
+
+#include "opendmarc/dmarc.h"
+#ifdef EXPERIMENTAL_SPF
+#include "spf2/spf.h"
+#endif /* EXPERIMENTAL_SPF */
+
+/* prototypes */
+int dmarc_init();
+int dmarc_store_data(header_line *);
+int dmarc_process();
+uschar *dmarc_exim_expand_query(int);
+uschar *dmarc_exim_expand_defaults(int);
+uschar *dmarc_auth_results_header(header_line *,uschar *);
+int dmarc_write_history_file();
+void dmarc_send_forensic_report(u_char **);
+
+#define DMARC_AR_HEADER US"Authentication-Results:"
+#define DMARC_VERIFY_STATUS 1
+
+#define DMARC_HIST_OK 1
+#define DMARC_HIST_DISABLED 2
+#define DMARC_HIST_EMPTY 3
+#define DMARC_HIST_FILE_ERR 4
+#define DMARC_HIST_WRITE_ERR 5
+
+/* From opendmarc.c */
+#define DMARC_RESULT_REJECT 0
+#define DMARC_RESULT_DISCARD 1
+#define DMARC_RESULT_ACCEPT 2
+#define DMARC_RESULT_TEMPFAIL 3
+#define DMARC_RESULT_QUARANTINE 4
+
+/* From opendmarc-ar.h */
+/* ARES_RESULT_T -- type for specifying an authentication result */
+#define ARES_RESULT_UNDEFINED (-1)
+#define ARES_RESULT_PASS 0
+#define ARES_RESULT_UNUSED 1
+#define ARES_RESULT_SOFTFAIL 2
+#define ARES_RESULT_NEUTRAL 3
+#define ARES_RESULT_TEMPERROR 4
+#define ARES_RESULT_PERMERROR 5
+#define ARES_RESULT_NONE 6
+#define ARES_RESULT_FAIL 7
+#define ARES_RESULT_POLICY 8
+#define ARES_RESULT_NXDOMAIN 9
+#define ARES_RESULT_SIGNED 10
+#define ARES_RESULT_UNKNOWN 11
+#define ARES_RESULT_DISCARD 12
+
+#endif /* EXPERIMENTAL_DMARC */
+
+// vim:sw=2 expandtab
dns_use_edns0 ? "" : "un");
#endif
+#ifndef DISABLE_DNSSEC
+# ifdef RES_USE_DNSSEC
+# ifndef RES_USE_EDNS0
+# error Have RES_USE_DNSSEC but not RES_USE_EDNS0? Something hinky ...
+# endif
+if (dns_dnssec_ok >= 0)
+ {
+ if (dns_use_edns0 == 0 && dns_dnssec_ok != 0)
+ {
+ DEBUG(D_resolver)
+ debug_printf("CONFLICT: dns_use_edns0 forced false, dns_dnssec_ok forced true, ignoring latter!\n");
+ }
+ else
+ {
+ if (dns_dnssec_ok)
+ resp->options |= RES_USE_DNSSEC;
+ else
+ resp->options &= ~RES_USE_DNSSEC;
+ DEBUG(D_resolver) debug_printf("Coerced resolver DNSSEC support %s.\n",
+ dns_dnssec_ok ? "on" : "off");
+ }
+ }
+# else
+if (dns_dnssec_ok >= 0)
+ DEBUG(D_resolver)
+ debug_printf("Unable to %sset DNSSEC without resolver support.\n",
+ dns_dnssec_ok ? "" : "un");
+# endif
+#endif /* DISABLE_DNSSEC */
+
os_put_dns_resolver_res(resp);
}
+/*************************************************
+* Return whether AD bit set in DNS result *
+*************************************************/
+
+/* We do not perform DNSSEC work ourselves; if the administrator has installed
+a verifying resolver which sets AD as appropriate, though, we'll use that.
+(AD = Authentic Data)
+
+Argument: pointer to dns answer block
+Returns: bool indicating presence of AD bit
+*/
+
+BOOL
+dns_is_secure(dns_answer *dnsa)
+{
+#ifdef DISABLE_DNSSEC
+DEBUG(D_dns)
+ debug_printf("DNSSEC support disabled at build-time; dns_is_secure() false\n");
+return FALSE;
+#else
+HEADER *h = (HEADER *)dnsa->answer;
+return h->ad ? TRUE : FALSE;
+#endif
+}
+
+
+
+
/*************************************************
* Turn DNS type into text *
*************************************************/
+/*************************************************
+* Enums for cmdline interface *
+*************************************************/
+
+enum commandline_info { CMDINFO_NONE=0,
+ CMDINFO_HELP, CMDINFO_SIEVE, CMDINFO_DSCP };
+
+
+
+
/*************************************************
* Compile regular expression and panic on fail *
*************************************************/
if (fd < 0) return;
-(void)write(fd, process_info, process_info_len);
+{int dummy = write(fd, process_info, process_info_len); dummy = dummy; }
(void)close(fd);
}
if (smtp_input)
{
#ifdef SUPPORT_TLS
- tls_close(FALSE); /* Shut down the TLS library */
+ tls_close(FALSE, FALSE); /* Shut down the TLS library */
#endif
(void)close(fileno(smtp_in));
(void)close(fileno(smtp_out));
#ifdef EXPERIMENTAL_DCC
fprintf(f, " Experimental_DCC");
#endif
+#ifdef EXPERIMENTAL_DMARC
+ fprintf(f, " Experimental_DMARC");
+#endif
+#ifdef EXPERIMENTAL_OCSP
+ fprintf(f, " Experimental_OCSP");
+#endif
+#ifdef EXPERIMENTAL_PRDR
+ fprintf(f, " Experimental_PRDR");
+#endif
#ifdef EXPERIMENTAL_DBL
fprintf(f, " EXPERIMENTAL_DBL");
#endif
}
+/*************************************************
+* Show auxiliary information about Exim *
+*************************************************/
+
+static void
+show_exim_information(enum commandline_info request, FILE *stream)
+{
+const uschar **pp;
+
+switch(request)
+ {
+ case CMDINFO_NONE:
+ fprintf(stream, "Oops, something went wrong.\n");
+ return;
+ case CMDINFO_HELP:
+ fprintf(stream,
+"The -bI: flag takes a string indicating which information to provide.\n"
+"If the string is not recognised, you'll get this help (on stderr).\n"
+"\n"
+" exim -bI:help this information\n"
+" exim -bI:dscp dscp value keywords known\n"
+" exim -bI:sieve list of supported sieve extensions, one per line.\n"
+);
+ return;
+ case CMDINFO_SIEVE:
+ for (pp = exim_sieve_extension_list; *pp; ++pp)
+ fprintf(stream, "%s\n", *pp);
+ return;
+ case CMDINFO_DSCP:
+ dscp_list_to_stream(stream);
+ return;
+ }
+}
/*************************************************
BOOL count_queue = FALSE;
BOOL expansion_test = FALSE;
BOOL extract_recipients = FALSE;
+BOOL flag_G = FALSE;
+BOOL flag_n = FALSE;
BOOL forced_delivery = FALSE;
BOOL f_end_dot = FALSE;
BOOL deliver_give_up = FALSE;
BOOL version_printed = FALSE;
uschar *alias_arg = NULL;
uschar *called_as = US"";
+uschar *cmdline_syslog_name = NULL;
uschar *start_queue_run_id = NULL;
uschar *stop_queue_run_id = NULL;
uschar *expansion_test_message = NULL;
uschar *malware_test_file = NULL;
uschar *real_sender_address;
uschar *originator_home = US"/";
+size_t sz;
void *reset_point;
struct passwd *pw;
int passed_qr_pipe = -1;
gid_t group_list[NGROUPS_MAX];
+/* For the -bI: flag */
+enum commandline_info info_flag = CMDINFO_NONE;
+BOOL info_stdout = FALSE;
+
/* Possible options for -R and -S */
static uschar *rsopts[] = { US"f", US"ff", US"r", US"rf", US"rff" };
switch(switchchar)
{
+
+ /* sendmail uses -Ac and -Am to control which .cf file is used;
+ we ignore them. */
+ case 'A':
+ if (*argrest == '\0') { badarg = TRUE; break; }
+ else
+ {
+ BOOL ignore = FALSE;
+ switch (*argrest)
+ {
+ case 'c':
+ case 'm':
+ if (*(argrest + 1) == '\0')
+ ignore = TRUE;
+ break;
+ }
+ if (!ignore) { badarg = TRUE; break; }
+ }
+ break;
+
/* -Btype is a sendmail option for 7bit/8bit setting. Exim is 8-bit clean
so has no need of it. */
else if (Ustrcmp(argrest, "i") == 0) bi_option = TRUE;
+ /* -bI: provide information, of the type to follow after a colon.
+ This is an Exim flag. */
+
+ else if (argrest[0] == 'I' && Ustrlen(argrest) >= 2 && argrest[1] == ':')
+ {
+ uschar *p = &argrest[2];
+ info_flag = CMDINFO_HELP;
+ if (Ustrlen(p))
+ {
+ if (strcmpic(p, CUS"sieve") == 0)
+ {
+ info_flag = CMDINFO_SIEVE;
+ info_stdout = TRUE;
+ }
+ else if (strcmpic(p, CUS"dscp") == 0)
+ {
+ info_flag = CMDINFO_DSCP;
+ info_stdout = TRUE;
+ }
+ else if (strcmpic(p, CUS"help") == 0)
+ {
+ info_stdout = TRUE;
+ }
+ }
+ }
+
/* -bm: Accept and deliver message - the default option. Reinstate
receiving_message, which got turned off for all -b options. */
}
break;
- /* This is some Sendmail thing which can be ignored */
+ /* -G: sendmail invocation to specify that it's a gateway submission and
+ sendmail may complain about problems instead of fixing them.
+ We make it equivalent to an ACL "control = suppress_local_fixups" and do
+ not at this time complain about problems. */
case 'G':
+ flag_G = TRUE;
break;
/* -h: Set the hop count for an incoming message. Exim does not currently
break;
+ /* -L: set the identifier used for syslog; equivalent to setting
+ syslog_processname in the config file, but needs to be an admin option. */
+
+ case 'L':
+ if (*argrest == '\0')
+ {
+ if(++i < argc) argrest = argv[i]; else
+ { badarg = TRUE; break; }
+ }
+ sz = Ustrlen(argrest);
+ if (sz > 32)
+ {
+ fprintf(stderr, "exim: the -L syslog name is too long: \"%s\"\n", argrest);
+ return EXIT_FAILURE;
+ }
+ if (sz < 1)
+ {
+ fprintf(stderr, "exim: the -L syslog name is too short\n");
+ return EXIT_FAILURE;
+ }
+ cmdline_syslog_name = argrest;
+ break;
+
case 'M':
receiving_message = FALSE;
break;
- /* -n: This means "don't alias" in sendmail, apparently. Just ignore
- it. */
+ /* -n: This means "don't alias" in sendmail, apparently.
+ For normal invocations, it has no effect.
+ It may affect some other options. */
case 'n':
+ flag_n = TRUE;
break;
/* -O: Just ignore it. In sendmail, apparently -O option=value means set
/* -tls-on-connect: don't wait for STARTTLS (for old clients) */
#ifdef SUPPORT_TLS
- else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_on_connect = TRUE;
+ else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_in.on_connect = TRUE;
#endif
else badarg = TRUE;
if (*argrest != 0) badarg = TRUE;
break;
+ /* -X: in sendmail: takes one parameter, logfile, and sends debugging
+ logs to that file. We swallow the parameter and otherwise ignore it. */
+
+ case 'X':
+ if (*argrest == '\0')
+ {
+ if (++i >= argc)
+ {
+ fprintf(stderr, "exim: string expected after -X\n");
+ exit(EXIT_FAILURE);
+ }
+ }
+ break;
+
/* All other initial characters are errors */
default:
readconf_main();
+/* If an action on specific messages is requested, or if a daemon or queue
+runner is being started, we need to know if Exim was called by an admin user.
+This is the case if the real user is root or exim, or if the real group is
+exim, or if one of the supplementary groups is exim or a group listed in
+admin_groups. We don't fail all message actions immediately if not admin_user,
+since some actions can be performed by non-admin users. Instead, set admin_user
+for later interrogation. */
+
+if (real_uid == root_uid || real_uid == exim_uid || real_gid == exim_gid)
+ admin_user = TRUE;
+else
+ {
+ int i, j;
+ for (i = 0; i < group_count; i++)
+ {
+ if (group_list[i] == exim_gid) admin_user = TRUE;
+ else if (admin_groups != NULL)
+ {
+ for (j = 1; j <= (int)(admin_groups[0]); j++)
+ if (admin_groups[j] == group_list[i])
+ { admin_user = TRUE; break; }
+ }
+ if (admin_user) break;
+ }
+ }
+
+/* Another group of privileged users are the trusted users. These are root,
+exim, and any caller matching trusted_users or trusted_groups. Trusted callers
+are permitted to specify sender_addresses with -f on the command line, and
+other message parameters as well. */
+
+if (real_uid == root_uid || real_uid == exim_uid)
+ trusted_caller = TRUE;
+else
+ {
+ int i, j;
+
+ if (trusted_users != NULL)
+ {
+ for (i = 1; i <= (int)(trusted_users[0]); i++)
+ if (trusted_users[i] == real_uid)
+ { trusted_caller = TRUE; break; }
+ }
+
+ if (!trusted_caller && trusted_groups != NULL)
+ {
+ for (i = 1; i <= (int)(trusted_groups[0]); i++)
+ {
+ if (trusted_groups[i] == real_gid)
+ trusted_caller = TRUE;
+ else for (j = 0; j < group_count; j++)
+ {
+ if (trusted_groups[i] == group_list[j])
+ { trusted_caller = TRUE; break; }
+ }
+ if (trusted_caller) break;
+ }
+ }
+ }
+
/* Handle the decoding of logging options. */
decode_bits(&log_write_selector, &log_extra_selector, 0, 0,
}
}
+/* See if an admin user overrode our logging. */
+
+if (cmdline_syslog_name != NULL)
+ {
+ if (admin_user)
+ {
+ syslog_processname = cmdline_syslog_name;
+ log_file_path = string_copy(CUS"syslog");
+ }
+ else
+ {
+ /* not a panic, non-privileged users should not be able to spam paniclog */
+ fprintf(stderr,
+ "exim: you lack sufficient privilege to specify syslog process name\n");
+ return EXIT_FAILURE;
+ }
+ }
+
/* Paranoia check of maximum lengths of certain strings. There is a check
on the length of the log file path in log.c, which will come into effect
if there are any calls to write the log earlier than this. However, if we
{
int i;
uschar *p = big_buffer;
- Ustrcpy(p, "cwd=");
- (void)getcwd(CS p+4, big_buffer_size - 4);
+ char * dummy;
+ Ustrcpy(p, "cwd= (failed)");
+ dummy = /* quieten compiler */ getcwd(CS p+4, big_buffer_size - 4);
while (*p) p++;
(void)string_format(p, big_buffer_size - (p - big_buffer), " %d args:", argc);
while (*p) p++;
if (Uchdir(spool_directory) != 0)
{
+ int dummy;
(void)directory_make(spool_directory, US"", SPOOL_DIRECTORY_MODE, FALSE);
- (void)Uchdir(spool_directory);
+ dummy = /* quieten compiler */ Uchdir(spool_directory);
}
/* Handle calls with the -bi option. This is a sendmail option to rebuild *the*
}
}
-/* If an action on specific messages is requested, or if a daemon or queue
-runner is being started, we need to know if Exim was called by an admin user.
-This is the case if the real user is root or exim, or if the real group is
-exim, or if one of the supplementary groups is exim or a group listed in
-admin_groups. We don't fail all message actions immediately if not admin_user,
-since some actions can be performed by non-admin users. Instead, set admin_user
-for later interrogation. */
-
-if (real_uid == root_uid || real_uid == exim_uid || real_gid == exim_gid)
- admin_user = TRUE;
-else
- {
- int i, j;
- for (i = 0; i < group_count; i++)
- {
- if (group_list[i] == exim_gid) admin_user = TRUE;
- else if (admin_groups != NULL)
- {
- for (j = 1; j <= (int)(admin_groups[0]); j++)
- if (admin_groups[j] == group_list[i])
- { admin_user = TRUE; break; }
- }
- if (admin_user) break;
- }
- }
-
-/* Another group of privileged users are the trusted users. These are root,
-exim, and any caller matching trusted_users or trusted_groups. Trusted callers
-are permitted to specify sender_addresses with -f on the command line, and
-other message parameters as well. */
-
-if (real_uid == root_uid || real_uid == exim_uid)
- trusted_caller = TRUE;
-else
- {
- int i, j;
-
- if (trusted_users != NULL)
- {
- for (i = 1; i <= (int)(trusted_users[0]); i++)
- if (trusted_users[i] == real_uid)
- { trusted_caller = TRUE; break; }
- }
-
- if (!trusted_caller && trusted_groups != NULL)
- {
- for (i = 1; i <= (int)(trusted_groups[0]); i++)
- {
- if (trusted_groups[i] == real_gid)
- trusted_caller = TRUE;
- else for (j = 0; j < group_count; j++)
- {
- if (trusted_groups[i] == group_list[j])
- { trusted_caller = TRUE; break; }
- }
- if (trusted_caller) break;
- }
- }
- }
+/* We moved the admin/trusted check to be immediately after reading the
+configuration file. We leave these prints here to ensure that syslog setup,
+logfile setup, and so on has already happened. */
if (trusted_caller) DEBUG(D_any) debug_printf("trusted user\n");
if (admin_user) DEBUG(D_any) debug_printf("admin user\n");
interface_port = check_port(interface_address);
}
+/* If the caller is trusted, then they can use -G to suppress_local_fixups. */
+if (flag_G)
+ {
+ if (trusted_caller)
+ {
+ suppress_local_fixups = suppress_local_fixups_default = TRUE;
+ DEBUG(D_acl) debug_printf("suppress_local_fixups forced on by -G\n");
+ }
+ else
+ {
+ fprintf(stderr, "exim: permission denied (-G requires a trusted user)\n");
+ return EXIT_FAILURE;
+ }
+ }
+
/* If an SMTP message is being received check to see if the standard input is a
TCP/IP socket. If it is, we assume that Exim was called from inetd if the
caller is root or the Exim user, or if the port is a privileged one. Otherwise,
interface_address = host_ntoa(-1, &interface_sock, NULL,
&interface_port);
- if (host_is_tls_on_connect_port(interface_port)) tls_on_connect = TRUE;
+ if (host_is_tls_on_connect_port(interface_port)) tls_in.on_connect = TRUE;
if (real_uid == root_uid || real_uid == exim_uid || interface_port < 1024)
{
}
/* Handle a request to list one or more configuration options */
+/* If -n was set, we suppress some information */
if (list_options)
{
set_process_info("listing variables");
- if (recipients_arg >= argc) readconf_print(US"all", NULL);
+ if (recipients_arg >= argc) readconf_print(US"all", NULL, flag_n);
else for (i = recipients_arg; i < argc; i++)
{
if (i < argc - 1 &&
Ustrcmp(argv[i], "authenticator") == 0 ||
Ustrcmp(argv[i], "macro") == 0))
{
- readconf_print(argv[i+1], argv[i]);
+ readconf_print(argv[i+1], argv[i], flag_n);
i++;
}
- else readconf_print(argv[i], NULL);
+ else readconf_print(argv[i], NULL, flag_n);
}
exim_exit(EXIT_SUCCESS);
}
/* Arrange for message reception if recipients or SMTP were specified;
otherwise complain unless a version print (-bV) happened or this is a filter
-verification test. In the former case, show the configuration file name. */
+verification test or info dump.
+In the former case, show the configuration file name. */
if (recipients_arg >= argc && !extract_recipients && !smtp_input)
{
return EXIT_SUCCESS;
}
+ if (info_flag != CMDINFO_NONE)
+ {
+ show_exim_information(info_flag, info_stdout ? stdout : stderr);
+ return info_stdout ? EXIT_SUCCESS : EXIT_FAILURE;
+ }
+
if (filter_test == FTEST_NONE)
exim_usage(called_as);
}
if (ftest_prefix != NULL) printf("Prefix = %s\n", ftest_prefix);
if (ftest_suffix != NULL) printf("Suffix = %s\n", ftest_suffix);
- (void)chdir("/"); /* Get away from wherever the user is running this from */
+ if (chdir("/")) /* Get away from wherever the user is running this from */
+ {
+ DEBUG(D_receive) debug_printf("chdir(\"/\") failed\n");
+ exim_exit(EXIT_FAILURE);
+ }
/* Now we run either a system filter test, or a user filter test, or both.
In the latter case, headers added by the system filter will persist and be
#define UCHAR_MAX 255
#endif
+
+/* To match int_eximarith_t. Define in OS/os.h-<your-system> to override. */
+#ifndef EXIM_ARITH_MAX
+# define EXIM_ARITH_MAX ((int_eximarith_t)9223372036854775807LL)
+#endif
+#ifndef EXIM_ARITH_MIN
+# define EXIM_ARITH_MIN (-EXIM_ARITH_MAX - 1)
+#endif
+
/* Some systems have PATH_MAX and some have MAX_PATH_LEN. */
#ifndef PATH_MAX
#define T_ZNS (-1)
#define T_MXH (-2)
#define T_CSA (-3)
+#define T_APL (-4)
/* The resolv.h header defines __P(x) on some Solaris 2.5.1 systems (without
checking that it is already defined, in fact). This conflicts with other
#ifndef DISABLE_DKIM
#include "dkim.h"
#endif
+#ifdef EXPERIMENTAL_DMARC
+#include "dmarc.h"
+#include <opendmarc/dmarc.h>
+#endif
/* The following stuff must follow the inclusion of config.h because it
requires various things that are set therein. */
struct stat strestore;
struct utimbuf ut;
stat(filename, &strestore);
- (void)system(command);
+ i = system(command);
ut.actime = strestore.st_atime;
ut.modtime = strestore.st_mtime;
utime(filename, &ut);
}
-else (void)system(command);
+else i = system(command);
+
+if(i && !quiet) printf("warning: nonzero status %d\n", i);
/* Remove the locks and exit. Unlink the /tmp file if we can get an exclusive
lock on the mailbox. This should be a non-blocking lock call, as there is no
# 2007-09-20 V1.60 Heiko Schlittermann
# Fix for misinterpreted log lines
#
+# 2013-01-14 V1.61 Steve Campbell
+# Watch out for senders sending "HELO [IpAddr]"
#
#
# For documentation on the logfile format, see
@days_per_month = (0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334);
$gig = 1024 * 1024 * 1024;
-$VERSION = '1.60';
+$VERSION = '1.61';
# How much space do we allow for the Hosts/Domains/Emails/Edomains column headers?
$COLUMN_WIDTHS = 8;
# "H=Host (UnverifiedHost) [IpAddr]" or "H=(UnverifiedHost) [IpAddr]".
# We do 2 separate matches to keep the matches simple and fast.
# Host is local unless otherwise specified.
- $ip = (/\\bH=.*?(\\[[^]]+\\])/) ? $1
+ # Watch out for "H=([IpAddr])" in case they send "[IpAddr]" as their HELO!
+ $ip = (/\\bH=(?:|.*? )(\\[[^]]+\\])/) ? $1
# 2008-03-31 06:25:22 Connection from [213.246.33.217]:39456 refused: too many connections from that IP address // .hs
: (/Connection from (\[\S+\])/) ? $1
# 2008-03-31 06:52:40 SMTP call from mail.cacoshrf.com (ccsd02.ccsd.local) [69.24.118.229]:4511 dropped: too many nonmail commands (last was "RSET") // .hs
alphabetical order. */
static uschar *item_table[] = {
+ US"acl",
US"dlfunc",
US"extract",
US"filter",
US"tr" };
enum {
+ EITEM_ACL,
EITEM_DLFUNC,
EITEM_EXTRACT,
EITEM_FILTER,
US"h",
US"hash",
US"hex2b64",
+ US"hexquote",
US"l",
US"lc",
US"length",
+ US"listcount",
+ US"listnamed",
US"mask",
US"md5",
US"nh",
EOP_H,
EOP_HASH,
EOP_HEX2B64,
+ EOP_HEXQUOTE,
EOP_L,
EOP_LC,
EOP_LENGTH,
+ EOP_LISTCOUNT,
+ EOP_LISTNAMED,
EOP_MASK,
EOP_MD5,
EOP_NH,
US"==", /* Backward compatibility */
US">",
US">=",
+ US"acl",
US"and",
US"bool",
US"bool_lax",
ECOND_NUM_EE,
ECOND_NUM_G,
ECOND_NUM_GE,
+ ECOND_ACL,
ECOND_AND,
ECOND_BOOL,
ECOND_BOOL_LAX,
vtype_ino, /* value is address of ino_t (not always an int) */
vtype_uid, /* value is address of uid_t (not always an int) */
vtype_gid, /* value is address of gid_t (not always an int) */
+ vtype_bool, /* value is address of bool */
vtype_stringptr, /* value is address of pointer to string */
vtype_msgbody, /* as stringptr, but read when first required */
vtype_msgbody_end, /* ditto, the end of the message */
vtype_msgheaders_raw, /* the message's headers, unprocessed */
vtype_localpart, /* extract local part from string */
vtype_domain, /* extract domain from string */
- vtype_recipients, /* extract recipients from recipients list */
- /* (available only in system filters, ACLs, and */
- /* local_scan()) */
+ vtype_string_func, /* value is string returned by given function */
vtype_todbsdin, /* value not used; generate BSD inbox tod */
vtype_tode, /* value not used; generate tod in epoch format */
vtype_todel, /* value not used; generate tod in epoch/usec format */
#endif
};
+static uschar * fn_recipients(void);
+
/* This table must be kept in alphabetical order. */
static var_entry var_table[] = {
/* WARNING: Do not invent variables whose names start acl_c or acl_m because
they will be confused with user-creatable ACL variables. */
+ { "acl_arg1", vtype_stringptr, &acl_arg[0] },
+ { "acl_arg2", vtype_stringptr, &acl_arg[1] },
+ { "acl_arg3", vtype_stringptr, &acl_arg[2] },
+ { "acl_arg4", vtype_stringptr, &acl_arg[3] },
+ { "acl_arg5", vtype_stringptr, &acl_arg[4] },
+ { "acl_arg6", vtype_stringptr, &acl_arg[5] },
+ { "acl_arg7", vtype_stringptr, &acl_arg[6] },
+ { "acl_arg8", vtype_stringptr, &acl_arg[7] },
+ { "acl_arg9", vtype_stringptr, &acl_arg[8] },
+ { "acl_narg", vtype_int, &acl_narg },
{ "acl_verify_message", vtype_stringptr, &acl_verify_message },
{ "address_data", vtype_stringptr, &deliver_address_data },
{ "address_file", vtype_stringptr, &address_file },
{ "dkim_signers", vtype_stringptr, &dkim_signers },
{ "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON },
{ "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS},
+#endif
+#ifdef EXPERIMENTAL_DMARC
+ { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header },
+ { "dmarc_status", vtype_stringptr, &dmarc_status },
+ { "dmarc_status_text", vtype_stringptr, &dmarc_status_text },
+ { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain },
#endif
{ "dnslist_domain", vtype_stringptr, &dnslist_domain },
{ "dnslist_matched", vtype_stringptr, &dnslist_matched },
#ifdef WITH_OLD_DEMIME
{ "found_extension", vtype_stringptr, &found_extension },
#endif
+ { "headers_added", vtype_string_func, &fn_hdrs_added },
{ "home", vtype_stringptr, &deliver_home },
{ "host", vtype_stringptr, &deliver_host },
{ "host_address", vtype_stringptr, &deliver_host_address },
{ "received_time", vtype_int, &received_time },
{ "recipient_data", vtype_stringptr, &recipient_data },
{ "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure },
- { "recipients", vtype_recipients, NULL },
+ { "recipients", vtype_string_func, &fn_recipients },
{ "recipients_count", vtype_int, &recipients_count },
#ifdef WITH_CONTENT_SCAN
{ "regex_match_string", vtype_stringptr, ®ex_match_string },
{ "reply_address", vtype_reply, NULL },
{ "return_path", vtype_stringptr, &return_path },
{ "return_size_limit", vtype_int, &bounce_return_size_limit },
+ { "router_name", vtype_stringptr, &router_name },
{ "runrc", vtype_int, &runrc },
{ "self_hostname", vtype_stringptr, &self_hostname },
{ "sender_address", vtype_stringptr, &sender_address },
{ "sender_helo_name", vtype_stringptr, &sender_helo_name },
{ "sender_host_address", vtype_stringptr, &sender_host_address },
{ "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated },
+ { "sender_host_dnssec", vtype_bool, &sender_host_dnssec },
{ "sender_host_name", vtype_host_lookup, NULL },
{ "sender_host_port", vtype_int, &sender_host_port },
{ "sender_ident", vtype_stringptr, &sender_ident },
{ "srs_status", vtype_stringptr, &srs_status },
#endif
{ "thisaddress", vtype_stringptr, &filter_thisaddress },
- { "tls_bits", vtype_int, &tls_bits },
- { "tls_certificate_verified", vtype_int, &tls_certificate_verified },
- { "tls_cipher", vtype_stringptr, &tls_cipher },
- { "tls_peerdn", vtype_stringptr, &tls_peerdn },
-#ifdef SUPPORT_TLS
- { "tls_sni", vtype_stringptr, &tls_sni },
+
+ /* The non-(in,out) variables are now deprecated */
+ { "tls_bits", vtype_int, &tls_in.bits },
+ { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified },
+ { "tls_cipher", vtype_stringptr, &tls_in.cipher },
+
+ { "tls_in_bits", vtype_int, &tls_in.bits },
+ { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified },
+ { "tls_in_cipher", vtype_stringptr, &tls_in.cipher },
+ { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn },
+#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+ { "tls_in_sni", vtype_stringptr, &tls_in.sni },
#endif
+ { "tls_out_bits", vtype_int, &tls_out.bits },
+ { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified },
+ { "tls_out_cipher", vtype_stringptr, &tls_out.cipher },
+ { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn },
+#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+ { "tls_out_sni", vtype_stringptr, &tls_out.sni },
+#endif
+
+ { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */
+#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+ { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */
+#endif
+
{ "tod_bsdinbox", vtype_todbsdin, NULL },
{ "tod_epoch", vtype_tode, NULL },
{ "tod_epoch_l", vtype_todel, NULL },
{ "tod_logfile", vtype_todlf, NULL },
{ "tod_zone", vtype_todzone, NULL },
{ "tod_zulu", vtype_todzulu, NULL },
+ { "transport_name", vtype_stringptr, &transport_name },
{ "value", vtype_stringptr, &lookup_value },
{ "version_number", vtype_stringptr, &version_string },
{ "warn_message_delay", vtype_stringptr, &warnmsg_delay },
/* This function is called to expand a string, and test the result for a "true"
or "false" value. Failure of the expansion yields FALSE; logged unless it was a
-forced fail or lookup defer. All store used by the function can be released on
-exit.
+forced fail or lookup defer.
+
+We used to release all store used, but this is not not safe due
+to ${dlfunc } and ${acl }. In any case expand_string_internal()
+is reasonably careful to release what it can.
The actual false-value tests should be replicated for ECOND_BOOL_LAX.
expand_check_condition(uschar *condition, uschar *m1, uschar *m2)
{
int rc;
-void *reset_point = store_get(0);
uschar *ss = expand_string(condition);
if (ss == NULL)
{
}
rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 &&
strcmpic(ss, US"false") != 0;
-store_reset(reset_point);
return rc;
}
+/*************************************************
+* Return list of recipients *
+*************************************************/
+/* A recipients list is available only during system message filtering,
+during ACL processing after DATA, and while expanding pipe commands
+generated from a system filter, but not elsewhere. */
+
+static uschar *
+fn_recipients(void)
+{
+if (!enable_dollar_recipients) return NULL; else
+ {
+ int size = 128;
+ int ptr = 0;
+ int i;
+ uschar * s = store_get(size);
+ for (i = 0; i < recipients_count; i++)
+ {
+ if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
+ s = string_cat(s, &size, &ptr, recipients_list[i].address,
+ Ustrlen(recipients_list[i].address));
+ }
+ s[ptr] = 0; /* string_cat() leaves room */
+ return s;
+ }
+}
+
+
/*************************************************
* Find value of a variable *
*************************************************/
sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */
return var_buffer;
+ case vtype_bool:
+ sprintf(CS var_buffer, "%s", *(BOOL *)(var_table[middle].value) ? "yes" : "no"); /* bool */
+ return var_buffer;
+
case vtype_stringptr: /* Pointer to string */
s = *((uschar **)(var_table[middle].value));
return (s == NULL)? US"" : s;
}
return (s == NULL)? US"" : s;
- /* A recipients list is available only during system message filtering,
- during ACL processing after DATA, and while expanding pipe commands
- generated from a system filter, but not elsewhere. */
-
- case vtype_recipients:
- if (!enable_dollar_recipients) return NULL; else
+ case vtype_string_func:
{
- int size = 128;
- int ptr = 0;
- int i;
- s = store_get(size);
- for (i = 0; i < recipients_count; i++)
- {
- if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
- s = string_cat(s, &size, &ptr, recipients_list[i].address,
- Ustrlen(recipients_list[i].address));
- }
- s[ptr] = 0; /* string_cat() leaves room */
+ uschar * (*fn)() = var_table[middle].value;
+ return fn();
}
- return s;
case vtype_pspace:
{
+void
+modify_variable(uschar *name, void * value)
+{
+int first = 0;
+int last = var_table_size;
+
+while (last > first)
+ {
+ int middle = (first + last)/2;
+ int c = Ustrcmp(name, var_table[middle].name);
+
+ if (c > 0) { first = middle + 1; continue; }
+ if (c < 0) { last = middle; continue; }
+
+ /* Found an existing variable; change the item it refers to */
+ var_table[middle].value = value;
+ return;
+ }
+return; /* Unknown variable name, fail silently */
+}
+
+
+
+
+
/*************************************************
* Read and expand substrings *
*************************************************/
+/*
+Load args from sub array to globals, and call acl_check().
+Sub array will be corrupted on return.
+
+Returns: OK access is granted by an ACCEPT verb
+ DISCARD access is granted by a DISCARD verb
+ FAIL access is denied
+ FAIL_DROP access is denied; drop the connection
+ DEFER can't tell at the moment
+ ERROR disaster
+*/
+static int
+eval_acl(uschar ** sub, int nsub, uschar ** user_msgp)
+{
+int i;
+uschar *tmp;
+int sav_narg = acl_narg;
+int ret;
+extern int acl_where;
+
+if(--nsub > sizeof(acl_arg)/sizeof(*acl_arg)) nsub = sizeof(acl_arg)/sizeof(*acl_arg);
+for (i = 0; i < nsub && sub[i+1]; i++)
+ {
+ tmp = acl_arg[i];
+ acl_arg[i] = sub[i+1]; /* place callers args in the globals */
+ sub[i+1] = tmp; /* stash the old args using our caller's storage */
+ }
+acl_narg = i;
+while (i < nsub)
+ {
+ sub[i+1] = acl_arg[i];
+ acl_arg[i++] = NULL;
+ }
+
+DEBUG(D_expand)
+ debug_printf("expanding: acl: %s arg: %s%s\n",
+ sub[0],
+ acl_narg>0 ? sub[1] : US"<none>",
+ acl_narg>1 ? " +more" : "");
+
+ret = acl_eval(acl_where, sub[0], user_msgp, &tmp);
+
+for (i = 0; i < nsub; i++)
+ acl_arg[i] = sub[i+1]; /* restore old args */
+acl_narg = sav_narg;
+
+return ret;
+}
+
+
+
+
/*************************************************
* Read and evaluate a condition *
*************************************************/
int_eximarith_t num[2];
struct stat statbuf;
uschar name[256];
-uschar *sub[4];
+uschar *sub[10];
const pcre *re;
const uschar *rerror;
Ustrncmp(name, "bheader_", 8) == 0)
{
s = read_header_name(name, 256, s);
+ /* {-for-text-editors */
if (Ustrchr(name, '}') != NULL) malformed_header = TRUE;
if (yield != NULL) *yield =
(find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor;
case ECOND_PWCHECK:
while (isspace(*s)) s++;
- if (*s != '{') goto COND_FAILED_CURLY_START;
+ if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE);
if (sub[0] == NULL) return NULL;
+ /* {-for-text-editors */
if (*s++ != '}') goto COND_FAILED_CURLY_END;
if (yield == NULL) return s; /* No need to run the test if skipping */
return s;
+ /* call ACL (in a conditional context). Accept true, deny false.
+ Defer is a forced-fail. Anything set by message= goes to $value.
+ Up to ten parameters are used; we use the braces round the name+args
+ like the saslauthd condition does, to permit a variable number of args.
+ See also the expansion-item version EITEM_ACL and the traditional
+ acl modifier ACLC_ACL.
+ */
+
+ case ECOND_ACL:
+ /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */
+ {
+ uschar *user_msg;
+ BOOL cond = FALSE;
+ int size = 0;
+ int ptr = 0;
+
+ while (isspace(*s)) s++;
+ if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/
+
+ switch(read_subs(sub, sizeof(sub)/sizeof(*sub), 1,
+ &s, yield == NULL, TRUE, US"acl"))
+ {
+ case 1: expand_string_message = US"too few arguments or bracketing "
+ "error for acl";
+ case 2:
+ case 3: return NULL;
+ }
+
+ if (yield != NULL) switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg))
+ {
+ case OK:
+ cond = TRUE;
+ case FAIL:
+ lookup_value = NULL;
+ if (user_msg)
+ {
+ lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg));
+ lookup_value[ptr] = '\0';
+ }
+ *yield = cond == testfor;
+ break;
+
+ case DEFER:
+ expand_string_forcedfail = TRUE;
+ default:
+ expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
+ return NULL;
+ }
+ return s;
+ }
+
+
/* saslauthd: does Cyrus saslauthd authentication. Four parameters are used:
${if saslauthd {{username}{password}{service}{realm}} {yes}[no}}
However, the last two are optional. That is why the whole set is enclosed
- in their own set or braces. */
+ in their own set of braces. */
case ECOND_SASLAUTHD:
#ifndef CYRUS_SASLAUTHD_SOCKET
goto COND_FAILED_NOT_COMPILED;
#else
while (isspace(*s)) s++;
- if (*s++ != '{') goto COND_FAILED_CURLY_START;
+ if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd"))
{
case 1: expand_string_message = US"too few arguments or bracketing "
{
case ECOND_NUM_E:
case ECOND_NUM_EE:
- *yield = (num[0] == num[1]) == testfor;
+ tempcond = (num[0] == num[1]);
break;
case ECOND_NUM_G:
- *yield = (num[0] > num[1]) == testfor;
+ tempcond = (num[0] > num[1]);
break;
case ECOND_NUM_GE:
- *yield = (num[0] >= num[1]) == testfor;
+ tempcond = (num[0] >= num[1]);
break;
case ECOND_NUM_L:
- *yield = (num[0] < num[1]) == testfor;
+ tempcond = (num[0] < num[1]);
break;
case ECOND_NUM_LE:
- *yield = (num[0] <= num[1]) == testfor;
+ tempcond = (num[0] <= num[1]);
break;
case ECOND_STR_LT:
- *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor;
+ tempcond = (Ustrcmp(sub[0], sub[1]) < 0);
break;
case ECOND_STR_LTI:
- *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor;
+ tempcond = (strcmpic(sub[0], sub[1]) < 0);
break;
case ECOND_STR_LE:
- *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor;
+ tempcond = (Ustrcmp(sub[0], sub[1]) <= 0);
break;
case ECOND_STR_LEI:
- *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor;
+ tempcond = (strcmpic(sub[0], sub[1]) <= 0);
break;
case ECOND_STR_EQ:
- *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor;
+ tempcond = (Ustrcmp(sub[0], sub[1]) == 0);
break;
case ECOND_STR_EQI:
- *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor;
+ tempcond = (strcmpic(sub[0], sub[1]) == 0);
break;
case ECOND_STR_GT:
- *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor;
+ tempcond = (Ustrcmp(sub[0], sub[1]) > 0);
break;
case ECOND_STR_GTI:
- *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor;
+ tempcond = (strcmpic(sub[0], sub[1]) > 0);
break;
case ECOND_STR_GE:
- *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor;
+ tempcond = (Ustrcmp(sub[0], sub[1]) >= 0);
break;
case ECOND_STR_GEI:
- *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor;
+ tempcond = (strcmpic(sub[0], sub[1]) >= 0);
break;
case ECOND_MATCH: /* Regular expression match */
"\"%s\": %s at offset %d", sub[1], rerror, roffset);
return NULL;
}
- *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor;
+ tempcond = regex_match_and_setup(re, sub[0], 0, -1);
break;
case ECOND_MATCH_ADDRESS: /* Match in an address list */
switch(rc)
{
case OK:
- *yield = testfor;
+ tempcond = TRUE;
break;
case FAIL:
- *yield = !testfor;
+ tempcond = FALSE;
break;
case DEFER:
/* Various "encrypted" comparisons. If the second string starts with
"{" then an encryption type is given. Default to crypt() or crypt16()
(build-time choice). */
+ /* }-for-text-editors */
case ECOND_CRYPTEQ:
#ifndef SUPPORT_CRYPTEQ
uschar *coded = auth_b64encode((uschar *)digest, 16);
DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
" subject=%s\n crypted=%s\n", coded, sub[1]+5);
- *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor;
+ tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
}
else if (sublen == 32)
{
coded[32] = 0;
DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n"
" subject=%s\n crypted=%s\n", coded, sub[1]+5);
- *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor;
+ tempcond = (strcmpic(coded, sub[1]+5) == 0);
}
else
{
DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: "
"fail\n crypted=%s\n", sub[1]+5);
- *yield = !testfor;
+ tempcond = FALSE;
}
}
uschar *coded = auth_b64encode((uschar *)digest, 20);
DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
" subject=%s\n crypted=%s\n", coded, sub[1]+6);
- *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor;
+ tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
}
else if (sublen == 40)
{
coded[40] = 0;
DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n"
" subject=%s\n crypted=%s\n", coded, sub[1]+6);
- *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor;
+ tempcond = (strcmpic(coded, sub[1]+6) == 0);
}
else
{
DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: "
"fail\n crypted=%s\n", sub[1]+6);
- *yield = !testfor;
+ tempcond = FALSE;
}
}
sub[1] += 9;
which = 2;
}
- else if (sub[1][0] == '{')
+ else if (sub[1][0] == '{') /* }-for-text-editors */
{
expand_string_message = string_sprintf("unknown encryption mechanism "
"in \"%s\"", sub[1]);
salt), force failure. Otherwise we get false positives: with an empty
string the yield of crypt() is an empty string! */
- *yield = (Ustrlen(sub[1]) < 2)? !testfor :
- (Ustrcmp(coded, sub[1]) == 0) == testfor;
+ tempcond = (Ustrlen(sub[1]) < 2)? FALSE :
+ (Ustrcmp(coded, sub[1]) == 0);
}
break;
#endif /* SUPPORT_CRYPTEQ */
case ECOND_INLISTI:
{
int sep = 0;
- BOOL found = FALSE;
uschar *save_iterate_item = iterate_item;
int (*compare)(const uschar *, const uschar *);
+ tempcond = FALSE;
if (cond_type == ECOND_INLISTI)
compare = strcmpic;
else
while ((iterate_item = string_nextinlist(&sub[1], &sep, NULL, 0)) != NULL)
if (compare(sub[0], iterate_item) == 0)
{
- found = TRUE;
+ tempcond = TRUE;
break;
}
iterate_item = save_iterate_item;
- *yield = found;
}
} /* Switch for comparison conditions */
+ *yield = tempcond == testfor;
return s; /* End of comparison conditions */
combined_cond = (cond_type == ECOND_AND);
while (isspace(*s)) s++;
- if (*s++ != '{') goto COND_FAILED_CURLY_START;
+ if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
for (;;)
{
while (isspace(*s)) s++;
+ /* {-for-text-editors */
if (*s == '}') break;
- if (*s != '{')
+ if (*s != '{') /* }-for-text-editors */
{
expand_string_message = string_sprintf("each subcondition "
"inside an \"%s{...}\" condition must be in its own {}", name);
}
while (isspace(*s)) s++;
+ /* {-for-text-editors */
if (*s++ != '}')
{
+ /* {-for-text-editors */
expand_string_message = string_sprintf("missing } at end of condition "
"inside \"%s\" group", name);
return NULL;
uschar *save_iterate_item = iterate_item;
while (isspace(*s)) s++;
- if (*s++ != '{') goto COND_FAILED_CURLY_START;
+ if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE);
if (sub[0] == NULL) return NULL;
+ /* {-for-text-editors */
if (*s++ != '}') goto COND_FAILED_CURLY_END;
while (isspace(*s)) s++;
- if (*s++ != '{') goto COND_FAILED_CURLY_START;
+ if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
sub[1] = s;
}
while (isspace(*s)) s++;
+ /* {-for-text-editors */
if (*s++ != '}')
{
+ /* {-for-text-editors */
expand_string_message = string_sprintf("missing } at end of condition "
"inside \"%s\"", name);
return NULL;
size_t len;
BOOL boolvalue = FALSE;
while (isspace(*s)) s++;
- if (*s != '{') goto COND_FAILED_CURLY_START;
+ if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool";
switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname))
{
* can just let the other invalid results occur otherwise, as they have
* until now. For this one case, we can coerce.
*/
- if (y == -1 && x == LLONG_MIN && op != '*')
+ if (y == -1 && x == EXIM_ARITH_MIN && op != '*')
{
DEBUG(D_expand)
debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n",
- LLONG_MIN, op, LLONG_MAX);
- x = LLONG_MAX;
+ EXIM_ARITH_MIN, op, EXIM_ARITH_MAX);
+ x = EXIM_ARITH_MAX;
continue;
}
if (op == '*')
There's a problem if a ${dlfunc item has side-effects that cause allocation,
since resetting the store at the end of the expansion will free store that was
allocated by the plugin code as well as the slop after the expanded string. So
-we skip any resets if ${dlfunc has been used. This is an unfortunate
-consequence of string expansion becoming too powerful.
+we skip any resets if ${dlfunc has been used. The same applies for ${acl. This
+is an unfortunate consequence of string expansion becoming too powerful.
Arguments:
string the string to be expanded
switch(item_type)
{
+ /* Call an ACL from an expansion. We feed data in via $acl_arg1 - $acl_arg9.
+ If the ACL returns accept or reject we return content set by "message ="
+ There is currently no limit on recursion; this would have us call
+ acl_check_internal() directly and get a current level from somewhere.
+ See also the acl expansion condition ECOND_ACL and the traditional
+ acl modifier ACLC_ACL.
+ Assume that the function has side-effects on the store that must be preserved.
+ */
+
+ case EITEM_ACL:
+ /* ${acl {name} {arg1}{arg2}...} */
+ {
+ uschar *sub[10]; /* name + arg1-arg9 (which must match number of acl_arg[]) */
+ uschar *user_msg;
+
+ switch(read_subs(sub, 10, 1, &s, skipping, TRUE, US"acl"))
+ {
+ case 1: goto EXPAND_FAILED_CURLY;
+ case 2:
+ case 3: goto EXPAND_FAILED;
+ }
+ if (skipping) continue;
+
+ resetok = FALSE;
+ switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg))
+ {
+ case OK:
+ case FAIL:
+ if (user_msg)
+ yield = string_cat(yield, &size, &ptr, user_msg, Ustrlen(user_msg));
+ continue;
+
+ case DEFER:
+ expand_string_forcedfail = TRUE;
+ default:
+ expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]);
+ goto EXPAND_FAILED;
+ }
+ }
+
/* Handle conditionals - preserve the values of the numerical expansion
variables in case they get changed by a regular expression match in the
condition. If not, they retain their external settings. At the end
continue;
}
+ /* Convert octets outside 0x21..0x7E to \xXX form */
+
+ case EOP_HEXQUOTE:
+ {
+ uschar *t = sub - 1;
+ while (*(++t) != 0)
+ {
+ if (*t < 0x21 || 0x7E < *t)
+ yield = string_cat(yield, &size, &ptr,
+ string_sprintf("\\x%02x", *t), 4);
+ else
+ yield = string_cat(yield, &size, &ptr, t, 1);
+ }
+ continue;
+ }
+
+ /* count the number of list elements */
+
+ case EOP_LISTCOUNT:
+ {
+ int cnt = 0;
+ int sep = 0;
+ uschar * cp;
+ uschar buffer[256];
+
+ while (string_nextinlist(&sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++;
+ cp = string_sprintf("%d", cnt);
+ yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
+ continue;
+ }
+
+ /* expand a named list given the name */
+ /* handles nested named lists; requotes as colon-sep list */
+
+ case EOP_LISTNAMED:
+ {
+ tree_node *t = NULL;
+ uschar * list;
+ int sep = 0;
+ uschar * item;
+ uschar * suffix = US"";
+ BOOL needsep = FALSE;
+ uschar buffer[256];
+
+ if (*sub == '+') sub++;
+ if (arg == NULL) /* no-argument version */
+ {
+ if (!(t = tree_search(addresslist_anchor, sub)) &&
+ !(t = tree_search(domainlist_anchor, sub)) &&
+ !(t = tree_search(hostlist_anchor, sub)))
+ t = tree_search(localpartlist_anchor, sub);
+ }
+ else switch(*arg) /* specific list-type version */
+ {
+ case 'a': t = tree_search(addresslist_anchor, sub); suffix = US"_a"; break;
+ case 'd': t = tree_search(domainlist_anchor, sub); suffix = US"_d"; break;
+ case 'h': t = tree_search(hostlist_anchor, sub); suffix = US"_h"; break;
+ case 'l': t = tree_search(localpartlist_anchor, sub); suffix = US"_l"; break;
+ default:
+ expand_string_message = string_sprintf("bad suffix on \"list\" operator");
+ goto EXPAND_FAILED;
+ }
+
+ if(!t)
+ {
+ expand_string_message = string_sprintf("\"%s\" is not a %snamed list",
+ sub, !arg?""
+ : *arg=='a'?"address "
+ : *arg=='d'?"domain "
+ : *arg=='h'?"host "
+ : *arg=='l'?"localpart "
+ : 0);
+ goto EXPAND_FAILED;
+ }
+
+ list = ((namedlist_block *)(t->data.ptr))->string;
+
+ while ((item = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
+ {
+ uschar * buf = US" : ";
+ if (needsep)
+ yield = string_cat(yield, &size, &ptr, buf, 3);
+ else
+ needsep = TRUE;
+
+ if (*item == '+') /* list item is itself a named list */
+ {
+ uschar * sub = string_sprintf("${listnamed%s:%s}", suffix, item);
+ item = expand_string_internal(sub, FALSE, NULL, FALSE, TRUE);
+ }
+ else if (sep != ':') /* item from non-colon-sep list, re-quote for colon list-separator */
+ {
+ char * cp;
+ char tok[3];
+ tok[0] = sep; tok[1] = ':'; tok[2] = 0;
+ while ((cp= strpbrk((const char *)item, tok)))
+ {
+ yield = string_cat(yield, &size, &ptr, item, cp-(char *)item);
+ if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */
+ {
+ yield = string_cat(yield, &size, &ptr, US"::", 2);
+ item = (uschar *)cp;
+ }
+ else /* sep in item; should already be doubled; emit once */
+ {
+ yield = string_cat(yield, &size, &ptr, (uschar *)tok, 1);
+ if (*cp == sep) cp++;
+ item = (uschar *)cp;
+ }
+ }
+ }
+ yield = string_cat(yield, &size, &ptr, item, Ustrlen(item));
+ }
+ continue;
+ }
+
/* mask applies a mask to an IP address; for example the result of
${mask:131.111.10.206/28} is 131.111.10.192/28. */
}
else
{
- if (tolower(*endptr) == 'k')
+ switch (tolower(*endptr))
{
- if (value > LLONG_MAX/1024 || value < LLONG_MIN/1024) errno = ERANGE;
+ default:
+ break;
+ case 'k':
+ if (value > EXIM_ARITH_MAX/1024 || value < EXIM_ARITH_MIN/1024) errno = ERANGE;
else value *= 1024;
- endptr++;
- }
- else if (tolower(*endptr) == 'm')
- {
- if (value > LLONG_MAX/(1024*1024) || value < LLONG_MIN/(1024*1024))
- errno = ERANGE;
- else value *= 1024*1024;
- endptr++;
+ endptr++;
+ break;
+ case 'm':
+ if (value > EXIM_ARITH_MAX/(1024*1024) || value < EXIM_ARITH_MIN/(1024*1024)) errno = ERANGE;
+ else value *= 1024*1024;
+ endptr++;
+ break;
+ case 'g':
+ if (value > EXIM_ARITH_MAX/(1024*1024*1024) || value < EXIM_ARITH_MIN/(1024*1024*1024)) errno = ERANGE;
+ else value *= 1024*1024*1024;
+ endptr++;
+ break;
}
if (errno == ERANGE)
msg = US"absolute value of integer \"%s\" is too large (overflow)";
std_dh_prime_default(void);
extern const char *
std_dh_prime_named(const uschar *);
-extern int tls_client_start(int, host_item *, address_item *, uschar *,
+extern int tls_client_start(int, host_item *, address_item *,
uschar *, uschar *, uschar *, uschar *, uschar *, uschar *,
- int);
-extern void tls_close(BOOL);
+# ifdef EXPERIMENTAL_OCSP
+ uschar *,
+# endif
+ int, int);
+extern void tls_close(BOOL, BOOL);
extern int tls_feof(void);
extern int tls_ferror(void);
extern int tls_getc(void);
-extern int tls_read(uschar *, size_t);
+extern int tls_read(BOOL, uschar *, size_t);
extern int tls_server_start(const uschar *);
extern BOOL tls_smtp_buffered(void);
extern int tls_ungetc(int);
-extern int tls_write(const uschar *, size_t);
+extern int tls_write(BOOL, const uschar *, size_t);
extern uschar *tls_validate_require_cipher(void);
extern void tls_version_report(FILE *);
#ifndef USE_GNUTLS
extern acl_block *acl_read(uschar *(*)(void), uschar **);
extern int acl_check(int, uschar *, uschar *, uschar **, uschar **);
+extern int acl_eval(int, uschar *, uschar **, uschar **);
+
extern tree_node *acl_var_create(uschar *);
extern void acl_var_write(uschar *, uschar *, void *);
extern uschar *auth_b64encode(uschar *, int);
extern uschar *auth_xtextencode(uschar *, int);
extern int auth_xtextdecode(uschar *, uschar **);
+extern void cancel_cutthrough_connection(const char *);
extern int check_host(void *, uschar *, uschar **, uschar **);
extern uschar **child_exec_exim(int, BOOL, int *, BOOL, int, ...);
extern pid_t child_open_uid(uschar **, uschar **, int, uid_t *, gid_t *,
int *, int *, uschar *, BOOL);
+extern uschar *cutthrough_finaldot(void);
+extern BOOL cutthrough_flush_send(void);
+extern BOOL cutthrough_headers_send(void);
+extern BOOL cutthrough_predata(void);
+extern BOOL cutthrough_puts(uschar *, int);
+extern BOOL cutthrough_put_nl(void);
extern void daemon_go(void);
extern void decode_bits(unsigned int *, unsigned int *,
int, int, uschar *, bit_table *, int, uschar *, int);
extern address_item *deliver_make_addr(uschar *, BOOL);
+extern void delivery_log(int, address_item *, int, uschar *);
extern int deliver_message(uschar *, BOOL, BOOL);
extern void deliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2);
extern void deliver_set_expansions(address_item *);
extern void dns_build_reverse(uschar *, uschar *);
extern void dns_init(BOOL, BOOL);
extern int dns_basic_lookup(dns_answer *, uschar *, int);
+extern BOOL dns_is_secure(dns_answer *);
extern int dns_lookup(dns_answer *, uschar *, int, uschar **);
extern int dns_special_lookup(dns_answer *, uschar *, int, uschar **);
extern dns_record *dns_next_rr(dns_answer *, dns_scan *, int);
extern uschar *dns_text_type(int);
+extern void dscp_list_to_stream(FILE *);
+extern BOOL dscp_lookup(const uschar *, int, int *, int *, int *);
extern void enq_end(uschar *);
extern BOOL enq_start(uschar *);
extern uschar *expand_string(uschar *);
extern uschar *expand_string_copy(uschar *);
extern int_eximarith_t expand_string_integer(uschar *, BOOL);
+extern void modify_variable(uschar *, void *);
extern int filter_interpret(uschar *, int, address_item **, uschar **);
extern BOOL filter_personal(string_item *, BOOL);
extern BOOL filter_runtest(int, uschar *, BOOL, BOOL);
extern BOOL filter_system_interpret(address_item **, uschar **);
+extern uschar * fn_hdrs_added(void);
+
extern void header_add(int, const char *, ...);
extern int header_checkname(header_line *, BOOL);
extern BOOL header_match(uschar *, BOOL, BOOL, string_item *, int, ...);
extern void invert_address(uschar *, uschar *);
extern int ip_bind(int, int, uschar *, int);
extern int ip_connect(int, int, uschar *, int, int);
+extern int ip_get_address_family(int);
extern void ip_keepalive(int, uschar *, BOOL);
extern int ip_recv(int, uschar *, int, int);
extern int ip_socket(int, int);
extern uschar *local_part_quote(uschar *);
+extern int log_create(uschar *);
extern int log_create_as_exim(uschar *);
extern void log_close_all(void);
extern void moan_write_from(FILE *);
extern FILE *modefopen(const uschar *, const char *, mode_t);
+extern void open_cutthrough_connection( address_item * addr );
+
extern uschar *parse_extract_address(uschar *, uschar **, int *, int *, int *,
BOOL);
extern int parse_forward_list(uschar *, int, address_item **, uschar **,
driver_info *, int, void *, int, optionlist *, int);
extern uschar *readconf_find_option(void *);
extern void readconf_main(void);
-extern void readconf_print(uschar *, uschar *);
+extern void readconf_print(uschar *, uschar *, BOOL);
extern uschar *readconf_printtime(int);
extern uschar *readconf_readname(uschar *, int, uschar *);
extern int readconf_readtime(uschar *, int, BOOL);
extern BOOL retry_check_address(uschar *, host_item *, uschar *, BOOL,
uschar **, uschar **);
extern retry_config *retry_find_config(uschar *, uschar *, int, int);
+extern BOOL retry_ultimate_address_timeout(uschar *, uschar *,
+ dbdata_retry *, time_t);
extern void retry_update(address_item **, address_item **, address_item **);
extern uschar *rewrite_address(uschar *, BOOL, BOOL, rewrite_rule *, int);
extern uschar *rewrite_address_qualify(uschar *, BOOL);
extern void sigalrm_handler(int);
extern BOOL smtp_buffered(void);
extern void smtp_closedown(uschar *);
-extern int smtp_connect(host_item *, int, int, uschar *, int, BOOL);
+extern int smtp_connect(host_item *, int, int, uschar *, int, BOOL, const uschar *);
extern int smtp_feof(void);
extern int smtp_ferror(void);
extern uschar *smtp_get_connection_info(void);
optionlist optionlist_auths[] = {
{ "client_condition", opt_stringptr | opt_public,
(void *)(offsetof(auth_instance, client_condition)) },
+ { "client_set_id", opt_stringptr | opt_public,
+ (void *)(offsetof(auth_instance, set_client_id)) },
{ "driver", opt_stringptr | opt_public,
(void *)(offsetof(auth_instance, driver_name)) },
{ "public_name", opt_stringptr | opt_public,
cluttered in several places (e.g. during logging) if we can always refer to
them. Also, the tls_ variables are now always visible. */
-BOOL tls_active = -1;
-int tls_bits = 0;
-BOOL tls_certificate_verified = FALSE;
-uschar *tls_cipher = NULL;
-BOOL tls_on_connect = FALSE;
-uschar *tls_on_connect_ports = NULL;
-uschar *tls_peerdn = NULL;
+tls_support tls_in = {
+ -1, /* tls_active */
+ 0, /* tls_bits */
+ FALSE,/* tls_certificate_verified */
+ NULL, /* tls_cipher */
+ FALSE,/* tls_on_connect */
+ NULL, /* tls_on_connect_ports */
+ NULL, /* tls_peerdn */
+ NULL /* tls_sni */
+};
+tls_support tls_out = {
+ -1, /* tls_active */
+ 0, /* tls_bits */
+ FALSE,/* tls_certificate_verified */
+ NULL, /* tls_cipher */
+ FALSE,/* tls_on_connect */
+ NULL, /* tls_on_connect_ports */
+ NULL, /* tls_peerdn */
+ NULL /* tls_sni */
+};
+
#ifdef SUPPORT_TLS
BOOL gnutls_compat_mode = FALSE;
+BOOL gnutls_enable_pkcs11 = FALSE;
uschar *gnutls_require_mac = NULL;
uschar *gnutls_require_kx = NULL;
uschar *gnutls_require_proto = NULL;
uschar *tls_privatekey = NULL;
BOOL tls_remember_esmtp = FALSE;
uschar *tls_require_ciphers = NULL;
-uschar *tls_sni = NULL;
uschar *tls_try_verify_hosts = NULL;
uschar *tls_verify_certificates= NULL;
uschar *tls_verify_hosts = NULL;
#endif
+#ifdef EXPERIMENTAL_PRDR
+/* Per Recipient Data Response variables */
+BOOL prdr_enable = FALSE;
+BOOL prdr_requested = FALSE;
+const pcre *regex_PRDR = NULL;
+#endif
/* Input-reading functions for messages, so we can use special ones for
incoming TCP/IP. The defaults use stdin. We never need these for any
header_line *acl_added_headers = NULL;
tree_node *acl_anchor = NULL;
+uschar *acl_arg[9] = {NULL, NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL};
+int acl_narg = 0;
uschar *acl_not_smtp = NULL;
#ifdef WITH_CONTENT_SCAN
uschar *acl_not_smtp_mime = NULL;
#endif
uschar *acl_not_smtp_start = NULL;
-
+uschar *acl_removed_headers = NULL;
uschar *acl_smtp_auth = NULL;
uschar *acl_smtp_connect = NULL;
uschar *acl_smtp_data = NULL;
+#ifdef EXPERIMENTAL_PRDR
+uschar *acl_smtp_data_prdr = NULL;
+#endif
#ifndef DISABLE_DKIM
uschar *acl_smtp_dkim = NULL;
#endif
US"MIME",
US"DKIM",
US"DATA",
+#ifdef EXPERIMENTAL_PRDR
+ US"PRDR",
+#endif
US"non-SMTP",
US"AUTH",
US"connection",
US"NOTQUIT",
US"QUIT",
US"STARTTLS",
- US"VRFY"
+ US"VRFY",
+ US"delivery",
+ US"unknown"
};
uschar *acl_wherecodes[] = { US"550", /* RCPT */
US"550", /* MIME */
US"550", /* DKIM */
US"550", /* DATA */
+#ifdef EXPERIMENTAL_PRDR
+ US"550", /* RCPT PRDR */
+#endif
US"0", /* not SMTP; not relevant */
US"503", /* AUTH */
US"550", /* connect */
US"0", /* NOTQUIT; not relevant */
US"0", /* QUIT; not relevant */
US"550", /* STARTTLS */
- US"252" /* VRFY */
+ US"252", /* VRFY */
+ US"0", /* delivery; not relevant */
+ US"0" /* unknown; not relevant */
};
BOOL active_local_from_check = FALSE;
BOOL active_local_sender_retain = FALSE;
+int body_8bitmime = 0;
BOOL accept_8bitmime = TRUE; /* deliberately not RFC compliant */
address_item *addr_duplicate = NULL;
NULL, /* cipher */
NULL, /* peerdn */
#endif
+ NULL, /* authenticator */
+ NULL, /* auth_id */
+ NULL, /* auth_sndr */
(uid_t)(-1), /* uid */
(gid_t)(-1), /* gid */
0, /* flags */
NULL, /* client_condition */
NULL, /* public_name */
NULL, /* set_id */
+ NULL, /* set_client_id */
NULL, /* server_mail_auth_condition */
NULL, /* server_debug_string */
NULL, /* server_condition */
BOOL check_rfc2047_length = TRUE;
int check_spool_inodes = 0;
int check_spool_space = 0;
+uschar *client_authenticator = NULL;
+uschar *client_authenticated_id = NULL;
+uschar *client_authenticated_sender = NULL;
int clmacro_count = 0;
uschar *clmacros[MAX_CLMACROS];
BOOL config_changed = FALSE;
uschar *continue_transport = NULL;
uschar *csa_status = NULL;
+BOOL cutthrough_delivery = FALSE;
+int cutthrough_fd = -1;
BOOL daemon_listen = FALSE;
uschar *daemon_smtp_port = US"smtp";
BOOL dkim_collect_input = FALSE;
BOOL dkim_disable_verify = FALSE;
#endif
+#ifdef EXPERIMENTAL_DMARC
+BOOL dmarc_has_been_checked = FALSE;
+uschar *dmarc_ar_header = NULL;
+uschar *dmarc_forensic_sender = NULL;
+uschar *dmarc_history_file = NULL;
+uschar *dmarc_status = NULL;
+uschar *dmarc_status_text = NULL;
+uschar *dmarc_tld_file = NULL;
+uschar *dmarc_used_domain = NULL;
+BOOL dmarc_disable_verify = FALSE;
+BOOL dmarc_enable_forensic = FALSE;
+#endif
uschar *dns_again_means_nonexist = NULL;
int dns_csa_search_limit = 5;
uschar *dns_ipv4_lookup = NULL;
int dns_retrans = 0;
int dns_retry = 0;
+int dns_dnssec_ok = -1; /* <0 = not coerced */
int dns_use_edns0 = -1; /* <0 = not coerced */
uschar *dnslist_domain = NULL;
uschar *dnslist_matched = NULL;
/* Note that this list must be in alphabetical order. */
bit_table log_options[] = {
+ { US"8bitmime", LX_8bitmime },
{ US"acl_warn_skipped", LX_acl_warn_skipped },
{ US"address_rewrite", L_address_rewrite },
{ US"all", L_all },
{ US"smtp_confirmation", LX_smtp_confirmation },
{ US"smtp_connection", L_smtp_connection },
{ US"smtp_incomplete_transaction", L_smtp_incomplete_transaction },
+ { US"smtp_mailauth", LX_smtp_mailauth },
{ US"smtp_no_mail", LX_smtp_no_mail },
{ US"smtp_protocol_error", L_smtp_protocol_error },
{ US"smtp_syntax_error", L_smtp_syntax_error },
NULL /* redirect_router */
};
+uschar *router_name = NULL;
+
ip_address_item *running_interfaces = NULL;
BOOL running_in_test_harness = FALSE;
uschar *sender_host_address = NULL;
uschar *sender_host_authenticated = NULL;
unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32];
+BOOL sender_host_dnssec = FALSE;
uschar *sender_host_name = NULL;
int sender_host_port = 0;
BOOL sender_host_notsocket = FALSE;
BOOL submission_mode = FALSE;
uschar *submission_name = NULL;
BOOL suppress_local_fixups = FALSE;
+BOOL suppress_local_fixups_default = FALSE;
BOOL synchronous_delivery = FALSE;
BOOL syslog_duplication = TRUE;
int syslog_facility = LOG_MAIL;
};
int transport_count;
+uschar *transport_name = NULL;
int transport_newlines;
uschar **transport_filter_argv = NULL;
int transport_filter_timeout;
cluttered in several places (e.g. during logging) if we can always refer to
them. Also, the tls_ variables are now always visible. */
-extern int tls_active; /* fd/socket when in a TLS session */
-extern int tls_bits; /* bits used in TLS session */
-extern BOOL tls_certificate_verified; /* Client certificate verified */
-extern uschar *tls_cipher; /* Cipher used */
-extern BOOL tls_on_connect; /* For older MTAs that don't STARTTLS */
-extern uschar *tls_on_connect_ports; /* Ports always tls-on-connect */
-extern uschar *tls_peerdn; /* DN from peer */
+typedef struct {
+ int active; /* fd/socket when in a TLS session */
+ int bits; /* bits used in TLS session */
+ BOOL certificate_verified; /* Client certificate verified */
+ uschar *cipher; /* Cipher used */
+ BOOL on_connect; /* For older MTAs that don't STARTTLS */
+ uschar *on_connect_ports; /* Ports always tls-on-connect */
+ uschar *peerdn; /* DN from peer */
+ uschar *sni; /* Server Name Indication */
+} tls_support;
+extern tls_support tls_in;
+extern tls_support tls_out;
#ifdef SUPPORT_TLS
extern BOOL gnutls_compat_mode; /* Less security, more compatibility */
+extern BOOL gnutls_enable_pkcs11; /* Let GnuTLS autoload PKCS11 modules */
extern uschar *gnutls_require_mac; /* So some can be avoided */
extern uschar *gnutls_require_kx; /* So some can be avoided */
extern uschar *gnutls_require_proto; /* So some can be avoided */
extern uschar *tls_privatekey; /* Private key file */
extern BOOL tls_remember_esmtp; /* For YAEB */
extern uschar *tls_require_ciphers; /* So some can be avoided */
-extern uschar *tls_sni; /* Server Name Indication */
extern uschar *tls_try_verify_hosts; /* Optional client verification */
extern uschar *tls_verify_certificates;/* Path for certificates to check */
extern uschar *tls_verify_hosts; /* Mandatory client verification */
/* General global variables */
extern BOOL accept_8bitmime; /* Allow *BITMIME incoming */
+extern int body_8bitmime; /* sender declared BODY= ; 7=7BIT, 8=8BITMIME */
extern header_line *acl_added_headers; /* Headers added by an ACL */
extern tree_node *acl_anchor; /* Tree of named ACLs */
+extern uschar *acl_arg[9]; /* Argument to ACL call */
+extern int acl_narg; /* Number of arguments to ACL call */
extern uschar *acl_not_smtp; /* ACL run for non-SMTP messages */
#ifdef WITH_CONTENT_SCAN
extern uschar *acl_not_smtp_mime; /* For MIME parts of ditto */
#endif
extern uschar *acl_not_smtp_start; /* ACL run at the beginning of a non-SMTP session */
+extern uschar *acl_removed_headers; /* Headers deleted by an ACL */
extern uschar *acl_smtp_auth; /* ACL run for AUTH */
extern uschar *acl_smtp_connect; /* ACL run on SMTP connection */
extern uschar *acl_smtp_data; /* ACL run after DATA received */
+#ifdef EXPERIMENTAL_PRDR
+extern uschar *acl_smtp_data_prdr; /* ACL run after DATA received if in PRDR mode*/
+const extern pcre *regex_PRDR; /* For recognizing PRDR settings */
+#endif
#ifndef DISABLE_DKIM
extern uschar *acl_smtp_dkim; /* ACL run for DKIM signatures / domains */
#endif
extern BOOL check_rfc2047_length; /* Check RFC 2047 encoded string length */
extern int check_spool_inodes; /* Minimum for message acceptance */
extern int check_spool_space; /* Minimum for message acceptance */
+extern uschar *client_authenticator; /* Authenticator name used for smtp delivery */
+extern uschar *client_authenticated_id; /* "login" name used for SMTP AUTH */
+extern uschar *client_authenticated_sender; /* AUTH option to SMTP MAIL FROM (not yet used) */
extern int clmacro_count; /* Number of command line macros */
extern uschar *clmacros[]; /* Copy of them, for re-exec */
extern int connection_max_messages;/* Max down one SMTP connection */
extern uschar *continue_transport; /* Transport for continued delivery */
extern uschar *csa_status; /* Client SMTP Authorization result */
+extern BOOL cutthrough_delivery; /* Deliver in foreground */
+extern int cutthrough_fd; /* Connection for ditto */
extern BOOL daemon_listen; /* True if listening required */
extern uschar *daemon_smtp_port; /* Can be a list of ports */
extern BOOL dkim_collect_input; /* Runtime flag that tracks wether SMTP input is fed to DKIM validation */
extern BOOL dkim_disable_verify; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */
#endif
+#ifdef EXPERIMENTAL_DMARC
+extern BOOL dmarc_has_been_checked; /* Global variable to check if test has been called yet */
+extern uschar *dmarc_ar_header; /* Expansion variable, suggested header for dmarc auth results */
+extern uschar *dmarc_forensic_sender; /* Set sender address for forensic reports */
+extern uschar *dmarc_history_file; /* Expansion variable, file to store dmarc results */
+extern uschar *dmarc_status; /* Expansion variable, one word value */
+extern uschar *dmarc_status_text; /* Expansion variable, human readable value */
+extern uschar *dmarc_tld_file; /* Mozilla TLDs text file */
+extern uschar *dmarc_used_domain; /* Expansion variable, domain libopendmarc chose for DMARC policy lookup */
+extern BOOL dmarc_disable_verify; /* Set via ACL control statement. When set, DMARC verification is disabled for the current message */
+extern BOOL dmarc_enable_forensic; /* Set via ACL control statement. When set, DMARC forensic reports are enabled for the current message */
+#endif
extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */
extern int dns_csa_search_limit; /* How deep to search for CSA SRV records */
extern uschar *dns_ipv4_lookup; /* For these domains, don't look for AAAA (or A6) */
extern int dns_retrans; /* Retransmission time setting */
extern int dns_retry; /* Number of retries */
+extern int dns_dnssec_ok; /* When constructing DNS query, set DO flag */
extern int dns_use_edns0; /* Coerce EDNS0 support on/off in resolver. */
extern uschar *dnslist_domain; /* DNS (black) list domain */
extern uschar *dnslist_matched; /* DNS (black) list matched key */
extern gid_t exim_gid; /* To be used with exim_uid */
extern BOOL exim_gid_set; /* TRUE if exim_gid set */
extern uschar *exim_path; /* Path to exec exim */
+extern const uschar *exim_sieve_extension_list[]; /* list of sieve extensions */
extern uid_t exim_uid; /* Non-root uid for exim */
extern BOOL exim_uid_set; /* TRUE if exim_uid set */
extern int expand_forbid; /* RDO flags for forbidding things */
extern uschar *pid_file_path; /* For writing daemon pids */
extern uschar *pipelining_advertise_hosts; /* As it says */
extern BOOL pipelining_enable; /* As it says */
+#ifdef EXPERIMENTAL_PRDR
+extern BOOL prdr_enable; /* As it says */
+extern BOOL prdr_requested; /* Connecting mail server wants PRDR */
+#endif
extern BOOL preserve_message_logs; /* Save msglog files */
extern uschar *primary_hostname; /* Primary name of this computer */
extern BOOL print_topbitchars; /* Topbit chars are printing chars */
extern router_info routers_available[];/* Vector of available routers */
extern router_instance *routers; /* Chain of instantiated routers */
extern router_instance router_defaults;/* Default values */
+extern uschar *router_name; /* Name of router last started */
extern BOOL running_in_test_harness; /*TRUE when running_status is patched */
extern ip_address_item *running_interfaces; /* Host's running interfaces */
extern uschar *running_status; /* Flag string for testing */
extern uschar *sender_helo_name; /* Host name from HELO/EHLO */
extern uschar **sender_host_aliases; /* Points to list of alias names */
extern unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32]; /* Cache bits for incoming host */
+extern BOOL sender_host_dnssec; /* true if sender_host_name verified in DNSSEC */
extern BOOL sender_host_notsocket; /* Set for -bs and -bS */
extern BOOL sender_host_unknown; /* TRUE for -bs and -bS except inetd */
extern uschar *sender_ident; /* Sender identity via RFC 1413 */
extern BOOL submission_mode; /* Can be forced from ACL */
extern uschar *submission_name; /* User name set from ACL */
extern BOOL suppress_local_fixups; /* Can be forced from ACL */
+extern BOOL suppress_local_fixups_default; /* former is reset to this; override with -G */
extern BOOL synchronous_delivery; /* TRUE if -odi is set */
extern BOOL syslog_duplication; /* FALSE => no duplicate logging */
extern int syslog_facility; /* As defined by Syslog.h */
extern int thismessage_size_limit; /* Limit for this message */
extern int timeout_frozen_after; /* Max time to keep frozen messages */
extern BOOL timestamps_utc; /* Use UTC for all times */
+extern uschar *transport_name; /* Name of transport last started */
extern int transport_count; /* Count of bytes transported */
extern int transport_newlines; /* Accurate count of number of newline chars transported */
extern uschar **transport_filter_argv; /* For on-the-fly filtering */
{
int sep = 0;
uschar buffer[32];
-uschar *list = tls_on_connect_ports;
+uschar *list = tls_in.on_connect_ports;
uschar *s;
-if (tls_on_connect) return TRUE;
+if (tls_in.on_connect) return TRUE;
while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
{
dns_answer dnsa;
dns_scan dnss;
-host_lookup_deferred = host_lookup_failed = FALSE;
+sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE;
HDEBUG(D_host_lookup)
debug_printf("looking up host name for %s\n", sender_host_address);
int count = 0;
int old_pool = store_pool;
+ /* Ideally we'd check DNSSEC both forward and reverse, but we use the
+ gethost* routines for forward, so can't do that unless/until we rewrite. */
+ sender_host_dnssec = dns_is_secure(&dnsa);
+ DEBUG(D_dns)
+ debug_printf("Reverse DNS security status: %s\n",
+ sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified");
+
store_pool = POOL_PERM; /* Save names in permanent storage */
for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
close down of the connection), set errno to zero; otherwise leave it alone. */
#ifdef SUPPORT_TLS
-if (tls_active == sock)
- rc = tls_read(buffer, buffsize);
+if (tls_out.active == sock)
+ rc = tls_read(FALSE, buffer, buffsize);
+else if (tls_in.active == sock)
+ rc = tls_read(TRUE, buffer, buffsize);
else
#endif
rc = recv(sock, buffer, buffsize, 0);
}
+
+
+/*************************************************
+* Lookup address family of potential socket *
+*************************************************/
+
+/* Given a file-descriptor, check to see if it's a socket and, if so,
+return the address family; detects IPv4 vs IPv6. If not a socket then
+return -1.
+
+The value 0 is typically AF_UNSPEC, which should not be seen on a connected
+fd. If the return is -1, the errno will be from getsockname(); probably
+ENOTSOCK or ECONNRESET.
+
+Arguments: socket-or-not fd
+Returns: address family or -1
+*/
+
+int
+ip_get_address_family(int fd)
+{
+struct sockaddr_storage ss;
+socklen_t sslen = sizeof(ss);
+
+if (getsockname(fd, (struct sockaddr *) &ss, &sslen) < 0)
+ return -1;
+
+return (int) ss.ss_family;
+}
+
+
+
+
+/*************************************************
+* Lookup DSCP settings for a socket *
+*************************************************/
+
+struct dscp_name_tableentry {
+ const uschar *name;
+ int value;
+};
+/* Keep both of these tables sorted! */
+static struct dscp_name_tableentry dscp_table[] = {
+#ifdef IPTOS_DSCP_AF11
+ { CUS"af11", IPTOS_DSCP_AF11 },
+ { CUS"af12", IPTOS_DSCP_AF12 },
+ { CUS"af13", IPTOS_DSCP_AF13 },
+ { CUS"af21", IPTOS_DSCP_AF21 },
+ { CUS"af22", IPTOS_DSCP_AF22 },
+ { CUS"af23", IPTOS_DSCP_AF23 },
+ { CUS"af31", IPTOS_DSCP_AF31 },
+ { CUS"af32", IPTOS_DSCP_AF32 },
+ { CUS"af33", IPTOS_DSCP_AF33 },
+ { CUS"af41", IPTOS_DSCP_AF41 },
+ { CUS"af42", IPTOS_DSCP_AF42 },
+ { CUS"af43", IPTOS_DSCP_AF43 },
+ { CUS"ef", IPTOS_DSCP_EF },
+#endif
+#ifdef IPTOS_LOWCOST
+ { CUS"lowcost", IPTOS_LOWCOST },
+#endif
+ { CUS"lowdelay", IPTOS_LOWDELAY },
+#ifdef IPTOS_MINCOST
+ { CUS"mincost", IPTOS_MINCOST },
+#endif
+ { CUS"reliability", IPTOS_RELIABILITY },
+ { CUS"throughput", IPTOS_THROUGHPUT }
+};
+static int dscp_table_size =
+ sizeof(dscp_table) / sizeof(struct dscp_name_tableentry);
+
+/* DSCP values change by protocol family, and so do the options used for
+setsockopt(); this utility does all the lookups. It takes an unexpanded
+option string, expands it, strips off affix whitespace, then checks if it's
+a number. If all of what's left is a number, then that's how the option will
+be parsed and success/failure is a range check. If it's not all a number,
+then it must be a supported keyword.
+
+Arguments:
+ dscp_name a string, so far unvalidated
+ af address_family in use
+ level setsockopt level to use
+ optname setsockopt name to use
+ dscp_value value for dscp_name
+
+Returns: TRUE if okay to setsockopt(), else FALSE
+
+*level and *optname may be set even if FALSE is returned
+*/
+
+BOOL
+dscp_lookup(const uschar *dscp_name, int af,
+ int *level, int *optname, int *dscp_value)
+{
+uschar *dscp_lookup, *p;
+int first, last;
+long rawlong;
+
+if (af == AF_INET)
+ {
+ *level = IPPROTO_IP;
+ *optname = IP_TOS;
+ }
+else if (af == AF_INET6)
+ {
+ *level = IPPROTO_IPV6;
+ *optname = IPV6_TCLASS;
+ }
+else
+ {
+ DEBUG(D_transport)
+ debug_printf("Unhandled address family %d in dscp_lookup()\n", af);
+ return FALSE;
+ }
+if (!dscp_name)
+ {
+ DEBUG(D_transport)
+ debug_printf("[empty DSCP]\n");
+ return FALSE;
+ }
+dscp_lookup = expand_string(US dscp_name);
+if (dscp_lookup == NULL || *dscp_lookup == '\0')
+ return FALSE;
+
+p = dscp_lookup + Ustrlen(dscp_lookup) - 1;
+while (isspace(*p)) *p-- = '\0';
+while (isspace(*dscp_lookup) && dscp_lookup < p) dscp_lookup++;
+if (*dscp_lookup == '\0')
+ return FALSE;
+
+rawlong = Ustrtol(dscp_lookup, &p, 0);
+if (p != dscp_lookup && *p == '\0')
+ {
+ /* We have six bits available, which will end up shifted to fit in 0xFC mask.
+ RFC 2597 defines the values unshifted. */
+ if (rawlong < 0 || rawlong > 0x3F)
+ {
+ DEBUG(D_transport)
+ debug_printf("DSCP value %ld out of range, ignored.\n", rawlong);
+ return FALSE;
+ }
+ *dscp_value = rawlong << 2;
+ return TRUE;
+ }
+
+first = 0;
+last = dscp_table_size;
+while (last > first)
+ {
+ int middle = (first + last)/2;
+ int c = Ustrcmp(dscp_lookup, dscp_table[middle].name);
+ if (c == 0)
+ {
+ *dscp_value = dscp_table[middle].value;
+ return TRUE;
+ }
+ else if (c > 0)
+ {
+ first = middle + 1;
+ }
+ else
+ {
+ last = middle;
+ }
+ }
+return FALSE;
+}
+
+void
+dscp_list_to_stream(FILE *stream)
+{
+int i;
+for (i=0; i < dscp_table_size; ++i)
+ fprintf(stream, "%s\n", dscp_table[i].name);
+}
+
+
/* End of ip.c */
Returns: a file descriptor, or < 0 on failure (errno set)
*/
-static int
+int
log_create(uschar *name)
{
int fd = Uopen(name, O_CREAT|O_APPEND|O_WRONLY, LOG_MODE);
panic_recurseflag = FALSE;
if (panic_save_buffer != NULL)
- (void) write(paniclogfd, panic_save_buffer, Ustrlen(panic_save_buffer));
+ {
+ int i = write(paniclogfd, panic_save_buffer, Ustrlen(panic_save_buffer));
+ i = i; /* compiler quietening */
+ }
written_len = write_to_fd_buf(paniclogfd, log_buffer, length);
if (written_len != length)
static const char *type_names[] = {
"a",
#if HAVE_IPV6
+ "a+",
"aaaa",
#ifdef SUPPORT_A6
"a6",
static int type_values[] = {
T_A,
#if HAVE_IPV6
+ T_APL, /* Private type for AAAA + A */
T_AAAA,
#ifdef SUPPORT_A6
T_A6,
domain = rbuffer;
}
- DEBUG(D_lookup) debug_printf("dnsdb key: %s\n", domain);
-
- /* Do the lookup and sort out the result. There are three special types that
- are handled specially: T_CSA, T_ZNS and T_MXH. The former two are handled in
- a special lookup function so that the facility could be used from other
- parts of the Exim code. The latter affects only what happens later on in
- this function, but for tidiness it is handled in a similar way. If the
- lookup fails, continue with the next domain. In the case of DEFER, adjust
- the final "nothing found" result, but carry on to the next domain. */
-
- found = domain;
- rc = dns_special_lookup(&dnsa, domain, type, &found);
-
- if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue;
- if (rc != DNS_SUCCEED)
+ do
{
- if (defer_mode == DEFER) return DEFER; /* always defer */
- else if (defer_mode == PASS) failrc = DEFER; /* defer only if all do */
- continue; /* treat defer as fail */
- }
-
- /* Search the returned records */
+ DEBUG(D_lookup) debug_printf("dnsdb key: %s\n", domain);
+
+ /* Do the lookup and sort out the result. There are four special types that
+ are handled specially: T_CSA, T_ZNS, T_APL and T_MXH.
+ The first two are handled in a special lookup function so that the facility
+ could be used from other parts of the Exim code. T_APL is handled by looping
+ over the types of A lookup. T_MXH affects only what happens later on in
+ this function, but for tidiness it is handled by the "special". If the
+ lookup fails, continue with the next domain. In the case of DEFER, adjust
+ the final "nothing found" result, but carry on to the next domain. */
+
+ found = domain;
+#if HAVE_IPV6
+ if (type == T_APL) /* NB cannot happen unless HAVE_IPV6 */
+ {
+ if (searchtype == T_APL)
+# if defined(SUPPORT_A6)
+ searchtype = T_A6;
+# else
+ searchtype = T_AAAA;
+# endif
+ else if (searchtype == T_A6) searchtype = T_AAAA;
+ else if (searchtype == T_AAAA) searchtype = T_A;
+ rc = dns_special_lookup(&dnsa, domain, searchtype, &found);
+ }
+ else
+#endif
+ rc = dns_special_lookup(&dnsa, domain, type, &found);
- for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
- rr != NULL;
- rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
- {
- if (rr->type != searchtype) continue;
+ if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue;
+ if (rc != DNS_SUCCEED)
+ {
+ if (defer_mode == DEFER) return DEFER; /* always defer */
+ if (defer_mode == PASS) failrc = DEFER; /* defer only if all do */
+ continue; /* treat defer as fail */
+ }
- /* There may be several addresses from an A6 record. Put the configured
- separator between them, just as for between several records. However, A6
- support is not normally configured these days. */
+ /* Search the returned records */
- if (type == T_A ||
- #ifdef SUPPORT_A6
- type == T_A6 ||
- #endif
- type == T_AAAA)
+ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
+ rr != NULL;
+ rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
{
- dns_address *da;
- for (da = dns_address_from_rr(&dnsa, rr); da != NULL; da = da->next)
+ if (rr->type != searchtype) continue;
+
+ /* There may be several addresses from an A6 record. Put the configured
+ separator between them, just as for between several records. However, A6
+ support is not normally configured these days. */
+
+ if (type == T_A ||
+ #ifdef SUPPORT_A6
+ type == T_A6 ||
+ #endif
+ type == T_AAAA ||
+ type == T_APL)
{
- if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1);
- yield = string_cat(yield, &size, &ptr, da->address,
- Ustrlen(da->address));
+ dns_address *da;
+ for (da = dns_address_from_rr(&dnsa, rr); da != NULL; da = da->next)
+ {
+ if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1);
+ yield = string_cat(yield, &size, &ptr, da->address,
+ Ustrlen(da->address));
+ }
+ continue;
}
- continue;
- }
- /* Other kinds of record just have one piece of data each, but there may be
- several of them, of course. */
+ /* Other kinds of record just have one piece of data each, but there may be
+ several of them, of course. */
- if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1);
+ if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1);
- if (type == T_TXT || type == T_SPF)
- {
- if (outsep2 == NULL)
- {
- /* output only the first item of data */
- yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1),
- (rr->data)[0]);
- }
- else
+ if (type == T_TXT || type == T_SPF)
{
- /* output all items */
- int data_offset = 0;
- while (data_offset < rr->size)
+ if (outsep2 == NULL)
{
- uschar chunk_len = (rr->data)[data_offset++];
- if (outsep2[0] != '\0' && data_offset != 1)
- yield = string_cat(yield, &size, &ptr, outsep2, 1);
- yield = string_cat(yield, &size, &ptr,
+ /* output only the first item of data */
+ yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1),
+ (rr->data)[0]);
+ }
+ else
+ {
+ /* output all items */
+ int data_offset = 0;
+ while (data_offset < rr->size)
+ {
+ uschar chunk_len = (rr->data)[data_offset++];
+ if (outsep2[0] != '\0' && data_offset != 1)
+ yield = string_cat(yield, &size, &ptr, outsep2, 1);
+ yield = string_cat(yield, &size, &ptr,
(uschar *)((rr->data)+data_offset), chunk_len);
- data_offset += chunk_len;
+ data_offset += chunk_len;
+ }
}
}
- }
- else /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */
- {
- int priority, weight, port;
- uschar s[264];
- uschar *p = (uschar *)(rr->data);
-
- if (type == T_MXH)
- {
- /* mxh ignores the priority number and includes only the hostnames */
- GETSHORT(priority, p);
- }
- else if (type == T_MX)
- {
- GETSHORT(priority, p);
- sprintf(CS s, "%d ", priority);
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
- }
- else if (type == T_SRV)
- {
- GETSHORT(priority, p);
- GETSHORT(weight, p);
- GETSHORT(port, p);
- sprintf(CS s, "%d %d %d ", priority, weight, port);
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
- }
- else if (type == T_CSA)
+ else /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */
{
- /* See acl_verify_csa() for more comments about CSA. */
-
- GETSHORT(priority, p);
- GETSHORT(weight, p);
- GETSHORT(port, p);
-
- if (priority != 1) continue; /* CSA version must be 1 */
+ int priority, weight, port;
+ uschar s[264];
+ uschar *p = (uschar *)(rr->data);
- /* If the CSA record we found is not the one we asked for, analyse
- the subdomain assertions in the port field, else analyse the direct
- authorization status in the weight field. */
-
- if (found != domain)
+ if (type == T_MXH)
{
- if (port & 1) *s = 'X'; /* explicit authorization required */
- else *s = '?'; /* no subdomain assertions here */
+ /* mxh ignores the priority number and includes only the hostnames */
+ GETSHORT(priority, p);
}
- else
+ else if (type == T_MX)
{
- if (weight < 2) *s = 'N'; /* not authorized */
- else if (weight == 2) *s = 'Y'; /* authorized */
- else if (weight == 3) *s = '?'; /* unauthorizable */
- else continue; /* invalid */
+ GETSHORT(priority, p);
+ sprintf(CS s, "%d ", priority);
+ yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ }
+ else if (type == T_SRV)
+ {
+ GETSHORT(priority, p);
+ GETSHORT(weight, p);
+ GETSHORT(port, p);
+ sprintf(CS s, "%d %d %d ", priority, weight, port);
+ yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ }
+ else if (type == T_CSA)
+ {
+ /* See acl_verify_csa() for more comments about CSA. */
+
+ GETSHORT(priority, p);
+ GETSHORT(weight, p);
+ GETSHORT(port, p);
+
+ if (priority != 1) continue; /* CSA version must be 1 */
+
+ /* If the CSA record we found is not the one we asked for, analyse
+ the subdomain assertions in the port field, else analyse the direct
+ authorization status in the weight field. */
+
+ if (found != domain)
+ {
+ if (port & 1) *s = 'X'; /* explicit authorization required */
+ else *s = '?'; /* no subdomain assertions here */
+ }
+ else
+ {
+ if (weight < 2) *s = 'N'; /* not authorized */
+ else if (weight == 2) *s = 'Y'; /* authorized */
+ else if (weight == 3) *s = '?'; /* unauthorizable */
+ else continue; /* invalid */
+ }
+
+ s[1] = ' ';
+ yield = string_cat(yield, &size, &ptr, s, 2);
}
- s[1] = ' ';
- yield = string_cat(yield, &size, &ptr, s, 2);
- }
-
- /* GETSHORT() has advanced the pointer to the target domain. */
+ /* GETSHORT() has advanced the pointer to the target domain. */
- rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
- (DN_EXPAND_ARG4_TYPE)(s), sizeof(s));
+ rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p,
+ (DN_EXPAND_ARG4_TYPE)(s), sizeof(s));
- /* If an overlong response was received, the data will have been
- truncated and dn_expand may fail. */
+ /* If an overlong response was received, the data will have been
+ truncated and dn_expand may fail. */
- if (rc < 0)
- {
- log_write(0, LOG_MAIN, "host name alias list truncated: type=%s "
- "domain=%s", dns_text_type(type), domain);
- break;
+ if (rc < 0)
+ {
+ log_write(0, LOG_MAIN, "host name alias list truncated: type=%s "
+ "domain=%s", dns_text_type(type), domain);
+ break;
+ }
+ else yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
}
- else yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
- }
- } /* Loop for list of returned records */
- } /* Loop for list of domains */
+ } /* Loop for list of returned records */
+
+ /* Loop for set of A-lookupu types */
+ } while (type == T_APL && searchtype != T_A);
+
+ } /* Loop for list of domains */
/* Reclaim unused memory */
{
DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
(lcp->bound)? "re-" : "", user, password);
-#ifdef LDAP_OPT_X_TLS
- /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */
if (eldap_start_tls)
{
- if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) {
- *errmsg = string_sprintf("failed to initiate TLS processing on an "
- "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
- " %s", host, porttext, rc, ldap_err2string(rc));
- goto RETURN_ERROR;
- }
- }
+#if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS)
+ /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this.
+ * Note: moreover, they appear to now define LDAP_OPT_X_TLS and still not
+ * export an ldap_start_tls_s symbol.
+ */
+ if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS)
+ {
+ *errmsg = string_sprintf("failed to initiate TLS processing on an "
+ "LDAP session to server %s%s - ldap_start_tls_s() returned %d:"
+ " %s", host, porttext, rc, ldap_err2string(rc));
+ goto RETURN_ERROR;
+ }
+#else
+ DEBUG(D_lookup)
+ debug_printf("TLS initiation not supported with this Exim and your LDAP library.\n");
#endif
+ }
if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE))
== -1)
{
#include "../exim.h"
#ifndef EXPERIMENTAL_SPF
-static void dummy(int x) { dummy(x-1); }
+static void dummy(int x);
+static void dummy2(int x) { dummy(x-1); }
+static void dummy(int x) { dummy2(x-1); }
#else
#include "lf_functions.h"
a no-op once an SSL session is in progress. */
#ifdef SUPPORT_TLS
-#define mac_smtp_fflush() if (tls_active < 0) fflush(smtp_out);
+#define mac_smtp_fflush() if (tls_in.active < 0) fflush(smtp_out);
#else
#define mac_smtp_fflush() fflush(smtp_out);
#endif
ERRMESS_TOOMANYRECIP, /* Too many recipients */
ERRMESS_LOCAL_SCAN, /* Rejected by local scan */
ERRMESS_LOCAL_ACL /* Rejected by non-SMTP ACL */
+#ifdef EXPERIMENTAL_DMARC
+ ,ERRMESS_DMARC_FORENSIC /* DMARC Forensic Report */
+#endif
};
/* Error handling styles - set by option, and apply only when receiving
#define LX_tls_peerdn 0x80400000
#define LX_tls_sni 0x80800000
#define LX_unknown_in_list 0x81000000
+#define LX_8bitmime 0x82000000
+#define LX_smtp_mailauth 0x84000000
#define L_default (L_connection_reject | \
L_delay_delivery | \
#define LX_default ((LX_acl_warn_skipped | \
LX_rejected_header | \
LX_sender_verify_fail | \
+ LX_smtp_confirmation | \
LX_tls_cipher) & 0x7fffffff)
/* Private error numbers for delivery failures, set negative so as not
#define opt_public 0x200 /* Stored in the main instance block */
#define opt_set 0x400 /* Option is set */
#define opt_secure 0x800 /* "hide" prefix used */
-#define opt_mask 0x0ff
+#define opt_rep_con 0x1000 /* Can be appended to by a repeated line (condition) */
+#define opt_rep_str 0x2000 /* Can be appended to by a repeated line (string) */
+#define opt_mask 0x00ff
/* Verify types when directing and routing */
ACL_WHERE_MIME, /* ) implemented by <= WHERE_NOTSMTP */
ACL_WHERE_DKIM, /* ) */
ACL_WHERE_DATA, /* ) */
+#ifdef EXPERIMENTAL_PRDR
+ ACL_WHERE_PRDR, /* ) */
+#endif
ACL_WHERE_NOTSMTP, /* ) */
ACL_WHERE_AUTH, /* These remaining ones are not currently */
ACL_WHERE_NOTQUIT,
ACL_WHERE_QUIT,
ACL_WHERE_STARTTLS,
- ACL_WHERE_VRFY
+ ACL_WHERE_VRFY,
+
+ ACL_WHERE_DELIVERY,
+ ACL_WHERE_UNKNOWN /* Currently used by a ${acl:name} expansion */
};
/* Situations for spool_write_header() */
sizeof(sophie_options_buffer))) == NULL) {
/* no options supplied, use default options */
sophie_options = sophie_options_default;
- };
+ }
/* open the sophie socket */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan [%s]\n",
scanner_name, sophie_options);
- if (write(sock, file_name, Ustrlen(file_name)) < 0) {
+ if ( write(sock, file_name, Ustrlen(file_name)) < 0
+ || write(sock, "\n", 1) != 1
+ ) {
(void)close(sock);
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to write to sophie UNIX socket (%s)", sophie_options);
return DEFER;
- };
-
- (void)write(sock, "\n", 1);
+ }
/* wait for result */
memset(av_buffer, 0, sizeof(av_buffer));
log_write(0, LOG_MAIN|LOG_PANIC,
"malware acl condition: unable to read from sophie UNIX socket (%s)", sophie_options);
return DEFER;
- };
+ }
(void)close(sock);
else {
/* all ok, no virus */
malware_name = NULL;
- };
+ }
}
/* ----------------------------------------------------------------------- */
error = error; /* Keep clever compilers from complaining */
-DEBUG(D_lists) debug_printf("address match: subject=%s pattern=%s\n",
+DEBUG(D_lists) debug_printf("address match test: subject=%s pattern=%s\n",
subject, pattern);
/* Find the subject's domain */
fprintf(f, "\n");
break;
+#ifdef EXPERIMENTAL_DMARC
+ case ERRMESS_DMARC_FORENSIC:
+ bounce_return_message = TRUE;
+ bounce_return_body = FALSE;
+ fprintf(f,
+ "Subject: DMARC Forensic Report for %s from IP %s\n\n",
+ ((eblock == NULL) ? US"Unknown" : eblock->text2),
+ sender_host_address);
+ fprintf(f,
+ "A message claiming to be from you has failed the published DMARC\n"
+ "policy for your domain.\n\n");
+ while (eblock != NULL)
+ {
+ fprintf(f, " %s: %s\n", eblock->text1, eblock->text2);
+ count++;
+ eblock = eblock->next;
+ }
+ break;
+#endif
+
default:
fprintf(f, "Subject: Mail failure\n\n");
fprintf(f,
}
}
}
+#ifdef EXPERIMENTAL_DMARC
+ /* Overkill, but use exact test in case future code gets inserted */
+ else if (bounce_return_body && message_file == NULL)
+ {
+ /* This doesn't print newlines, disable until can parse and fix
+ * output to be legible. */
+ fprintf(f, "%s", expand_string(US"$message_body"));
+ }
+#endif
}
-
/* Close the file, which should send an EOF to the child process
that is receiving the message. Wait for it to finish, without a timeout. */
/* -------------------------------------------------------------------------- */
/* Length of the preallocated buffer for the "answer" from the dns/txt
- callback function. */
-#define PDKIM_DNS_TXT_MAX_RECLEN 4096
+ callback function. This should match the maximum RDLENGTH from DNS. */
+#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16)
/* -------------------------------------------------------------------------- */
/* Function success / error codes */
the mere fact that read() unblocks is enough. */
set_process_info("running queue: waiting for children of %d", pid);
- (void)read(pfd[pipe_read], buffer, sizeof(buffer));
+ if (read(pfd[pipe_read], buffer, sizeof(buffer)) > 0)
+ log_write(0, LOG_MAIN|LOG_PANIC, "queue run: unexpected data on pipe");
(void)close(pfd[pipe_read]);
set_process_info("running queue");
}
while((rc = read(fd, big_buffer, big_buffer_size)) > 0)
- (void)write(fileno(stdout), big_buffer, rc);
+ rc = write(fileno(stdout), big_buffer, rc);
(void)close(fd);
return TRUE;
* Write string down pipe *
*************************************************/
-/* This function is used for tranferring a string down a pipe between
+/* This function is used for transferring a string down a pipe between
processes. If the pointer is NULL, a length of zero is written.
Arguments:
fd the pipe
s the string
-Returns: nothing
+Returns: -1 on error, else 0
*/
-static void
+static int
rda_write_string(int fd, uschar *s)
{
int len = (s == NULL)? 0 : Ustrlen(s) + 1;
-(void)write(fd, &len, sizeof(int));
-if (s != NULL) (void)write(fd, s, len);
+return ( write(fd, &len, sizeof(int)) != sizeof(int)
+ || (s != NULL && write(fd, s, len) != len)
+ )
+ ? -1 : 0;
}
/* Pass back whether it was a filter, and the return code and any overall
error text via the pipe. */
- (void)write(fd, filtertype, sizeof(int));
- (void)write(fd, &yield, sizeof(int));
- rda_write_string(fd, *error);
+ if ( write(fd, filtertype, sizeof(int)) != sizeof(int)
+ || write(fd, &yield, sizeof(int)) != sizeof(int)
+ || rda_write_string(fd, *error) != 0
+ )
+ goto bad;
/* Pass back the contents of any syntax error blocks if we have a pointer */
{
error_block *ep;
for (ep = *eblockp; ep != NULL; ep = ep->next)
- {
- rda_write_string(fd, ep->text1);
- rda_write_string(fd, ep->text2);
- }
- rda_write_string(fd, NULL); /* Indicates end of eblocks */
+ if ( rda_write_string(fd, ep->text1) != 0
+ || rda_write_string(fd, ep->text2) != 0
+ )
+ goto bad;
+ if (rda_write_string(fd, NULL) != 0) /* Indicates end of eblocks */
+ goto bad;
}
/* If this is a system filter, we have to pass back the numbers of any
int i = 0;
header_line *h;
for (h = header_list; h != waslast->next; i++, h = h->next)
- {
- if (h->type == htype_old) (void)write(fd, &i, sizeof(i));
- }
+ if ( h->type == htype_old
+ && write(fd, &i, sizeof(i)) != sizeof(i)
+ )
+ goto bad;
+
i = -1;
- (void)write(fd, &i, sizeof(i));
+ if (write(fd, &i, sizeof(i)) != sizeof(i))
+ goto bad;
while (waslast != header_last)
{
waslast = waslast->next;
if (waslast->type != htype_old)
- {
- rda_write_string(fd, waslast->text);
- (void)write(fd, &(waslast->type), sizeof(waslast->type));
- }
+ if ( rda_write_string(fd, waslast->text) != 0
+ || write(fd, &(waslast->type), sizeof(waslast->type))
+ != sizeof(waslast->type)
+ )
+ goto bad;
}
- rda_write_string(fd, NULL); /* Indicates end of added headers */
+ if (rda_write_string(fd, NULL) != 0) /* Indicates end of added headers */
+ goto bad;
}
/* Write the contents of the $n variables */
- (void)write(fd, filter_n, sizeof(filter_n));
+ if (write(fd, filter_n, sizeof(filter_n)) != sizeof(filter_n))
+ goto bad;
/* If the result was DELIVERED or NOTDELIVERED, we pass back the generated
addresses, and their associated information, through the pipe. This is
{
int reply_options = 0;
- rda_write_string(fd, addr->address);
- (void)write(fd, &(addr->mode), sizeof(addr->mode));
- (void)write(fd, &(addr->flags), sizeof(addr->flags));
- rda_write_string(fd, addr->p.errors_address);
+ if ( rda_write_string(fd, addr->address) != 0
+ || write(fd, &(addr->mode), sizeof(addr->mode))
+ != sizeof(addr->mode)
+ || write(fd, &(addr->flags), sizeof(addr->flags))
+ != sizeof(addr->flags)
+ || rda_write_string(fd, addr->p.errors_address) != 0
+ )
+ goto bad;
if (addr->pipe_expandn != NULL)
{
uschar **pp;
for (pp = addr->pipe_expandn; *pp != NULL; pp++)
- rda_write_string(fd, *pp);
+ if (rda_write_string(fd, *pp) != 0)
+ goto bad;
}
- rda_write_string(fd, NULL);
+ if (rda_write_string(fd, NULL) != 0)
+ goto bad;
if (addr->reply == NULL)
- (void)write(fd, &reply_options, sizeof(int)); /* 0 means no reply */
+ {
+ if (write(fd, &reply_options, sizeof(int)) != sizeof(int)) /* 0 means no reply */
+ goto bad;
+ }
else
{
reply_options |= REPLY_EXISTS;
if (addr->reply->file_expand) reply_options |= REPLY_EXPAND;
if (addr->reply->return_message) reply_options |= REPLY_RETURN;
- (void)write(fd, &reply_options, sizeof(int));
- (void)write(fd, &(addr->reply->expand_forbid), sizeof(int));
- (void)write(fd, &(addr->reply->once_repeat), sizeof(time_t));
- rda_write_string(fd, addr->reply->to);
- rda_write_string(fd, addr->reply->cc);
- rda_write_string(fd, addr->reply->bcc);
- rda_write_string(fd, addr->reply->from);
- rda_write_string(fd, addr->reply->reply_to);
- rda_write_string(fd, addr->reply->subject);
- rda_write_string(fd, addr->reply->headers);
- rda_write_string(fd, addr->reply->text);
- rda_write_string(fd, addr->reply->file);
- rda_write_string(fd, addr->reply->logfile);
- rda_write_string(fd, addr->reply->oncelog);
+ if ( write(fd, &reply_options, sizeof(int)) != sizeof(int)
+ || write(fd, &(addr->reply->expand_forbid), sizeof(int))
+ != sizeof(int)
+ || write(fd, &(addr->reply->once_repeat), sizeof(time_t))
+ != sizeof(time_t)
+ || rda_write_string(fd, addr->reply->to) != 0
+ || rda_write_string(fd, addr->reply->cc) != 0
+ || rda_write_string(fd, addr->reply->bcc) != 0
+ || rda_write_string(fd, addr->reply->from) != 0
+ || rda_write_string(fd, addr->reply->reply_to) != 0
+ || rda_write_string(fd, addr->reply->subject) != 0
+ || rda_write_string(fd, addr->reply->headers) != 0
+ || rda_write_string(fd, addr->reply->text) != 0
+ || rda_write_string(fd, addr->reply->file) != 0
+ || rda_write_string(fd, addr->reply->logfile) != 0
+ || rda_write_string(fd, addr->reply->oncelog) != 0
+ )
+ goto bad;
}
}
- rda_write_string(fd, NULL); /* Marks end of addresses */
+ if (rda_write_string(fd, NULL) != 0) /* Marks end of addresses */
+ goto bad;
}
/* OK, this process is now done. Free any cached resources. Must use _exit()
and not exit() !! */
+out:
(void)close(fd);
search_tidyup();
_exit(0);
+
+bad:
+ DEBUG(D_rewrite) debug_printf("rda_interpret: failed write to pipe\n");
+ goto out;
}
/* Back in the main process: panic if the fork did not succeed. */
{ "acl_smtp_auth", opt_stringptr, &acl_smtp_auth },
{ "acl_smtp_connect", opt_stringptr, &acl_smtp_connect },
{ "acl_smtp_data", opt_stringptr, &acl_smtp_data },
+#ifdef EXPERIMENTAL_PRDR
+ { "acl_smtp_data_prdr", opt_stringptr, &acl_smtp_data_prdr },
+#endif
#ifndef DISABLE_DKIM
{ "acl_smtp_dkim", opt_stringptr, &acl_smtp_dkim },
#endif
{ "disable_ipv6", opt_bool, &disable_ipv6 },
#ifndef DISABLE_DKIM
{ "dkim_verify_signers", opt_stringptr, &dkim_verify_signers },
+#endif
+#ifdef EXPERIMENTAL_DMARC
+ { "dmarc_forensic_sender", opt_stringptr, &dmarc_forensic_sender },
+ { "dmarc_history_file", opt_stringptr, &dmarc_history_file },
+ { "dmarc_tld_file", opt_stringptr, &dmarc_tld_file },
#endif
{ "dns_again_means_nonexist", opt_stringptr, &dns_again_means_nonexist },
{ "dns_check_names_pattern", opt_stringptr, &check_dns_names_pattern },
{ "dns_csa_search_limit", opt_int, &dns_csa_search_limit },
{ "dns_csa_use_reverse", opt_bool, &dns_csa_use_reverse },
+ { "dns_dnssec_ok", opt_int, &dns_dnssec_ok },
{ "dns_ipv4_lookup", opt_stringptr, &dns_ipv4_lookup },
{ "dns_retrans", opt_time, &dns_retrans },
{ "dns_retry", opt_int, &dns_retry },
{ "gecos_pattern", opt_stringptr, &gecos_pattern },
#ifdef SUPPORT_TLS
{ "gnutls_compat_mode", opt_bool, &gnutls_compat_mode },
+ { "gnutls_enable_pkcs11", opt_bool, &gnutls_enable_pkcs11 },
/* These three gnutls_require_* options stopped working in Exim 4.80 */
{ "gnutls_require_kx", opt_stringptr, &gnutls_require_kx },
{ "gnutls_require_mac", opt_stringptr, &gnutls_require_mac },
#endif
{ "pid_file_path", opt_stringptr, &pid_file_path },
{ "pipelining_advertise_hosts", opt_stringptr, &pipelining_advertise_hosts },
+#ifdef EXPERIMENTAL_PRDR
+ { "prdr_enable", opt_bool, &prdr_enable },
+#endif
{ "preserve_message_logs", opt_bool, &preserve_message_logs },
{ "primary_hostname", opt_stringptr, &primary_hostname },
{ "print_topbitchars", opt_bool, &print_topbitchars },
{ "tls_crl", opt_stringptr, &tls_crl },
{ "tls_dh_max_bits", opt_int, &tls_dh_max_bits },
{ "tls_dhparam", opt_stringptr, &tls_dhparam },
-#if defined(EXPERIMENTAL_OCSP) && !defined(USE_GNUTLS)
+# if defined(EXPERIMENTAL_OCSP) && !defined(USE_GNUTLS)
{ "tls_ocsp_file", opt_stringptr, &tls_ocsp_file },
-#endif
- { "tls_on_connect_ports", opt_stringptr, &tls_on_connect_ports },
+# endif
+ { "tls_on_connect_ports", opt_stringptr, &tls_in.on_connect_ports },
{ "tls_privatekey", opt_stringptr, &tls_privatekey },
{ "tls_remember_esmtp", opt_bool, &tls_remember_esmtp },
{ "tls_require_ciphers", opt_stringptr, &tls_require_ciphers },
gid_t gid;
BOOL boolvalue = TRUE;
BOOL freesptr = TRUE;
-BOOL extra_condition = FALSE;
optionlist *ol, *ol2;
struct passwd *pw;
void *reset_point;
log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, CS unknown_txt, name);
}
-if ((ol->type & opt_set) != 0)
- {
- uschar *mname = name;
- if (Ustrncmp(mname, "no_", 3) == 0) mname += 3;
- if (Ustrcmp(mname, "condition") == 0)
- extra_condition = TRUE;
- else
- log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
- "\"%s\" option set for the second time", mname);
- }
+if ((ol->type & opt_set) && !(ol->type & (opt_rep_con | opt_rep_str)))
+ log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
+ "\"%s\" option set for the second time", name);
ol->type |= opt_set | issecure;
type = ol->type & opt_mask;
str_target = (uschar **)(ol->value);
else
str_target = (uschar **)((uschar *)data_block + (long int)(ol->value));
- if (extra_condition)
+ if (ol->type & opt_rep_con)
{
/* We already have a condition, we're conducting a crude hack to let
multiple condition rules be chained together, despite storing them in
strtemp = string_sprintf("${if and{{bool_lax{%s}}{bool_lax{%s}}}}",
saved_condition, sptr);
*str_target = string_copy_malloc(strtemp);
- /* TODO(pdp): there is a memory leak here when we set 3 or more
- conditions; I still don't understand the store mechanism enough
- to know what's the safe way to free content from an earlier store.
+ /* TODO(pdp): there is a memory leak here and just below
+ when we set 3 or more conditions; I still don't
+ understand the store mechanism enough to know
+ what's the safe way to free content from an earlier store.
AFAICT, stores stack, so freeing an early stored item also stores
all data alloc'd after it. If we knew conditions were adjacent,
we could survive that, but we don't. So I *think* we need to take
Because we only do this once, near process start-up, I'm prepared to
let this slide for the time being, even though it rankles. */
}
+ else if (*str_target && (ol->type & opt_rep_str))
+ {
+ uschar sep = Ustrncmp(name, "headers_add", 11)==0 ? '\n' : ':';
+ saved_condition = *str_target;
+ strtemp = saved_condition + Ustrlen(saved_condition)-1;
+ if (*strtemp == sep) *strtemp = 0; /* eliminate trailing list-sep */
+ strtemp = string_sprintf("%s%c%s", saved_condition, sep, sptr);
+ *str_target = string_copy_malloc(strtemp);
+ }
else
{
*str_target = sptr;
resides.
oltop points to the option list in which ol exists
last one more than the offset of the last entry in optop
+ no_labels do not show "foo = " at the start.
Returns: nothing
*/
static void
print_ol(optionlist *ol, uschar *name, void *options_block,
- optionlist *oltop, int last)
+ optionlist *oltop, int last, BOOL no_labels)
{
struct passwd *pw;
struct group *gr;
if (!admin_user && (ol->type & opt_secure) != 0)
{
- printf("%s = <value not displayable>\n", name);
+ const char * const hidden = "<value not displayable>";
+ if (no_labels)
+ printf("%s\n", hidden);
+ else
+ printf("%s = %s\n", name, hidden);
return;
}
case opt_stringptr:
case opt_rewrite: /* Show the text value */
s = *((uschar **)value);
- printf("%s = %s\n", name, (s == NULL)? US"" : string_printing2(s, FALSE));
+ if (!no_labels) printf("%s = ", name);
+ printf("%s\n", (s == NULL)? US"" : string_printing2(s, FALSE));
break;
case opt_int:
- printf("%s = %d\n", name, *((int *)value));
+ if (!no_labels) printf("%s = ", name);
+ printf("%d\n", *((int *)value));
break;
case opt_mkint:
c = 'M';
x >>= 10;
}
- printf("%s = %d%c\n", name, x, c);
+ if (!no_labels) printf("%s = ", name);
+ printf("%d%c\n", x, c);
+ }
+ else
+ {
+ if (!no_labels) printf("%s = ", name);
+ printf("%d\n", x);
}
- else printf("%s = %d\n", name, x);
}
break;
case opt_Kint:
{
int x = *((int *)value);
- if (x == 0) printf("%s = 0\n", name);
- else if ((x & 1023) == 0) printf("%s = %dM\n", name, x >> 10);
- else printf("%s = %dK\n", name, x);
+ if (!no_labels) printf("%s = ", name);
+ if (x == 0) printf("0\n");
+ else if ((x & 1023) == 0) printf("%dM\n", x >> 10);
+ else printf("%dK\n", x);
}
break;
case opt_octint:
- printf("%s = %#o\n", name, *((int *)value));
+ if (!no_labels) printf("%s = ", name);
+ printf("%#o\n", *((int *)value));
break;
/* Can be negative only when "unset", in which case integer */
int d = 100;
if (x < 0) printf("%s =\n", name); else
{
- printf("%s = %d.", name, x/1000);
+ if (!no_labels) printf("%s = ", name);
+ printf("%d.", x/1000);
do
{
printf("%d", f/d);
if (options_block != NULL)
value2 = (void *)((uschar *)options_block + (long int)value2);
s = *((uschar **)value2);
- printf("%s = %s\n", name, (s == NULL)? US"" : string_printing(s));
+ if (!no_labels) printf("%s = ", name);
+ printf("%s\n", (s == NULL)? US"" : string_printing(s));
break;
}
}
/* Else fall through */
case opt_uid:
+ if (!no_labels) printf("%s = ", name);
if (! *get_set_flag(name, oltop, last, options_block))
- printf("%s =\n", name);
+ printf("\n");
else
{
pw = getpwuid(*((uid_t *)value));
if (pw == NULL)
- printf("%s = %ld\n", name, (long int)(*((uid_t *)value)));
- else printf("%s = %s\n", name, pw->pw_name);
+ printf("%ld\n", (long int)(*((uid_t *)value)));
+ else printf("%s\n", pw->pw_name);
}
break;
if (options_block != NULL)
value2 = (void *)((uschar *)options_block + (long int)value2);
s = *((uschar **)value2);
- printf("%s = %s\n", name, (s == NULL)? US"" : string_printing(s));
+ if (!no_labels) printf("%s = ", name);
+ printf("%s\n", (s == NULL)? US"" : string_printing(s));
break;
}
}
/* Else fall through */
case opt_gid:
+ if (!no_labels) printf("%s = ", name);
if (! *get_set_flag(name, oltop, last, options_block))
- printf("%s =\n", name);
+ printf("\n");
else
{
gr = getgrgid(*((int *)value));
if (gr == NULL)
- printf("%s = %ld\n", name, (long int)(*((int *)value)));
- else printf("%s = %s\n", name, gr->gr_name);
+ printf("%ld\n", (long int)(*((int *)value)));
+ else printf("%s\n", gr->gr_name);
}
break;
case opt_uidlist:
uidlist = *((uid_t **)value);
- printf("%s =", name);
+ if (!no_labels) printf("%s =", name);
if (uidlist != NULL)
{
int i;
uschar sep = ' ';
+ if (no_labels) sep = '\0';
for (i = 1; i <= (int)(uidlist[0]); i++)
{
uschar *name = NULL;
pw = getpwuid(uidlist[i]);
if (pw != NULL) name = US pw->pw_name;
- if (name != NULL) printf("%c%s", sep, name);
- else printf("%c%ld", sep, (long int)(uidlist[i]));
+ if (sep != '\0') printf("%c", sep);
+ if (name != NULL) printf("%s", name);
+ else printf("%ld", (long int)(uidlist[i]));
sep = ':';
}
}
case opt_gidlist:
gidlist = *((gid_t **)value);
- printf("%s =", name);
+ if (!no_labels) printf("%s =", name);
if (gidlist != NULL)
{
int i;
uschar sep = ' ';
+ if (no_labels) sep = '\0';
for (i = 1; i <= (int)(gidlist[0]); i++)
{
uschar *name = NULL;
gr = getgrgid(gidlist[i]);
if (gr != NULL) name = US gr->gr_name;
- if (name != NULL) printf("%c%s", sep, name);
- else printf("%c%ld", sep, (long int)(gidlist[i]));
+ if (sep != '\0') printf("%c", sep);
+ if (name != NULL) printf("%s", name);
+ else printf("%ld", (long int)(gidlist[i]));
sep = ':';
}
}
break;
case opt_time:
- printf("%s = %s\n", name, readconf_printtime(*((int *)value)));
+ if (!no_labels) printf("%s = ", name);
+ printf("%s\n", readconf_printtime(*((int *)value)));
break;
case opt_timelist:
{
int i;
int *list = (int *)value;
- printf("%s = ", name);
+ if (!no_labels) printf("%s = ", name);
for (i = 0; i < list[1]; i++)
printf("%s%s", (i == 0)? "" : ":", readconf_printtime(list[i+2]));
printf("\n");
s = *((uschar **)value2);
if (s != NULL)
{
- printf("%s = %s\n", name, string_printing(s));
+ if (!no_labels) printf("%s = ", name);
+ printf("%s\n", string_printing(s));
break;
}
/* s == NULL => string not set; fall through */
Arguments:
name option name if type == NULL; else driver name
type NULL or driver type name, as described above
+ no_labels avoid the "foo = " at the start of an item
Returns: nothing
*/
void
-readconf_print(uschar *name, uschar *type)
+readconf_print(uschar *name, uschar *type, BOOL no_labels)
{
BOOL names_only = FALSE;
optionlist *ol;
if (t != NULL)
{
found = TRUE;
- printf("%slist %s = %s\n", types[i], name+1,
- ((namedlist_block *)(t->data.ptr))->string);
+ if (no_labels)
+ printf("%s\n", ((namedlist_block *)(t->data.ptr))->string);
+ else
+ printf("%slist %s = %s\n", types[i], name+1,
+ ((namedlist_block *)(t->data.ptr))->string);
}
}
ol < optionlist_config + optionlist_config_size; ol++)
{
if ((ol->type & opt_hidden) == 0)
- print_ol(ol, US ol->name, NULL, optionlist_config, optionlist_config_size);
+ print_ol(ol, US ol->name, NULL,
+ optionlist_config, optionlist_config_size,
+ no_labels);
}
return;
}
ol < local_scan_options + local_scan_options_count; ol++)
{
print_ol(ol, US ol->name, NULL, local_scan_options,
- local_scan_options_count);
+ local_scan_options_count, no_labels);
}
#endif
return;
else
{
print_ol(find_option(name, optionlist_config, optionlist_config_size),
- name, NULL, optionlist_config, optionlist_config_size);
+ name, NULL, optionlist_config, optionlist_config_size, no_labels);
return;
}
}
for (ol = ol2; ol < ol2 + size; ol++)
{
if ((ol->type & opt_hidden) == 0)
- print_ol(ol, US ol->name, d, ol2, size);
+ print_ol(ol, US ol->name, d, ol2, size, no_labels);
}
for (ol = d->info->options;
ol < d->info->options + *(d->info->options_count); ol++)
{
if ((ol->type & opt_hidden) == 0)
- print_ol(ol, US ol->name, d, d->info->options, *(d->info->options_count));
+ print_ol(ol, US ol->name, d, d->info->options, *(d->info->options_count), no_labels);
}
if (name != NULL) return;
}
pp = p;
while (mac_isgraph(*p)) p++;
if (p - pp <= 0) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN,
- "missing error type");
+ "missing error type in retry rule");
/* Test error names for things we understand. */
extern int dcc_ok;
#endif
+#ifdef EXPERIMENTAL_DMARC
+#include "dmarc.h"
+#endif /* EXPERIMENTAL_DMARC */
+
/*************************************************
* Local static variables *
*************************************************/
void
receive_bomb_out(uschar *reason, uschar *msg)
{
+ static BOOL already_bombing_out;
+/* The smtp_notquit_exit() below can call ACLs which can trigger recursive
+timeouts, if someone has something slow in their quit ACL. Since the only
+things we should be doing are to close down cleanly ASAP, on the second
+pass we also close down stuff that might be opened again, before bypassing
+the ACL call and exiting. */
+
/* If spool_name is set, it contains the name of the data file that is being
written. Unlink it before closing so that it cannot be picked up by a delivery
process. Ensure that any header file is also removed. */
-if (spool_name[0] != 0)
+if (spool_name[0] != '\0')
{
Uunlink(spool_name);
spool_name[Ustrlen(spool_name) - 1] = 'H';
Uunlink(spool_name);
+ spool_name[0] = '\0';
}
/* Now close the file if it is open, either as a fd or a stream. */
-if (data_file != NULL) (void)fclose(data_file);
- else if (data_fd >= 0) (void)close(data_fd);
+if (data_file != NULL)
+ {
+ (void)fclose(data_file);
+ data_file = NULL;
+} else if (data_fd >= 0) {
+ (void)close(data_fd);
+ data_fd = -1;
+ }
/* Attempt to close down an SMTP connection tidily. For non-batched SMTP, call
smtp_notquit_exit(), which runs the NOTQUIT ACL, if present, and handles the
SMTP response. */
-if (smtp_input)
+if (!already_bombing_out)
{
- if (smtp_batched_input)
- moan_smtp_batch(NULL, "421 %s - message abandoned", msg); /* No return */
- smtp_notquit_exit(reason, US"421", US"%s %s - closing connection.",
- smtp_active_hostname, msg);
+ already_bombing_out = TRUE;
+ if (smtp_input)
+ {
+ if (smtp_batched_input)
+ moan_smtp_batch(NULL, "421 %s - message abandoned", msg); /* No return */
+ smtp_notquit_exit(reason, US"421", US"%s %s - closing connection.",
+ smtp_active_hostname, msg);
+ }
}
/* Exit from the program (non-BSMTP cases) */
+/*************************************************
+* Send user response message *
+*************************************************/
+
+/* This function is passed a default response code and a user message. It calls
+smtp_message_code() to check and possibly modify the response code, and then
+calls smtp_respond() to transmit the response. I put this into a function
+just to avoid a lot of repetition.
+
+Arguments:
+ code the response code
+ user_msg the user message
+
+Returns: nothing
+*/
+
+#ifdef EXPERIMENTAL_PRDR
+static void
+smtp_user_msg(uschar *code, uschar *user_msg)
+{
+int len = 3;
+smtp_message_code(&code, &len, &user_msg, NULL);
+smtp_respond(code, len, TRUE, user_msg);
+}
+#endif
+
+
+
+
+
/*************************************************
* Remove a recipient from the list *
*************************************************/
read_message_data_smtp(FILE *fout)
{
int ch_state = 0;
-register int ch;
+int ch;
register int linelength = 0;
while ((ch = (receive_getc)()) != EOF)
{
message_size++;
if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
+ (void) cutthrough_put_nl();
if (ch != '\r') ch_state = 1; else continue;
}
break;
message_size++;
body_linecount++;
if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR;
+ (void) cutthrough_put_nl();
if (ch == '\r')
{
ch_state = 2;
if (fputc(ch, fout) == EOF) return END_WERROR;
if (message_size > thismessage_size_limit) return END_SIZE;
}
+ if(ch == '\n')
+ (void) cutthrough_put_nl();
+ else
+ {
+ uschar c= ch;
+ (void) cutthrough_puts(&c, 1);
+ }
}
/* Fall through here if EOF encountered. This indicates some kind of error,
header_line *h, *next;
header_line *last_received = NULL;
+if (acl_removed_headers != NULL)
+ {
+ DEBUG(D_receive|D_acl) debug_printf(">>Headers removed by %s ACL:\n", acl_name);
+
+ for (h = header_list; h != NULL; h = h->next)
+ {
+ uschar *list;
+ BOOL include_header;
+
+ if (h->type == htype_old) continue;
+
+ include_header = TRUE;
+ list = acl_removed_headers;
+
+ int sep = ':'; /* This is specified as a colon-separated list */
+ uschar *s;
+ uschar buffer[128];
+ while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
+ != NULL)
+ {
+ int len = Ustrlen(s);
+ if (header_testname(h, s, len, FALSE))
+ {
+ h->type = htype_old;
+ DEBUG(D_receive|D_acl) debug_printf(" %s", h->text);
+ }
+ }
+ }
+ acl_removed_headers = NULL;
+ DEBUG(D_receive|D_acl) debug_printf(">>\n");
+ }
+
if (acl_added_headers == NULL) return;
DEBUG(D_receive|D_acl) debug_printf(">>Headers added by %s ACL:\n", acl_name);
#endif /* WITH_CONTENT_SCAN */
+
+void
+received_header_gen(void)
+{
+uschar *received;
+uschar *timestamp;
+header_line *received_header= header_list;
+
+timestamp = expand_string(US"${tod_full}");
+if (recipients_count == 1) received_for = recipients_list[0].address;
+received = expand_string(received_header_text);
+received_for = NULL;
+
+if (received == NULL)
+ {
+ if(spool_name[0] != 0)
+ Uunlink(spool_name); /* Lose the data file */
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" "
+ "(received_header_text) failed: %s", string_printing(received_header_text),
+ expand_string_message);
+ }
+
+/* The first element on the header chain is reserved for the Received header,
+so all we have to do is fill in the text pointer, and set the type. However, if
+the result of the expansion is an empty string, we leave the header marked as
+"old" so as to refrain from adding a Received header. */
+
+if (received[0] == 0)
+ {
+ received_header->text = string_sprintf("Received: ; %s\n", timestamp);
+ received_header->type = htype_old;
+ }
+else
+ {
+ received_header->text = string_sprintf("%s; %s\n", received, timestamp);
+ received_header->type = htype_received;
+ }
+
+received_header->slen = Ustrlen(received_header->text);
+
+DEBUG(D_receive) debug_printf(">>Generated Received: header line\n%c %s",
+ received_header->type, received_header->text);
+}
+
+
+
/*************************************************
* Receive message *
*************************************************/
both. The flag sender_local is true for locally generated messages. The flag
submission_mode is true if an ACL has obeyed "control = submission". The flag
suppress_local_fixups is true if an ACL has obeyed "control =
-suppress_local_fixups". The flag smtp_input is true if the message is to be
+suppress_local_fixups" or -G was passed on the command-line.
+The flag smtp_input is true if the message is to be
handled using SMTP conventions about termination and lines starting with dots.
For non-SMTP messages, dot_ends is true for dot-terminated messages.
uschar *resent_prefix = US"";
uschar *blackholed_by = NULL;
uschar *blackhole_log_msg = US"";
+enum {NOT_TRIED, TMP_REJ, PERM_REJ, ACCEPTED} cutthrough_done;
flock_t lock_data;
error_block *bad_addresses = NULL;
header_line *msgid_header = NULL;
header_line *received_header;
+#ifdef EXPERIMENTAL_DMARC
+int dmarc_up = 0;
+#endif /* EXPERIMENTAL_DMARC */
+
/* Variables for use when building the Received: header. */
-uschar *received;
uschar *timestamp;
int tslen;
search_tidyup();
+/* Extracting the recipient list from an input file is incompatible with
+cutthrough delivery with the no-spool option. It shouldn't be possible
+to set up the combination, but just in case kill any ongoing connection. */
+if (extract_recip || !smtp_input)
+ cancel_cutthrough_connection("not smtp input");
+
/* Initialize the chain of headers by setting up a place-holder for Received:
header. Temporarily mark it as "old", i.e. not to be used. We keep header_last
pointing to the end of the chain to make adding headers simple. */
if (smtp_input && !smtp_batched_input && !dkim_disable_verify) dkim_exim_verify_init();
#endif
+#ifdef EXPERIMENTAL_DMARC
+/* initialize libopendmarc */
+dmarc_up = dmarc_init();
+#endif
+
/* Remember the time of reception. Exim uses time+pid for uniqueness of message
ids, and fractions of a second are required. See the comments that precede the
message id creation below. */
from_header = h;
if (!smtp_input)
{
+ int len;
uschar *s = Ustrchr(h->text, ':') + 1;
while (isspace(*s)) s++;
- if (strncmpic(s, originator_login, h->slen - (s - h->text) - 1) == 0)
+ len = h->slen - (s - h->text) - 1;
+ if (Ustrlen(originator_login) == len &&
+ strncmpic(s, originator_login, len) == 0)
{
uschar *name = is_resent? US"Resent-From" : US"From";
header_add(htype_from, "%s: %s <%s@%s>\n", name, originator_name,
}
}
-
/* If there are any rewriting rules, apply them to the sender address, unless
it has already been rewritten as part of verification for SMTP input. */
return message_ended == END_DOT;
}
+/* Cutthrough delivery:
+ We have to create the Received header now rather than at the end of reception,
+ so the timestamp behaviour is a change to the normal case.
+ XXX Ensure this gets documented XXX.
+ Having created it, send the headers to the destination.
+*/
+if (cutthrough_fd >= 0)
+ {
+ if (received_count > received_headers_max)
+ {
+ cancel_cutthrough_connection("too many headers");
+ if (smtp_input) receive_swallow_smtp(); /* Swallow incoming SMTP */
+ log_write(0, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: "
+ "Too many \"Received\" headers",
+ sender_address,
+ (sender_fullhost == NULL)? "" : " H=",
+ (sender_fullhost == NULL)? US"" : sender_fullhost,
+ (sender_ident == NULL)? "" : " U=",
+ (sender_ident == NULL)? US"" : sender_ident);
+ message_id[0] = 0; /* Indicate no message accepted */
+ smtp_reply = US"550 Too many \"Received\" headers - suspected mail loop";
+ goto TIDYUP; /* Skip to end of function */
+ }
+ received_header_gen();
+ add_acl_headers(US"MAIL or RCPT");
+ (void) cutthrough_headers_send();
+ }
+
+
/* Open a new spool file for the data portion of the message. We need
to access it both via a file descriptor and a stream. Try to make the
directory if it isn't there. Note re use of sprintf: spool_directory
/* Make sure the file's group is the Exim gid, and double-check the mode
because the group setting doesn't always get set automatically. */
-(void)fchown(data_fd, exim_uid, exim_gid);
+if (fchown(data_fd, exim_uid, exim_gid))
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE,
+ "Failed setting ownership on spool file %s: %s",
+ spool_name, strerror(errno));
(void)fchmod(data_fd, SPOOL_MODE);
/* We now have data file open. Build a stream for it and lock it. We lock only
{
uschar *s = next->text;
int len = next->slen;
- (void)fwrite(s, 1, len, data_file);
+ len = fwrite(s, 1, len, data_file); len = len; /* compiler quietening */
body_linecount++; /* Assumes only 1 line */
}
if (smtp_input && message_ended == END_EOF)
{
Uunlink(spool_name); /* Lose data file when closed */
+ cancel_cutthrough_connection("sender closed connection");
message_id[0] = 0; /* Indicate no message accepted */
smtp_reply = handle_lost_connection(US"");
smtp_yield = FALSE;
if (message_ended == END_SIZE)
{
Uunlink(spool_name); /* Lose the data file when closed */
+ cancel_cutthrough_connection("mail too big");
if (smtp_input) receive_swallow_smtp(); /* Swallow incoming SMTP */
log_write(L_size_reject, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: "
log_write(0, LOG_MAIN, "Message abandoned: %s", msg);
Uunlink(spool_name); /* Lose the data file */
+ cancel_cutthrough_connection("error writing spoolfile");
if (smtp_input)
{
Note: the checking for too many Received: headers is handled by the delivery
code. */
+/*XXX eventually add excess Received: check for cutthrough case back when classifying them */
-timestamp = expand_string(US"${tod_full}");
-if (recipients_count == 1) received_for = recipients_list[0].address;
-received = expand_string(received_header_text);
-received_for = NULL;
-
-if (received == NULL)
- {
- Uunlink(spool_name); /* Lose the data file */
- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" "
- "(received_header_text) failed: %s", string_printing(received_header_text),
- expand_string_message);
- }
-
-/* The first element on the header chain is reserved for the Received header,
-so all we have to do is fill in the text pointer, and set the type. However, if
-the result of the expansion is an empty string, we leave the header marked as
-"old" so as to refrain from adding a Received header. */
-
-if (received[0] == 0)
+if (received_header->text == NULL) /* Non-cutthrough case */
{
- received_header->text = string_sprintf("Received: ; %s\n", timestamp);
- received_header->type = htype_old;
- }
-else
- {
- received_header->text = string_sprintf("%s; %s\n", received, timestamp);
- received_header->type = htype_received;
- }
+ received_header_gen();
-received_header->slen = Ustrlen(received_header->text);
+ /* Set the value of message_body_size for the DATA ACL and for local_scan() */
-DEBUG(D_receive) debug_printf(">>Generated Received: header line\n%c %s",
- received_header->type, received_header->text);
-
-/* Set the value of message_body_size for the DATA ACL and for local_scan() */
+ message_body_size = (fstat(data_fd, &statbuf) == 0)?
+ statbuf.st_size - SPOOL_DATA_START_OFFSET : -1;
-message_body_size = (fstat(data_fd, &statbuf) == 0)?
- statbuf.st_size - SPOOL_DATA_START_OFFSET : -1;
+ /* If an ACL from any RCPT commands set up any warning headers to add, do so
+ now, before running the DATA ACL. */
-/* If an ACL from any RCPT commands set up any warning headers to add, do so
-now, before running the DATA ACL. */
-
-add_acl_headers(US"MAIL or RCPT");
+ add_acl_headers(US"MAIL or RCPT");
+ }
+else
+ message_body_size = (fstat(data_fd, &statbuf) == 0)?
+ statbuf.st_size - SPOOL_DATA_START_OFFSET : -1;
/* If an ACL is specified for checking things at this stage of reception of a
message, run it, unless all the recipients were removed by "discard" in earlier
uschar seen_item_buf[256];
uschar *seen_items_list = seen_items;
int seen_this_item = 0;
-
+
while ((seen_item = string_nextinlist(&seen_items_list, &sep,
seen_item_buf,
sizeof(seen_item_buf))) != NULL)
{
seen_this_item = 1;
break;
- }
+ }
}
if (seen_this_item > 0)
debug_printf("acl_smtp_dkim: skipping signer %s, already seen\n", item);
continue;
}
-
+
seen_items = string_append(seen_items,&seen_items_size,&seen_items_offset,1,":");
}
{
DEBUG(D_receive)
debug_printf("acl_smtp_dkim: acl_check returned %d on %s, skipping remaining items\n", rc, item);
+ cancel_cutthrough_connection("dkim acl not ok");
break;
}
}
goto TIDYUP;
#endif /* WITH_CONTENT_SCAN */
+#ifdef EXPERIMENTAL_DMARC
+ dmarc_up = dmarc_store_data(from_header);
+#endif /* EXPERIMENTAL_DMARC */
+
+#ifdef EXPERIMENTAL_PRDR
+ if (prdr_requested && recipients_count > 1 && acl_smtp_data_prdr != NULL )
+ {
+ unsigned int c;
+ int all_pass = OK;
+ int all_fail = FAIL;
+
+ smtp_printf("353 PRDR content analysis beginning\r\n");
+ /* Loop through recipients, responses must be in same order received */
+ for (c = 0; recipients_count > c; c++)
+ {
+ uschar * addr= recipients_list[c].address;
+ uschar * msg= US"PRDR R=<%s> %s";
+ uschar * code;
+ DEBUG(D_receive)
+ debug_printf("PRDR processing recipient %s (%d of %d)\n",
+ addr, c+1, recipients_count);
+ rc = acl_check(ACL_WHERE_PRDR, addr,
+ acl_smtp_data_prdr, &user_msg, &log_msg);
+
+ /* If any recipient rejected content, indicate it in final message */
+ all_pass |= rc;
+ /* If all recipients rejected, indicate in final message */
+ all_fail &= rc;
+
+ switch (rc)
+ {
+ case OK: case DISCARD: code = US"250"; break;
+ case DEFER: code = US"450"; break;
+ default: code = US"550"; break;
+ }
+ if (user_msg != NULL)
+ smtp_user_msg(code, user_msg);
+ else
+ {
+ switch (rc)
+ {
+ case OK: case DISCARD:
+ msg = string_sprintf(CS msg, addr, "acceptance"); break;
+ case DEFER:
+ msg = string_sprintf(CS msg, addr, "temporary refusal"); break;
+ default:
+ msg = string_sprintf(CS msg, addr, "refusal"); break;
+ }
+ smtp_user_msg(code, msg);
+ }
+ if (log_msg) log_write(0, LOG_MAIN, "PRDR %s %s", addr, log_msg);
+ else if (user_msg) log_write(0, LOG_MAIN, "PRDR %s %s", addr, user_msg);
+ else log_write(0, LOG_MAIN, CS msg);
+
+ if (rc != OK) { receive_remove_recipient(addr); c--; }
+ }
+ /* Set up final message, used if data acl gives OK */
+ smtp_reply = string_sprintf("%s id=%s message %s",
+ all_fail == FAIL ? US"550" : US"250",
+ message_id,
+ all_fail == FAIL
+ ? US"rejected for all recipients"
+ : all_pass == OK
+ ? US"accepted"
+ : US"accepted for some recipients");
+ if (recipients_count == 0)
+ {
+ message_id[0] = 0; /* Indicate no message accepted */
+ goto TIDYUP;
+ }
+ }
+ else
+ prdr_requested = FALSE;
+#endif /* EXPERIMENTAL_PRDR */
+
/* Check the recipients count again, as the MIME ACL might have changed
them. */
blackholed_by = US"DATA ACL";
if (log_msg != NULL)
blackhole_log_msg = string_sprintf(": %s", log_msg);
+ cancel_cutthrough_connection("data acl discard");
}
else if (rc != OK)
{
Uunlink(spool_name);
+ cancel_cutthrough_connection("data acl not ok");
#ifdef WITH_CONTENT_SCAN
unspool_mbox();
#endif
signal(SIGTERM, SIG_IGN);
signal(SIGINT, SIG_IGN);
+
/* Ensure the first time flag is set in the newly-received message. */
deliver_firsttime = TRUE;
s = add_host_info_for_log(s, &size, &sptr);
#ifdef SUPPORT_TLS
-if ((log_extra_selector & LX_tls_cipher) != 0 && tls_cipher != NULL)
- s = string_append(s, &size, &sptr, 2, US" X=", tls_cipher);
+if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL)
+ s = string_append(s, &size, &sptr, 2, US" X=", tls_in.cipher);
if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
- tls_cipher != NULL)
+ tls_in.cipher != NULL)
s = string_append(s, &size, &sptr, 2, US" CV=",
- tls_certificate_verified? "yes":"no");
-if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_peerdn != NULL)
+ tls_in.certificate_verified? "yes":"no");
+if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL)
s = string_append(s, &size, &sptr, 3, US" DN=\"",
- string_printing(tls_peerdn), US"\"");
-if ((log_extra_selector & LX_tls_sni) != 0 && tls_sni != NULL)
+ string_printing(tls_in.peerdn), US"\"");
+if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL)
s = string_append(s, &size, &sptr, 3, US" SNI=\"",
- string_printing(tls_sni), US"\"");
+ string_printing(tls_in.sni), US"\"");
#endif
if (sender_host_authenticated != NULL)
{
s = string_append(s, &size, &sptr, 2, US" A=", sender_host_authenticated);
if (authenticated_id != NULL)
+ {
s = string_append(s, &size, &sptr, 2, US":", authenticated_id);
+ if (log_extra_selector & LX_smtp_mailauth && authenticated_sender != NULL)
+ s = string_append(s, &size, &sptr, 2, US":", authenticated_sender);
+ }
}
+#ifdef EXPERIMENTAL_PRDR
+if (prdr_requested)
+ s = string_append(s, &size, &sptr, 1, US" PRDR");
+#endif
+
sprintf(CS big_buffer, "%d", msg_size);
s = string_append(s, &size, &sptr, 2, US" S=", big_buffer);
+/* log 8BITMIME mode announced in MAIL_FROM
+ 0 ... no BODY= used
+ 7 ... 7BIT
+ 8 ... 8BITMIME */
+if (log_extra_selector & LX_8bitmime)
+ {
+ sprintf(CS big_buffer, "%d", body_8bitmime);
+ s = string_append(s, &size, &sptr, 2, US" M8S=", big_buffer);
+ }
+
/* If an addr-spec in a message-id contains a quoted string, it can contain
any characters except " \ and CR and so in particular it can contain NL!
Therefore, make sure we use a printing-characters only version for the log.
/* Create a message log file if message logs are being used and this message is
not blackholed. Write the reception stuff to it. We used to leave message log
-creation until the first delivery, but this has proved confusing for somep
+creation until the first delivery, but this has proved confusing for some
people. */
if (message_logs && blackholed_by == NULL)
/* The connection has not gone away; we really are going to take responsibility
for this message. */
-log_write(0, LOG_MAIN |
- (((log_extra_selector & LX_received_recipients) != 0)? LOG_RECIPIENTS : 0) |
- (((log_extra_selector & LX_received_sender) != 0)? LOG_SENDER : 0),
- "%s", s);
-receive_call_bombout = FALSE;
+/* Cutthrough - had sender last-dot; assume we've sent (or bufferred) all
+ data onward by now.
+
+ Send dot onward. If accepted, wipe the spooled files, log as delivered and accept
+ the sender's dot (below).
+ If rejected: copy response to sender, wipe the spooled files, log approriately.
+ If temp-reject: accept to sender, keep the spooled files.
+
+ Having the normal spool files lets us do data-filtering, and store/forward on temp-reject.
+
+ XXX We do not handle queue-only, freezing, or blackholes.
+*/
+cutthrough_done = NOT_TRIED;
+if(cutthrough_fd >= 0)
+ {
+ uschar * msg= cutthrough_finaldot(); /* Ask the target system to accept the messsage */
+ /* Logging was done in finaldot() */
+ switch(msg[0])
+ {
+ case '2': /* Accept. Do the same to the source; dump any spoolfiles. */
+ cutthrough_done = ACCEPTED;
+ break; /* message_id needed for SMTP accept below */
+
+ default: /* Unknown response, or error. Treat as temp-reject. */
+ case '4': /* Temp-reject. Keep spoolfiles and accept. */
+ cutthrough_done = TMP_REJ; /* Avoid the usual immediate delivery attempt */
+ break; /* message_id needed for SMTP accept below */
+
+ case '5': /* Perm-reject. Do the same to the source. Dump any spoolfiles */
+ smtp_reply= msg; /* Pass on the exact error */
+ cutthrough_done = PERM_REJ;
+ break;
+ }
+ }
-/* Log any control actions taken by an ACL or local_scan(). */
+if(smtp_reply == NULL
+#ifdef EXPERIMENTAL_PRDR
+ || prdr_requested
+#endif
+ )
+ {
+ log_write(0, LOG_MAIN |
+ (((log_extra_selector & LX_received_recipients) != 0)? LOG_RECIPIENTS : 0) |
+ (((log_extra_selector & LX_received_sender) != 0)? LOG_SENDER : 0),
+ "%s", s);
-if (deliver_freeze) log_write(0, LOG_MAIN, "frozen by %s", frozen_by);
-if (queue_only_policy) log_write(L_delay_delivery, LOG_MAIN,
- "no immediate delivery: queued by %s", queued_by);
+ /* Log any control actions taken by an ACL or local_scan(). */
+
+ if (deliver_freeze) log_write(0, LOG_MAIN, "frozen by %s", frozen_by);
+ if (queue_only_policy) log_write(L_delay_delivery, LOG_MAIN,
+ "no immediate delivery: queued by %s", queued_by);
+ }
+receive_call_bombout = FALSE;
store_reset(s); /* The store for the main log message can be reused */
possible for fclose() to fail - but what to do? What has happened to the lock
if this happens? */
+
TIDYUP:
process_info[process_info_len] = 0; /* Remove message id */
if (data_file != NULL) (void)fclose(data_file); /* Frees the lock */
else
smtp_printf("%.1024s\r\n", smtp_reply);
}
+
+ switch (cutthrough_done)
+ {
+ case ACCEPTED: log_write(0, LOG_MAIN, "Completed");/* Delivery was done */
+ case PERM_REJ: { /* Delete spool files */
+ sprintf(CS spool_name, "%s/input/%s/%s-D", spool_directory,
+ message_subdir, message_id);
+ Uunlink(spool_name);
+ sprintf(CS spool_name, "%s/input/%s/%s-H", spool_directory,
+ message_subdir, message_id);
+ Uunlink(spool_name);
+ sprintf(CS spool_name, "%s/msglog/%s/%s", spool_directory,
+ message_subdir, message_id);
+ Uunlink(spool_name);
+ }
+ case TMP_REJ: message_id[0] = 0; /* Prevent a delivery from starting */
+ default:break;
+ }
+ cutthrough_delivery = FALSE;
}
/* For batched SMTP, generate an error message on failure, and do
*************************************************/
/* This function tests whether a message has been on the queue longer than
-the maximum retry time for a particular host.
+the maximum retry time for a particular host or address.
Arguments:
- host_key the key to look up a host retry rule
+ retry_key the key to look up a retry rule
domain the domain to look up a domain retry rule
- basic_errno a specific error number, or zero if none
- more_errno additional data for the error
+ retry_record contains error information for finding rule
now the time
Returns: TRUE if the ultimate timeout has been reached
*/
-static BOOL
-ultimate_address_timeout(uschar *host_key, uschar *domain, int basic_errno,
- int more_errno, time_t now)
+BOOL
+retry_ultimate_address_timeout(uschar *retry_key, uschar *domain,
+ dbdata_retry *retry_record, time_t now)
{
-BOOL address_timeout = TRUE; /* no rule => timed out */
+BOOL address_timeout;
+
+DEBUG(D_retry)
+ {
+ debug_printf("retry time not reached: checking ultimate address timeout\n");
+ debug_printf(" now=%d first_failed=%d next_try=%d expired=%d\n",
+ (int)now, (int)retry_record->first_failed,
+ (int)retry_record->next_try, retry_record->expired);
+ }
retry_config *retry =
- retry_find_config(host_key+2, domain, basic_errno, more_errno);
+ retry_find_config(retry_key+2, domain,
+ retry_record->basic_errno, retry_record->more_errno);
if (retry != NULL && retry->rules != NULL)
{
for (last_rule = retry->rules;
last_rule->next != NULL;
last_rule = last_rule->next);
- DEBUG(D_transport|D_retry)
+ DEBUG(D_retry)
debug_printf(" received_time=%d diff=%d timeout=%d\n",
received_time, (int)(now - received_time), last_rule->timeout);
address_timeout = (now - received_time > last_rule->timeout);
}
else
{
- DEBUG(D_transport|D_retry)
+ DEBUG(D_retry)
debug_printf("no retry rule found: assume timed out\n");
+ address_timeout = TRUE;
}
+DEBUG(D_retry)
+ if (address_timeout)
+ debug_printf("on queue longer than maximum retry for address - "
+ "allowing delivery\n");
+
return address_timeout;
}
if (now < host_retry_record->next_try && !deliver_force)
{
- DEBUG(D_transport|D_retry)
- {
- debug_printf("host retry time not reached: checking ultimate address "
- "timeout\n");
- debug_printf(" now=%d first_failed=%d next_try=%d expired=%d\n",
- (int)now, (int)host_retry_record->first_failed,
- (int)host_retry_record->next_try,
- host_retry_record->expired);
- }
-
if (!host_retry_record->expired &&
- ultimate_address_timeout(host_key, domain,
- host_retry_record->basic_errno, host_retry_record->more_errno, now))
- {
- DEBUG(D_transport|D_retry)
- debug_printf("on queue longer than maximum retry for "
- "address - allowing delivery\n");
+ retry_ultimate_address_timeout(host_key, domain,
+ host_retry_record, now))
return FALSE;
- }
/* We have not hit the ultimate address timeout; host is unusable. */
*retry_message_key = message_key;
if (now < message_retry_record->next_try && !deliver_force)
{
- DEBUG(D_transport|D_retry)
- {
- debug_printf("host+message retry time not reached: checking ultimate "
- "address timeout\n");
- debug_printf(" now=%d first_failed=%d next_try=%d expired=%d\n",
- (int)now, (int)message_retry_record->first_failed,
- (int)message_retry_record->next_try, message_retry_record->expired);
- }
- if (!ultimate_address_timeout(host_key, domain, 0, 0, now))
+ if (!retry_ultimate_address_timeout(host_key, domain,
+ message_retry_record, now))
{
host->status = hstatus_unusable;
host->why = hwhy_retry;
}
- else
- {
- DEBUG(D_transport|D_retry)
- debug_printf("on queue longer than maximum retry for "
- "address - allowing delivery\n");
- }
return FALSE;
}
}
(void *)(offsetof(router_instance, caseful_local_part)) },
{ "check_local_user", opt_bool | opt_public,
(void *)(offsetof(router_instance, check_local_user)) },
- { "condition", opt_stringptr|opt_public,
+ { "condition", opt_stringptr|opt_public|opt_rep_con,
(void *)offsetof(router_instance, condition) },
{ "debug_print", opt_stringptr | opt_public,
(void *)offsetof(router_instance, debug_string) },
(void *)offsetof(router_instance, fallback_hosts) },
{ "group", opt_expand_gid | opt_public,
(void *)(offsetof(router_instance, gid)) },
- { "headers_add", opt_stringptr|opt_public,
+ { "headers_add", opt_stringptr|opt_public|opt_rep_str,
(void *)offsetof(router_instance, extra_headers) },
- { "headers_remove", opt_stringptr|opt_public,
+ { "headers_remove", opt_stringptr|opt_public|opt_rep_str,
(void *)offsetof(router_instance, remove_headers) },
{ "ignore_target_hosts",opt_stringptr|opt_public,
(void *)offsetof(router_instance, ignore_target_hosts) },
/* Set the expansion variables now that we have the affixes and the case of
the local part sorted. */
+ router_name = r->name;
deliver_set_expansions(addr);
/* For convenience, the pre-router checks are in a separate function, which
if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK)
{
+ router_name = NULL;
if (rc == SKIP) continue;
addr->message = error;
yield = rc;
{
DEBUG(D_route)
debug_printf("\"more\"=false: skipping remaining routers\n");
+ router_name = NULL;
r = NULL;
break;
}
yield = (r->info->code)(r, addr, pw, verify, paddr_local, paddr_remote,
addr_new, addr_succeed);
+ router_name = NULL;
+
if (yield == FAIL)
{
HDEBUG(D_route) debug_printf("%s router forced address failure\n", r->name);
}
deliver_set_expansions(NULL);
+router_name = NULL;
disable_logging = FALSE;
return yield;
}
struct Notification *next;
};
+/* This should be a complete list of supported extensions, so that an external
+ManageSieve (RFC 5804) program can interrogate the current Exim binary for the
+list of extensions and provide correct information to a client.
+
+We'll emit the list in the order given here; keep it alphabetically sorted, so
+that callers don't get surprised.
+
+List *MUST* end with a NULL. Which at least makes ifdef-vs-comma easier. */
+
+const uschar *exim_sieve_extension_list[] = {
+ CUS"comparator-i;ascii-numeric",
+ CUS"copy",
+#ifdef ENCODED_CHARACTER
+ CUS"encoded-character",
+#endif
+#ifdef ENOTIFY
+ CUS"enotify",
+#endif
+ CUS"envelope",
+#ifdef ENVELOPE_AUTH
+ CUS"envelope-auth",
+#endif
+ CUS"fileinto",
+#ifdef SUBADDRESS
+ CUS"subaddress",
+#endif
+#ifdef VACATION
+ CUS"vacation",
+#endif
+ NULL
+};
+
static int eq_asciicase(const struct String *needle, const struct String *haystack, int match_prefix);
static int parse_test(struct Sieve *filter, int *cond, int exec);
static int parse_commands(struct Sieve *filter, int exec, address_item **generated);
#define pauthed 2 /* added to pextend */
#define pnlocal 6 /* offset to remove "local" */
+/* Sanity check and validate optional args to MAIL FROM: envelope */
+enum {
+ ENV_MAIL_OPT_SIZE, ENV_MAIL_OPT_BODY, ENV_MAIL_OPT_AUTH,
+#ifdef EXPERIMENTAL_PRDR
+ ENV_MAIL_OPT_PRDR,
+#endif
+ ENV_MAIL_OPT_NULL
+ };
+typedef struct {
+ uschar * name; /* option requested during MAIL cmd */
+ int value; /* enum type */
+ BOOL need_value; /* TRUE requires value (name=value pair format)
+ FALSE is a singleton */
+ } env_mail_type_t;
+static env_mail_type_t env_mail_type_list[] = {
+ { US"SIZE", ENV_MAIL_OPT_SIZE, TRUE },
+ { US"BODY", ENV_MAIL_OPT_BODY, TRUE },
+ { US"AUTH", ENV_MAIL_OPT_AUTH, TRUE },
+#ifdef EXPERIMENTAL_PRDR
+ { US"PRDR", ENV_MAIL_OPT_PRDR, FALSE },
+#endif
+ { US"NULL", ENV_MAIL_OPT_NULL, FALSE }
+ };
+
/* When reading SMTP from a remote host, we have to use our own versions of the
C input-reading functions, in order to be able to flush the SMTP output only
when about to read more data from the socket. This is the only way to get
/* Now write the string */
#ifdef SUPPORT_TLS
-if (tls_active >= 0)
+if (tls_in.active >= 0)
{
- if (tls_write(big_buffer, Ustrlen(big_buffer)) < 0) smtp_write_error = -1;
+ if (tls_write(TRUE, big_buffer, Ustrlen(big_buffer)) < 0)
+ smtp_write_error = -1;
}
else
#endif
int
smtp_fflush(void)
{
-if (tls_active < 0 && fflush(smtp_out) != 0) smtp_write_error = -1;
+if (tls_in.active < 0 && fflush(smtp_out) != 0) smtp_write_error = -1;
return smtp_write_error;
}
sig = sig; /* Keep picky compilers happy */
log_write(L_lost_incoming_connection,
LOG_MAIN, "SMTP command timeout on%s connection from %s",
- (tls_active >= 0)? " TLS" : "",
+ (tls_in.active >= 0)? " TLS" : "",
host_and_ident(FALSE));
if (smtp_batched_input)
moan_smtp_batch(NULL, "421 SMTP command timeout"); /* Does not return */
struct timeval tzero;
if (!smtp_enforce_sync || sender_host_address == NULL ||
- sender_host_notsocket || tls_active >= 0)
+ sender_host_notsocket || tls_in.active >= 0)
return TRUE;
fd = fileno(smtp_in);
}
#ifdef SUPPORT_TLS
-if ((log_extra_selector & LX_tls_cipher) != 0 && tls_cipher != NULL)
- s = string_append(s, &size, &ptr, 2, US" X=", tls_cipher);
+if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL)
+ s = string_append(s, &size, &ptr, 2, US" X=", tls_in.cipher);
if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
- tls_cipher != NULL)
+ tls_in.cipher != NULL)
s = string_append(s, &size, &ptr, 2, US" CV=",
- tls_certificate_verified? "yes":"no");
-if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_peerdn != NULL)
+ tls_in.certificate_verified? "yes":"no");
+if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL)
s = string_append(s, &size, &ptr, 3, US" DN=\"",
- string_printing(tls_peerdn), US"\"");
-if ((log_extra_selector & LX_tls_sni) != 0 && tls_sni != NULL)
+ string_printing(tls_in.peerdn), US"\"");
+if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL)
s = string_append(s, &size, &ptr, 3, US" SNI=\"",
- string_printing(tls_sni), US"\"");
+ string_printing(tls_in.sni), US"\"");
#endif
sep = (smtp_connection_had[SMTP_HBUFF_SIZE-1] != SCH_NONE)?
uschar *v = smtp_cmd_data + Ustrlen(smtp_cmd_data) - 1;
while (isspace(*v)) v--;
v[1] = 0;
-
while (v > smtp_cmd_data && *v != '=' && !isspace(*v)) v--;
-if (*v != '=') return FALSE;
n = v;
-while(isalpha(n[-1])) n--;
-
-/* RFC says SP, but TAB seen in wild and other major MTAs accept it */
-if (!isspace(n[-1])) return FALSE;
-
-n[-1] = 0;
-*name = n;
+if (*v == '=')
+{
+ while(isalpha(n[-1])) n--;
+ /* RFC says SP, but TAB seen in wild and other major MTAs accept it */
+ if (!isspace(n[-1])) return FALSE;
+ n[-1] = 0;
+}
+else
+{
+ n++;
+ if (v == smtp_cmd_data) return FALSE;
+}
*v++ = 0;
+*name = n;
*value = v;
return TRUE;
}
recipients_list = NULL;
rcpt_count = rcpt_defer_count = rcpt_fail_count =
raw_recipients_count = recipients_count = recipients_list_max = 0;
+cancel_cutthrough_connection("smtp reset");
message_linecount = 0;
message_size = -1;
acl_added_headers = NULL;
+acl_removed_headers = NULL;
queue_only_policy = FALSE;
rcpt_smtp_response = NULL;
rcpt_smtp_response_same = TRUE;
no_mbox_unspool = FALSE; /* Can be set by ACL */
#endif
submission_mode = FALSE; /* Can be set by ACL */
-suppress_local_fixups = FALSE; /* Can be set by ACL */
+suppress_local_fixups = suppress_local_fixups_default; /* Can be set by ACL */
active_local_from_check = local_from_check; /* Can be set by ACL */
active_local_sender_retain = local_sender_retain; /* Can be set by ACL */
sender_address = NULL;
authenticated_by = NULL;
#ifdef SUPPORT_TLS
-tls_cipher = tls_peerdn = NULL;
+tls_in.cipher = tls_in.peerdn = NULL;
tls_advertised = FALSE;
#endif
smtps port for use with older style SSL MTAs. */
#ifdef SUPPORT_TLS
- if (tls_on_connect &&
- tls_server_start(tls_require_ciphers) != OK)
+ if (tls_in.on_connect && tls_server_start(tls_require_ciphers) != OK)
return FALSE;
#endif
#endif
(where == ACL_WHERE_PREDATA)? US"DATA" :
(where == ACL_WHERE_DATA)? US"after DATA" :
+#ifdef EXPERIMENTAL_PRDR
+ (where == ACL_WHERE_PRDR)? US"after DATA PRDR" :
+#endif
(smtp_cmd_data == NULL)?
string_sprintf("%s in \"connect\" ACL", acl_wherenames[where]) :
string_sprintf("%s %s", acl_wherenames[where], smtp_cmd_data);
sender_host_authenticated = au->name;
authentication_failed = FALSE;
received_protocol =
- protocols[pextend + pauthed + ((tls_active >= 0)? pcrpted:0)] +
+ protocols[pextend + pauthed + ((tls_in.active >= 0)? pcrpted:0)] +
((sender_host_address != NULL)? pnlocal : 0);
s = ss = US"235 Authentication succeeded";
authenticated_by = au;
host_build_sender_fullhost(); /* Rebuild */
set_process_info("handling%s incoming connection from %s",
- (tls_active >= 0)? " TLS" : "", host_and_ident(FALSE));
+ (tls_in.active >= 0)? " TLS" : "", host_and_ident(FALSE));
/* Verify if configured. This doesn't give much security, but it does
make some people happy to be able to do it. If helo_required is set,
pipelining_advertised = TRUE;
}
+
/* If any server authentication mechanisms are configured, advertise
them if the current host is in auth_advertise_hosts. The problem with
advertising always is that some clients then require users to
secure connection. */
#ifdef SUPPORT_TLS
- if (tls_active < 0 &&
+ if (tls_in.active < 0 &&
verify_check_host(&tls_advertise_hosts) != FAIL)
{
s = string_cat(s, &size, &ptr, smtp_code, 3);
}
#endif
+ #ifdef EXPERIMENTAL_PRDR
+ /* Per Recipient Data Response, draft by Eric A. Hall extending RFC */
+ if (prdr_enable) {
+ s = string_cat(s, &size, &ptr, smtp_code, 3);
+ s = string_cat(s, &size, &ptr, US"-PRDR\r\n", 7);
+ }
+ #endif
+
/* Finish off the multiline reply with one that is always available. */
s = string_cat(s, &size, &ptr, smtp_code, 3);
s[ptr] = 0;
#ifdef SUPPORT_TLS
- if (tls_active >= 0) (void)tls_write(s, ptr); else
+ if (tls_in.active >= 0) (void)tls_write(TRUE, s, ptr); else
#endif
- (void)fwrite(s, 1, ptr, smtp_out);
+ {
+ int i = fwrite(s, 1, ptr, smtp_out); i = i; /* compiler quietening */
+ }
DEBUG(D_receive)
{
uschar *cr;
received_protocol = (esmtp?
protocols[pextend +
((sender_host_authenticated != NULL)? pauthed : 0) +
- ((tls_active >= 0)? pcrpted : 0)]
+ ((tls_in.active >= 0)? pcrpted : 0)]
:
- protocols[pnormal + ((tls_active >= 0)? pcrpted : 0)])
+ protocols[pnormal + ((tls_in.active >= 0)? pcrpted : 0)])
+
((sender_host_address != NULL)? pnlocal : 0);
HAD(SCH_MAIL);
smtp_mailcmd_count++; /* Count for limit and ratelimit */
was_rej_mail = TRUE; /* Reset if accepted */
+ env_mail_type_t * mail_args; /* Sanity check & validate args */
if (helo_required && !helo_seen)
{
{
uschar *name, *value, *end;
unsigned long int size;
+ BOOL arg_error = FALSE;
if (!extract_option(&name, &value)) break;
- /* Handle SIZE= by reading the value. We don't do the check till later,
- in order to be able to log the sender address on failure. */
-
- if (strcmpic(name, US"SIZE") == 0 &&
- ((size = Ustrtoul(value, &end, 10)), *end == 0))
+ for (mail_args = env_mail_type_list;
+ (char *)mail_args < (char *)env_mail_type_list + sizeof(env_mail_type_list);
+ mail_args++
+ )
{
- if ((size == ULONG_MAX && errno == ERANGE) || size > INT_MAX)
- size = INT_MAX;
- message_size = (int)size;
+ if (strcmpic(name, mail_args->name) == 0)
+ break;
}
+ if (mail_args->need_value && strcmpic(value, US"") == 0)
+ break;
- /* If this session was initiated with EHLO and accept_8bitmime is set,
- Exim will have indicated that it supports the BODY=8BITMIME option. In
- fact, it does not support this according to the RFCs, in that it does not
- take any special action for forwarding messages containing 8-bit
- characters. That is why accept_8bitmime is not the default setting, but
- some sites want the action that is provided. We recognize both "8BITMIME"
- and "7BIT" as body types, but take no action. */
-
- else if (accept_8bitmime && strcmpic(name, US"BODY") == 0 &&
- (strcmpic(value, US"8BITMIME") == 0 ||
- strcmpic(value, US"7BIT") == 0)) {}
-
- /* Handle the AUTH extension. If the value given is not "<>" and either
- the ACL says "yes" or there is no ACL but the sending host is
- authenticated, we set it up as the authenticated sender. However, if the
- authenticator set a condition to be tested, we ignore AUTH on MAIL unless
- the condition is met. The value of AUTH is an xtext, which means that +,
- = and cntrl chars are coded in hex; however "<>" is unaffected by this
- coding. */
-
- else if (strcmpic(name, US"AUTH") == 0)
+ switch(mail_args->value)
{
- if (Ustrcmp(value, "<>") != 0)
- {
- int rc;
- uschar *ignore_msg;
-
- if (auth_xtextdecode(value, &authenticated_sender) < 0)
- {
- /* Put back terminator overrides for error message */
- name[-1] = ' ';
- value[-1] = '=';
- done = synprot_error(L_smtp_syntax_error, 501, NULL,
- US"invalid data for AUTH");
- goto COMMAND_LOOP;
- }
-
- if (acl_smtp_mailauth == NULL)
+ /* Handle SIZE= by reading the value. We don't do the check till later,
+ in order to be able to log the sender address on failure. */
+ case ENV_MAIL_OPT_SIZE:
+ if (((size = Ustrtoul(value, &end, 10)), *end == 0))
{
- ignore_msg = US"client not authenticated";
- rc = (sender_host_authenticated != NULL)? OK : FAIL;
+ if ((size == ULONG_MAX && errno == ERANGE) || size > INT_MAX)
+ size = INT_MAX;
+ message_size = (int)size;
}
else
- {
- ignore_msg = US"rejected by ACL";
- rc = acl_check(ACL_WHERE_MAILAUTH, NULL, acl_smtp_mailauth,
- &user_msg, &log_msg);
+ arg_error = TRUE;
+ break;
+
+ /* If this session was initiated with EHLO and accept_8bitmime is set,
+ Exim will have indicated that it supports the BODY=8BITMIME option. In
+ fact, it does not support this according to the RFCs, in that it does not
+ take any special action for forwarding messages containing 8-bit
+ characters. That is why accept_8bitmime is not the default setting, but
+ some sites want the action that is provided. We recognize both "8BITMIME"
+ and "7BIT" as body types, but take no action. */
+ case ENV_MAIL_OPT_BODY:
+ if (accept_8bitmime) {
+ if (strcmpic(value, US"8BITMIME") == 0) {
+ body_8bitmime = 8;
+ } else if (strcmpic(value, US"7BIT") == 0) {
+ body_8bitmime = 7;
+ } else {
+ body_8bitmime = 0;
+ done = synprot_error(L_smtp_syntax_error, 501, NULL,
+ US"invalid data for BODY");
+ goto COMMAND_LOOP;
}
+ DEBUG(D_receive) debug_printf("8BITMIME: %d\n", body_8bitmime);
+ break;
+ }
+ arg_error = TRUE;
+ break;
- switch (rc)
+ /* Handle the AUTH extension. If the value given is not "<>" and either
+ the ACL says "yes" or there is no ACL but the sending host is
+ authenticated, we set it up as the authenticated sender. However, if the
+ authenticator set a condition to be tested, we ignore AUTH on MAIL unless
+ the condition is met. The value of AUTH is an xtext, which means that +,
+ = and cntrl chars are coded in hex; however "<>" is unaffected by this
+ coding. */
+ case ENV_MAIL_OPT_AUTH:
+ if (Ustrcmp(value, "<>") != 0)
{
- case OK:
- if (authenticated_by == NULL ||
- authenticated_by->mail_auth_condition == NULL ||
- expand_check_condition(authenticated_by->mail_auth_condition,
- authenticated_by->name, US"authenticator"))
- break; /* Accept the AUTH */
-
- ignore_msg = US"server_mail_auth_condition failed";
- if (authenticated_id != NULL)
- ignore_msg = string_sprintf("%s: authenticated ID=\"%s\"",
- ignore_msg, authenticated_id);
-
- /* Fall through */
-
- case FAIL:
- authenticated_sender = NULL;
- log_write(0, LOG_MAIN, "ignoring AUTH=%s from %s (%s)",
- value, host_and_ident(TRUE), ignore_msg);
- break;
+ int rc;
+ uschar *ignore_msg;
- /* Should only get DEFER or ERROR here. Put back terminator
- overrides for error message */
-
- default:
- name[-1] = ' ';
- value[-1] = '=';
- (void)smtp_handle_acl_fail(ACL_WHERE_MAILAUTH, rc, user_msg,
- log_msg);
- goto COMMAND_LOOP;
+ if (auth_xtextdecode(value, &authenticated_sender) < 0)
+ {
+ /* Put back terminator overrides for error message */
+ value[-1] = '=';
+ name[-1] = ' ';
+ done = synprot_error(L_smtp_syntax_error, 501, NULL,
+ US"invalid data for AUTH");
+ goto COMMAND_LOOP;
+ }
+ if (acl_smtp_mailauth == NULL)
+ {
+ ignore_msg = US"client not authenticated";
+ rc = (sender_host_authenticated != NULL)? OK : FAIL;
+ }
+ else
+ {
+ ignore_msg = US"rejected by ACL";
+ rc = acl_check(ACL_WHERE_MAILAUTH, NULL, acl_smtp_mailauth,
+ &user_msg, &log_msg);
+ }
+
+ switch (rc)
+ {
+ case OK:
+ if (authenticated_by == NULL ||
+ authenticated_by->mail_auth_condition == NULL ||
+ expand_check_condition(authenticated_by->mail_auth_condition,
+ authenticated_by->name, US"authenticator"))
+ break; /* Accept the AUTH */
+
+ ignore_msg = US"server_mail_auth_condition failed";
+ if (authenticated_id != NULL)
+ ignore_msg = string_sprintf("%s: authenticated ID=\"%s\"",
+ ignore_msg, authenticated_id);
+
+ /* Fall through */
+
+ case FAIL:
+ authenticated_sender = NULL;
+ log_write(0, LOG_MAIN, "ignoring AUTH=%s from %s (%s)",
+ value, host_and_ident(TRUE), ignore_msg);
+ break;
+
+ /* Should only get DEFER or ERROR here. Put back terminator
+ overrides for error message */
+
+ default:
+ value[-1] = '=';
+ name[-1] = ' ';
+ (void)smtp_handle_acl_fail(ACL_WHERE_MAILAUTH, rc, user_msg,
+ log_msg);
+ goto COMMAND_LOOP;
+ }
}
- }
- }
+ break;
- /* Unknown option. Stick back the terminator characters and break
- the loop. An error for a malformed address will occur. */
+#ifdef EXPERIMENTAL_PRDR
+ case ENV_MAIL_OPT_PRDR:
+ if ( prdr_enable )
+ prdr_requested = TRUE;
+ break;
+#endif
- else
- {
- name[-1] = ' ';
- value[-1] = '=';
- break;
+ /* Unknown option. Stick back the terminator characters and break
+ the loop. Do the name-terminator second as extract_option sets
+ value==name when it found no equal-sign.
+ An error for a malformed address will occur. */
+ default:
+ value[-1] = '=';
+ name[-1] = ' ';
+ arg_error = TRUE;
+ break;
}
+ /* Break out of for loop if switch() had bad argument or
+ when start of the email address is reached */
+ if (arg_error) break;
}
/* If we have passed the threshold for rate limiting, apply the current
if (rc == OK || rc == DISCARD)
{
- if (user_msg == NULL) smtp_printf("250 OK\r\n");
- else smtp_user_msg(US"250", user_msg);
+ if (user_msg == NULL)
+ smtp_printf("%s%s%s", US"250 OK",
+ #ifdef EXPERIMENTAL_PRDR
+ prdr_requested == TRUE ? US", PRDR Requested" :
+ #endif
+ US"",
+ US"\r\n");
+ else
+ {
+ #ifdef EXPERIMENTAL_PRDR
+ if ( prdr_requested == TRUE )
+ user_msg = string_sprintf("%s%s", user_msg, US", PRDR Requested");
+ #endif
+ smtp_user_msg(US"250",user_msg);
+ }
smtp_delay_rcpt = smtp_rlr_base;
recipients_discarded = (rc == DISCARD);
was_rej_mail = FALSE;
}
/* If there is an ACL, re-check the synchronization afterwards, since the
- ACL may have delayed. */
+ ACL may have delayed. To handle cutthrough delivery enforce a dummy call
+ to get the DATA command sent. */
- if (acl_smtp_predata == NULL) rc = OK; else
+ if (acl_smtp_predata == NULL && cutthrough_fd < 0) rc = OK; else
{
+ uschar * acl= acl_smtp_predata ? acl_smtp_predata : US"accept";
enable_dollar_recipients = TRUE;
- rc = acl_check(ACL_WHERE_PREDATA, NULL, acl_smtp_predata, &user_msg,
+ rc = acl_check(ACL_WHERE_PREDATA, NULL, acl, &user_msg,
&log_msg);
enable_dollar_recipients = FALSE;
if (rc == OK && !check_sync()) goto SYNC_FAILURE;
if (rc == OK)
{
+ uschar * code;
+ code = US"354";
if (user_msg == NULL)
- smtp_printf("354 Enter message, ending with \".\" on a line by itself\r\n");
- else smtp_user_msg(US"354", user_msg);
+ smtp_printf("%s Enter message, ending with \".\" on a line by itself\r\n", code);
+ else smtp_user_msg(code, user_msg);
done = 3;
message_ended = END_NOTENDED; /* Indicate in middle of data */
}
{
DEBUG(D_any)
debug_printf("Non-empty input buffer after STARTTLS; naive attack?");
- if (tls_active < 0)
+ if (tls_in.active < 0)
smtp_inend = smtp_inptr = smtp_inbuffer;
/* and if TLS is already active, tls_server_start() should fail */
}
}
/* Hard failure. Reject everything except QUIT or closed connection. One
- cause for failure is a nested STARTTLS, in which case tls_active remains
+ cause for failure is a nested STARTTLS, in which case tls_in.active remains
set, but we must still reject all incoming commands. */
DEBUG(D_tls) debug_printf("TLS failed to start\n");
break;
/* It is perhaps arguable as to which exit ACL should be called here,
- but as it is probably a situtation that almost never arises, it
+ but as it is probably a situation that almost never arises, it
probably doesn't matter. We choose to call the real QUIT ACL, which in
some sense is perhaps "right". */
break;
}
}
- tls_close(TRUE);
+ tls_close(TRUE, TRUE);
break;
#endif
smtp_respond(US"221", 3, TRUE, user_msg);
#ifdef SUPPORT_TLS
- tls_close(TRUE);
+ tls_close(TRUE, TRUE);
#endif
done = 2;
buffer[0] = 0;
Ustrcat(buffer, " AUTH");
#ifdef SUPPORT_TLS
- if (tls_active < 0 &&
+ if (tls_in.active < 0 &&
verify_check_host(&tls_advertise_hosts) != FAIL)
Ustrcat(buffer, " STARTTLS");
#endif
incomplete_transaction_log(US"too many non-mail commands");
log_write(0, LOG_MAIN|LOG_REJECT, "SMTP call from %s dropped: too many "
"nonmail commands (last was \"%.*s\")", host_and_ident(FALSE),
- s - smtp_cmd_buffer, smtp_cmd_buffer);
+ (int)(s - smtp_cmd_buffer), smtp_cmd_buffer);
smtp_notquit_exit(US"bad-commands", US"554", US"Too many nonmail commands");
done = 1; /* Pretend eof - drops connection */
break;
interface outgoing interface address or NULL
timeout timeout value or 0
keepalive TRUE to use keepalive
+ dscp DSCP value to assign to socket
Returns: connected socket number, or -1 with errno set
*/
int
smtp_connect(host_item *host, int host_af, int port, uschar *interface,
- int timeout, BOOL keepalive)
+ int timeout, BOOL keepalive, const uschar *dscp)
{
int on = 1;
int save_errno = 0;
+int dscp_value;
+int dscp_level;
+int dscp_option;
int sock;
if (host->port != PORT_NONE)
setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (uschar *)(&on), sizeof(on));
+/* Set DSCP value, if we can. For now, if we fail to set the value, we don't
+bomb out, just log it and continue in default traffic class. */
+
+if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value))
+ {
+ HDEBUG(D_transport|D_acl|D_v)
+ debug_printf("DSCP \"%s\"=%x ", dscp, dscp_value);
+ if (setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)) < 0)
+ HDEBUG(D_transport|D_acl|D_v)
+ debug_printf("failed to set DSCP: %s ", strerror(errno));
+ /* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the
+ option for both; ignore failures here */
+ if (host_af == AF_INET6 &&
+ dscp_lookup(dscp, AF_INET, &dscp_level, &dscp_option, &dscp_value))
+ {
+ (void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value));
+ }
+ }
+
/* Bind to a specific interface if requested. Caller must ensure the interface
is the same type (IPv4 or IPv6) as the outgoing address. */
int rc;
#ifdef SUPPORT_TLS
-if (tls_active == outblock->sock)
- rc = tls_write(outblock->buffer, outblock->ptr - outblock->buffer);
+if (tls_out.active == outblock->sock)
+ rc = tls_write(FALSE, outblock->buffer, outblock->ptr - outblock->buffer);
else
#endif
#endif
#ifdef SUPPORT_TLS
-tls_certificate_verified = FALSE;
-tls_cipher = NULL;
-tls_peerdn = NULL;
-tls_sni = NULL;
+tls_in.certificate_verified = FALSE;
+tls_in.cipher = NULL;
+tls_in.peerdn = NULL;
+tls_in.sni = NULL;
#endif
#ifdef WITH_CONTENT_SCAN
#ifdef SUPPORT_TLS
case 't':
if (Ustrncmp(p, "ls_certificate_verified", 23) == 0)
- tls_certificate_verified = TRUE;
+ tls_in.certificate_verified = TRUE;
else if (Ustrncmp(p, "ls_cipher", 9) == 0)
- tls_cipher = string_copy(big_buffer + 12);
+ tls_in.cipher = string_copy(big_buffer + 12);
else if (Ustrncmp(p, "ls_peerdn", 9) == 0)
- tls_peerdn = string_unprinting(string_copy(big_buffer + 12));
+ tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12));
else if (Ustrncmp(p, "ls_sni", 6) == 0)
- tls_sni = string_unprinting(string_copy(big_buffer + 9));
+ tls_in.sni = string_unprinting(string_copy(big_buffer + 9));
break;
#endif
int i;
if (!isdigit(n)) goto SPOOL_FORMAT_ERROR;
- (void)ungetc(n, f);
- (void)fscanf(f, "%d%c ", &n, flag);
+ if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF)
+ goto SPOOL_READ_ERROR;
if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */
if (read_headers)
};
/* End headers */
- (void)fwrite("\n", 1, 1, mbox_file);
+ if (fwrite("\n", 1, 1, mbox_file) != 1) {
+ log_write(0, LOG_MAIN|LOG_PANIC, "Error/short write while writing \
+ message headers to %s", mbox_path);
+ goto OUT;
+ }
/* copy body file */
if (source_file_override == NULL) {
automatically. */
if (fd >= 0)
- {
- (void)fchown(fd, exim_uid, exim_gid);
- (void)fchmod(fd, SPOOL_MODE);
- }
+ if (fchown(fd, exim_uid, exim_gid) || fchmod(fd, SPOOL_MODE))
+ {
+ DEBUG(D_any) debug_printf("failed setting perms on %s\n", temp_name);
+ (void) close(fd); fd = -1;
+ Uunlink(temp_name);
+ }
return fd;
}
#endif
#ifdef SUPPORT_TLS
-if (tls_certificate_verified) fprintf(f, "-tls_certificate_verified\n");
-if (tls_cipher != NULL) fprintf(f, "-tls_cipher %s\n", tls_cipher);
-if (tls_peerdn != NULL) fprintf(f, "-tls_peerdn %s\n", string_printing(tls_peerdn));
-if (tls_sni != NULL) fprintf(f, "-tls_sni %s\n", string_printing(tls_sni));
+if (tls_in.certificate_verified) fprintf(f, "-tls_certificate_verified\n");
+if (tls_in.cipher != NULL) fprintf(f, "-tls_cipher %s\n", tls_in.cipher);
+if (tls_in.peerdn != NULL) fprintf(f, "-tls_peerdn %s\n", string_printing(tls_in.peerdn));
+if (tls_in.sni != NULL) fprintf(f, "-tls_sni %s\n", string_printing(tls_in.sni));
#endif
/* To complete the envelope, write out the tree of non-recipients, followed by
uschar *advertise_condition; /* Are we going to advertise this?*/
uschar *client_condition; /* Should the client try this? */
uschar *public_name; /* Advertised name */
- uschar *set_id; /* String to set as authenticated id */
+ uschar *set_id; /* String to set when server as authenticated id */
+ uschar *set_client_id; /* String to set when client as client_authenticated id */
uschar *mail_auth_condition; /* Condition for AUTH on MAIL command */
uschar *server_debug_string; /* Debugging output */
uschar *server_condition; /* Authorization condition */
#define af_cert_verified 0x01000000 /* delivered with verified TLS cert */
#define af_pass_message 0x02000000 /* pass message in bounces */
#define af_bad_reply 0x04000000 /* filter could not generate autoreply */
+#ifdef EXPERIMENTAL_PRDR
+# define af_prdr_used 0x08000000 /* delivery used SMTP PRDR */
+#endif
+#define af_force_command 0x10000000 /* force_command in pipe transport */
/* These flags must be propagated when a child is created */
uschar *peerdn; /* DN of server's certificate */
#endif
+ uschar *authenticator; /* auth driver name used by transport */
+ uschar *auth_id; /* auth "login" name used by transport */
+ uschar *auth_sndr; /* AUTH arg to SMTP MAIL, used by transport */
+
uid_t uid; /* uid for transporting */
gid_t gid; /* gid for transporting */
#include <gnutls/x509.h>
/* man-page is incorrect, gnutls_rnd() is not in gnutls.h: */
#include <gnutls/crypto.h>
+/* needed to disable PKCS11 autoload unless requested */
+#if GNUTLS_VERSION_NUMBER >= 0x020c00
+# include <gnutls/pkcs11.h>
+#endif
/* GnuTLS 2 vs 3
be set to point to content in one of these instances, as appropriate for
the stage of the process lifetime.
-Not handled here: globals tls_active, tls_bits, tls_cipher, tls_peerdn,
-tls_certificate_verified, tls_channelbinding_b64, tls_sni.
+Not handled here: global tls_channelbinding_b64.
*/
typedef struct exim_gnutls_state {
uschar *exp_tls_crl;
uschar *exp_tls_require_ciphers;
+ tls_support *tlsp; /* set in tls_init() */
+
uschar *xfer_buffer;
int xfer_buffer_lwm;
int xfer_buffer_hwm;
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL,
+ NULL,
NULL, 0, 0, 0, 0,
};
second connection. */
static exim_gnutls_state_st state_server, state_client;
-static exim_gnutls_state_st *current_global_tls_state;
/* dh_params are initialised once within the lifetime of a process using TLS;
if we used TLS in a long-lived daemon, we'd have to reconsider this. But we
#define HAVE_GNUTLS_SESSION_CHANNEL_BINDING
#define HAVE_GNUTLS_SEC_PARAM_CONSTANTS
#define HAVE_GNUTLS_RND
+#define HAVE_GNUTLS_PKCS11
#endif
tls_cipher a string
tls_peerdn a string
tls_sni a (UTF-8) string
-Also:
- current_global_tls_state for API limitations
Argument:
state the relevant exim_gnutls_state_st *
*/
static void
-extract_exim_vars_from_tls_state(exim_gnutls_state_st *state)
+extract_exim_vars_from_tls_state(exim_gnutls_state_st *state, BOOL is_server)
{
gnutls_cipher_algorithm_t cipher;
#ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING
gnutls_datum_t channel;
#endif
-current_global_tls_state = state;
-
-tls_active = state->fd_out;
+state->tlsp->active = state->fd_out;
cipher = gnutls_cipher_get(state->session);
/* returns size in "bytes" */
-tls_bits = gnutls_cipher_get_key_size(cipher) * 8;
+state->tlsp->bits = gnutls_cipher_get_key_size(cipher) * 8;
-tls_cipher = state->ciphersuite;
+state->tlsp->cipher = state->ciphersuite;
-DEBUG(D_tls) debug_printf("cipher: %s\n", tls_cipher);
+DEBUG(D_tls) debug_printf("cipher: %s\n", state->ciphersuite);
-tls_certificate_verified = state->peer_cert_verified;
+state->tlsp->certificate_verified = state->peer_cert_verified;
/* note that tls_channelbinding_b64 is not saved to the spool file, since it's
only available for use for authenticators while this TLS session is running. */
}
#endif
-tls_peerdn = state->peerdn;
-
-tls_sni = state->received_sni;
+state->tlsp->peerdn = state->peerdn;
+state->tlsp->sni = state->received_sni;
}
{
if (!state->received_sni)
{
- if (state->tls_certificate && Ustrstr(state->tls_certificate, US"tls_sni"))
+ if (state->tls_certificate &&
+ (Ustrstr(state->tls_certificate, US"tls_sni") ||
+ Ustrstr(state->tls_certificate, US"tls_in_sni") ||
+ Ustrstr(state->tls_certificate, US"tls_out_sni")
+ ))
{
DEBUG(D_tls) debug_printf("We will re-expand TLS session files if we receive SNI.\n");
state->trigger_sni_changes = TRUE;
cas CA certs file
crl CRL file
require_ciphers tls_require_ciphers setting
+ caller_state returned state-info structure
Returns: OK/DEFER/FAIL
*/
{
DEBUG(D_tls) debug_printf("GnuTLS global init required.\n");
+#ifdef HAVE_GNUTLS_PKCS11
+ /* By default, gnutls_global_init will init PKCS11 support in auto mode,
+ which loads modules from a config file, which sounds good and may be wanted
+ by some sysadmin, but also means in common configurations that GNOME keyring
+ environment variables are used and so breaks for users calling mailq.
+ To prevent this, we init PKCS11 first, which is the documented approach. */
+ if (!gnutls_enable_pkcs11)
+ {
+ rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
+ exim_gnutls_err_check(US"gnutls_pkcs11_init");
+ }
+#endif
+
rc = gnutls_global_init();
exim_gnutls_err_check(US"gnutls_global_init");
{
state = &state_client;
memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
+ state->tlsp = &tls_out;
DEBUG(D_tls) debug_printf("initialising GnuTLS client session\n");
rc = gnutls_init(&state->session, GNUTLS_CLIENT);
}
{
state = &state_server;
memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
+ state->tlsp = &tls_in;
DEBUG(D_tls) debug_printf("initialising GnuTLS server session\n");
rc = gnutls_init(&state->session, GNUTLS_SERVER);
}
/* set SNI in client, only */
if (host)
{
- if (!expand_check_tlsvar(tls_sni))
+ if (!expand_check(state->tlsp->sni, US"tls_out_sni", &state->exp_tls_sni))
return DEFER;
if (state->exp_tls_sni && *state->exp_tls_sni)
{
}
*caller_state = state;
-/* needs to happen before callbacks during handshake */
-current_global_tls_state = state;
return OK;
}
store_pool = POOL_PERM;
state->ciphersuite = string_copy(cipherbuf);
store_pool = old_pool;
-tls_cipher = state->ciphersuite;
+state->tlsp->cipher = state->ciphersuite;
/* tls_peerdn */
cert_list = gnutls_certificate_get_peers(state->session, &cert_list_size);
state->peerdn ? state->peerdn : US"<unset>");
}
-tls_peerdn = state->peerdn;
+state->tlsp->peerdn = state->peerdn;
return TRUE;
}
For inability to get SNI information, we return 0.
We only return non-zero if re-setup failed.
+Only used for server-side TLS.
*/
static int
{
char sni_name[MAX_HOST_LEN];
size_t data_len = MAX_HOST_LEN;
-exim_gnutls_state_st *state = current_global_tls_state;
+exim_gnutls_state_st *state = &state_server;
unsigned int sni_type;
int rc, old_pool;
store_pool = old_pool;
/* We set this one now so that variable expansions below will work */
-tls_sni = state->received_sni;
+state->tlsp->sni = state->received_sni;
DEBUG(D_tls) debug_printf("Received TLS SNI \"%s\"%s\n", sni_name,
state->trigger_sni_changes ? "" : " (unused for certificate selection)");
exim_gnutls_state_st *state = NULL;
/* Check for previous activation */
-/* nb: this will not be TLS callout safe, needs reworking as part of that. */
-
-if (tls_active >= 0)
+if (tls_in.active >= 0)
{
tls_error(US"STARTTLS received after TLS started", "", NULL);
smtp_printf("554 Already in TLS\r\n");
the response. Other smtp_printf() calls do not need it, because in non-TLS
mode, the fflush() happens when smtp_getc() is called. */
-if (!tls_on_connect)
+if (!state->tlsp->on_connect)
{
smtp_printf("220 TLS go ahead\r\n");
- fflush(smtp_out);
+ fflush(smtp_out); /*XXX JGH */
}
/* Now negotiate the TLS session. We put our own timer on it, since it seems
/* Sets various Exim expansion variables; always safe within server */
-extract_exim_vars_from_tls_state(state);
+extract_exim_vars_from_tls_state(state, TRUE);
/* TLS has been set up. Adjust the input functions to read via TLS,
and initialize appropriately. */
fd the fd of the connection
host connected host (for messages)
addr the first address (not used)
- dhparam DH parameter file (ignored, we're a client)
certificate certificate file
privatekey private key file
sni TLS SNI to send to remote host
verify_certs file for certificate verify
verify_crl CRL for verify
require_ciphers list of allowed ciphers or NULL
+ dh_min_bits minimum number of bits acceptable in server's DH prime
timeout startup timeout
Returns: OK/DEFER/FAIL (because using common functions),
int
tls_client_start(int fd, host_item *host,
- address_item *addr ARG_UNUSED, uschar *dhparam ARG_UNUSED,
+ address_item *addr ARG_UNUSED,
uschar *certificate, uschar *privatekey, uschar *sni,
uschar *verify_certs, uschar *verify_crl,
- uschar *require_ciphers, int timeout)
+ uschar *require_ciphers,
+#ifdef EXPERIMENTAL_OCSP
+ uschar *require_ocsp ARG_UNUSED,
+#endif
+ int dh_min_bits, int timeout)
{
int rc;
const char *error;
sni, verify_certs, verify_crl, require_ciphers, &state);
if (rc != OK) return rc;
-gnutls_dh_set_prime_bits(state->session, EXIM_CLIENT_DH_MIN_BITS);
+if (dh_min_bits < EXIM_CLIENT_DH_MIN_MIN_BITS)
+ {
+ DEBUG(D_tls)
+ debug_printf("WARNING: tls_dh_min_bits far too low, clamping %d up to %d\n",
+ dh_min_bits, EXIM_CLIENT_DH_MIN_MIN_BITS);
+ dh_min_bits = EXIM_CLIENT_DH_MIN_MIN_BITS;
+ }
+
+DEBUG(D_tls) debug_printf("Setting D-H prime minimum acceptable bits to %d\n",
+ dh_min_bits);
+gnutls_dh_set_prime_bits(state->session, dh_min_bits);
if (verify_certs == NULL)
{
/* Sets various Exim expansion variables; may need to adjust for ACL callouts */
-extract_exim_vars_from_tls_state(state);
+extract_exim_vars_from_tls_state(state, FALSE);
return OK;
}
*/
void
-tls_close(BOOL shutdown)
+tls_close(BOOL is_server, BOOL shutdown)
{
-exim_gnutls_state_st *state = current_global_tls_state;
+exim_gnutls_state_st *state = is_server ? &state_server : &state_client;
-if (tls_active < 0) return; /* TLS was not active */
+if (!state->tlsp || state->tlsp->active < 0) return; /* TLS was not active */
if (shutdown)
{
gnutls_deinit(state->session);
+state->tlsp->active = -1;
memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init));
if ((state_server.session == NULL) && (state_client.session == NULL))
exim_gnutls_base_init_done = FALSE;
}
-tls_active = -1;
}
/* This gets the next byte from the TLS input buffer. If the buffer is empty,
it refills the buffer via the GnuTLS reading function.
+Only used by the server-side TLS.
This feeds DKIM and should be used for all message-body reads.
int
tls_getc(void)
{
-exim_gnutls_state_st *state = current_global_tls_state;
+exim_gnutls_state_st *state = &state_server;
if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm)
{
ssize_t inbytes;
gnutls_deinit(state->session);
state->session = NULL;
- tls_active = -1;
- tls_bits = 0;
- tls_certificate_verified = FALSE;
- tls_channelbinding_b64 = NULL;
- tls_cipher = NULL;
- tls_peerdn = NULL;
+ state->tlsp->active = -1;
+ state->tlsp->bits = 0;
+ state->tlsp->certificate_verified = FALSE;
+ tls_channelbinding_b64 = NULL; /*XXX JGH */
+ state->tlsp->cipher = NULL;
+ state->tlsp->peerdn = NULL;
return smtp_getc();
}
/* This does not feed DKIM, so if the caller uses this for reading message body,
then the caller must feed DKIM.
+
Arguments:
buff buffer of data
len size of buffer
*/
int
-tls_read(uschar *buff, size_t len)
+tls_read(BOOL is_server, uschar *buff, size_t len)
{
-exim_gnutls_state_st *state = current_global_tls_state;
+exim_gnutls_state_st *state = is_server ? &state_server : &state_client;
ssize_t inbytes;
if (len > INT_MAX)
/*
Arguments:
+ is_server channel specifier
buff buffer of data
len number of bytes
*/
int
-tls_write(const uschar *buff, size_t len)
+tls_write(BOOL is_server, const uschar *buff, size_t len)
{
ssize_t outbytes;
size_t left = len;
-exim_gnutls_state_st *state = current_global_tls_state;
+exim_gnutls_state_st *state = is_server ? &state_server : &state_client;
DEBUG(D_tls) debug_printf("tls_do_write(%p, " SIZE_T_FMT ")\n", buff, left);
while (left > 0)
log_write(0, LOG_MAIN|LOG_PANIC,
"already initialised GnuTLS, Exim developer bug");
+#ifdef HAVE_GNUTLS_PKCS11
+if (!gnutls_enable_pkcs11)
+ {
+ rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
+ validate_check_rc(US"gnutls_pkcs11_init");
+ }
+#endif
rc = gnutls_global_init();
validate_check_rc(US"gnutls_global_init()");
exim_gnutls_base_init_done = TRUE;
/* Copyright (c) University of Cambridge 1995 - 2012 */
/* See the file NOTICE for conditions of use and distribution. */
+/* Portions Copyright (c) The OpenSSL Project 1999 */
+
/* This module provides the TLS (aka SSL) support for Exim using the OpenSSL
library. It is #included into the tls.c file when that library is used. The
code herein is based on a patch that was originally contributed by Steve
/* Local static variables */
-static BOOL verify_callback_called = FALSE;
+static BOOL client_verify_callback_called = FALSE;
+static BOOL server_verify_callback_called = FALSE;
static const uschar *sid_ctx = US"exim";
-static SSL_CTX *ctx = NULL;
+/* We have three different contexts to care about.
+
+Simple case: client, `client_ctx`
+ As a client, we can be doing a callout or cut-through delivery while receiving
+ a message. So we have a client context, which should have options initialised
+ from the SMTP Transport.
+
+Server:
+ There are two cases: with and without ServerNameIndication from the client.
+ Given TLS SNI, we can be using different keys, certs and various other
+ configuration settings, because they're re-expanded with $tls_sni set. This
+ allows vhosting with TLS. This SNI is sent in the handshake.
+ A client might not send SNI, so we need a fallback, and an initial setup too.
+ So as a server, we start out using `server_ctx`.
+ If SNI is sent by the client, then we as server, mid-negotiation, try to clone
+ `server_sni` from `server_ctx` and then initialise settings by re-expanding
+ configuration.
+*/
+
+static SSL_CTX *client_ctx = NULL;
+static SSL_CTX *server_ctx = NULL;
+static SSL *client_ssl = NULL;
+static SSL *server_ssl = NULL;
+
#ifdef EXIM_HAVE_OPENSSL_TLSEXT
-static SSL_CTX *ctx_sni = NULL;
+static SSL_CTX *server_sni = NULL;
#endif
-static SSL *ssl = NULL;
static char ssl_errstring[256];
static int ssl_session_timeout = 200;
-static BOOL verify_optional = FALSE;
+static BOOL client_verify_optional = FALSE;
+static BOOL server_verify_optional = FALSE;
-static BOOL reexpand_tls_files_for_sni = FALSE;
+static BOOL reexpand_tls_files_for_sni = FALSE;
typedef struct tls_ext_ctx_cb {
uschar *certificate;
uschar *privatekey;
#ifdef EXPERIMENTAL_OCSP
- uschar *ocsp_file;
- uschar *ocsp_file_expanded;
- OCSP_RESPONSE *ocsp_response;
+ BOOL is_server;
+ union {
+ struct {
+ uschar *file;
+ uschar *file_expanded;
+ OCSP_RESPONSE *response;
+ } server;
+ struct {
+ X509_STORE *verify_store;
+ } client;
+ } u_ocsp;
#endif
uschar *dhparam;
/* these are cached from first expand */
/* should figure out a cleanup of API to handle state preserved per
implementation, for various reasons, which can be void * in the APIs.
For now, we hack around it. */
-tls_ext_ctx_cb *static_cbinfo = NULL;
+tls_ext_ctx_cb *client_static_cbinfo = NULL;
+tls_ext_ctx_cb *server_static_cbinfo = NULL;
static int
-setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional);
+setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional,
+ int (*cert_vfy_cb)(int, X509_STORE_CTX *) );
/* Callbacks */
#ifdef EXIM_HAVE_OPENSSL_TLSEXT
static int tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg);
#endif
#ifdef EXPERIMENTAL_OCSP
-static int tls_stapling_cb(SSL *s, void *arg);
+static int tls_server_stapling_cb(SSL *s, void *arg);
#endif
+/* Extreme debug
+#if defined(EXPERIMENTAL_OCSP)
+void
+x509_store_dump_cert_s_names(X509_STORE * store)
+{
+STACK_OF(X509_OBJECT) * roots= store->objs;
+int i;
+static uschar name[256];
+
+for(i= 0; i<sk_X509_OBJECT_num(roots); i++)
+ {
+ X509_OBJECT * tmp_obj= sk_X509_OBJECT_value(roots, i);
+ if(tmp_obj->type == X509_LU_X509)
+ {
+ X509 * current_cert= tmp_obj->data.x509;
+ X509_NAME_oneline(X509_get_subject_name(current_cert), CS name, sizeof(name));
+ debug_printf(" %s\n", name);
+ }
+ }
+}
+#endif
+*/
+
/*************************************************
* Callback for verification *
Arguments:
state current yes/no state as 1/0
x509ctx certificate information.
+ client TRUE for client startup, FALSE for server startup
Returns: 1 if verified, 0 if not
*/
static int
-verify_callback(int state, X509_STORE_CTX *x509ctx)
+verify_callback(int state, X509_STORE_CTX *x509ctx, tls_support *tlsp, BOOL *calledp, BOOL *optionalp)
{
static uschar txt[256];
x509ctx->error_depth,
X509_verify_cert_error_string(x509ctx->error),
txt);
- tls_certificate_verified = FALSE;
- verify_callback_called = TRUE;
- if (!verify_optional) return 0; /* reject */
+ tlsp->certificate_verified = FALSE;
+ *calledp = TRUE;
+ if (!*optionalp) return 0; /* reject */
DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
"tls_try_verify_hosts)\n");
return 1; /* accept */
{
DEBUG(D_tls) debug_printf("SSL verify ok: depth=%d cert=%s\n",
x509ctx->error_depth, txt);
+#ifdef EXPERIMENTAL_OCSP
+ if (tlsp == &tls_out && client_static_cbinfo->u_ocsp.client.verify_store)
+ { /* client, wanting stapling */
+ /* Add the server cert's signing chain as the one
+ for the verification of the OCSP stapled information. */
+
+ if (!X509_STORE_add_cert(client_static_cbinfo->u_ocsp.client.verify_store,
+ x509ctx->current_cert))
+ ERR_clear_error();
+ }
+#endif
}
else
{
DEBUG(D_tls) debug_printf("SSL%s peer: %s\n",
- verify_callback_called? "" : " authenticated", txt);
- tls_peerdn = txt;
+ *calledp ? "" : " authenticated", txt);
+ tlsp->peerdn = txt;
}
-if (!verify_callback_called) tls_certificate_verified = TRUE;
-verify_callback_called = TRUE;
+/*XXX JGH: this looks bogus - we set "verified" first time through, which
+will be for the root CS cert (calls work down the chain). Why should it
+not be on the last call, where we're setting peerdn?
+
+To test: set up a chain anchored by a good root-CA but with a bad server cert.
+Does certificate_verified get set?
+*/
+if (!*calledp) tlsp->certificate_verified = TRUE;
+*calledp = TRUE;
return 1; /* accept */
}
+static int
+verify_callback_client(int state, X509_STORE_CTX *x509ctx)
+{
+return verify_callback(state, x509ctx, &tls_out, &client_verify_callback_called, &client_verify_optional);
+}
+
+static int
+verify_callback_server(int state, X509_STORE_CTX *x509ctx)
+{
+return verify_callback(state, x509ctx, &tls_in, &server_verify_callback_called, &server_verify_optional);
+}
+
/*************************************************
* Load OCSP information into state *
*************************************************/
-/* Called to load the OCSP response from the given file into memory, once
+/* Called to load the server OCSP response from the given file into memory, once
caller has determined this is needed. Checks validity. Debugs a message
if invalid.
*/
static void
-ocsp_load_response(SSL_CTX *sctx,
- tls_ext_ctx_cb *cbinfo,
- const uschar *expanded)
+ocsp_load_response(SSL_CTX *sctx, tls_ext_ctx_cb *cbinfo, const uschar *expanded)
{
BIO *bio;
OCSP_RESPONSE *resp;
unsigned long verify_flags;
int status, reason, i;
-cbinfo->ocsp_file_expanded = string_copy(expanded);
-if (cbinfo->ocsp_response)
+cbinfo->u_ocsp.server.file_expanded = string_copy(expanded);
+if (cbinfo->u_ocsp.server.response)
{
- OCSP_RESPONSE_free(cbinfo->ocsp_response);
- cbinfo->ocsp_response = NULL;
+ OCSP_RESPONSE_free(cbinfo->u_ocsp.server.response);
+ cbinfo->u_ocsp.server.response = NULL;
}
-bio = BIO_new_file(CS cbinfo->ocsp_file_expanded, "rb");
+bio = BIO_new_file(CS cbinfo->u_ocsp.server.file_expanded, "rb");
if (!bio)
{
DEBUG(D_tls) debug_printf("Failed to open OCSP response file \"%s\"\n",
- cbinfo->ocsp_file_expanded);
+ cbinfo->u_ocsp.server.file_expanded);
return;
}
{
DEBUG(D_tls) debug_printf("OCSP response not valid: %s (%d)\n",
OCSP_response_status_str(status), status);
- return;
+ goto bad;
}
basic_response = OCSP_response_get1_basic(resp);
{
DEBUG(D_tls)
debug_printf("OCSP response parse error: unable to extract basic response.\n");
- return;
+ goto bad;
}
store = SSL_CTX_get_cert_store(sctx);
DEBUG(D_tls) {
ERR_error_string(ERR_get_error(), ssl_errstring);
debug_printf("OCSP response verify failure: %s\n", US ssl_errstring);
- }
- return;
+ }
+ goto bad;
}
/* Here's the simplifying assumption: there's only one response, for the
{
DEBUG(D_tls)
debug_printf("Unable to get first response from OCSP basic response.\n");
- return;
+ goto bad;
}
status = OCSP_single_get0_status(single_response, &reason, &rev, &thisupd, &nextupd);
-/* how does this status differ from the one above? */
-if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL)
+if (status != V_OCSP_CERTSTATUS_GOOD)
{
- DEBUG(D_tls) debug_printf("OCSP response not valid (take 2): %s (%d)\n",
- OCSP_response_status_str(status), status);
- return;
+ DEBUG(D_tls) debug_printf("OCSP response bad cert status: %s (%d) %s (%d)\n",
+ OCSP_cert_status_str(status), status,
+ OCSP_crl_reason_str(reason), reason);
+ goto bad;
}
if (!OCSP_check_validity(thisupd, nextupd, EXIM_OCSP_SKEW_SECONDS, EXIM_OCSP_MAX_AGE))
{
DEBUG(D_tls) debug_printf("OCSP status invalid times.\n");
- return;
+ goto bad;
}
-cbinfo->ocsp_response = resp;
+supply_response:
+cbinfo->u_ocsp.server.response = resp;
+return;
+
+bad:
+if (running_in_test_harness)
+ {
+ extern char ** environ;
+ uschar ** p;
+ for (p = USS environ; *p != NULL; p++)
+ if (Ustrncmp(*p, "EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK", 42) == 0)
+ {
+ DEBUG(D_tls) debug_printf("Supplying known bad OCSP response\n");
+ goto supply_response;
+ }
+ }
+return;
}
-#endif
+#endif /*EXPERIMENTAL_OCSP*/
* Expand key and cert file specs *
*************************************************/
-/* Called once during tls_init and possibly againt during TLS setup, for a
+/* Called once during tls_init and possibly again during TLS setup, for a
new context, if Server Name Indication was used and tls_sni was seen in
the certificate string.
if (cbinfo->certificate == NULL)
return OK;
-if (Ustrstr(cbinfo->certificate, US"tls_sni"))
+if (Ustrstr(cbinfo->certificate, US"tls_sni") ||
+ Ustrstr(cbinfo->certificate, US"tls_in_sni") ||
+ Ustrstr(cbinfo->certificate, US"tls_out_sni")
+ )
reexpand_tls_files_for_sni = TRUE;
if (!expand_check(cbinfo->certificate, US"tls_certificate", &expanded))
}
#ifdef EXPERIMENTAL_OCSP
-if (cbinfo->ocsp_file != NULL)
+if (cbinfo->is_server && cbinfo->u_ocsp.server.file != NULL)
{
- if (!expand_check(cbinfo->ocsp_file, US"tls_ocsp_file", &expanded))
+ if (!expand_check(cbinfo->u_ocsp.server.file, US"tls_ocsp_file", &expanded))
return DEFER;
if (expanded != NULL && *expanded != 0)
{
DEBUG(D_tls) debug_printf("tls_ocsp_file %s\n", expanded);
- if (cbinfo->ocsp_file_expanded &&
- (Ustrcmp(expanded, cbinfo->ocsp_file_expanded) == 0))
+ if (cbinfo->u_ocsp.server.file_expanded &&
+ (Ustrcmp(expanded, cbinfo->u_ocsp.server.file_expanded) == 0))
{
DEBUG(D_tls)
debug_printf("tls_ocsp_file value unchanged, using existing values.\n");
/* Make the extension value available for expansion */
store_pool = POOL_PERM;
-tls_sni = string_copy(US servername);
+tls_in.sni = string_copy(US servername);
store_pool = old_pool;
if (!reexpand_tls_files_for_sni)
not confident that memcpy wouldn't break some internal reference counting.
Especially since there's a references struct member, which would be off. */
-ctx_sni = SSL_CTX_new(SSLv23_server_method());
-if (!ctx_sni)
+server_sni = SSL_CTX_new(SSLv23_server_method());
+if (!server_sni)
{
ERR_error_string(ERR_get_error(), ssl_errstring);
DEBUG(D_tls) debug_printf("SSL_CTX_new() failed: %s\n", ssl_errstring);
/* Not sure how many of these are actually needed, since SSL object
already exists. Might even need this selfsame callback, for reneg? */
-SSL_CTX_set_info_callback(ctx_sni, SSL_CTX_get_info_callback(ctx));
-SSL_CTX_set_mode(ctx_sni, SSL_CTX_get_mode(ctx));
-SSL_CTX_set_options(ctx_sni, SSL_CTX_get_options(ctx));
-SSL_CTX_set_timeout(ctx_sni, SSL_CTX_get_timeout(ctx));
-SSL_CTX_set_tlsext_servername_callback(ctx_sni, tls_servername_cb);
-SSL_CTX_set_tlsext_servername_arg(ctx_sni, cbinfo);
+SSL_CTX_set_info_callback(server_sni, SSL_CTX_get_info_callback(server_ctx));
+SSL_CTX_set_mode(server_sni, SSL_CTX_get_mode(server_ctx));
+SSL_CTX_set_options(server_sni, SSL_CTX_get_options(server_ctx));
+SSL_CTX_set_timeout(server_sni, SSL_CTX_get_timeout(server_ctx));
+SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb);
+SSL_CTX_set_tlsext_servername_arg(server_sni, cbinfo);
if (cbinfo->server_cipher_list)
- SSL_CTX_set_cipher_list(ctx_sni, CS cbinfo->server_cipher_list);
+ SSL_CTX_set_cipher_list(server_sni, CS cbinfo->server_cipher_list);
#ifdef EXPERIMENTAL_OCSP
-if (cbinfo->ocsp_file)
+if (cbinfo->u_ocsp.server.file)
{
- SSL_CTX_set_tlsext_status_cb(ctx_sni, tls_stapling_cb);
- SSL_CTX_set_tlsext_status_arg(ctx, cbinfo);
+ SSL_CTX_set_tlsext_status_cb(server_sni, tls_server_stapling_cb);
+ SSL_CTX_set_tlsext_status_arg(server_sni, cbinfo);
}
#endif
-rc = setup_certs(ctx_sni, tls_verify_certificates, tls_crl, NULL, FALSE);
+rc = setup_certs(server_sni, tls_verify_certificates, tls_crl, NULL, FALSE, verify_callback_server);
if (rc != OK) return SSL_TLSEXT_ERR_NOACK;
/* do this after setup_certs, because this can require the certs for verifying
OCSP information. */
-rc = tls_expand_session_files(ctx_sni, cbinfo);
+rc = tls_expand_session_files(server_sni, cbinfo);
if (rc != OK) return SSL_TLSEXT_ERR_NOACK;
-rc = init_dh(ctx_sni, cbinfo->dhparam, NULL);
+rc = init_dh(server_sni, cbinfo->dhparam, NULL);
if (rc != OK) return SSL_TLSEXT_ERR_NOACK;
DEBUG(D_tls) debug_printf("Switching SSL context.\n");
-SSL_set_SSL_CTX(s, ctx_sni);
+SSL_set_SSL_CTX(s, server_sni);
return SSL_TLSEXT_ERR_OK;
}
#ifdef EXPERIMENTAL_OCSP
+
/*************************************************
* Callback to handle OCSP Stapling *
*************************************************/
*/
static int
-tls_stapling_cb(SSL *s, void *arg)
+tls_server_stapling_cb(SSL *s, void *arg)
{
const tls_ext_ctx_cb *cbinfo = (tls_ext_ctx_cb *) arg;
uschar *response_der;
int response_der_len;
-DEBUG(D_tls) debug_printf("Received TLS status request (OCSP stapling); %s response.\n",
- cbinfo->ocsp_response ? "have" : "lack");
-if (!cbinfo->ocsp_response)
+if (log_extra_selector & LX_tls_cipher)
+ log_write(0, LOG_MAIN, "[%s] Recieved OCSP stapling req;%s responding",
+ sender_host_address, cbinfo->u_ocsp.server.response ? "":" not");
+else
+ DEBUG(D_tls) debug_printf("Received TLS status request (OCSP stapling); %s response.",
+ cbinfo->u_ocsp.server.response ? "have" : "lack");
+
+if (!cbinfo->u_ocsp.server.response)
return SSL_TLSEXT_ERR_NOACK;
response_der = NULL;
-response_der_len = i2d_OCSP_RESPONSE(cbinfo->ocsp_response, &response_der);
+response_der_len = i2d_OCSP_RESPONSE(cbinfo->u_ocsp.server.response, &response_der);
if (response_der_len <= 0)
return SSL_TLSEXT_ERR_NOACK;
-SSL_set_tlsext_status_ocsp_resp(ssl, response_der, response_der_len);
+SSL_set_tlsext_status_ocsp_resp(server_ssl, response_der, response_der_len);
return SSL_TLSEXT_ERR_OK;
}
-#endif /* EXPERIMENTAL_OCSP */
+static void
+time_print(BIO * bp, const char * str, ASN1_GENERALIZEDTIME * time)
+{
+BIO_printf(bp, "\t%s: ", str);
+ASN1_GENERALIZEDTIME_print(bp, time);
+BIO_puts(bp, "\n");
+}
+
+static int
+tls_client_stapling_cb(SSL *s, void *arg)
+{
+tls_ext_ctx_cb * cbinfo = arg;
+const unsigned char * p;
+int len;
+OCSP_RESPONSE * rsp;
+OCSP_BASICRESP * bs;
+int i;
+
+DEBUG(D_tls) debug_printf("Received TLS status response (OCSP stapling):");
+len = SSL_get_tlsext_status_ocsp_resp(s, &p);
+if(!p)
+ {
+ if (log_extra_selector & LX_tls_cipher)
+ log_write(0, LOG_MAIN, "Received TLS status response, null content");
+ else
+ DEBUG(D_tls) debug_printf(" null\n");
+ return 0; /* This is the fail case for require-ocsp; none from server */
+ }
+if(!(rsp = d2i_OCSP_RESPONSE(NULL, &p, len)))
+ {
+ if (log_extra_selector & LX_tls_cipher)
+ log_write(0, LOG_MAIN, "Received TLS status response, parse error");
+ else
+ DEBUG(D_tls) debug_printf(" parse error\n");
+ return 0;
+ }
+
+if(!(bs = OCSP_response_get1_basic(rsp)))
+ {
+ if (log_extra_selector & LX_tls_cipher)
+ log_write(0, LOG_MAIN, "Received TLS status response, error parsing response");
+ else
+ DEBUG(D_tls) debug_printf(" error parsing response\n");
+ OCSP_RESPONSE_free(rsp);
+ return 0;
+ }
+
+/* We'd check the nonce here if we'd put one in the request. */
+/* However that would defeat cacheability on the server so we don't. */
+
+
+/* This section of code reworked from OpenSSL apps source;
+ The OpenSSL Project retains copyright:
+ Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+*/
+ {
+ BIO * bp = NULL;
+ OCSP_CERTID *id;
+ int status, reason;
+ ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+ DEBUG(D_tls) bp = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ /*OCSP_RESPONSE_print(bp, rsp, 0); extreme debug: stapling content */
+
+ /* Use the chain that verified the server cert to verify the stapled info */
+ /* DEBUG(D_tls) x509_store_dump_cert_s_names(cbinfo->u_ocsp.client.verify_store); */
+
+ if ((i = OCSP_basic_verify(bs, NULL, cbinfo->u_ocsp.client.verify_store, 0)) <= 0)
+ {
+ BIO_printf(bp, "OCSP response verify failure\n");
+ ERR_print_errors(bp);
+ i = 0;
+ goto out;
+ }
+
+ BIO_printf(bp, "OCSP response well-formed and signed OK\n");
+
+ {
+ STACK_OF(OCSP_SINGLERESP) * sresp = bs->tbsResponseData->responses;
+ OCSP_SINGLERESP * single;
+
+ if (sk_OCSP_SINGLERESP_num(sresp) != 1)
+ {
+ log_write(0, LOG_MAIN, "OCSP stapling with multiple responses not handled");
+ goto out;
+ }
+ single = OCSP_resp_get0(bs, 0);
+ status = OCSP_single_get0_status(single, &reason, &rev, &thisupd, &nextupd);
+ }
+
+ i = 0;
+ DEBUG(D_tls) time_print(bp, "This OCSP Update", thisupd);
+ DEBUG(D_tls) if(nextupd) time_print(bp, "Next OCSP Update", nextupd);
+ if (!OCSP_check_validity(thisupd, nextupd, EXIM_OCSP_SKEW_SECONDS, EXIM_OCSP_MAX_AGE))
+ {
+ DEBUG(D_tls) ERR_print_errors(bp);
+ log_write(0, LOG_MAIN, "Server OSCP dates invalid");
+ goto out;
+ }
+
+ DEBUG(D_tls) BIO_printf(bp, "Certificate status: %s\n", OCSP_cert_status_str(status));
+ switch(status)
+ {
+ case V_OCSP_CERTSTATUS_GOOD:
+ i = 1;
+ break;
+ case V_OCSP_CERTSTATUS_REVOKED:
+ log_write(0, LOG_MAIN, "Server certificate revoked%s%s",
+ reason != -1 ? "; reason: " : "", reason != -1 ? OCSP_crl_reason_str(reason) : "");
+ DEBUG(D_tls) time_print(bp, "Revocation Time", rev);
+ i = 0;
+ break;
+ default:
+ log_write(0, LOG_MAIN, "Server certificate status unknown, in OCSP stapling");
+ i = 0;
+ break;
+ }
+ out:
+ BIO_free(bp);
+ }
+
+OCSP_RESPONSE_free(rsp);
+return i;
+}
+#endif /*EXPERIMENTAL_OCSP*/
dhparam DH parameter file
certificate certificate file
privatekey private key
+ ocsp_file file of stapling info (server); flag for require ocsp (client)
addr address if client; NULL if server (for some randomness)
Returns: OK/DEFER/FAIL
*/
static int
-tls_init(host_item *host, uschar *dhparam, uschar *certificate,
+tls_init(SSL_CTX **ctxp, host_item *host, uschar *dhparam, uschar *certificate,
uschar *privatekey,
#ifdef EXPERIMENTAL_OCSP
uschar *ocsp_file,
#endif
- address_item *addr)
+ address_item *addr, tls_ext_ctx_cb ** cbp)
{
long init_options;
int rc;
cbinfo->certificate = certificate;
cbinfo->privatekey = privatekey;
#ifdef EXPERIMENTAL_OCSP
-cbinfo->ocsp_file = ocsp_file;
+if ((cbinfo->is_server = host==NULL))
+ {
+ cbinfo->u_ocsp.server.file = ocsp_file;
+ cbinfo->u_ocsp.server.file_expanded = NULL;
+ cbinfo->u_ocsp.server.response = NULL;
+ }
+else
+ cbinfo->u_ocsp.client.verify_store = NULL;
#endif
cbinfo->dhparam = dhparam;
cbinfo->host = host;
By disabling with openssl_options, we can let admins re-enable with the
existing knob. */
-ctx = SSL_CTX_new((host == NULL)?
+*ctxp = SSL_CTX_new((host == NULL)?
SSLv23_server_method() : SSLv23_client_method());
-if (ctx == NULL) return tls_error(US"SSL_CTX_new", host, NULL);
+if (*ctxp == NULL) return tls_error(US"SSL_CTX_new", host, NULL);
/* It turns out that we need to seed the random number generator this early in
order to get the full complement of ciphers to work. It took me roughly a day
/* Set up the information callback, which outputs if debugging is at a suitable
level. */
-SSL_CTX_set_info_callback(ctx, (void (*)())info_callback);
+SSL_CTX_set_info_callback(*ctxp, (void (*)())info_callback);
/* Automatically re-try reads/writes after renegotiation. */
-(void) SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+(void) SSL_CTX_set_mode(*ctxp, SSL_MODE_AUTO_RETRY);
/* Apply administrator-supplied work-arounds.
Historically we applied just one requested option,
if (init_options)
{
DEBUG(D_tls) debug_printf("setting SSL CTX options: %#lx\n", init_options);
- if (!(SSL_CTX_set_options(ctx, init_options)))
+ if (!(SSL_CTX_set_options(*ctxp, init_options)))
return tls_error(string_sprintf(
"SSL_CTX_set_option(%#lx)", init_options), host, NULL);
}
/* Initialize with DH parameters if supplied */
-if (!init_dh(ctx, dhparam, host)) return DEFER;
+if (!init_dh(*ctxp, dhparam, host)) return DEFER;
/* Set up certificate and key (and perhaps OCSP info) */
-rc = tls_expand_session_files(ctx, cbinfo);
+rc = tls_expand_session_files(*ctxp, cbinfo);
if (rc != OK) return rc;
/* If we need to handle SNI, do so */
#ifdef EXIM_HAVE_OPENSSL_TLSEXT
-if (host == NULL)
+if (host == NULL) /* server */
{
-#ifdef EXPERIMENTAL_OCSP
- /* We check ocsp_file, not ocsp_response, because we care about if
+# ifdef EXPERIMENTAL_OCSP
+ /* We check u_ocsp.server.file, not server.response, because we care about if
the option exists, not what the current expansion might be, as SNI might
change the certificate and OCSP file in use between now and the time the
callback is invoked. */
- if (cbinfo->ocsp_file)
+ if (cbinfo->u_ocsp.server.file)
{
- SSL_CTX_set_tlsext_status_cb(ctx, tls_stapling_cb);
- SSL_CTX_set_tlsext_status_arg(ctx, cbinfo);
+ SSL_CTX_set_tlsext_status_cb(server_ctx, tls_server_stapling_cb);
+ SSL_CTX_set_tlsext_status_arg(server_ctx, cbinfo);
}
-#endif
+# endif
/* We always do this, so that $tls_sni is available even if not used in
tls_certificate */
- SSL_CTX_set_tlsext_servername_callback(ctx, tls_servername_cb);
- SSL_CTX_set_tlsext_servername_arg(ctx, cbinfo);
+ SSL_CTX_set_tlsext_servername_callback(*ctxp, tls_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(*ctxp, cbinfo);
}
+# ifdef EXPERIMENTAL_OCSP
+else /* client */
+ if(ocsp_file) /* wanting stapling */
+ {
+ if (!(cbinfo->u_ocsp.client.verify_store = X509_STORE_new()))
+ {
+ DEBUG(D_tls) debug_printf("failed to create store for stapling verify\n");
+ return FAIL;
+ }
+ SSL_CTX_set_tlsext_status_cb(*ctxp, tls_client_stapling_cb);
+ SSL_CTX_set_tlsext_status_arg(*ctxp, cbinfo);
+ }
+# endif
#endif
/* Set up the RSA callback */
-SSL_CTX_set_tmp_rsa_callback(ctx, rsa_callback);
+SSL_CTX_set_tmp_rsa_callback(*ctxp, rsa_callback);
/* Finally, set the timeout, and we are done */
-SSL_CTX_set_timeout(ctx, ssl_session_timeout);
+SSL_CTX_set_timeout(*ctxp, ssl_session_timeout);
DEBUG(D_tls) debug_printf("Initialized TLS\n");
-static_cbinfo = cbinfo;
+*cbp = cbinfo;
return OK;
}
* Get name of cipher in use *
*************************************************/
-/* The answer is left in a static buffer, and tls_cipher is set to point
-to it.
-
+/*
Argument: pointer to an SSL structure for the connection
+ buffer to use for answer
+ size of buffer
+ pointer to number of bits for cipher
Returns: nothing
*/
static void
-construct_cipher_name(SSL *ssl)
+construct_cipher_name(SSL *ssl, uschar *cipherbuf, int bsize, int *bits)
{
-static uschar cipherbuf[256];
/* With OpenSSL 1.0.0a, this needs to be const but the documentation doesn't
yet reflect that. It should be a safe change anyway, even 0.9.8 versions have
the accessor functions use const in the prototype. */
}
c = (const SSL_CIPHER *) SSL_get_current_cipher(ssl);
-SSL_CIPHER_get_bits(c, &tls_bits);
+SSL_CIPHER_get_bits(c, bits);
-string_format(cipherbuf, sizeof(cipherbuf), "%s:%s:%u", ver,
- SSL_CIPHER_get_name(c), tls_bits);
-tls_cipher = cipherbuf;
+string_format(cipherbuf, bsize, "%s:%s:%u", ver,
+ SSL_CIPHER_get_name(c), *bits);
DEBUG(D_tls) debug_printf("Cipher: %s\n", cipherbuf);
}
host NULL in a server; the remote host in a client
optional TRUE if called from a server for a host in tls_try_verify_hosts;
otherwise passed as FALSE
+ cert_vfy_cb Callback function for certificate verification
Returns: OK/DEFER/FAIL
*/
static int
-setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional)
+setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional,
+ int (*cert_vfy_cb)(int, X509_STORE_CTX *) )
{
uschar *expcerts, *expcrl;
if (!expand_check(certs, US"tls_verify_certificates", &expcerts))
return DEFER;
-if (expcerts != NULL)
+if (expcerts != NULL && *expcerts != '\0')
{
struct stat statbuf;
if (!SSL_CTX_set_default_verify_paths(sctx))
SSL_CTX_set_verify(sctx,
SSL_VERIFY_PEER | (optional? 0 : SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
- verify_callback);
+ cert_vfy_cb);
}
return OK;
int rc;
uschar *expciphers;
tls_ext_ctx_cb *cbinfo;
+static uschar cipherbuf[256];
/* Check for previous activation */
-if (tls_active >= 0)
+if (tls_in.active >= 0)
{
tls_error(US"STARTTLS received after TLS started", NULL, US"");
smtp_printf("554 Already in TLS\r\n");
/* Initialize the SSL library. If it fails, it will already have logged
the error. */
-rc = tls_init(NULL, tls_dhparam, tls_certificate, tls_privatekey,
+rc = tls_init(&server_ctx, NULL, tls_dhparam, tls_certificate, tls_privatekey,
#ifdef EXPERIMENTAL_OCSP
tls_ocsp_file,
#endif
- NULL);
+ NULL, &server_static_cbinfo);
if (rc != OK) return rc;
-cbinfo = static_cbinfo;
+cbinfo = server_static_cbinfo;
if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers))
return FAIL;
uschar *s = expciphers;
while (*s != 0) { if (*s == '_') *s = '-'; s++; }
DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);
- if (!SSL_CTX_set_cipher_list(ctx, CS expciphers))
+ if (!SSL_CTX_set_cipher_list(server_ctx, CS expciphers))
return tls_error(US"SSL_CTX_set_cipher_list", NULL, NULL);
cbinfo->server_cipher_list = expciphers;
}
/* If this is a host for which certificate verification is mandatory or
optional, set up appropriately. */
-tls_certificate_verified = FALSE;
-verify_callback_called = FALSE;
+tls_in.certificate_verified = FALSE;
+server_verify_callback_called = FALSE;
if (verify_check_host(&tls_verify_hosts) == OK)
{
- rc = setup_certs(ctx, tls_verify_certificates, tls_crl, NULL, FALSE);
+ rc = setup_certs(server_ctx, tls_verify_certificates, tls_crl, NULL,
+ FALSE, verify_callback_server);
if (rc != OK) return rc;
- verify_optional = FALSE;
+ server_verify_optional = FALSE;
}
else if (verify_check_host(&tls_try_verify_hosts) == OK)
{
- rc = setup_certs(ctx, tls_verify_certificates, tls_crl, NULL, TRUE);
+ rc = setup_certs(server_ctx, tls_verify_certificates, tls_crl, NULL,
+ TRUE, verify_callback_server);
if (rc != OK) return rc;
- verify_optional = TRUE;
+ server_verify_optional = TRUE;
}
/* Prepare for new connection */
-if ((ssl = SSL_new(ctx)) == NULL) return tls_error(US"SSL_new", NULL, NULL);
+if ((server_ssl = SSL_new(server_ctx)) == NULL) return tls_error(US"SSL_new", NULL, NULL);
/* Warning: we used to SSL_clear(ssl) here, it was removed.
*
the response. Other smtp_printf() calls do not need it, because in non-TLS
mode, the fflush() happens when smtp_getc() is called. */
-SSL_set_session_id_context(ssl, sid_ctx, Ustrlen(sid_ctx));
-if (!tls_on_connect)
+SSL_set_session_id_context(server_ssl, sid_ctx, Ustrlen(sid_ctx));
+if (!tls_in.on_connect)
{
smtp_printf("220 TLS go ahead\r\n");
fflush(smtp_out);
/* Now negotiate the TLS session. We put our own timer on it, since it seems
that the OpenSSL library doesn't. */
-SSL_set_wfd(ssl, fileno(smtp_out));
-SSL_set_rfd(ssl, fileno(smtp_in));
-SSL_set_accept_state(ssl);
+SSL_set_wfd(server_ssl, fileno(smtp_out));
+SSL_set_rfd(server_ssl, fileno(smtp_in));
+SSL_set_accept_state(server_ssl);
DEBUG(D_tls) debug_printf("Calling SSL_accept\n");
sigalrm_seen = FALSE;
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
-rc = SSL_accept(ssl);
+rc = SSL_accept(server_ssl);
alarm(0);
if (rc <= 0)
/* TLS has been set up. Adjust the input functions to read via TLS,
and initialize things. */
-construct_cipher_name(ssl);
+construct_cipher_name(server_ssl, cipherbuf, sizeof(cipherbuf), &tls_in.bits);
+tls_in.cipher = cipherbuf;
DEBUG(D_tls)
{
uschar buf[2048];
- if (SSL_get_shared_ciphers(ssl, CS buf, sizeof(buf)) != NULL)
+ if (SSL_get_shared_ciphers(server_ssl, CS buf, sizeof(buf)) != NULL)
debug_printf("Shared ciphers: %s\n", buf);
}
+/* Only used by the server-side tls (tls_in), including tls_getc.
+ Client-side (tls_out) reads (seem to?) go via
+ smtp_read_response()/ip_recv().
+ Hence no need to duplicate for _in and _out.
+ */
ssl_xfer_buffer = store_malloc(ssl_xfer_buffer_size);
ssl_xfer_buffer_lwm = ssl_xfer_buffer_hwm = 0;
ssl_xfer_eof = ssl_xfer_error = 0;
receive_ferror = tls_ferror;
receive_smtp_buffered = tls_smtp_buffered;
-tls_active = fileno(smtp_out);
+tls_in.active = fileno(smtp_out);
return OK;
}
fd the fd of the connection
host connected host (for messages)
addr the first address
- dhparam DH parameter file
certificate certificate file
privatekey private key file
sni TLS SNI to send to remote host
verify_certs file for certificate verify
crl file containing CRL
require_ciphers list of allowed ciphers
+ dh_min_bits minimum number of bits acceptable in server's DH prime
+ (unused in OpenSSL)
timeout startup timeout
Returns: OK on success
*/
int
-tls_client_start(int fd, host_item *host, address_item *addr, uschar *dhparam,
+tls_client_start(int fd, host_item *host, address_item *addr,
uschar *certificate, uschar *privatekey, uschar *sni,
uschar *verify_certs, uschar *crl,
- uschar *require_ciphers, int timeout)
+ uschar *require_ciphers,
+#ifdef EXPERIMENTAL_OCSP
+ uschar *hosts_require_ocsp,
+#endif
+ int dh_min_bits ARG_UNUSED, int timeout)
{
static uschar txt[256];
uschar *expciphers;
X509* server_cert;
int rc;
+static uschar cipherbuf[256];
+#ifdef EXPERIMENTAL_OCSP
+BOOL require_ocsp = verify_check_this_host(&hosts_require_ocsp,
+ NULL, host->name, host->address, NULL) == OK;
+#endif
-rc = tls_init(host, dhparam, certificate, privatekey,
+rc = tls_init(&client_ctx, host, NULL, certificate, privatekey,
#ifdef EXPERIMENTAL_OCSP
- NULL,
+ require_ocsp ? US"" : NULL,
#endif
- addr);
+ addr, &client_static_cbinfo);
if (rc != OK) return rc;
-tls_certificate_verified = FALSE;
-verify_callback_called = FALSE;
+tls_out.certificate_verified = FALSE;
+client_verify_callback_called = FALSE;
if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers))
return FAIL;
uschar *s = expciphers;
while (*s != 0) { if (*s == '_') *s = '-'; s++; }
DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers);
- if (!SSL_CTX_set_cipher_list(ctx, CS expciphers))
+ if (!SSL_CTX_set_cipher_list(client_ctx, CS expciphers))
return tls_error(US"SSL_CTX_set_cipher_list", host, NULL);
}
-rc = setup_certs(ctx, verify_certs, crl, host, FALSE);
+rc = setup_certs(client_ctx, verify_certs, crl, host, FALSE, verify_callback_client);
if (rc != OK) return rc;
-if ((ssl = SSL_new(ctx)) == NULL) return tls_error(US"SSL_new", host, NULL);
-SSL_set_session_id_context(ssl, sid_ctx, Ustrlen(sid_ctx));
-SSL_set_fd(ssl, fd);
-SSL_set_connect_state(ssl);
+if ((client_ssl = SSL_new(client_ctx)) == NULL) return tls_error(US"SSL_new", host, NULL);
+SSL_set_session_id_context(client_ssl, sid_ctx, Ustrlen(sid_ctx));
+SSL_set_fd(client_ssl, fd);
+SSL_set_connect_state(client_ssl);
if (sni)
{
- if (!expand_check(sni, US"tls_sni", &tls_sni))
+ if (!expand_check(sni, US"tls_sni", &tls_out.sni))
return FAIL;
- if (!Ustrlen(tls_sni))
- tls_sni = NULL;
+ if (tls_out.sni == NULL)
+ {
+ DEBUG(D_tls) debug_printf("Setting TLS SNI forced to fail, not sending\n");
+ }
+ else if (!Ustrlen(tls_out.sni))
+ tls_out.sni = NULL;
else
{
#ifdef EXIM_HAVE_OPENSSL_TLSEXT
- DEBUG(D_tls) debug_printf("Setting TLS SNI \"%s\"\n", tls_sni);
- SSL_set_tlsext_host_name(ssl, tls_sni);
+ DEBUG(D_tls) debug_printf("Setting TLS SNI \"%s\"\n", tls_out.sni);
+ SSL_set_tlsext_host_name(client_ssl, tls_out.sni);
#else
DEBUG(D_tls)
debug_printf("OpenSSL at build-time lacked SNI support, ignoring \"%s\"\n",
- tls_sni);
+ tls_out.sni);
#endif
}
}
+#ifdef EXPERIMENTAL_OCSP
+/* Request certificate status at connection-time. If the server
+does OCSP stapling we will get the callback (set in tls_init()) */
+if (require_ocsp)
+ SSL_set_tlsext_status_type(client_ssl, TLSEXT_STATUSTYPE_ocsp);
+#endif
+
/* There doesn't seem to be a built-in timeout on connection. */
DEBUG(D_tls) debug_printf("Calling SSL_connect\n");
sigalrm_seen = FALSE;
alarm(timeout);
-rc = SSL_connect(ssl);
+rc = SSL_connect(client_ssl);
alarm(0);
if (rc <= 0)
DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");
/* Beware anonymous ciphers which lead to server_cert being NULL */
-server_cert = SSL_get_peer_certificate (ssl);
+server_cert = SSL_get_peer_certificate (client_ssl);
if (server_cert)
{
- tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
+ tls_out.peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
CS txt, sizeof(txt));
- tls_peerdn = txt;
+ tls_out.peerdn = txt;
}
else
- tls_peerdn = NULL;
+ tls_out.peerdn = NULL;
-construct_cipher_name(ssl); /* Sets tls_cipher */
+construct_cipher_name(client_ssl, cipherbuf, sizeof(cipherbuf), &tls_out.bits);
+tls_out.cipher = cipherbuf;
-tls_active = fd;
+tls_out.active = fd;
return OK;
}
Arguments: none
Returns: the next character or EOF
+
+Only used by the server-side TLS.
*/
int
int error;
int inbytes;
- DEBUG(D_tls) debug_printf("Calling SSL_read(%p, %p, %u)\n", ssl,
+ DEBUG(D_tls) debug_printf("Calling SSL_read(%p, %p, %u)\n", server_ssl,
ssl_xfer_buffer, ssl_xfer_buffer_size);
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
- inbytes = SSL_read(ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size);
- error = SSL_get_error(ssl, inbytes);
+ inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size);
+ error = SSL_get_error(server_ssl, inbytes);
alarm(0);
/* SSL_ERROR_ZERO_RETURN appears to mean that the SSL session has been
receive_ferror = smtp_ferror;
receive_smtp_buffered = smtp_buffered;
- SSL_free(ssl);
- ssl = NULL;
- tls_active = -1;
- tls_bits = 0;
- tls_cipher = NULL;
- tls_peerdn = NULL;
- tls_sni = NULL;
+ SSL_free(server_ssl);
+ server_ssl = NULL;
+ tls_in.active = -1;
+ tls_in.bits = 0;
+ tls_in.cipher = NULL;
+ tls_in.peerdn = NULL;
+ tls_in.sni = NULL;
return smtp_getc();
}
Returns: the number of bytes read
-1 after a failed read
+
+Only used by the client-side TLS.
*/
int
-tls_read(uschar *buff, size_t len)
+tls_read(BOOL is_server, uschar *buff, size_t len)
{
+SSL *ssl = is_server ? server_ssl : client_ssl;
int inbytes;
int error;
/*
Arguments:
+ is_server channel specifier
buff buffer of data
len number of bytes
Returns: the number of bytes after a successful write,
-1 after a failed write
+
+Used by both server-side and client-side TLS.
*/
int
-tls_write(const uschar *buff, size_t len)
+tls_write(BOOL is_server, const uschar *buff, size_t len)
{
int outbytes;
int error;
int left = len;
+SSL *ssl = is_server ? server_ssl : client_ssl;
DEBUG(D_tls) debug_printf("tls_do_write(%p, %d)\n", buff, left);
while (left > 0)
log_write(0, LOG_MAIN, "SSL channel closed on write");
return -1;
+ case SSL_ERROR_SYSCALL:
+ log_write(0, LOG_MAIN, "SSL_write: (from %s) syscall: %s",
+ sender_fullhost ? sender_fullhost : US"<unknown>",
+ strerror(errno));
+
default:
log_write(0, LOG_MAIN, "SSL_write error %d", error);
return -1;
Arguments: TRUE if SSL_shutdown is to be called
Returns: nothing
+
+Used by both server-side and client-side TLS.
*/
void
-tls_close(BOOL shutdown)
+tls_close(BOOL is_server, BOOL shutdown)
{
-if (tls_active < 0) return; /* TLS was not active */
+SSL **sslp = is_server ? &server_ssl : &client_ssl;
+int *fdp = is_server ? &tls_in.active : &tls_out.active;
+
+if (*fdp < 0) return; /* TLS was not active */
if (shutdown)
{
DEBUG(D_tls) debug_printf("tls_close(): shutting down SSL\n");
- SSL_shutdown(ssl);
+ SSL_shutdown(*sslp);
}
-SSL_free(ssl);
-ssl = NULL;
+SSL_free(*sslp);
+*sslp = NULL;
-tls_active = -1;
+*fdp = -1;
}
{
unsigned int r;
int i, needed_len;
+static pid_t pidlast = 0;
+pid_t pidnow;
uschar *p;
uschar smallbuf[sizeof(r)];
if (max <= 1)
return 0;
+pidnow = getpid();
+if (pidnow != pidlast)
+ {
+ /* Although OpenSSL documents that "OpenSSL makes sure that the PRNG state
+ is unique for each thread", this doesn't apparently apply across processes,
+ so our own warning from vaguely_random_number_fallback() applies here too.
+ Fix per PostgreSQL. */
+ if (pidlast != 0)
+ RAND_cleanup();
+ pidlast = pidnow;
+ }
+
/* OpenSSL auto-seeds from /dev/random, etc, but this a double-check. */
if (!RAND_status())
{
to apply.
This list is current as of:
- ==> 1.0.1b <== */
+ ==> 1.0.1b <==
+Plus SSL_OP_SAFARI_ECDHE_ECDSA_BUG from 2013-June patch/discussion on openssl-dev
+*/
static struct exim_openssl_option exim_openssl_options[] = {
/* KEEP SORTED ALPHABETICALLY! */
#ifdef SSL_OP_ALL
#ifdef SSL_OP_NO_TLSv1_2
{ US"no_tlsv1_2", SSL_OP_NO_TLSv1_2 },
#endif
+#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+ { US"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG },
+#endif
#ifdef SSL_OP_SINGLE_DH_USE
{ US"single_dh_use", SSL_OP_SINGLE_DH_USE },
#endif
#ifdef USE_GNUTLS
#include "tls-gnu.c"
-#define ssl_xfer_buffer (current_global_tls_state->xfer_buffer)
-#define ssl_xfer_buffer_lwm (current_global_tls_state->xfer_buffer_lwm)
-#define ssl_xfer_buffer_hwm (current_global_tls_state->xfer_buffer_hwm)
-#define ssl_xfer_eof (current_global_tls_state->xfer_eof)
-#define ssl_xfer_error (current_global_tls_state->xfer_error)
+#define ssl_xfer_buffer (state_server.xfer_buffer)
+#define ssl_xfer_buffer_lwm (state_server.xfer_buffer_lwm)
+#define ssl_xfer_buffer_hwm (state_server.xfer_buffer_hwm)
+#define ssl_xfer_eof (state_server.xfer_eof)
+#define ssl_xfer_error (state_server.xfer_error)
#else
#include "tls-openssl.c"
/* Puts a character back in the input buffer. Only ever
called once.
+Only used by the server-side TLS.
Arguments:
ch the character
*************************************************/
/* Tests for a previous EOF
+Only used by the server-side TLS.
Arguments: none
Returns: non-zero if the eof flag is set
/* Tests for a previous read error, and returns with errno
restored to what it was when the error was detected.
+Only used by the server-side TLS.
>>>>> Hmm. Errno not handled yet. Where do we get it from? >>>>>
*************************************************/
/* Tests for unused chars in the TLS input buffer.
+Only used by the server-side TLS.
Arguments: none
Returns: TRUE/FALSE
(void *)(offsetof(transport_instance, envelope_to_add)) },
{ "group", opt_expand_gid|opt_public,
(void *)offsetof(transport_instance, gid) },
- { "headers_add", opt_stringptr|opt_public,
+ { "headers_add", opt_stringptr|opt_public|opt_rep_str,
(void *)offsetof(transport_instance, add_headers) },
{ "headers_only", opt_bool|opt_public,
(void *)offsetof(transport_instance, headers_only) },
- { "headers_remove", opt_stringptr|opt_public,
+ { "headers_remove", opt_stringptr|opt_public|opt_rep_str,
(void *)offsetof(transport_instance, remove_headers) },
{ "headers_rewrite", opt_rewrite|opt_public,
(void *)offsetof(transport_instance, headers_rewrite) },
if (transport_write_timeout <= 0) /* No timeout wanted */
{
#ifdef SUPPORT_TLS
- if (tls_active == fd) rc = tls_write(block, len); else
+ if (tls_out.active == fd) rc = tls_write(FALSE, block, len); else
#endif
rc = write(fd, block, len);
save_errno = errno;
{
alarm(local_timeout);
#ifdef SUPPORT_TLS
- if (tls_active == fd) rc = tls_write(block, len); else
+ if (tls_out.active == fd) rc = tls_write(FALSE, block, len); else
#endif
rc = write(fd, block, len);
save_errno = errno;
int siglen = Ustrlen(dkim_signature);
while(siglen > 0) {
#ifdef SUPPORT_TLS
- if (tls_active == fd) wwritten = tls_write(dkim_signature, siglen); else
+ if (tls_out.active == fd) wwritten = tls_write(FALSE, dkim_signature, siglen); else
#endif
wwritten = write(fd,dkim_signature,siglen);
if (wwritten == -1) {
to the socket. However only if we don't use TLS,
in which case theres another layer of indirection
before the data finally hits the socket. */
- if (tls_active != fd)
+ if (tls_out.active != fd)
{
ssize_t copied = 0;
off_t offset = 0;
/* write the chunk */
DKIM_WRITE:
#ifdef SUPPORT_TLS
- if (tls_active == fd) wwritten = tls_write(US p, sread); else
+ if (tls_out.active == fd) wwritten = tls_write(FALSE, US p, sread); else
#endif
wwritten = write(fd,p,sread);
if (wwritten == -1)
size_limit, add_headers, remove_headers, NULL, NULL,
rewrite_rules, rewrite_existflags);
save_errno = errno;
- (void)write(pfd[pipe_write], (void *)&rc, sizeof(BOOL));
- (void)write(pfd[pipe_write], (void *)&save_errno, sizeof(int));
- (void)write(pfd[pipe_write], (void *)&(addr->more_errno), sizeof(int));
+ if ( write(pfd[pipe_write], (void *)&rc, sizeof(BOOL))
+ != sizeof(BOOL)
+ || write(pfd[pipe_write], (void *)&save_errno, sizeof(int))
+ != sizeof(int)
+ || write(pfd[pipe_write], (void *)&(addr->more_errno), sizeof(int))
+ != sizeof(int)
+ )
+ rc = FALSE; /* compiler quietening */
_exit(0);
}
save_errno = errno;
if (rc == 0)
{
BOOL ok;
- (void)read(pfd[pipe_read], (void *)&ok, sizeof(BOOL));
+ int dummy = read(pfd[pipe_read], (void *)&ok, sizeof(BOOL));
if (!ok)
{
- (void)read(pfd[pipe_read], (void *)&save_errno, sizeof(int));
- (void)read(pfd[pipe_read], (void *)&(addr->more_errno), sizeof(int));
+ dummy = read(pfd[pipe_read], (void *)&save_errno, sizeof(int));
+ dummy = read(pfd[pipe_read], (void *)&(addr->more_errno), sizeof(int));
yield = FALSE;
}
}
memmove(argv + i + 1 + additional, argv + i + 1,
(argcount - i)*sizeof(uschar *));
- for (ad = addr; ad != NULL; ad = ad->next) argv[i++] = ad->address;
+ for (ad = addr; ad != NULL; ad = ad->next) {
+ argv[i++] = ad->address;
+ argcount++;
+ }
+
+ /* Subtract one since we replace $pipe_addresses */
+ argcount--;
+ i--;
+ }
+
+ /* Handle special case of $address_pipe when af_force_command is set */
+
+ else if (addr != NULL && testflag(addr,af_force_command) &&
+ (Ustrcmp(argv[i], "$address_pipe") == 0 ||
+ Ustrcmp(argv[i], "${address_pipe}") == 0))
+ {
+ int address_pipe_i;
+ int address_pipe_argcount = 0;
+ int address_pipe_max_args;
+ uschar **address_pipe_argv;
+
+ /* We can never have more then the argv we will be loading into */
+ address_pipe_max_args = max_args - argcount + 1;
+
+ DEBUG(D_transport)
+ debug_printf("address_pipe_max_args=%d\n", address_pipe_max_args);
+
+ /* We allocate an additional for (uschar *)0 */
+ address_pipe_argv = store_get((address_pipe_max_args+1)*sizeof(uschar *));
+
+ /* +1 because addr->local_part[0] == '|' since af_force_command is set */
+ s = expand_string(addr->local_part + 1);
+
+ if (s == NULL || *s == '\0')
+ {
+ addr->transport_return = FAIL;
+ addr->message = string_sprintf("Expansion of \"%s\" "
+ "from command \"%s\" in %s failed: %s",
+ (addr->local_part + 1), cmd, etext, expand_string_message);
+ return FALSE;
+ }
+
+ while (isspace(*s)) s++; /* strip leading space */
+
+ while (*s != 0 && address_pipe_argcount < address_pipe_max_args)
+ {
+ if (*s == '\'')
+ {
+ ss = s + 1;
+ while (*ss != 0 && *ss != '\'') ss++;
+ address_pipe_argv[address_pipe_argcount++] = ss = store_get(ss - s++);
+ while (*s != 0 && *s != '\'') *ss++ = *s++;
+ if (*s != 0) s++;
+ *ss++ = 0;
+ }
+ else address_pipe_argv[address_pipe_argcount++] = string_dequote(&s);
+ while (isspace(*s)) s++; /* strip space after arg */
+ }
+
+ address_pipe_argv[address_pipe_argcount] = (uschar *)0;
+
+ /* If *s != 0 we have run out of argument slots. */
+ if (*s != 0)
+ {
+ uschar *msg = string_sprintf("Too many arguments in $address_pipe "
+ "\"%s\" in %s", addr->local_part + 1, etext);
+ if (addr != NULL)
+ {
+ addr->transport_return = FAIL;
+ addr->message = msg;
+ }
+ else *errptr = msg;
+ return FALSE;
+ }
+
+ /* address_pipe_argcount - 1
+ * because we are replacing $address_pipe in the argument list
+ * with the first thing it expands to */
+ if (argcount + address_pipe_argcount - 1 > max_args)
+ {
+ addr->transport_return = FAIL;
+ addr->message = string_sprintf("Too many arguments to command "
+ "\"%s\" after expanding $address_pipe in %s", cmd, etext);
+ return FALSE;
+ }
+
+ /* If we are not just able to replace the slot that contained
+ * $address_pipe (address_pipe_argcount == 1)
+ * We have to move the existing argv by address_pipe_argcount - 1
+ * Visually if address_pipe_argcount == 2:
+ * [argv 0][argv 1][argv 2($address_pipe)][argv 3][0]
+ * [argv 0][argv 1][ap_arg0][ap_arg1][old argv 3][0]
+ */
+ if (address_pipe_argcount > 1)
+ memmove(
+ /* current position + additonal args */
+ argv + i + address_pipe_argcount,
+ /* current position + 1 (for the (uschar *)0 at the end) */
+ argv + i + 1,
+ /* -1 for the (uschar *)0 at the end)*/
+ (argcount - i)*sizeof(uschar *)
+ );
+
+ /* Now we fill in the slots we just moved argv out of
+ * [argv 0][argv 1][argv 2=pipeargv[0]][argv 3=pipeargv[1]][old argv 3][0]
+ */
+ for (address_pipe_i = 0;
+ address_pipe_argv[address_pipe_i] != (uschar *)0;
+ address_pipe_i++)
+ {
+ argv[i++] = address_pipe_argv[address_pipe_i];
+ argcount++;
+ }
+
+ /* Subtract one since we replace $address_pipe */
+ argcount--;
i--;
}
/* We have successfully created and opened the file. Ensure that the group
and the mode are correct. */
- (void)Uchown(filename, uid, gid);
- (void)Uchmod(filename, mode);
+ if(Uchown(filename, uid, gid) || Uchmod(filename, mode))
+ {
+ addr->basic_errno = errno;
+ addr->message = string_sprintf("while setting perms on mailbox %s",
+ filename);
+ addr->transport_return = FAIL;
+ goto RETURN;
+ }
}
/* Why are these here? Put in because they are present in the non-maildir
directory case above. */
- (void)Uchown(filename, uid, gid);
- (void)Uchmod(filename, mode);
+ if(Uchown(filename, uid, gid) || Uchmod(filename, mode))
+ {
+ addr->basic_errno = errno;
+ addr->message = string_sprintf("while setting perms on maildir %s",
+ filename);
+ return FALSE;
+ }
}
#endif /* SUPPORT_MAILDIR */
/* Why are these here? Put in because they are present in the non-maildir
directory case above. */
- (void)Uchown(filename, uid, gid);
- (void)Uchmod(filename, mode);
+ if(Uchown(filename, uid, gid) || Uchmod(filename, mode))
+ {
+ addr->basic_errno = errno;
+ addr->message = string_sprintf("while setting perms on file %s",
+ filename);
+ return FALSE;
+ }
/* Built a C stream from the open file descriptor. */
Uunlink(filename);
return FALSE;
}
- (void)Uchown(dataname, uid, gid);
- (void)Uchmod(dataname, mode);
+ if(Uchown(dataname, uid, gid) || Uchmod(dataname, mode))
+ {
+ addr->basic_errno = errno;
+ addr->message = string_sprintf("while setting perms on file %s",
+ dataname);
+ return FALSE;
+ }
}
#endif /* SUPPORT_MAILSTORE */
/* In all cases of writing to a new file, ensure that the file which is
going to be renamed has the correct ownership and mode. */
- (void)Uchown(filename, uid, gid);
- (void)Uchmod(filename, mode);
+ if(Uchown(filename, uid, gid) || Uchmod(filename, mode))
+ {
+ addr->basic_errno = errno;
+ addr->message = string_sprintf("while setting perms on file %s",
+ filename);
+ return FALSE;
+ }
}
investigated so far have ftruncate(), whereas not all have the F_FREESP
fcntl() call (BSDI & FreeBSD do not). */
- if (!isdirectory) (void)ftruncate(fd, saved_size);
+ if (!isdirectory && ftruncate(fd, saved_size))
+ DEBUG(D_transport) debug_printf("Error restting file size\n");
}
/* Handle successful writing - we want the modification time to be now for
uschar *ptr = log_buffer;
sprintf(CS ptr, "%s\n previously sent to %.200s\n", tod_stamp(tod_log), to);
while(*ptr) ptr++;
- (void)write(log_fd, log_buffer, ptr - log_buffer);
- (void)close(log_fd);
+ if(write(log_fd, log_buffer, ptr - log_buffer) != ptr-log_buffer
+ || close(log_fd))
+ DEBUG(D_transport) debug_printf("Problem writing log file %s for %s "
+ "transport\n", logfile, tblock->name);
}
goto END_OFF;
}
}
memcpy(cache_time, &now, sizeof(time_t));
- (void)write(cache_fd, from, size);
+ if(write(cache_fd, from, size) != size)
+ DEBUG(D_transport) debug_printf("Problem writing cache file %s for %s "
+ "transport\n", oncelog, tblock->name);
}
/* Update DBM file */
" %s\n", headers);
while(*ptr) ptr++;
}
- (void)write(log_fd, log_buffer, ptr - log_buffer);
- (void)close(log_fd);
+ if(write(log_fd, log_buffer, ptr - log_buffer) != ptr-log_buffer
+ || close(log_fd))
+ DEBUG(D_transport) debug_printf("Problem writing log file %s for %s "
+ "transport\n", logfile, tblock->name);
}
else DEBUG(D_transport) debug_printf("Failed to open log file %s for %s "
"transport: %s\n", logfile, tblock->name, strerror(errno));
(void *)offsetof(pipe_transport_options_block, environment) },
{ "escape_string", opt_stringptr,
(void *)offsetof(pipe_transport_options_block, escape_string) },
+ { "force_command", opt_bool,
+ (void *)offsetof(pipe_transport_options_block, force_command) },
{ "freeze_exec_fail", opt_bool,
(void *)offsetof(pipe_transport_options_block, freeze_exec_fail) },
{ "freeze_signal", opt_bool,
20480, /* max_output */
60*60, /* timeout */
0, /* options */
+ FALSE, /* force_command */
FALSE, /* freeze_exec_fail */
FALSE, /* freeze_signal */
FALSE, /* ignore_status */
if (errno != ENOSYS && errno != ENOTSUP)
#endif
log_write(0, LOG_MAIN,
- "delivery setrlimit(RLIMIT_CORE, RLIMI_INFINITY) failed: %s",
+ "delivery setrlimit(RLIMIT_CORE, RLIM_INFINITY) failed: %s",
strerror(errno));
}
}
if (testflag(addr, af_pfr) && addr->local_part[0] == '|')
{
- cmd = addr->local_part + 1;
- while (isspace(*cmd)) cmd++;
- expand_arguments = testflag(addr, af_expand_pipe);
- expand_fail = FAIL;
+ if (ob->force_command)
+ {
+ /* Enables expansion of $address_pipe into seperate arguments */
+ setflag(addr, af_force_command);
+ cmd = ob->cmd;
+ expand_arguments = TRUE;
+ expand_fail = PANIC;
+ }
+ else
+ {
+ cmd = addr->local_part + 1;
+ while (isspace(*cmd)) cmd++;
+ expand_arguments = testflag(addr, af_expand_pipe);
+ expand_fail = FAIL;
+ }
}
else
{
expand_fail = PANIC;
}
-/* If no command has been supplied, we are in trouble. */
+/* If no command has been supplied, we are in trouble.
+ * We also check for an empty string since it may be
+ * coming from addr->local_part[0] == '|'
+ */
-if (cmd == NULL)
+if (cmd == NULL || *cmd == '\0')
{
addr->transport_return = DEFER;
addr->message = string_sprintf("no command specified for %s transport",
while ((rc = read(fd_out, big_buffer, big_buffer_size)) > 0)
{
if (addr->return_file >= 0)
- write(addr->return_file, big_buffer, rc);
+ if(write(addr->return_file, big_buffer, rc) != rc)
+ DEBUG(D_transport) debug_printf("Problem writing to return_file\n");
count += rc;
if (count > ob->max_output)
{
- uschar *message = US"\n\n*** Too much output - remainder discarded ***\n";
DEBUG(D_transport) debug_printf("Too much output from pipe - killed\n");
if (addr->return_file >= 0)
- write(addr->return_file, message, Ustrlen(message));
+ {
+ uschar *message = US"\n\n*** Too much output - remainder discarded ***\n";
+ rc = Ustrlen(message);
+ if(write(addr->return_file, message, rc) != rc)
+ DEBUG(D_transport) debug_printf("Problem writing to return_file\n");
+ }
killpg(pid, SIGKILL);
break;
}
int max_output;
int timeout;
int options;
+ BOOL force_command;
BOOL freeze_exec_fail;
BOOL freeze_signal;
BOOL ignore_status;
(void *)offsetof(smtp_transport_options_block, dns_qualify_single) },
{ "dns_search_parents", opt_bool,
(void *)offsetof(smtp_transport_options_block, dns_search_parents) },
+ { "dscp", opt_stringptr,
+ (void *)offsetof(smtp_transport_options_block, dscp) },
{ "fallback_hosts", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, fallback_hosts) },
{ "final_timeout", opt_time,
{ "hosts_require_auth", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_require_auth) },
#ifdef SUPPORT_TLS
+# if defined EXPERIMENTAL_OCSP
+ { "hosts_require_ocsp", opt_stringptr,
+ (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) },
+# endif
{ "hosts_require_tls", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_require_tls) },
#endif
{ "hosts_try_auth", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, hosts_try_auth) },
+#ifdef EXPERIMENTAL_PRDR
+ { "hosts_try_prdr", opt_stringptr,
+ (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) },
+#endif
+#ifdef SUPPORT_TLS
+ { "hosts_verify_avoid_tls", opt_stringptr,
+ (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) },
+#endif
{ "interface", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, interface) },
{ "keepalive", opt_bool,
(void *)offsetof(smtp_transport_options_block, tls_certificate) },
{ "tls_crl", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, tls_crl) },
+ { "tls_dh_min_bits", opt_int,
+ (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) },
{ "tls_privatekey", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, tls_privatekey) },
{ "tls_require_ciphers", opt_stringptr,
NULL, /* interface */
NULL, /* port */
US"smtp", /* protocol */
+ NULL, /* DSCP */
NULL, /* serialize_hosts */
NULL, /* hosts_try_auth */
NULL, /* hosts_require_auth */
+#ifdef EXPERIMENTAL_PRDR
+ NULL, /* hosts_try_prdr */
+#endif
+#ifdef EXPERIMENTAL_OCSP
+ NULL, /* hosts_require_ocsp */
+#endif
NULL, /* hosts_require_tls */
NULL, /* hosts_avoid_tls */
+ US"*", /* hosts_verify_avoid_tls */
NULL, /* hosts_avoid_pipelining */
NULL, /* hosts_avoid_esmtp */
NULL, /* hosts_nopass_tls */
NULL, /* gnutls_require_kx */
NULL, /* gnutls_require_mac */
NULL, /* gnutls_require_proto */
+ NULL, /* tls_sni */
NULL, /* tls_verify_certificates */
- TRUE, /* tls_tempfail_tryclear */
- NULL /* tls_sni */
+ EXIM_CLIENT_DH_DEFAULT_MIN_BITS,
+ /* tls_dh_min_bits */
+ TRUE /* tls_tempfail_tryclear */
#endif
#ifndef DISABLE_DKIM
,NULL, /* dkim_canon */
+/* Do the client side of smtp-level authentication */
+/*
+Arguments:
+ buffer EHLO response from server (gets overwritten)
+ addrlist chain of potential addresses to deliver
+ host host to deliver to
+ ob transport options
+ ibp, obp comms channel control blocks
+
+Returns:
+ OK Success, or failed (but not required): global "smtp_authenticated" set
+ DEFER Failed authentication (and was required)
+ ERROR Internal problem
+
+ FAIL_SEND Failed communications - transmit
+ FAIL - response
+*/
+
+int
+smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host,
+ smtp_transport_options_block *ob, BOOL is_esmtp,
+ smtp_inblock *ibp, smtp_outblock *obp)
+{
+ int require_auth;
+ uschar *fail_reason = US"server did not advertise AUTH support";
+
+ smtp_authenticated = FALSE;
+ client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
+ require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
+ host->name, host->address, NULL);
+
+ if (is_esmtp && !regex_AUTH) regex_AUTH =
+ regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)",
+ FALSE, TRUE);
+
+ if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
+ {
+ uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
+ expand_nmax = -1; /* reset */
+
+ /* Must not do this check until after we have saved the result of the
+ regex match above. */
+
+ if (require_auth == OK ||
+ verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name,
+ host->address, NULL) == OK)
+ {
+ auth_instance *au;
+ fail_reason = US"no common mechanisms were found";
+
+ DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
+
+ /* Scan the configured authenticators looking for one which is configured
+ for use as a client, which is not suppressed by client_condition, and
+ whose name matches an authentication mechanism supported by the server.
+ If one is found, attempt to authenticate by calling its client function.
+ */
+
+ for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
+ {
+ uschar *p = names;
+ if (!au->client ||
+ (au->client_condition != NULL &&
+ !expand_check_condition(au->client_condition, au->name,
+ US"client authenticator")))
+ {
+ DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
+ au->name,
+ (au->client)? "client_condition is false" :
+ "not configured as a client");
+ continue;
+ }
+
+ /* Loop to scan supported server mechanisms */
+
+ while (*p != 0)
+ {
+ int rc;
+ int len = Ustrlen(au->public_name);
+ while (isspace(*p)) p++;
+
+ if (strncmpic(au->public_name, p, len) != 0 ||
+ (p[len] != 0 && !isspace(p[len])))
+ {
+ while (*p != 0 && !isspace(*p)) p++;
+ continue;
+ }
+
+ /* Found data for a listed mechanism. Call its client entry. Set
+ a flag in the outblock so that data is overwritten after sending so
+ that reflections don't show it. */
+
+ fail_reason = US"authentication attempt(s) failed";
+ obp->authenticating = TRUE;
+ rc = (au->info->clientcode)(au, ibp, obp,
+ ob->command_timeout, buffer, bufsize);
+ obp->authenticating = FALSE;
+ DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
+ au->name, rc);
+
+ /* A temporary authentication failure must hold up delivery to
+ this host. After a permanent authentication failure, we carry on
+ to try other authentication methods. If all fail hard, try to
+ deliver the message unauthenticated unless require_auth was set. */
+
+ switch(rc)
+ {
+ case OK:
+ smtp_authenticated = TRUE; /* stops the outer loop */
+ client_authenticator = au->name;
+ if (au->set_client_id != NULL)
+ client_authenticated_id = expand_string(au->set_client_id);
+ break;
+
+ /* Failure after writing a command */
+
+ case FAIL_SEND:
+ return FAIL_SEND;
+
+ /* Failure after reading a response */
+
+ case FAIL:
+ if (errno != 0 || buffer[0] != '5') return FAIL;
+ log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
+ au->name, host->name, host->address, buffer);
+ break;
+
+ /* Failure by some other means. In effect, the authenticator
+ decided it wasn't prepared to handle this case. Typically this
+ is the result of "fail" in an expansion string. Do we need to
+ log anything here? Feb 2006: a message is now put in the buffer
+ if logging is required. */
+
+ case CANCELLED:
+ if (*buffer != 0)
+ log_write(0, LOG_MAIN, "%s authenticator cancelled "
+ "authentication H=%s [%s] %s", au->name, host->name,
+ host->address, buffer);
+ break;
+
+ /* Internal problem, message in buffer. */
+
+ case ERROR:
+ set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE);
+ return ERROR;
+ }
+
+ break; /* If not authenticated, try next authenticator */
+ } /* Loop for scanning supported server mechanisms */
+ } /* Loop for further authenticators */
+ }
+ }
+
+ /* If we haven't authenticated, but are required to, give up. */
+
+ if (require_auth == OK && !smtp_authenticated)
+ {
+ set_errno(addrlist, ERRNO_AUTHFAIL,
+ string_sprintf("authentication required but %s", fail_reason), DEFER,
+ FALSE);
+ return DEFER;
+ }
+
+ return OK;
+}
+
+
+/* Construct AUTH appendix string for MAIL TO */
+/*
+Arguments
+ buffer to build string
+ addrlist chain of potential addresses to deliver
+ ob transport options
+
+Globals smtp_authenticated
+ client_authenticated_sender
+Return True on error, otherwise buffer has (possibly empty) terminated string
+*/
+
+BOOL
+smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist,
+ smtp_transport_options_block *ob)
+{
+uschar *local_authenticated_sender = authenticated_sender;
+
+#ifdef notdef
+ debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N");
+#endif
+
+if (ob->authenticated_sender != NULL)
+ {
+ uschar *new = expand_string(ob->authenticated_sender);
+ if (new == NULL)
+ {
+ if (!expand_string_forcedfail)
+ {
+ uschar *message = string_sprintf("failed to expand "
+ "authenticated_sender: %s", expand_string_message);
+ set_errno(addrlist, 0, message, DEFER, FALSE);
+ return TRUE;
+ }
+ }
+ else if (new[0] != 0) local_authenticated_sender = new;
+ }
+
+/* Add the authenticated sender address if present */
+
+if ((smtp_authenticated || ob->authenticated_sender_force) &&
+ local_authenticated_sender != NULL)
+ {
+ string_format(buffer, bufsize, " AUTH=%s",
+ auth_xtextencode(local_authenticated_sender,
+ Ustrlen(local_authenticated_sender)));
+ client_authenticated_sender = string_copy(local_authenticated_sender);
+ }
+else
+ *buffer= 0;
+
+return FALSE;
+}
+
+
+
/*************************************************
* Deliver address list to given host *
*************************************************/
BOOL esmtp = TRUE;
BOOL pending_MAIL;
BOOL pass_message = FALSE;
+#ifdef EXPERIMENTAL_PRDR
+BOOL prdr_offered = FALSE;
+BOOL prdr_active;
+#endif
smtp_inblock inblock;
smtp_outblock outblock;
int max_rcpt = tblock->max_addresses;
uschar *igquotstr = US"";
-uschar *local_authenticated_sender = authenticated_sender;
uschar *helo_data = NULL;
uschar *message = NULL;
uschar new_message_id[MESSAGE_ID_LENGTH + 1];
/* Reset the parameters of a TLS session. */
-tls_bits = 0;
-tls_cipher = NULL;
-tls_peerdn = NULL;
+tls_in.bits = 0;
+tls_in.cipher = NULL; /* for back-compatible behaviour */
+tls_in.peerdn = NULL;
#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
-tls_sni = NULL;
+tls_in.sni = NULL;
#endif
-/* If an authenticated_sender override has been specified for this transport
-instance, expand it. If the expansion is forced to fail, and there was already
-an authenticated_sender for this message, the original value will be used.
-Other expansion failures are serious. An empty result is ignored, but there is
-otherwise no check - this feature is expected to be used with LMTP and other
-cases where non-standard addresses (e.g. without domains) might be required. */
-
-if (ob->authenticated_sender != NULL)
- {
- uschar *new = expand_string(ob->authenticated_sender);
- if (new == NULL)
- {
- if (!expand_string_forcedfail)
- {
- uschar *message = string_sprintf("failed to expand "
- "authenticated_sender: %s", expand_string_message);
- set_errno(addrlist, 0, message, DEFER, FALSE);
- return ERROR;
- }
- }
- else if (new[0] != 0) local_authenticated_sender = new;
- }
+tls_out.bits = 0;
+tls_out.cipher = NULL; /* the one we may use for this transport */
+tls_out.peerdn = NULL;
+#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+tls_out.sni = NULL;
+#endif
#ifndef SUPPORT_TLS
if (smtps)
{
inblock.sock = outblock.sock =
smtp_connect(host, host_af, port, interface, ob->connect_timeout,
- ob->keepalive); /* This puts port into host->port */
+ ob->keepalive, ob->dscp); /* This puts port into host->port */
if (inblock.sock < 0)
{
pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0,
PCRE_EOPT, NULL, 0) >= 0;
#endif
+
+ #ifdef EXPERIMENTAL_PRDR
+ prdr_offered = esmtp &&
+ (pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0,
+ PCRE_EOPT, NULL, 0) >= 0) &&
+ (verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
+ host->address, NULL) == OK);
+
+ if (prdr_offered)
+ {DEBUG(D_transport) debug_printf("PRDR usable\n");}
+ #endif
}
/* For continuing deliveries down the same channel, the socket is the standard
int rc = tls_client_start(inblock.sock,
host,
addrlist,
- NULL, /* No DH param */
ob->tls_certificate,
ob->tls_privatekey,
ob->tls_sni,
ob->tls_verify_certificates,
ob->tls_crl,
ob->tls_require_ciphers,
+#ifdef EXPERIMENTAL_OCSP
+ ob->hosts_require_ocsp,
+#endif
+ ob->tls_dh_min_bits,
ob->command_timeout);
/* TLS negotiation failed; give an error. From outside, this function may
{
if (addr->transport_return == PENDING_DEFER)
{
- addr->cipher = tls_cipher;
- addr->peerdn = tls_peerdn;
+ addr->cipher = tls_out.cipher;
+ addr->peerdn = tls_out.peerdn;
}
}
}
expand it here. $sending_ip_address and $sending_port are set up right at the
start of the Exim process (in exim.c). */
-if (tls_active >= 0)
+if (tls_out.active >= 0)
{
char *greeting_cmd;
if (helo_data == NULL)
if (continue_hostname == NULL
#ifdef SUPPORT_TLS
- || tls_active >= 0
+ || tls_out.active >= 0
#endif
)
{
- int require_auth;
- uschar *fail_reason = US"server did not advertise AUTH support";
-
/* Set for IGNOREQUOTA if the response to LHLO specifies support and the
lmtp_ignore_quota option was set. */
DEBUG(D_transport) debug_printf("%susing PIPELINING\n",
smtp_use_pipelining? "" : "not ");
+#ifdef EXPERIMENTAL_PRDR
+ prdr_offered = esmtp &&
+ pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0,
+ PCRE_EOPT, NULL, 0) >= 0 &&
+ verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name,
+ host->address, NULL) == OK;
+
+ if (prdr_offered)
+ {DEBUG(D_transport) debug_printf("PRDR usable\n");}
+#endif
+
/* Note if the response to EHLO specifies support for the AUTH extension.
If it has, check that this host is one we want to authenticate to, and do
the business. The host name and address must be available when the
authenticator's client driver is running. */
- smtp_authenticated = FALSE;
- require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
- host->name, host->address, NULL);
-
- if (esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1))
+ switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host,
+ ob, esmtp, &inblock, &outblock))
{
- uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]);
- expand_nmax = -1; /* reset */
-
- /* Must not do this check until after we have saved the result of the
- regex match above. */
-
- if (require_auth == OK ||
- verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name,
- host->address, NULL) == OK)
- {
- auth_instance *au;
- fail_reason = US"no common mechanisms were found";
-
- DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
-
- /* Scan the configured authenticators looking for one which is configured
- for use as a client, which is not suppressed by client_condition, and
- whose name matches an authentication mechanism supported by the server.
- If one is found, attempt to authenticate by calling its client function.
- */
-
- for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
- {
- uschar *p = names;
- if (!au->client ||
- (au->client_condition != NULL &&
- !expand_check_condition(au->client_condition, au->name,
- US"client authenticator")))
- {
- DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
- au->name,
- (au->client)? "client_condition is false" :
- "not configured as a client");
- continue;
- }
-
- /* Loop to scan supported server mechanisms */
-
- while (*p != 0)
- {
- int rc;
- int len = Ustrlen(au->public_name);
- while (isspace(*p)) p++;
-
- if (strncmpic(au->public_name, p, len) != 0 ||
- (p[len] != 0 && !isspace(p[len])))
- {
- while (*p != 0 && !isspace(*p)) p++;
- continue;
- }
-
- /* Found data for a listed mechanism. Call its client entry. Set
- a flag in the outblock so that data is overwritten after sending so
- that reflections don't show it. */
-
- fail_reason = US"authentication attempt(s) failed";
- outblock.authenticating = TRUE;
- rc = (au->info->clientcode)(au, &inblock, &outblock,
- ob->command_timeout, buffer, sizeof(buffer));
- outblock.authenticating = FALSE;
- DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n",
- au->name, rc);
-
- /* A temporary authentication failure must hold up delivery to
- this host. After a permanent authentication failure, we carry on
- to try other authentication methods. If all fail hard, try to
- deliver the message unauthenticated unless require_auth was set. */
-
- switch(rc)
- {
- case OK:
- smtp_authenticated = TRUE; /* stops the outer loop */
- break;
-
- /* Failure after writing a command */
-
- case FAIL_SEND:
- goto SEND_FAILED;
-
- /* Failure after reading a response */
-
- case FAIL:
- if (errno != 0 || buffer[0] != '5') goto RESPONSE_FAILED;
- log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s",
- au->name, host->name, host->address, buffer);
- break;
-
- /* Failure by some other means. In effect, the authenticator
- decided it wasn't prepared to handle this case. Typically this
- is the result of "fail" in an expansion string. Do we need to
- log anything here? Feb 2006: a message is now put in the buffer
- if logging is required. */
-
- case CANCELLED:
- if (*buffer != 0)
- log_write(0, LOG_MAIN, "%s authenticator cancelled "
- "authentication H=%s [%s] %s", au->name, host->name,
- host->address, buffer);
- break;
-
- /* Internal problem, message in buffer. */
-
- case ERROR:
- yield = ERROR;
- set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE);
- goto SEND_QUIT;
- }
-
- break; /* If not authenticated, try next authenticator */
- } /* Loop for scanning supported server mechanisms */
- } /* Loop for further authenticators */
- }
- }
-
- /* If we haven't authenticated, but are required to, give up. */
-
- if (require_auth == OK && !smtp_authenticated)
- {
- yield = DEFER;
- set_errno(addrlist, ERRNO_AUTHFAIL,
- string_sprintf("authentication required but %s", fail_reason), DEFER,
- FALSE);
- goto SEND_QUIT;
+ default: goto SEND_QUIT;
+ case OK: break;
+ case FAIL_SEND: goto SEND_FAILED;
+ case FAIL: goto RESPONSE_FAILED;
}
}
while (*p) p++;
}
-/* Add the authenticated sender address if present */
-
-if ((smtp_authenticated || ob->authenticated_sender_force) &&
- local_authenticated_sender != NULL)
+#ifdef EXPERIMENTAL_PRDR
+prdr_active = FALSE;
+if (prdr_offered)
{
- string_format(p, sizeof(buffer) - (p-buffer), " AUTH=%s",
- auth_xtextencode(local_authenticated_sender,
- Ustrlen(local_authenticated_sender)));
+ for (addr = first_addr; addr; addr = addr->next)
+ if (addr->transport_return == PENDING_DEFER)
+ {
+ for (addr = addr->next; addr; addr = addr->next)
+ if (addr->transport_return == PENDING_DEFER)
+ { /* at least two recipients to send */
+ prdr_active = TRUE;
+ sprintf(CS p, " PRDR"); p += 5;
+ goto prdr_is_active;
+ }
+ break;
+ }
}
+prdr_is_active:
+#endif
+
+/* If an authenticated_sender override has been specified for this transport
+instance, expand it. If the expansion is forced to fail, and there was already
+an authenticated_sender for this message, the original value will be used.
+Other expansion failures are serious. An empty result is ignored, but there is
+otherwise no check - this feature is expected to be used with LMTP and other
+cases where non-standard addresses (e.g. without domains) might be required. */
+
+if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob))
+ return ERROR;
/* From here until we send the DATA command, we can make use of PIPELINING
if the server host supports it. The code has to be able to check the responses
smtp_command = US"end of data";
- /* For SMTP, we now read a single response that applies to the whole message.
- If it is OK, then all the addresses have been delivered. */
+#ifdef EXPERIMENTAL_PRDR
+ /* For PRDR we optionally get a partial-responses warning
+ * followed by the individual responses, before going on with
+ * the overall response. If we don't get the warning then deal
+ * with per non-PRDR. */
+ if(prdr_active)
+ {
+ ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3',
+ ob->final_timeout);
+ if (!ok && errno == 0)
+ switch(buffer[0])
+ {
+ case '2': prdr_active = FALSE;
+ ok = TRUE;
+ break;
+ case '4': errno = ERRNO_DATA4XX;
+ addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
+ break;
+ }
+ }
+ else
+#endif
+
+ /* For non-PRDR SMTP, we now read a single response that applies to the
+ whole message. If it is OK, then all the addresses have been delivered. */
if (!lmtp)
{
conf = (s == buffer)? (uschar *)string_copy(s) : s;
}
- /* Process all transported addresses - for LMTP, read a status for
+ /* Process all transported addresses - for LMTP or PRDR, read a status for
each one. */
for (addr = addrlist; addr != first_addr; addr = addr->next)
address. For temporary errors, add a retry item for the address so that
it doesn't get tried again too soon. */
+#ifdef EXPERIMENTAL_PRDR
+ if (lmtp || prdr_active)
+#else
if (lmtp)
+#endif
{
if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
ob->final_timeout))
{
if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED;
- addr->message = string_sprintf("LMTP error after %s: %s",
+ addr->message = string_sprintf(
+#ifdef EXPERIMENTAL_PRDR
+ "%s error after %s: %s", prdr_active ? "PRDR":"LMTP",
+#else
+ "LMTP error after %s: %s",
+#endif
big_buffer, string_printing(buffer));
setflag(addr, af_pass_message); /* Allow message to go to user */
if (buffer[0] == '5')
errno = ERRNO_DATA4XX;
addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
addr->transport_return = DEFER;
- retry_add_item(addr, addr->address_retry_key, 0);
+#ifdef EXPERIMENTAL_PRDR
+ if (!prdr_active)
+#endif
+ retry_add_item(addr, addr->address_retry_key, 0);
}
continue;
}
addr->host_used = thost;
addr->special_action = flag;
addr->message = conf;
+#ifdef EXPERIMENTAL_PRDR
+ if (prdr_active) addr->flags |= af_prdr_used;
+#endif
flag = '-';
- /* Update the journal. For homonymic addresses, use the base address plus
- the transport name. See lots of comments in deliver.c about the reasons
- for the complications when homonyms are involved. Just carry on after
- write error, as it may prove possible to update the spool file later. */
-
- if (testflag(addr, af_homonym))
- sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
- else
- sprintf(CS buffer, "%.500s\n", addr->unique);
-
- DEBUG(D_deliver) debug_printf("journalling %s", buffer);
- len = Ustrlen(CS buffer);
- if (write(journal_fd, buffer, len) != len)
- log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
- "%s: %s", buffer, strerror(errno));
+#ifdef EXPERIMENTAL_PRDR
+ if (!prdr_active)
+#endif
+ {
+ /* Update the journal. For homonymic addresses, use the base address plus
+ the transport name. See lots of comments in deliver.c about the reasons
+ for the complications when homonyms are involved. Just carry on after
+ write error, as it may prove possible to update the spool file later. */
+
+ if (testflag(addr, af_homonym))
+ sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
+ else
+ sprintf(CS buffer, "%.500s\n", addr->unique);
+
+ DEBUG(D_deliver) debug_printf("journalling %s", buffer);
+ len = Ustrlen(CS buffer);
+ if (write(journal_fd, buffer, len) != len)
+ log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
+ "%s: %s", buffer, strerror(errno));
+ }
}
+#ifdef EXPERIMENTAL_PRDR
+ if (prdr_active)
+ {
+ /* PRDR - get the final, overall response. For any non-success
+ upgrade all the address statuses. */
+ ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2',
+ ob->final_timeout);
+ if (!ok)
+ {
+ if(errno == 0 && buffer[0] == '4')
+ {
+ errno = ERRNO_DATA4XX;
+ addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8;
+ }
+ for (addr = addrlist; addr != first_addr; addr = addr->next)
+ if (buffer[0] == '5' || addr->transport_return == OK)
+ addr->transport_return = PENDING_OK; /* allow set_errno action */
+ goto RESPONSE_FAILED;
+ }
+
+ /* Update the journal, or setup retry. */
+ for (addr = addrlist; addr != first_addr; addr = addr->next)
+ if (addr->transport_return == OK)
+ {
+ if (testflag(addr, af_homonym))
+ sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name);
+ else
+ sprintf(CS buffer, "%.500s\n", addr->unique);
+
+ DEBUG(D_deliver) debug_printf("journalling(PRDR) %s", buffer);
+ len = Ustrlen(CS buffer);
+ if (write(journal_fd, buffer, len) != len)
+ log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for "
+ "%s: %s", buffer, strerror(errno));
+ }
+ else if (addr->transport_return == DEFER)
+ retry_add_item(addr, addr->address_retry_key, -2);
+ }
+#endif
+
/* Ensure the journal file is pushed out to disk. */
if (EXIMfsync(journal_fd) < 0)
BOOL more;
if (first_addr != NULL || continue_more ||
(
- (tls_active < 0 ||
+ (tls_out.active < 0 ||
verify_check_this_host(&(ob->hosts_nopass_tls), NULL, host->name,
host->address, NULL) != OK)
&&
don't get a good response, we don't attempt to pass the socket on. */
#ifdef SUPPORT_TLS
- if (tls_active >= 0)
+ if (tls_out.active >= 0)
{
- tls_close(TRUE);
+ tls_close(FALSE, TRUE);
if (smtps)
ok = FALSE;
else
END_OFF:
#ifdef SUPPORT_TLS
-tls_close(TRUE);
+tls_close(FALSE, TRUE);
#endif
/* Close the socket, and return the appropriate value, first setting
/* Update the database which keeps information about which messages are waiting
for which hosts to become available. For some message-specific errors, the
update_waiting flag is turned off because we don't want follow-on deliveries in
-those cases. */
+those cases. If this transport instance is explicitly limited to one message
+per connection then follow-on deliveries are not possible and there's no need
+to create/update the per-transport wait-<transport_name> database. */
-if (update_waiting) transport_update_waiting(hostlist, tblock->name);
+if (update_waiting && tblock->connection_max_messages != 1)
+ transport_update_waiting(hostlist, tblock->name);
END_TRANSPORT:
uschar *interface;
uschar *port;
uschar *protocol;
+ uschar *dscp;
uschar *serialize_hosts;
uschar *hosts_try_auth;
uschar *hosts_require_auth;
+#ifdef EXPERIMENTAL_PRDR
+ uschar *hosts_try_prdr;
+#endif
+#ifdef EXPERIMENTAL_OCSP
+ uschar *hosts_require_ocsp;
+#endif
uschar *hosts_require_tls;
uschar *hosts_avoid_tls;
+ uschar *hosts_verify_avoid_tls;
uschar *hosts_avoid_pipelining;
uschar *hosts_avoid_esmtp;
uschar *hosts_nopass_tls;
uschar *gnutls_require_kx;
uschar *gnutls_require_mac;
uschar *gnutls_require_proto;
+ uschar *tls_sni;
uschar *tls_verify_certificates;
+ int tls_dh_min_bits;
BOOL tls_tempfail_tryclear;
- uschar *tls_sni;
#endif
#ifndef DISABLE_DKIM
uschar *dkim_domain;
extern void smtp_transport_init(transport_instance *);
extern void smtp_transport_closedown(transport_instance *);
+
+
+extern int smtp_auth(uschar *, unsigned, address_item *, host_item *,
+ smtp_transport_options_block *, BOOL,
+ smtp_inblock *, smtp_outblock *);
+extern BOOL smtp_mail_auth_str(uschar *, unsigned,
+ address_item *, smtp_transport_options_block *);
+
/* End of transports/smtp.h */
sprintf(CS buffer, "%d 1\n", size);
len = Ustrlen(buffer);
(void)lseek(fd, 0, SEEK_END);
-(void)write(fd, buffer, len);
+len = write(fd, buffer, len);
DEBUG(D_transport)
debug_printf("added '%.*s' to maildirsize file\n", len-1, buffer);
}
#include "exim.h"
+#include "transports/smtp.h"
+
+#define CUTTHROUGH_CMD_TIMEOUT 30 /* timeout for cutthrough-routing calls */
+#define CUTTHROUGH_DATA_TIMEOUT 60 /* timeout for cutthrough-routing calls */
+address_item cutthrough_addr;
+static smtp_outblock ctblock;
+uschar ctbuffer[8192];
/* Structure for caching DNSBL lookups */
dbm_file = NULL;
}
-/* The information wasn't available in the cache, so we have to do a real
-callout and save the result in the cache for next time, unless no_cache is set,
-or unless we have a previously cached negative random result. If we are to test
-with a random local part, ensure that such a local part is available. If not,
-log the fact, but carry on without randomming. */
-
-if (callout_random && callout_random_local_part != NULL)
+if (!addr->transport)
{
- random_local_part = expand_string(callout_random_local_part);
- if (random_local_part == NULL)
- log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
- "callout_random_local_part: %s", expand_string_message);
+ HDEBUG(D_verify) debug_printf("cannot callout via null transport\n");
}
+else
+ {
+ smtp_transport_options_block *ob =
+ (smtp_transport_options_block *)(addr->transport->options_block);
-/* Default the connect and overall callout timeouts if not set, and record the
-time we are starting so that we can enforce it. */
+ /* The information wasn't available in the cache, so we have to do a real
+ callout and save the result in the cache for next time, unless no_cache is set,
+ or unless we have a previously cached negative random result. If we are to test
+ with a random local part, ensure that such a local part is available. If not,
+ log the fact, but carry on without randomming. */
-if (callout_overall < 0) callout_overall = 4 * callout;
-if (callout_connect < 0) callout_connect = callout;
-callout_start_time = time(NULL);
+ if (callout_random && callout_random_local_part != NULL)
+ {
+ random_local_part = expand_string(callout_random_local_part);
+ if (random_local_part == NULL)
+ log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
+ "callout_random_local_part: %s", expand_string_message);
+ }
-/* Before doing a real callout, if this is an SMTP connection, flush the SMTP
-output because a callout might take some time. When PIPELINING is active and
-there are many recipients, the total time for doing lots of callouts can add up
-and cause the client to time out. So in this case we forgo the PIPELINING
-optimization. */
+ /* Default the connect and overall callout timeouts if not set, and record the
+ time we are starting so that we can enforce it. */
-if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush();
+ if (callout_overall < 0) callout_overall = 4 * callout;
+ if (callout_connect < 0) callout_connect = callout;
+ callout_start_time = time(NULL);
-/* Now make connections to the hosts and do real callouts. The list of hosts
-is passed in as an argument. */
+ /* Before doing a real callout, if this is an SMTP connection, flush the SMTP
+ output because a callout might take some time. When PIPELINING is active and
+ there are many recipients, the total time for doing lots of callouts can add up
+ and cause the client to time out. So in this case we forgo the PIPELINING
+ optimization. */
-for (host = host_list; host != NULL && !done; host = host->next)
- {
- smtp_inblock inblock;
- smtp_outblock outblock;
- int host_af;
- int port = 25;
- BOOL send_quit = TRUE;
- uschar *active_hostname = smtp_active_hostname;
- uschar *helo = US"HELO";
- uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
- uschar inbuffer[4096];
- uschar outbuffer[1024];
- uschar responsebuffer[4096];
-
- clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
- clearflag(addr, af_verify_nsfail); /* null sender callout flag */
-
- /* Skip this host if we don't have an IP address for it. */
-
- if (host->address == NULL)
- {
- DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n",
- host->name);
- continue;
- }
+ if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush();
- /* Check the overall callout timeout */
+ /* Now make connections to the hosts and do real callouts. The list of hosts
+ is passed in as an argument. */
- if (time(NULL) - callout_start_time >= callout_overall)
+ for (host = host_list; host != NULL && !done; host = host->next)
{
- HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n");
- break;
- }
+ smtp_inblock inblock;
+ smtp_outblock outblock;
+ int host_af;
+ int port = 25;
+ BOOL send_quit = TRUE;
+ uschar *active_hostname = smtp_active_hostname;
+ BOOL lmtp;
+ BOOL smtps;
+ BOOL esmtp;
+ BOOL suppress_tls = FALSE;
+ uschar *interface = NULL; /* Outgoing interface to use; NULL => any */
+ uschar inbuffer[4096];
+ uschar outbuffer[1024];
+ uschar responsebuffer[4096];
+
+ clearflag(addr, af_verify_pmfail); /* postmaster callout flag */
+ clearflag(addr, af_verify_nsfail); /* null sender callout flag */
+
+ /* Skip this host if we don't have an IP address for it. */
+
+ if (host->address == NULL)
+ {
+ DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n",
+ host->name);
+ continue;
+ }
- /* Set IPv4 or IPv6 */
+ /* Check the overall callout timeout */
- host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
+ if (time(NULL) - callout_start_time >= callout_overall)
+ {
+ HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n");
+ break;
+ }
- /* Expand and interpret the interface and port strings. The latter will not
- be used if there is a host-specific port (e.g. from a manualroute router).
- This has to be delayed till now, because they may expand differently for
- different hosts. If there's a failure, log it, but carry on with the
- defaults. */
+ /* Set IPv4 or IPv6 */
- deliver_host = host->name;
- deliver_host_address = host->address;
- deliver_domain = addr->domain;
+ host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
- if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface,
- US"callout") ||
- !smtp_get_port(tf->port, addr, &port, US"callout"))
- log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
- addr->message);
+ /* Expand and interpret the interface and port strings. The latter will not
+ be used if there is a host-specific port (e.g. from a manualroute router).
+ This has to be delayed till now, because they may expand differently for
+ different hosts. If there's a failure, log it, but carry on with the
+ defaults. */
- /* Set HELO string according to the protocol */
+ deliver_host = host->name;
+ deliver_host_address = host->address;
+ deliver_domain = addr->domain;
- if (Ustrcmp(tf->protocol, "lmtp") == 0) helo = US"LHLO";
+ if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface,
+ US"callout") ||
+ !smtp_get_port(tf->port, addr, &port, US"callout"))
+ log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
+ addr->message);
- HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port);
+ /* Set HELO string according to the protocol */
+ lmtp= Ustrcmp(tf->protocol, "lmtp") == 0;
+ smtps= Ustrcmp(tf->protocol, "smtps") == 0;
- /* Set up the buffer for reading SMTP response packets. */
- inblock.buffer = inbuffer;
- inblock.buffersize = sizeof(inbuffer);
- inblock.ptr = inbuffer;
- inblock.ptrend = inbuffer;
+ HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port);
- /* Set up the buffer for holding SMTP commands while pipelining */
+ /* Set up the buffer for reading SMTP response packets. */
- outblock.buffer = outbuffer;
- outblock.buffersize = sizeof(outbuffer);
- outblock.ptr = outbuffer;
- outblock.cmd_count = 0;
- outblock.authenticating = FALSE;
+ inblock.buffer = inbuffer;
+ inblock.buffersize = sizeof(inbuffer);
+ inblock.ptr = inbuffer;
+ inblock.ptrend = inbuffer;
- /* Connect to the host; on failure, just loop for the next one, but we
- set the error for the last one. Use the callout_connect timeout. */
+ /* Set up the buffer for holding SMTP commands while pipelining */
- inblock.sock = outblock.sock =
- smtp_connect(host, host_af, port, interface, callout_connect, TRUE);
- if (inblock.sock < 0)
- {
- addr->message = string_sprintf("could not connect to %s [%s]: %s",
- host->name, host->address, strerror(errno));
- deliver_host = deliver_host_address = NULL;
- deliver_domain = save_deliver_domain;
- continue;
- }
+ outblock.buffer = outbuffer;
+ outblock.buffersize = sizeof(outbuffer);
+ outblock.ptr = outbuffer;
+ outblock.cmd_count = 0;
+ outblock.authenticating = FALSE;
- /* Expand the helo_data string to find the host name to use. */
+ /* Reset the parameters of a TLS session */
+ tls_out.cipher = tls_out.peerdn = NULL;
- if (tf->helo_data != NULL)
- {
- uschar *s = expand_string(tf->helo_data);
- if (s == NULL)
- log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's "
- "helo_data value for callout: %s", addr->address,
- expand_string_message);
- else active_hostname = s;
- }
+ /* Connect to the host; on failure, just loop for the next one, but we
+ set the error for the last one. Use the callout_connect timeout. */
- deliver_host = deliver_host_address = NULL;
- deliver_domain = save_deliver_domain;
+ tls_retry_connection:
- /* Wait for initial response, and send HELO. The smtp_write_command()
- function leaves its command in big_buffer. This is used in error responses.
- Initialize it in case the connection is rejected. */
+ inblock.sock = outblock.sock =
+ smtp_connect(host, host_af, port, interface, callout_connect, TRUE, NULL);
+ /* reconsider DSCP here */
+ if (inblock.sock < 0)
+ {
+ addr->message = string_sprintf("could not connect to %s [%s]: %s",
+ host->name, host->address, strerror(errno));
+ deliver_host = deliver_host_address = NULL;
+ deliver_domain = save_deliver_domain;
+ continue;
+ }
- Ustrcpy(big_buffer, "initial connection");
+ /* Expand the helo_data string to find the host name to use. */
- done =
- smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
- '2', callout) &&
- smtp_write_command(&outblock, FALSE, "%s %s\r\n", helo,
- active_hostname) >= 0 &&
- smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
- '2', callout);
+ if (tf->helo_data != NULL)
+ {
+ uschar *s = expand_string(tf->helo_data);
+ if (s == NULL)
+ log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's "
+ "helo_data value for callout: %s", addr->address,
+ expand_string_message);
+ else active_hostname = s;
+ }
- /* Failure to accept HELO is cached; this blocks the whole domain for all
- senders. I/O errors and defer responses are not cached. */
+ deliver_host = deliver_host_address = NULL;
+ deliver_domain = save_deliver_domain;
- if (!done)
- {
- *failure_ptr = US"mail"; /* At or before MAIL */
- if (errno == 0 && responsebuffer[0] == '5')
+ /* Wait for initial response, and send HELO. The smtp_write_command()
+ function leaves its command in big_buffer. This is used in error responses.
+ Initialize it in case the connection is rejected. */
+
+ Ustrcpy(big_buffer, "initial connection");
+
+ /* Unless ssl-on-connect, wait for the initial greeting */
+ smtps_redo_greeting:
+
+ #ifdef SUPPORT_TLS
+ if (!smtps || (smtps && tls_out.active >= 0))
+ #endif
+ if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout)))
+ goto RESPONSE_FAILED;
+
+ /* Not worth checking greeting line for ESMTP support */
+ if (!(esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL,
+ host->name, host->address, NULL) != OK))
+ DEBUG(D_transport)
+ debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n");
+
+ tls_redo_helo:
+
+ #ifdef SUPPORT_TLS
+ if (smtps && tls_out.active < 0) /* ssl-on-connect, first pass */
{
- setflag(addr, af_verify_nsfail);
- new_domain_record.result = ccache_reject;
+ tls_offered = TRUE;
+ ob->tls_tempfail_tryclear = FALSE;
}
- }
+ else /* all other cases */
+ #endif
- /* Send the MAIL command */
+ { esmtp_retry:
- else done =
- smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
- from_address) >= 0 &&
- smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
- '2', callout);
+ if (!(done= smtp_write_command(&outblock, FALSE, "%s %s\r\n",
+ !esmtp? "HELO" : lmtp? "LHLO" : "EHLO", active_hostname) >= 0))
+ goto SEND_FAILED;
+ if (!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout))
+ {
+ if (errno != 0 || responsebuffer[0] == 0 || lmtp || !esmtp || tls_out.active >= 0)
+ {
+ done= FALSE;
+ goto RESPONSE_FAILED;
+ }
+ #ifdef SUPPORT_TLS
+ tls_offered = FALSE;
+ #endif
+ esmtp = FALSE;
+ goto esmtp_retry; /* fallback to HELO */
+ }
- /* If the host does not accept MAIL FROM:<>, arrange to cache this
- information, but again, don't record anything for an I/O error or a defer. Do
- not cache rejections of MAIL when a non-empty sender has been used, because
- that blocks the whole domain for all senders. */
+ /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */
+ #ifdef SUPPORT_TLS
+ if (esmtp && !suppress_tls && tls_out.active < 0)
+ {
+ if (regex_STARTTLS == NULL) regex_STARTTLS =
+ regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE);
- if (!done)
- {
- *failure_ptr = US"mail"; /* At or before MAIL */
- if (errno == 0 && responsebuffer[0] == '5')
+ tls_offered = pcre_exec(regex_STARTTLS, NULL, CS responsebuffer,
+ Ustrlen(responsebuffer), 0, PCRE_EOPT, NULL, 0) >= 0;
+ }
+ else
+ tls_offered = FALSE;
+ #endif
+ }
+
+ /* If TLS is available on this connection attempt to
+ start up a TLS session, unless the host is in hosts_avoid_tls. If successful,
+ send another EHLO - the server may give a different answer in secure mode. We
+ use a separate buffer for reading the response to STARTTLS so that if it is
+ negative, the original EHLO data is available for subsequent analysis, should
+ the client not be required to use TLS. If the response is bad, copy the buffer
+ for error analysis. */
+
+ #ifdef SUPPORT_TLS
+ if (tls_offered &&
+ verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name,
+ host->address, NULL) != OK &&
+ verify_check_this_host(&(ob->hosts_verify_avoid_tls), NULL, host->name,
+ host->address, NULL) != OK
+ )
{
- setflag(addr, af_verify_nsfail);
- if (from_address[0] == 0)
- new_domain_record.result = ccache_reject_mfnull;
+ uschar buffer2[4096];
+ if ( !smtps
+ && !(done= smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") >= 0))
+ goto SEND_FAILED;
+
+ /* If there is an I/O error, transmission of this message is deferred. If
+ there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is
+ false, we also defer. However, if there is a temporary rejection of STARTTLS
+ and tls_tempfail_tryclear is true, or if there is an outright rejection of
+ STARTTLS, we carry on. This means we will try to send the message in clear,
+ unless the host is in hosts_require_tls (tested below). */
+
+ if (!smtps && !smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2',
+ ob->command_timeout))
+ {
+ if (errno != 0 || buffer2[0] == 0 ||
+ (buffer2[0] == '4' && !ob->tls_tempfail_tryclear))
+ {
+ Ustrncpy(responsebuffer, buffer2, sizeof(responsebuffer));
+ done= FALSE;
+ goto RESPONSE_FAILED;
+ }
+ }
+
+ /* STARTTLS accepted or ssl-on-connect: try to negotiate a TLS session. */
+ else
+ {
+ int rc = tls_client_start(inblock.sock, host, addr,
+ ob->tls_certificate, ob->tls_privatekey,
+ ob->tls_sni,
+ ob->tls_verify_certificates, ob->tls_crl,
+ ob->tls_require_ciphers,
+#ifdef EXPERIMENTAL_OCSP
+ ob->hosts_require_ocsp,
+#endif
+ ob->tls_dh_min_bits, callout);
+
+ /* TLS negotiation failed; give an error. Try in clear on a new connection,
+ if the options permit it for this host. */
+ if (rc != OK)
+ {
+ if (rc == DEFER && ob->tls_tempfail_tryclear && !smtps &&
+ verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
+ host->address, NULL) != OK)
+ {
+ (void)close(inblock.sock);
+ log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted "
+ "to %s [%s] (not in hosts_require_tls)", host->name, host->address);
+ suppress_tls = TRUE;
+ goto tls_retry_connection;
+ }
+ /*save_errno = ERRNO_TLSFAILURE;*/
+ /*message = US"failure while setting up TLS session";*/
+ send_quit = FALSE;
+ done= FALSE;
+ goto TLS_FAILED;
+ }
+
+ /* TLS session is set up. Copy info for logging. */
+ addr->cipher = tls_out.cipher;
+ addr->peerdn = tls_out.peerdn;
+
+ /* For SMTPS we need to wait for the initial OK response, then do HELO. */
+ if (smtps)
+ goto smtps_redo_greeting;
+
+ /* For STARTTLS we need to redo EHLO */
+ goto tls_redo_helo;
+ }
}
- }
- /* Otherwise, proceed to check a "random" address (if required), then the
- given address, and the postmaster address (if required). Between each check,
- issue RSET, because some servers accept only one recipient after MAIL
- FROM:<>.
+ /* If the host is required to use a secure channel, ensure that we have one. */
+ if (tls_out.active < 0)
+ if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name,
+ host->address, NULL) == OK)
+ {
+ /*save_errno = ERRNO_TLSREQUIRED;*/
+ log_write(0, LOG_MAIN, "a TLS session is required for %s [%s], but %s",
+ host->name, host->address,
+ tls_offered? "an attempt to start TLS failed" : "the server did not offer TLS support");
+ done= FALSE;
+ goto TLS_FAILED;
+ }
- Before doing this, set the result in the domain cache record to "accept",
- unless its previous value was ccache_reject_mfnull. In that case, the domain
- rejects MAIL FROM:<> and we want to continue to remember that. When that is
- the case, we have got here only in the case of a recipient verification with
- a non-null sender. */
+ #endif /*SUPPORT_TLS*/
- else
- {
- new_domain_record.result =
- (old_domain_cache_result == ccache_reject_mfnull)?
- ccache_reject_mfnull: ccache_accept;
+ done = TRUE; /* so far so good; have response to HELO */
- /* Do the random local part check first */
+ /*XXX the EHLO response would be analyzed here for IGNOREQUOTA, SIZE, PIPELINING, AUTH */
+ /* If we haven't authenticated, but are required to, give up. */
- if (random_local_part != NULL)
- {
- uschar randombuffer[1024];
- BOOL random_ok =
- smtp_write_command(&outblock, FALSE,
- "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part,
- addr->domain) >= 0 &&
- smtp_read_response(&inblock, randombuffer,
- sizeof(randombuffer), '2', callout);
+ /*XXX "filter command specified for this transport" ??? */
+ /* for now, transport_filter by cutthrough-delivery is not supported */
+ /* Need proper integration with the proper transport mechanism. */
- /* Remember when we last did a random test */
- new_domain_record.random_stamp = time(NULL);
+ SEND_FAILED:
+ RESPONSE_FAILED:
+ TLS_FAILED:
+ ;
+ /* Clear down of the TLS, SMTP and TCP layers on error is handled below. */
- /* If accepted, we aren't going to do any further tests below. */
- if (random_ok)
+ /* Failure to accept HELO is cached; this blocks the whole domain for all
+ senders. I/O errors and defer responses are not cached. */
+
+ if (!done)
+ {
+ *failure_ptr = US"mail"; /* At or before MAIL */
+ if (errno == 0 && responsebuffer[0] == '5')
{
- new_domain_record.random_result = ccache_accept;
+ setflag(addr, af_verify_nsfail);
+ new_domain_record.result = ccache_reject;
}
+ }
- /* Otherwise, cache a real negative response, and get back to the right
- state to send RCPT. Unless there's some problem such as a dropped
- connection, we expect to succeed, because the commands succeeded above. */
+ /* Try to AUTH */
- else if (errno == 0)
- {
- if (randombuffer[0] == '5')
- new_domain_record.random_result = ccache_reject;
+ else done = smtp_auth(responsebuffer, sizeof(responsebuffer),
+ addr, host, ob, esmtp, &inblock, &outblock) == OK &&
- done =
- smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
- smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
- '2', callout) &&
+ /* Copy AUTH info for logging */
+ ( (addr->authenticator = client_authenticator),
+ (addr->auth_id = client_authenticated_id),
- smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
- from_address) >= 0 &&
- smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
- '2', callout);
- }
- else done = FALSE; /* Some timeout/connection problem */
- } /* Random check */
+ /* Build a mail-AUTH string (re-using responsebuffer for convenience */
+ !smtp_mail_auth_str(responsebuffer, sizeof(responsebuffer), addr, ob)
+ ) &&
+
+ ( (addr->auth_sndr = client_authenticated_sender),
+
+ /* Send the MAIL command */
+ (smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>%s\r\n",
+ from_address, responsebuffer) >= 0)
+ ) &&
+
+ smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
+ '2', callout);
- /* If the host is accepting all local parts, as determined by the "random"
- check, we don't need to waste time doing any further checking. */
+ /* If the host does not accept MAIL FROM:<>, arrange to cache this
+ information, but again, don't record anything for an I/O error or a defer. Do
+ not cache rejections of MAIL when a non-empty sender has been used, because
+ that blocks the whole domain for all senders. */
- if (new_domain_record.random_result != ccache_accept && done)
+ if (!done)
{
- /* Get the rcpt_include_affixes flag from the transport if there is one,
- but assume FALSE if there is not. */
-
- done =
- smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n",
- transport_rcpt_address(addr,
- (addr->transport == NULL)? FALSE :
- addr->transport->rcpt_include_affixes)) >= 0 &&
- smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
- '2', callout);
-
- if (done)
- new_address_record.result = ccache_accept;
- else if (errno == 0 && responsebuffer[0] == '5')
+ *failure_ptr = US"mail"; /* At or before MAIL */
+ if (errno == 0 && responsebuffer[0] == '5')
{
- *failure_ptr = US"recipient";
- new_address_record.result = ccache_reject;
+ setflag(addr, af_verify_nsfail);
+ if (from_address[0] == 0)
+ new_domain_record.result = ccache_reject_mfnull;
}
+ }
- /* Do postmaster check if requested; if a full check is required, we
- check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */
+ /* Otherwise, proceed to check a "random" address (if required), then the
+ given address, and the postmaster address (if required). Between each check,
+ issue RSET, because some servers accept only one recipient after MAIL
+ FROM:<>.
- if (done && pm_mailfrom != NULL)
- {
- done =
- smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
- smtp_read_response(&inblock, responsebuffer,
- sizeof(responsebuffer), '2', callout) &&
+ Before doing this, set the result in the domain cache record to "accept",
+ unless its previous value was ccache_reject_mfnull. In that case, the domain
+ rejects MAIL FROM:<> and we want to continue to remember that. When that is
+ the case, we have got here only in the case of a recipient verification with
+ a non-null sender. */
- smtp_write_command(&outblock, FALSE,
- "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 &&
- smtp_read_response(&inblock, responsebuffer,
- sizeof(responsebuffer), '2', callout) &&
+ else
+ {
+ new_domain_record.result =
+ (old_domain_cache_result == ccache_reject_mfnull)?
+ ccache_reject_mfnull: ccache_accept;
- /* First try using the current domain */
+ /* Do the random local part check first */
- ((
+ if (random_local_part != NULL)
+ {
+ uschar randombuffer[1024];
+ BOOL random_ok =
smtp_write_command(&outblock, FALSE,
- "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 &&
- smtp_read_response(&inblock, responsebuffer,
- sizeof(responsebuffer), '2', callout)
- )
+ "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part,
+ addr->domain) >= 0 &&
+ smtp_read_response(&inblock, randombuffer,
+ sizeof(randombuffer), '2', callout);
- ||
+ /* Remember when we last did a random test */
- /* If that doesn't work, and a full check is requested,
- try without the domain. */
+ new_domain_record.random_stamp = time(NULL);
- (
- (options & vopt_callout_fullpm) != 0 &&
- smtp_write_command(&outblock, FALSE,
- "RCPT TO:<postmaster>\r\n") >= 0 &&
- smtp_read_response(&inblock, responsebuffer,
- sizeof(responsebuffer), '2', callout)
- ));
+ /* If accepted, we aren't going to do any further tests below. */
+
+ if (random_ok)
+ {
+ new_domain_record.random_result = ccache_accept;
+ }
+
+ /* Otherwise, cache a real negative response, and get back to the right
+ state to send RCPT. Unless there's some problem such as a dropped
+ connection, we expect to succeed, because the commands succeeded above. */
+
+ else if (errno == 0)
+ {
+ if (randombuffer[0] == '5')
+ new_domain_record.random_result = ccache_reject;
+
+ done =
+ smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
+ smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
+ '2', callout) &&
+
+ smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
+ from_address) >= 0 &&
+ smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
+ '2', callout);
+ }
+ else done = FALSE; /* Some timeout/connection problem */
+ } /* Random check */
+
+ /* If the host is accepting all local parts, as determined by the "random"
+ check, we don't need to waste time doing any further checking. */
- /* Sort out the cache record */
+ if (new_domain_record.random_result != ccache_accept && done)
+ {
+ /* Get the rcpt_include_affixes flag from the transport if there is one,
+ but assume FALSE if there is not. */
- new_domain_record.postmaster_stamp = time(NULL);
+ done =
+ smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n",
+ transport_rcpt_address(addr,
+ (addr->transport == NULL)? FALSE :
+ addr->transport->rcpt_include_affixes)) >= 0 &&
+ smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
+ '2', callout);
if (done)
- new_domain_record.postmaster_result = ccache_accept;
+ new_address_record.result = ccache_accept;
else if (errno == 0 && responsebuffer[0] == '5')
{
- *failure_ptr = US"postmaster";
- setflag(addr, af_verify_pmfail);
- new_domain_record.postmaster_result = ccache_reject;
+ *failure_ptr = US"recipient";
+ new_address_record.result = ccache_reject;
}
- }
- } /* Random not accepted */
- } /* MAIL FROM: accepted */
- /* For any failure of the main check, other than a negative response, we just
- close the connection and carry on. We can identify a negative response by the
- fact that errno is zero. For I/O errors it will be non-zero
+ /* Do postmaster check if requested; if a full check is required, we
+ check for RCPT TO:<postmaster> (no domain) in accordance with RFC 821. */
- Set up different error texts for logging and for sending back to the caller
- as an SMTP response. Log in all cases, using a one-line format. For sender
- callouts, give a full response to the caller, but for recipient callouts,
- don't give the IP address because this may be an internal host whose identity
- is not to be widely broadcast. */
+ if (done && pm_mailfrom != NULL)
+ {
+ /*XXX not suitable for cutthrough - sequencing problems */
+ cutthrough_delivery= FALSE;
+ HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of postmaster verify\n");
- if (!done)
- {
- if (errno == ETIMEDOUT)
- {
- HDEBUG(D_verify) debug_printf("SMTP timeout\n");
- send_quit = FALSE;
- }
- else if (errno == 0)
- {
- if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped");
+ done =
+ smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 &&
+ smtp_read_response(&inblock, responsebuffer,
+ sizeof(responsebuffer), '2', callout) &&
- addr->message =
- string_sprintf("response to \"%s\" from %s [%s] was: %s",
- big_buffer, host->name, host->address,
- string_printing(responsebuffer));
+ smtp_write_command(&outblock, FALSE,
+ "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 &&
+ smtp_read_response(&inblock, responsebuffer,
+ sizeof(responsebuffer), '2', callout) &&
- addr->user_message = is_recipient?
- string_sprintf("Callout verification failed:\n%s", responsebuffer)
- :
- string_sprintf("Called: %s\nSent: %s\nResponse: %s",
- host->address, big_buffer, responsebuffer);
+ /* First try using the current domain */
+
+ ((
+ smtp_write_command(&outblock, FALSE,
+ "RCPT TO:<postmaster@%.1000s>\r\n", addr->domain) >= 0 &&
+ smtp_read_response(&inblock, responsebuffer,
+ sizeof(responsebuffer), '2', callout)
+ )
+
+ ||
- /* Hard rejection ends the process */
+ /* If that doesn't work, and a full check is requested,
+ try without the domain. */
- if (responsebuffer[0] == '5') /* Address rejected */
+ (
+ (options & vopt_callout_fullpm) != 0 &&
+ smtp_write_command(&outblock, FALSE,
+ "RCPT TO:<postmaster>\r\n") >= 0 &&
+ smtp_read_response(&inblock, responsebuffer,
+ sizeof(responsebuffer), '2', callout)
+ ));
+
+ /* Sort out the cache record */
+
+ new_domain_record.postmaster_stamp = time(NULL);
+
+ if (done)
+ new_domain_record.postmaster_result = ccache_accept;
+ else if (errno == 0 && responsebuffer[0] == '5')
+ {
+ *failure_ptr = US"postmaster";
+ setflag(addr, af_verify_pmfail);
+ new_domain_record.postmaster_result = ccache_reject;
+ }
+ }
+ } /* Random not accepted */
+ } /* MAIL FROM: accepted */
+
+ /* For any failure of the main check, other than a negative response, we just
+ close the connection and carry on. We can identify a negative response by the
+ fact that errno is zero. For I/O errors it will be non-zero
+
+ Set up different error texts for logging and for sending back to the caller
+ as an SMTP response. Log in all cases, using a one-line format. For sender
+ callouts, give a full response to the caller, but for recipient callouts,
+ don't give the IP address because this may be an internal host whose identity
+ is not to be widely broadcast. */
+
+ if (!done)
+ {
+ if (errno == ETIMEDOUT)
{
- yield = FAIL;
- done = TRUE;
+ HDEBUG(D_verify) debug_printf("SMTP timeout\n");
+ send_quit = FALSE;
+ }
+ else if (errno == 0)
+ {
+ if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped");
+
+ addr->message =
+ string_sprintf("response to \"%s\" from %s [%s] was: %s",
+ big_buffer, host->name, host->address,
+ string_printing(responsebuffer));
+
+ addr->user_message = is_recipient?
+ string_sprintf("Callout verification failed:\n%s", responsebuffer)
+ :
+ string_sprintf("Called: %s\nSent: %s\nResponse: %s",
+ host->address, big_buffer, responsebuffer);
+
+ /* Hard rejection ends the process */
+
+ if (responsebuffer[0] == '5') /* Address rejected */
+ {
+ yield = FAIL;
+ done = TRUE;
+ }
}
}
- }
- /* End the SMTP conversation and close the connection. */
+ /* End the SMTP conversation and close the connection. */
+
+ /* Cutthrough - on a successfull connect and recipient-verify with use-sender
+ and we have no cutthrough conn so far
+ here is where we want to leave the conn open */
+ if ( cutthrough_delivery
+ && done
+ && yield == OK
+ && (options & (vopt_callout_recipsender|vopt_callout_recippmaster)) == vopt_callout_recipsender
+ && !random_local_part
+ && !pm_mailfrom
+ && cutthrough_fd < 0
+ )
+ {
+ cutthrough_fd= outblock.sock; /* We assume no buffer in use in the outblock */
+ cutthrough_addr = *addr; /* Save the address_item for later logging */
+ cutthrough_addr.host_used = store_get(sizeof(host_item));
+ cutthrough_addr.host_used->name = host->name;
+ cutthrough_addr.host_used->address = host->address;
+ cutthrough_addr.host_used->port = port;
+ if (addr->parent)
+ *(cutthrough_addr.parent = store_get(sizeof(address_item)))= *addr->parent;
+ ctblock.buffer = ctbuffer;
+ ctblock.buffersize = sizeof(ctbuffer);
+ ctblock.ptr = ctbuffer;
+ /* ctblock.cmd_count = 0; ctblock.authenticating = FALSE; */
+ ctblock.sock = cutthrough_fd;
+ }
+ else
+ {
+ /* Ensure no cutthrough on multiple address verifies */
+ if (options & vopt_callout_recipsender)
+ cancel_cutthrough_connection("multiple verify calls");
+ if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
+
+ #ifdef SUPPORT_TLS
+ tls_close(FALSE, TRUE);
+ #endif
+ (void)close(inblock.sock);
+ }
- if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n");
- (void)close(inblock.sock);
- } /* Loop through all hosts, while !done */
+ } /* Loop through all hosts, while !done */
+ }
/* If we get here with done == TRUE, a successful callout happened, and yield
will be set OK or FAIL according to the response to the RCPT command.
+/* Called after recipient-acl to get a cutthrough connection open when
+ one was requested and a recipient-verify wasn't subsequently done.
+*/
+void
+open_cutthrough_connection( address_item * addr )
+{
+address_item addr2;
+
+/* Use a recipient-verify-callout to set up the cutthrough connection. */
+/* We must use a copy of the address for verification, because it might
+get rewritten. */
+
+addr2 = *addr;
+HDEBUG(D_acl) debug_printf("----------- start cutthrough setup ------------\n");
+(void) verify_address(&addr2, NULL,
+ vopt_is_recipient | vopt_callout_recipsender | vopt_callout_no_cache,
+ CUTTHROUGH_CMD_TIMEOUT, -1, -1,
+ NULL, NULL, NULL);
+HDEBUG(D_acl) debug_printf("----------- end cutthrough setup ------------\n");
+return;
+}
+
+
+
+/* Send given number of bytes from the buffer */
+static BOOL
+cutthrough_send(int n)
+{
+if(cutthrough_fd < 0)
+ return TRUE;
+
+if(
+#ifdef SUPPORT_TLS
+ (tls_out.active == cutthrough_fd) ? tls_write(FALSE, ctblock.buffer, n) :
+#endif
+ send(cutthrough_fd, ctblock.buffer, n, 0) > 0
+ )
+{
+ transport_count += n;
+ ctblock.ptr= ctblock.buffer;
+ return TRUE;
+}
+
+HDEBUG(D_transport|D_acl) debug_printf("cutthrough_send failed: %s\n", strerror(errno));
+return FALSE;
+}
+
+
+
+static BOOL
+_cutthrough_puts(uschar * cp, int n)
+{
+while(n--)
+ {
+ if(ctblock.ptr >= ctblock.buffer+ctblock.buffersize)
+ if(!cutthrough_send(ctblock.buffersize))
+ return FALSE;
+
+ *ctblock.ptr++ = *cp++;
+ }
+return TRUE;
+}
+
+/* Buffered output of counted data block. Return boolean success */
+BOOL
+cutthrough_puts(uschar * cp, int n)
+{
+if (cutthrough_fd < 0) return TRUE;
+if (_cutthrough_puts(cp, n)) return TRUE;
+cancel_cutthrough_connection("transmit failed");
+return FALSE;
+}
+
+
+static BOOL
+_cutthrough_flush_send( void )
+{
+int n= ctblock.ptr-ctblock.buffer;
+
+if(n>0)
+ if(!cutthrough_send(n))
+ return FALSE;
+return TRUE;
+}
+
+
+/* Send out any bufferred output. Return boolean success. */
+BOOL
+cutthrough_flush_send( void )
+{
+if (_cutthrough_flush_send()) return TRUE;
+cancel_cutthrough_connection("transmit failed");
+return FALSE;
+}
+
+
+BOOL
+cutthrough_put_nl( void )
+{
+return cutthrough_puts(US"\r\n", 2);
+}
+
+
+/* Get and check response from cutthrough target */
+static uschar
+cutthrough_response(char expect, uschar ** copy)
+{
+smtp_inblock inblock;
+uschar inbuffer[4096];
+uschar responsebuffer[4096];
+
+inblock.buffer = inbuffer;
+inblock.buffersize = sizeof(inbuffer);
+inblock.ptr = inbuffer;
+inblock.ptrend = inbuffer;
+inblock.sock = cutthrough_fd;
+/* this relies on (inblock.sock == tls_out.active) */
+if(!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), expect, CUTTHROUGH_DATA_TIMEOUT))
+ cancel_cutthrough_connection("target timeout on read");
+
+if(copy != NULL)
+ {
+ uschar * cp;
+ *copy= cp= string_copy(responsebuffer);
+ /* Trim the trailing end of line */
+ cp += Ustrlen(responsebuffer);
+ if(cp > *copy && cp[-1] == '\n') *--cp = '\0';
+ if(cp > *copy && cp[-1] == '\r') *--cp = '\0';
+ }
+
+return responsebuffer[0];
+}
+
+
+/* Negotiate dataphase with the cutthrough target, returning success boolean */
+BOOL
+cutthrough_predata( void )
+{
+if(cutthrough_fd < 0)
+ return FALSE;
+
+HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> DATA\n");
+cutthrough_puts(US"DATA\r\n", 6);
+cutthrough_flush_send();
+
+/* Assume nothing buffered. If it was it gets ignored. */
+return cutthrough_response('3', NULL) == '3';
+}
+
+
+/* Buffered send of headers. Return success boolean. */
+/* Expands newlines to wire format (CR,NL). */
+/* Also sends header-terminating blank line. */
+BOOL
+cutthrough_headers_send( void )
+{
+header_line * h;
+uschar * cp1, * cp2;
+
+if(cutthrough_fd < 0)
+ return FALSE;
+
+for(h= header_list; h != NULL; h= h->next)
+ if(h->type != htype_old && h->text != NULL)
+ for (cp1 = h->text; *cp1 && (cp2 = Ustrchr(cp1, '\n')); cp1 = cp2+1)
+ if( !cutthrough_puts(cp1, cp2-cp1)
+ || !cutthrough_put_nl())
+ return FALSE;
+
+HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>>(nl)\n");
+return cutthrough_put_nl();
+}
+
+
+static void
+close_cutthrough_connection( const char * why )
+{
+if(cutthrough_fd >= 0)
+ {
+ /* We could be sending this after a bunch of data, but that is ok as
+ the only way to cancel the transfer in dataphase is to drop the tcp
+ conn before the final dot.
+ */
+ ctblock.ptr = ctbuffer;
+ HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> QUIT\n");
+ _cutthrough_puts(US"QUIT\r\n", 6); /* avoid recursion */
+ _cutthrough_flush_send();
+ /* No wait for response */
+
+ #ifdef SUPPORT_TLS
+ tls_close(FALSE, TRUE);
+ #endif
+ (void)close(cutthrough_fd);
+ cutthrough_fd= -1;
+ HDEBUG(D_acl) debug_printf("----------- cutthrough shutdown (%s) ------------\n", why);
+ }
+ctblock.ptr = ctbuffer;
+}
+
+void
+cancel_cutthrough_connection( const char * why )
+{
+close_cutthrough_connection(why);
+cutthrough_delivery= FALSE;
+}
+
+
+
+
+/* Have senders final-dot. Send one to cutthrough target, and grab the response.
+ Log an OK response as a transmission.
+ Close the connection.
+ Return smtp response-class digit.
+*/
+uschar *
+cutthrough_finaldot( void )
+{
+HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> .\n");
+
+/* Assume data finshed with new-line */
+if(!cutthrough_puts(US".", 1) || !cutthrough_put_nl() || !cutthrough_flush_send())
+ return cutthrough_addr.message;
+
+switch(cutthrough_response('2', &cutthrough_addr.message))
+ {
+ case '2':
+ delivery_log(LOG_MAIN, &cutthrough_addr, (int)'>', NULL);
+ close_cutthrough_connection("delivered");
+ break;
+
+ case '4':
+ delivery_log(LOG_MAIN, &cutthrough_addr, 0, US"tmp-reject from cutthrough after DATA:");
+ break;
+
+ case '5':
+ delivery_log(LOG_MAIN|LOG_REJECT, &cutthrough_addr, 0, US"rejected after DATA:");
+ break;
+
+ default:
+ break;
+ }
+ return cutthrough_addr.message;
+}
+
+
+
/*************************************************
* Copy error to toplevel address *
*************************************************/
if (address[0] == 0) return OK;
+/* Flip the legacy TLS-related variables over to the outbound set in case
+they're used in the context of a transport used by verification. Reset them
+at exit from this routine. */
+
+modify_variable(US"tls_bits", &tls_out.bits);
+modify_variable(US"tls_certificate_verified", &tls_out.certificate_verified);
+modify_variable(US"tls_cipher", &tls_out.cipher);
+modify_variable(US"tls_peerdn", &tls_out.peerdn);
+#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+modify_variable(US"tls_sni", &tls_out.sni);
+#endif
+
/* Save a copy of the sender address for re-instating if we change it to <>
while verifying a sender address (a nice bit of self-reference there). */
}
else
{
+#ifdef SUPPORT_TLS
+ deliver_set_expansions(addr);
+#endif
rc = do_callout(addr, host_list, &tf, callout, callout_overall,
callout_connect, options, se_mailfrom, pm_mailfrom);
}
}
respond_printf(f, "%s\n", cr);
}
+ cancel_cutthrough_connection("routing hard fail");
- if (!full_info) return copy_error(vaddr, addr, FAIL);
- else yield = FAIL;
+ if (!full_info)
+ {
+ yield = copy_error(vaddr, addr, FAIL);
+ goto out;
+ }
+ else yield = FAIL;
}
/* Soft failure */
}
respond_printf(f, "%s\n", cr);
}
- if (!full_info) return copy_error(vaddr, addr, DEFER);
- else if (yield == OK) yield = DEFER;
+ cancel_cutthrough_connection("routing soft fail");
+
+ if (!full_info)
+ {
+ yield = copy_error(vaddr, addr, DEFER);
+ goto out;
+ }
+ else if (yield == OK) yield = DEFER;
}
/* If we are handling EXPN, we do not want to continue to route beyond
if (addr_new == NULL) ok_prefix = US"250 ";
respond_printf(f, "%s<%s>\r\n", ok_prefix, addr2->address);
}
- return OK;
+ yield = OK;
+ goto out;
}
/* Successful routing other than EXPN. */
of $address_data to be that of the child */
vaddr->p.address_data = addr->p.address_data;
- return OK;
+ yield = OK;
+ goto out;
}
}
} /* Loop for generated addresses */
if (allok && addr_local == NULL && addr_remote == NULL)
{
fprintf(f, "mail to %s is discarded\n", address);
- return yield;
+ goto out;
}
for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++)
}
}
-/* Will be DEFER or FAIL if any one address has, only for full_info (which is
+/* Yield will be DEFER or FAIL if any one address has, only for full_info (which is
the -bv or -bt case). */
+out:
+
+modify_variable(US"tls_bits", &tls_in.bits);
+modify_variable(US"tls_certificate_verified", &tls_in.certificate_verified);
+modify_variable(US"tls_cipher", &tls_in.cipher);
+modify_variable(US"tls_peerdn", &tls_in.peerdn);
+#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS)
+modify_variable(US"tls_sni", &tls_in.sni);
+#endif
+
return yield;
}
* c99 $(pkg-config --cflags openssl) gen_pkcs3.c $(pkg-config --libs openssl)
*/
+/*
+ * Rationale:
+ * The Diffie-Hellman primes which are embedded into Exim as named primes for
+ * the tls_dhparam option are in the std-crypto.c file. The source for those
+ * comes from various RFCs, where they are given in hexadecimal form.
+ *
+ * This tool provides convenient conversion, to reduce the risk of human
+ * error in transcription.
+ */
+
#include <ctype.h>
#include <errno.h>
#include <stdbool.h>
--- /dev/null
+#!/usr/bin/perl
+# Copyright (C) 2012 Wizards Internet Ltd
+# License GPLv2: GNU GPL version 2 <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
+use strict;
+use Getopt::Std;
+$Getopt::Std::STANDARD_HELP_VERSION=1;
+use IO::Handle;
+use Date::Parse;
+my ($o,$i,$s,$f,$t,$u,$VERSION);
+$VERSION='1.0';
+$o={'m'=>10};
+getopts("c:i:u:a:o:m:fv",$o);
+usage('No issuer specified') if ! $o->{'i'} && ! -f $o->{'i'};
+usage('No certificate specified') if ! $o->{'c'} && ! -f $o->{'c'};
+usage('No CA chain specified') if ! $o->{'a'} && ! -f $o->{'a'};
+usage('No OCSP file specified') if ! $o->{'o'};
+usage('No URL specified') if ! $o->{'u'};
+$o->{'t'}=$o->{'o'}.'.tmp';
+
+# check if we need to
+if ( $o->{'f'}
+ || ! -f $o->{'o'}
+ || ( -M $o->{'o'} > 0 )
+ )
+{
+ $i = new IO::Handle;
+ open( $i, "openssl ocsp -issuer $o->{'i'} -cert $o->{'c'} -url $o->{'u'} -CAfile $o->{'a'} -respout $o->{'t'} 2>/dev/null |" ) || die 'Unable to execute ocsp command';
+ $s = <$i> || die 'Unable to read status';
+ $f = <$i> || die 'Unable to read update time';
+ $t = <$i> || die 'Unable to read next update time';
+ close $i;
+ # Status ok ?
+ chomp($s);
+ chomp($f);
+ chomp($t);
+ $s =~ s/[^:]*: //;
+ $f =~ s/[^:]*: //;
+ $t =~ s/[^:]*: //;
+ $t = str2time($t);
+ die "OCSP status is $s" if $s ne 'good';
+ warn "Next Update $t" if $o->{'v'};
+ # response is good, adjust mod time and move into place.
+ $u = $t - $o->{'m'} * (($t - time)/100);
+ utime $u,$u,$o->{'t'};
+ rename $o->{'t'},$o->{'o'};
+}
+exit;
+
+sub
+usage
+{
+ my $m = shift;
+ print STDERR "$m\n" if $m;
+ HELP_MESSAGE(\*STDERR);
+ die;
+}
+sub
+HELP_MESSAGE
+{
+ my $h = shift;
+ print $h <<EOF
+Usage: $0 -i issuer -c certificate -u ocsp_url -a ca_certs -o response [-v] [-f]
+
+For a certificate "www.example.com.pem"
+ signed by "signing.example.net.pem"
+ signed by root CA "ca.example.net.pem"
+ with OCSP server http://ocsp.example.net/
+
+Ensure there is a file with the signing chain
+
+ cat ca.example.net.pem signing.example.net.pem >chain.pem
+
+The update procedure would be
+
+ ocsp_fetch -i signing.example.net.pem \
+ -c www.example.com.pem \
+ -u http://ocsp.example.net/ \
+ -a chain.pem \
+ -o www.example.com.ocsp.der
+EOF
+}
+# vi: aw ai sw=4
+# End of File
There are some options for the ./runtest script itself:
+ -CONTINUE This will allow the script to move past some failing tests. It will
+ write a simple failure line with the test number in a temporary
+ logfile test/failed-summary.log. Unexpected exit codes will still
+ stall the test execution and require interaction.
+
-DEBUG This option is for debugging the test script. It causes some
tracing information to be output.
with an extra log line saying the hostname doesn't resolve. You must use a
FQDN for the hostname for proper test functionality.
+. If you change your hostname to a FQDN, you must delete the test/dnszones
+ subdirectory. When you next run the runtest script, it will rebuild the
+ content to use the new hostname.
+
. If your hostname has an uppercase characters in it, expect that some tests
will fail, for example, 0036, because some log lines will have the hostname
in all lowercase. The regex which extracts the hostname from the log lines
to the screen.
+ munge <name>
+
+This command requests custom munging of the test outputs. The munge names
+used are coded in the runtest script.
+
+
need_ipv4
This command must be at the head of a script. If no IPv4 interface has been
When OpenSSL is available on the host, an alternative version of the client
program is compiled, one that supports TLS using OpenSSL. The additional
-arguments specify a certificate and key file when required. There is one
-additional option, -tls-on-connect, that causes the client to initiate TLS
-negotiation immediately on connection.
+arguments specify a certificate and key file when required for the connection.
+There are two additional options: -tls-on-connect, that causes the client to
+initiate TLS negociation immediately on connection; -ocsp that causes the TLS
+negotiation to include a certificate-status request. The latter takes a
+filename argument, the CA info for verifying the stapled response.
client-gnutls [<options>] <ip address> <port> [<outgoing interface>] \
--- /dev/null
+
+The three directories each contain a complete CA with server signing
+certificate, OCSP signing certificate and a selection of server
+certificates under each domain.
+
+For each directory there are a number of subdirectories.
+
+ CA - The main certificate signing directory.
+
+ Within this directory the primary file sof interest
+ will be the two CRL files, crl.empty and crl.v2
+ These are valid CRLs; the "v2" containing the two
+ revoked certs.
+
+ BLANK - a template usable for client-only machines
+ for clients of this private CA.
+
+ *.example.* - individual server certificates.
+
+The six certificate subdirs each contain a cert for a machine
+by that name; those in the "expired" ones are out-of-date (the
+rest expire in 2038). The "1" and "2" systems/certs have
+equivalent properties.
+
+In each certicate subdir: the ".db" files are NSS version of the cert,
+the ".pem", ".key" and ".unlocked.key" are usable by OpenSSL (the
+ca_chain.pem being a copy of the CA public information and signer
+public information).
+
+The ".p12" file rolls up the CA, Signer and cert info. Both the ".p12"
+and NSS info are passworded using the "pwdfile".
+The ocsp request file is one a client would send to an OCSP responder.
+The ocsp response files are those gotten that way. in .der format;
+"good" being all well, "dated" meaning the response (not the cert)
+is out-of-date, and "revoked" meaning the cert has been revoked.
+
+
+The files were created using the genall script which utilises a
+combination of tools,
+
+ openssl
+ nss-tools
+ clica
+
+of these the only unfamiliar one is likely to be clica, a command
+line CA tool which can be found at
+
+ http://people.redhat.com/mpoole/clica/
+
+
+
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw\r
+MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o\r
+mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID\r
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq\r
+hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+\r
+ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y\r
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St\r
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa\r
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw\r
+MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o\r
+mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID\r
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq\r
+hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+\r
+ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: OCSP Signer
+ localKeyID: A6 E7 21 3B BE A3 47 BE 58 6F 34 77 E2 AA D5 22 91 AA 0F D6
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEAuGANFQATQUtX6l1r
+tDa/TimQ722a/2wGSmty/n9Va36t7O9S0Uxi7yQMN11I284FekjzP82THLWv4TJZ
+x7AvywIDAQABAkAhrko1f+IEl4Lj6VT3gtjHqogzdM5PwqgTiDVlkFVGYXp6a8o6
+ySmMofHeEjDgPFI7sz12eQOoofjhjTCnTcJhAiEA3Afe796M2vm5+V6t1ayFhgP0
+9QnSVde6mLvqHFHAKHUCIQDWhAVspNc3bw2PIBqlK2ibANwi9BFurBlATBHhKP3v
+PwIgTiwttKMpABOBU2uj7ypgNgDp4rUemYkPrnv07SLOVpECIAVXhEsQT8uxmETY
+J9G1IwW5H8I/EbAP2REg09EnlCtBAiBgZn9NxSr05na0P+NjyIPQ44Y9L5R9P3PL
+2PceGVDcQw==
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBgDCCASqgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt\r
+cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy\r
+MzQwMVoXDTM4MDEwMTEyMzQwMVowMjEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAY\r
+BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB\r
+ALhgDRUAE0FLV+pda7Q2v04pkO9tmv9sBkprcv5/VWt+rezvUtFMYu8kDDddSNvO\r
+BXpI8z/Nkxy1r+EyWcewL8sCAwEAAaMqMCgwDgYDVR0PAQH/BAQDAgeAMBYGA1Ud\r
+JQEB/wQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA0EAQalK8cinGimBjryO\r
+q8scOPr7Zkv2RlhnUUTtpPfFKkTne9yXyXxBVDfy8wwPTz7ZTOzMVtPTgFT9g0Kf\r
+tXze7g==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y\r
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St\r
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa\r
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
--- /dev/null
+; Config::Simple 4.59
+; Thu Nov 1 12:34:00 2012
+
+[CLICA]
+crl_url=http://crl.example.com/latest.crl
+crl_signer=Signing Cert
+level=1
+signer=Signing Cert
+ocsp_signer=OCSP Signer
+ocsp_url=http://oscp/example.com/
+
+[CA]
+org=example.com
+subject=clica CA
+name=Certificate Authority
+bits=512
+
+
--- /dev/null
+update=20130127152434Z
--- /dev/null
+-----BEGIN X509 CRL-----
+MIGsMFgCAQEwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20x
+GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxMzAxMjcxNTI0MzRaMA0G
+CSqGSIb3DQEBBQUAA0EAjClqFKe0w0T5ARNSMOSfuDtbOA0iN2yOrUwJfidgQdVQ
+YPW+5TwKhe+Vm6skgHSIWNcuMVzojsuDZcBZnNimPA==
+-----END X509 CRL-----
--- /dev/null
+update=20130127152437Z
+addcert 102 20130127152437Z
+addcert 202 20130127152437Z
--- /dev/null
+-----BEGIN X509 CRL-----
+MIHcMIGHAgEBMA0GCSqGSIb3DQEBBQUAMDMxFDASBgNVBAoTC2V4YW1wbGUuY29t
+MRswGQYDVQQDExJjbGljYSBTaWduaW5nIENlcnQYDzIwMTMwMTI3MTUyNDM3WjAt
+MBQCAWYYDzIwMTMwMTI3MTUyNDM3WjAVAgIAyhgPMjAxMzAxMjcxNTI0MzdaMA0G
+CSqGSIb3DQEBBQUAA0EAS5A0/pStULkfIhBRMt+DfehLBbppc6FftG3TpBMvBW4k
+xGwMPKUN8lk3uMuQxk/cvbaFqPtiR/WnkAFc3i1bpA==
+-----END X509 CRL-----
--- /dev/null
+R 130110200751Z 100201142709Z,superseded 65 unknown CN=server1.example.com
+R 130110200751Z 100201142709Z,superseded 66 unknown CN=revoked1.example.com
+R 130110200751Z 100201142709Z,superseded 67 unknown CN=expired1.example.com
+R 130110200751Z 100201142709Z,superseded c9 unknown CN=server2.example.com
+R 130110200751Z 100201142709Z,superseded ca unknown CN=revoked2.example.com
+R 130110200751Z 100201142709Z,superseded cb unknown CN=expired2.example.com
--- /dev/null
+V 130110200751Z 65 unknown CN=server1.example.com
+V 130110200751Z 66 unknown CN=revoked1.example.com
+V 130110200751Z 67 unknown CN=expired1.example.com
+V 130110200751Z c9 unknown CN=server2.example.com
+V 130110200751Z ca unknown CN=revoked2.example.com
+V 130110200751Z cb unknown CN=expired2.example.com
--- /dev/null
+processor : 0
+vendor_id : GenuineIntel
+cpu family : 6
+model : 26
+model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz
+stepping : 5
+cpu MHz : 2260.628
+cache size : 8192 KB
+fpu : yes
+fpu_exception : yes
+cpuid level : 11
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts
+bogomips : 4521.25
+clflush size : 64
+cache_alignment : 64
+address sizes : 40 bits physical, 48 bits virtual
+power management:
+
+processor : 1
+vendor_id : GenuineIntel
+cpu family : 6
+model : 26
+model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz
+stepping : 5
+cpu MHz : 2260.628
+cache size : 8192 KB
+fpu : yes
+fpu_exception : yes
+cpuid level : 11
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts
+bogomips : 4521.25
+clflush size : 64
+cache_alignment : 64
+address sizes : 40 bits physical, 48 bits virtual
+power management:
+
+ CPU0 CPU1
+ 0: 2481 0 IO-APIC-edge timer
+ 1: 21441 346 IO-APIC-edge i8042
+ 3: 1 0 IO-APIC-edge
+ 4: 1 0 IO-APIC-edge
+ 7: 0 0 IO-APIC-edge parport0
+ 8: 1 0 IO-APIC-edge rtc0
+ 9: 0 0 IO-APIC-fasteoi acpi
+ 12: 78986 1718 IO-APIC-edge i8042
+ 14: 0 0 IO-APIC-edge ata_piix
+ 15: 2423330 1435 IO-APIC-edge ata_piix
+ 16: 1025 0 IO-APIC-fasteoi Ensoniq AudioPCI
+ 17: 239842 2559 IO-APIC-fasteoi ehci_hcd:usb1, ioc0
+ 18: 246 0 IO-APIC-fasteoi uhci_hcd:usb2
+ 19: 1868676 51479 IO-APIC-fasteoi eth0
+ 24: 0 0 PCI-MSI-edge pciehp
+ 25: 0 0 PCI-MSI-edge pciehp
+ 26: 0 0 PCI-MSI-edge pciehp
+ 27: 0 0 PCI-MSI-edge pciehp
+ 28: 0 0 PCI-MSI-edge pciehp
+ 29: 0 0 PCI-MSI-edge pciehp
+ 30: 0 0 PCI-MSI-edge pciehp
+ 31: 0 0 PCI-MSI-edge pciehp
+ 32: 0 0 PCI-MSI-edge pciehp
+ 33: 0 0 PCI-MSI-edge pciehp
+ 34: 0 0 PCI-MSI-edge pciehp
+ 35: 0 0 PCI-MSI-edge pciehp
+ 36: 0 0 PCI-MSI-edge pciehp
+ 37: 0 0 PCI-MSI-edge pciehp
+ 38: 0 0 PCI-MSI-edge pciehp
+ 39: 0 0 PCI-MSI-edge pciehp
+ 40: 0 0 PCI-MSI-edge pciehp
+ 41: 0 0 PCI-MSI-edge pciehp
+ 42: 0 0 PCI-MSI-edge pciehp
+ 43: 0 0 PCI-MSI-edge pciehp
+ 44: 0 0 PCI-MSI-edge pciehp
+ 45: 0 0 PCI-MSI-edge pciehp
+ 46: 0 0 PCI-MSI-edge pciehp
+ 47: 0 0 PCI-MSI-edge pciehp
+ 48: 0 0 PCI-MSI-edge pciehp
+ 49: 0 0 PCI-MSI-edge pciehp
+ 50: 0 0 PCI-MSI-edge pciehp
+ 51: 0 0 PCI-MSI-edge pciehp
+ 52: 0 0 PCI-MSI-edge pciehp
+ 53: 0 0 PCI-MSI-edge pciehp
+ 54: 0 0 PCI-MSI-edge pciehp
+ 55: 0 0 PCI-MSI-edge pciehp
+ 56: 1 0 PCI-MSI-edge vmci
+ 57: 0 0 PCI-MSI-edge vmci
+NMI: 0 0 Non-maskable interrupts
+LOC: 12397935 14240444 Local timer interrupts
+SPU: 0 0 Spurious interrupts
+PMI: 0 0 Performance monitoring interrupts
+IWI: 0 0 IRQ work interrupts
+RES: 282548 308972 Rescheduling interrupts
+CAL: 1955 163540 Function call interrupts
+TLB: 17884 15542 TLB shootdowns
+TRM: 0 0 Thermal event interrupts
+THR: 0 0 Threshold APIC interrupts
+MCE: 0 0 Machine check exceptions
+MCP: 2310 2310 Machine check polls
+ERR: 0
+MIS: 0
+MemTotal: 1914844 kB
+MemFree: 135496 kB
+Buffers: 142048 kB
+Cached: 951840 kB
+SwapCached: 108 kB
+Active: 980724 kB
+Inactive: 540136 kB
+Active(anon): 287056 kB
+Inactive(anon): 143480 kB
+Active(file): 693668 kB
+Inactive(file): 396656 kB
+Unevictable: 0 kB
+Mlocked: 0 kB
+SwapTotal: 4194296 kB
+SwapFree: 4193560 kB
+Dirty: 928 kB
+Writeback: 0 kB
+AnonPages: 427064 kB
+Mapped: 70976 kB
+Shmem: 3400 kB
+Slab: 190892 kB
+SReclaimable: 125404 kB
+SUnreclaim: 65488 kB
+KernelStack: 2304 kB
+PageTables: 23476 kB
+NFS_Unstable: 0 kB
+Bounce: 0 kB
+WritebackTmp: 0 kB
+CommitLimit: 5151716 kB
+Committed_AS: 973184 kB
+VmallocTotal: 34359738367 kB
+VmallocUsed: 280772 kB
+VmallocChunk: 34359441168 kB
+HardwareCorrupted: 0 kB
+AnonHugePages: 249856 kB
+HugePages_Total: 0
+HugePages_Free: 0
+HugePages_Rsvd: 0
+HugePages_Surp: 0
+Hugepagesize: 2048 kB
+DirectMap4k: 8192 kB
+DirectMap2M: 2088960 kB
+slabinfo - version: 2.1
+# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab> : tunables <limit> <batchcount> <sharedfactor> : slabdata <active_slabs> <num_slabs> <sharedavail>
+bridge_fdb_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+fuse_request 0 0 632 6 1 : tunables 54 27 8 : slabdata 0 0 0
+fuse_inode 0 0 768 5 1 : tunables 54 27 8 : slabdata 0 0 0
+rpc_buffers 8 8 2048 2 1 : tunables 24 12 8 : slabdata 4 4 0
+rpc_tasks 8 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+rpc_inode_cache 8 8 832 4 1 : tunables 54 27 8 : slabdata 2 2 0
+hgfsInodeCache 1 6 640 6 1 : tunables 54 27 8 : slabdata 1 1 0
+AF_VMCI 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+nf_conntrack_expect 0 0 240 16 1 : tunables 120 60 8 : slabdata 0 0 0
+nf_conntrack_ffffffff8200cec0 22 26 304 13 1 : tunables 54 27 8 : slabdata 2 2 0
+fib6_nodes 22 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0
+ip6_dst_cache 13 30 384 10 1 : tunables 54 27 8 : slabdata 3 3 0
+ndisc_cache 1 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+ip6_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+RAWv6 67 68 1024 4 1 : tunables 54 27 8 : slabdata 17 17 0
+UDPLITEv6 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+UDPv6 4 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0
+tw_sock_TCPv6 0 0 320 12 1 : tunables 54 27 8 : slabdata 0 0 0
+request_sock_TCPv6 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+TCPv6 9 10 1856 2 1 : tunables 24 12 8 : slabdata 5 5 0
+jbd2_1k 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+avtab_node 502203 502416 24 144 1 : tunables 120 60 8 : slabdata 3489 3489 0
+ext4_inode_cache 74762 74820 1024 4 1 : tunables 54 27 8 : slabdata 18705 18705 0
+ext4_xattr 9 44 88 44 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_free_block_extents 32 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_alloc_context 28 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_prealloc_space 18 37 104 37 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_system_zone 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0
+jbd2_journal_handle 32 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0
+jbd2_journal_head 74 102 112 34 1 : tunables 120 60 8 : slabdata 3 3 0
+jbd2_revoke_table 4 202 16 202 1 : tunables 120 60 8 : slabdata 1 1 0
+jbd2_revoke_record 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+dm_crypt_io 50 50 152 25 1 : tunables 120 60 8 : slabdata 2 2 0
+sd_ext_cdb 2 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0
+scsi_sense_cache 25 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0
+scsi_cmd_cache 28 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0
+dm_raid1_read_record 0 0 1064 7 2 : tunables 24 12 8 : slabdata 0 0 0
+kcopyd_job 0 0 3240 2 2 : tunables 24 12 8 : slabdata 0 0 0
+io 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+dm_uevent 0 0 2608 3 2 : tunables 24 12 8 : slabdata 0 0 0
+dm_rq_clone_bio_info 0 0 16 202 1 : tunables 120 60 8 : slabdata 0 0 0
+dm_rq_target_io 0 0 392 10 1 : tunables 54 27 8 : slabdata 0 0 0
+dm_target_io 844 864 24 144 1 : tunables 120 60 8 : slabdata 6 6 0
+dm_io 828 828 40 92 1 : tunables 120 60 8 : slabdata 9 9 0
+flow_cache 0 0 96 40 1 : tunables 120 60 8 : slabdata 0 0 0
+uhci_urb_priv 6 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0
+cfq_io_context 4 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0
+cfq_queue 5 16 240 16 1 : tunables 120 60 8 : slabdata 1 1 0
+bsg_cmd 0 0 312 12 1 : tunables 54 27 8 : slabdata 0 0 0
+mqueue_inode_cache 1 4 896 4 1 : tunables 54 27 8 : slabdata 1 1 0
+isofs_inode_cache 0 0 640 6 1 : tunables 54 27 8 : slabdata 0 0 0
+hugetlbfs_inode_cache 1 6 608 6 1 : tunables 54 27 8 : slabdata 1 1 0
+dquot 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+kioctx 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0
+kiocb 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+inotify_event_private_data 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+inotify_inode_mark_entry 186 204 112 34 1 : tunables 120 60 8 : slabdata 6 6 0
+dnotify_mark_entry 1 34 112 34 1 : tunables 120 60 8 : slabdata 1 1 0
+dnotify_struct 1 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0
+fasync_cache 6 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0
+khugepaged_mm_slot 83 92 40 92 1 : tunables 120 60 8 : slabdata 1 1 0
+ksm_mm_slot 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+ksm_stable_node 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0
+ksm_rmap_item 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+utrace_engine 0 0 56 67 1 : tunables 120 60 8 : slabdata 0 0 0
+utrace 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+pid_namespace 0 0 2120 3 2 : tunables 24 12 8 : slabdata 0 0 0
+nsproxy 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+posix_timers_cache 0 0 176 22 1 : tunables 120 60 8 : slabdata 0 0 0
+uid_cache 10 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0
+UNIX 459 480 768 5 1 : tunables 54 27 8 : slabdata 96 96 0
+ip_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+UDP-Lite 0 0 832 9 2 : tunables 54 27 8 : slabdata 0 0 0
+tcp_bind_bucket 15 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0
+inet_peer_cache 4 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0
+secpath_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+xfrm_dst_cache 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0
+ip_fib_alias 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+ip_fib_hash 10 106 72 53 1 : tunables 120 60 8 : slabdata 2 2 0
+ip_dst_cache 29 50 384 10 1 : tunables 54 27 8 : slabdata 5 5 0
+arp_cache 4 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+RAW 65 72 832 9 2 : tunables 54 27 8 : slabdata 8 8 0
+UDP 6 18 832 9 2 : tunables 54 27 8 : slabdata 2 2 0
+tw_sock_TCP 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+request_sock_TCP 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+TCP 20 24 1664 4 2 : tunables 24 12 8 : slabdata 6 6 0
+eventpoll_pwq 126 212 72 53 1 : tunables 120 60 8 : slabdata 4 4 0
+eventpoll_epi 126 180 128 30 1 : tunables 120 60 8 : slabdata 6 6 0
+sgpool-128 2 2 4096 1 1 : tunables 24 12 8 : slabdata 2 2 0
+sgpool-64 2 2 2048 2 1 : tunables 24 12 8 : slabdata 1 1 0
+sgpool-32 2 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0
+sgpool-16 2 8 512 8 1 : tunables 54 27 8 : slabdata 1 1 0
+sgpool-8 15 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+scsi_data_buffer 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0
+blkdev_integrity 0 0 112 34 1 : tunables 120 60 8 : slabdata 0 0 0
+blkdev_queue 29 30 2856 2 2 : tunables 24 12 8 : slabdata 15 15 0
+blkdev_requests 42 66 352 11 1 : tunables 54 27 8 : slabdata 5 6 0
+blkdev_ioc 5 48 80 48 1 : tunables 120 60 8 : slabdata 1 1 0
+fsnotify_event_holder 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0
+fsnotify_event 0 0 104 37 1 : tunables 120 60 8 : slabdata 0 0 0
+bio-0 180 180 192 20 1 : tunables 120 60 8 : slabdata 9 9 0
+biovec-256 66 66 4096 1 1 : tunables 24 12 8 : slabdata 66 66 0
+biovec-128 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0
+biovec-64 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+biovec-16 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+bip-256 2 2 4224 1 2 : tunables 8 4 0 : slabdata 2 2 0
+bip-128 0 0 2176 3 2 : tunables 24 12 8 : slabdata 0 0 0
+bip-64 0 0 1152 7 2 : tunables 24 12 8 : slabdata 0 0 0
+bip-16 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0
+bip-4 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+bip-1 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+sock_inode_cache 667 685 704 5 1 : tunables 54 27 8 : slabdata 137 137 0
+skbuff_fclone_cache 7 7 512 7 1 : tunables 54 27 8 : slabdata 1 1 0
+skbuff_head_cache 302 450 256 15 1 : tunables 120 60 8 : slabdata 30 30 0
+file_lock_cache 38 44 176 22 1 : tunables 120 60 8 : slabdata 2 2 0
+net_namespace 0 0 2112 3 2 : tunables 24 12 8 : slabdata 0 0 0
+shmem_inode_cache 774 775 800 5 1 : tunables 54 27 8 : slabdata 155 155 0
+Acpi-Operand 4563 4664 72 53 1 : tunables 120 60 8 : slabdata 88 88 0
+Acpi-ParseExt 0 0 72 53 1 : tunables 120 60 8 : slabdata 0 0 0
+Acpi-Parse 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+Acpi-State 0 0 80 48 1 : tunables 120 60 8 : slabdata 0 0 0
+Acpi-Namespace 3311 3312 40 92 1 : tunables 120 60 8 : slabdata 36 36 0
+task_delay_info 332 340 112 34 1 : tunables 120 60 8 : slabdata 10 10 0
+taskstats 5 12 328 12 1 : tunables 54 27 8 : slabdata 1 1 0
+proc_inode_cache 1008 1008 640 6 1 : tunables 54 27 8 : slabdata 168 168 0
+sigqueue 35 48 160 24 1 : tunables 120 60 8 : slabdata 2 2 0
+bdev_cache 32 36 832 4 1 : tunables 54 27 8 : slabdata 9 9 0
+sysfs_dir_cache 11356 11367 144 27 1 : tunables 120 60 8 : slabdata 421 421 0
+mnt_cache 37 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0
+filp 4614 4700 192 20 1 : tunables 120 60 8 : slabdata 235 235 60
+inode_cache 6883 7308 592 6 1 : tunables 54 27 8 : slabdata 1218 1218 0
+dentry 61000 63960 192 20 1 : tunables 120 60 8 : slabdata 3198 3198 0
+names_cache 26 26 4096 1 1 : tunables 24 12 8 : slabdata 26 26 0
+avc_node 518 1239 64 59 1 : tunables 120 60 8 : slabdata 21 21 0
+selinux_inode_security 84086 86072 72 53 1 : tunables 120 60 8 : slabdata 1624 1624 0
+radix_tree_node 11552 11781 560 7 1 : tunables 54 27 8 : slabdata 1683 1683 0
+key_jar 11 20 192 20 1 : tunables 120 60 8 : slabdata 1 1 0
+buffer_head 220986 230214 104 37 1 : tunables 120 60 8 : slabdata 6222 6222 0
+vm_area_struct 12932 13034 200 19 1 : tunables 120 60 8 : slabdata 686 686 60
+mm_struct 145 145 1408 5 2 : tunables 24 12 8 : slabdata 29 29 0
+fs_cache 137 177 64 59 1 : tunables 120 60 8 : slabdata 3 3 0
+files_cache 162 165 704 11 2 : tunables 54 27 8 : slabdata 15 15 0
+signal_cache 204 204 1024 4 1 : tunables 54 27 8 : slabdata 51 51 0
+sighand_cache 195 195 2112 3 2 : tunables 24 12 8 : slabdata 65 65 0
+task_xstate 232 232 512 8 1 : tunables 54 27 8 : slabdata 29 29 0
+task_struct 303 303 2656 3 2 : tunables 24 12 8 : slabdata 101 101 0
+cred_jar 580 580 192 20 1 : tunables 120 60 8 : slabdata 29 29 0
+anon_vma_chain 7844 8162 48 77 1 : tunables 120 60 8 : slabdata 106 106 60
+anon_vma 5773 5888 40 92 1 : tunables 120 60 8 : slabdata 64 64 60
+pid 322 330 128 30 1 : tunables 120 60 8 : slabdata 11 11 0
+shared_policy_node 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+numa_policy 1 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0
+idr_layer_cache 428 434 544 7 1 : tunables 54 27 8 : slabdata 62 62 0
+size-4194304(DMA) 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0
+size-4194304 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0
+size-2097152(DMA) 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0
+size-2097152 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0
+size-1048576(DMA) 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0
+size-1048576 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0
+size-524288(DMA) 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0
+size-524288 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0
+size-262144(DMA) 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0
+size-262144 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0
+size-131072(DMA) 0 0 131072 1 32 : tunables 8 4 0 : slabdata 0 0 0
+size-131072 1 1 131072 1 32 : tunables 8 4 0 : slabdata 1 1 0
+size-65536(DMA) 0 0 65536 1 16 : tunables 8 4 0 : slabdata 0 0 0
+size-65536 2 2 65536 1 16 : tunables 8 4 0 : slabdata 2 2 0
+size-32768(DMA) 0 0 32768 1 8 : tunables 8 4 0 : slabdata 0 0 0
+size-32768 3 3 32768 1 8 : tunables 8 4 0 : slabdata 3 3 0
+size-16384(DMA) 0 0 16384 1 4 : tunables 8 4 0 : slabdata 0 0 0
+size-16384 11 11 16384 1 4 : tunables 8 4 0 : slabdata 11 11 0
+size-8192(DMA) 0 0 8192 1 2 : tunables 8 4 0 : slabdata 0 0 0
+size-8192 27 27 8192 1 2 : tunables 8 4 0 : slabdata 27 27 0
+size-4096(DMA) 0 0 4096 1 1 : tunables 24 12 8 : slabdata 0 0 0
+size-4096 425 425 4096 1 1 : tunables 24 12 8 : slabdata 425 425 0
+size-2048(DMA) 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0
+size-2048 578 578 2048 2 1 : tunables 24 12 8 : slabdata 289 289 0
+size-1024(DMA) 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+size-1024 1304 1304 1024 4 1 : tunables 54 27 8 : slabdata 326 326 0
+size-512(DMA) 0 0 512 8 1 : tunables 54 27 8 : slabdata 0 0 0
+size-512 1123 1176 512 8 1 : tunables 54 27 8 : slabdata 147 147 0
+size-256(DMA) 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+size-256 870 870 256 15 1 : tunables 120 60 8 : slabdata 58 58 0
+size-192(DMA) 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+size-192 2119 2160 192 20 1 : tunables 120 60 8 : slabdata 108 108 0
+size-128(DMA) 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+size-64(DMA) 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+size-64 33003 40887 64 59 1 : tunables 120 60 8 : slabdata 693 693 0
+size-32(DMA) 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+size-128 3921 4800 128 30 1 : tunables 120 60 8 : slabdata 160 160 0
+size-32 332359 332976 32 112 1 : tunables 120 60 8 : slabdata 2973 2973 0
+kmem_cache 191 191 32896 1 16 : tunables 8 4 0 : slabdata 191 191 0
+Inter-| Receive | Transmit
+ face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
+ lo:267102759 105357 0 0 0 0 0 0 267102759 105357 0 0 0 0 0 0
+ eth0:1013756074 1354469 0 0 0 0 0 0 245526499 966773 0 0 0 0 0 0
+ pan0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.com/CN=clica Signing Cert
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.com/CN=clica CA
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw
+MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o
+mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+
+ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: expired1.example.com
+ localKeyID: C3 70 0A 4C 75 DB 50 B7 1F 67 60 9C DC AD 17 A3 C0 65 5F FF
+subject=/CN=expired1.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMVoXDTEyMTIwMTEyMzQwMVowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuhbGp8Jqy4UZdYGiPLl+q1m4
+dBdrY6689kqn5x5FUZ4PNl9ty9+mnC2Dx5WiYbrOybQZViM9lAIvGRI1GKsHdwID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w
+bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAkrXPLW+etluRGUilUcMsAWEZJ8Syu317
+kXvPuyjNVz3+lGo/4hzhehSusTzy4+22UgsBmgZpjG+uI8tNRmDnAQ==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired1.example.com
+ localKeyID: C3 70 0A 4C 75 DB 50 B7 1F 67 60 9C DC AD 17 A3 C0 65 5F FF
+subject=/CN=expired1.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMVoXDTEyMTIwMTEyMzQwMVowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuhbGp8Jqy4UZdYGiPLl+q1m4
+dBdrY6689kqn5x5FUZ4PNl9ty9+mnC2Dx5WiYbrOybQZViM9lAIvGRI1GKsHdwID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w
+bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAkrXPLW+etluRGUilUcMsAWEZJ8Syu317
+kXvPuyjNVz3+lGo/4hzhehSusTzy4+22UgsBmgZpjG+uI8tNRmDnAQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y\r
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St\r
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa\r
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired1.example.com
+ localKeyID: C3 70 0A 4C 75 DB 50 B7 1F 67 60 9C DC AD 17 A3 C0 65 5F FF
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQINZM2aHxF3EcCAggA
+MBQGCCqGSIb3DQMHBAjc9XMhJPg/ZwSCAVicoTPaeGXGPJyPdhflErlI9EWbj0PH
+bv8AchovLDfYq1Q4EJzkUG1XyelHNha+BS/zFxCcmtpdQtXedL/SdXsOyM99wdJH
+tjpJyWxM3bysqDUdhv2g11KTG0M9L7RBtKmbQq0zcHf9oTZbABKSe4EzX6a9khJY
+5bRVBSQPNtj3/5aAr0BOQQnythh0880FcYmvbFmZQNR12Cexc0+X0/aTaQ/LhM1y
+8GlRBFXGACP+mrY4RfEk/EatcGmqn4JCVASF7Z7zu7JKsEskLDArF9nvVh2xN22n
+DugUfQDRPph4ug2MyUcKNSZzGs+khWmS2TgPgUV0gr1tqS4Sqo+59NuZInyGSMRn
+FeiFTSYcd+zmxinF20MCs+Y6fFasErs6/zdK5oeV8pMlTCX0/yky9Ye4kfth2oHl
+UV+Rfe2Bo40wn6QkxuptagYdoDTJrMUCH9WL/ODRn4IA1Q==
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired1.example.com
+ localKeyID: C3 70 0A 4C 75 DB 50 B7 1F 67 60 9C DC AD 17 A3 C0 65 5F FF
+subject=/CN=expired1.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMVoXDTEyMTIwMTEyMzQwMVowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuhbGp8Jqy4UZdYGiPLl+q1m4
+dBdrY6689kqn5x5FUZ4PNl9ty9+mnC2Dx5WiYbrOybQZViM9lAIvGRI1GKsHdwID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w
+bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAkrXPLW+etluRGUilUcMsAWEZJ8Syu317
+kXvPuyjNVz3+lGo/4hzhehSusTzy4+22UgsBmgZpjG+uI8tNRmDnAQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBALoWxqfCasuFGXWBojy5fqtZuHQXa2OuvPZKp+ceRVGeDzZfbcvf
+ppwtg8eVomG6zsm0GVYjPZQCLxkSNRirB3cCAwEAAQJAbb0wuY21XP/I27ru6dCa
+GoJ2fD+zXL2XQccU7P608kO6R9g73lx48QT21OGvLkKGA4J2U3qqvqJWKP580o3X
+gQIhAN8A4PM0w3cLBnibnQcr+5TfhSUye/4AQcaqUQBnjQW5AiEA1Z+eWtugFdR3
+D6ntc4UdyXsO1DMDn6QyuyEyrJqUDq8CIGGfrtqJVLB+gRy3cuy60m3/0/fOu/0b
++6+Oy9sTeebxAiBK7m5RWHBSt+/7YpOTzcGhBrUw4aQHv0S8Nuzbdm0wqQIgYW0B
+7KVyChX6OpKifrdrSK3Jp3iXP9pgNunxGNj1QbM=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.com/CN=clica Signing Cert
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.com/CN=clica CA
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw
+MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o
+mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+
+ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: expired2.example.com
+ localKeyID: 00 5E 8C 89 32 69 66 73 D9 E7 D3 9C E8 6A 72 27 1D C2 65 87
+subject=/CN=expired2.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDJaFw0xMjEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANs6ryDCjUepqaS5l0ZmpJ3m
+bU0/nDE43cIfDCU+70Jjvf4rxfiQu1N1iiTO2IdRcxai/STBGxpaJRvo/G5l778C
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBABTJbEBMPo/NbiMz+shKPbN+T+oAoneT
+mb1n+3cM5I3RGkkzF8mYDyamimNn+T8GKWdVkiM/Jov1kv+KY5Twg+U=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired2.example.com
+ localKeyID: 00 5E 8C 89 32 69 66 73 D9 E7 D3 9C E8 6A 72 27 1D C2 65 87
+subject=/CN=expired2.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDJaFw0xMjEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANs6ryDCjUepqaS5l0ZmpJ3m
+bU0/nDE43cIfDCU+70Jjvf4rxfiQu1N1iiTO2IdRcxai/STBGxpaJRvo/G5l778C
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBABTJbEBMPo/NbiMz+shKPbN+T+oAoneT
+mb1n+3cM5I3RGkkzF8mYDyamimNn+T8GKWdVkiM/Jov1kv+KY5Twg+U=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y\r
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St\r
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa\r
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired2.example.com
+ localKeyID: 00 5E 8C 89 32 69 66 73 D9 E7 D3 9C E8 6A 72 27 1D C2 65 87
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI0nrN9i220lwCAggA
+MBQGCCqGSIb3DQMHBAjYbPQkuir8nQSCAWANYVbKcEW9iaRzdj6AmMMZw4wnklZI
+rR+R/Eaz92xDWHLv9Qo03JK2OoGgkhE3QvyNxP7Sm69hgErN202M1s7CW66HAt60
+T0XmvbZoXYkn3iPzi6Txi1GQnzo7gfd1S0phD/4q+Tq38nRzJjvHjsL1ebjiFZ2y
+t5cF+gW7+3LEKT/s0K/WpS6QKTgl/W5iV09Tix1eOPckv7z4Cs2fiurohPocUTFa
+B/hdKTun4MwmcchFrgjRda+jz/P42xtgaSmhIETD+C3jnbdEZWFY4xYijyffEUR0
+gUHKH6UPxqoJyeL8ziQmz2jc4j1glnedslHjS+fKlLCU1QKYbhgCcRB4tqILxd9M
+e3/QQksgTFZtGymqPuwPMngcR2Om+E3f0UJnCXcaINJp971l971H/yhieYjxQua4
+8NNKVdz6EzYa/46Gv77Nu7+OQ0zGhMowpjGS4kTE9qOQ3udrdL2kFYJm
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired2.example.com
+ localKeyID: 00 5E 8C 89 32 69 66 73 D9 E7 D3 9C E8 6A 72 27 1D C2 65 87
+subject=/CN=expired2.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDJaFw0xMjEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANs6ryDCjUepqaS5l0ZmpJ3m
+bU0/nDE43cIfDCU+70Jjvf4rxfiQu1N1iiTO2IdRcxai/STBGxpaJRvo/G5l778C
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBABTJbEBMPo/NbiMz+shKPbN+T+oAoneT
+mb1n+3cM5I3RGkkzF8mYDyamimNn+T8GKWdVkiM/Jov1kv+KY5Twg+U=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBANs6ryDCjUepqaS5l0ZmpJ3mbU0/nDE43cIfDCU+70Jjvf4rxfiQ
+u1N1iiTO2IdRcxai/STBGxpaJRvo/G5l778CAwEAAQJAads7RulKSMkuxgBrgC39
+3NSwAHXvmIDp61sMhUuPQhF8kxF9IistHoa4TBW3tdSVepBSDoMk0Ote+0UgO3wK
+SQIhAPC8xBwjNC+gpnaxOvz2iLGbVwISPgM/TMaa+goBJ3o1AiEA6SDVyZi34Gia
+W0YYzmQaJv2VcmGYh0JQ+diJT7qaoKMCIQCfZy6nvvu4KbTv1MzNYWUDzWsgePnM
+5qYsv8OeykLcnQIgU4JDkrd2Bpjx0ghGEoihJZ5ozlRPgwQqZZU/eqPph+kCIBAd
+MOImezJcizVRRG9PuyxuSvwLlPqjvFKnw2ixRkuW
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.com/CN=clica Signing Cert
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.com/CN=clica CA
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw
+MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o
+mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+
+ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: revoked1.example.com
+ localKeyID: 33 F8 A9 1F FC 62 68 49 CC C9 26 E0 24 22 40 40 B5 8E E6 07
+subject=/CN=revoked1.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMVoXDTM4MDEwMTEyMzQwMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtmfFkNpuJsl8xF0EINs9YniA
+h0NKsf8Tt61IVzDsR5ULJOSpA7rcqmbniYuWJ7H1q8Rm5WTqjLs5zIKG+cR/lwID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w
+bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAXzFO3fDq0RRzNgmAa9aorYUQUx1f6ifG
+e9zS1V/Qua9HguY4FCm5NkLDSA46OA/NYEtnC3tDNF6PLSNi1Ww9NQ==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked1.example.com
+ localKeyID: 33 F8 A9 1F FC 62 68 49 CC C9 26 E0 24 22 40 40 B5 8E E6 07
+subject=/CN=revoked1.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMVoXDTM4MDEwMTEyMzQwMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtmfFkNpuJsl8xF0EINs9YniA
+h0NKsf8Tt61IVzDsR5ULJOSpA7rcqmbniYuWJ7H1q8Rm5WTqjLs5zIKG+cR/lwID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w
+bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAXzFO3fDq0RRzNgmAa9aorYUQUx1f6ifG
+e9zS1V/Qua9HguY4FCm5NkLDSA46OA/NYEtnC3tDNF6PLSNi1Ww9NQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y\r
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St\r
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa\r
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked1.example.com
+ localKeyID: 33 F8 A9 1F FC 62 68 49 CC C9 26 E0 24 22 40 40 B5 8E E6 07
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxIBGy/hgXxwCAggA
+MBQGCCqGSIb3DQMHBAj96WZ8xRBC6QSCAVjQ7DTLCFeVW0ah1ECV+1bvGiQy9JwH
+fxHD3s2Wg7+McsAfF2oSx8R0Za7miR70Ke94xrraIuH0NeltyalI5iQOjbGe1W8V
+exnRfXI+87W9QHVI85TW2l6pXCR96cj6zrxQAhXFamDY/SfgwTbaQibrduD2eoct
+IvJ8QsaywSKwpnQAN/4XlQ6aus7w1ywtvFek+15oAfgACG/mXaZZa9sg/pRzHT3a
+8qJjMpJSDOd5QUxKIShidYPNKA88EIvdg9+0wNj42w9A4rAwaoqol4RzdLu8dXbG
+lGjiRdGwkMvlwnAWY68hPnAPOiH8ev7lNPkOkk+YsIVoJK7AoEGyvNk2N02kaBBf
+xfrHIt8jh8Suvfp0HJbdeBTTT1qu/acwNbeA2TVVXdXyoZTrSWiwmv4P0lBYXJIx
+raWLqaaImi5JvL1o5ATr3s8RtD+0iWH5LUuWdzI/agJKUw==
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked1.example.com
+ localKeyID: 33 F8 A9 1F FC 62 68 49 CC C9 26 E0 24 22 40 40 B5 8E E6 07
+subject=/CN=revoked1.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMVoXDTM4MDEwMTEyMzQwMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtmfFkNpuJsl8xF0EINs9YniA
+h0NKsf8Tt61IVzDsR5ULJOSpA7rcqmbniYuWJ7H1q8Rm5WTqjLs5zIKG+cR/lwID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w
+bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAXzFO3fDq0RRzNgmAa9aorYUQUx1f6ifG
+e9zS1V/Qua9HguY4FCm5NkLDSA46OA/NYEtnC3tDNF6PLSNi1Ww9NQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBALZnxZDabibJfMRdBCDbPWJ4gIdDSrH/E7etSFcw7EeVCyTkqQO6
+3Kpm54mLliex9avEZuVk6oy7OcyChvnEf5cCAwEAAQJALGjPfRjxQJhFvDk5TBaU
+t2jHQidsBDIqRsn1luTeYf7KVwL5p51LV27UBqIF+UPa3Wl04rc5IWSCp5CIpASa
+IQIhAN6Ekj/LESey/9nn85fDMUH45PgW/7J+NeqwgK6zoyulAiEA0doPRY/U2ano
+Hu94mggwB693XasYuRsSsGZWK1+nCYsCIF1BXjGSH0xt/kAKr9IoodouP3eh2+Oo
+dVw4QJX2/ylpAiAZUYjUKLVSiZhS2yue0ewRkU8CgxkZhDWuCLrOwtyhXwIgJr3H
+b3LNAipslDnHrNzBK2GB6MlM7/+foJ7Lu7pbK+o=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.com/CN=clica Signing Cert
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.com/CN=clica CA
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw
+MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o
+mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+
+ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: revoked2.example.com
+ localKeyID: 17 78 A2 B6 AD CE 30 23 61 D1 78 DA EF AD AC 2D 72 C6 16 34
+subject=/CN=revoked2.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDJaFw0zODAxMDExMjM0MDJaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALl7NO1x6uz5p6etz9g+bD4n
+/s5Wh/XGDL1IHD78fRFFX9B8dCyoMrzjFTIz8QkOr/sA4RD2B2uk83ZnqtNImY0C
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBAKtwWm1WtnL+jH97DwIutT6s4CkIY2uY
+JkpV4segUV03S1pN9Cnamy4prQYPCfOI1BQO4krsDNOoV/PtDvqxuso=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked2.example.com
+ localKeyID: 17 78 A2 B6 AD CE 30 23 61 D1 78 DA EF AD AC 2D 72 C6 16 34
+subject=/CN=revoked2.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDJaFw0zODAxMDExMjM0MDJaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALl7NO1x6uz5p6etz9g+bD4n
+/s5Wh/XGDL1IHD78fRFFX9B8dCyoMrzjFTIz8QkOr/sA4RD2B2uk83ZnqtNImY0C
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBAKtwWm1WtnL+jH97DwIutT6s4CkIY2uY
+JkpV4segUV03S1pN9Cnamy4prQYPCfOI1BQO4krsDNOoV/PtDvqxuso=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y\r
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St\r
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa\r
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked2.example.com
+ localKeyID: 17 78 A2 B6 AD CE 30 23 61 D1 78 DA EF AD AC 2D 72 C6 16 34
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFV1GIQOsrw4CAggA
+MBQGCCqGSIb3DQMHBAgtBn7nWaro7ASCAWArJ92GA0suBbeIF2CisKcYFfGP+KD5
+LUOKocnSVgVeEvjQmoLzb/YAnXQsh3HtfHjbsJg1Hix4XIRI6skZD33JhhQZha/0
+M8QsA3GBCPcskjQCIMg0FVltjZOVnR20JxlI0HtMybZrIlhNCcWrLkVhU8CRbzFc
+Pubs7P9xIxlfuWVAEBmlOb1LkctHKnWlvVDR4Bef7epwa/KttSmLbBHuayQiwvms
+axUke+NYJvzFWfKpTXP0OHOfz7cdb5dN/BcF642LIGu2f7nY7vGbSG9+iZ4Mb85k
+FBbuSFquqAdxho6IHL7p/xfsW3k8+o6jKhCqkFaY1O1TNLmNtyJSyULDEbJMBiBF
+Q0pLC3AF6EtPDvN7gIvlY6jERZb7j8DJrCnjbEJR1IF09DrH3EdfaYLnGd+0/SRn
+UPY0jNEmT8hwj1ANacuSlBaIXYSjtjDYwJTz4DJA36z+03TDo/ahxwaW
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked2.example.com
+ localKeyID: 17 78 A2 B6 AD CE 30 23 61 D1 78 DA EF AD AC 2D 72 C6 16 34
+subject=/CN=revoked2.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDJaFw0zODAxMDExMjM0MDJaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALl7NO1x6uz5p6etz9g+bD4n
+/s5Wh/XGDL1IHD78fRFFX9B8dCyoMrzjFTIz8QkOr/sA4RD2B2uk83ZnqtNImY0C
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt
+cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBAKtwWm1WtnL+jH97DwIutT6s4CkIY2uY
+JkpV4segUV03S1pN9Cnamy4prQYPCfOI1BQO4krsDNOoV/PtDvqxuso=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBALl7NO1x6uz5p6etz9g+bD4n/s5Wh/XGDL1IHD78fRFFX9B8dCyo
+MrzjFTIz8QkOr/sA4RD2B2uk83ZnqtNImY0CAwEAAQJBAKkeAI07YDOAEnCd1zPY
+/sLRns+uMDtUwArZs/9uIe7a3X4ussXCv60z9epuGre7StXrVyDGBnGqGexsKIiH
+uaECIQDzrY97z+Zcb1RZ/ncQfiep40jMGmpDX/un+wtfkeICWQIhAMLcSIgL/FTH
+t7ehuH5pClcJY0bX0tbOpfNgOWvMniJVAiEAyrYMkewOb8Dxg/gLJn48ErkP2zLy
+SWA0orZV7MgYIukCIBcGcIui3u4lq0/HjEVjpBUkxtZYKlG3mWRoumBCjW0BAiEA
+tqIijH5G06iofDnTIJzXFfetUPNl/wqJ1Xz6ECFh84s=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.com/CN=clica Signing Cert
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.com/CN=clica CA
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw
+MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o
+mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+
+ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: server1.example.com
+ localKeyID: 7B 32 26 98 D0 B8 1E 75 99 29 DC F8 13 EE 29 B7 59 E3 DC DC
+subject=/CN=server1.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMVoXDTM4MDEwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC6EbKf3ZB2Zm+SVn7KzSofX5I+
+3KANkvS0aVxUS/mtnKJg6JLKc2dVav1OmPTF/M8J21F6tVd8EHWBrlsgS3QdAgMB
+AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu
+Y29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw
+Oi8vb3NjcC9leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl
+LmNvbTANBgkqhkiG9w0BAQUFAANBALDva+1Fm8VMNtBTzLmk0wd+rAGNry/HPB++
+vNngBR33/8N/529Zr4WPrL2BeOZkQeDO1qH/2giCAvYfZoBOIO4=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server1.example.com
+ localKeyID: 7B 32 26 98 D0 B8 1E 75 99 29 DC F8 13 EE 29 B7 59 E3 DC DC
+subject=/CN=server1.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMVoXDTM4MDEwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC6EbKf3ZB2Zm+SVn7KzSofX5I+
+3KANkvS0aVxUS/mtnKJg6JLKc2dVav1OmPTF/M8J21F6tVd8EHWBrlsgS3QdAgMB
+AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu
+Y29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw
+Oi8vb3NjcC9leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl
+LmNvbTANBgkqhkiG9w0BAQUFAANBALDva+1Fm8VMNtBTzLmk0wd+rAGNry/HPB++
+vNngBR33/8N/529Zr4WPrL2BeOZkQeDO1qH/2giCAvYfZoBOIO4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y\r
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St\r
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa\r
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server1.example.com
+ localKeyID: 7B 32 26 98 D0 B8 1E 75 99 29 DC F8 13 EE 29 B7 59 E3 DC DC
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIt+n3xYebFlACAggA
+MBQGCCqGSIb3DQMHBAi30QtCXj3kIQSCAVjO+WdU7jaPYN1v7ev2qNehi8MrvllJ
+Q03/xCaiGTI7fUQM55W4Tc5+b952ni6ZtCnYfCojIQ6Wr0uyrabRE9nCRTudKAGv
++RG/vO576Wv69XblZaKwPp1ru5Fb+TqMRDmHsJKzmjx4/iN3l/673w8QEW+opYjI
+i+azRCzMjUcFDkExEqXunJCDD4k0iWv/LTiXa/WfKoPncY6dmtjGt/ceGG7gn+sy
+IGTPbVyX85I4lfSb42mQjticlqpNWNv+BasZNGIAGkreGEIR1HqvoIeIjyze4j/k
+yAA/oAO7WucowZfX6Rcno9yO5Cjsbn60RPMe5aSnCKXH8OnaklegbzQCIXwlRapH
+VCE28ladQ1+7zwCBhCW60WwhRN0UDQz9aFTrbhZ0uUZ13t/EcRr17f43hXnjwCVg
++q6ixyRnx4zSncCTL6iOe2ybUV8IXCFdrWnd7CYJOz804w==
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: server1.example.com
+ localKeyID: 7B 32 26 98 D0 B8 1E 75 99 29 DC F8 13 EE 29 B7 59 E3 DC DC
+subject=/CN=server1.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMVoXDTM4MDEwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC6EbKf3ZB2Zm+SVn7KzSofX5I+
+3KANkvS0aVxUS/mtnKJg6JLKc2dVav1OmPTF/M8J21F6tVd8EHWBrlsgS3QdAgMB
+AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu
+Y29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw
+Oi8vb3NjcC9leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl
+LmNvbTANBgkqhkiG9w0BAQUFAANBALDva+1Fm8VMNtBTzLmk0wd+rAGNry/HPB++
+vNngBR33/8N/529Zr4WPrL2BeOZkQeDO1qH/2giCAvYfZoBOIO4=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBALoRsp/dkHZmb5JWfsrNKh9fkj7coA2S9LRpXFRL+a2comDokspz
+Z1Vq/U6Y9MX8zwnbUXq1V3wQdYGuWyBLdB0CAwEAAQJAC7hRqAAsuUh6fp00H1IM
+9Szv6UW8Tx6Si0qXpjei4mx/reGBvQGTIUJuGdXmuBH5tQHLPskjEqXmgiccWydz
+gQIhAPCP3JccbCUpKELah84ikXuQs0PEnGfyg4oP22x0B5q3AiEAxgKV7eFrd5Qa
+FfjHsK/HfrL8YQYynm8yDqqHnSsJY8sCIFei4Sa/uPoUs1EfkWfcGgnc3iGrB5uq
+spbiTfqFjpujAiAcWvhvdU13dUz7AoJOKg3udeEwX7vV9mR7ty3ucuBIWwIgEy7b
+le8z7zokRTzIKSMpl5xr/0Vp6DWlS0KwuLNuJjc=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.com/CN=clica Signing Cert
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.com/CN=clica CA
+issuer=/O=example.com/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw
+MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o
+mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+
+ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: server2.example.com
+ localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE
+subject=/CN=server2.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDFaFw0zODAxMDExMjM0MDFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA2TCJENbO0UK+Cjs2HSqq1OlM
+VIJQs/ctua3DEcPOphjNwLrUqVGv5qkWFDHbsJ00hpiW7uK9tDfawSWmcFis1wID
+AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5jb20vMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs
+ZS5jb20wDQYJKoZIhvcNAQEFBQADQQCeF6NprEufUaSaqXhBk7hP7kX2NtTEkHmg
+hm1yvEzKL1/7gmqhMAGFapGV90k/8J6L4FiIEaxIHuTvm94KfKZi
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server2.example.com
+ localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE
+subject=/CN=server2.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDFaFw0zODAxMDExMjM0MDFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA2TCJENbO0UK+Cjs2HSqq1OlM
+VIJQs/ctua3DEcPOphjNwLrUqVGv5qkWFDHbsJ00hpiW7uK9tDfawSWmcFis1wID
+AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5jb20vMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs
+ZS5jb20wDQYJKoZIhvcNAQEFBQADQQCeF6NprEufUaSaqXhBk7hP7kX2NtTEkHmg
+hm1yvEzKL1/7gmqhMAGFapGV90k/8J6L4FiIEaxIHuTvm94KfKZi
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw\r
+MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y\r
+7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St\r
+u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa\r
+ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server2.example.com
+ localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFmRnQVx4IM4CAggA
+MBQGCCqGSIb3DQMHBAj96PHFOGcW+gSCAVhUx92WT6m/52ZEGgqV+RyBKgHPv0Vk
+NCrmKEJJAvGRWGl+jnpU780hLNx+qWHxGV6r+wyPN9F81oDhqeYQtIRIYC8tWBeC
+9mouIU/iNXYUkun4ZaH6sIJSFfB/2l/pz5/GaiCqgQPPufGmRFsHcGcZlYpnLHkb
+PyRFagan7QYIwUouBTyJ0o/OKBU/r6QM+ZO1zB4YqUutpYMTUbcD9zkj3eAFpIDZ
+fuci+WK1imuUek9LdKifM8f5jdc4n/Ya5rFcpHg45CXz+pLntsprjQVzhFdQblZW
+60ZyiJm682h7ioHhcJYmYyEa5DMItEqzLasQncMi/s8+SUCqTE0QaWYWJ+ofv1cD
+GBYWoM7Ar47zaqgQYlKMKs9mDfUQ4FQy382yrnsPnyo+K8ra5ESUA++uIxMwouHo
+x3dD4wV51jP8VC9VN2GWprZWffnxwMP4PxZejmZVbSWvPw==
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: server2.example.com
+ localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE
+subject=/CN=server2.example.com
+issuer=/O=example.com/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDFaFw0zODAxMDExMjM0MDFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA2TCJENbO0UK+Cjs2HSqq1OlM
+VIJQs/ctua3DEcPOphjNwLrUqVGv5qkWFDHbsJ00hpiW7uK9tDfawSWmcFis1wID
+AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5jb20vMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs
+ZS5jb20wDQYJKoZIhvcNAQEFBQADQQCeF6NprEufUaSaqXhBk7hP7kX2NtTEkHmg
+hm1yvEzKL1/7gmqhMAGFapGV90k/8J6L4FiIEaxIHuTvm94KfKZi
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBANkwiRDWztFCvgo7Nh0qqtTpTFSCULP3LbmtwxHDzqYYzcC61KlR
+r+apFhQx27CdNIaYlu7ivbQ32sElpnBYrNcCAwEAAQJAAT7+ClKxLRIs9PISBWjR
+Qhd0kKeOvvmUEZSlodx1uw42qqDQ0vfYMSOWzn8dlGQ/XGJ4xVwvFFklNCfWva4M
+QQIhAPaoF/TqmR/dc2CLsQkWoZQqdu7w+uBnTnqqcQ1A2ci9AiEA4Wqw3SszsAwV
+ELV+DCDouyncyMmCzJkDjYA1WYNiVyMCIAc3AYRjfFknRCG11Fbct5s65sG0gNIh
+k3UZGTd3ByfNAiAbwAqt75eZYKNnPzCZRaPhBrJLdaNIlL2/Ob1Xm7kLiQIgWtVa
+weFGKWW86QXScrel5sjNDxFv+ZvMd+heAiPqkXs=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje\r
+SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID\r
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq\r
+hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2\r
+iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY\r
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a\r
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit\r
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje\r
+SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID\r
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq\r
+hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2\r
+iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: OCSP Signer
+ localKeyID: 16 61 1B 08 43 C0 0E C4 AF 4D 7B E9 27 1D EB B0 D7 05 E9 75
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAsT/jRe87h2kyfvbt
+YbvgOPS3y6+BPP8pVdU2CefZAy4mYhuj4ZejZgOf8W9XoonCKTW0Y31feBcy0cM+
+2TNM3QIDAQABAkEApPyuBevggnP2T95zKfUiioGoD43HA8sTY9T53xCTnPOrNNCv
+Vn5+ZXao86JF3ly2jY8Eg0b1hFpfZsZMhG/PgQIhAOg/SgSXqPL8oON/Uot1IUHe
+xLfwqW4toMwTknwdWO39AiEAw2ClhCYw/YTDdbh8sstP7k9HDNBPynwAuURLqc6/
+oGECIBDxVQgCvFuFnIMcLbxovhVdGALHNsUH5RweLWiKh4tNAiBSgpVD6tETr6bQ
+J1paM6yM6uQJkEuyKo4vr5z4mHyq4QIhAMtfRG4+QspRY6aaAAebWBS4zwDiAZCH
+6bnyjSzbUHsm
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBgDCCASqgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt\r
+cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy\r
+MzQwM1oXDTM4MDEwMTEyMzQwM1owMjEUMBIGA1UEChMLZXhhbXBsZS5uZXQxGjAY\r
+BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB\r
+ALE/40XvO4dpMn727WG74Dj0t8uvgTz/KVXVNgnn2QMuJmIbo+GXo2YDn/FvV6KJ\r
+wik1tGN9X3gXMtHDPtkzTN0CAwEAAaMqMCgwDgYDVR0PAQH/BAQDAgeAMBYGA1Ud\r
+JQEB/wQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA0EAjPHbFyZJZHxLSqn5\r
+i4i7+sWFAueHbbVXyDkzbspOeAbUeuc+lyZ7gMkRofbfIyXIMzSggVKiBetK5gf8\r
+OhXNJA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY\r
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a\r
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit\r
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
--- /dev/null
+; Config::Simple 4.59
+; Thu Nov 1 12:34:03 2012
+
+[CLICA]
+crl_url=http://crl.example.net/latest.crl
+crl_signer=Signing Cert
+level=1
+signer=Signing Cert
+ocsp_signer=OCSP Signer
+ocsp_url=http://oscp/example.net/
+
+[CA]
+org=example.net
+subject=clica CA
+name=Certificate Authority
+bits=512
+
+
--- /dev/null
+update=20130127152434Z
--- /dev/null
+-----BEGIN X509 CRL-----
+MIGsMFgCAQEwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5uZXQx
+GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxMzAxMjcxNTI0MzRaMA0G
+CSqGSIb3DQEBBQUAA0EAnGNQN1GnKB2PGg9C+vguhNlTRLgf9j9lziLPBkPff4+k
+8JLTVhcuQYnYTdw1WKq/DeXJRyZwd7Z8vAMMdsW5ZA==
+-----END X509 CRL-----
--- /dev/null
+update=20130127152437Z
+addcert 102 20130127152437Z
+addcert 202 20130127152437Z
--- /dev/null
+-----BEGIN X509 CRL-----
+MIHcMIGHAgEBMA0GCSqGSIb3DQEBBQUAMDMxFDASBgNVBAoTC2V4YW1wbGUubmV0
+MRswGQYDVQQDExJjbGljYSBTaWduaW5nIENlcnQYDzIwMTMwMTI3MTUyNDM3WjAt
+MBQCAWYYDzIwMTMwMTI3MTUyNDM3WjAVAgIAyhgPMjAxMzAxMjcxNTI0MzdaMA0G
+CSqGSIb3DQEBBQUAA0EAL1D/ZMfKSVVozt/TtAPIR/PMLTvBCGrRDbH31tI3pGUJ
+l+FZTnkR48HXOkuaPCxMclubZ0ptQ6wXHP58iwKacA==
+-----END X509 CRL-----
--- /dev/null
+R 130110200751Z 100201142709Z,superseded 65 unknown CN=server1.example.net
+R 130110200751Z 100201142709Z,superseded 66 unknown CN=revoked1.example.net
+R 130110200751Z 100201142709Z,superseded 67 unknown CN=expired1.example.net
+R 130110200751Z 100201142709Z,superseded c9 unknown CN=server2.example.net
+R 130110200751Z 100201142709Z,superseded ca unknown CN=revoked2.example.net
+R 130110200751Z 100201142709Z,superseded cb unknown CN=expired2.example.net
--- /dev/null
+V 130110200751Z 65 unknown CN=server1.example.net
+V 130110200751Z 66 unknown CN=revoked1.example.net
+V 130110200751Z 67 unknown CN=expired1.example.net
+V 130110200751Z c9 unknown CN=server2.example.net
+V 130110200751Z ca unknown CN=revoked2.example.net
+V 130110200751Z cb unknown CN=expired2.example.net
--- /dev/null
+processor : 0
+vendor_id : GenuineIntel
+cpu family : 6
+model : 26
+model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz
+stepping : 5
+cpu MHz : 2260.628
+cache size : 8192 KB
+fpu : yes
+fpu_exception : yes
+cpuid level : 11
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts
+bogomips : 4521.25
+clflush size : 64
+cache_alignment : 64
+address sizes : 40 bits physical, 48 bits virtual
+power management:
+
+processor : 1
+vendor_id : GenuineIntel
+cpu family : 6
+model : 26
+model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz
+stepping : 5
+cpu MHz : 2260.628
+cache size : 8192 KB
+fpu : yes
+fpu_exception : yes
+cpuid level : 11
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts
+bogomips : 4521.25
+clflush size : 64
+cache_alignment : 64
+address sizes : 40 bits physical, 48 bits virtual
+power management:
+
+ CPU0 CPU1
+ 0: 2481 0 IO-APIC-edge timer
+ 1: 21441 346 IO-APIC-edge i8042
+ 3: 1 0 IO-APIC-edge
+ 4: 1 0 IO-APIC-edge
+ 7: 0 0 IO-APIC-edge parport0
+ 8: 1 0 IO-APIC-edge rtc0
+ 9: 0 0 IO-APIC-fasteoi acpi
+ 12: 78986 1718 IO-APIC-edge i8042
+ 14: 0 0 IO-APIC-edge ata_piix
+ 15: 2423337 1435 IO-APIC-edge ata_piix
+ 16: 1025 0 IO-APIC-fasteoi Ensoniq AudioPCI
+ 17: 239858 2559 IO-APIC-fasteoi ehci_hcd:usb1, ioc0
+ 18: 246 0 IO-APIC-fasteoi uhci_hcd:usb2
+ 19: 1868825 51479 IO-APIC-fasteoi eth0
+ 24: 0 0 PCI-MSI-edge pciehp
+ 25: 0 0 PCI-MSI-edge pciehp
+ 26: 0 0 PCI-MSI-edge pciehp
+ 27: 0 0 PCI-MSI-edge pciehp
+ 28: 0 0 PCI-MSI-edge pciehp
+ 29: 0 0 PCI-MSI-edge pciehp
+ 30: 0 0 PCI-MSI-edge pciehp
+ 31: 0 0 PCI-MSI-edge pciehp
+ 32: 0 0 PCI-MSI-edge pciehp
+ 33: 0 0 PCI-MSI-edge pciehp
+ 34: 0 0 PCI-MSI-edge pciehp
+ 35: 0 0 PCI-MSI-edge pciehp
+ 36: 0 0 PCI-MSI-edge pciehp
+ 37: 0 0 PCI-MSI-edge pciehp
+ 38: 0 0 PCI-MSI-edge pciehp
+ 39: 0 0 PCI-MSI-edge pciehp
+ 40: 0 0 PCI-MSI-edge pciehp
+ 41: 0 0 PCI-MSI-edge pciehp
+ 42: 0 0 PCI-MSI-edge pciehp
+ 43: 0 0 PCI-MSI-edge pciehp
+ 44: 0 0 PCI-MSI-edge pciehp
+ 45: 0 0 PCI-MSI-edge pciehp
+ 46: 0 0 PCI-MSI-edge pciehp
+ 47: 0 0 PCI-MSI-edge pciehp
+ 48: 0 0 PCI-MSI-edge pciehp
+ 49: 0 0 PCI-MSI-edge pciehp
+ 50: 0 0 PCI-MSI-edge pciehp
+ 51: 0 0 PCI-MSI-edge pciehp
+ 52: 0 0 PCI-MSI-edge pciehp
+ 53: 0 0 PCI-MSI-edge pciehp
+ 54: 0 0 PCI-MSI-edge pciehp
+ 55: 0 0 PCI-MSI-edge pciehp
+ 56: 1 0 PCI-MSI-edge vmci
+ 57: 0 0 PCI-MSI-edge vmci
+NMI: 0 0 Non-maskable interrupts
+LOC: 12398590 14242910 Local timer interrupts
+SPU: 0 0 Spurious interrupts
+PMI: 0 0 Performance monitoring interrupts
+IWI: 0 0 IRQ work interrupts
+RES: 282808 309226 Rescheduling interrupts
+CAL: 1955 163556 Function call interrupts
+TLB: 18075 15578 TLB shootdowns
+TRM: 0 0 Thermal event interrupts
+THR: 0 0 Threshold APIC interrupts
+MCE: 0 0 Machine check exceptions
+MCP: 2310 2310 Machine check polls
+ERR: 0
+MIS: 0
+MemTotal: 1914844 kB
+MemFree: 133340 kB
+Buffers: 142048 kB
+Cached: 953728 kB
+SwapCached: 108 kB
+Active: 982140 kB
+Inactive: 540820 kB
+Active(anon): 287228 kB
+Inactive(anon): 143480 kB
+Active(file): 694912 kB
+Inactive(file): 397340 kB
+Unevictable: 0 kB
+Mlocked: 0 kB
+SwapTotal: 4194296 kB
+SwapFree: 4193560 kB
+Dirty: 2760 kB
+Writeback: 0 kB
+AnonPages: 427016 kB
+Mapped: 70844 kB
+Shmem: 3400 kB
+Slab: 191064 kB
+SReclaimable: 125460 kB
+SUnreclaim: 65604 kB
+KernelStack: 2312 kB
+PageTables: 23528 kB
+NFS_Unstable: 0 kB
+Bounce: 0 kB
+WritebackTmp: 0 kB
+CommitLimit: 5151716 kB
+Committed_AS: 973184 kB
+VmallocTotal: 34359738367 kB
+VmallocUsed: 280772 kB
+VmallocChunk: 34359441168 kB
+HardwareCorrupted: 0 kB
+AnonHugePages: 249856 kB
+HugePages_Total: 0
+HugePages_Free: 0
+HugePages_Rsvd: 0
+HugePages_Surp: 0
+Hugepagesize: 2048 kB
+DirectMap4k: 8192 kB
+DirectMap2M: 2088960 kB
+slabinfo - version: 2.1
+# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab> : tunables <limit> <batchcount> <sharedfactor> : slabdata <active_slabs> <num_slabs> <sharedavail>
+bridge_fdb_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+fuse_request 0 0 632 6 1 : tunables 54 27 8 : slabdata 0 0 0
+fuse_inode 0 0 768 5 1 : tunables 54 27 8 : slabdata 0 0 0
+rpc_buffers 8 8 2048 2 1 : tunables 24 12 8 : slabdata 4 4 0
+rpc_tasks 8 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+rpc_inode_cache 8 8 832 4 1 : tunables 54 27 8 : slabdata 2 2 0
+hgfsInodeCache 1 6 640 6 1 : tunables 54 27 8 : slabdata 1 1 0
+AF_VMCI 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+nf_conntrack_expect 0 0 240 16 1 : tunables 120 60 8 : slabdata 0 0 0
+nf_conntrack_ffffffff8200cec0 11 26 304 13 1 : tunables 54 27 8 : slabdata 2 2 0
+fib6_nodes 22 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0
+ip6_dst_cache 13 30 384 10 1 : tunables 54 27 8 : slabdata 3 3 0
+ndisc_cache 1 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+ip6_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+RAWv6 67 68 1024 4 1 : tunables 54 27 8 : slabdata 17 17 0
+UDPLITEv6 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+UDPv6 4 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0
+tw_sock_TCPv6 0 0 320 12 1 : tunables 54 27 8 : slabdata 0 0 0
+request_sock_TCPv6 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+TCPv6 9 10 1856 2 1 : tunables 24 12 8 : slabdata 5 5 0
+jbd2_1k 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+avtab_node 502203 502416 24 144 1 : tunables 120 60 8 : slabdata 3489 3489 0
+ext4_inode_cache 74880 74880 1024 4 1 : tunables 54 27 8 : slabdata 18720 18720 0
+ext4_xattr 9 44 88 44 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_free_block_extents 32 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_alloc_context 28 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_prealloc_space 18 37 104 37 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_system_zone 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0
+jbd2_journal_handle 32 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0
+jbd2_journal_head 102 102 112 34 1 : tunables 120 60 8 : slabdata 3 3 0
+jbd2_revoke_table 4 202 16 202 1 : tunables 120 60 8 : slabdata 1 1 0
+jbd2_revoke_record 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+dm_crypt_io 50 50 152 25 1 : tunables 120 60 8 : slabdata 2 2 0
+sd_ext_cdb 2 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0
+scsi_sense_cache 22 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0
+scsi_cmd_cache 23 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0
+dm_raid1_read_record 0 0 1064 7 2 : tunables 24 12 8 : slabdata 0 0 0
+kcopyd_job 0 0 3240 2 2 : tunables 24 12 8 : slabdata 0 0 0
+io 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+dm_uevent 0 0 2608 3 2 : tunables 24 12 8 : slabdata 0 0 0
+dm_rq_clone_bio_info 0 0 16 202 1 : tunables 120 60 8 : slabdata 0 0 0
+dm_rq_target_io 0 0 392 10 1 : tunables 54 27 8 : slabdata 0 0 0
+dm_target_io 844 864 24 144 1 : tunables 120 60 8 : slabdata 6 6 0
+dm_io 828 828 40 92 1 : tunables 120 60 8 : slabdata 9 9 0
+flow_cache 0 0 96 40 1 : tunables 120 60 8 : slabdata 0 0 0
+uhci_urb_priv 6 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0
+cfq_io_context 4 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0
+cfq_queue 5 16 240 16 1 : tunables 120 60 8 : slabdata 1 1 0
+bsg_cmd 0 0 312 12 1 : tunables 54 27 8 : slabdata 0 0 0
+mqueue_inode_cache 1 4 896 4 1 : tunables 54 27 8 : slabdata 1 1 0
+isofs_inode_cache 0 0 640 6 1 : tunables 54 27 8 : slabdata 0 0 0
+hugetlbfs_inode_cache 1 6 608 6 1 : tunables 54 27 8 : slabdata 1 1 0
+dquot 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+kioctx 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0
+kiocb 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+inotify_event_private_data 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+inotify_inode_mark_entry 186 204 112 34 1 : tunables 120 60 8 : slabdata 6 6 0
+dnotify_mark_entry 1 34 112 34 1 : tunables 120 60 8 : slabdata 1 1 0
+dnotify_struct 1 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0
+fasync_cache 6 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0
+khugepaged_mm_slot 83 92 40 92 1 : tunables 120 60 8 : slabdata 1 1 0
+ksm_mm_slot 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+ksm_stable_node 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0
+ksm_rmap_item 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+utrace_engine 0 0 56 67 1 : tunables 120 60 8 : slabdata 0 0 0
+utrace 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+pid_namespace 0 0 2120 3 2 : tunables 24 12 8 : slabdata 0 0 0
+nsproxy 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+posix_timers_cache 0 0 176 22 1 : tunables 120 60 8 : slabdata 0 0 0
+uid_cache 10 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0
+UNIX 459 480 768 5 1 : tunables 54 27 8 : slabdata 96 96 0
+ip_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+UDP-Lite 0 0 832 9 2 : tunables 54 27 8 : slabdata 0 0 0
+tcp_bind_bucket 15 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0
+inet_peer_cache 4 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0
+secpath_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+xfrm_dst_cache 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0
+ip_fib_alias 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+ip_fib_hash 10 106 72 53 1 : tunables 120 60 8 : slabdata 2 2 0
+ip_dst_cache 29 50 384 10 1 : tunables 54 27 8 : slabdata 5 5 0
+arp_cache 4 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+RAW 65 72 832 9 2 : tunables 54 27 8 : slabdata 8 8 0
+UDP 6 18 832 9 2 : tunables 54 27 8 : slabdata 2 2 0
+tw_sock_TCP 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+request_sock_TCP 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+TCP 20 24 1664 4 2 : tunables 24 12 8 : slabdata 6 6 0
+eventpoll_pwq 126 212 72 53 1 : tunables 120 60 8 : slabdata 4 4 0
+eventpoll_epi 126 180 128 30 1 : tunables 120 60 8 : slabdata 6 6 0
+sgpool-128 2 2 4096 1 1 : tunables 24 12 8 : slabdata 2 2 0
+sgpool-64 2 2 2048 2 1 : tunables 24 12 8 : slabdata 1 1 0
+sgpool-32 2 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0
+sgpool-16 2 8 512 8 1 : tunables 54 27 8 : slabdata 1 1 0
+sgpool-8 15 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+scsi_data_buffer 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0
+blkdev_integrity 0 0 112 34 1 : tunables 120 60 8 : slabdata 0 0 0
+blkdev_queue 29 30 2856 2 2 : tunables 24 12 8 : slabdata 15 15 0
+blkdev_requests 31 44 352 11 1 : tunables 54 27 8 : slabdata 4 4 0
+blkdev_ioc 5 48 80 48 1 : tunables 120 60 8 : slabdata 1 1 0
+fsnotify_event_holder 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0
+fsnotify_event 0 0 104 37 1 : tunables 120 60 8 : slabdata 0 0 0
+bio-0 180 180 192 20 1 : tunables 120 60 8 : slabdata 9 9 0
+biovec-256 66 66 4096 1 1 : tunables 24 12 8 : slabdata 66 66 0
+biovec-128 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0
+biovec-64 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+biovec-16 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+bip-256 2 2 4224 1 2 : tunables 8 4 0 : slabdata 2 2 0
+bip-128 0 0 2176 3 2 : tunables 24 12 8 : slabdata 0 0 0
+bip-64 0 0 1152 7 2 : tunables 24 12 8 : slabdata 0 0 0
+bip-16 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0
+bip-4 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+bip-1 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+sock_inode_cache 666 685 704 5 1 : tunables 54 27 8 : slabdata 137 137 0
+skbuff_fclone_cache 42 42 512 7 1 : tunables 54 27 8 : slabdata 6 6 0
+skbuff_head_cache 302 450 256 15 1 : tunables 120 60 8 : slabdata 30 30 0
+file_lock_cache 38 44 176 22 1 : tunables 120 60 8 : slabdata 2 2 0
+net_namespace 0 0 2112 3 2 : tunables 24 12 8 : slabdata 0 0 0
+shmem_inode_cache 774 775 800 5 1 : tunables 54 27 8 : slabdata 155 155 0
+Acpi-Operand 4563 4664 72 53 1 : tunables 120 60 8 : slabdata 88 88 0
+Acpi-ParseExt 0 0 72 53 1 : tunables 120 60 8 : slabdata 0 0 0
+Acpi-Parse 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+Acpi-State 0 0 80 48 1 : tunables 120 60 8 : slabdata 0 0 0
+Acpi-Namespace 3311 3312 40 92 1 : tunables 120 60 8 : slabdata 36 36 0
+task_delay_info 332 340 112 34 1 : tunables 120 60 8 : slabdata 10 10 0
+taskstats 5 12 328 12 1 : tunables 54 27 8 : slabdata 1 1 0
+proc_inode_cache 1008 1008 640 6 1 : tunables 54 27 8 : slabdata 168 168 0
+sigqueue 35 48 160 24 1 : tunables 120 60 8 : slabdata 2 2 0
+bdev_cache 32 36 832 4 1 : tunables 54 27 8 : slabdata 9 9 0
+sysfs_dir_cache 11356 11367 144 27 1 : tunables 120 60 8 : slabdata 421 421 0
+mnt_cache 37 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0
+filp 4644 4700 192 20 1 : tunables 120 60 8 : slabdata 235 235 120
+inode_cache 6883 7308 592 6 1 : tunables 54 27 8 : slabdata 1218 1218 0
+dentry 61240 63960 192 20 1 : tunables 120 60 8 : slabdata 3198 3198 0
+names_cache 26 26 4096 1 1 : tunables 24 12 8 : slabdata 26 26 0
+avc_node 510 1239 64 59 1 : tunables 120 60 8 : slabdata 21 21 0
+selinux_inode_security 84206 86072 72 53 1 : tunables 120 60 8 : slabdata 1624 1624 0
+radix_tree_node 11606 11781 560 7 1 : tunables 54 27 8 : slabdata 1683 1683 0
+key_jar 11 20 192 20 1 : tunables 120 60 8 : slabdata 1 1 0
+buffer_head 221526 230214 104 37 1 : tunables 120 60 8 : slabdata 6222 6222 0
+vm_area_struct 12962 13034 200 19 1 : tunables 120 60 8 : slabdata 686 686 0
+mm_struct 145 145 1408 5 2 : tunables 24 12 8 : slabdata 29 29 0
+fs_cache 177 177 64 59 1 : tunables 120 60 8 : slabdata 3 3 0
+files_cache 162 165 704 11 2 : tunables 54 27 8 : slabdata 15 15 0
+signal_cache 208 208 1024 4 1 : tunables 54 27 8 : slabdata 52 52 0
+sighand_cache 201 201 2112 3 2 : tunables 24 12 8 : slabdata 67 67 0
+task_xstate 240 240 512 8 1 : tunables 54 27 8 : slabdata 30 30 0
+task_struct 306 306 2656 3 2 : tunables 24 12 8 : slabdata 102 102 0
+cred_jar 580 580 192 20 1 : tunables 120 60 8 : slabdata 29 29 0
+anon_vma_chain 7874 8162 48 77 1 : tunables 120 60 8 : slabdata 106 106 0
+anon_vma 5773 5888 40 92 1 : tunables 120 60 8 : slabdata 64 64 0
+pid 322 330 128 30 1 : tunables 120 60 8 : slabdata 11 11 0
+shared_policy_node 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+numa_policy 1 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0
+idr_layer_cache 428 434 544 7 1 : tunables 54 27 8 : slabdata 62 62 0
+size-4194304(DMA) 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0
+size-4194304 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0
+size-2097152(DMA) 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0
+size-2097152 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0
+size-1048576(DMA) 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0
+size-1048576 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0
+size-524288(DMA) 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0
+size-524288 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0
+size-262144(DMA) 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0
+size-262144 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0
+size-131072(DMA) 0 0 131072 1 32 : tunables 8 4 0 : slabdata 0 0 0
+size-131072 1 1 131072 1 32 : tunables 8 4 0 : slabdata 1 1 0
+size-65536(DMA) 0 0 65536 1 16 : tunables 8 4 0 : slabdata 0 0 0
+size-65536 2 2 65536 1 16 : tunables 8 4 0 : slabdata 2 2 0
+size-32768(DMA) 0 0 32768 1 8 : tunables 8 4 0 : slabdata 0 0 0
+size-32768 3 3 32768 1 8 : tunables 8 4 0 : slabdata 3 3 0
+size-16384(DMA) 0 0 16384 1 4 : tunables 8 4 0 : slabdata 0 0 0
+size-16384 12 12 16384 1 4 : tunables 8 4 0 : slabdata 12 12 0
+size-8192(DMA) 0 0 8192 1 2 : tunables 8 4 0 : slabdata 0 0 0
+size-8192 27 27 8192 1 2 : tunables 8 4 0 : slabdata 27 27 0
+size-4096(DMA) 0 0 4096 1 1 : tunables 24 12 8 : slabdata 0 0 0
+size-4096 425 425 4096 1 1 : tunables 24 12 8 : slabdata 425 425 0
+size-2048(DMA) 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0
+size-2048 573 578 2048 2 1 : tunables 24 12 8 : slabdata 289 289 0
+size-1024(DMA) 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+size-1024 1340 1340 1024 4 1 : tunables 54 27 8 : slabdata 335 335 0
+size-512(DMA) 0 0 512 8 1 : tunables 54 27 8 : slabdata 0 0 0
+size-512 1123 1176 512 8 1 : tunables 54 27 8 : slabdata 147 147 0
+size-256(DMA) 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+size-256 930 930 256 15 1 : tunables 120 60 8 : slabdata 62 62 0
+size-192(DMA) 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+size-192 2119 2160 192 20 1 : tunables 120 60 8 : slabdata 108 108 0
+size-128(DMA) 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+size-64(DMA) 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+size-64 33093 40887 64 59 1 : tunables 120 60 8 : slabdata 693 693 0
+size-32(DMA) 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+size-128 3921 4800 128 30 1 : tunables 120 60 8 : slabdata 160 160 0
+size-32 332389 332976 32 112 1 : tunables 120 60 8 : slabdata 2973 2973 0
+kmem_cache 191 191 32896 1 16 : tunables 8 4 0 : slabdata 191 191 0
+Inter-| Receive | Transmit
+ face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
+ lo:267102759 105357 0 0 0 0 0 0 267102759 105357 0 0 0 0 0 0
+ eth0:1013761672 1354551 0 0 0 0 0 0 245537245 966850 0 0 0 0 0 0
+ pan0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.net/CN=clica Signing Cert
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.net/CN=clica CA
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje
+SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2
+iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: expired1.example.net
+ localKeyID: 1E 0D 7E 35 C6 DD 12 8A 56 2B C8 44 4B 60 A9 95 DC 68 6F 37
+subject=/CN=expired1.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwNFoXDTEyMTIwMTEyMzQwNFowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA+LXqjv5NnRW2OlKWyYYH8ZFb
+Fj4xAdg4qSa1WK/wlUUdpQldGzpDuq/BzuyQdJjp1vSnqhKjfxz0ef9xJievdwID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w
+bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EA0dUUjXeu21xQo+AsptLSwmzhn+EV8ixI
+757XRkCnAN0mOZZHcv+imuiEXpf62J+wNyWKNCWu2iPttov/JAcYKA==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired1.example.net
+ localKeyID: 1E 0D 7E 35 C6 DD 12 8A 56 2B C8 44 4B 60 A9 95 DC 68 6F 37
+subject=/CN=expired1.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwNFoXDTEyMTIwMTEyMzQwNFowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA+LXqjv5NnRW2OlKWyYYH8ZFb
+Fj4xAdg4qSa1WK/wlUUdpQldGzpDuq/BzuyQdJjp1vSnqhKjfxz0ef9xJievdwID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w
+bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EA0dUUjXeu21xQo+AsptLSwmzhn+EV8ixI
+757XRkCnAN0mOZZHcv+imuiEXpf62J+wNyWKNCWu2iPttov/JAcYKA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY\r
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a\r
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit\r
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired1.example.net
+ localKeyID: 1E 0D 7E 35 C6 DD 12 8A 56 2B C8 44 4B 60 A9 95 DC 68 6F 37
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIEobdAguY51UCAggA
+MBQGCCqGSIb3DQMHBAjyQJzMIkx+swSCAWBoW5JocLm3XvmW7cnK8Np23KqUs4ST
+MG68rJY6pLqdGkn8aK0yZfecdpuHoFCZRdxQy9ztdofB50tkr7evlTuM1u40/9b0
+ygZ9ajxESZmF5mS8r6dFGXOBq7UrMpEvod1lujpP3hwtkqJOlPFhacPUestqDjP4
+zDmEmKQYyRx4DQ3QM4T2Wuc1S8TSECcMLsOgZhOxGULIzmtxceftS/V9NYewZsne
+Q05TKH7ygWGvUyYEgDlFlBAk8CAiqIBBz3fU2bmWfR5p6hoSTqGeLlAL7fTid8Vf
+g4HEfthygRC28+s5r/MbMBJKwTdRHnQbmK4rOxFUhYCkV8Df28Ukx/RaA9CKjbQl
+2fnuTRAms72szZRoKsdS3xVgyaOdgdhVJKWP2QAUvzblX/wpKr9BwrbqIhXOqEiv
+9/yCVqUg20sjNvYyw/2Zv9t+g9u3d5CMyU37e8AT8X3DExmpleiOdX4J
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired1.example.net
+ localKeyID: 1E 0D 7E 35 C6 DD 12 8A 56 2B C8 44 4B 60 A9 95 DC 68 6F 37
+subject=/CN=expired1.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwNFoXDTEyMTIwMTEyMzQwNFowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA+LXqjv5NnRW2OlKWyYYH8ZFb
+Fj4xAdg4qSa1WK/wlUUdpQldGzpDuq/BzuyQdJjp1vSnqhKjfxz0ef9xJievdwID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w
+bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EA0dUUjXeu21xQo+AsptLSwmzhn+EV8ixI
+757XRkCnAN0mOZZHcv+imuiEXpf62J+wNyWKNCWu2iPttov/JAcYKA==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAPi16o7+TZ0VtjpSlsmGB/GRWxY+MQHYOKkmtViv8JVFHaUJXRs6
+Q7qvwc7skHSY6db0p6oSo38c9Hn/cSYnr3cCAwEAAQJBAK1O9tgV1Te1PXp+upxL
+TZXD2FkzlSrX5QPZ+VyHnXolg8XNhx2pA1J4iJrnvooWQRZuWRhi/p8g2ygJ8B6I
+60ECIQD/cO5OrdRWg3EBgoCWN7WAZ53qMmSRxAnMt95W5yujGQIhAPlBNzbQr2Z7
+DVvwCc2ERxuaFGTcLZH/x+oRhZ9jr0kPAiB/79froDSRgBPBZdNxaUWGol79RXAJ
+cd5WomDBtdatQQIgAVyP1qbRLnghnIz1IMBGOypeTia9wPxqtSafWj2LKZUCID/d
+8buaLYm3yYYAQwbTBtb89+gpRg0I51DFS6fNIuU4
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.net/CN=clica Signing Cert
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.net/CN=clica CA
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje
+SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2
+iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: expired2.example.net
+ localKeyID: 1A 68 61 A3 03 A4 DC 65 19 7A 7E 5E 65 37 39 DB E3 CB 56 AC
+subject=/CN=expired2.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDVaFw0xMjEyMDExMjM0MDVaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMRPNIrjXhmHfWrc/c+K9esj
+3cXECi38lpKgZyhqN8CjRvifIaMoZaCPoXoppyC3MmtLhT5JnYe8+1vSApl9jPUC
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt
+cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAMmrnrUFZRECJcDk4BGSMQp5vvC/uHi0
+1NSP3Ki4Yu+CbXUHtgZqwOB5abU8INeLbJoab2stMFsdevzRYuuqb7s=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired2.example.net
+ localKeyID: 1A 68 61 A3 03 A4 DC 65 19 7A 7E 5E 65 37 39 DB E3 CB 56 AC
+subject=/CN=expired2.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDVaFw0xMjEyMDExMjM0MDVaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMRPNIrjXhmHfWrc/c+K9esj
+3cXECi38lpKgZyhqN8CjRvifIaMoZaCPoXoppyC3MmtLhT5JnYe8+1vSApl9jPUC
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt
+cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAMmrnrUFZRECJcDk4BGSMQp5vvC/uHi0
+1NSP3Ki4Yu+CbXUHtgZqwOB5abU8INeLbJoab2stMFsdevzRYuuqb7s=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY\r
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a\r
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit\r
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired2.example.net
+ localKeyID: 1A 68 61 A3 03 A4 DC 65 19 7A 7E 5E 65 37 39 DB E3 CB 56 AC
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIU+oGNqBSHjcCAggA
+MBQGCCqGSIb3DQMHBAjYaI7Iob+lDASCAWDAZIbvl/AbphvMZhynrCFGzj6iN309
+N+U1mQPGWD6hisPfA4aTpIQyHtVah6KCE1fbzGFgiNULsfByVj4XBRbetiVKMuWA
+xs/EEcPhNRG0KOeRxzDtSpM0lG078XAC4p7wgqvhf4R9524Vq4PpYzt+tKfh0rPC
+leF7VFJ5vi7Tms7q1wqtL76Wgibq4m43XoFrYMbQL2qbXl98rRAP6R6u852f4L/D
+Cy1EGsgWIdGjCPQRxdwC0Vf1vIjaspXBmVhbFJR9Djp48DShbAO11cXRSIligH6t
+7p+aesQM/illunmCaMzMYFAjdrMYZEO1bqVdU5Nd7/tlQQLgHSdo+iD6XLnci7dw
+elQ9bRxYVMEDX16kTXd4NU6xP0Zpac5XHu4ji2PKlSOSxQh5GbPICXdEH7K/Oshv
+CUIZbYnlGsOT2uFgnChtUeIwc6OXcSv3LLXIwzg0ec7yN83j0r3jQRQx
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired2.example.net
+ localKeyID: 1A 68 61 A3 03 A4 DC 65 19 7A 7E 5E 65 37 39 DB E3 CB 56 AC
+subject=/CN=expired2.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDVaFw0xMjEyMDExMjM0MDVaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMRPNIrjXhmHfWrc/c+K9esj
+3cXECi38lpKgZyhqN8CjRvifIaMoZaCPoXoppyC3MmtLhT5JnYe8+1vSApl9jPUC
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt
+cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAMmrnrUFZRECJcDk4BGSMQp5vvC/uHi0
+1NSP3Ki4Yu+CbXUHtgZqwOB5abU8INeLbJoab2stMFsdevzRYuuqb7s=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAMRPNIrjXhmHfWrc/c+K9esj3cXECi38lpKgZyhqN8CjRvifIaMo
+ZaCPoXoppyC3MmtLhT5JnYe8+1vSApl9jPUCAwEAAQJAOCkksfs8B3ewlKrmXcK2
+ee/H2XUtKFzTwtzqxjAlBRHwxgSOZr4rn10t+R4j6cvLqhfbXGu0p+1oGgFCYAe6
+/QIhAOU/L1TRGgE1Q0gR+BSyWTlHNSXu1wmy0j/nVSk1fb2bAiEA2zgBX7vxRt1M
+d7AKLfqjpMKolmMUyWNQdGFI/+Ch0K8CIHsFMkAgygS18XoecnOg1bKgHMxTZEBH
+Hv6+BHxNwUFbAiBpXA98/Y1G69F2rMsXsiC4bT4tmU1CRVNDvAYjxMjAzQIhAOHO
+1ynQHqtSfjlkpZtcNqey2SlcqXz7xI/aEXVYj5Q4
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.net/CN=clica Signing Cert
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.net/CN=clica CA
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje
+SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2
+iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: revoked1.example.net
+ localKeyID: 3A 08 2E BA 85 F0 DD 7E C5 FE 51 92 BD 0B C7 35 9D 56 6B A5
+subject=/CN=revoked1.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwNFoXDTM4MDEwMTEyMzQwNFowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAr20bGUprpXdQGlk/FW+RJ19l
+FZ//slFysFeG3PEVjVjCnvsoxBFZJFVyfHhyxTvVYdoC6BVZfs9HRAjgZuBImQID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w
+bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EACw87yNDj6DBkvF+i1qUyw6vqijmPyOQZ
+4S+UOCyyNSsJrA1VMjRjAqGTgyU0OFtfcGuhvZ1ZnlFrvVog/icGcw==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked1.example.net
+ localKeyID: 3A 08 2E BA 85 F0 DD 7E C5 FE 51 92 BD 0B C7 35 9D 56 6B A5
+subject=/CN=revoked1.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwNFoXDTM4MDEwMTEyMzQwNFowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAr20bGUprpXdQGlk/FW+RJ19l
+FZ//slFysFeG3PEVjVjCnvsoxBFZJFVyfHhyxTvVYdoC6BVZfs9HRAjgZuBImQID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w
+bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EACw87yNDj6DBkvF+i1qUyw6vqijmPyOQZ
+4S+UOCyyNSsJrA1VMjRjAqGTgyU0OFtfcGuhvZ1ZnlFrvVog/icGcw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY\r
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a\r
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit\r
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked1.example.net
+ localKeyID: 3A 08 2E BA 85 F0 DD 7E C5 FE 51 92 BD 0B C7 35 9D 56 6B A5
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQITLxrgeizo7ACAggA
+MBQGCCqGSIb3DQMHBAiR0pknm91lSASCAWAoe8AKx1R5elFbE1FAZaGyPjegmgc5
+qFLKuVzK43OMKRphZJPKRSa12rzz40qRozJItXiDNL1+qt+IbOirtUlvvKu+5cdC
+oHQgSjA58Is1DN6f+OqD7v7S1ZdXrtyMmtvaHLfjsgX7f9acq8Q7OrcdVcJksVRL
+7yCULtR0NRxG+elh5lF9SNY+1f8Hee/dfP3LmyE+leO5ECfOWcIFLBCjLbdmMQFf
+lIodgPiy1qjuGwuXZQy/3s1tZ4p2R6dQ7FrPWCyDAxkd/Vw5+BWZ/UJD8GDKtvLL
+E9lyYuUg7KUaWiSSdsHmXMyrs+xdW+1GHqAVkuJqjWR2nxtXBDQ7GIaDfZr7nosR
+OR5ABpVtZ0eAiJz7qX3WjxtoQJ/7RRPYOnINzyRVgHHHVekyFdYd1OiQDgVoh+08
+HOOA6ZbXLyOCGqh5Syp0RAn7d8qSfX/Z8l6wnxblNG16noDPRbNGf9rU
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked1.example.net
+ localKeyID: 3A 08 2E BA 85 F0 DD 7E C5 FE 51 92 BD 0B C7 35 9D 56 6B A5
+subject=/CN=revoked1.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwNFoXDTM4MDEwMTEyMzQwNFowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAr20bGUprpXdQGlk/FW+RJ19l
+FZ//slFysFeG3PEVjVjCnvsoxBFZJFVyfHhyxTvVYdoC6BVZfs9HRAjgZuBImQID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w
+bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EACw87yNDj6DBkvF+i1qUyw6vqijmPyOQZ
+4S+UOCyyNSsJrA1VMjRjAqGTgyU0OFtfcGuhvZ1ZnlFrvVog/icGcw==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAK9tGxlKa6V3UBpZPxVvkSdfZRWf/7JRcrBXhtzxFY1Ywp77KMQR
+WSRVcnx4csU71WHaAugVWX7PR0QI4GbgSJkCAwEAAQJAMvRiFqqDMgDCB6U8qaFK
+bEFNP0bGIql9wrLpvWtZc0CFyhV6LSjMBQSQp92r1tMlB4NKQ7leLb7XXgrPRswY
+AQIhANW94AFeO6+yIhd1OQuizl8SBQwCi0gvlMqsrf3kyDrZAiEA0hv3G/VQWPKY
+n/wikupIE/8jbJvLWLRYYWn6eGg6Y8ECIQC7RN0a1cFdsqkD/IS6mS5PRa5+U0xN
+NsMawCjBps14IQIhAL24JLypGSEIBYrIl8uDIwxzYGBMmSQCzJ9Bm7onmznBAiAe
+YGSy1e3Vji/YwZGuEyGrVl+BEIQ1p0vUgRZ7aEpVpQ==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.net/CN=clica Signing Cert
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.net/CN=clica CA
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje
+SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2
+iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: revoked2.example.net
+ localKeyID: 60 8E D5 FB A7 97 B2 E8 F9 84 11 4F 91 1D 3C 91 B8 19 E8 97
+subject=/CN=revoked2.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDRaFw0zODAxMDExMjM0MDRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMj2mEnZY8N38XJ5ZLTymH2J
+hBNiubBU4ddvVQ0y48E/b5fbYwJI458bKgyNhqQtO/MG15oIndFpbazcp1p8++8C
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt
+cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAD46Iw05ofRAaw9+yeTDPIydjl1Pkb1/
+ma4/qSK7p8BU/pMN3SH4qxKW7z6nNregMW48d5KcSxUPBmWmDCM8u70=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked2.example.net
+ localKeyID: 60 8E D5 FB A7 97 B2 E8 F9 84 11 4F 91 1D 3C 91 B8 19 E8 97
+subject=/CN=revoked2.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDRaFw0zODAxMDExMjM0MDRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMj2mEnZY8N38XJ5ZLTymH2J
+hBNiubBU4ddvVQ0y48E/b5fbYwJI458bKgyNhqQtO/MG15oIndFpbazcp1p8++8C
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt
+cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAD46Iw05ofRAaw9+yeTDPIydjl1Pkb1/
+ma4/qSK7p8BU/pMN3SH4qxKW7z6nNregMW48d5KcSxUPBmWmDCM8u70=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY\r
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a\r
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit\r
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked2.example.net
+ localKeyID: 60 8E D5 FB A7 97 B2 E8 F9 84 11 4F 91 1D 3C 91 B8 19 E8 97
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIfHUUKZHRP88CAggA
+MBQGCCqGSIb3DQMHBAiGHts1xOcjYASCAWA+TB8P6+MMx7kHWAIrO7eIwxXI/ivw
+gKWa/XVFtZeZcBYCdjR0Ubfsv3emeWtZ72badVNNOgbUqaMsTraqYePGS9fVIk8e
+Pn3PjKdd7rODvSTN647CrN6ng0x1yYW/RVo5v5CnoantSojUY5eNhO+iSGPFgbvj
+h8s0uKZ3+KxlySpIJX9RU/LJQUfrdCAGkdIuPEi4graL8Z9pjyORqppYNCI+u+VG
+m76zMJq9vxBcn6v3/DpVCFL7gokwD0GgMtWtTeXiP1Yn92dsn3DPVNI/ieE1ogJs
+8WVWmTNBm0UuN0GiUWqQUXv3cqFpNArL/BObHJGWyHObUz3FgDpkP4crmhrFN2Ao
+cT34tYaN9SGfoYA+MI2DqKQ0M8aGBvbL5CVGqJqWiVB71jG+JsdS0Q+7K5JQ5d/O
+xiynUVJ8FhZBQshqPXAkPD8lOeFQ2QZp53RUSlI3d04Cy8FAZr3HzqEZ
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked2.example.net
+ localKeyID: 60 8E D5 FB A7 97 B2 E8 F9 84 11 4F 91 1D 3C 91 B8 19 E8 97
+subject=/CN=revoked2.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDRaFw0zODAxMDExMjM0MDRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMj2mEnZY8N38XJ5ZLTymH2J
+hBNiubBU4ddvVQ0y48E/b5fbYwJI458bKgyNhqQtO/MG15oIndFpbazcp1p8++8C
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt
+cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAD46Iw05ofRAaw9+yeTDPIydjl1Pkb1/
+ma4/qSK7p8BU/pMN3SH4qxKW7z6nNregMW48d5KcSxUPBmWmDCM8u70=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAMj2mEnZY8N38XJ5ZLTymH2JhBNiubBU4ddvVQ0y48E/b5fbYwJI
+458bKgyNhqQtO/MG15oIndFpbazcp1p8++8CAwEAAQJAdkDE9A+7qLXXmejc3a0z
+FgvpcA7T/XK1QjP89DtR0dAbM0tLdWyhshLNcNSW6urwYKkPmw7jPmW1wC14/Ob3
+IQIhAOg4d+nA1BNR2+L2dDJhdTPWzVWERwsMaBVMsKYg8TbjAiEA3Yq7xYMK0aNU
+XTvzTnmr+y51Ce5BQK9U2q/B1kyIKIUCIDQZ902K5govo5YYlZl4JEOtPgSh2Q6x
+iei9fCTJ31ThAiEAg28IQYCiDYeJyJqFmZwjxSxlsVORkO+0Nt2o8RuMeAUCIQCj
+IPd5zjwu8dkolqvof1uMm3An3YhSLWSlJK1BSAk2Yw==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.net/CN=clica Signing Cert
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.net/CN=clica CA
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje
+SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2
+iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: server1.example.net
+ localKeyID: 4C 81 72 95 D9 D6 9C FD 7A B1 C0 66 9F 85 A7 01 93 A4 6E D7
+subject=/CN=server1.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm5ldDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCtN2Y0S4oROnlfkTeUH2ULUVs
+RShAIKdxlXRo+F09rEBzNKKNC4ZWIr+pc8U+iQzGGTiiCTfeq9bI0Uef1493AgMB
+AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu
+bmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw
+Oi8vb3NjcC9leGFtcGxlLm5ldC8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl
+Lm5ldDANBgkqhkiG9w0BAQUFAANBAEMi4SnbMDOvnQk2UkvvNVGyBEXNsuskNzo9
+5wAY6x0bUZ6XWZ8+kM60gbmOqwfPA6pw/w7ui3XJ1Ac3BAUverQ=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server1.example.net
+ localKeyID: 4C 81 72 95 D9 D6 9C FD 7A B1 C0 66 9F 85 A7 01 93 A4 6E D7
+subject=/CN=server1.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm5ldDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCtN2Y0S4oROnlfkTeUH2ULUVs
+RShAIKdxlXRo+F09rEBzNKKNC4ZWIr+pc8U+iQzGGTiiCTfeq9bI0Uef1493AgMB
+AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu
+bmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw
+Oi8vb3NjcC9leGFtcGxlLm5ldC8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl
+Lm5ldDANBgkqhkiG9w0BAQUFAANBAEMi4SnbMDOvnQk2UkvvNVGyBEXNsuskNzo9
+5wAY6x0bUZ6XWZ8+kM60gbmOqwfPA6pw/w7ui3XJ1Ac3BAUverQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY\r
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a\r
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit\r
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server1.example.net
+ localKeyID: 4C 81 72 95 D9 D6 9C FD 7A B1 C0 66 9F 85 A7 01 93 A4 6E D7
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQItqv8KkyfDOECAggA
+MBQGCCqGSIb3DQMHBAi+cLfRJYwdhASCAWDijpItKwM1N1Tk9po65/Et0DLcJt8h
+UNc26UWxg4uGMcbyHJv5+OZDhAjla1GwFLBZDQwCsnvwfjHfpwFpSx4Mxj4SMGrx
+YCwSB8smLl5cZNJpm2N3JVlrX/ZHR1plwtVccOf9Ry7MFoyj9YcXTs9N39zmpYDD
+Oi81eD2CzGEP2NqyycJK3Fu0OMUNT5RYHF7Nja6mGjzyul8rDPHPOcwQ0CCEHUmF
+3FaMqji+aCpJ+BeFwcVYZjiuQx4ajKXnu8g4KEa1S59KgSRiAdL8Ih1dN5qrDJB5
+dDTo37DneR1RkudMs2OcbMnbhyWQZ/AhfUqqFM7NLnDSVwhUtL9kPzjqIA1+l9V6
+27ANditdhs3fS6026sC3MMJRrPXmZGU3GuItxi1hU/CjiCb54VsK8MEhWpzU6QiS
++UXkPYKauZKsGtfn0sI8ZUCEyo2vF79KAIGK6DYQ6dIOmjvKqz2xgng/
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: server1.example.net
+ localKeyID: 4C 81 72 95 D9 D6 9C FD 7A B1 C0 66 9F 85 A7 01 93 A4 6E D7
+subject=/CN=server1.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm5ldDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCtN2Y0S4oROnlfkTeUH2ULUVs
+RShAIKdxlXRo+F09rEBzNKKNC4ZWIr+pc8U+iQzGGTiiCTfeq9bI0Uef1493AgMB
+AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu
+bmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw
+Oi8vb3NjcC9leGFtcGxlLm5ldC8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl
+Lm5ldDANBgkqhkiG9w0BAQUFAANBAEMi4SnbMDOvnQk2UkvvNVGyBEXNsuskNzo9
+5wAY6x0bUZ6XWZ8+kM60gbmOqwfPA6pw/w7ui3XJ1Ac3BAUverQ=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAMK03ZjRLihE6eV+RN5QfZQtRWxFKEAgp3GVdGj4XT2sQHM0oo0L
+hlYiv6lzxT6JDMYZOKIJN96r1sjRR5/Xj3cCAwEAAQJAYR333g6QeFOPWwH1dfIu
+ASfnlc6U+g+PlY8XhnhDgcu2le3IQuOaI0sw/X0vZdhEKJpDHJ1hKGxIQpOB2R/P
+EQIhAPUMh9+sUsZSnNbhEggO8h6F4TeLoAVJNzUtW5UvmBgvAiEAy2hlFkLXlP0t
+VYwmNqyCs8Jhf0SIrnhPw3ynJhxgYzkCIQDlHd48yAZs3/k9ABu35SGEYHD/WlE4
+IAi6c7pZdrKiiQIgEH48hBuTY29L973Pc2t1haHjSfCCrLLwtMcsvnhakHECIEuy
+0/MQz7IYZNJ7g36j3jjv8vFkAdDCGyKzuMGLoq9p
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.net/CN=clica Signing Cert
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.net/CN=clica CA
+issuer=/O=example.net/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw
+MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje
+SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2
+iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: server2.example.net
+ localKeyID: E6 14 E8 D3 C2 D6 33 C5 46 4A 62 47 B7 C2 BA D6 3B 26 F2 56
+subject=/CN=server2.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDRaFw0zODAxMDExMjM0MDRaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAoXux6WdUK5xq7w+eMCFo2iEE
+GCUYpmqc4H6AmgxmglEfrndnKMv/fLRJpMUMe65a2fIPdMaZO6uX/fBDYSeUjwID
+AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5uZXQvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs
+ZS5uZXQwDQYJKoZIhvcNAQEFBQADQQBhKq+CoKmxvdEJ4+AlNsJGpByKiwsDo0Cz
+mtgyGnn4a+3kkKYb2/KWosrBBLIzZbuzQ6sAjDKKioKJy7+ENuki
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server2.example.net
+ localKeyID: E6 14 E8 D3 C2 D6 33 C5 46 4A 62 47 B7 C2 BA D6 3B 26 F2 56
+subject=/CN=server2.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDRaFw0zODAxMDExMjM0MDRaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAoXux6WdUK5xq7w+eMCFo2iEE
+GCUYpmqc4H6AmgxmglEfrndnKMv/fLRJpMUMe65a2fIPdMaZO6uX/fBDYSeUjwID
+AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5uZXQvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs
+ZS5uZXQwDQYJKoZIhvcNAQEFBQADQQBhKq+CoKmxvdEJ4+AlNsJGpByKiwsDo0Cz
+mtgyGnn4a+3kkKYb2/KWosrBBLIzZbuzQ6sAjDKKioKJy7+ENuki
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw\r
+MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY\r
+392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a\r
+d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit\r
+Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server2.example.net
+ localKeyID: E6 14 E8 D3 C2 D6 33 C5 46 4A 62 47 B7 C2 BA D6 3B 26 F2 56
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQId2/8mqWfInACAggA
+MBQGCCqGSIb3DQMHBAgvDNlX6TpnZQSCAWD27NSWhbC88NONthVEEIHARSoUieXl
+Hsker9qC52voq+kSQf4sFmifD9SgestoXFoxBOWi4mnO2uwUqu/yC3Igrr0DE0VH
+zXapBoEbd7Yr4y5BN7M5+oQPGjxCUocP3Bp9dxvo5T3lFLtmaBvdBucVHvn6UqzX
+uUZw3O1LdoMm6PqZXBh8vzhapYq5I5oMOhWJsJrauSfXaBJObeo3MgFF6WfUQlnI
+fR/O7uJ00t+ArvdkQVIDT70FWWAFvt9DDtVIUcva8BfiGEjPjqso0tElTzPRqRrs
+WmS1jn1Lf/EVaVSOIIecjHodxeA7R/vMlG+5U/PcgfeYMEFyn0Aj/tUvdR6tTAUy
+1K5zFEGG5YCY2e0HmVyc/qvOoSPwi7f8eJEziTuv2nXlPrjd74OcGn1ffXyMeDZ6
+gDAQB9pe/7m9OZ9MAxuak4DEyFMdNJTFJ3il0ILAi8R2GOGA+TVSrGAT
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: server2.example.net
+ localKeyID: E6 14 E8 D3 C2 D6 33 C5 46 4A 62 47 B7 C2 BA D6 3B 26 F2 56
+subject=/CN=server2.example.net
+issuer=/O=example.net/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDRaFw0zODAxMDExMjM0MDRaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAoXux6WdUK5xq7w+eMCFo2iEE
+GCUYpmqc4H6AmgxmglEfrndnKMv/fLRJpMUMe65a2fIPdMaZO6uX/fBDYSeUjwID
+AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5uZXQvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs
+ZS5uZXQwDQYJKoZIhvcNAQEFBQADQQBhKq+CoKmxvdEJ4+AlNsJGpByKiwsDo0Cz
+mtgyGnn4a+3kkKYb2/KWosrBBLIzZbuzQ6sAjDKKioKJy7+ENuki
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAKF7selnVCucau8PnjAhaNohBBglGKZqnOB+gJoMZoJRH653ZyjL
+/3y0SaTFDHuuWtnyD3TGmTurl/3wQ2EnlI8CAwEAAQJAGXXkRjWperrNzWV7/oC2
+BHZiK+Blc4+prmejpSZBX1hk5XFL8vMx3H1yYnYj3LLr2MzuZ7W410GXBvZkfOy5
+uQIhANSjR5qV2dgzdI7nTjPXZOVPHfh9S4RbgCa8nbm+Yg59AiEAwmnlkEP8BMHx
+8GeuItJyuIQYXU/TRFIAB5N9nDWO4PsCIFvZj/OJaUlHqMCVz6T7FL0suMB+tuEc
+eTXCYcs7HrYtAiEAi4ivv+xbbBq7B72SSOHcfrwoNIi/bBCifs2H4N67zpMCIBpU
+fl/bfvpZ2FtBsZ1yMTgTXzaZyOllhYkaZO3bvQYU
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O\r
+x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID\r
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq\r
+hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl\r
+LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE\r
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo\r
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X\r
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp\r
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O\r
+x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID\r
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq\r
+hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl\r
+LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: OCSP Signer
+ localKeyID: 89 7C 3C C4 3E 60 FD AA 47 69 0A 11 1B 17 C9 BD 6B D2 DA 1E
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAl1EzD7A3887Wit6D
+uE5WOuTdCD4RVQFBa85RFHZd/Q3Yiw5SXh7gQaykL/4mrFHzgbKNgj6WmjBp4tNI
+FQYqJQIDAQABAkBNigd/X46cef5IdRPMayAW19ZH9f5Nr/IFO1kjAjDRjfASDkBN
+V/rMV+78Rh5fOAj1S74VILvKTaaLWhvkDOF1AiEAxxhzyV1rOrdo/tp7W6uD5m0g
+OTxUZYn/6Ec/Kkb6SjsCIQDCkN8rSD+IkhJ3zQOvCi2Onxjon5mE4mkbhZLq84W3
+HwIhAJbbRlCbwnY5JwuEjNgG++iLY1E7D0/o4skjww7LvTalAiBCCbH1mtwVmp6y
+Et/BNY8o7U8jBaixtbc/JCMto+IquQIhAI6flaLC9nQbBh6BX6GVeGu3XS9M/jFe
+EK9fMWn71opJ
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBgDCCASqgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt\r
+cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy\r
+MzQwMloXDTM4MDEwMTEyMzQwMlowMjEUMBIGA1UEChMLZXhhbXBsZS5vcmcxGjAY\r
+BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB\r
+AJdRMw+wN/PO1oreg7hOVjrk3Qg+EVUBQWvOURR2Xf0N2IsOUl4e4EGspC/+JqxR\r
+84GyjYI+lpowaeLTSBUGKiUCAwEAAaMqMCgwDgYDVR0PAQH/BAQDAgeAMBYGA1Ud\r
+JQEB/wQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA0EAZe2NAm2FGEJuLkyZ\r
+AiGPi2pdu5ngE+vQhyTFR3EJ4L6HDkNGE5Mv7lrsSSWU47N3R+Oo+glEau6SyTb1\r
+zMIYxQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE\r
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo\r
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X\r
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
--- /dev/null
+; Config::Simple 4.59
+; Thu Nov 1 12:34:02 2012
+
+[CLICA]
+crl_url=http://crl.example.org/latest.crl
+crl_signer=Signing Cert
+level=1
+signer=Signing Cert
+ocsp_signer=OCSP Signer
+ocsp_url=http://oscp/example.org/
+
+[CA]
+org=example.org
+subject=clica CA
+name=Certificate Authority
+bits=512
+
+
--- /dev/null
+update=20130127152434Z
--- /dev/null
+-----BEGIN X509 CRL-----
+MIGsMFgCAQEwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5vcmcx
+GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxMzAxMjcxNTI0MzRaMA0G
+CSqGSIb3DQEBBQUAA0EAL3N9NbP2jClLBlaFsAFB959JN6Hm7B6H5uYdGo55Rvt6
+1BZvz36DEQemcEmzrelVOR+bCBTTBkH8SC6jv9dsAQ==
+-----END X509 CRL-----
--- /dev/null
+update=20130127152437Z
+addcert 102 20130127152437Z
+addcert 202 20130127152437Z
--- /dev/null
+-----BEGIN X509 CRL-----
+MIHcMIGHAgEBMA0GCSqGSIb3DQEBBQUAMDMxFDASBgNVBAoTC2V4YW1wbGUub3Jn
+MRswGQYDVQQDExJjbGljYSBTaWduaW5nIENlcnQYDzIwMTMwMTI3MTUyNDM3WjAt
+MBQCAWYYDzIwMTMwMTI3MTUyNDM3WjAVAgIAyhgPMjAxMzAxMjcxNTI0MzdaMA0G
+CSqGSIb3DQEBBQUAA0EAVWskomLMAt1QAPrpuIC7WsNrAmPRG1XL+Ggm8d4rESya
+WGQxA0p4ZM6THLfJ3ZWAxlMHEGVkqAUQpUnZhNHmEQ==
+-----END X509 CRL-----
--- /dev/null
+R 130110200751Z 100201142709Z,superseded 65 unknown CN=server1.example.org
+R 130110200751Z 100201142709Z,superseded 66 unknown CN=revoked1.example.org
+R 130110200751Z 100201142709Z,superseded 67 unknown CN=expired1.example.org
+R 130110200751Z 100201142709Z,superseded c9 unknown CN=server2.example.org
+R 130110200751Z 100201142709Z,superseded ca unknown CN=revoked2.example.org
+R 130110200751Z 100201142709Z,superseded cb unknown CN=expired2.example.org
--- /dev/null
+V 130110200751Z 65 unknown CN=server1.example.org
+V 130110200751Z 66 unknown CN=revoked1.example.org
+V 130110200751Z 67 unknown CN=expired1.example.org
+V 130110200751Z c9 unknown CN=server2.example.org
+V 130110200751Z ca unknown CN=revoked2.example.org
+V 130110200751Z cb unknown CN=expired2.example.org
--- /dev/null
+processor : 0
+vendor_id : GenuineIntel
+cpu family : 6
+model : 26
+model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz
+stepping : 5
+cpu MHz : 2260.628
+cache size : 8192 KB
+fpu : yes
+fpu_exception : yes
+cpuid level : 11
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts
+bogomips : 4521.25
+clflush size : 64
+cache_alignment : 64
+address sizes : 40 bits physical, 48 bits virtual
+power management:
+
+processor : 1
+vendor_id : GenuineIntel
+cpu family : 6
+model : 26
+model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz
+stepping : 5
+cpu MHz : 2260.628
+cache size : 8192 KB
+fpu : yes
+fpu_exception : yes
+cpuid level : 11
+wp : yes
+flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts
+bogomips : 4521.25
+clflush size : 64
+cache_alignment : 64
+address sizes : 40 bits physical, 48 bits virtual
+power management:
+
+ CPU0 CPU1
+ 0: 2481 0 IO-APIC-edge timer
+ 1: 21441 346 IO-APIC-edge i8042
+ 3: 1 0 IO-APIC-edge
+ 4: 1 0 IO-APIC-edge
+ 7: 0 0 IO-APIC-edge parport0
+ 8: 1 0 IO-APIC-edge rtc0
+ 9: 0 0 IO-APIC-fasteoi acpi
+ 12: 78986 1718 IO-APIC-edge i8042
+ 14: 0 0 IO-APIC-edge ata_piix
+ 15: 2423330 1435 IO-APIC-edge ata_piix
+ 16: 1025 0 IO-APIC-fasteoi Ensoniq AudioPCI
+ 17: 239850 2559 IO-APIC-fasteoi ehci_hcd:usb1, ioc0
+ 18: 246 0 IO-APIC-fasteoi uhci_hcd:usb2
+ 19: 1868741 51479 IO-APIC-fasteoi eth0
+ 24: 0 0 PCI-MSI-edge pciehp
+ 25: 0 0 PCI-MSI-edge pciehp
+ 26: 0 0 PCI-MSI-edge pciehp
+ 27: 0 0 PCI-MSI-edge pciehp
+ 28: 0 0 PCI-MSI-edge pciehp
+ 29: 0 0 PCI-MSI-edge pciehp
+ 30: 0 0 PCI-MSI-edge pciehp
+ 31: 0 0 PCI-MSI-edge pciehp
+ 32: 0 0 PCI-MSI-edge pciehp
+ 33: 0 0 PCI-MSI-edge pciehp
+ 34: 0 0 PCI-MSI-edge pciehp
+ 35: 0 0 PCI-MSI-edge pciehp
+ 36: 0 0 PCI-MSI-edge pciehp
+ 37: 0 0 PCI-MSI-edge pciehp
+ 38: 0 0 PCI-MSI-edge pciehp
+ 39: 0 0 PCI-MSI-edge pciehp
+ 40: 0 0 PCI-MSI-edge pciehp
+ 41: 0 0 PCI-MSI-edge pciehp
+ 42: 0 0 PCI-MSI-edge pciehp
+ 43: 0 0 PCI-MSI-edge pciehp
+ 44: 0 0 PCI-MSI-edge pciehp
+ 45: 0 0 PCI-MSI-edge pciehp
+ 46: 0 0 PCI-MSI-edge pciehp
+ 47: 0 0 PCI-MSI-edge pciehp
+ 48: 0 0 PCI-MSI-edge pciehp
+ 49: 0 0 PCI-MSI-edge pciehp
+ 50: 0 0 PCI-MSI-edge pciehp
+ 51: 0 0 PCI-MSI-edge pciehp
+ 52: 0 0 PCI-MSI-edge pciehp
+ 53: 0 0 PCI-MSI-edge pciehp
+ 54: 0 0 PCI-MSI-edge pciehp
+ 55: 0 0 PCI-MSI-edge pciehp
+ 56: 1 0 PCI-MSI-edge vmci
+ 57: 0 0 PCI-MSI-edge vmci
+NMI: 0 0 Non-maskable interrupts
+LOC: 12398298 14241637 Local timer interrupts
+SPU: 0 0 Spurious interrupts
+PMI: 0 0 Performance monitoring interrupts
+IWI: 0 0 IRQ work interrupts
+RES: 282673 309097 Rescheduling interrupts
+CAL: 1955 163548 Function call interrupts
+TLB: 17977 15562 TLB shootdowns
+TRM: 0 0 Thermal event interrupts
+THR: 0 0 Threshold APIC interrupts
+MCE: 0 0 Machine check exceptions
+MCP: 2310 2310 Machine check polls
+ERR: 0
+MIS: 0
+MemTotal: 1914844 kB
+MemFree: 134216 kB
+Buffers: 142048 kB
+Cached: 952796 kB
+SwapCached: 108 kB
+Active: 981384 kB
+Inactive: 540556 kB
+Active(anon): 287092 kB
+Inactive(anon): 143480 kB
+Active(file): 694292 kB
+Inactive(file): 397076 kB
+Unevictable: 0 kB
+Mlocked: 0 kB
+SwapTotal: 4194296 kB
+SwapFree: 4193560 kB
+Dirty: 1732 kB
+Writeback: 0 kB
+AnonPages: 427116 kB
+Mapped: 70924 kB
+Shmem: 3400 kB
+Slab: 190944 kB
+SReclaimable: 125404 kB
+SUnreclaim: 65540 kB
+KernelStack: 2312 kB
+PageTables: 23536 kB
+NFS_Unstable: 0 kB
+Bounce: 0 kB
+WritebackTmp: 0 kB
+CommitLimit: 5151716 kB
+Committed_AS: 973184 kB
+VmallocTotal: 34359738367 kB
+VmallocUsed: 280772 kB
+VmallocChunk: 34359441168 kB
+HardwareCorrupted: 0 kB
+AnonHugePages: 249856 kB
+HugePages_Total: 0
+HugePages_Free: 0
+HugePages_Rsvd: 0
+HugePages_Surp: 0
+Hugepagesize: 2048 kB
+DirectMap4k: 8192 kB
+DirectMap2M: 2088960 kB
+slabinfo - version: 2.1
+# name <active_objs> <num_objs> <objsize> <objperslab> <pagesperslab> : tunables <limit> <batchcount> <sharedfactor> : slabdata <active_slabs> <num_slabs> <sharedavail>
+bridge_fdb_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+fuse_request 0 0 632 6 1 : tunables 54 27 8 : slabdata 0 0 0
+fuse_inode 0 0 768 5 1 : tunables 54 27 8 : slabdata 0 0 0
+rpc_buffers 8 8 2048 2 1 : tunables 24 12 8 : slabdata 4 4 0
+rpc_tasks 8 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+rpc_inode_cache 8 8 832 4 1 : tunables 54 27 8 : slabdata 2 2 0
+hgfsInodeCache 1 6 640 6 1 : tunables 54 27 8 : slabdata 1 1 0
+AF_VMCI 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+nf_conntrack_expect 0 0 240 16 1 : tunables 120 60 8 : slabdata 0 0 0
+nf_conntrack_ffffffff8200cec0 22 26 304 13 1 : tunables 54 27 8 : slabdata 2 2 0
+fib6_nodes 22 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0
+ip6_dst_cache 13 30 384 10 1 : tunables 54 27 8 : slabdata 3 3 0
+ndisc_cache 1 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+ip6_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+RAWv6 67 68 1024 4 1 : tunables 54 27 8 : slabdata 17 17 0
+UDPLITEv6 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+UDPv6 4 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0
+tw_sock_TCPv6 0 0 320 12 1 : tunables 54 27 8 : slabdata 0 0 0
+request_sock_TCPv6 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+TCPv6 9 10 1856 2 1 : tunables 24 12 8 : slabdata 5 5 0
+jbd2_1k 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+avtab_node 502203 502416 24 144 1 : tunables 120 60 8 : slabdata 3489 3489 0
+ext4_inode_cache 74816 74820 1024 4 1 : tunables 54 27 8 : slabdata 18705 18705 0
+ext4_xattr 9 44 88 44 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_free_block_extents 32 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_alloc_context 28 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_prealloc_space 18 37 104 37 1 : tunables 120 60 8 : slabdata 1 1 0
+ext4_system_zone 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0
+jbd2_journal_handle 32 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0
+jbd2_journal_head 74 102 112 34 1 : tunables 120 60 8 : slabdata 3 3 0
+jbd2_revoke_table 4 202 16 202 1 : tunables 120 60 8 : slabdata 1 1 0
+jbd2_revoke_record 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+dm_crypt_io 50 50 152 25 1 : tunables 120 60 8 : slabdata 2 2 0
+sd_ext_cdb 2 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0
+scsi_sense_cache 25 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0
+scsi_cmd_cache 28 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0
+dm_raid1_read_record 0 0 1064 7 2 : tunables 24 12 8 : slabdata 0 0 0
+kcopyd_job 0 0 3240 2 2 : tunables 24 12 8 : slabdata 0 0 0
+io 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+dm_uevent 0 0 2608 3 2 : tunables 24 12 8 : slabdata 0 0 0
+dm_rq_clone_bio_info 0 0 16 202 1 : tunables 120 60 8 : slabdata 0 0 0
+dm_rq_target_io 0 0 392 10 1 : tunables 54 27 8 : slabdata 0 0 0
+dm_target_io 844 864 24 144 1 : tunables 120 60 8 : slabdata 6 6 0
+dm_io 828 828 40 92 1 : tunables 120 60 8 : slabdata 9 9 0
+flow_cache 0 0 96 40 1 : tunables 120 60 8 : slabdata 0 0 0
+uhci_urb_priv 6 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0
+cfq_io_context 4 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0
+cfq_queue 5 16 240 16 1 : tunables 120 60 8 : slabdata 1 1 0
+bsg_cmd 0 0 312 12 1 : tunables 54 27 8 : slabdata 0 0 0
+mqueue_inode_cache 1 4 896 4 1 : tunables 54 27 8 : slabdata 1 1 0
+isofs_inode_cache 0 0 640 6 1 : tunables 54 27 8 : slabdata 0 0 0
+hugetlbfs_inode_cache 1 6 608 6 1 : tunables 54 27 8 : slabdata 1 1 0
+dquot 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+kioctx 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0
+kiocb 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+inotify_event_private_data 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+inotify_inode_mark_entry 186 204 112 34 1 : tunables 120 60 8 : slabdata 6 6 0
+dnotify_mark_entry 1 34 112 34 1 : tunables 120 60 8 : slabdata 1 1 0
+dnotify_struct 1 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0
+fasync_cache 6 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0
+khugepaged_mm_slot 83 92 40 92 1 : tunables 120 60 8 : slabdata 1 1 0
+ksm_mm_slot 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+ksm_stable_node 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0
+ksm_rmap_item 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+utrace_engine 0 0 56 67 1 : tunables 120 60 8 : slabdata 0 0 0
+utrace 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+pid_namespace 0 0 2120 3 2 : tunables 24 12 8 : slabdata 0 0 0
+nsproxy 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+posix_timers_cache 0 0 176 22 1 : tunables 120 60 8 : slabdata 0 0 0
+uid_cache 10 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0
+UNIX 459 480 768 5 1 : tunables 54 27 8 : slabdata 96 96 0
+ip_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+UDP-Lite 0 0 832 9 2 : tunables 54 27 8 : slabdata 0 0 0
+tcp_bind_bucket 15 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0
+inet_peer_cache 4 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0
+secpath_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+xfrm_dst_cache 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0
+ip_fib_alias 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+ip_fib_hash 10 106 72 53 1 : tunables 120 60 8 : slabdata 2 2 0
+ip_dst_cache 29 50 384 10 1 : tunables 54 27 8 : slabdata 5 5 0
+arp_cache 4 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+RAW 65 72 832 9 2 : tunables 54 27 8 : slabdata 8 8 0
+UDP 6 18 832 9 2 : tunables 54 27 8 : slabdata 2 2 0
+tw_sock_TCP 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+request_sock_TCP 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+TCP 20 24 1664 4 2 : tunables 24 12 8 : slabdata 6 6 0
+eventpoll_pwq 126 212 72 53 1 : tunables 120 60 8 : slabdata 4 4 0
+eventpoll_epi 126 180 128 30 1 : tunables 120 60 8 : slabdata 6 6 0
+sgpool-128 2 2 4096 1 1 : tunables 24 12 8 : slabdata 2 2 0
+sgpool-64 2 2 2048 2 1 : tunables 24 12 8 : slabdata 1 1 0
+sgpool-32 2 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0
+sgpool-16 2 8 512 8 1 : tunables 54 27 8 : slabdata 1 1 0
+sgpool-8 15 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0
+scsi_data_buffer 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0
+blkdev_integrity 0 0 112 34 1 : tunables 120 60 8 : slabdata 0 0 0
+blkdev_queue 29 30 2856 2 2 : tunables 24 12 8 : slabdata 15 15 0
+blkdev_requests 42 66 352 11 1 : tunables 54 27 8 : slabdata 5 6 0
+blkdev_ioc 5 48 80 48 1 : tunables 120 60 8 : slabdata 1 1 0
+fsnotify_event_holder 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0
+fsnotify_event 0 0 104 37 1 : tunables 120 60 8 : slabdata 0 0 0
+bio-0 180 180 192 20 1 : tunables 120 60 8 : slabdata 9 9 0
+biovec-256 66 66 4096 1 1 : tunables 24 12 8 : slabdata 66 66 0
+biovec-128 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0
+biovec-64 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+biovec-16 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+bip-256 2 2 4224 1 2 : tunables 8 4 0 : slabdata 2 2 0
+bip-128 0 0 2176 3 2 : tunables 24 12 8 : slabdata 0 0 0
+bip-64 0 0 1152 7 2 : tunables 24 12 8 : slabdata 0 0 0
+bip-16 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0
+bip-4 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+bip-1 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+sock_inode_cache 667 685 704 5 1 : tunables 54 27 8 : slabdata 137 137 0
+skbuff_fclone_cache 35 35 512 7 1 : tunables 54 27 8 : slabdata 5 5 0
+skbuff_head_cache 302 450 256 15 1 : tunables 120 60 8 : slabdata 30 30 0
+file_lock_cache 38 44 176 22 1 : tunables 120 60 8 : slabdata 2 2 0
+net_namespace 0 0 2112 3 2 : tunables 24 12 8 : slabdata 0 0 0
+shmem_inode_cache 774 775 800 5 1 : tunables 54 27 8 : slabdata 155 155 0
+Acpi-Operand 4563 4664 72 53 1 : tunables 120 60 8 : slabdata 88 88 0
+Acpi-ParseExt 0 0 72 53 1 : tunables 120 60 8 : slabdata 0 0 0
+Acpi-Parse 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+Acpi-State 0 0 80 48 1 : tunables 120 60 8 : slabdata 0 0 0
+Acpi-Namespace 3311 3312 40 92 1 : tunables 120 60 8 : slabdata 36 36 0
+task_delay_info 332 340 112 34 1 : tunables 120 60 8 : slabdata 10 10 0
+taskstats 5 12 328 12 1 : tunables 54 27 8 : slabdata 1 1 0
+proc_inode_cache 1008 1008 640 6 1 : tunables 54 27 8 : slabdata 168 168 0
+sigqueue 35 48 160 24 1 : tunables 120 60 8 : slabdata 2 2 0
+bdev_cache 32 36 832 4 1 : tunables 54 27 8 : slabdata 9 9 0
+sysfs_dir_cache 11356 11367 144 27 1 : tunables 120 60 8 : slabdata 421 421 0
+mnt_cache 37 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0
+filp 4614 4700 192 20 1 : tunables 120 60 8 : slabdata 235 235 0
+inode_cache 6883 7308 592 6 1 : tunables 54 27 8 : slabdata 1218 1218 0
+dentry 61120 63960 192 20 1 : tunables 120 60 8 : slabdata 3198 3198 0
+names_cache 26 26 4096 1 1 : tunables 24 12 8 : slabdata 26 26 0
+avc_node 518 1239 64 59 1 : tunables 120 60 8 : slabdata 21 21 0
+selinux_inode_security 84146 86072 72 53 1 : tunables 120 60 8 : slabdata 1624 1624 0
+radix_tree_node 11579 11781 560 7 1 : tunables 54 27 8 : slabdata 1683 1683 0
+key_jar 11 20 192 20 1 : tunables 120 60 8 : slabdata 1 1 0
+buffer_head 221286 230214 104 37 1 : tunables 120 60 8 : slabdata 6222 6222 0
+vm_area_struct 12992 13034 200 19 1 : tunables 120 60 8 : slabdata 686 686 60
+mm_struct 145 145 1408 5 2 : tunables 24 12 8 : slabdata 29 29 0
+fs_cache 177 177 64 59 1 : tunables 120 60 8 : slabdata 3 3 0
+files_cache 162 165 704 11 2 : tunables 54 27 8 : slabdata 15 15 0
+signal_cache 208 208 1024 4 1 : tunables 54 27 8 : slabdata 52 52 0
+sighand_cache 198 198 2112 3 2 : tunables 24 12 8 : slabdata 66 66 0
+task_xstate 232 232 512 8 1 : tunables 54 27 8 : slabdata 29 29 0
+task_struct 303 303 2656 3 2 : tunables 24 12 8 : slabdata 101 101 0
+cred_jar 580 580 192 20 1 : tunables 120 60 8 : slabdata 29 29 0
+anon_vma_chain 7904 8162 48 77 1 : tunables 120 60 8 : slabdata 106 106 60
+anon_vma 5773 5888 40 92 1 : tunables 120 60 8 : slabdata 64 64 0
+pid 322 330 128 30 1 : tunables 120 60 8 : slabdata 11 11 0
+shared_policy_node 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0
+numa_policy 1 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0
+idr_layer_cache 428 434 544 7 1 : tunables 54 27 8 : slabdata 62 62 0
+size-4194304(DMA) 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0
+size-4194304 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0
+size-2097152(DMA) 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0
+size-2097152 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0
+size-1048576(DMA) 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0
+size-1048576 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0
+size-524288(DMA) 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0
+size-524288 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0
+size-262144(DMA) 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0
+size-262144 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0
+size-131072(DMA) 0 0 131072 1 32 : tunables 8 4 0 : slabdata 0 0 0
+size-131072 1 1 131072 1 32 : tunables 8 4 0 : slabdata 1 1 0
+size-65536(DMA) 0 0 65536 1 16 : tunables 8 4 0 : slabdata 0 0 0
+size-65536 2 2 65536 1 16 : tunables 8 4 0 : slabdata 2 2 0
+size-32768(DMA) 0 0 32768 1 8 : tunables 8 4 0 : slabdata 0 0 0
+size-32768 3 3 32768 1 8 : tunables 8 4 0 : slabdata 3 3 0
+size-16384(DMA) 0 0 16384 1 4 : tunables 8 4 0 : slabdata 0 0 0
+size-16384 12 12 16384 1 4 : tunables 8 4 0 : slabdata 12 12 0
+size-8192(DMA) 0 0 8192 1 2 : tunables 8 4 0 : slabdata 0 0 0
+size-8192 27 27 8192 1 2 : tunables 8 4 0 : slabdata 27 27 0
+size-4096(DMA) 0 0 4096 1 1 : tunables 24 12 8 : slabdata 0 0 0
+size-4096 425 425 4096 1 1 : tunables 24 12 8 : slabdata 425 425 0
+size-2048(DMA) 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0
+size-2048 578 578 2048 2 1 : tunables 24 12 8 : slabdata 289 289 0
+size-1024(DMA) 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0
+size-1024 1332 1332 1024 4 1 : tunables 54 27 8 : slabdata 333 333 0
+size-512(DMA) 0 0 512 8 1 : tunables 54 27 8 : slabdata 0 0 0
+size-512 1123 1176 512 8 1 : tunables 54 27 8 : slabdata 147 147 0
+size-256(DMA) 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0
+size-256 930 930 256 15 1 : tunables 120 60 8 : slabdata 62 62 0
+size-192(DMA) 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0
+size-192 2119 2160 192 20 1 : tunables 120 60 8 : slabdata 108 108 0
+size-128(DMA) 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0
+size-64(DMA) 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0
+size-64 33063 40887 64 59 1 : tunables 120 60 8 : slabdata 693 693 60
+size-32(DMA) 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0
+size-128 3921 4800 128 30 1 : tunables 120 60 8 : slabdata 160 160 0
+size-32 332419 332976 32 112 1 : tunables 120 60 8 : slabdata 2973 2973 60
+kmem_cache 191 191 32896 1 16 : tunables 8 4 0 : slabdata 191 191 0
+Inter-| Receive | Transmit
+ face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
+ lo:267102759 105357 0 0 0 0 0 0 267102759 105357 0 0 0 0 0 0
+ eth0:1013758516 1354506 0 0 0 0 0 0 245531629 966810 0 0 0 0 0 0
+ pan0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.org/CN=clica Signing Cert
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.org/CN=clica CA
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O
+x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl
+LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: expired1.example.org
+ localKeyID: 0B 77 EA 83 E1 31 8B 71 88 DB 88 4E DE 08 91 19 A5 4A 4D A6
+subject=/CN=expired1.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwM1oXDTEyMTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA4TTv655lwyf5lL4RkuLHqPdg
+mXI36dkjEL/864WoszwLRYYfnlOj4hmKfjq9VoslfDRnOoZSm0NebJJ9Y/ea2wID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w
+bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EABG4yReI+VPyFc3kEejJr31rOi3BpgEfP
+FsN+9WoTa0B+VW125F47/FySYat+M6KBSW8fe6HFexU6FXQF+mCNvQ==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired1.example.org
+ localKeyID: 0B 77 EA 83 E1 31 8B 71 88 DB 88 4E DE 08 91 19 A5 4A 4D A6
+subject=/CN=expired1.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwM1oXDTEyMTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA4TTv655lwyf5lL4RkuLHqPdg
+mXI36dkjEL/864WoszwLRYYfnlOj4hmKfjq9VoslfDRnOoZSm0NebJJ9Y/ea2wID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w
+bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EABG4yReI+VPyFc3kEejJr31rOi3BpgEfP
+FsN+9WoTa0B+VW125F47/FySYat+M6KBSW8fe6HFexU6FXQF+mCNvQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE\r
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo\r
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X\r
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired1.example.org
+ localKeyID: 0B 77 EA 83 E1 31 8B 71 88 DB 88 4E DE 08 91 19 A5 4A 4D A6
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIL+kummor3pQCAggA
+MBQGCCqGSIb3DQMHBAhpvl78t5As+QSCAWBlOt1XpYY+o5G0MSANfiL7BfKlwwYh
+MDpKzsNWfwxrNZNmeT293TKVlXEav4FsEnbU0yVJ0HSLC1peXM32mjdezDdMQAwq
+QPrIRj5r5m4mTTWhUPnDUrzdwrYbD4flg0H6eO7gX1w2gJw8E/LS8nhAy6ZOfEvL
+jlghGljcALDPVDvNEAtcx+Wd4p71vp6wm/3kl3SAl7WXO1HcKwYYIEEL9DFZ/P4n
+kqlgCu3pcgKbH9HHjImOkYRWP2Poy3OLJ7h+i/rIEaxiaJFt/1zTm+DxkkM6nbwR
+2C0VnX6/gSbpz58xBlJUMiZqvh9ciFhuLCYeiJx+HnKKzTEIfnSyKV7Y7GSzqkUE
+kKPVa6NTXq0nlH1fuecTGv3iUE4AXWJPmGNYS0caR8oTFd5pFlOQGazRjLDxTIb/
+N6zXiTCpQt4MWHi71a/GnfUrv0e/Bl24ARJnVWcP4brT8jA/oiPeQGEq
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired1.example.org
+ localKeyID: 0B 77 EA 83 E1 31 8B 71 88 DB 88 4E DE 08 91 19 A5 4A 4D A6
+subject=/CN=expired1.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwM1oXDTEyMTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs
+ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA4TTv655lwyf5lL4RkuLHqPdg
+mXI36dkjEL/864WoszwLRYYfnlOj4hmKfjq9VoslfDRnOoZSm0NebJJ9Y/ea2wID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w
+bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EABG4yReI+VPyFc3kEejJr31rOi3BpgEfP
+FsN+9WoTa0B+VW125F47/FySYat+M6KBSW8fe6HFexU6FXQF+mCNvQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAOE07+ueZcMn+ZS+EZLix6j3YJlyN+nZIxC//OuFqLM8C0WGH55T
+o+IZin46vVaLJXw0ZzqGUptDXmySfWP3mtsCAwEAAQJAbjXB08TIeCDv+uKpJwDk
+RMQK+gzzX/VrO5843umiDVPBs3FoDJJMMI1YIxiqmj61BNvh6YdTeYMbgsqdvUT/
+AQIhAP2hXPtUNCfSMbDZujRe7weCDynq2SdT9v5GwCABKNRLAiEA40+XExCBf3zV
+Eibj6fEWBlJjQPjCEvFLkbeOi44UmbECIF8u9qkvkZ88J//ZxiKvWf80VSKDC1nS
+DgihXqrkJIF/AiAhsUBhUQcA0I38fMs3d8ad9URE8xpBGIbs+FomkU64YQIhALds
+zCAiNfSE9O4vQvnSlbPdKT5KSbux/uGuPIhK+RA0
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.org/CN=clica Signing Cert
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.org/CN=clica CA
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O
+x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl
+LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: expired2.example.org
+ localKeyID: C5 6F 48 06 54 0E B3 BB 1A BF 6D F3 86 B8 E6 D7 37 A4 65 F3
+subject=/CN=expired2.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDNaFw0xMjEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK1KoNb3Cu3dTkQQssg1cXUb
+0Oo/o0v/BCm5A9JjE8eL0K694hJrk2pSmI+nF1ujtC+0Ilylzd2JyXvyu6jZqRUC
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt
+cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAATDk4AOeRU7z4FPpjK6J2BvKeStcuon
+xoli6qipNnf95JXgo4ZOktbGD5eankcp4QRFEUMQ79DJuTCkOl/Zgs4=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired2.example.org
+ localKeyID: C5 6F 48 06 54 0E B3 BB 1A BF 6D F3 86 B8 E6 D7 37 A4 65 F3
+subject=/CN=expired2.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDNaFw0xMjEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK1KoNb3Cu3dTkQQssg1cXUb
+0Oo/o0v/BCm5A9JjE8eL0K694hJrk2pSmI+nF1ujtC+0Ilylzd2JyXvyu6jZqRUC
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt
+cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAATDk4AOeRU7z4FPpjK6J2BvKeStcuon
+xoli6qipNnf95JXgo4ZOktbGD5eankcp4QRFEUMQ79DJuTCkOl/Zgs4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE\r
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo\r
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X\r
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired2.example.org
+ localKeyID: C5 6F 48 06 54 0E B3 BB 1A BF 6D F3 86 B8 E6 D7 37 A4 65 F3
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqYRYZdwd4cwCAggA
+MBQGCCqGSIb3DQMHBAguS/XNjyFFMASCAWBxEYbvvuvMpVOunc6orT3lMpGxNbCV
+kNeLvBHH2LkW1lQfLoo0zgqzyvjF7hTbeNm9NS8dL3ZzMG7Xb3hiR22ypuP7gdaA
+NFxt7XfO7pCLsFScmOthYseIBvuxAGN8Qze2KDrXTVnOyrgPGk2q6XTIblUnGekt
+MuxJAJIIGW0le9Ci23Z+156zv7BAPWiAR7qL4Lm6V3T4ppfSeGkpBhGVpCmdjnT1
+IhR4rcrLjvqE+QhqEY/gA4chFcnkZsmcLNjMAMgHXdsGgpkrv8WrbS4nTsNY71p5
+d+qA6Z6ORVyUOrxzr34NpAM9tpsvHniMEvlJAq5DMz64qnG/iZymTKH8tOhgvD9d
+a7pENj+x1Eo+qb/2g6zut4+O5WnkWfXQXtuh+rnUOB09IteV33o8OYOlLR0eQxqJ
+BOLi5FgNVfoSJuCZrR9oqufOb4ue7x7lmOw0r3EQYUp0weYLvDyh0ih+
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: expired2.example.org
+ localKeyID: C5 6F 48 06 54 0E B3 BB 1A BF 6D F3 86 B8 E6 D7 37 A4 65 F3
+subject=/CN=expired2.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDNaFw0xMjEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w
+bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK1KoNb3Cu3dTkQQssg1cXUb
+0Oo/o0v/BCm5A9JjE8eL0K694hJrk2pSmI+nF1ujtC+0Ilylzd2JyXvyu6jZqRUC
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt
+cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAATDk4AOeRU7z4FPpjK6J2BvKeStcuon
+xoli6qipNnf95JXgo4ZOktbGD5eankcp4QRFEUMQ79DJuTCkOl/Zgs4=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAK1KoNb3Cu3dTkQQssg1cXUb0Oo/o0v/BCm5A9JjE8eL0K694hJr
+k2pSmI+nF1ujtC+0Ilylzd2JyXvyu6jZqRUCAwEAAQJBAIKMYjcPzW/89OVaHxWt
+DVhIKE8Quhiaeaxk8Xgho9kDQXb9VUnY9uY+hQFL8jAlmr1xyqPL1ztA8Rx7b7DH
+toECIQDifcfwxsjaF2XMdkDdEtmoYlEow5sRoGzgNz29EQtUiQIhAMPedhNwRb2J
+0Vc6OgL4DCwu4oyjxcyGU3TywinwhCUtAiAnnYaGR87DzsngfGKWCIEHocK+VZBf
+AedpRGBJHJ0VuQIhALHy6Ylthh7WGBfMcaoC22RE0FR/8hOHskjcyGQ7/IKdAiEA
+lLVprJ0QmF5Z1+6RbIOcWwRWNOHEqAz4xY6HR65E2HE=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.org/CN=clica Signing Cert
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.org/CN=clica CA
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O
+x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl
+LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: revoked1.example.org
+ localKeyID: CB 4F CF EE 43 43 65 BB 23 74 E0 40 65 36 FE 99 31 DF AB A8
+subject=/CN=revoked1.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMloXDTM4MDEwMTEyMzQwMlowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtH5k2k62LbnSi/B5Bgxk+zMn
+GiOYjeojLffbE73oSIws/sAwigOroZRxeDCK1Bvqlt3CsRlh1j7qGHTdf3JPEQID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w
+bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EAh2MZRLrAaQlspQCSvzB8GauDjhyc1ZMz
+/YeE550dEXzC3YtnTK6PKmDfm0xw/eVcSnwlsYUdLFzB5xBGbkxQbg==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked1.example.org
+ localKeyID: CB 4F CF EE 43 43 65 BB 23 74 E0 40 65 36 FE 99 31 DF AB A8
+subject=/CN=revoked1.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMloXDTM4MDEwMTEyMzQwMlowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtH5k2k62LbnSi/B5Bgxk+zMn
+GiOYjeojLffbE73oSIws/sAwigOroZRxeDCK1Bvqlt3CsRlh1j7qGHTdf3JPEQID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w
+bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EAh2MZRLrAaQlspQCSvzB8GauDjhyc1ZMz
+/YeE550dEXzC3YtnTK6PKmDfm0xw/eVcSnwlsYUdLFzB5xBGbkxQbg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE\r
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo\r
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X\r
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked1.example.org
+ localKeyID: CB 4F CF EE 43 43 65 BB 23 74 E0 40 65 36 FE 99 31 DF AB A8
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIYvHqW0ndOlQCAggA
+MBQGCCqGSIb3DQMHBAgXAj3LlhSYaQSCAVhHtecAjwqd7AvQnGWaErxhdo/AMfio
+SWCovkatfN0ExC0Q43QX2P7HKcP6ysQDg+oLHWiIP+2N6lOkQLBxF4KCAfEa9hcR
+GJhbBDLiL5mNgfxdPzM+NUfxGainUfwiGFM5ZZg4vZgvP8hMoVeCRJ+sBP4rHzyw
+0AdAMzAeJym8MVONUMadr/D7ReMGgxQdGGl/GrrmwOAeJNCh8KJVfI7hQZE0Ell7
+XWWZPl1VafuzErUz0Lm4NdbstlfpVE/ZWWuXCxGgJ5cPyMu5oloHPpPm+x0oR4Ik
+NxPkXZ74OZtc58nTgh+SEVe/myWTujMdj9jCxfJknyAlMwZCv/wu/EwcRFopvo16
+zLCsb2x4+sW5Uhduv0mQYEIPBjl+9Eg5eHrX6z+E/AhikE3C7OmQ7MM/8PLPqoUo
+xoXYK2O5seWWA5IjCbm7I9mMQpmZi847H9WpHLEaoh8gew==
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked1.example.org
+ localKeyID: CB 4F CF EE 43 43 65 BB 23 74 E0 40 65 36 FE 99 31 DF AB A8
+subject=/CN=revoked1.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMloXDTM4MDEwMTEyMzQwMlowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs
+ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtH5k2k62LbnSi/B5Bgxk+zMn
+GiOYjeojLffbE73oSIws/sAwigOroZRxeDCK1Bvqlt3CsRlh1j7qGHTdf3JPEQID
+AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w
+bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EAh2MZRLrAaQlspQCSvzB8GauDjhyc1ZMz
+/YeE550dEXzC3YtnTK6PKmDfm0xw/eVcSnwlsYUdLFzB5xBGbkxQbg==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBALR+ZNpOti250ovweQYMZPszJxojmI3qIy332xO96EiMLP7AMIoD
+q6GUcXgwitQb6pbdwrEZYdY+6hh03X9yTxECAwEAAQJADLoAyHfWVqEMnHtnPSrw
+j9nKfwhVgGQq+NnKI7k3QK4rQX1Z+wfSw0rxpE5sFqDUVheeFY/IMolXD32zJwUM
+pQIhAOEb6HbVqVqYr5lgN7CoRSVRXJEm1PvxmI6RKewtAPGTAiEAzUMl+oAfRboT
+tywwc4N8MdvAAapLnP9u7NmhG7fP80sCIHkXgCdcrCs180/4ODzpZ7i5WagjUXLt
+9XjLkdegJd/NAiAweI7bXK4F1S8arkCyxnXpgC8TNZetd1RGcg3tcbaViQIgIDmb
+d9wZOnDeMg3BlC5X+zfOyiGk3+/Jnp7Msya+nfc=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.org/CN=clica Signing Cert
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.org/CN=clica CA
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O
+x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl
+LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: revoked2.example.org
+ localKeyID: B9 99 5C A3 65 F8 67 93 A4 96 45 B2 7C B6 64 28 CB 71 1D 6C
+subject=/CN=revoked2.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDNaFw0zODAxMDExMjM0MDNaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLUlL/Fx0qhl0rhRZ3HTr+d
+wbKi0cDyZa97S5EDr3Dq1qurHmEs92C6P27df1r6ltVT7O1xH1+s40hTL5yzQ3sC
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt
+cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAC0aZSfdH/PlvY+jfQnVAkmmYyawPdSu
+Osv4lwZYhBo2FSJdlufbwo3ElD4JK/BIHHTGiphM9++hpGLWaAcvT4k=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked2.example.org
+ localKeyID: B9 99 5C A3 65 F8 67 93 A4 96 45 B2 7C B6 64 28 CB 71 1D 6C
+subject=/CN=revoked2.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDNaFw0zODAxMDExMjM0MDNaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLUlL/Fx0qhl0rhRZ3HTr+d
+wbKi0cDyZa97S5EDr3Dq1qurHmEs92C6P27df1r6ltVT7O1xH1+s40hTL5yzQ3sC
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt
+cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAC0aZSfdH/PlvY+jfQnVAkmmYyawPdSu
+Osv4lwZYhBo2FSJdlufbwo3ElD4JK/BIHHTGiphM9++hpGLWaAcvT4k=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE\r
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo\r
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X\r
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked2.example.org
+ localKeyID: B9 99 5C A3 65 F8 67 93 A4 96 45 B2 7C B6 64 28 CB 71 1D 6C
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIatK6XJ1l+7MCAggA
+MBQGCCqGSIb3DQMHBAjUZXz3pKENmgSCAWDbQs9Kd21OIstOoQdgYviX33loF2bH
+wpn0IP4P/2dFUmK07M146AEwPgXTI/mCewMgJ/cRQqnFAyoE1hjbZnk3WRi2SRXs
+dmIWAveseDuDsL7og72bHSvHIqsvcYs9SS8KBPCH6wY14a40QO1X26t7S8ZLTspu
+4V/YSNNiug6n8Z3N1Y2tuWPC8CQ9bBtL2jcqZT0WBJ8BXtn69jmVSWNm1DBaByET
+M4dqHGC//hFk1jnKBXaJ/VvBS5E6lOANwfUAr0gQT08NaJ7qJ6WUhpca7Rtky/KQ
+/passZZKeu7/R8VyQLvfk+vH2wW+5EX8+WtutWQJycW57+pnoXORrvIz3lc6B/6+
+Q91EJzABv5n93nynoZgEEr4vKiCCmLGYYJEciqQTERzCDNw3P73R+sd9PiTrku9g
+pKp12ieWWHZjeHcAMUZl8xWSytVT1fkeSPXcA43KoW93s78DegMh/HTr
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: revoked2.example.org
+ localKeyID: B9 99 5C A3 65 F8 67 93 A4 96 45 B2 7C B6 64 28 CB 71 1D 6C
+subject=/CN=revoked2.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDNaFw0zODAxMDExMjM0MDNaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w
+bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLUlL/Fx0qhl0rhRZ3HTr+d
+wbKi0cDyZa97S5EDr3Dq1qurHmEs92C6P27df1r6ltVT7O1xH1+s40hTL5yzQ3sC
+AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH
+AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs
+ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt
+cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAC0aZSfdH/PlvY+jfQnVAkmmYyawPdSu
+Osv4lwZYhBo2FSJdlufbwo3ElD4JK/BIHHTGiphM9++hpGLWaAcvT4k=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBANLUlL/Fx0qhl0rhRZ3HTr+dwbKi0cDyZa97S5EDr3Dq1qurHmEs
+92C6P27df1r6ltVT7O1xH1+s40hTL5yzQ3sCAwEAAQJBALGnYBCY3+4LbCk02iyx
+nbHphSa5/HXRy82q32o66MMEGIfyMaluRfMoQHS9n3yieOn2i41s7+4w52ormZEx
+hEECIQDpSgUGrakvx2mqhAxIkfYTJgS3bMUINlRveYpYNvL65QIhAOda2XxChB3H
+TxTgJURPl1i4LOEm9ecMHlBNhzhadn7fAiEA0pp8BxdnkTaY8dLbs/fxCkBcKasM
+BOnnN+ulNRYGLPECIDrXJFEyKZ/ZPQe2KkRBaeCqlt98pTXqIxuRXD684z5JAiBi
+aAtGEXlUtwnseKyflSrEh0bAwnOsEEA7qEUCl/ExPw==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.org/CN=clica Signing Cert
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.org/CN=clica CA
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O
+x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl
+LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: server1.example.org
+ localKeyID: 5E 7F 83 85 31 F1 CA DC 88 07 2C 58 95 FA 36 16 65 F6 BB 8D
+subject=/CN=server1.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMloXDTM4MDEwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm9yZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFIpfEcK4d3IEq3F7B6AIpepZk
+mKln9pcCm0RbAxm77YlhHucDzyVu9rmW7XSW/c4Dv3clwzHLpaoF2KURKLZ7AgMB
+AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu
+b3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw
+Oi8vb3NjcC9leGFtcGxlLm9yZy8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl
+Lm9yZzANBgkqhkiG9w0BAQUFAANBACfk1MYCSbT2gbaT1Dv9FrMEybkFZtxUfz69
+Gnx/55Wfw936z2en+RImD3qF1qQxUwIMlWGm6SaitfmlQ5qVJ1A=
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server1.example.org
+ localKeyID: 5E 7F 83 85 31 F1 CA DC 88 07 2C 58 95 FA 36 16 65 F6 BB 8D
+subject=/CN=server1.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMloXDTM4MDEwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm9yZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFIpfEcK4d3IEq3F7B6AIpepZk
+mKln9pcCm0RbAxm77YlhHucDzyVu9rmW7XSW/c4Dv3clwzHLpaoF2KURKLZ7AgMB
+AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu
+b3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw
+Oi8vb3NjcC9leGFtcGxlLm9yZy8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl
+Lm9yZzANBgkqhkiG9w0BAQUFAANBACfk1MYCSbT2gbaT1Dv9FrMEybkFZtxUfz69
+Gnx/55Wfw936z2en+RImD3qF1qQxUwIMlWGm6SaitfmlQ5qVJ1A=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE\r
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo\r
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X\r
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server1.example.org
+ localKeyID: 5E 7F 83 85 31 F1 CA DC 88 07 2C 58 95 FA 36 16 65 F6 BB 8D
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIhfu7ElRn7TUCAggA
+MBQGCCqGSIb3DQMHBAggde7b8jzc2ASCAWCNar4Td+ZM5Elbb16QeDTfzMoKoScb
+jQo/GS7f5h4An9vh/aTaKBoWDQ8gLcvbTUlpGxRznGt9mmOk9AOWsd03rTJ3TUud
++Cm4GfyEslvF8zXSPgJOz4YMiMMNZF3sEGGxs+D6Dav7isMrAIE/Se4Uh3pBY3Fg
+kio9fZfJSWorb3XO6LY9wyg33sz0ZxfhLfhenpeuveQfGuwc9l/DtYuhorqa4xXv
++T5W6HQ7g7nB/GMQF0rkm7BUSqawuLPK7ippBjpNg07iGOYNvQ5GKPahuBTbKyDc
+7LYzGNjZ+mNyL8vDNkwcdnUUqIbYsdMqmEZX+cu2wugXF1GshI9krcDHBXGcZH4G
+sogntcL8qR5KpPfBQCcp9An7TfLJkJtZOH6IYVZVy3/wb+OEou3UNckMe7PF8PWa
+T6/N9/zs49U6RxiYn+Vz/x0hQmRbLvLEsbotT1WStJq8LkcI0Zu9cJab
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: server1.example.org
+ localKeyID: 5E 7F 83 85 31 F1 CA DC 88 07 2C 58 95 FA 36 16 65 F6 BB 8D
+subject=/CN=server1.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy
+MzQwMloXDTM4MDEwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl
+Lm9yZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFIpfEcK4d3IEq3F7B6AIpepZk
+mKln9pcCm0RbAxm77YlhHucDzyVu9rmW7XSW/c4Dv3clwzHLpaoF2KURKLZ7AgMB
+AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu
+b3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw
+Oi8vb3NjcC9leGFtcGxlLm9yZy8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl
+Lm9yZzANBgkqhkiG9w0BAQUFAANBACfk1MYCSbT2gbaT1Dv9FrMEybkFZtxUfz69
+Gnx/55Wfw936z2en+RImD3qF1qQxUwIMlWGm6SaitfmlQ5qVJ1A=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPQIBAAJBAMUil8Rwrh3cgSrcXsHoAil6lmSYqWf2lwKbRFsDGbvtiWEe5wPP
+JW72uZbtdJb9zgO/dyXDMculqgXYpREotnsCAwEAAQJBAKDzsX4NkduHoV5hNmyT
+BNDg6dGQYyAi0QCrzI+SZHxt8ZYksM//or03aXE7xUUAeFmlSQYc9KfhADAB+mL8
+3YECIQDi4Q5nPCDr99odHTguDlTDi9vEEIiY2N7g8jsGAZH6KwIhAN5wME90eCX/
+oIzlAVqCbq9JuO8Zt3lxvqbasOGT3pzxAiEAwXcifhvDAxUGNF9vQa7Mzzca/vUO
+VjBQ1kcY18VNAqMCIQCxMe/aK67WnldYRcmZP1RLANB4cCUPcoPsyUOkvzXUEQIh
+AJEKAaavDZzn70+xnPw/8QPzHExNxIRtYrxBnc0Kv74r
+-----END RSA PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: Signing Cert
+subject=/O=example.org/CN=clica Signing Cert
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: Certificate Authority
+subject=/O=example.org/CN=clica CA
+issuer=/O=example.org/CN=clica CA
+-----BEGIN CERTIFICATE-----
+MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw
+MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp
+Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O
+x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID
+AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl
+LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: server2.example.org
+ localKeyID: 86 3E B2 BF BC 60 4F 3F C4 EA AA FE 97 44 A9 48 6B 4F C1 77
+subject=/CN=server2.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDNaFw0zODAxMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1bNd+LEj7UV8Riahrn/3TL1n
+NwaIvqkqCFscP5ae3dB5rJ8vdfIc0hOzh782zpXxJxYa7S340zjxfgdUzMAeWQID
+AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5vcmcvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs
+ZS5vcmcwDQYJKoZIhvcNAQEFBQADQQBCORy4CO4MMENsEtYwU7xE0Ck5i8VefJ6D
+txODMnRUzsthdbfjgXm3BfVPrhOuT0/bIKfyJtoSdCtN1SRPTJxO
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server2.example.org
+ localKeyID: 86 3E B2 BF BC 60 4F 3F C4 EA AA FE 97 44 A9 48 6B 4F C1 77
+subject=/CN=server2.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDNaFw0zODAxMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1bNd+LEj7UV8Riahrn/3TL1n
+NwaIvqkqCFscP5ae3dB5rJ8vdfIc0hOzh782zpXxJxYa7S340zjxfgdUzMAeWQID
+AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5vcmcvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs
+ZS5vcmcwDQYJKoZIhvcNAQEFBQADQQBCORy4CO4MMENsEtYwU7xE0Ck5i8VefJ6D
+txODMnRUzsthdbfjgXm3BfVPrhOuT0/bIKfyJtoSdCtN1SRPTJxO
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt\r
+cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw\r
+MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp\r
+Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE\r
+zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo\r
+F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB\r
+Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s\r
+YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X\r
+PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw==
+-----END CERTIFICATE-----
--- /dev/null
+Bag Attributes
+ friendlyName: server2.example.org
+ localKeyID: 86 3E B2 BF BC 60 4F 3F C4 EA AA FE 97 44 A9 48 6B 4F C1 77
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIjfdds7UVEY0CAggA
+MBQGCCqGSIb3DQMHBAiY22+2lkjkEASCAWDm5MmTuUgMOkSWscoH1Qn/GVM2sawP
+TsknGm/HMV+bJlpGLCXwBrAKe6RDC+zlEmGVUSWJoxoPz1qQT9fcooyEFSCS8asN
+omSw+8wrxXTSB57b1OqpHoV8VlTT60/sdVV8l9B1Ef/vsdjKB0NDwqUwDVg4Xw32
+wV3Tv8pFRLg3CBCEDeykcJ+FkodSope9UL6E95Ukhae335bTmWsxbrR4IZCUhI2t
+/MOLyPnd6huPGlti2SH8PRRnei6TM/O8mH1uUzdSAqxoDA6wV+P6pIDI8GY1k61q
+53oeq9ocSJOQ+q3kIyBQlGgApME47hog3sVZ/WsU3r071g9VKhzlFUFPOOkbUR9+
+gl7MDV/r/6IjOAHEaLFBQrnRVKbs93sTtf8pNhIHJLJtTWjDV/nBbiHxsNFIWqGU
+ZlH0FU2DENHZqPiLxsfH1J9EmtTiHXgu/naD0m7RbmPm6ffIDPuYPVMw
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+Bag Attributes
+ friendlyName: server2.example.org
+ localKeyID: 86 3E B2 BF BC 60 4F 3F C4 EA AA FE 97 44 A9 48 6B 4F C1 77
+subject=/CN=server2.example.org
+issuer=/O=example.org/CN=clica Signing Cert
+-----BEGIN CERTIFICATE-----
+MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh
+bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx
+MjM0MDNaFw0zODAxMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs
+ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1bNd+LEj7UV8Riahrn/3TL1n
+NwaIvqkqCFscP5ae3dB5rJ8vdfIc0hOzh782zpXxJxYa7S340zjxfgdUzMAeWQID
+AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl
+Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0
+cDovL29zY3AvZXhhbXBsZS5vcmcvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs
+ZS5vcmcwDQYJKoZIhvcNAQEFBQADQQBCORy4CO4MMENsEtYwU7xE0Ck5i8VefJ6D
+txODMnRUzsthdbfjgXm3BfVPrhOuT0/bIKfyJtoSdCtN1SRPTJxO
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBANWzXfixI+1FfEYmoa5/90y9ZzcGiL6pKghbHD+Wnt3QeayfL3Xy
+HNITs4e/Ns6V8ScWGu0t+NM48X4HVMzAHlkCAwEAAQJATzDe2+/Y3m5ndR+PvriR
+DhEKFKwJNI4/k0UgHLhWOt/+y02ZfO5zhZaLvYG1BQbGKyhypdAGS8QP19xRVjI9
+uQIhAPs7Ql00hIvZvfRMmgh90otggbrWIrkW8Oh10BMFBdkTAiEA2cG+l36A5NAs
+PlA7sOlQyFs5F4XNXzEy76vPsGR/pGMCIBjo3UGkjWfYZQ8t8S/aWd/b58EArlyv
+u58w3zqjitrlAiEAsJeqlPkGVolsF+zBO6s61AEGv8jG0Ff50twmxgn6abkCIQDJ
+pUSYU/YF7bYj5QuHRyemhzDytTQcAB7A4IEWZsSL9A==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+#!/bin/bash
+#
+
+echo Ensure time is set to 2012/11/01 12:34
+echo use - date -u 110112342012
+echo hit return when ready
+read junk
+for tld in com org net
+do
+ clica -D example.$tld -p password -B 512 -I -N example.$tld -F -C http://crl.example.$tld/latest.crl -O http://oscp/example.$tld/
+ clica -D example.$tld -p password -s 101 -S server1.example.$tld
+ clica -D example.$tld -p password -s 102 -S revoked1.example.$tld
+ clica -D example.$tld -p password -s 103 -S expired1.example.$tld -m 1
+ clica -D example.$tld -p password -s 201 -S server2.example.$tld
+ clica -D example.$tld -p password -s 202 -S revoked2.example.$tld
+ clica -D example.$tld -p password -s 203 -S expired2.example.$tld -m 1
+done
+
+# and loop again
+for tld in com org net
+do
+ CADIR=example.$tld/CA
+ #give ourselves an OSCP key to work with
+ pk12util -o $CADIR/OCSP.p12 -n 'OCSP Signer' -d $CADIR -K password -W password
+ openssl pkcs12 -in $CADIR/OCSP.p12 -passin pass:password -passout pass:password -nodes -nocerts -out $CADIR/OCSP.key
+
+
+ # create some index files for the ocsp responder to work with
+ cat >$CADIR/index.valid.txt <<EOF
+V 130110200751Z 65 unknown CN=server1.example.$tld
+V 130110200751Z 66 unknown CN=revoked1.example.$tld
+V 130110200751Z 67 unknown CN=expired1.example.$tld
+V 130110200751Z c9 unknown CN=server2.example.$tld
+V 130110200751Z ca unknown CN=revoked2.example.$tld
+V 130110200751Z cb unknown CN=expired2.example.$tld
+EOF
+ cat >$CADIR/index.revoked.txt <<EOF
+R 130110200751Z 100201142709Z,superseded 65 unknown CN=server1.example.$tld
+R 130110200751Z 100201142709Z,superseded 66 unknown CN=revoked1.example.$tld
+R 130110200751Z 100201142709Z,superseded 67 unknown CN=expired1.example.$tld
+R 130110200751Z 100201142709Z,superseded c9 unknown CN=server2.example.$tld
+R 130110200751Z 100201142709Z,superseded ca unknown CN=revoked2.example.$tld
+R 130110200751Z 100201142709Z,superseded cb unknown CN=expired2.example.$tld
+EOF
+
+ # Now create all the ocsp requests and responses
+ OGENCOMMON="-rsigner $CADIR/OCSP.pem -rkey $CADIR/OCSP.key -CA $CADIR/Signer.pem -noverify"
+ for server in server1 revoked1 expired1 server2 revoked2 expired2
+ do
+ SPFX=example.$tld/$server.example.$tld/$server.example.$tld
+ openssl ocsp -issuer $CADIR/Signer.pem -cert $SPFX.pem -reqout $SPFX.ocsp.req
+ openssl ocsp -index $CADIR/index.valid.txt $OGENCOMMON -reqin $SPFX.ocsp.req -respout $SPFX.ocsp.good.resp
+ openssl ocsp -index $CADIR/index.valid.txt $OGENCOMMON -ndays 30 -reqin $SPFX.ocsp.req -respout $SPFX.ocsp.dated.resp
+ openssl ocsp -index $CADIR/index.revoked.txt $OGENCOMMON -reqin $SPFX.ocsp.req -respout $SPFX.ocsp.revoked.resp
+ done
+done
+
+# and loop again to generate unlocked keys and client cert bundles
+for tld in com org net
+do
+ for server in server1 revoked1 expired1 server2 revoked2 expired2 do
+ SDIR=example.$tld/$server.example.$tld
+ SPFX=$SDIR/$server.example.$tld
+ openssl rsa -in $SPFX.key -passin file:$SDIR/pwdfile -out $SPFX.unlocked.key
+ cat $SPFX.pem example.$tld/CA/Signer.pem >$SPFX.chain.pem
+ done
+done
+
+echo Please to reset date to now.
+echo service ntpdate start
+echo
+echo Then hit return
+read junk
+
+# Create CRL files in .der and .pem
+# empty versions, and ones with the revoked servers
+for tld in com org net
+do
+ CADIR=example.$tld/CA
+ CRLIN=$CADIR/crl.empty.in.txt
+ DATENOW=`date -u +%Y%m%d%H%M%SZ`
+ echo "update=$DATENOW " >$CRLIN
+ crlutil -G -d $CADIR -f $CADIR/pwdfile \
+ -n 'Signing Cert' -c $CRLIN -o $CADIR/crl.empty
+ openssl crl -in $CADIR/crl.empty -inform der -out $CADIR/crl.empty.pem
+done
+sleep 2
+for tld in com org net
+do
+ CADIR=example.$tld/CA
+ CRLIN=$CADIR/crl.v2.in.txt
+ DATENOW=`date -u +%Y%m%d%H%M%SZ`
+ echo "update=$DATENOW " >$CRLIN
+ echo "addcert 102 $DATENOW" >>$CRLIN
+ echo "addcert 202 $DATENOW" >>$CRLIN
+ crlutil -G -d $CADIR -f $CADIR/pwdfile \
+ -n 'Signing Cert' -c $CRLIN -o $CADIR/crl.v2
+ openssl crl -in $CADIR/crl.v2 -inform der -out $CADIR/crl.v2.pem
+done
+
+echo "CA, Certificate, CRL and OSCP Response generation complete"
# ----- Main settings -----
domainlist dlist = *.aa.bb : ^\Nxxx(.*)
+domainlist elist = +dlist : ;;
+domainlist flist = <; a ; b;;c ; +elist ; 2001:630:212:8:204::b664 ;
hostlist hlist = V4NET.11.12.13 : iplsearch;DIR/aux-fixed/0002.iplsearch
headers_charset = iso-8859-8
warn logwrite = Subject is: "$h_subject:"
deny message = reply_address=<$reply_address>
+a_ret:
+ accept message = ($acl_narg) [$acl_arg1] [$acl_arg2]
+
+a_none:
+ accept
+
+a_deny:
+ deny message = ($acl_narg) [$acl_arg1] [$acl_arg2]
+
+a_defer:
+ defer
+
+a_sub:
+ require acl = a_none foo bar baz barf
+ require acl = a_deny "new arg1" $acl_arg1
+
# End
accept local_parts = a.b.c
acl_rcpt:
+ warn set acl_m_1 = ${acl {data}}
accept endpass
acl = ${tr{$local_part}{:}{\n}}
deny message = this message should not occur
begin routers
-all:
+my_main_router:
driver = manualroute
domains = ! +local_domains
route_list = * 127.0.0.1
self = send
- transport = smtp
+ transport = my_smtp
+ debug_print = router_name <$router_name>
no_more
begin transports
-smtp:
+my_smtp:
driver = smtp
interface = HOSTIPV4
port = PORT_S
+ debug_print = transport_name <$transport_name>
# End
deny hosts = V4NET.0.0.1
!verify = sender/callout=no_cache
deny hosts = V4NET.0.0.3
- log_message = ($recipient_verify_failure)
!verify = recipient/callout=no_cache
deny hosts = V4NET.0.0.5
- log_message = ($sender_verify_failure)
!verify = sender/callout=no_cache/check_postmaster
require verify = sender
accept domains = +local_domains
local_parts = lsearch;DIR/aux-fixed/TESTNUM.data
data =
debug_print = r1: \$domain_data = $domain_data\n\
- r1: \$local_part_data = $local_part_data
+ $router_name: \$local_part_data = $local_part_data
r2:
driver = redirect
local_parts = lsearch;DIR/aux-fixed/TESTNUM.data
data =
debug_print = r2: \$domain_data = $domain_data\n\
- r2: \$local_part_data = $local_part_data
+ $router_name: \$local_part_data = $local_part_data
r3:
driver = redirect
local_parts = +test_local_parts
data =
debug_print = r3: \$domain_data = $domain_data\n\
- r3: \$local_part_data = $local_part_data
+ $router_name: \$local_part_data = $local_part_data
r4:
driver = accept
local_parts = +test_local_parts
transport = t1
debug_print = r4: \$domain_data = $domain_data\n\
- r4: \$local_part_data = $local_part_data
+ $router_name: \$local_part_data = $local_part_data
# ----- Transports -----
r2:
driver = redirect
+ headers_remove = Remove-Me-Also:
headers_remove = Remove-Me:
data = $local_part@domain
driver = accept
headers_remove = Remove-Me:
headers_add = X-Was-Remove-Me: >$h_remove-me:<
+ headers_add = ${if def:h_remove-me-also {X-Was-Remove-Me-Also: >$h_remove-me-also:<}}
transport = t1
begin acl
check_rcpt:
- warn message = data1 data1\ndata2 data2
+ warn message = data1 data1\ndata2 data2\n
+ warn message = \n\ndata3\n\ndata4\n\n
warn message = :after_received:After-Received: some text\n\
:at_start:At-Start: some text\n\
:at_end: At-End: some text
- accept
+ warn message = data4
+ warn add_header = X-multiline: foo\n\tbar
+ accept logwrite = $headers_added
# ----- Routers -----
log_file_path = DIR/spool/log/%slog
gecos_pattern = ""
gecos_name = CALLER_NAME
+log_selector = +smtp_mailauth
# ----- Main settings -----
route_list = * "<= 127.0.0.1:PORT_S"
self = send
verify_only
+ transport = t1
+
+
+begin transports
+
+t1:
+ driver = smtp
# End
--- /dev/null
+# Exim test configuration 0566
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+log_selector = +8bitmime
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+domainlist local_domains = test.ex
+
+acl_smtp_rcpt = acl_rcpt
+acl_smtp_data = acl_data
+
+
+# ------ ACLs ------
+
+begin acl
+
+acl_rcpt:
+ accept endpass
+ message = SIZE value too big
+ condition = ${if > {$message_size}{10000}{no}{yes}}
+
+acl_data:
+ accept endpass
+ message = message too big - \$recipients=$recipients ($recipients_count)
+ condition = ${if > {$message_size}{10000}{no}{yes}}
+
+
+# ------ Routers ------
+
+begin routers
+
+r1:
+ driver = dnslookup
+ domains = ! +local_domains
+ transport = dev_null
+ no_more
+
+r2:
+ driver = accept
+ local_parts = userx : postmaster
+ transport = local_delivery
+
+
+# ------ Transports ------
+
+begin transports
+
+dev_null:
+ driver = appendfile
+ file = /dev/null
+ user = CALLER
+
+local_delivery:
+ driver = appendfile
+ file = DIR/test-mail/$local_part
+ user = CALLER
+
+# End
--- /dev/null
+# Exim test configuration 0532
+
+CONNECTCOND=
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+acl_smtp_connect = connect
+acl_smtp_mail = mail
+acl_smtp_rcpt = rcpt
+acl_smtp_predata = predata
+acl_smtp_data = data
+acl_not_smtp = notsmtp
+
+qualify_domain = test.ex
+trusted_users = CALLER
+
+hostlist internal_headers = x-mail-2 : x-mail-3
+
+
+# ----- ACL -----
+
+begin acl
+
+connect:
+ accept CONNECTCOND
+
+mail:
+ accept remove_header = x-mail-1
+ senders = mailok@test.ex
+ # Won't work because doesn't expand
+ remove_header = +internal_headers
+ accept
+
+rcpt:
+ accept local_parts = rcptok
+ remove_header = x-rcpt-4 : x-rcpt-2
+ set acl_m_hdr = x-predata-1
+ deny add_header = RCPT: denied $local_part
+
+
+predata:
+ warn remove_header = x-predata-3 : $acl_m_hdr
+ # Won't work because doesn't use wildcards
+ accept remove_header = x-not-*
+
+data:
+ warn log_message = Verified previously removed header X-Rcpt-2
+ condition = ${if eq{$h_x-rcpt-2:}{}}
+ warn remove_header = x-data-1 : x-data-4
+ condition = ${if eq{$h_cond:}{accept}}
+ remove_header = x-data-3
+ # Won't delete this header because condition fails before the modifier
+ warn condition = ${if eq{$h_cond:}{reject}}
+ remove_header = x-data-2
+ warn log_message = Verified removed header X-Data-3 in this ACL still visible
+ condition = ${if !eq{$h_x-data-3:}{}}
+ accept
+
+notsmtp:
+ # Will remove a required header (Date) if told to
+ accept remove_header = x-notsmtp-1 : date
+
+
+# ----- Routers -----
+
+begin routers
+
+r1:
+ driver = accept
+ transport = t1
+
+
+# ----- Transports -----
+
+begin transports
+
+t1:
+ driver = appendfile
+ file = DIR/test-mail/$local_part
+ user = CALLER
+
+# End
--- /dev/null
+# Exim test configuration 0568
+# Recipient callout with AUTH
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = check_rcpt
+
+queue_only
+
+
+# ----- Authentication -----
+
+begin authenticators
+
+plain:
+ driver = plaintext
+ public_name = PLAIN
+ client_send = ^userx^secret
+ server_advertise_condition = yes
+ server_prompts = :
+ server_condition = yes
+ server_set_id = $auth2
+
+
+# ----- ACLs -----
+
+begin acl
+
+check_rcpt:
+ accept verify = recipient/callout
+
+
+# ----- Routers -----
+
+begin routers
+
+r1:
+ driver = accept
+ transport = ${if eq{force}{$domain} {t2}{t1}}
+
+
+# ----- Transports -----
+
+begin transports
+
+t1:
+ driver = smtp
+ hosts = 127.0.0.1
+ port = PORT_S
+ allow_localhost
+ hosts_try_auth = *
+
+t2:
+ driver = smtp
+ hosts = 127.0.0.1
+ port = PORT_S
+ allow_localhost
+ hosts_try_auth = *
+ authenticated_sender= brian
+
+# End
log_file_path = DIR/spool/log/%slog
gecos_pattern = ""
gecos_name = CALLER_NAME
+log_selector = +smtp_mailauth
# ----- Main settings -----
driver = plaintext
public_name = LOGIN
client_send = : userx : secret
+ client_set_id = userx
plain:
driver = plaintext
driver = plaintext
public_name = XLOGIN
client_send = : $auth1 : $auth1+$auth2
+ client_set_id = $auth1
# ----- Routers -----
server_condition = "\
${if and {{eq{$2}{userx}}{eq{$3}{secret1}}}{yes}{no}}"
server_set_id = $2
- client_condition = ${if !eq {$tls_cipher}{}}
+ client_condition = ${if !eq {$tls_out_cipher}{}}
client_send = ^userx^secret1
login:
server_condition = "\
${if and {{eq{$2}{userx}}{eq{$3}{secret1}}}{yes}{no}}"
server_set_id = $2
- client_condition = ${if !eq {$tls_cipher}{}}
+ client_condition = ${if !eq {$tls_out_cipher}{}}
client_send = ^userx^secret1
login:
client_password = ${if eq{1}{0}{xxx}fail}
client_username = username
server_password = ok@test.ex
+ server_set_id = $auth1
spa:
driver = spa
client_username = username
server_debug_print = +++SPA \$auth1="$auth1"
server_password = ok@test.ex
+ server_set_id = $auth1
# ----- Routers -----
--- /dev/null
+# Exim test configuration 5400
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+domainlist local_domains = test.ex : *.test.ex
+
+acl_smtp_rcpt = ar
+
+
+# ----- ACLs -----
+
+begin acl
+
+ar:
+ accept control = cutthrough_delivery
+ logwrite = rcpt for $local_part@$domain
+
+# ----- Routers -----
+
+begin routers
+
+all:
+ driver = manualroute
+ domains = ! +local_domains
+ route_list = * 127.0.0.1
+ self = send
+ transport = smtp
+ no_more
+
+
+# ----- Transports -----
+
+begin transports
+
+smtp:
+ driver = smtp
+ interface = HOSTIPV4
+ port = PORT_S
+
+
+# End
--- /dev/null
+# Exim test configuration 5401
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+domainlist local_domains = test.ex : *.test.ex
+
+acl_smtp_rcpt = acl_rcpt
+
+# ----- ACLs -------
+
+begin acl
+
+acl_rcpt:
+ accept control = cutthrough_delivery
+ verify = recipient
+
+
+# ----- Routers -----
+
+begin routers
+
+all:
+ driver = manualroute
+ domains = ! +local_domains
+ route_list = * 127.0.0.1
+ self = send
+ transport = smtp
+ no_more
+
+
+# ----- Transports -----
+
+begin transports
+
+smtp:
+ driver = smtp
+ interface = HOSTIPV4
+ port = PORT_S
+
+
+# End
--- /dev/null
+# Exim test configuration 5410
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+log_selector = +smtp_confirmation
+tls_advertise_hosts = *
+tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+
+domainlist local_domains = test.ex : *.test.ex
+
+acl_smtp_rcpt = ${if eq {SERVER}{server}{queue}{cutthrough}}
+
+# ----- ACLs -------
+
+begin acl
+
+cutthrough:
+ accept control = cutthrough_delivery
+ verify = recipient
+
+queue:
+ accept control = queue_only
+
+# ----- Routers -----
+
+begin routers
+
+all:
+ driver = manualroute
+ domains = ! +local_domains
+ route_list = * 127.0.0.1
+ self = send
+ address_data = $local_part
+ transport = smtp
+ no_more
+
+
+# ----- Transports -----
+
+begin transports
+
+smtp:
+ driver = smtp
+ interface = HOSTIPV4
+ port = PORT_D
+ hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}}
+ hosts_verify_avoid_tls = ${if eq {$address_data}{userz}{*}{:}}
+
+
+# End
--- /dev/null
+# Exim test configuration 5420
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+log_selector = +smtp_confirmation
+tls_advertise_hosts = *
+tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+
+domainlist local_domains = test.ex : *.test.ex
+
+acl_smtp_rcpt = ${if eq {SERVER}{server}{queue}{cutthrough}}
+
+# ----- ACLs -------
+
+begin acl
+
+cutthrough:
+ accept control = cutthrough_delivery
+ verify = recipient
+
+queue:
+ accept control = queue_only
+
+# ----- Routers -----
+
+begin routers
+
+all:
+ driver = manualroute
+ domains = ! +local_domains
+ route_list = * 127.0.0.1
+ self = send
+ address_data = $local_part
+ transport = smtp
+ no_more
+
+
+# ----- Transports -----
+
+begin transports
+
+smtp:
+ driver = smtp
+ interface = HOSTIPV4
+ port = PORT_D
+ hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}}
+ hosts_verify_avoid_tls = ${if eq {$address_data}{userz}{*}{:}}
+
+
+# End
--- /dev/null
+# Exim test configuration 5500
+# Server PRDR
+
+LOG_SELECTOR=
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+domainlist local_domains = test.ex : *.test.ex
+
+LOG_SELECTOR
+
+qualify_domain = test.ex
+trusted_users = CALLER
+
+prdr_enable = true
+
+acl_smtp_rcpt = accept
+acl_smtp_data_prdr = prdr_acl
+acl_smtp_data = data_acl
+
+# ----- ACLs -----
+
+begin acl
+
+prdr_acl:
+ defer local_parts = usery
+ deny local_parts = userz
+ accept
+
+data_acl:
+ deny condition = ${if match {$recipients}{userq}}
+ accept
+
+# ----- Transports -----
+
+begin transports
+
+t1:
+ driver = appendfile
+ file = DIR/test-mail/$local_part
+ user = CALLER
+
+# ----- Routers -----
+
+begin routers
+
+r0:
+ driver = accept
+ transport = t1
+
+# ----- Retry -----
+
+begin retry
+
+* * F,5d,5m
+
+# End
--- /dev/null
+# Exim test configuration 5510
+# Client PRDR
+
+LOG_SELECTOR=
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+domainlist local_domains = test.ex : *.test.ex
+
+LOG_SELECTOR
+
+qualify_domain = test.ex
+trusted_users = CALLER
+
+prdr_enable = true
+
+acl_smtp_rcpt = accept
+acl_smtp_data = data_acl
+
+# ----- ACLs -----
+
+begin acl
+
+data_acl:
+ deny local_parts = usery
+ accept
+
+# ----- Transports -----
+
+begin transports
+
+t1:
+ driver = smtp
+ hosts = 127.0.0.1
+ port = PORT_S
+ allow_localhost
+ hosts_try_prdr = *
+
+# ----- Routers -----
+
+begin routers
+
+r0:
+ driver = accept
+ transport = t1
+
+# ----- Retry -----
+
+begin retry
+
+* * F,5d,5m
+
+# End
--- /dev/null
+# Exim test configuration 5600
+# OCSP stapling, server
+
+CRL=
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = server1.example.com
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = check_recipient
+
+log_selector = +tls_peerdn
+
+queue_only
+queue_run_in_order
+
+tls_advertise_hosts = *
+
+tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
+tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
+
+tls_verify_hosts = HOSTIPV4
+tls_try_verify_hosts = *
+tls_verify_certificates = DIR/aux-fixed/cert2
+tls_crl = CRL
+tls_ocsp_file = OCSP
+
+
+# ------ ACL ------
+
+begin acl
+
+check_recipient:
+ deny message = certificate not verified: peerdn=$tls_peerdn
+ ! verify = certificate
+ accept
+
+
+# ----- Routers -----
+
+begin routers
+
+abc:
+ driver = accept
+ retry_use_local_part
+ transport = local_delivery
+
+
+# ----- Transports -----
+
+begin transports
+
+local_delivery:
+ driver = appendfile
+ file = DIR/test-mail/$local_part
+ headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
+ user = CALLER
+
+# End
--- /dev/null
+# Exim test configuration 5601
+# OCSP stapling, client
+
+SERVER =
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = server1.example.com
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/SERVER%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+
+# ----- Main settings -----
+
+domainlist local_domains = test.ex : *.test.ex
+
+acl_smtp_rcpt = check_recipient
+log_selector = +tls_peerdn
+remote_max_parallel = 1
+
+tls_advertise_hosts = *
+
+# Set certificate only if server
+
+tls_certificate = ${if eq {SERVER}{server}\
+{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\
+fail\
+}
+
+#{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\
+
+tls_privatekey = ${if eq {SERVER}{server}\
+{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\
+fail}
+
+tls_ocsp_file = OCSP
+
+
+# ------ ACL ------
+
+begin acl
+
+check_recipient:
+ accept domains = +local_domains
+ deny message = relay not permitted
+
+
+# ----- Routers -----
+
+begin routers
+
+client:
+ driver = accept
+ condition = ${if eq {SERVER}{server}{no}{yes}}
+ retry_use_local_part
+ transport = send_to_server${if eq{$local_part}{nostaple}{1} \
+ {${if eq{$local_part}{smtps} {3}{2}}} \
+ }
+
+server:
+ driver = redirect
+ data = :blackhole:
+ #retry_use_local_part
+ #transport = local_delivery
+
+
+# ----- Transports -----
+
+begin transports
+
+local_delivery:
+ driver = appendfile
+ file = DIR/test-mail/$local_part
+ headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn
+ user = CALLER
+
+send_to_server1:
+ driver = smtp
+ allow_localhost
+ hosts = HOSTIPV4
+ port = PORT_D
+ tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ hosts_require_tls = *
+# note no ocsp here
+
+send_to_server2:
+ driver = smtp
+ allow_localhost
+ hosts = 127.0.0.1
+ port = PORT_D
+ helo_data = helo.data.changed
+ #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
+ tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ hosts_require_tls = *
+ hosts_require_ocsp = *
+
+send_to_server3:
+ driver = smtp
+ allow_localhost
+ hosts = 127.0.0.1
+ port = PORT_D
+ helo_data = helo.data.changed
+ #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem
+ tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem
+ protocol = smtps
+ hosts_require_tls = *
+ hosts_require_ocsp = *
+
+
+# ----- Retry -----
+
+
+begin retry
+
+* * F,5d,1s
+
+
+# End
1999-03-02 09:44:33 10HmbD-0005vi-00 => userx <B+userx@Test.Ex> R=localuser_b T=local_delivery_b
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbE-0005vi-00 => userx@test.ex <S+userx@Test.Ex> R=localuser_s T=delivery_s H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbE-0005vi-00 => userx@test.ex <S+userx@Test.Ex> R=localuser_s T=delivery_s H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbF-0005vi-00 => userx <userx-B@Test.Ex> R=localuser_sb T=local_delivery_b
1999-03-02 09:44:33 10HmbF-0005vi-00 => userx <X+userx-B@Test.Ex> R=localuser_sb T=local_delivery_b
1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbG-0005vi-00 => userx@test.ex <Userx-S@Test.Ex> R=localuser_ss T=delivery_s H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbG-0005vi-00 => userx@test.ex <Userx-S@Test.Ex> R=localuser_ss T=delivery_s H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaX-0005vi-00 => one@remote <list@test.ex> R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> two@remote <list@test.ex> R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => one@remote <list@test.ex> R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> two@remote <list@test.ex> R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qq
-1999-03-02 09:44:33 10HmaY-0005vi-00 => one@remote <list@test.ex> R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaY-0005vi-00 -> two@remote <list@test.ex> R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => one@remote <list@test.ex> R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaY-0005vi-00 -> two@remote <list@test.ex> R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qq
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => abcd@eximtesthost.test.ex <abcd@eximtesthost> R=lookuphost T=send_to_server H=eximtesthost.test.ex [ip4.ip4.ip4.ip4]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx@alias-eximtesthost.test.ex R=lookuphost T=send_to_server H=eximtesthost.test.ex [ip4.ip4.ip4.ip4]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => abcd@eximtesthost.test.ex <abcd@eximtesthost> R=lookuphost T=send_to_server H=eximtesthost.test.ex [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx@alias-eximtesthost.test.ex R=lookuphost T=send_to_server H=eximtesthost.test.ex [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> newr1@myhost.test.ex <r1@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0]
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> newr2@local.test.ex <r2@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0]
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> newr1@myhost.test.ex <r1@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> newr2@local.test.ex <r2@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@qd.text.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 *> newr1@qd.text.ex <r1@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0]
-1999-03-02 09:44:33 10HmaY-0005vi-00 *> newr2@local.test.ex <r2@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0]
+1999-03-02 09:44:33 10HmaY-0005vi-00 *> newr1@qd.text.ex <r1@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaY-0005vi-00 *> newr2@local.test.ex <r2@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 Start queue run: pid=pppp
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbB-0005vi-00 *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+1999-03-02 09:44:33 10HmbB-0005vi-00 *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbC-0005vi-00 == xxx@ten-2.test.ex R=lookuphost T=smtp defer (-1): domain matches queue_smtp_domains, or -odqs set
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmbC-0005vi-00 *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2]
+1999-03-02 09:44:33 10HmbC-0005vi-00 *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qq
-1999-03-02 09:44:33 10HmbD-0005vi-00 *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+1999-03-02 09:44:33 10HmbD-0005vi-00 *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbE-0005vi-00 *> yyy@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+1999-03-02 09:44:33 10HmbE-0005vi-00 *> yyy@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qq
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbF-0005vi-00 == xxx@ten-2.test.ex R=lookuphost T=smtp defer (-1): domain matches queue_smtp_domains, or -odqs set
-1999-03-02 09:44:33 10HmbF-0005vi-00 *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2]
+1999-03-02 09:44:33 10HmbF-0005vi-00 *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbG-0005vi-00 == xxx@local.test.ex routing defer (-55): domain is in queue_domains
1999-03-02 09:44:33 10HmbC-0005vi-00 => userw <userw@test.ex> R=bsmtp_localuser_filtered T=bsmtp_local_delivery_filtered
1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbD-0005vi-00 => userx@domain.com R=rest T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbD-0005vi-00 => userx@domain.com R=rest T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbE-0005vi-00 => userx <userx@test.ex> R=localuser T=local_delivery
1999-03-02 09:44:33 10HmbL-0005vi-00 => userx <userx@test.ex> R=localuser T=local_delivery
1999-03-02 09:44:33 10HmbL-0005vi-00 Completed
1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbM-0005vi-00 => userx@filtered.com R=filtered T=filtered_smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbM-0005vi-00 => userx@filtered.com R=filtered T=filtered_smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbM-0005vi-00 Completed
1999-03-02 09:44:33 10HmbA-0005vi-00 => userz <userz@test.ex> R=bsmtp_localuser T=bsmtp_local_delivery
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbB-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbB-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbC-0005vi-00 => userx <userx@test.ex> R=localuser T=local_delivery
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
-1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
-1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
-1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=my_main_router T=my_smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmbG-0005vi-00 Frozen
1999-03-02 09:44:33 Start queue run: pid=pppp -qqff -R userz
1999-03-02 09:44:33 10HmbG-0005vi-00 Unfrozen by forced delivery
-1999-03-02 09:44:33 10HmbG-0005vi-00 => userx@non.local.domain <userz@test.ex> R=all_R T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbG-0005vi-00 => userx@non.local.domain <userz@test.ex> R=all_R T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqff -R userz
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]:1224
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]:1224 C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]:1224*
+1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]:1224* C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 10HmaX-0005vi-00 Frozen
1999-03-02 09:44:33 Start queue run: pid=pppp -qqff -R usery
1999-03-02 09:44:33 10HmaX-0005vi-00 Unfrozen by forced delivery
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@non.local.domain <usery@test.ex> R=all_R T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@non.local.domain <usery@test.ex> R=all_R T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqff -R usery
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=domainx T=smtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain2 R=domainx T=smtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain3 R=domainx T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=domainx T=smtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain2 R=domainx T=smtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain3 R=domainx T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@adomain1 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaY-0005vi-00 -> userx@adomain2 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@adomain3 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@adomain1 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaY-0005vi-00 -> userx@adomain2 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@adomain3 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@bdomain1 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> userx@bdomain2 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> userx@bdomain3 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@bdomain1 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> userx@bdomain2 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> userx@bdomain3 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 ** userx@domain1 R=others T=smtp: SMTP error from remote mail server after MAIL FROM:<CALLER@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Don't like that sender
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> R=10HmaY-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 == usery@domain1 R=others T=smtp defer (0): SMTP delivery explicitly queued
1999-03-02 09:44:33 Start queue run: pid=pppp
1999-03-02 09:44:33 10HmaZ-0005vi-00 == userx@domain1 R=others T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:<userx@domain1>: host 127.0.0.1 [127.0.0.1]: 450 Temporary error
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => usery@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => usery@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbA-0005vi-00 == userx@domain1 routing defer (-51): retry time not reached
1999-03-02 09:44:33 10HmbA-0005vi-00 == usery@domain1 R=others T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:<usery@domain1>: host 127.0.0.1 [127.0.0.1]: 450 Temporary error
1999-03-02 09:44:33 10HmbA-0005vi-00 == userx@domain1 routing defer (-51): retry time not reached
1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 => file <file@test.ex> R=file T=bsmtp_local_delivery
1999-03-02 09:44:33 10HmaX-0005vi-00 => pipe <pipe@test.ex> R=pipe T=bsmtp_pipe_delivery
-1999-03-02 09:44:33 10HmaX-0005vi-00 => smtp@test.ex R=smtp T=bsmtp_smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => smtp@test.ex R=smtp T=bsmtp_smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 == userxx@myhost.test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 440 Temporary error
1999-03-02 09:44:33 10HmaY-0005vi-00 ** userxy@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp: LMTP error after DATA: 550 Bad user
-1999-03-02 09:44:33 10HmaY-0005vi-00 -> userxz@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 -> userxz@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 == useryx@myhost.test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 440 Temporary error
1999-03-02 09:44:33 10HmaY-0005vi-00 ** useryy@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp: LMTP error after DATA: 550 Bad user
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> R=10HmaY-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 removed by CALLER
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbA-0005vi-00 == userxx@myhost.test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 440 Temporary error
1999-03-02 09:44:33 10HmbA-0005vi-00 ** userxy@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp: LMTP error after DATA: 550-I don't like this user\n550 Bad user
-1999-03-02 09:44:33 10HmbA-0005vi-00 -> userxz@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbA-0005vi-00 -> userxz@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250-This one's OK\\n250 OK"
1999-03-02 09:44:33 10HmbA-0005vi-00 == useryx@myhost.test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 440-Here's a whole long message, in several lines,\n440-just for testing that nothing breaks when\n440-we do this\n440 Temporary error
1999-03-02 09:44:33 10HmbA-0005vi-00 ** useryy@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp: LMTP error after DATA: 550 Bad user
1999-03-02 09:44:33 10HmbB-0005vi-00 <= <> R=10HmbA-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmbC-0005vi-00 == userxx@myhost.test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 440 Temporary error
1999-03-02 09:44:33 10HmbC-0005vi-00 == userxy@myhost.test.ex R=smartuser T=lmtp defer (-44): SMTP error from remote mail server after RCPT TO:<userxy@myhost.test.ex>: host 127.0.0.1 [127.0.0.1]: 450 Receiver temporarily bad
1999-03-02 09:44:33 10HmbC-0005vi-00 ** userxz@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp: LMTP error after DATA: 550-I don't like this user\n550 Bad user
-1999-03-02 09:44:33 10HmbC-0005vi-00 => useryx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbC-0005vi-00 => useryx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250-This one's OK\\n250 OK"
1999-03-02 09:44:33 10HmbC-0005vi-00 ** useryy@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp: SMTP error from remote mail server after RCPT TO:<useryy@myhost.test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Receiver BAD
1999-03-02 09:44:33 10HmbD-0005vi-00 <= <> R=10HmbC-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmbD-0005vi-00 => :blackhole: <CALLER@myhost.test.ex> R=bounces
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbE-0005vi-00 => userxx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmbE-0005vi-00 -> userxy@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmbE-0005vi-00 -> userxz@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbE-0005vi-00 => userxx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmbE-0005vi-00 -> userxy@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmbE-0005vi-00 -> userxz@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbF-0005vi-00 => userxx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmbF-0005vi-00 -> userxy@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmbF-0005vi-00 -> userxz@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbF-0005vi-00 => userxx@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmbF-0005vi-00 -> userxy@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmbF-0005vi-00 -> userxz@myhost.test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbG-0005vi-00 == userx@myhost.test.ex R=smartuser T=lmtp defer (-44): SMTP error from remote mail server after RCPT TO:<userx@myhost.test.ex>: host 127.0.0.1 [127.0.0.1]: 450 LATER
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a000@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a001@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a002@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a003@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a004@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a005@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a006@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a007@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a008@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a009@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a010@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a011@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a012@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a013@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a014@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a015@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a016@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a017@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a018@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a019@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a020@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a021@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a022@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a023@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a024@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a025@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a026@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a027@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a028@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a029@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a030@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a031@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a032@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a033@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a034@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a035@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a036@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a037@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a038@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a039@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a040@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a041@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a042@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a043@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a044@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a045@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a046@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a047@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a048@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a049@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a050@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a051@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a052@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a053@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a054@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a055@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a056@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a057@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a058@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a059@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a060@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a061@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a062@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a063@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a064@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a065@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a066@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a067@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a068@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a069@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a070@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a071@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a072@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a073@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a074@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a075@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a076@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a077@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a078@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a079@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a080@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a081@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a082@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a083@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a084@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a085@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a086@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a087@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a088@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a089@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a090@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a091@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a092@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a093@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a094@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a095@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a096@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a097@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a098@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a099@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a100@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a101@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a102@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a103@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a104@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a105@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a106@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a107@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a108@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a109@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a110@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a111@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a112@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a113@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a114@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a115@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a116@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a117@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a118@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a119@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a120@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a121@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a122@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a123@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a124@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a125@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a126@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a127@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a128@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a129@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a130@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a131@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a132@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a133@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a134@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a135@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a136@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a137@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a138@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a139@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a140@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a141@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a142@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a143@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a144@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a145@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a146@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a147@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a148@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a149@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a150@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a151@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a152@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a153@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a154@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a155@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a156@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a157@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a158@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a159@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a160@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a161@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a162@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a163@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a164@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a165@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a166@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a167@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a168@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a169@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a170@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a171@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a172@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a173@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a174@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a175@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a176@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a177@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a178@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a179@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a180@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a181@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a182@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a183@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a184@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a185@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a186@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a187@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a188@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a189@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a190@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a191@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a192@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a193@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a194@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a195@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a196@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a197@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a198@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a199@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a200@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a201@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a202@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a203@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a204@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a205@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a206@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a207@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a208@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a209@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a210@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a211@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a212@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a213@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a214@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a215@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a216@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a217@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a218@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a219@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a220@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a221@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a222@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a223@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a224@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a225@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a226@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a227@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a228@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a229@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a230@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a231@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a232@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a233@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a234@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a235@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a236@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a237@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a238@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a239@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a240@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a241@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a242@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a243@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a244@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a245@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a246@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a247@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a248@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a249@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a250@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a251@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a252@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a253@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a254@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a255@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a256@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a257@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a258@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a259@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a260@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a261@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a262@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a263@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a264@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a265@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a266@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a267@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a268@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a269@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a270@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a271@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a272@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a273@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a274@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a275@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a276@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a277@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a278@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a279@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a280@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a281@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a282@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a283@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a284@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a285@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a286@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a287@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a288@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a289@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a290@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a291@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a292@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a293@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a294@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a295@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a296@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a297@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a298@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a299@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a300@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a301@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a302@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a303@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a304@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a305@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a306@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a307@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a308@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a309@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a310@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a311@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a312@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a313@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a314@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a315@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a316@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a317@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a318@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a319@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a320@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a321@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a322@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a323@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a324@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a325@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a326@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a327@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a328@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a329@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a330@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a331@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a332@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a333@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a334@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a335@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a336@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a337@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a338@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a339@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a340@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a341@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a342@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a343@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a344@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a345@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a346@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a347@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a348@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a349@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a350@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a351@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a352@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a353@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a354@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a355@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a356@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a357@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a358@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a359@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a360@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a361@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a362@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a363@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a364@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a365@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a366@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a367@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a368@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a369@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a370@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a371@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a372@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a373@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a374@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a375@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a376@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a377@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a378@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a379@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a380@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a381@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a382@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a383@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a384@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a385@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a386@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a387@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a388@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a389@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a390@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a391@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a392@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a393@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a394@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a395@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a396@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a397@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a398@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a399@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a400@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a401@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a402@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a403@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a404@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a405@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a406@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a407@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a408@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a409@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a410@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a411@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a412@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a413@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a414@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a415@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a416@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a417@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a418@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a419@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a420@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a421@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a422@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a423@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a424@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a425@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a426@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a427@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a428@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a429@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a430@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a431@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a432@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a433@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a434@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a435@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a436@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a437@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a438@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a439@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a440@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a441@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a442@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a443@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a444@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a445@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a446@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a447@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a448@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a449@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a450@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a451@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a452@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a453@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a454@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a455@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a456@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a457@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a458@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a459@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a460@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a461@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a462@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a463@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a464@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a465@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a466@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a467@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a468@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a469@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a470@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a471@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a472@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a473@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a474@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a475@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a476@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a477@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a478@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a479@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a480@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a481@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a482@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a483@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a484@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a485@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a486@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a487@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a488@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a489@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a490@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a491@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a492@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a493@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a494@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a495@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a496@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a497@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a498@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a499@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a000@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a001@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a002@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a003@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a004@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a005@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a006@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a007@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a008@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a009@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a010@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a011@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a012@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a013@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a014@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a015@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a016@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a017@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a018@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a019@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a020@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a021@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a022@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a023@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a024@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a025@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a026@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a027@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a028@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a029@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a030@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a031@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a032@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a033@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a034@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a035@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a036@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a037@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a038@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a039@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a040@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a041@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a042@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a043@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a044@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a045@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a046@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a047@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a048@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a049@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a050@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a051@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a052@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a053@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a054@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a055@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a056@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a057@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a058@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a059@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a060@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a061@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a062@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a063@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a064@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a065@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a066@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a067@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a068@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a069@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a070@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a071@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a072@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a073@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a074@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a075@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a076@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a077@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a078@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a079@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a080@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a081@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a082@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a083@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a084@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a085@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a086@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a087@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a088@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a089@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a090@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a091@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a092@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a093@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a094@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a095@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a096@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a097@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a098@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a099@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a100@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a101@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a102@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a103@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a104@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a105@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a106@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a107@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a108@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a109@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a110@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a111@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a112@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a113@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a114@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a115@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a116@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a117@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a118@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a119@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a120@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a121@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a122@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a123@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a124@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a125@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a126@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a127@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a128@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a129@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a130@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a131@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a132@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a133@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a134@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a135@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a136@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a137@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a138@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a139@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a140@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a141@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a142@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a143@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a144@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a145@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a146@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a147@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a148@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a149@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a150@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a151@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a152@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a153@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a154@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a155@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a156@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a157@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a158@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a159@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a160@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a161@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a162@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a163@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a164@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a165@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a166@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a167@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a168@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a169@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a170@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a171@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a172@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a173@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a174@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a175@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a176@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a177@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a178@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a179@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a180@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a181@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a182@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a183@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a184@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a185@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a186@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a187@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a188@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a189@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a190@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a191@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a192@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a193@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a194@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a195@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a196@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a197@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a198@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a199@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a200@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a201@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a202@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a203@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a204@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a205@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a206@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a207@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a208@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a209@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a210@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a211@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a212@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a213@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a214@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a215@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a216@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a217@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a218@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a219@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a220@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a221@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a222@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a223@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a224@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a225@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a226@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a227@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a228@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a229@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a230@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a231@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a232@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a233@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a234@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a235@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a236@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a237@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a238@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a239@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a240@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a241@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a242@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a243@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a244@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a245@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a246@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a247@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a248@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a249@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a250@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a251@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a252@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a253@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a254@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a255@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a256@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a257@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a258@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a259@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a260@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a261@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a262@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a263@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a264@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a265@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a266@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a267@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a268@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a269@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a270@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a271@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a272@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a273@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a274@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a275@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a276@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a277@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a278@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a279@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a280@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a281@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a282@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a283@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a284@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a285@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a286@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a287@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a288@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a289@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a290@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a291@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a292@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a293@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a294@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a295@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a296@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a297@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a298@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a299@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a300@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a301@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a302@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a303@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a304@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a305@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a306@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a307@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a308@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a309@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a310@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a311@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a312@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a313@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a314@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a315@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a316@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a317@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a318@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a319@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a320@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a321@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a322@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a323@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a324@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a325@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a326@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a327@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a328@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a329@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a330@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a331@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a332@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a333@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a334@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a335@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a336@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a337@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a338@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a339@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a340@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a341@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a342@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a343@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a344@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a345@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a346@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a347@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a348@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a349@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a350@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a351@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a352@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a353@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a354@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a355@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a356@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a357@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a358@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a359@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a360@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a361@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a362@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a363@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a364@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a365@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a366@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a367@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a368@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a369@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a370@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a371@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a372@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a373@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a374@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a375@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a376@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a377@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a378@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a379@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a380@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a381@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a382@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a383@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a384@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a385@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a386@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a387@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a388@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a389@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a390@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a391@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a392@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a393@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a394@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a395@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a396@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a397@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a398@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a399@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a400@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a401@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a402@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a403@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a404@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a405@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a406@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a407@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a408@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a409@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a410@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a411@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a412@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a413@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a414@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a415@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a416@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a417@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a418@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a419@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a420@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a421@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a422@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a423@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a424@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a425@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a426@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a427@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a428@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a429@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a430@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a431@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a432@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a433@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a434@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a435@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a436@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a437@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a438@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a439@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a440@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a441@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a442@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a443@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a444@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a445@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a446@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a447@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a448@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a449@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a450@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a451@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a452@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a453@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a454@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a455@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a456@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a457@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a458@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a459@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a460@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a461@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a462@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a463@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a464@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a465@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a466@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a467@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a468@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a469@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a470@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a471@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a472@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a473@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a474@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a475@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a476@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a477@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a478@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a479@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a480@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a481@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a482@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a483@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a484@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a485@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a486@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a487@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a488@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a489@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a490@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a491@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a492@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a493@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a494@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a495@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a496@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a497@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a498@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a499@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
******** SERVER ********
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 == b@test.ex R=client T=send_to_server defer (-44): SMTP error from remote mail server after RCPT TO:<b@test.ex>: host 127.0.0.1 [127.0.0.1]: 451 Temp error
1999-03-02 09:44:33 10HmaX-0005vi-00 ** c@test.ex R=client T=send_to_server: SMTP error from remote mail server after RCPT TO:<c@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Perm error
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> d@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> d@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 ** CALLER@test.ex R=bounce: just discard
1999-03-02 09:44:33 10HmaY-0005vi-00 CALLER@test.ex: error ignored
1999-03-02 09:44:33 10HmbO-0005vi-00 CALLER@test.ex: error ignored
1999-03-02 09:44:33 10HmbO-0005vi-00 Completed
1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbP-0005vi-00 => w@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmbP-0005vi-00 -> x@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmbP-0005vi-00 -> y@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmbP-0005vi-00 -> z@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbP-0005vi-00 => w@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmbP-0005vi-00 -> x@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmbP-0005vi-00 -> y@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmbP-0005vi-00 -> z@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbP-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qq
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => b@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1]*
+1999-03-02 09:44:33 10HmaY-0005vi-00 => b@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qq
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 ** b@test.ex F=<CALLER@test.ex> R=client T=send_to_server: SMTP error from remote mail server after RCPT TO:<b@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Unknown
1999-03-02 09:44:33 10HmbD-0005vi-00 <= <> R=10HmbA-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbC-0005vi-00 => c@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1]*
+1999-03-02 09:44:33 10HmbC-0005vi-00 => c@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK"
1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<uncheckable2@localhost1> rejected RCPT <z@test.ex>: Sender verify failed
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable@localhost1>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550-Multiline error for <>\n550 Here's the second line
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<uncheckable@localhost1> rejected RCPT <z@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: (recipient): response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: (recipient): response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second
1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> temporarily rejected RCPT <z@remote.domain>: Could not complete recipient verify callout
1999-03-02 09:44:33 10HmaX-0005vi-00 H=[V4NET.0.0.4] U=root F=<uncheckable@localhost1> rejected after DATA: there is no valid sender in any header line
1999-03-02 09:44:33 10HmaY-0005vi-00 H=[V4NET.0.0.4] U=root F=<uncheckable@localhost1> rejected after DATA: there is no valid sender in any header line
1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: relay not permitted
1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for <ok@localhost1>: response to "RCPT TO:<postmaster@localhost1>" from 127.0.0.1 [127.0.0.1] was: 550 Don't like postmaster
-1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: (postmaster): Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: (recipient): response to "RCPT TO:<z@remote.lmtp>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
+1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: response to "RCPT TO:<z@remote.lmtp>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: response to "initial connection" from 127.0.0.1 [127.0.0.1] was: connection dropped
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost1> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 => a <a@test.ex> R=rewrite2 T=local_delivery_rewrite
1999-03-02 09:44:33 10HmaX-0005vi-00 => b <b@test.ex> R=no_rewrite T=local_delivery
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@domain1 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@domain1 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> a@domain3 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@domain3 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@domain1 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@domain1 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> a@domain3 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@domain3 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => abc@x.y.z R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => abc@x.y.z R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => abc@x.y.z R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => abc@x.y.z R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 => userx <userx@myhost.test.ex> P=<abc=userx+myhost.test.ex@verp.domain> R=r2 T=t2
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= pqr@x.y.z U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@myhost.test.ex P=<pqr=userx+myhost.test.ex@verp.domain> R=r3 T=t3 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => phil@myhost.test.ex P=<pqr=phil+myhost.test.ex@verp.domain> R=r3 T=t3 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@myhost.test.ex P=<pqr=userx+myhost.test.ex@verp.domain> R=r3 T=t3 H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => phil@myhost.test.ex P=<pqr=phil+myhost.test.ex@verp.domain> R=r3 T=t3 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaZ-0005vi-00 ** fail@myhost.test.ex P=<pqr=fail+myhost.test.ex@verp.domain> R=r3 T=t3: SMTP error from remote mail server after RCPT TO:<fail@myhost.test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK
1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> R=10HmaZ-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 => lmn <lmn@myhost.test.ex> P=<> R=r0 T=t0
1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found ""
1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return2@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found ""
1999-03-02 09:44:33 10HmaX-0005vi-00 == no.hosts@test.ex R=no_hosts T=no_hosts defer (-1): no_hosts transport called with no hosts set
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> userx@test.ex R=good T=remote_delivery H=V4NET.0.0.1 [V4NET.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> userx@test.ex R=good T=remote_delivery H=V4NET.0.0.1 [V4NET.0.0.1] C="delivery bypassed by -N option"
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found ""
1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return2@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found ""
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 ** c@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:<c@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK
1999-03-02 09:44:33 10HmaX-0005vi-00 ** d@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:<d@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK
-1999-03-02 09:44:33 10HmaX-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <CALLER@test.ex> R=bounces
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaZ-0005vi-00 ** c@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:<c@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK
1999-03-02 09:44:33 10HmaZ-0005vi-00 ** d@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:<d@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => g@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> h@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => g@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> h@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> R=10HmaZ-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <CALLER@test.ex> R=bounces
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 ** c@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:<c@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK
1999-03-02 09:44:33 10HmaX-0005vi-00 ** d@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:<d@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK
-1999-03-02 09:44:33 10HmaX-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 => f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 Start queue run: pid=pppp
1999-03-02 09:44:33 10HmaZ-0005vi-00 ** a@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:<a@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK
1999-03-02 09:44:33 10HmaZ-0005vi-00 ** b@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:<b@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => c@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> d@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => c@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> d@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaZ-0005vi-00 ** e@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:<e@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK
1999-03-02 09:44:33 10HmaZ-0005vi-00 ** f@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:<f@test.ex>: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => g@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> h@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => g@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> h@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> R=10HmaZ-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp
1999-03-02 09:44:33 10HmaX-0005vi-00 == b@test.ex R=all T=smtp defer (-53): connection limit reached for all hosts
-1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 *> userx@t1 R=r1 T=t1 H=host.1:host.2
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> userx@t2 R=r2 T=t2 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> userx@t2 R=r2 T=t2 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 => abc <abc@test.ex> R=r1 T=t1 S=sss ST=t3
-1999-03-02 09:44:33 10HmaX-0005vi-00 => xyz1@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> xyz2@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 => xyz3@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => xyz1@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> xyz2@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => xyz3@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> x@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> y@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> x@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> y@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 *> x@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2]
-1999-03-02 09:44:33 10HmaY-0005vi-00 *> y@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2]
+1999-03-02 09:44:33 10HmaY-0005vi-00 *> x@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaY-0005vi-00 *> y@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@test.again.dns R=r2 defer (-1): host lookup did not complete
1999-03-02 09:44:33 10HmaY-0005vi-00 == ok@no.delay R=r1 T=t1 defer (0): SMTP delivery explicitly queued
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@test.again.dns routing defer (-51): reusing SMTP connection skips previous routing defer
-1999-03-02 09:44:33 10HmaY-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]*
+1999-03-02 09:44:33 10HmaY-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@test.again.dns routing defer (-51): retry time not reached
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@test.again.dns R=r2 defer (-1): host lookup did not complete
1999-03-02 09:44:33 10HmaY-0005vi-00 == ok@no.delay R=r1 T=t1 defer (0): SMTP delivery explicitly queued
-1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@test.again.dns routing defer (-51): reusing SMTP connection skips previous routing defer
-1999-03-02 09:44:33 10HmaY-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]*
+1999-03-02 09:44:33 10HmaY-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK"
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@xxx R=remote T=send_to_server H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaY-0005vi-00 -> usery@xxx R=remote T=send_to_server H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@xxx R=remote T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 -> usery@xxx R=remote T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 == defer@test.ex <cms@test.ex> R=r2 defer (-1): Forcibly deferred
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> unknown@recurse.test.ex.test.ex <cms@test.ex> R=r1 T=t1 H=recurse.test.ex.test.ex [V4NET.99.0.2]
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> unknown@recurse.test.ex.test.ex <cms@test.ex> R=r1 T=t1 H=recurse.test.ex.test.ex [V4NET.99.0.2] C="delivery bypassed by -N option"
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 == defer@test.ex <cms@test.ex> R=r2 defer (-1): Forcibly deferred
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => aa@bb <Aa%Bb@Cc> R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => aa@bb <Aa%Bb@Cc> R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]*
+1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]* C="250 OK"
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]*
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]* C="250 OK"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]*
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]* C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 10HmaX-0005vi-00 => a1 <a1@myhost.test.ex> R=u1 T=ut1
1999-03-02 09:44:33 10HmaX-0005vi-00 ** b1@myhost.test.ex R=ut2 T=ut2: Child process of ut2 transport returned 127 (could mean unable to exec or command does not exist) from command: /non/existent/file
1999-03-02 09:44:33 10HmaX-0005vi-00 == c1@myhost.test.ex R=ut3 T=ut3 defer (0): Child process of ut3 transport returned 127 (could mean unable to exec or command does not exist) from command: /non/existent/file
-1999-03-02 09:44:33 10HmaX-0005vi-00 => d1@myhost.test.ex R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => d1@myhost.test.ex R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 == d2@myhost.test.ex R=ut4 T=ut4 defer (-44): SMTP error from remote mail server after RCPT TO:<d2@myhost.test.ex>: host 127.0.0.1 [127.0.0.1]: 450 soft error
1999-03-02 09:44:33 10HmaX-0005vi-00 ** d3@myhost.test.ex R=ut4 T=ut4: SMTP error from remote mail server after RCPT TO:<d3@myhost.test.ex>: host 127.0.0.1 [127.0.0.1]: 550 hard error
1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => xxx@a.b <pre-xxx@a.b> R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> xxx@a.b <xxx+post@a.b> R=r2 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => xxx@a.b <pre-xxx@a.b> R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> xxx@a.b <xxx+post@a.b> R=r2 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => pre-xxx@a.b R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaY-0005vi-00 -> xxx+post@a.b R=r2 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => pre-xxx@a.b R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaY-0005vi-00 -> xxx+post@a.b R=r2 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 => xxx <pre.xxx@a.b> R=r3 T=t2
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 == x3@y3 R=r1 T=t1 defer (0): SMTP delivery explicitly queued
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaX-0005vi-00 => x1@y1 R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => x1@y1 R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => x3@y3 R=r1 T=t1 H=127.0.0.1 [127.0.0.1]*
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => x3@y3 R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => x2@y2 R=r1 T=t1 H=127.0.0.1 [127.0.0.1]*
+1999-03-02 09:44:33 10HmaY-0005vi-00 => x2@y2 R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 V4NET.0.0.1 [V4NET.0.0.1] Network Error
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 V4NET.0.0.1 [V4NET.0.0.1] Network Error
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 V4NET.0.0.1 [V4NET.0.0.1] Network Error
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 ** userx@test.ex R=r1 T=t1: retry time not reached for any host after a long failure period
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> x@srv01.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]:25
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> x@srv01.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]:25 C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 *> x@srv03.test.ex R=r1 T=t1 H=ten-4.test.ex [V4NET.0.0.4]:88
+1999-03-02 09:44:33 10HmaY-0005vi-00 *> x@srv03.test.ex R=r1 T=t1 H=ten-4.test.ex [V4NET.0.0.4]:88 C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => x@srv27.test.ex R=r1 T=t1 H=localhost.test.ex [127.0.0.1]:1224
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => x@srv27.test.ex R=r1 T=t1 H=localhost.test.ex [127.0.0.1]:1224 C="250 OK"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => 127.0.0.1@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => 127.0.0.1@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
******** SERVER ********
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 => userx <userx@myhost.test.ex> R=r3 T=t1
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx <userx@myhost.test.ex> R=r3 T=t1
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
**NOTE: The delivery lines in this file have been sorted.
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> a@test.ex P=<a@aa> R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 *> b@test.ex P=<b@aa> R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> a@test.ex P=<a@aa> R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaX-0005vi-00 *> b@test.ex P=<b@aa> R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 *> a@test.ex P=<a@aa> R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaY-0005vi-00 *> b@test.ex P=<b@aa> R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 *> a@test.ex P=<a@aa> R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option"
+1999-03-02 09:44:33 10HmaY-0005vi-00 *> b@test.ex P=<b@aa> R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 => /dev/null <blackhole@test.ex> R=bh T=**bypassed**
1999-03-02 09:44:33 10HmaY-0005vi-00 ** xyz@test.ex R=r9 T=t1: Connection refused
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => a@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaZ-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => a@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 ** a@x.y R=r9 T=t1: SMTP error from remote mail server after RCPT TO:<b@x.y>: host 127.0.0.1 [127.0.0.1]: 550 NOTOK
1999-03-02 09:44:33 10HmbC-0005vi-00 ** b@x.y R=r9 T=t1: SMTP error from remote mail server after MAIL FROM:<CALLER@myhost.test.ex>: host 127.0.0.1 [127.0.0.1]: 450 TEMPORARY MAIL FAIL
1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbD-0005vi-00 => pm@p.q <postmaster@x.y> R=r9 T=t1 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmbD-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbD-0005vi-00 => pm@p.q <postmaster@x.y> R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmbD-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbE-0005vi-00 ** file@x.y routing yielded a local delivery
1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
1999-03-02 09:44:33 Daemon cannot be run when mua_wrapper is set
1999-03-02 09:44:33 10HmbJ-0005vi-00 <= sen@der U=CALLER P=local-esmtp S=sss
-1999-03-02 09:44:33 10HmbJ-0005vi-00 => a@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmbJ-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbJ-0005vi-00 => a@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmbJ-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbK-0005vi-00 <= sen@der U=CALLER P=local-esmtp S=sss
1999-03-02 09:44:33 10HmbK-0005vi-00 127.0.0.1 [127.0.0.1] Connection refused
+1999-03-02 09:44:33 X-ACL-Warn: data1 data1\nX-ACL-Warn: data2 data2\nX-ACL-Warn: data3\nX-ACL-Warn: \nX-ACL-Warn: data4\nAfter-Received: some text\nAt-Start: some text\nAt-End: some text\nX-multiline: foo\n\n bar
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-smtp S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 => someone <someone@el.se> R=r9 T=t1
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 U=CALLER sender verify fail for <unknown@x.x.x.x>: response to "RCPT TO:<unknown@x.x.x.x>" from 127.0.0.1 [127.0.0.1] was: 550 unrouteable address
-1999-03-02 09:44:33 U=CALLER F=<unknown@x.x.x.x> rejected RCPT <unknown@u.u.u.u>: Sender verify failed
+1999-03-02 09:44:33 U=CALLER sender verify defer for <unknown@x.x.x.x>: Could not complete sender verify callout
+1999-03-02 09:44:33 U=CALLER F=<unknown@x.x.x.x> temporarily rejected RCPT <unknown@u.u.u.u>: Could not complete sender verify callout
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 450 TEMPERROR
-1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@test.ex F=<CALLER@myhost.test.ex> R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 ** userx@test.ex: retry timeout exceeded
1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER <CALLER@myhost.test.ex> F=<> R=bounces T=t1
1999-03-02 09:44:33 received_protocol=protocol
1999-03-02 09:44:33 sender_host_name=hostname
1999-03-02 09:44:33 sender_ident=ident
-1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=hostname [5.6.7.8] U=ident P=protocol A=authname:authid S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=hostname [5.6.7.8] U=ident P=protocol A=authname:authid:authsender S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 SMTP error from remote mail server after RCPT TO:<usery@domain1>: host thisloop.test.ex [127.0.0.1]: 451 Later, please
1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@domain1 R=smarthost T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:<usery@domain1>: host thisloop.test.ex [127.0.0.1]: 451 Later, please
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=smarthost T=smtp H=thisloop.test.ex [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=smarthost T=smtp H=thisloop.test.ex [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@domain1 routing defer (-51): retry time not reached
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=smarthost T=smtp defer (0): SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex routing defer (-51): retry time not reached
+1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after RCPT TO:<userx@test.ex>: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred
+1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred
+1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=smarthost T=smtp defer (0): SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 SMTP error from remote mail server after RCPT TO:<usery@test.ex>: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred
-1999-03-02 09:44:33 10HmaY-0005vi-00 SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred
-1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@test.ex R=smarthost T=smtp defer (0): SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred
+1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@test.ex R=smarthost T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:<usery@test.ex>: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex routing defer (-51): retry time not reached
+1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after RCPT TO:<userx@test.ex>: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred
+1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred
+1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=smarthost T=smtp defer (0): SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred
1999-03-02 09:44:33 10HmaY-0005vi-00 SMTP error from remote mail server after RCPT TO:<usery@test.ex>: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred
-1999-03-02 09:44:33 10HmaY-0005vi-00 SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred
-1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@test.ex R=smarthost T=smtp defer (0): SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred
+1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@test.ex R=smarthost T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:<usery@test.ex>: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred
1999-03-02 09:44:33 End queue run: pid=pppp
******** SERVER ********
1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred
1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <userx@test.ex>: Recipient deferred
1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred
-1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <usery@test.ex>: Recipient deferred
+1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <userx@test.ex>: Recipient deferred
1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred
1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <usery@test.ex>: Recipient deferred
+1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <userx@test.ex>: Recipient deferred
1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred
+1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <usery@test.ex>: Recipient deferred
1999-03-02 09:44:33 10HmaX-0005vi-00 == userx3@test.ex R=r1 T=t1 defer (dd): Connection timed out: SMTP timeout while connected to 127.0.0.1 [127.0.0.1] after MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx1@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx2@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx3@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx1@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx2@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx3@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 == userx3@test.ex R=t1 T=smtp defer (dd): Connection timed out: SMTP timeout while connected to 127.0.0.1 [127.0.0.1] after RCPT TO:<userx1@test.ex>
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx1@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx2@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx3@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx1@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx2@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx3@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 == x@y R=r1 T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:<x@y>: host 127.0.0.1 [127.0.0.1]: 451 Temporary error
-1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 Start queue run: pid=pppp -qq
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 10HmaZ-0005vi-00 no immediate delivery: load average 0.01
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 10HmbA-0005vi-00 no immediate delivery: load average 0.01
-1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]*
+1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qq
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 Start queue run: pid=pppp -qq
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 10HmbB-0005vi-00 no immediate delivery: load average 0.01
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 10HmbC-0005vi-00 no immediate delivery: load average 0.02
-1999-03-02 09:44:33 10HmbA-0005vi-00 => usery@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]*
+1999-03-02 09:44:33 10HmbA-0005vi-00 => usery@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qq
1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-smtp S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-smtp S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=dnslookup T=remote_smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=dnslookup T=remote_smtp H=127.0.0.1 [127.0.0.1] C="250 OK (wizzle)"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-smtp S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => x@test.ex R=hdronly_dnslookup T=remote_smtp_hdrs H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => x@test.ex R=hdronly_dnslookup T=remote_smtp_hdrs H=127.0.0.1 [127.0.0.1] C="250 OK (wizzle)"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
--- /dev/null
+1999-03-02 09:44:33 ignoring AUTH=x@y from U=CALLER (client not authenticated)
+1999-03-02 09:44:33 ignoring AUTH=x@y from U=CALLER (client not authenticated)
+1999-03-02 09:44:33 ignoring AUTH=x@y from U=CALLER (client not authenticated)
+1999-03-02 09:44:33 U=CALLER F=<x@y> rejected RCPT <userx@test.ex>: SIZE value too big
+1999-03-02 09:44:33 U=CALLER F=<x@y> rejected RCPT <userx@test.ex>: SIZE value too big
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss M8S=0
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx <userx@test.ex> R=r2 T=local_delivery
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss M8S=7
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx <userx@test.ex> R=r2 T=local_delivery
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss M8S=8
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx <userx@test.ex> R=r2 T=local_delivery
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 SMTP call from CALLER dropped: too many syntax or protocol errors (last command was "foo")
--- /dev/null
+1999-03-02 09:44:33 U=CALLER F=<mailok@test.ex> rejected RCPT <notok@test.ex>
+1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER Warning: Verified previously removed header X-Rcpt-2
+1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER Warning: Verified removed header X-Data-3 in this ACL still visible
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= mailok@test.ex U=CALLER P=local-smtp S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 => rcptok <rcptok@test.ex> R=r1 T=t1
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 => rcptok <rcptok@test.ex> R=r1 T=t1
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 U=CALLER temporarily rejected connection in "connect" ACL: cannot use remove_header condition in connection ACL
1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbC-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1] C="250 OK id=10HmbD-0005vi-00"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1]
+1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1] C="250 OK id=10HmbE-0005vi-00"
1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
-1999-03-02 09:44:33 10HmbB-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1]
+1999-03-02 09:44:33 10HmbB-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1] C="250 OK id=10HmbF-0005vi-00"
1999-03-02 09:44:33 10HmbB-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=client T=send_to_server defer (-1): failed to expand "interface" option for send_to_server transport: internal expansion of "<; ${if" failed: condition name expected, but found ""
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (certificate verification failed): invalid
1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
-1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate.
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
-1999-03-02 09:44:33 10HmaY-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
-1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 a TLS session is required for 127.0.0.1 [127.0.0.1], but the server did not offer TLS support
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (certificate verification failed): invalid
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 TLS error on connection from (rhu5.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid
1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): A TLS packet with unexpected length was received.
-1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason.
+1999-03-02 09:44:33 TLS error on connection from (rhu7.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): revoked
1999-03-02 09:44:33 H=[127.0.0.1] F=<userx@test.ex> rejected RCPT <userx@test.ex>: certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=abc T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=abc T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after STARTTLS: host 127.0.0.1 [127.0.0.1]: 450 temp problem
1999-03-02 09:44:33 10HmaX-0005vi-00 == x@y R=client T=send_to_server defer (0): SMTP error from remote mail server after STARTTLS: host 127.0.0.1 [127.0.0.1]: 450 temp problem
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 H=localhost (myhost.test.ex) [127.0.0.1] F=<CALLER@myhost.test.ex> temporarily rejected RCPT <usery@myhost.test.ex>
1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after RCPT TO:<usery@myhost.test.ex>: host 127.0.0.1 [127.0.0.1]: 451 Temporary local problem - please try later
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaX-0005vi-00@myhost.test.ex
1999-03-02 09:44:33 10HmaY-0005vi-00 => userx <userx@myhost.test.ex> R=r0 T=t2
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@myhost.test.ex R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaX-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@myhost.test.ex R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 => usery <usery@myhost.test.ex> R=r0 T=t2
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (gnutls_handshake): A TLS packet with unexpected length was received.
1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
-1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
-1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLSv1:AES256-SHA:256 S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLSv1:AES256-SHA:256 S=sss
1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER <CALLER@test.ex> R=abc T=local_delivery
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
-1999-03-02 09:44:33 10HmaY-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
-1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 a TLS session is required for 127.0.0.1 [127.0.0.1], but the server did not offer TLS support
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:DES-CBC3-SHA:168 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:DES-CBC3-SHA:168 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls)
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=abc T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=abc T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after STARTTLS: host 127.0.0.1 [127.0.0.1]: 450 temp problem
1999-03-02 09:44:33 10HmaX-0005vi-00 == x@y R=client T=send_to_server defer (0): SMTP error from remote mail server after STARTTLS: host 127.0.0.1 [127.0.0.1]: 450 temp problem
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (SSL_connect): error: <<detail omitted>>
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:DES-CBC3-SHA:168 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:DES-CBC3-SHA:168 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after RCPT TO:<usery@myhost.test.ex>: host 127.0.0.1 [127.0.0.1]: 451 Temporary local problem - please try later
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
-1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@myhost.test.ex R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@myhost.test.ex R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
******** SERVER ********
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (SSL_connect): error: <<detail omitted>>
1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls)
-1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=login:userx:CALLER@myhost.test.ex C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=plain C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 plain authenticator failed H=127.0.0.1 [127.0.0.1] 535 Sorry, authentication failed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] C="250 OK"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbA-0005vi-00 Remote host 127.0.0.1 [127.0.0.1] closed connection in response to AUTH LOGIN
1999-03-02 09:44:33 10HmbE-0005vi-00 Frozen (delivery error message)
1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbF-0005vi-00 => forcesender@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbF-0005vi-00 => forcesender@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=login:userx:force@x.y.z C="250 OK"
1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmbG-0005vi-00 login authenticator cancelled authentication H=127.0.0.1 [127.0.0.1] Invalid base64 string in server response "334 User?"
1999-03-02 09:44:33 10HmbH-0005vi-00 Frozen (delivery error message)
1999-03-02 09:44:33 10HmbG-0005vi-00 Completed
1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmbI-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmbI-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=xlogin:challenge-1:CALLER@myhost.test.ex C="250 OK"
1999-03-02 09:44:33 10HmbI-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=login C="250 OK"
1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 ** x@test.ex R=local: no deliveries made locally
1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
-1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@myhost.test.ex R=remote T=smtp H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@myhost.test.ex R=remote T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" A=plain C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" A=plain C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 A=plain:userx S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 A=plain C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=login:usery S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] A=login C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmbA-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qqf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLSv1:AES256-SHA:256 A=plain:userx S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 A=plain C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 Start queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=login:usery S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] A=login C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp -qf
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=cram_md5 C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=t1 H=127.0.0.1 [127.0.0.1] A=spa C="250 OK id=10HmaY-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 End queue run: pid=pppp
1999-03-02 09:44:33 10HmaY-0005vi-00 sender address changed to <bad@test.ex> by CALLER
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
-1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=spa S=sss id=E10HmaX-0005vi-00@myhost.test.ex
-1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=spa:username S=sss id=E10HmaX-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data (set_id=username)
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
--- /dev/null
+1999-03-02 09:44:33 rcpt for userx@domain.com
+1999-03-02 09:44:33 10HmaX-0005vi-00 >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 rcpt for userz@domain.com
+1999-03-02 09:44:33 10HmaY-0005vi-00 >> userz@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 rcpt for usery@domain.com
+1999-03-02 09:44:33 rcpt for userx@domain.com
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 -> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
--- /dev/null
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaY-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 no immediate delivery: queued by ACL
+1999-03-02 09:44:33 10HmaY-0005vi-00 >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaX-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 no immediate delivery: queued by ACL
+1999-03-02 09:44:33 10HmbA-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbC-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 no immediate delivery: queued by ACL
+1999-03-02 09:44:33 10HmbC-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
--- /dev/null
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaY-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 no immediate delivery: queued by ACL
+1999-03-02 09:44:33 10HmaY-0005vi-00 >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C="250 OK id=10HmaX-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmaZ-0005vi-00 no immediate delivery: queued by ACL
+1999-03-02 09:44:33 10HmbA-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbC-0005vi-00@myhost.test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 no immediate delivery: queued by ACL
+1999-03-02 09:44:33 10HmbC-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
--- /dev/null
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaY-0005vi-00 PRDR R=<userx@test.ex> acceptance
+1999-03-02 09:44:33 10HmaY-0005vi-00 PRDR R=<usery@test.ex> temporary refusal
+1999-03-02 09:44:33 10HmaY-0005vi-00 PRDR R=<userz@test.ex> refusal
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=(rhu.barb) [127.0.0.1] P=esmtp PRDR S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx <userx@test.ex> R=r0 T=t1
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaX-0005vi-00 PRDR R=<userp@test.ex> acceptance
+1999-03-02 09:44:33 10HmaX-0005vi-00 PRDR R=<userq@test.ex> acceptance
+1999-03-02 09:44:33 10HmaX-0005vi-00 H=(rhu.barb) [127.0.0.1] F=<> rejected after DATA
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=(rhu.barb) [127.0.0.1] P=esmtp S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => user1 <user1@test.ex> R=r0 T=t1
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<usery@test.ex> temporary refusal
+1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R=<usery@test.ex> temporary refusal
+1999-03-02 09:44:33 10HmbB-0005vi-00 PRDR R=<userz@test.ex> refusal
+1999-03-02 09:44:33 10HmbB-0005vi-00 PRDR R=<userz@test.ex> refusal
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= userx@test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] PRDR C="250 first rcpt was good"
+1999-03-02 09:44:33 10HmaX-0005vi-00 -> userz@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] PRDR C="250 second rcpt was good"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= userx@test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaY-0005vi-00 => user2.1@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK got that"
+1999-03-02 09:44:33 10HmaY-0005vi-00 -> user2.2@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK got that"
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= userx@test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => usery@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] PRDR C="250 first rcpt was good"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 == userz@test.ex R=r0 T=t1 defer (0): PRDR error after DATA: 450 cannot handle second rcpt right now
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbA-0005vi-00 => userp@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] PRDR C="250 first rcpt was good"
+1999-03-02 09:44:33 10HmbA-0005vi-00 ** userq@test.ex R=r0 T=t1: PRDR error after DATA: 550 second rcpt does not like content
+1999-03-02 09:44:33 10HmbA-0005vi-00 Frozen (delivery error message)
+1999-03-02 09:44:33 10HmaZ-0005vi-00 == userz@test.ex routing defer (-51): retry time not reached
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= <> U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbB-0005vi-00 ** user5.1@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 550 oops, overall rejection
+1999-03-02 09:44:33 10HmbB-0005vi-00 ** user5.2@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 550 oops, overall rejection
+1999-03-02 09:44:33 10HmbB-0005vi-00 Frozen (delivery error message)
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbC-0005vi-00 ** user6.1@test.ex R=r0 T=t1: SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 550 naah mate
+1999-03-02 09:44:33 10HmbC-0005vi-00 ** user6.2@test.ex R=r0 T=t1: SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 550 naah mate
+1999-03-02 09:44:33 10HmbC-0005vi-00 Frozen (delivery error message)
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= <> U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbD-0005vi-00 == user7.1@test.ex R=r0 T=t1 defer (-46): SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 450 oops, try again later please
+1999-03-02 09:44:33 10HmbD-0005vi-00 == user7.2@test.ex R=r0 T=t1 defer (-46): SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 450 oops, try again later please
+1999-03-02 09:44:33 10HmbD-0005vi-00 == user7.3@test.ex R=r0 T=t1 defer (-46): SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 450 oops, try again later please
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbE-0005vi-00 => user8.1@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK, got that"
+1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
--- /dev/null
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; responding
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; not responding
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; not responding
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER@test.ex R=client T=send_to_server2 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbB-0005vi-00 Received TLS status response, null content
+1999-03-02 09:44:33 10HmbB-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <<detail omitted>>
+1999-03-02 09:44:33 10HmbB-0005vi-00 == CALLER@test.ex R=client T=send_to_server2 defer (-37): failure while setting up TLS session
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbC-0005vi-00 Server certificate revoked; reason: superseded
+1999-03-02 09:44:33 10HmbC-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <<detail omitted>>
+1999-03-02 09:44:33 10HmbC-0005vi-00 == CALLER@test.ex R=client T=send_to_server2 defer (-37): failure while setting up TLS session
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmbD-0005vi-00 Server OSCP dates invalid
+1999-03-02 09:44:33 10HmbD-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <<detail omitted>>
+1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server2 defer (-37): failure while setting up TLS session
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaX-0005vi-00@server1.example.com
+1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <nostaple@test.ex> R=server
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com
+1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <CALLER@test.ex> R=server
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; not responding
+1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
+1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding
+1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
+1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding
+1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <<detail omitted>>
+1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?)
1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaX-0005vi-00 46c.test.ex [V6NET:ffff:836f:a00:a:800:200a:c033] Network Error
-1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@mx46cd.test.ex R=lookuphost T=smtp H=46d.test.ex [ip4.ip4.ip4.ip4]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@mx46cd.test.ex R=lookuphost T=smtp H=46d.test.ex [ip4.ip4.ip4.ip4] C="250 OK"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 46c.test.ex [V6NET:ffff:836f:a00:a:800:200a:c033] Network Error
-1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@mx46cd.test.ex R=lookuphost T=smtp H=46d.test.ex [ip4.ip4.ip4.ip4]
+1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@mx46cd.test.ex R=lookuphost T=smtp H=46d.test.ex [ip4.ip4.ip4.ip4] C="250 OK"
1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 10HmaZ-0005vi-00 46d.test.ex [ip4.ip4.ip4.ip4] Connection refused
1999-03-02 09:44:33 10HmaY-0005vi-00 == ok@no.delay R=r1 T=t1 defer (0): SMTP delivery explicitly queued
1999-03-02 09:44:33 10HmaY-0005vi-00 recipient <delay@2.test.again.dns> added by root
1999-03-02 09:44:33 Start queue run: pid=pppp
-1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@2.test.again.dns R=r2 defer (-1): host lookup did not complete
1999-03-02 09:44:33 10HmaY-0005vi-00 == ok@no.delay R=r1 T=t1 defer (-45): SMTP error from remote mail server after MAIL FROM:<CALLER@test.ex> SIZE=1325: host 127.0.0.1 [127.0.0.1]: 421 myhost.test.ex: SMTP command timeout - closing connection
X-Was-Remove-Me: >this header is to be removed<
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaY-0005vi-00
+ for userx@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Another: This is another header
+Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+X-Was-Remove-Me: >this header is to be removed<
+X-Was-Remove-Me-Also: >me too!<
+
+
Date: Tue, 2 Mar 1999 09:44:33 +0000
X-ACL-Warn: data1 data1
X-ACL-Warn: data2 data2
+X-ACL-Warn: data3
+X-ACL-Warn:
+X-ACL-Warn: data4
At-End: some text
+X-multiline: foo
+ bar
Testing message
--- /dev/null
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from CALLER (helo=Testing)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaX-0005vi-00
+ for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Subject: test
+Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+foo
+
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from CALLER (helo=Testing)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaY-0005vi-00
+ for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Subject: test
+Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+foo
+
+From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
+Received: from CALLER (helo=Testing)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaZ-0005vi-00
+ for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Subject: test
+Message-Id: <E10HmaZ-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+foo
+
--- /dev/null
+From mailok@test.ex Tue Mar 02 09:44:33 1999
+Received: from CALLER by myhost.test.ex with local-smtp (Exim x.yz)
+ (envelope-from <mailok@test.ex>)
+ id 10HmaX-0005vi-00
+ for rcptok@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+cond: accept
+X-Data-2: Line two
+X-Data-5: Line five
+X-Not-1: Testing wildcard one
+X-Not-2: Testing wildcard two
+X-Rcpt-1: Line six
+X-Rcpt-3: Line eight
+X-Rcpt-5: Line ten
+X-Mail-2: Line twelve
+X-Mail-3: Line thirteen
+X-Mail-4: Line fourteen is also really long, but it won't get
+ removed by these ACL's.
+X-Mail-5: Line fifteen
+X-Predata-5: Line sixteen
+X-Predata-4: Line seventeen
+X-Predata-2: Line nineteen
+X-NotSMTP-1: Line twenty-one
+X-NotSMTP-2: Line twenty-two
+X-NotSMTP-3: Line twenty-three
+Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+From: mailok@test.ex
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+RCPT: denied notok
+
+Test message
+
+From CALLER@test.ex Tue Mar 02 09:44:33 1999
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <CALLER@test.ex>)
+ id 10HmaY-0005vi-00
+ for rcptok@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@test.ex>
+
+Test non-SMTP message. Make sure it doesn't blow up when a header
+it wants to remove is not present. This one also overrides the
+fixup of adding a Date header because we specified to remove it!
+Allow the admin to shoot himself in the foot if he really and
+truly wants to.
+
This is a test encrypted message.
+From "name with spaces"@test.ex Tue Mar 02 09:44:33 1999
+Received: from [127.0.0.1]
+ by myhost.test.ex with smtps (TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256)
+ (Exim x.yz)
+ (envelope-from <"name with spaces"@test.ex>)
+ id 10HmaY-0005vi-00
+ for CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+tls-certificate-verified: 0
+TLS: cipher=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 peerdn=
+
+This is a test encrypted message.
+
From CALLER@test.ex Tue Mar 02 09:44:33 1999
Received: from [ip4.ip4.ip4.ip4]
by myhost.test.ex with smtps (TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256)
(Exim x.yz)
(envelope-from <CALLER@test.ex>)
- id 10HmaY-0005vi-00
+ id 10HmaZ-0005vi-00
for CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
tls-certificate-verified: 1
TLS: cipher=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock
This is a test encrypted message.
+From "name with spaces"@test.ex Tue Mar 02 09:44:33 1999
+Received: from [127.0.0.1]
+ by myhost.test.ex with smtps (TLSv1:AES256-SHA:256)
+ (Exim x.yz)
+ (envelope-from <"name with spaces"@test.ex>)
+ id 10HmaY-0005vi-00
+ for CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+tls-certificate-verified: 0
+TLS: cipher=TLSv1:AES256-SHA:256 peerdn=
+
+This is a test encrypted message.
+
From CALLER@test.ex Tue Mar 02 09:44:33 1999
Received: from [ip4.ip4.ip4.ip4]
by myhost.test.ex with smtps (TLSv1:AES256-SHA:256)
(Exim x.yz)
(envelope-from <CALLER@test.ex>)
- id 10HmaY-0005vi-00
+ id 10HmaZ-0005vi-00
for CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
tls-certificate-verified: 1
TLS: cipher=TLSv1:AES256-SHA:256 peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock
--- /dev/null
+From MAILER-DAEMON Tue Mar 02 09:44:33 1999
+Received: from [127.0.0.1] (helo=rhu.barb)
+ by myhost.test.ex with esmtp (Exim x.yz)
+ id 10HmaZ-0005vi-00
+ for user1@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Sender: sender@some.where
+
+
--- /dev/null
+From MAILER-DAEMON Tue Mar 02 09:44:33 1999
+Received: from [127.0.0.1] (helo=rhu.barb)
+ by myhost.test.ex with esmtp (Exim x.yz)
+ id 10HmaY-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
+Sender: sender@some.where
+
+
--- /dev/null
+1999-03-02 09:44:33 Received from CALLER@myhost.test.ex U=CALLER P=local S=sss
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<uncheckable2@localhost1> rejected RCPT <z@test.ex>: Sender verify failed
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for <uncheckable@localhost1>: response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550-Multiline error for <>\n550 Here's the second line
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<uncheckable@localhost1> rejected RCPT <z@test.ex>: Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: (recipient): response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: (recipient): response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second
1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> temporarily rejected RCPT <z@remote.domain>: Could not complete recipient verify callout
1999-03-02 09:44:33 10HmaX-0005vi-00 H=[V4NET.0.0.4] U=root F=<uncheckable@localhost1> rejected after DATA: there is no valid sender in any header line
Envelope-from: <uncheckable@localhost1>
F From: abcd@x.y.z
1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: relay not permitted
1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for <ok@localhost1>: response to "RCPT TO:<postmaster@localhost1>" from 127.0.0.1 [127.0.0.1] was: 550 Don't like postmaster
-1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: (postmaster): Sender verify failed
-1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: (recipient): response to "RCPT TO:<z@remote.lmtp>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
+1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: Sender verify failed
+1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: response to "RCPT TO:<z@remote.lmtp>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: response to "initial connection" from 127.0.0.1 [127.0.0.1] was: connection dropped
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F=<bad@localhost1> temporarily rejected RCPT <z@test.ex>: Could not complete sender verify callout
1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for <bad@localhost1>: could not connect to 127.0.0.1 [127.0.0.1]: Connection refused
-1999-03-02 09:44:33 U=CALLER sender verify fail for <unknown@x.x.x.x>: response to "RCPT TO:<unknown@x.x.x.x>" from 127.0.0.1 [127.0.0.1] was: 550 unrouteable address
-1999-03-02 09:44:33 U=CALLER F=<unknown@x.x.x.x> rejected RCPT <unknown@u.u.u.u>: Sender verify failed
+1999-03-02 09:44:33 U=CALLER sender verify defer for <unknown@x.x.x.x>: Could not complete sender verify callout
+1999-03-02 09:44:33 U=CALLER F=<unknown@x.x.x.x> temporarily rejected RCPT <unknown@u.u.u.u>: Could not complete sender verify callout
1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred
1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <userx@test.ex>: Recipient deferred
1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred
-1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <usery@test.ex>: Recipient deferred
+1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <userx@test.ex>: Recipient deferred
1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred
1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <usery@test.ex>: Recipient deferred
+1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <userx@test.ex>: Recipient deferred
1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred
+1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F=<CALLER@test.ex> temporarily rejected RCPT <usery@test.ex>: Recipient deferred
--- /dev/null
+1999-03-02 09:44:33 U=CALLER F=<x@y> rejected RCPT <userx@test.ex>: SIZE value too big
+1999-03-02 09:44:33 U=CALLER F=<x@y> rejected RCPT <userx@test.ex>: SIZE value too big
+1999-03-02 09:44:33 SMTP call from CALLER dropped: too many syntax or protocol errors (last command was "foo")
--- /dev/null
+1999-03-02 09:44:33 U=CALLER F=<mailok@test.ex> rejected RCPT <notok@test.ex>
+1999-03-02 09:44:33 U=CALLER temporarily rejected connection in "connect" ACL: cannot use remove_header condition in connection ACL
******** SERVER ********
-1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data
+1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data (set_id=username)
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data
--- /dev/null
+1999-03-02 09:44:33 10HmaX-0005vi-00 H=(rhu.barb) [127.0.0.1] F=<> rejected after DATA
+Envelope-from: <>
+Envelope-to: <userp@test.ex>
+ <userq@test.ex>
+P Received: from [127.0.0.1] (helo=rhu.barb)
+ by myhost.test.ex with esmtp (Exim x.yz)
+ id 10HmaX-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
+S Sender: sender@some.where
$cf = "bin/cf -exact";
$cr = "\r";
$debug = 0;
+$force_continue = 0;
$force_update = 0;
+$log_failed_filename = "failed-summary.log";
$more = "less -XF";
$optargs = "";
$save_output = 0;
sub munge {
my($file) = $_[0];
+my($extra) = $_[1];
my($yield) = 0;
my(@saved) = ();
while(<IN>)
{
RESET_AFTER_EXTRA_LINE_READ:
+ # Custom munges
+ if ($extra)
+ {
+ next if $extra =~ m%^/% && eval $extra;
+ eval $extra if $extra =~ m/^s/;
+ }
+
# Check for "*** truncated ***"
$yield = 1 if /\*\*\* truncated \*\*\*/;
# Arguments: [0] the prompt string
# [1] if there is a U in the prompt and $force_update is true
+# [2] if there is a C in the prompt and $force_continue is true
# Returns: nothing (it sets $_)
sub interact{
print $_[0];
if ($_[1]) { $_ = "u"; print "... update forced\n"; }
+ elsif ($_[2]) { $_ = "c"; print "... continue forced\n"; }
else { $_ = <T>; }
}
+##################################################
+# Subroutine to log in force_continue mode #
+##################################################
+
+# In force_continue mode, we just want a terse output to a statically
+# named logfile. If multiple files in same batch (stdout, stderr, etc)
+# all have mismatches, it will log multiple times.
+#
+# Arguments: [0] the logfile to append to
+# [1] the testno that failed
+# Returns: nothing
+
+
+
+sub log_failure {
+ my $logfile = shift();
+ my $testno = shift();
+ my $detail = shift() || '';
+ if ( open(my $fh, ">>", $logfile) ) {
+ print $fh "Test $testno $detail failed\n";
+ close $fh;
+ }
+}
+
+
##################################################
# Subroutine to compare one output file #
# [2] where to put the munged copy
# [3] the name of the saved file
# [4] TRUE if this is a log file whose deliveries must be sorted
+# [5] optionally, a custom munge command
#
# Returns: 0 comparison succeeded or differences to be ignored
# 1 comparison failed; files may have been updated (=> re-compare)
# Does not return if the user replies "Q" to a prompt.
sub check_file{
-my($rf,$rsf,$mf,$sf,$sortfile) = @_;
+my($rf,$rsf,$mf,$sf,$sortfile,$extra) = @_;
# If there is no saved file, the raw files must either not exist, or be
# empty. The test ! -s is TRUE if the file does not exist or is empty.
print "Continue, Show, or Quit? [Q] ";
$_ = <T>;
tests_exit(1) if /^q?$/i;
+ log_failure($log_failed_filename, $testno, $rf) if (/^c$/i && $force_continue);
return 0 if /^c$/i;
last if (/^s$/);
}
print "\n";
for (;;)
{
- interact("Continue, Update & retry, Quit? [Q] ", $force_update);
+ interact("Continue, Update & retry, Quit? [Q] ", $force_update, $force_continue);
tests_exit(1) if /^q?$/i;
+ log_failure($log_failed_filename, $testno, $rsf) if (/^c$/i && $force_continue);
return 0 if /^c$/i;
last if (/^u$/i);
}
# data that does exist.
open(MUNGED, ">$mf") || tests_exit(-1, "Failed to open $mf: $!");
-my($truncated) = munge($rf) if -e $rf;
+my($truncated) = munge($rf, $extra) if -e $rf;
if (defined $rsf && -e $rsf)
{
print MUNGED "\n******** SERVER ********\n";
- $truncated |= munge($rsf);
+ $truncated |= munge($rsf, $extra);
}
close(MUNGED);
print "\n";
for (;;)
{
- interact("Continue, Retry, Update & retry, Quit? [Q] ", $force_update);
+ interact("Continue, Retry, Update & retry, Quit? [Q] ", $force_update, $force_continue);
tests_exit(1) if /^q?$/i;
+ log_failure($log_failed_filename, $testno, $sf) if (/^c$/i && $force_continue);
return 0 if /^c$/i;
return 1 if /^r$/i;
last if (/^u$/i);
+##################################################
+# Custom munges
+# keyed by name of munge; value is a ref to a hash
+# which is keyed by file, value a string to look for.
+# Usable files are:
+# paniclog, rejectlog, mainlog, stdout, stderr, msglog, mail
+# Search strings starting with 's' do substitutions;
+# with '/' do line-skips.
+##################################################
+$munges =
+ { 'dnssec' =>
+ { 'stderr' => '/^Reverse DNS security status: unverified\n/', },
+
+ 'gnutls_unexpected' =>
+ { 'mainlog' => '/\(recv\): A TLS packet with unexpected length was received./', },
+
+ 'gnutls_handshake' =>
+ { 'mainlog' => 's/\(gnutls_handshake\): Error in the push function/\(gnutls_handshake\): A TLS packet with unexpected length was received/', },
+
+ };
+
+
##################################################
# Subroutine to check the output of a test #
##################################################
# This function is called when the series of subtests is complete. It makes
-# use of check() file, whose arguments are:
+# use of check_file(), whose arguments are:
#
# [0] the name of the main raw output file
# [1] the name of the server raw output file or undef
# [2] where to put the munged copy
# [3] the name of the saved file
# [4] TRUE if this is a log file whose deliveries must be sorted
+# [5] an optional custom munge command
#
-# Arguments: none
+# Arguments: Optionally, name of a custom munge to run.
# Returns: 0 if the output compared equal
# 1 if re-run needed (files may have been updated)
sub check_output{
+my($mungename) = $_[0];
my($yield) = 0;
+my($munge) = $munges->{$mungename} if defined $mungename;
$yield = 1 if check_file("spool/log/paniclog",
"spool/log/serverpaniclog",
"test-paniclog-munged",
- "paniclog/$testno", 0);
+ "paniclog/$testno", 0,
+ $munge->{'paniclog'});
$yield = 1 if check_file("spool/log/rejectlog",
"spool/log/serverrejectlog",
"test-rejectlog-munged",
- "rejectlog/$testno", 0);
+ "rejectlog/$testno", 0,
+ $munge->{'rejectlog'});
$yield = 1 if check_file("spool/log/mainlog",
"spool/log/servermainlog",
"test-mainlog-munged",
- "log/$testno", $sortlog);
+ "log/$testno", $sortlog,
+ $munge->{'mainlog'});
if (!$stdout_skip)
{
$yield = 1 if check_file("test-stdout",
"test-stdout-server",
"test-stdout-munged",
- "stdout/$testno", 0);
+ "stdout/$testno", 0,
+ $munge->{'stdout'});
}
if (!$stderr_skip)
$yield = 1 if check_file("test-stderr",
"test-stderr-server",
"test-stderr-munged",
- "stderr/$testno", 0);
+ "stderr/$testno", 0,
+ $munge->{'stderr'});
}
# Compare any delivered messages, unless this test is skipped.
print ">> COMPARE $mail mail/$testno.$saved_mail\n" if $debug;
$yield = 1 if check_file($mail, undef, "test-mail-munged",
- "mail/$testno.$saved_mail", 0);
+ "mail/$testno.$saved_mail", 0,
+ $munge->{'mail'});
delete $expected_mails{"mail/$testno.$saved_mail"};
}
for (;;)
{
- interact("Continue, Update & retry, or Quit? [Q] ", $force_update);
+ interact("Continue, Update & retry, or Quit? [Q] ", $force_update, $force_continue);
tests_exit(1) if /^q?$/i;
+ log_failure($log_failed_filename, $testno, "missing email") if (/^c$/i && $force_continue);
last if /^c$/i;
# For update, we not only have to unlink the file, but we must also
s/((?:[^\W_]{6}-){2}[^\W_]{2})
/new_value($1, "10Hm%s-0005vi-00", \$next_msgid)/egx;
$yield = 1 if check_file("spool/msglog/$msglog", undef,
- "test-msglog-munged", "msglog/$testno.$munged_msglog", 0);
+ "test-msglog-munged", "msglog/$testno.$munged_msglog", 0,
+ $munge->{'msglog'});
delete $expected_msglogs{"$testno.$munged_msglog"};
}
}
for (;;)
{
- interact("Continue, Update, or Quit? [Q] ", $force_update);
+ interact("Continue, Update, or Quit? [Q] ", $force_update, $force_continue);
tests_exit(1) if /^q?$/i;
+ log_failure($log_failed_filename, $testno, "missing msglog") if (/^c$/i && $force_continue);
last if /^c$/i;
if (/^u$/i)
{
# 4 EOF was encountered after an initial return code line
# Optionally alse a second parameter, a hash-ref, with auxilliary information:
# exim_pid: pid of a run process
+# munge: name of a post-script results munger
sub run_command{
my($testno) = $_[0];
}
+# The "munge" command selects one of a hardwired set of test-result modifications
+# to be made before result compares are run agains the golden set. This lets
+# us account for test-system dependent things which only affect a few, but known,
+# test-cases.
+# Currently only the last munge takes effect.
+
+if (/^munge\s+(.*)$/)
+ {
+ return (0, { munge => $1 });
+ }
+
+
# The "sleep" command does just that. For sleeps longer than 1 second we
# tell the user what's going on.
{
if ($arg eq "-DEBUG") { $debug = 1; $cr = "\n"; next; }
if ($arg eq "-DIFF") { $cf = "diff -u"; next; }
+ if ($arg eq "-CONTINUE"){$force_continue = 1;
+ $more = "cat";
+ next; }
if ($arg eq "-UPDATE") { $force_update = 1; next; }
if ($arg eq "-NOIPV4") { $have_ipv4 = 0; next; }
if ($arg eq "-NOIPV6") { $have_ipv6 = 0; next; }
$exp_v6 = $1 . ':0' x (8-length($exp_v6)) . ':' . $2;
} elsif ( $parm_ipv6 =~ /^::(.+[^:])$/ ) {
$exp_v6 = '0:' x (9-length($exp_v6)) . $1;
+ } else {
+ $exp_v6 = $parm_ipv6;
}
my(@components) = split /:/, $exp_v6;
my(@nibbles) = reverse (split /\s*/, shift @components);
for (;;)
{
print "\nshow stdErr, show stdOut, Retry, Continue (without file comparison), or Quit? [Q] ";
- $_ = <T>;
+ $_ = $force_continue ? "c" : <T>;
tests_exit(1) if /^q?$/i;
+ log_failure($log_failed_filename, $testno, "exit code unexpected") if (/^c$/i && $force_continue);
+ print "... continue forced\n" if $force_continue;
last if /^[rc]$/i;
if (/^e$/i)
{
for (;;)
{
print "\nShow server stdout, Retry, Continue, or Quit? [Q] ";
- $_ = <T>;
+ $_ = $force_continue ? "c" : <T>;
tests_exit(1) if /^q?$/i;
+ log_failure($log_failed_filename, $testno, "exit code unexpected") if (/^c$/i && $force_continue);
+ print "... continue forced\n" if $force_continue;
last if /^[rc]$/i;
if (/^s$/i)
if ($docheck)
{
- if (check_output() != 0)
+ if (check_output($TEST_STATE->{munge}) != 0)
{
print (("#" x 79) . "\n");
redo;
# be present in the basic Exim binary which we require in order to run these
# tests at all. Specialized expansion tests also exist for optional features
# in other test scripts.
+munge dnssec
exim -be
reduce: ${reduce {<, 1,2,3}{0}{${eval:$value+$item}}}
reduce: ${reduce {3:0:9:4:6}{0}{${if >{$item}{$value}{$item}{$value}}}}
+listnamed: ${listnamed:dlist}
+listnamed: ${listnamed:+dlist}
+listnamed: ${listnamed:hlist}
+listnamed: ${listnamed:elist}
+listnamed: ${listnamed:flist}
+listnamed: ${listnamed:nolist}
+listnamed: ${listnamed_d:dlist}
+listnamed: ${listnamed_d:hlist}
+listnamed: ${listnamed_z:dlist}
+
+listcount: ${listcount:a:b:c}
+listcount: ${listcount:}
+listcount: ${listcount:<;a;b;c}
+listcount: ${listcount:${listnamed:dlist}}
+
# Tests with iscntrl() and illegal separators
map: ${map{<\n a\n\nb\nc}{'$item'}}
# Operators
+acl: ${acl
+acl: ${acl}
+acl: ${acl {a_nosuch}}
+acl: ${acl {a_ret}}
+acl: ${acl {a_ret}{person@dom.ain}}
+acl: ${acl {a_ret}{firstarg}{secondarg}}
+acl: ${acl {a_ret}{arg with spaces}}
+acl: ${acl {a_none}}
+acl: ${acl {a_none}{person@dom.ain}}
+acl: ${acl {a_deny}}
+acl: ${acl {a_deny}{person@dom.ain}}
+acl: ${acl {a_defer}}
+acl: ${acl {a_sub}{top_arg_1}{top_arg_2}{top_arg_3}}
+acl: ${reduce {1:2:3:4} {} {$value ${acl {a_ret}{$item}}}}
+
addrss: ${address:local-part@dom.ain}
addrss: ${address:Exim Person <local-part@dom.ain> (that's me)}
domain: ${domain:local-part@dom.ain}
md5: ${if eq {1}{2}{${md5:invalid}}{NO}}
mask: ${if eq {1}{2}{${mask:invalid}}{NO}}
+# Number suffixes in conditions
+1k: ${if >{1}{1k}{n}{y}}
+1K: ${if >{1}{1K}{n}{y}}
+1M: ${if >{1}{1M}{n}{y}}
+1G: ${if >{1}{1G}{n}{y}}
+
# Numeric overflow
# >32b should work, >64b not
queue_running after or: ${if or{{eq {0}{0}}{queue_running}}{y}{n}}
first_delivery after or: ${if or{{eq {0}{0}}{first_delivery}}{y}{n}}
+# acl expansion condition
+acl if: ${if acl {{a_ret}} {Y:$value}{N:$value}}
+acl if: ${if acl {{a_ret}{argY}} {Y:$value}{N:$value}}
+acl if: ${if acl {{a_deny}{argN}{arg2}} {Y:$value}{N:$value}}
+acl if: ${if acl {{a_defer}{argN}{arg2}} {Y:$value}{N:$value}}
+
# Default values for both if strings
\${if eq{1}{1}} >${if eq{1}{1}}<
match_ip: 15 ${if match_ip{1.2.3.4}{1.2.3}}
match_ip: 16 ${if match_ip{1.2.3.4}{1.2.3.4/abc}}
****
+# Operation of inlist and negated inlist
+exim -be
+${if inlist{aa}{aa} {in list}{not in list}}
+${if !inlist{aa}{aa} {not in list}{in list}}
+****
# Reverse lookup failures
+munge dnssec
exim -bh V4NET.11.12.13
mail from:<userx@cam.ac.uk>
rcpt to:<userx@cam.ac.uk>
mail from:<userx@unknown.dom.ain>
rcpt to:<userx@test.ex>
rset
+mail from:<"unknown with spaces"@test.ex>
+rcpt to:<userx@test.ex>
+rset
mail from:<userx@test.ex>
rcpt to:<userx@test.ex>
data
-# smtp client "interface" option
+# smtp client "interface" option, $transport_name and $router_name
need_ipv4
#
server PORT_S
-# callout verification (no caching)
+# callout verification (no caching) and $router_name
need_ipv4
#
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
550 Error for <>
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
550-Multiline error for <>
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
-# $domain_data and $local_part_data
+# $domain_data, $local_part_data and $router_name
exim -v -bt xxx@a.b.c
****
exim -bh V4NET.0.0.0
#
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Test unsuccessful caching
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Test caching of rejection of MAIL FROM:<>
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
550 REJECT MAIL FROM
# Test caching of rejection of postmaster
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Test caching of accepting of postmaster
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Test caching of accepting a random address
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Test caching of accepting a random address and postmaster
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Test caching of rejecting a random address and postmaster
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# address has to be tested
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Test caching of rejecting a random address
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
sleep 2
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Timeout on the RCPT for random
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Postmaster_sender set non-empty
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Header_sender sender set non-empty
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Timeout on RCPT for header_sender (defer_ok test)
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Test full postmaster check
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Test postmaster_mailfrom with random
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# negatives with wildcard hosts when host has multiple names
+munge dnssec
exim -d -bs -oMa V4NET.99.99.97
mail from:<notgov@test.ex>
rcpt to:<x@test.ex>
#
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
-# address_data in ACLs after verification
+# address_data and router_name in ACLs after verification
exim -bs
MAIL FROM:<oksender@y>
rcpt to:<child@test.ex>
#
server PORT_S 3
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
250 OK
*eof
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
250 OK
*eof
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 server ready
-HELO
+EHLO
250 OK
MAIL
250 OK
****
server PORT_S
220 server ready
-HELO
+EHLO
250 OK
MAIL
250 OK
# Timeout stuff
server PORT_S
220 server ready
-HELO
+EHLO
*sleep 2
*eof
****
#
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# This one fails the actual address
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
# Same again, but with sender_verify_fail logging turned off
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
#
server PORT_S 3
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
250 OK
*eof
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
250 OK
*eof
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
550 NOTOK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
****
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
dump callout
server PORT_S
220 Server ready
-HELO
+EHLO
250 OK
MAIL FROM
250 OK
-# remove_headers and trailing colons
+# multiple remove_headers and trailing colons
exim -odi userx
Remove-Me: this header is to be removed
Another: This is another header
****
+exim -odi userx
+Remove-Me: this header is to be removed
+Another: This is another header
+Remove-Me-Also: me too!
+****
#
server PORT_S 8
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
250 OK
*eof
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
250 OK
*eof
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
250 OK
*eof
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
250 OK
*eof
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
250 OK
*eof
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
250 OK
*eof
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
250 OK
*eof
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
# callout with no transport
need_ipv4
#
-server PORT_S
-220 Welcome
-HELO
-250 Hi
-MAIL FROM
-250 OK
-RCPT TO
-550 unrouteable address
-QUIT
-221 Bye
-****
exim -bs
mail from:<unknown@x.x.x.x>
rcpt to:<unknown@u.u.u.u>
# Do a sender address verify that rejects MAIL FROM:<>
server PORT_S
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
550 I'm misconfigured
# Now do a recipient verify for the same domain, with use_sender
server PORT_S
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
#
server PORT_S 4
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
250 OK
*eof
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
250 OK
*eof
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
250 OK
*eof
220 Welcome
-HELO
+EHLO
250 Hi
MAIL FROM
250 OK
--- /dev/null
+# Optional MAIL FROM args processing
+#
+# SIZE alone
+exim -bs
+ehlo Testing
+mail from:<x@y> SIZE=1000
+rcpt to:<userx@test.ex>
+quit
+****
+# BODY alone
+exim -bs
+ehlo Testing
+mail from:<x@y> BODY=7BIT
+rcpt to:<userx@test.ex>
+quit
+****
+# SIZE then BODY
+exim -bs
+ehlo Testing
+mail from:<x@y> SIZE=1000 BODY=7BIT
+rcpt to:<userx@test.ex>
+quit
+****
+# BODY then SIZE
+exim -bs
+ehlo Testing
+mail from:<x@y> BODY=7BIT SIZE=1000
+rcpt to:<userx@test.ex>
+quit
+****
+# AUTH then BODY then SIZE
+exim -bs
+ehlo Testing
+mail from:<x@y> AUTH=x@y BODY=7BIT SIZE=1000
+rcpt to:<userx@test.ex>
+quit
+****
+# BODY then AUTH then SIZE
+exim -bs
+ehlo Testing
+mail from:<x@y> BODY=7BIT AUTH=x@y SIZE=1000
+rcpt to:<userx@test.ex>
+quit
+****
+# SIZE then BODY then AUTH
+exim -bs
+ehlo Testing
+mail from:<x@y> SIZE=1000 BODY=7BIT AUTH=x@y
+rcpt to:<userx@test.ex>
+quit
+****
+# SIZE then BODY then SIZE
+exim -bs
+ehlo Testing
+mail from:<x@y> SIZE=1000 BODY=7BIT SIZE=1200
+rcpt to:<userx@test.ex>
+quit
+****
+# (over)SIZE then BODY
+exim -bs
+ehlo Testing
+mail from:<x@y> SIZE=40004 BODY=8BITMIME
+rcpt to:<userx@test.ex>
+quit
+****
+# BODY then (over)SIZE
+exim -bs
+ehlo Testing
+mail from:<x@y> BODY=8BITMIME SIZE=40004
+rcpt to:<userx@test.ex>
+quit
+****
+# no BODY, data
+exim -bs
+ehlo Testing
+mail from:<x@y>
+rcpt to:<userx@test.ex>
+data
+Subject: test
+
+foo
+.
+quit
+****
+sleep 1
+# 7bit BODY, data
+exim -bs
+ehlo Testing
+mail from:<x@y> BODY=7BIT
+rcpt to:<userx@test.ex>
+data
+Subject: test
+
+foo
+.
+quit
+****
+sleep 1
+# 8bit BODY, data
+exim -bs
+ehlo Testing
+mail from:<x@y> BODY=8BITMIME
+rcpt to:<userx@test.ex>
+data
+Subject: test
+
+foo
+.
+quit
+****
+sleep 1
+# bad BODY, data
+# should fail
+1
+exim -bs
+ehlo Testing
+mail from:<x@y> BODY=wrong
+rcpt to:<userx@test.ex>
+data
+Subject: test
+
+foo
+.
+quit
+****
+no_msglog_check
--- /dev/null
+# remove_header modifier in ACLs
+exim -bs -odi
+mail from:<mailok@test.ex>
+rcpt to:<rcptok@test.ex>
+rcpt to:<notok@test.ex>
+data
+cond: accept
+X-Data-1: Line one
+X-Data-2: Line two
+X-Data-3: Line three
+X-Data-4: Line four
+X-Data-5: Line five
+X-Not-1: Testing wildcard one
+X-Not-2: Testing wildcard two
+X-Rcpt-1: Line six
+X-Rcpt-2: Line seven
+X-Rcpt-3: Line eight
+X-Rcpt-4: Line nine is really long, so long in fact that it wraps
+ around to the next line.
+X-Rcpt-5: Line ten
+X-Mail-1: Line eleven
+X-Mail-2: Line twelve
+X-Mail-3: Line thirteen
+X-Mail-4: Line fourteen is also really long, but it won't get
+ removed by these ACL's.
+X-Mail-5: Line fifteen
+X-Predata-5: Line sixteen
+X-Predata-4: Line seventeen
+X-Predata-3: Line eighteen
+X-Predata-2: Line nineteen
+X-Predata-1: Line twenty
+X-NotSMTP-1: Line twenty-one
+X-NotSMTP-2: Line twenty-two
+X-NotSMTP-3: Line twenty-three
+
+Test message
+.
+quit
+****
+exim -odi rcptok@test.ex
+Test non-SMTP message. Make sure it doesn't blow up when a header
+it wants to remove is not present. This one also overrides the
+fixup of adding a Date header because we specified to remove it!
+Allow the admin to shoot himself in the foot if he really and
+truly wants to.
+****
+exim -bs -odi -DCONNECTCOND="remove_header=CONNECT: won't do this"
+****
+no_msglog_check
--- /dev/null
+# Recipient callout with AUTH
+need_ipv4
+#
+# Variant 1: using authenticated_sender on the transport.
+server PORT_S 1
+220 Welcome
+EHLO
+250-wotcher mate
+250-AUTH PLAIN
+250 Hi
+AUTH
+250 Oh alright then
+MAIL FROM
+250 OK
+RCPT TO
+250 OK
+QUIT
+250 OK
+****
+exim -odq -bs
+EHLO the.client
+mail from:<>
+RCPT TO:<abc@force>
+quit
+****
+#
+#
+# Variant 2: Passing through an authenticated_sender from the MAIL FROM:
+server PORT_S 1
+220 Welcome
+EHLO
+250-wotcher mate
+250-AUTH PLAIN
+250 Hi
+AUTH
+250 Oh alright then
+MAIL FROM
+250 OK
+RCPT TO
+250 OK
+QUIT
+250 OK
+****
+exim -odq -bs
+EHLO the.client
+AUTH PLAIN AHVzZXJ4AHNlY3JldA==
+mail from:<> AUTH=freddy
+RCPT TO:<abc@normal>
+quit
+****
+#
+#
+# Variant 3: An authenticated_sender option on the transport should override
+# a value set by the MAIL FROM:
+server PORT_S 1
+220 Welcome
+EHLO
+250-wotcher mate
+250-AUTH PLAIN
+250 Hi
+AUTH
+250 Oh alright then
+MAIL FROM
+250 OK
+RCPT TO
+250 OK
+QUIT
+250 OK
+****
+exim -odq -bs
+EHLO the.client
+AUTH PLAIN AHVzZXJ4AHNlY3JldA==
+mail from:<> AUTH=freddy
+RCPT TO:<def@force>
+quit
+****
quit
??? 221
****
+client-gnutls 127.0.0.1 PORT_D
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+starttls
+??? 220
+mail from:<"name with spaces"@test.ex>
+??? 250
+rcpt to:<CALLER@test.ex>
+??? 250
+DATA
+??? 3
+This is a test encrypted message.
+.
+??? 250
+quit
+??? 221
+****
client-gnutls HOSTIPV4 PORT_D
??? 220
ehlo rhu.barb
# TLS server: mandatory, optional, and revoked certificates
gnutls
+munge gnutls_unexpected
exim -DSERVER=server -bd -oX PORT_D
****
# No certificate, certificate required
# TLS server & client: no certificate in client
gnutls
+munge gnutls_handshake
exim -DSERVER=server -bd -oX PORT_D
****
exim userx@test.ex
quit
??? 221
****
+client-ssl 127.0.0.1 PORT_D
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+starttls
+??? 220
+mail from:<"name with spaces"@test.ex>
+??? 250
+rcpt to:<CALLER@test.ex>
+??? 250
+DATA
+??? 3
+This is a test encrypted message.
+.
+??? 250
+quit
+??? 221
+****
client-ssl HOSTIPV4 PORT_D
??? 220
ehlo rhu.barb
# dns_again_means_nonexist
+munge dnssec
exim -d -bh HOSTIPV4
mail from:<xx@cioce.test.again.dns>
rcpt to:<a@b>
exim -be
ptr=V6NET:0:12:1:a00:20ff:fe86:a062 ${lookup dnsdb {ptr=<;V6NET:0:12:1:a00:20ff:fe86:a062}{$value}{fail}}
ptr=V6NET:0:12:1:a00:20ff:fe86:a062 ${lookup dnsdb {ptr=V6NET:0:12:1:a00:20ff:fe86:a062}{$value}{fail}}
+
+a=46.test.ex ${lookup dnsdb{>; a=46.test.ex}{$value}fail}
+aaaa=46.test.ex ${lookup dnsdb{>; aaaa=46.test.ex}{$value}fail}
+a+=46.test.ex ${lookup dnsdb{>; a+=46.test.ex}{$value}fail}
****
--- /dev/null
+# cutthrough_delivery basic operation
+need_ipv4
+#
+server PORT_S
+220 ESMTP
+EHLO
+250 OK
+MAIL FROM:
+250 Sender OK
+RCPT TO:
+250 Recipient OK
+DATA
+354 Send data
+.
+250 OK
+QUIT
+250 OK
+****
+exim -d-all+acl+transport -bs
+EHLO myhost.test.ex
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<userx@domain.com>
+DATA
+
+.
+QUIT
+****
+# cutthrough_delivery into HELO-only server
+need_ipv4
+#
+server PORT_S
+220 SMTP only spoken here
+EHLO
+550 Not here, mate
+HELO
+250 OK
+MAIL FROM:
+250 Sender OK
+RCPT TO:
+250 Recipient OK
+DATA
+354 Send data
+.
+250 OK
+QUIT
+250 OK
+****
+exim -d-all+acl+transport -bs
+EHLO myhost.test.ex
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<userz@domain.com>
+DATA
+
+.
+QUIT
+****
+# cutthrough cancelled by multiple recipients
+server PORT_S 2
+220 ESMTP
+EHLO
+250 OK
+MAIL FROM:
+250 Sender OK
+RCPT TO:
+250 Recipient OK
+QUIT
+*eof
+220 ESMTP
+EHLO
+250 OK
+MAIL FROM:
+250 Sender OK
+RCPT TO:
+250 Recipient OK
+RCPT TO:
+250 Recipient OK
+DATA
+354 Send data
+.
+250 OK
+QUIT
+250 OK
+****
+exim -d-all+acl+transport -bs
+EHLO myhost.test.ex
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<usery@domain.com>
+RCPT TO:<userx@domain.com>
+DATA
+
+.
+QUIT
+****
+sleep 1
--- /dev/null
+# cutthrough_delivery triggered by recipient-verify
+need_ipv4
+#
+server PORT_S
+220 ESMTP
+EHLO
+250 OK
+MAIL FROM:
+250 Sender OK
+RCPT TO:
+250 Recipient OK
+DATA
+354 Send data
+.
+250 OK
+QUIT
+250 OK
+****
+exim -d-all+acl+transport -bs
+EHLO myhost.test.ex
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<userx@domain.com>
+DATA
+
+.
+QUIT
+****
--- /dev/null
+# cutthrough_delivery to target oferring TLS
+exim -DSERVER=server -bd -oX PORT_D
+****
+# this one should succeed
+exim -d-all+acl+transport+expand+lists -bs
+EHLO myhost.test.ex
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<userx@domain.com>
+DATA
+
+.
+QUIT
+****
+# via a transport setting hosts_avoid_tls
+# so this one should not use TLS
+exim -d-all+acl+transport+expand+lists -bs
+EHLO myhost.test.ex
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<usery@domain.com>
+DATA
+
+.
+QUIT
+****
+# via a transport setting hosts_verify_avoid_tls
+# so this one should not use TLS
+exim -d-all+acl+transport+expand+lists -bs
+EHLO myhost.test.ex
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<usery@domain.com>
+DATA
+
+.
+QUIT
+****
+killdaemon
+no_msglog_check
--- /dev/null
+support OpenSSL
+running IPv4
--- /dev/null
+# cutthrough_delivery to target offering TLS
+exim -DSERVER=server -bd -oX PORT_D
+****
+exim -d-all+acl+transport+expand+lists -bs
+EHLO myhost.test.ex
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<userx@domain.com>
+DATA
+
+.
+QUIT
+****
+# via a transport setting hosts_avoid_tls
+exim -d-all+acl+transport+expand+lists -bs
+EHLO myhost.test.ex
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<usery@domain.com>
+DATA
+
+.
+QUIT
+****
+# via a transport setting hosts_verify_avoid_tls
+exim -d-all+acl+transport+expand+lists -bs
+EHLO myhost.test.ex
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<usery@domain.com>
+DATA
+
+.
+QUIT
+****
+killdaemon
+no_msglog_check
--- /dev/null
+support GnuTLS
+running IPv4
--- /dev/null
+# PRDR (Per-Recipient Data Responses) server
+need_ipv4
+no_msglog_check
+#
+# 1: userx should be accepted, y should be tmp-rejected,
+# z rejected, all after data per PRDR spec
+exim -DSERVER=server -bd -oX PORT_D
+****
+client 127.0.0.1 PORT_D
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-PRDR
+??? 250
+mail from:<> PRDR
+??? 250
+rcpt to:<userx@test.ex>
+??? 250
+rcpt to:<usery@test.ex>
+??? 250
+rcpt to:<userz@test.ex>
+??? 250
+data
+??? 354
+Sender: sender@some.where
+.
+??? 353
+??? 250
+??? 450
+??? 550
+??? 250
+quit
+??? 221
+****
+sleep 1
+#
+#
+# 2: traditional data acl should be called, resulting in an overall reject
+client 127.0.0.1 PORT_D
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-PRDR
+??? 250
+mail from:<> PRDR
+??? 250
+rcpt to:<userp@test.ex>
+??? 250
+rcpt to:<userq@test.ex>
+??? 250
+data
+??? 354
+Sender: sender@some.where
+.
+??? 353
+??? 250
+??? 250
+??? 550
+quit
+??? 221
+****
+sleep 1
+#
+#
+# 3: PRDR should be avoided for a single-recipient message
+# even though the client showed support.
+client 127.0.0.1 PORT_D
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-PRDR
+??? 250
+mail from:<> PRDR
+??? 250
+rcpt to:<user1@test.ex>
+??? 250
+data
+??? 354
+Sender: sender@some.where
+.
+??? 250
+quit
+??? 221
+****
+sleep 1
+#
+# 4: double temp-reject
+client 127.0.0.1 PORT_D
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-PRDR
+??? 250
+mail from:<> PRDR
+??? 250
+rcpt to:<usery@test.ex>
+??? 250
+rcpt to:<usery@test.ex>
+??? 250
+data
+??? 354
+Sender: sender@some.where
+.
+??? 353
+??? 450
+??? 450
+??? 250
+quit
+??? 221
+****
+sleep 1
+#
+# 5: double reject
+client 127.0.0.1 PORT_D
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-PRDR
+??? 250
+mail from:<> PRDR
+??? 250
+rcpt to:<userz@test.ex>
+??? 250
+rcpt to:<userz@test.ex>
+??? 250
+data
+??? 354
+Sender: sender@some.where
+.
+??? 353
+??? 550
+??? 550
+??? 550
+quit
+??? 221
+****
+sleep 1
+#
+killdaemon
+#
--- /dev/null
+# PRDR client
+need_ipv4
+no_msglog_check
+#
+# 1: Two recipients, accepted by full PRDR response sequence
+server PORT_S
+220 Server ready
+EHLO
+250-
+250-PRDR
+250 OK
+MAIL FROM:<userx@test.ex> PRDR
+250 OK
+RCPT TO
+250 OK
+RCPT TO
+250 OK
+DATA
+300 gimme yer body
+.
+353 prdr responses coming up
+250 first rcpt was good
+250 second rcpt was good
+250 OK, overall
+QUIT
+250 OK
+****
+exim -odi -f userx usery userz
+Some message text.
+****
+#
+#
+# 2: Two recipients, accepted by traditional response
+# though client offered full PRDR capability
+server PORT_S
+220 Server ready
+EHLO
+250-
+250-PRDR
+250 OK
+MAIL FROM:<userx@test.ex> PRDR
+250 OK
+RCPT TO
+250 OK
+RCPT TO
+250 OK
+DATA
+300 gimme that body
+.
+250 OK got that
+QUIT
+250 OK, bye
+****
+exim -odi -f userx user2.1 user2.2
+Some message text.
+****
+#
+#
+# 3: Two recipients, one accepted one tmp-rejected
+server PORT_S
+220 Server ready
+EHLO
+250-
+250-PRDR
+250 OK
+MAIL FROM:<userx@test.ex> PRDR
+250 OK
+RCPT TO
+250 OK
+RCPT TO
+250 OK
+DATA
+300 gimme yer body
+.
+353 prdr responses coming up
+250 first rcpt was good
+450 cannot handle second rcpt right now
+250 OK, overall
+QUIT
+250 OK
+****
+exim -odi -f userx usery userz
+Some message text.
+****
+#
+#
+# 4: Two recipients, one accepted one rejected
+# Avoid tester issues dealing with the bounce by sending
+# with a null from.
+#
+server PORT_S
+220 Server ready
+EHLO
+250-
+250-PRDR
+250 OK
+MAIL FROM:<> PRDR
+250 OK
+RCPT TO
+250 OK
+RCPT TO
+250 OK
+DATA
+300 gimme yer body
+.
+353 prdr responses coming up
+250 first rcpt was good
+550 second rcpt does not like content
+250 OK, overall
+QUIT
+250 OK
+****
+exim -odi -f "" userp userq
+Some message text.
+****
+#
+#
+# 5: Two recipients, rejected by final after PRDR accepts.
+#
+server PORT_S
+220 Server ready
+EHLO
+250-
+250-PRDR
+250 OK
+MAIL FROM:<> PRDR
+250 OK
+RCPT TO
+250 OK
+RCPT TO
+250 OK
+DATA
+300 yeah baby
+.
+353 prdr responses coming up
+250 first rcpt was good
+250 second rcpt was good
+550 oops, overall rejection
+QUIT
+250 OK
+****
+exim -odi -f "" user5.1 user5.2
+text
+****
+#
+#
+# 6: Two recipients, rejected traditionally though PRDR negociated.
+#
+server PORT_S
+220 Server ready
+EHLO
+250-
+250-PRDR
+250 OK
+MAIL FROM:<> PRDR
+250 OK
+RCPT TO
+250 OK
+RCPT TO
+250 OK
+DATA
+300 yeah baby
+.
+550 naah mate
+QUIT
+250 OK
+****
+exim -odi -f "" user6.1 user6.2
+text
+****
+#
+#
+# 7: Temp-reject at final
+server PORT_S
+220 Server ready
+EHLO
+250-
+250-PRDR
+250 OK
+MAIL FROM:<> PRDR
+250 OK
+RCPT TO
+250 OK
+RCPT TO
+250 OK
+RCPT TO
+250 OK
+DATA
+300 go ahead
+.
+353 prdr responses coming up
+250 first rcpt does not like you
+250 second rcpt has a temporary problem
+250 third rcpt is ok
+450 oops, try again later please
+QUIT
+250 OK
+****
+exim -odi -f "" user7.1 user7.2 user7.3
+text
+****
+#
+#
+#
+# 8: Client should avoid requesting PRDR for a single-recipient mail
+# even though the server offers
+server PORT_S
+220 Server ready
+EHLO
+250-
+250-PRDR
+250 OK
+MAIL FROM:<>
+250 OK
+RCPT TO
+250 OK
+DATA
+300 go ahead
+.
+250 OK, got that
+QUIT
+250 OK, bye
+****
+exim -odi -f "" user8.1
+text
+****
+#
+#
--- /dev/null
+support Experimental_PRDR
--- /dev/null
+# TLS server: OCSP stapling
+#
+#
+#
+# 1: Server sends good staple on request
+exim -bd -oX PORT_D -DSERVER=server \
+ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+****
+client-ssl \
+ -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
+ HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+starttls
+??? 220
+mail from:<userx@test.ex>
+??? 250
+rcpt to:<userx@test.ex>
+??? 250
+quit
+??? 221
+****
+killdaemon
+#
+#
+#
+# 2: Server does not staple an outdated response
+exim -bd -oX PORT_D -DSERVER=server \
+ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
+****
+# XXX test sequence might not be quite right; this is for a server refusal
+# and we're expecting a client refusal.
+client-ssl -ocsp aux-fixed/exim-ca/expired1.example.com/CA.pem HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+starttls
+??? 220
+****
+killdaemon
+#
+#
+#
+#
+#
+# 3: Server does not staple a response for a revoked cert
+exim -bd -oX PORT_D -DSERVER=server \
+ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
+****
+client-ssl \
+ -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
+ HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2
+??? 220
+ehlo rhu.barb
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250-
+??? 250
+starttls
+??? 220
+****
+killdaemon
+#
+#
+#
+#
+#
--- /dev/null
+# OCSP stapling, client
+#
+#
+# Client works when we don't demand OCSP stapling
+exim -bd -oX PORT_D -DSERVER=server -DOCSP=/dev/null
+****
+exim nostaple@test.ex
+test message.
+****
+sleep 1
+killdaemon
+#
+#
+#
+#
+# Client accepts good stapled info
+exim -bd -oX PORT_D -DSERVER=server \
+ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+****
+exim CALLER@test.ex
+test message.
+****
+sleep 1
+killdaemon
+#
+#
+#
+# Client fails on lack of requested stapled info
+exim -bd -oX PORT_D -DSERVER=server -DOCSP=/dev/null
+****
+exim CALLER@test.ex
+test message.
+****
+sleep 1
+killdaemon
+no_msglog_check
+#
+#
+#
+# Client fails on revoked stapled info
+EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \
+ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
+****
+exim CALLER@test.ex
+test message.
+****
+sleep 1
+killdaemon
+#
+#
+#
+#
+# Client fails on expired stapled info
+EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \
+ -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
+****
+exim CALLER@test.ex
+test message.
+****
+sleep 1
+killdaemon
+#
+#
+#
+#
--- /dev/null
+support OpenSSL
+support Experimental_OCSP
+running IPv4
/* A little hacked up program that makes a TCP/IP call and reads a script to
drive it, for testing Exim server code running as a daemon. It's got a bit
messy with the addition of support for either OpenSSL or GnuTLS. The code for
-those was hacked out of Exim itself. */
+those was hacked out of Exim itself, then code for OCSP stapling was ripped
+from the openssl ocsp and s_client utilities. */
/* ANSI C standard includes */
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+
+char * ocsp_stapling = NULL;
#endif
/****************************************************************************/
#ifdef HAVE_OPENSSL
+
+X509_STORE *
+setup_verify(BIO *bp, char *CAfile, char *CApath)
+{
+ X509_STORE *store;
+ X509_LOOKUP *lookup;
+ if(!(store = X509_STORE_new())) goto end;
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+ if (lookup == NULL) goto end;
+ if (CAfile) {
+ if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading file %s\n", CAfile);
+ goto end;
+ }
+ } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+ if (lookup == NULL) goto end;
+ if (CApath) {
+ if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading directory %s\n", CApath);
+ goto end;
+ }
+ } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ ERR_clear_error();
+ return store;
+ end:
+ X509_STORE_free(store);
+ return NULL;
+}
+
+
+static int
+tls_client_stapling_cb(SSL *s, void *arg)
+{
+const unsigned char *p;
+int len;
+OCSP_RESPONSE *rsp;
+OCSP_BASICRESP *bs;
+char *CAfile = NULL;
+X509_STORE *store = NULL;
+int ret = 1;
+
+len = SSL_get_tlsext_status_ocsp_resp(s, &p);
+/*BIO_printf(arg, "OCSP response: ");*/
+if (!p)
+ {
+ BIO_printf(arg, "no response received\n");
+ return 1;
+ }
+if(!(rsp = d2i_OCSP_RESPONSE(NULL, &p, len)))
+ {
+ BIO_printf(arg, "response parse error\n");
+ BIO_dump_indent(arg, (char *)p, len, 4);
+ return 0;
+ }
+if(!(bs = OCSP_response_get1_basic(rsp)))
+ {
+ BIO_printf(arg, "error parsing response\n");
+ return 0;
+ }
+
+CAfile = ocsp_stapling;
+if(!(store = setup_verify(arg, CAfile, NULL)))
+ {
+ BIO_printf(arg, "error in cert setup\n");
+ return 0;
+ }
+
+/* No file of alternate certs, no options */
+if(OCSP_basic_verify(bs, NULL, store, 0) <= 0)
+ {
+ BIO_printf(arg, "Response Verify Failure\n");
+ ERR_print_errors(arg);
+ ret = 0;
+ }
+else
+ BIO_printf(arg, "Response verify OK\n");
+
+X509_STORE_free(store);
+return ret;
+}
+
+
/*************************************************
* Start an OpenSSL TLS session *
*************************************************/
SSL_set_fd (*ssl, sock);
SSL_set_connect_state(*ssl);
+if (ocsp_stapling)
+ {
+ SSL_CTX_set_tlsext_status_cb(ctx, tls_client_stapling_cb);
+ SSL_CTX_set_tlsext_status_arg(ctx, BIO_new_fp(stdout, BIO_NOCLOSE));
+ SSL_set_tlsext_status_type(*ssl, TLSEXT_STATUSTYPE_ocsp);
+ }
+
signal(SIGALRM, sigalrm_handler_flag);
sigalrm_seen = 0;
alarm(5);
tls_on_connect = 1;
argi++;
}
+#ifdef HAVE_OPENSSL
+ else if (strcmp(argv[argi], "-ocsp") == 0)
+ {
+ if (argc < ++argi + 1)
+ {
+ fprintf(stderr, "Missing required certificate file for ocsp option\n");
+ exit(1);
+ }
+ ocsp_stapling = argv[argi++];
+ }
+#endif
else if (argv[argi][1] == 't' && isdigit(argv[argi][2]))
{
tmplong = strtol(argv[argi]+2, &end, 10);
using ACL "mail"
processing "warn"
check senders = ok@test3
-address match: subject=bad@test1 pattern=ok@test3
+address match test: subject=bad@test1 pattern=ok@test3
bad@test1 in "ok@test3"? no (end of list)
warn: condition test failed in ACL "mail"
processing "accept"
check senders = ok@test1 : ok@test3
-address match: subject=bad@test1 pattern=ok@test1
-address match: subject=bad@test1 pattern=ok@test3
+address match test: subject=bad@test1 pattern=ok@test1
+address match test: subject=bad@test1 pattern=ok@test3
bad@test1 in "ok@test1 : ok@test3"? no (end of list)
accept: condition test failed in ACL "mail"
end of ACL "mail": implicit DENY
using ACL "mail"
processing "warn"
check senders = ok@test3
-address match: subject=ok@test1 pattern=ok@test3
+address match test: subject=ok@test1 pattern=ok@test3
test1 in "test3"? no (end of list)
ok@test1 in "ok@test3"? no (end of list)
warn: condition test failed in ACL "mail"
processing "accept"
check senders = ok@test1 : ok@test3
-address match: subject=ok@test1 pattern=ok@test1
+address match test: subject=ok@test1 pattern=ok@test1
test1 in "test1"? yes (matched "test1")
ok@test1 in "ok@test1 : ok@test3"? yes (matched "ok@test1")
check verify = sender
using ACL "rcpt"
processing "accept"
check senders = +ok_senders
-address match: subject=ok@test1 pattern=ok@somewhere
+address match test: subject=ok@test1 pattern=ok@somewhere
test1 in "somewhere"? no (end of list)
-address match: subject=ok@test1 pattern=ok@test1
+address match test: subject=ok@test1 pattern=ok@test1
test1 in "test1"? yes (matched "test1")
ok@test1 in "ok@somewhere : ok@test1 : ok@test3"? yes (matched "ok@test1")
ok@test1 in "+ok_senders"? yes (matched "+ok_senders")
using ACL "mail"
processing "warn"
check senders = ok@test3
-address match: subject=ok@test3 pattern=ok@test3
+address match test: subject=ok@test3 pattern=ok@test3
test3 in "test3"? yes (matched "test3")
ok@test3 in "ok@test3"? yes (matched "ok@test3")
warn: condition test succeeded in ACL "mail"
processing "accept"
check senders = ok@test1 : ok@test3
-address match: subject=ok@test3 pattern=ok@test1
+address match test: subject=ok@test3 pattern=ok@test1
test3 in "test1"? no (end of list)
-address match: subject=ok@test3 pattern=ok@test3
+address match test: subject=ok@test3 pattern=ok@test3
test3 in "test3"? yes (matched "test3")
ok@test3 in "ok@test1 : ok@test3"? yes (matched "ok@test3")
check verify = sender
using ACL "rcpt"
processing "accept"
check senders = +ok_senders
-address match: subject=ok@test3 pattern=ok@somewhere
+address match test: subject=ok@test3 pattern=ok@somewhere
test3 in "somewhere"? no (end of list)
-address match: subject=ok@test3 pattern=ok@test1
+address match test: subject=ok@test3 pattern=ok@test1
test3 in "test1"? no (end of list)
-address match: subject=ok@test3 pattern=ok@test3
+address match test: subject=ok@test3 pattern=ok@test3
test3 in "test3"? yes (matched "test3")
ok@test3 in "ok@somewhere : ok@test1 : ok@test3"? yes (matched "ok@test3")
ok@test3 in "+ok_senders"? yes (matched "+ok_senders")
<= CALLER@myhost.test.ex U=CALLER P=local S=sss
delivering 10HmaX-0005vi-00
LOG: MAIN
- *> newr1@myhost.test.ex <r1@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0]
+ *> newr1@myhost.test.ex <r1@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option"
LOG: MAIN
- *> newr2@local.test.ex <r2@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0]
+ *> newr2@local.test.ex <r2@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option"
LOG: MAIN
Completed
LOG: MAIN
<= CALLER@qd.text.ex U=CALLER P=local S=sss
delivering 10HmaY-0005vi-00
LOG: MAIN
- *> newr1@qd.text.ex <r1@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0]
+ *> newr1@qd.text.ex <r1@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option"
LOG: MAIN
- *> newr2@local.test.ex <r2@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0]
+ *> newr2@local.test.ex <r2@test.ex> R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option"
LOG: MAIN
Completed
<= CALLER@myhost.ex U=CALLER P=local S=sss
delivering 10HmbB-0005vi-00
LOG: MAIN
- *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+ *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
Completed
LOG: MAIN
Start queue run: pid=pppp
delivering 10HmbC-0005vi-00 (queue run pid ppppp)
LOG: MAIN
- *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2]
+ *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option"
LOG: MAIN
Completed
LOG: queue_run MAIN
delivering 10HmbE-0005vi-00 (queue run pid ppppp)
delivering 10HmbD-0005vi-00 (queue run pid ppppp)
LOG: MAIN
- *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+ *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
Completed
delivering 10HmbE-0005vi-00 (queue run pid ppppp)
LOG: MAIN
- *> yyy@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+ *> yyy@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
Completed
LOG: queue_run MAIN
== xxx@ten-2.test.ex R=lookuphost T=smtp defer (-1): domain matches queue_smtp_domains, or -odqs set
delivering 10HmbF-0005vi-00
LOG: MAIN
- *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2]
+ *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option"
LOG: MAIN
Completed
LOG: MAIN
cached data used for lookup of smart.domain
in TESTSUITE/aux-fixed/0085.data
lookup yielded: x : y : abc@d.e.f
-address match: subject=abc@d.e.f pattern=x
+address match test: subject=abc@d.e.f pattern=x
d.e.f in "x"? no (end of list)
-address match: subject=abc@d.e.f pattern=y
+address match test: subject=abc@d.e.f pattern=y
d.e.f in "y"? no (end of list)
-address match: subject=abc@d.e.f pattern=abc@d.e.f
+address match test: subject=abc@d.e.f pattern=abc@d.e.f
d.e.f in "d.e.f"? yes (matched "d.e.f")
abc@d.e.f in "x : y : abc@d.e.f"? yes (matched "abc@d.e.f")
calling smart1 router
cached data used for lookup of test.ex
in TESTSUITE/aux-fixed/0085.data
lookup yielded: x : y : abc@d.e.f
-address match: subject=abc@d.e.f pattern=x
+address match test: subject=abc@d.e.f pattern=x
d.e.f in "x"? no (end of list)
-address match: subject=abc@d.e.f pattern=y
+address match test: subject=abc@d.e.f pattern=y
d.e.f in "y"? no (end of list)
-address match: subject=abc@d.e.f pattern=abc@d.e.f
+address match test: subject=abc@d.e.f pattern=abc@d.e.f
d.e.f in "d.e.f"? yes (matched "d.e.f")
abc@d.e.f in "x : y : abc@d.e.f"? yes (matched "abc@d.e.f")
checking require_files
cached data used for lookup of smart.domain
in TESTSUITE/aux-fixed/0085.data
lookup yielded: x : y : abc@d.e.f
-address match: subject=CALLER@myhost.test.ex pattern=x
+address match test: subject=CALLER@myhost.test.ex pattern=x
myhost.test.ex in "x"? no (end of list)
-address match: subject=CALLER@myhost.test.ex pattern=y
+address match test: subject=CALLER@myhost.test.ex pattern=y
myhost.test.ex in "y"? no (end of list)
-address match: subject=CALLER@myhost.test.ex pattern=abc@d.e.f
+address match test: subject=CALLER@myhost.test.ex pattern=abc@d.e.f
CALLER@myhost.test.ex in "x : y : abc@d.e.f"? no (end of list)
smart1 router skipped: senders mismatch
--------> fail_remote_domains router <--------
cached data used for lookup of test.ex
in TESTSUITE/aux-fixed/0085.data
lookup yielded: x : y : abc@d.e.f
-address match: subject=CALLER@myhost.test.ex pattern=x
+address match test: subject=CALLER@myhost.test.ex pattern=x
myhost.test.ex in "x"? no (end of list)
-address match: subject=CALLER@myhost.test.ex pattern=y
+address match test: subject=CALLER@myhost.test.ex pattern=y
myhost.test.ex in "y"? no (end of list)
-address match: subject=CALLER@myhost.test.ex pattern=abc@d.e.f
+address match test: subject=CALLER@myhost.test.ex pattern=abc@d.e.f
CALLER@myhost.test.ex in "x : y : abc@d.e.f"? no (end of list)
smart2 router skipped: senders mismatch
no more routers
<= CALLER@test.ex U=CALLER P=local S=sss
delivering 10HmaX-0005vi-00
LOG: MAIN
- *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+ *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
- *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+ *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
- *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+ *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
- *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+ *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
Completed
LOG: MAIN
<= CALLER@test.ex U=CALLER P=local S=sss
delivering 10HmaY-0005vi-00
LOG: MAIN
- *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+ *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
- *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+ *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
- *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+ *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
- *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1]
+ *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
Completed
>>> processing "require"
>>> check verify = sender
>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+>>> routing "unknown with spaces"@test.ex
+>>> test.ex in "test.ex"? yes (matched "test.ex")
+>>> test.ex in "! +local_domains"? no (matched "! +local_domains")
+>>> unknown with spaces in "defer"? no (end of list)
+>>> unknown with spaces in "userx"? no (end of list)
+>>> no more routers
+>>> ----------- end verify ------------
+>>> require: condition test failed in ACL "check_recipient"
+LOG: H=[127.0.0.1] sender verify fail for <"unknown with spaces"@test.ex>: Unrouteable address
+LOG: H=[127.0.0.1] F=<"unknown with spaces"@test.ex> rejected RCPT <userx@test.ex>: Sender verify failed
+>>> using ACL "check_recipient"
+>>> processing "require"
+>>> check verify = sender
+>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> routing userx@test.ex
>>> test.ex in "test.ex"? yes (matched "test.ex")
>>> test.ex in "! +local_domains"? no (matched "! +local_domains")
configuration file is TESTSUITE/test-config
trusted user
admin user
+router_name <my_main_router>
>>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>>
--------> userx@domain.com <--------
-smtp transport entered
+transport_name <my_smtp>
+my_smtp transport entered
userx@domain.com
checking status of 127.0.0.1
127.0.0.1 [127.0.0.1]:1111 status = usable
sequence=1 local_max=500 global_max=-1
no messages waiting for 127.0.0.1
SMTP>> QUIT
-Leaving smtp transport
+Leaving my_smtp transport
LOG: MAIN
- => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]
+ => userx@domain.com R=my_main_router T=my_smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
SMTP<< 250 OK
SMTP>> QUIT
LOG: MAIN
- => w@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+ => w@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
LOG: MAIN
- -> x@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+ -> x@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
LOG: MAIN
- -> y@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+ -> y@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
LOG: MAIN
- -> z@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+ -> z@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
LOG: MAIN
Completed
SMTP>> writing message and terminating "."
SMTP<< 250 OK
LOG: MAIN
- => a@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1]
+ => a@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK"
LOG: MAIN
Completed
Exim version x.yz ....
SMTP<< 250 OK
SMTP>> QUIT
LOG: MAIN
- => b@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1]*
+ => b@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
SMTP<< 250 OK
SMTP>> QUIT
LOG: MAIN
- => c@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1]*
+ => c@test.ex F=<CALLER@test.ex> R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 550 Error for <>
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 550-Multiline error for <>
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP<< 550 Recipient not liked
SMTP>> QUIT
LOG: MAIN REJECT
- H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: (recipient): response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
+ H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
LOG: smtp_connection MAIN
SMTP connection from root closed by QUIT
LOG: smtp_connection MAIN
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
550 Here's the second
SMTP>> QUIT
LOG: MAIN REJECT
- H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: (recipient): response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second
+ H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.domain>: response to "RCPT TO:<z@remote.domain>" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second
LOG: smtp_connection MAIN
SMTP connection from root closed by QUIT
LOG: smtp_connection MAIN
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP>> RCPT TO:<ok@localhost1>
SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
SMTP>> RSET
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP connection from root
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP>> RCPT TO:<ok@localhost1>
SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
SMTP>> RSET
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
LOG: MAIN REJECT
H=[V4NET.0.0.5] U=root sender verify fail for <ok@localhost1>: response to "RCPT TO:<postmaster@localhost1>" from 127.0.0.1 [127.0.0.1] was: 550 Don't like postmaster
LOG: MAIN REJECT
- H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: (postmaster): Sender verify failed
+ H=[V4NET.0.0.5] U=root F=<ok@localhost1> rejected RCPT <z@remote.domain>: Sender verify failed
LOG: smtp_connection MAIN
SMTP connection from root closed by QUIT
LOG: smtp_connection MAIN
SMTP<< 550 Recipient not liked
SMTP>> QUIT
LOG: MAIN REJECT
- H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: (recipient): response to "RCPT TO:<z@remote.lmtp>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
+ H=[V4NET.0.0.3] U=root F=<uncheckable@localhost1> rejected RCPT <z@remote.lmtp>: response to "RCPT TO:<z@remote.lmtp>" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked
LOG: smtp_connection MAIN
SMTP connection from root closed by QUIT
LOG: smtp_connection MAIN
LOG: MAIN PANIC
== no.hosts@test.ex R=no_hosts T=no_hosts defer (-1): no_hosts transport called with no hosts set
LOG: MAIN
- *> userx@test.ex R=good T=remote_delivery H=V4NET.0.0.1 [V4NET.0.0.1]
+ *> userx@test.ex R=good T=remote_delivery H=V4NET.0.0.1 [V4NET.0.0.1] C="delivery bypassed by -N option"
1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found ""
1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return2@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found ""
1999-03-02 09:44:33 10HmaX-0005vi-00 == no.hosts@test.ex R=no_hosts T=no_hosts defer (-1): no_hosts transport called with no hosts set
--------> rr1 router <--------
local_part=CALLER domain=test.ex
checking senders
-address match: subject=CALLER@test.ex pattern=user1@+funny_domains
+address match test: subject=CALLER@test.ex pattern=user1@+funny_domains
CALLER@test.ex in "user1@+funny_domains"? no (end of list)
rr1 router skipped: senders mismatch
--------> r1 router <--------
local_part=CALLER domain=test.ex
checking senders
-address match: subject=CALLER@test.ex pattern=never@test.ex
+address match test: subject=CALLER@test.ex pattern=never@test.ex
CALLER@test.ex in "never@test.ex"? no (end of list)
-address match: subject=CALLER@test.ex pattern=never1@test.ex
+address match test: subject=CALLER@test.ex pattern=never1@test.ex
CALLER@test.ex in "never1@test.ex"? no (end of list)
-address match: subject=CALLER@test.ex pattern=CALLER@test.ex
+address match test: subject=CALLER@test.ex pattern=CALLER@test.ex
test.ex in "test.ex"? yes (matched "test.ex")
CALLER@test.ex in "CALLER@test.ex"? yes (matched "CALLER@test.ex")
CALLER@test.ex in "+never_addresses : +n1_addresses : ! +local_addresses"? no (matched "! +local_addresses")
checking senders
cached no match for +never_addresses
cached lookup data = NULL
-address match: subject=CALLER@test.ex pattern=never2@test.ex
+address match test: subject=CALLER@test.ex pattern=never2@test.ex
cached no match for +n1_addresses
cached lookup data = NULL
CALLER@test.ex in "<; never2@test.ex ; +n1_addresses"? no (end of list)
--------> rr1 router <--------
local_part=CALLER domain=test.ex
checking senders
-address match: subject=user1@fun.1 pattern=user1@+funny_domains
+address match test: subject=user1@fun.1 pattern=user1@+funny_domains
fun.1 in "fun.1 : fun.2"? yes (matched "fun.1")
fun.1 in "+funny_domains"? yes (matched "+funny_domains")
user1@fun.1 in "user1@+funny_domains"? yes (matched "user1@+funny_domains")
*> userx@t1 R=r1 T=t1 H=host.1:host.2
$host=127.0.0.1 $host_address=127.0.0.1
LOG: MAIN
- *> userx@t2 R=r2 T=t2 H=127.0.0.1 [127.0.0.1]
+ *> userx@t2 R=r2 T=t2 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
Completed
Deferred addresses:
locking TESTSUITE/spool/db/retry.lockfile
LOG: MAIN
- *> x@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]
+ *> x@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
- *> y@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]
+ *> y@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
Deferred addresses:
locking TESTSUITE/spool/db/retry.lockfile
LOG: MAIN
- *> x@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2]
+ *> x@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option"
LOG: MAIN
- *> y@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2]
+ *> y@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
locking TESTSUITE/spool/db/retry.lockfile
locking TESTSUITE/spool/db/wait-t1.lockfile
LOG: MAIN
- => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+ => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
LOG: MAIN
Completed
Exim version x.yz ....
locking TESTSUITE/spool/db/retry.lockfile
locking TESTSUITE/spool/db/wait-t1.lockfile
LOG: MAIN
- => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]*
+ => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK"
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
locking TESTSUITE/spool/db/retry.lockfile
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
locking TESTSUITE/spool/db/retry.lockfile
locking TESTSUITE/spool/db/wait-t1.lockfile
LOG: MAIN
- => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+ => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
locking TESTSUITE/spool/db/retry.lockfile
locking TESTSUITE/spool/db/wait-t1.lockfile
LOG: MAIN
- => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]*
+ => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK"
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Considering: userx@test.ex
no domain retry record
+retry time not reached: checking ultimate address timeout
+ now=tttt first_failed=tttt next_try=tttt expired=0
+ received_time=tttt diff=tttt timeout=3600
LOG: retry_defer MAIN
== userx@test.ex routing defer (-51): retry time not reached
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
defer@test.ex
locking TESTSUITE/spool/db/retry.lockfile
LOG: MAIN
- *> unknown@recurse.test.ex.test.ex <cms@test.ex> R=r1 T=t1 H=recurse.test.ex.test.ex [V4NET.99.0.2]
+ *> unknown@recurse.test.ex.test.ex <cms@test.ex> R=r1 T=t1 H=recurse.test.ex.test.ex [V4NET.99.0.2] C="delivery bypassed by -N option"
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
Exim version x.yz ....
check verify = recipient
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Verifying x@a.b.c
-address match: subject=x@a.b.c pattern=x@a.b.c
+address match test: subject=x@a.b.c pattern=x@a.b.c
a.b.c in "a.b.c"? yes (matched "a.b.c")
x@a.b.c in "x@a.b.c"? yes (matched "x@a.b.c")
LOG: address_rewrite MAIN
locking TESTSUITE/spool/db/retry.lockfile
locking TESTSUITE/spool/db/wait-ut4.lockfile
LOG: MAIN
- => d1@myhost.test.ex R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1]
+ => d1@myhost.test.ex R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1] C="250 OK"
locking TESTSUITE/spool/db/retry.lockfile
LOG: MAIN
== d2@myhost.test.ex R=ut4 T=ut4 defer (-44): SMTP error from remote mail server after RCPT TO:<d2@myhost.test.ex>: host 127.0.0.1 [127.0.0.1]: 450 soft error
locking TESTSUITE/spool/db/retry.lockfile
locking TESTSUITE/spool/db/wait-ut4.lockfile
LOG: MAIN
- => d1@myhost.test.ex P=<> R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1]
+ => d1@myhost.test.ex P=<> R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1] C="250 OK"
log writing disabled
locking TESTSUITE/spool/db/retry.lockfile
LOG: MAIN
locking TESTSUITE/spool/db/retry.lockfile
locking TESTSUITE/spool/db/wait-ut6.lockfile
LOG: MAIN
- => f1@myhost.test.ex P=<CALLER@myhost.test.ex> R=ut6 T=ut6 H=127.0.0.1 [127.0.0.1]
+ => f1@myhost.test.ex P=<CALLER@myhost.test.ex> R=ut6 T=ut6 H=127.0.0.1 [127.0.0.1] C="250 OK"
log writing disabled
locking TESTSUITE/spool/db/retry.lockfile
LOG: MAIN
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 550 REJECT MAIL FROM
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP>> RCPT TO:<ok@otherhost>
SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
SMTP>> RSET
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP>> RCPT TO:<ok@otherhost2>
SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
SMTP>> RSET
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP<< 250 OK
SMTP>> RCPT TO:<ok@otherhost41>
SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
SMTP>> RSET
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP>> RCPT TO:<ok@otherhost21>
SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
SMTP>> RSET
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP>> RCPT TO:<okokok@otherhost52>
SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
SMTP>> RSET
SMTP<< 250 OK
SMTP>> MAIL FROM:<pmsend@a.domain>
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<somesender@a.domain>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP>> RCPT TO:<ok@otherhost9>
SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
SMTP>> RSET
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<postmaster@myhost.test.ex>
SMTP<< 250 OK
SMTP<< 250 OK
SMTP>> RCPT TO:<z@test.ex>
SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
SMTP>> RSET
SMTP<< 250 OK
SMTP>> MAIL FROM:<pmsend@b.domain>
added retry item for R:x@y: errno=-44 more_errno=dd,A flags=0
SMTP>> QUIT
set_process_info: pppp delivering 10HmaX-0005vi-00: just tried 127.0.0.1 [127.0.0.1] for x@y: result OK
-address match: subject=*@127.0.0.1 pattern=*
+address match test: subject=*@127.0.0.1 pattern=*
127.0.0.1 in "*"? yes (matched "*")
*@127.0.0.1 in "*"? yes (matched "*")
checking status of V4NET.0.0.0
EXIM_DBOPEN(TESTSUITE/spool/db/retry)
returned from EXIM_DBOPEN
opened hints database TESTSUITE/spool/db/retry: flags=O_RDWR
-address match: subject=x@y pattern=*
+address match test: subject=x@y pattern=*
y in "*"? yes (matched "*")
x@y in "*"? yes (matched "*")
retry for R:x@y = * 0 0
first failed=dddd last try=dddd next try=+1 expired=1
errno=-44 more_errno=dd,A SMTP error from remote mail server after RCPT TO:<x@y>: host 127.0.0.1 [127.0.0.1]: 451 Temporary error
dbfn_write: key=R:x@y
-address match: subject=*@V4NET.0.0.0 pattern=*
+address match test: subject=*@V4NET.0.0.0 pattern=*
V4NET.0.0.0 in "*"? yes (matched "*")
*@V4NET.0.0.0 in "*"? yes (matched "*")
retry for T:V4NET.0.0.0:V4NET.0.0.0:1224 (y) = * 0 0
checking local_parts
CALLER in "CALLER"? yes (matched "CALLER")
checking senders
-address match: subject= pattern=
+address match test: subject= pattern=
in ":"? yes (matched "")
calling r0 router
rda_interpret (string): :blackhole:
check verify = sender
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Verifying U@W.x.y
-address match: subject=U@w.x.y pattern=*@*.x.y
+address match test: subject=U@w.x.y pattern=*@*.x.y
w.x.y in "*.x.y"? yes (matched "*.x.y")
U@W.x.y in "*@*.x.y"? yes (matched "*@*.x.y")
LOG: address_rewrite MAIN
using ACL "rcpt"
processing "deny"
check senders = qq@remote
-address match: subject=qq@remote pattern=qq@remote
+address match test: subject=qq@remote pattern=qq@remote
remote in "remote"? yes (matched "remote")
qq@remote in "qq@remote"? yes (matched "qq@remote")
check !verify = sender
deny: condition test failed in ACL "rcpt"
processing "warn"
check senders = qq@remote
-address match: subject=qq@remote pattern=qq@remote
+address match test: subject=qq@remote pattern=qq@remote
remote in "remote"? yes (matched "remote")
qq@remote in "qq@remote"? yes (matched "qq@remote")
check !verify = sender/callout
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO mail.test.ex
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO mail.test.ex
SMTP<< 250 OK
+127.0.0.1 in hosts_require_auth? no (option unset)
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP>> RCPT TO:<qq@remote>
U=CALLER Warning: Sender verify failed: response to "RCPT TO:<qq@remote>" from 127.0.0.1 [127.0.0.1] was: 550 Unknown
processing "accept"
check senders = qq@remote
-address match: subject=qq@remote pattern=qq@remote
+address match test: subject=qq@remote pattern=qq@remote
remote in "remote"? yes (matched "remote")
qq@remote in "qq@remote"? yes (matched "qq@remote")
accept: condition test succeeded in ACL "rcpt"
using ACL "rcpt"
processing "deny"
check senders = qq@remote
-address match: subject=qq@remote pattern=qq@remote
+address match test: subject=qq@remote pattern=qq@remote
remote in "remote"? yes (matched "remote")
qq@remote in "qq@remote"? yes (matched "qq@remote")
check !verify = sender
deny: condition test failed in ACL "rcpt"
processing "warn"
check senders = qq@remote
-address match: subject=qq@remote pattern=qq@remote
+address match test: subject=qq@remote pattern=qq@remote
remote in "remote"? yes (matched "remote")
qq@remote in "qq@remote"? yes (matched "qq@remote")
check !verify = sender/callout
U=CALLER Warning: Sender verify failed
processing "accept"
check senders = qq@remote
-address match: subject=qq@remote pattern=qq@remote
+address match test: subject=qq@remote pattern=qq@remote
remote in "remote"? yes (matched "remote")
qq@remote in "qq@remote"? yes (matched "qq@remote")
accept: condition test succeeded in ACL "rcpt"
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 server ready
- SMTP>> HELO myhost.test.ex
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
+127.0.0.1 in hosts_require_auth? no (option unset)
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP>> RCPT TO:<x@y>
>>> interface=NULL port=1224
>>> Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
>>> SMTP<< 220 server ready
->>> SMTP>> HELO myhost.test.ex
+>>> 127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+>>> SMTP>> EHLO myhost.test.ex
>>> SMTP<< 250 OK
+>>> 127.0.0.1 in hosts_require_auth? no (option unset)
>>> SMTP>> MAIL FROM:<>
>>> SMTP<< 250 OK
>>> SMTP>> RCPT TO:<a@b>
>>> interface=NULL port=1224
>>> Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
>>> SMTP<< 220 server ready
->>> SMTP>> HELO myhost.test.ex
+>>> 127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+>>> SMTP>> EHLO myhost.test.ex
>>> SMTP timeout
>>> ----------- end verify ------------
>>> accept: condition test deferred in ACL "mail"
>>> Attempting full verification using callout
>>> callout cache: no domain record found
>>> callout cache: no address record found
->>> interface=NULL port=25
->>> Connecting to ten-1.test.ex [V4NET.0.0.1]:25 ... failed: Network Error
+>>> cannot callout via null transport
>>> ----------- end verify ------------
>>> accept: condition test deferred in ACL "rcpt"
-LOG: H=[V4NET.0.0.1] sender verify defer for <x@ten-1.test.ex>: could not connect to ten-1.test.ex [V4NET.0.0.1]: Network Error
+LOG: H=[V4NET.0.0.1] sender verify defer for <x@ten-1.test.ex>: Could not complete sender verify callout
LOG: H=[V4NET.0.0.1] F=<x@ten-1.test.ex> temporarily rejected RCPT x@y: Could not complete sender verify callout
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
SMTP>> RCPT TO:<Ok@localhost>
SMTP<< 250 OK
+Cutthrough cancelled by presence of postmaster verify
SMTP>> RSET
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO myhost.test.ex
+ SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
<= CALLER@myhost.test.ex U=CALLER P=local S=sss
delivering 10HmaX-0005vi-00
LOG: MAIN
- *> x@srv01.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]:25
+ *> x@srv01.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]:25 C="delivery bypassed by -N option"
LOG: MAIN
Completed
LOG: MAIN
<= CALLER@myhost.test.ex U=CALLER P=local S=sss
delivering 10HmaY-0005vi-00
LOG: MAIN
- *> x@srv03.test.ex R=r1 T=t1 H=ten-4.test.ex [V4NET.0.0.4]:88
+ *> x@srv03.test.ex R=r1 T=t1 H=ten-4.test.ex [V4NET.0.0.4]:88 C="delivery bypassed by -N option"
LOG: MAIN
Completed
LOG: MAIN
SMTP<< 250 OK
SMTP>> QUIT
LOG: MAIN
- => x@srv27.test.ex R=r1 T=t1 H=localhost.test.ex [127.0.0.1]:1224
+ => x@srv27.test.ex R=r1 T=t1 H=localhost.test.ex [127.0.0.1]:1224 C="250 OK"
LOG: MAIN
Completed
**** debug string too long - truncated ****
-address match: subject=r1@test.ex pattern=*@*
+address match test: subject=r1@test.ex pattern=*@*
test.ex in "*"? yes (matched "*")
r1@test.ex in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
file lookup required for *.test.ex
in TESTSUITE/aux-fixed/0471.rw
lookup failed
-address match: subject=CALLER@myhost.test.ex pattern=*@*
+address match test: subject=CALLER@myhost.test.ex pattern=*@*
myhost.test.ex in "*"? yes (matched "*")
CALLER@myhost.test.ex in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.examp
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.exa
**** debug string too long - truncated ****
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
remainder: random@test.example,
random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
**** debug string too long - truncated ****
remainder: random@test.example,
random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
random@rwtest.example,
**** debug string too long - truncated ****
remainder: random@test.example
-address match: subject=random@test.example pattern=*@*
+address match test: subject=random@test.example pattern=*@*
test.example in "*"? yes (matched "*")
random@test.example in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
remainder:
rewrite_one_header: type=F:
From: CALLER_NAME <CALLER@myhost.test.ex>
-address match: subject=CALLER@myhost.test.ex pattern=*@*
+address match test: subject=CALLER@myhost.test.ex pattern=*@*
myhost.test.ex in "*"? yes (matched "*")
CALLER@myhost.test.ex in "*@*"? yes (matched "*@*")
search_open: lsearch "TESTSUITE/aux-fixed/0471.rw"
interface=NULL port=1224
Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected
SMTP<< 220 Server ready
- SMTP>> HELO the.local.host.name
+ SMTP>> EHLO the.local.host.name
SMTP<< 250 OK
SMTP>> MAIL FROM:<>
SMTP<< 250 OK
usery@test.ex
checking status of 127.0.0.1
no message retry record
-host retry time not reached: checking ultimate address timeout
- now=tttt first_failed=tttt next_try=tttt expired=0
- received_time=tttt diff=tttt timeout=86400
127.0.0.1 [127.0.0.1]:1111 status = unusable
all IP addresses skipped or deferred at least one address
updating wait-t1 database
check verify = sender
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Verifying a@b
-address match: subject=a@b pattern=a@b
+address match test: subject=a@b pattern=a@b
b in "b"? yes (matched "b")
a@b in "a@b"? yes (matched "a@b")
LOG: address_rewrite MAIN
locking TESTSUITE/spool/db/retry.lockfile
retry record exists: age=ttt (max 1w)
time to retry = tttt expired = 0
-retry time not reached for TESTSUITE/test-mail/rmbox: checking ultimate address timeout
+retry time not reached: checking ultimate address timeout
now=tttt first_failed=tttt next_try=tttt expired=0
received_time=tttt diff=tttt timeout=259200
LOG: retry_defer MAIN
locking TESTSUITE/spool/db/retry.lockfile
locking TESTSUITE/spool/db/wait-smtp.lockfile
LOG: MAIN
- => userx@domain1 R=smarthost T=smtp H=thisloop.test.ex [127.0.0.1]
+ => userx@domain1 R=smarthost T=smtp H=thisloop.test.ex [127.0.0.1] C="250 OK"
LOG: MAIN
Completed
locking TESTSUITE/spool/db/retry.lockfile
existing delete item dropped
added delete item
LOG: MAIN
- => x@y R=r1 T=smtp H=127.0.0.1 [127.0.0.1]
+ => x@y R=r1 T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
Processing retry items
Succeeded addresses:
x@y
SMTP<< 250 OK id=10HmaZ-0005vi-00
SMTP>> QUIT
LOG: MAIN
- => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+ => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
LOG: MAIN
Completed
delivering 10HmaY-0005vi-00 (queue run pid ppppp)
SMTP<< 250 OK id=10HmbA-0005vi-00
SMTP>> QUIT
LOG: MAIN
- => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+ => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
LOG: MAIN
- -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+ -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
Connecting to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:1225 ... connected
SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK id=10HmbB-0005vi-00
SMTP>> QUIT
LOG: MAIN
- => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+ => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00"
LOG: MAIN
Completed
LOG: queue_run MAIN
250-STARTTLS
250 HELP
LOG: MAIN
- => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+ => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
LOG: MAIN
Completed
Exim version x.yz ....
SMTP<< 250 OK id=10HmbA-0005vi-00
SMTP>> QUIT
LOG: MAIN
- => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock"
+ => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
SMTP<< 250 OK id=10HmaZ-0005vi-00
SMTP>> QUIT
LOG: MAIN
- => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+ => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
LOG: MAIN
Completed
delivering 10HmaY-0005vi-00 (queue run pid ppppp)
SMTP<< 250 OK id=10HmbA-0005vi-00
SMTP>> QUIT
LOG: MAIN
- => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+ => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
LOG: MAIN
- -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+ -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
Connecting to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:1225 ... connected
SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
SMTP>> EHLO myhost.test.ex
SMTP<< 250 OK id=10HmbB-0005vi-00
SMTP>> QUIT
LOG: MAIN
- => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+ => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00"
LOG: MAIN
Completed
LOG: queue_run MAIN
250-STARTTLS
250 HELP
LOG: MAIN
- => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+ => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
LOG: MAIN
Completed
Exim version x.yz ....
SMTP<< 250 OK id=10HmbA-0005vi-00
SMTP>> QUIT
LOG: MAIN
- => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock"
+ => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
LOG: MAIN
Completed
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
lookup yielded: A TXT record for test.ex.
test.ex in "dnsdb;test.ex"? yes (matched "dnsdb;test.ex")
checking senders
-address match: subject=CALLER@myhost.test.ex pattern=dnsdb;A=myhost.test.ex
+address match test: subject=CALLER@myhost.test.ex pattern=dnsdb;A=myhost.test.ex
search_open: dnsdb "NULL"
cached open
search_find: file="NULL"
SMTP<< 250 OK
SMTP>> QUIT
LOG: MAIN
- => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]
+ => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK"
LOG: MAIN
Completed
LOG: MAIN
SMTP<< 250 OK
SMTP>> QUIT
LOG: MAIN
- => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]
+ => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK"
LOG: MAIN
Completed
LOG: MAIN
SMTP<< 250 OK
SMTP>> QUIT
LOG: MAIN
- => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]
+ => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=login C="250 OK"
LOG: MAIN
Completed
EXIM_DBOPEN(TESTSUITE/spool/db/retry)
returned from EXIM_DBOPEN
opened hints database TESTSUITE/spool/db/retry: flags=O_RDWR
-address match: subject=userx@test.ex pattern=*
+address match test: subject=userx@test.ex pattern=*
test.ex in "*"? yes (matched "*")
userx@test.ex in "*"? yes (matched "*")
retry for T:userx@test.ex = * 0 0
EXIM_DBOPEN(TESTSUITE/spool/db/retry)
returned from EXIM_DBOPEN
opened hints database TESTSUITE/spool/db/retry: flags=O_RDWR
-address match: subject=userx@test.ex pattern=*
+address match test: subject=userx@test.ex pattern=*
test.ex in "*"? yes (matched "*")
userx@test.ex in "*"? yes (matched "*")
retry for T:userx@test.ex = * 0 0
--- /dev/null
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+using ACL "ar"
+processing "accept"
+check control = cutthrough_delivery
+check logwrite = rcpt for $local_part@$domain
+ = rcpt for userx@domain.com
+LOG: MAIN
+ rcpt for userx@domain.com
+created log directory TESTSUITE/spool/log
+accept: condition test succeeded in ACL "ar"
+----------- start cutthrough setup ------------
+Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected
+ SMTP<< 220 ESMTP
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 Sender OK
+ SMTP>> RCPT TO:<userx@domain.com>
+ SMTP<< 250 Recipient OK
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Send data
+ SMTP>>(nl)
+ SMTP>> .
+ SMTP<< 250 OK
+LOG: MAIN
+ >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+using ACL "ar"
+processing "accept"
+check control = cutthrough_delivery
+check logwrite = rcpt for $local_part@$domain
+ = rcpt for userz@domain.com
+LOG: MAIN
+ rcpt for userz@domain.com
+accept: condition test succeeded in ACL "ar"
+----------- start cutthrough setup ------------
+Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected
+ SMTP<< 220 SMTP only spoken here
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 550 Not here, mate
+ SMTP>> HELO myhost.test.ex
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 Sender OK
+ SMTP>> RCPT TO:<userz@domain.com>
+ SMTP<< 250 Recipient OK
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Send data
+ SMTP>>(nl)
+ SMTP>> .
+ SMTP<< 250 OK
+LOG: MAIN
+ >> userz@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+using ACL "ar"
+processing "accept"
+check control = cutthrough_delivery
+check logwrite = rcpt for $local_part@$domain
+ = rcpt for usery@domain.com
+LOG: MAIN
+ rcpt for usery@domain.com
+accept: condition test succeeded in ACL "ar"
+----------- start cutthrough setup ------------
+Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected
+ SMTP<< 220 ESMTP
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 Sender OK
+ SMTP>> RCPT TO:<usery@domain.com>
+ SMTP<< 250 Recipient OK
+----------- end cutthrough setup ------------
+using ACL "ar"
+processing "accept"
+check control = cutthrough_delivery
+check logwrite = rcpt for $local_part@$domain
+ = rcpt for userx@domain.com
+LOG: MAIN
+ rcpt for userx@domain.com
+accept: condition test succeeded in ACL "ar"
+ SMTP>> QUIT
+----------- cutthrough shutdown (more than one recipient) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+trusted user
+admin user
+skipping ACL configuration - not needed
+>>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>>
+--------> usery@domain.com <--------
+smtp transport entered
+ usery@domain.com
+ userx@domain.com
+checking status of 127.0.0.1
+127.0.0.1 [127.0.0.1]:1111 status = usable
+delivering 10HmaZ-0005vi-00 to 127.0.0.1 [127.0.0.1] (usery@domain.com, ...)
+Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected
+ SMTP<< 220 ESMTP
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250 OK
+not using PIPELINING
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 Sender OK
+ SMTP>> RCPT TO:<usery@domain.com>
+ SMTP<< 250 Recipient OK
+ SMTP>> RCPT TO:<userx@domain.com>
+ SMTP<< 250 Recipient OK
+ SMTP>> DATA
+ SMTP<< 354 Send data
+ SMTP>> writing message and terminating "."
+writing data block fd=dddd size=sss timeout=300
+ SMTP<< 250 OK
+ok=1 send_quit=1 send_rset=0 continue_more=0 yield=0 first_address is NULL
+transport_check_waiting entered
+ sequence=1 local_max=500 global_max=-1
+no messages waiting for 127.0.0.1
+ SMTP>> QUIT
+Leaving smtp transport
+LOG: MAIN
+ => usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+LOG: MAIN
+ -> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+LOG: MAIN
+ Completed
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
--- /dev/null
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+using ACL "acl_rcpt"
+processing "accept"
+check control = cutthrough_delivery
+check verify = recipient
+----------- end verify ------------
+accept: condition test succeeded in ACL "acl_rcpt"
+----------- start cutthrough setup ------------
+Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected
+ SMTP<< 220 ESMTP
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250 OK
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 Sender OK
+ SMTP>> RCPT TO:<userx@domain.com>
+ SMTP<< 250 Recipient OK
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Send data
+ SMTP>>(nl)
+ SMTP>> .
+ SMTP<< 250 OK
+LOG: MAIN
+ >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK"
+created log directory TESTSUITE/spool/log
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
--- /dev/null
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+ in hosts_connection_nolog? no (option unset)
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ in pipelining_advertise_hosts? yes (matched "*")
+ in tls_advertise_hosts? yes (matched "*")
+expanding: SERVER
+ result: SERVER
+expanding: server
+ result: server
+condition: eq {SERVER}{server}
+ result: false
+expanding: queue
+ result: queue
+skipping: result is not used
+expanding: cutthrough
+ result: cutthrough
+expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ result: cutthrough
+using ACL "cutthrough"
+processing "accept"
+check control = cutthrough_delivery
+check verify = recipient
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: userx
+domain.com in "*"? yes (matched "*")
+----------- end verify ------------
+accept: condition test succeeded in ACL "cutthrough"
+----------- start cutthrough setup ------------
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: userx
+domain.com in "*"? yes (matched "*")
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+expanding: $primary_hostname
+ result: myhost.test.ex
+ SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250-STARTTLS
+ 250 HELP
+expanding: $address_data
+ result: userx
+expanding: usery
+ result: usery
+condition: eq {$address_data}{usery}
+ result: false
+expanding: *
+ result: *
+skipping: result is not used
+expanding: :
+ result: :
+expanding: ${if eq {$address_data}{usery}{*}{:}}
+ result: :
+127.0.0.1 in hosts_avoid_tls? no (end of list)
+ SMTP>> STARTTLS
+ SMTP<< 220 TLS go ahead
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250 HELP
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 OK
+ SMTP>> RCPT TO:<userx@domain.com>
+ SMTP<< 250 Accepted
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+condition: def:sender_rcvhost
+ result: false
+expanding: from $sender_rcvhost
+
+ result: from
+
+skipping: result is not used
+condition: def:sender_ident
+ result: true
+expanding: $sender_ident
+ result: CALLER
+expanding: from ${quote_local_part:$sender_ident}
+ result: from CALLER
+condition: def:sender_helo_name
+ result: true
+expanding: (helo=$sender_helo_name)
+
+ result: (helo=myhost.test.ex)
+
+expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ result: from CALLER (helo=myhost.test.ex)
+
+condition: def:received_protocol
+ result: true
+expanding: with $received_protocol
+ result: with local-esmtp
+condition: def:sender_address
+ result: true
+expanding: (envelope-from <$sender_address>)
+
+ result: (envelope-from <CALLER@myhost.test.ex>)
+
+condition: def:received_for
+ result: true
+expanding:
+ for $received_for
+ result:
+ for userx@domain.com
+PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+ SMTP>> .
+ SMTP<< 250 OK id=10HmaX-0005vi-00
+LOG: MAIN
+ >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaX-0005vi-00"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+ in hosts_connection_nolog? no (option unset)
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ in pipelining_advertise_hosts? yes (matched "*")
+ in tls_advertise_hosts? yes (matched "*")
+expanding: SERVER
+ result: SERVER
+expanding: server
+ result: server
+condition: eq {SERVER}{server}
+ result: false
+expanding: queue
+ result: queue
+skipping: result is not used
+expanding: cutthrough
+ result: cutthrough
+expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ result: cutthrough
+using ACL "cutthrough"
+processing "accept"
+check control = cutthrough_delivery
+check verify = recipient
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+----------- end verify ------------
+accept: condition test succeeded in ACL "cutthrough"
+----------- start cutthrough setup ------------
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+expanding: $primary_hostname
+ result: myhost.test.ex
+ SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250-STARTTLS
+ 250 HELP
+expanding: $address_data
+ result: usery
+expanding: usery
+ result: usery
+condition: eq {$address_data}{usery}
+ result: true
+expanding: *
+ result: *
+expanding: :
+ result: :
+skipping: result is not used
+expanding: ${if eq {$address_data}{usery}{*}{:}}
+ result: *
+127.0.0.1 in hosts_avoid_tls? yes (matched "*")
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 OK
+ SMTP>> RCPT TO:<usery@domain.com>
+ SMTP<< 250 Accepted
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+condition: def:sender_rcvhost
+ result: false
+expanding: from $sender_rcvhost
+
+ result: from
+
+skipping: result is not used
+condition: def:sender_ident
+ result: true
+expanding: $sender_ident
+ result: CALLER
+expanding: from ${quote_local_part:$sender_ident}
+ result: from CALLER
+condition: def:sender_helo_name
+ result: true
+expanding: (helo=$sender_helo_name)
+
+ result: (helo=myhost.test.ex)
+
+expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ result: from CALLER (helo=myhost.test.ex)
+
+condition: def:received_protocol
+ result: true
+expanding: with $received_protocol
+ result: with local-esmtp
+condition: def:sender_address
+ result: true
+expanding: (envelope-from <$sender_address>)
+
+ result: (envelope-from <CALLER@myhost.test.ex>)
+
+condition: def:received_for
+ result: true
+expanding:
+ for $received_for
+ result:
+ for usery@domain.com
+PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+ SMTP>> .
+ SMTP<< 250 OK id=10HmaZ-0005vi-00
+LOG: MAIN
+ >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+
+******** SERVER ********
--- /dev/null
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+ in hosts_connection_nolog? no (option unset)
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ in pipelining_advertise_hosts? yes (matched "*")
+ in tls_advertise_hosts? yes (matched "*")
+expanding: SERVER
+ result: SERVER
+expanding: server
+ result: server
+condition: eq {SERVER}{server}
+ result: false
+expanding: queue
+ result: queue
+skipping: result is not used
+expanding: cutthrough
+ result: cutthrough
+expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ result: cutthrough
+using ACL "cutthrough"
+processing "accept"
+check control = cutthrough_delivery
+check verify = recipient
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: userx
+domain.com in "*"? yes (matched "*")
+----------- end verify ------------
+accept: condition test succeeded in ACL "cutthrough"
+----------- start cutthrough setup ------------
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: userx
+domain.com in "*"? yes (matched "*")
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+expanding: $primary_hostname
+ result: myhost.test.ex
+ SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250-STARTTLS
+ 250 HELP
+expanding: $address_data
+ result: userx
+expanding: usery
+ result: usery
+condition: eq {$address_data}{usery}
+ result: false
+expanding: *
+ result: *
+skipping: result is not used
+expanding: :
+ result: :
+expanding: ${if eq {$address_data}{usery}{*}{:}}
+ result: :
+127.0.0.1 in hosts_avoid_tls? no (end of list)
+expanding: $address_data
+ result: userx
+expanding: userz
+ result: userz
+condition: eq {$address_data}{userz}
+ result: false
+expanding: *
+ result: *
+skipping: result is not used
+expanding: :
+ result: :
+expanding: ${if eq {$address_data}{userz}{*}{:}}
+ result: :
+127.0.0.1 in hosts_verify_avoid_tls? no (end of list)
+ SMTP>> STARTTLS
+ SMTP<< 220 TLS go ahead
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250 HELP
+127.0.0.1 in hosts_require_auth? no (option unset)
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 OK
+ SMTP>> RCPT TO:<userx@domain.com>
+ SMTP<< 250 Accepted
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+condition: def:sender_rcvhost
+ result: false
+expanding: from $sender_rcvhost
+
+ result: from
+
+skipping: result is not used
+condition: def:sender_ident
+ result: true
+expanding: $sender_ident
+ result: CALLER
+expanding: from ${quote_local_part:$sender_ident}
+ result: from CALLER
+condition: def:sender_helo_name
+ result: true
+expanding: (helo=$sender_helo_name)
+
+ result: (helo=myhost.test.ex)
+
+expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ result: from CALLER (helo=myhost.test.ex)
+
+condition: def:received_protocol
+ result: true
+expanding: with $received_protocol
+ result: with local-esmtp
+condition: def:sender_address
+ result: true
+expanding: (envelope-from <$sender_address>)
+
+ result: (envelope-from <CALLER@myhost.test.ex>)
+
+condition: def:received_for
+ result: true
+expanding:
+ for $received_for
+ result:
+ for userx@domain.com
+PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+ SMTP>> .
+ SMTP<< 250 OK id=10HmaX-0005vi-00
+LOG: MAIN
+ >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaX-0005vi-00"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+ in hosts_connection_nolog? no (option unset)
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ in pipelining_advertise_hosts? yes (matched "*")
+ in tls_advertise_hosts? yes (matched "*")
+expanding: SERVER
+ result: SERVER
+expanding: server
+ result: server
+condition: eq {SERVER}{server}
+ result: false
+expanding: queue
+ result: queue
+skipping: result is not used
+expanding: cutthrough
+ result: cutthrough
+expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ result: cutthrough
+using ACL "cutthrough"
+processing "accept"
+check control = cutthrough_delivery
+check verify = recipient
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+----------- end verify ------------
+accept: condition test succeeded in ACL "cutthrough"
+----------- start cutthrough setup ------------
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+expanding: $primary_hostname
+ result: myhost.test.ex
+ SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250-STARTTLS
+ 250 HELP
+expanding: $address_data
+ result: usery
+expanding: usery
+ result: usery
+condition: eq {$address_data}{usery}
+ result: true
+expanding: *
+ result: *
+expanding: :
+ result: :
+skipping: result is not used
+expanding: ${if eq {$address_data}{usery}{*}{:}}
+ result: *
+127.0.0.1 in hosts_avoid_tls? yes (matched "*")
+127.0.0.1 in hosts_require_auth? no (option unset)
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 OK
+ SMTP>> RCPT TO:<usery@domain.com>
+ SMTP<< 250 Accepted
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+condition: def:sender_rcvhost
+ result: false
+expanding: from $sender_rcvhost
+
+ result: from
+
+skipping: result is not used
+condition: def:sender_ident
+ result: true
+expanding: $sender_ident
+ result: CALLER
+expanding: from ${quote_local_part:$sender_ident}
+ result: from CALLER
+condition: def:sender_helo_name
+ result: true
+expanding: (helo=$sender_helo_name)
+
+ result: (helo=myhost.test.ex)
+
+expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ result: from CALLER (helo=myhost.test.ex)
+
+condition: def:received_protocol
+ result: true
+expanding: with $received_protocol
+ result: with local-esmtp
+condition: def:sender_address
+ result: true
+expanding: (envelope-from <$sender_address>)
+
+ result: (envelope-from <CALLER@myhost.test.ex>)
+
+condition: def:received_for
+ result: true
+expanding:
+ for $received_for
+ result:
+ for usery@domain.com
+PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+ SMTP>> .
+ SMTP<< 250 OK id=10HmaZ-0005vi-00
+LOG: MAIN
+ >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+ in hosts_connection_nolog? no (option unset)
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ in pipelining_advertise_hosts? yes (matched "*")
+ in tls_advertise_hosts? yes (matched "*")
+expanding: SERVER
+ result: SERVER
+expanding: server
+ result: server
+condition: eq {SERVER}{server}
+ result: false
+expanding: queue
+ result: queue
+skipping: result is not used
+expanding: cutthrough
+ result: cutthrough
+expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ result: cutthrough
+using ACL "cutthrough"
+processing "accept"
+check control = cutthrough_delivery
+check verify = recipient
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+----------- end verify ------------
+accept: condition test succeeded in ACL "cutthrough"
+----------- start cutthrough setup ------------
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+expanding: $primary_hostname
+ result: myhost.test.ex
+ SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250-STARTTLS
+ 250 HELP
+expanding: $address_data
+ result: usery
+expanding: usery
+ result: usery
+condition: eq {$address_data}{usery}
+ result: true
+expanding: *
+ result: *
+expanding: :
+ result: :
+skipping: result is not used
+expanding: ${if eq {$address_data}{usery}{*}{:}}
+ result: *
+127.0.0.1 in hosts_avoid_tls? yes (matched "*")
+127.0.0.1 in hosts_require_auth? no (option unset)
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 OK
+ SMTP>> RCPT TO:<usery@domain.com>
+ SMTP<< 250 Accepted
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+condition: def:sender_rcvhost
+ result: false
+expanding: from $sender_rcvhost
+
+ result: from
+
+skipping: result is not used
+condition: def:sender_ident
+ result: true
+expanding: $sender_ident
+ result: CALLER
+expanding: from ${quote_local_part:$sender_ident}
+ result: from CALLER
+condition: def:sender_helo_name
+ result: true
+expanding: (helo=$sender_helo_name)
+
+ result: (helo=myhost.test.ex)
+
+expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ result: from CALLER (helo=myhost.test.ex)
+
+condition: def:received_protocol
+ result: true
+expanding: with $received_protocol
+ result: with local-esmtp
+condition: def:sender_address
+ result: true
+expanding: (envelope-from <$sender_address>)
+
+ result: (envelope-from <CALLER@myhost.test.ex>)
+
+condition: def:received_for
+ result: true
+expanding:
+ for $received_for
+ result:
+ for usery@domain.com
+PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+ SMTP>> .
+ SMTP<< 250 OK id=10HmbB-0005vi-00
+LOG: MAIN
+ >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+
+******** SERVER ********
--- /dev/null
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+ in hosts_connection_nolog? no (option unset)
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ in pipelining_advertise_hosts? yes (matched "*")
+ in tls_advertise_hosts? yes (matched "*")
+expanding: SERVER
+ result: SERVER
+expanding: server
+ result: server
+condition: eq {SERVER}{server}
+ result: false
+expanding: queue
+ result: queue
+skipping: result is not used
+expanding: cutthrough
+ result: cutthrough
+expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ result: cutthrough
+using ACL "cutthrough"
+processing "accept"
+check control = cutthrough_delivery
+check verify = recipient
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: userx
+domain.com in "*"? yes (matched "*")
+----------- end verify ------------
+accept: condition test succeeded in ACL "cutthrough"
+----------- start cutthrough setup ------------
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: userx
+domain.com in "*"? yes (matched "*")
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+expanding: $primary_hostname
+ result: myhost.test.ex
+ SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250-STARTTLS
+ 250 HELP
+expanding: $address_data
+ result: userx
+expanding: usery
+ result: usery
+condition: eq {$address_data}{usery}
+ result: false
+expanding: *
+ result: *
+skipping: result is not used
+expanding: :
+ result: :
+expanding: ${if eq {$address_data}{usery}{*}{:}}
+ result: :
+127.0.0.1 in hosts_avoid_tls? no (end of list)
+expanding: $address_data
+ result: userx
+expanding: userz
+ result: userz
+condition: eq {$address_data}{userz}
+ result: false
+expanding: *
+ result: *
+skipping: result is not used
+expanding: :
+ result: :
+expanding: ${if eq {$address_data}{userz}{*}{:}}
+ result: :
+127.0.0.1 in hosts_verify_avoid_tls? no (end of list)
+ SMTP>> STARTTLS
+ SMTP<< 220 TLS go ahead
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250 HELP
+127.0.0.1 in hosts_require_auth? no (option unset)
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 OK
+ SMTP>> RCPT TO:<userx@domain.com>
+ SMTP<< 250 Accepted
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+condition: def:sender_rcvhost
+ result: false
+expanding: from $sender_rcvhost
+
+ result: from
+
+skipping: result is not used
+condition: def:sender_ident
+ result: true
+expanding: $sender_ident
+ result: CALLER
+expanding: from ${quote_local_part:$sender_ident}
+ result: from CALLER
+condition: def:sender_helo_name
+ result: true
+expanding: (helo=$sender_helo_name)
+
+ result: (helo=myhost.test.ex)
+
+expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ result: from CALLER (helo=myhost.test.ex)
+
+condition: def:received_protocol
+ result: true
+expanding: with $received_protocol
+ result: with local-esmtp
+condition: def:sender_address
+ result: true
+expanding: (envelope-from <$sender_address>)
+
+ result: (envelope-from <CALLER@myhost.test.ex>)
+
+condition: def:received_for
+ result: true
+expanding:
+ for $received_for
+ result:
+ for userx@domain.com
+PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+ SMTP>> .
+ SMTP<< 250 OK id=10HmaX-0005vi-00
+LOG: MAIN
+ >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C="250 OK id=10HmaX-0005vi-00"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+ in hosts_connection_nolog? no (option unset)
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ in pipelining_advertise_hosts? yes (matched "*")
+ in tls_advertise_hosts? yes (matched "*")
+expanding: SERVER
+ result: SERVER
+expanding: server
+ result: server
+condition: eq {SERVER}{server}
+ result: false
+expanding: queue
+ result: queue
+skipping: result is not used
+expanding: cutthrough
+ result: cutthrough
+expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ result: cutthrough
+using ACL "cutthrough"
+processing "accept"
+check control = cutthrough_delivery
+check verify = recipient
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+----------- end verify ------------
+accept: condition test succeeded in ACL "cutthrough"
+----------- start cutthrough setup ------------
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+expanding: $primary_hostname
+ result: myhost.test.ex
+ SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250-STARTTLS
+ 250 HELP
+expanding: $address_data
+ result: usery
+expanding: usery
+ result: usery
+condition: eq {$address_data}{usery}
+ result: true
+expanding: *
+ result: *
+expanding: :
+ result: :
+skipping: result is not used
+expanding: ${if eq {$address_data}{usery}{*}{:}}
+ result: *
+127.0.0.1 in hosts_avoid_tls? yes (matched "*")
+127.0.0.1 in hosts_require_auth? no (option unset)
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 OK
+ SMTP>> RCPT TO:<usery@domain.com>
+ SMTP<< 250 Accepted
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+condition: def:sender_rcvhost
+ result: false
+expanding: from $sender_rcvhost
+
+ result: from
+
+skipping: result is not used
+condition: def:sender_ident
+ result: true
+expanding: $sender_ident
+ result: CALLER
+expanding: from ${quote_local_part:$sender_ident}
+ result: from CALLER
+condition: def:sender_helo_name
+ result: true
+expanding: (helo=$sender_helo_name)
+
+ result: (helo=myhost.test.ex)
+
+expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ result: from CALLER (helo=myhost.test.ex)
+
+condition: def:received_protocol
+ result: true
+expanding: with $received_protocol
+ result: with local-esmtp
+condition: def:sender_address
+ result: true
+expanding: (envelope-from <$sender_address>)
+
+ result: (envelope-from <CALLER@myhost.test.ex>)
+
+condition: def:received_for
+ result: true
+expanding:
+ for $received_for
+ result:
+ for usery@domain.com
+PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+ SMTP>> .
+ SMTP<< 250 OK id=10HmaZ-0005vi-00
+LOG: MAIN
+ >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+Exim version x.yz ....
+configuration file is TESTSUITE/test-config
+admin user
+ in hosts_connection_nolog? no (option unset)
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER
+expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full
+ result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+ in pipelining_advertise_hosts? yes (matched "*")
+ in tls_advertise_hosts? yes (matched "*")
+expanding: SERVER
+ result: SERVER
+expanding: server
+ result: server
+condition: eq {SERVER}{server}
+ result: false
+expanding: queue
+ result: queue
+skipping: result is not used
+expanding: cutthrough
+ result: cutthrough
+expanding: ${if eq {SERVER}{server}{queue}{cutthrough}}
+ result: cutthrough
+using ACL "cutthrough"
+processing "accept"
+check control = cutthrough_delivery
+check verify = recipient
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+----------- end verify ------------
+accept: condition test succeeded in ACL "cutthrough"
+----------- start cutthrough setup ------------
+domain.com in "test.ex : *.test.ex"? no (end of list)
+domain.com in "! +local_domains"? yes (end of list)
+expanding: $local_part
+ result: usery
+domain.com in "*"? yes (matched "*")
+Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected
+expanding: $primary_hostname
+ result: myhost.test.ex
+ SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+127.0.0.1 in hosts_avoid_esmtp? no (option unset)
+ SMTP>> EHLO myhost.test.ex
+ SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4]
+ 250-SIZE 52428800
+ 250-8BITMIME
+ 250-PIPELINING
+ 250-STARTTLS
+ 250 HELP
+expanding: $address_data
+ result: usery
+expanding: usery
+ result: usery
+condition: eq {$address_data}{usery}
+ result: true
+expanding: *
+ result: *
+expanding: :
+ result: :
+skipping: result is not used
+expanding: ${if eq {$address_data}{usery}{*}{:}}
+ result: *
+127.0.0.1 in hosts_avoid_tls? yes (matched "*")
+127.0.0.1 in hosts_require_auth? no (option unset)
+ SMTP>> MAIL FROM:<CALLER@myhost.test.ex>
+ SMTP<< 250 OK
+ SMTP>> RCPT TO:<usery@domain.com>
+ SMTP<< 250 Accepted
+----------- end cutthrough setup ------------
+processing "accept"
+accept: condition test succeeded in inline ACL
+ SMTP>> DATA
+ SMTP<< 354 Enter message, ending with "." on a line by itself
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+condition: def:sender_rcvhost
+ result: false
+expanding: from $sender_rcvhost
+
+ result: from
+
+skipping: result is not used
+condition: def:sender_ident
+ result: true
+expanding: $sender_ident
+ result: CALLER
+expanding: from ${quote_local_part:$sender_ident}
+ result: from CALLER
+condition: def:sender_helo_name
+ result: true
+expanding: (helo=$sender_helo_name)
+
+ result: (helo=myhost.test.ex)
+
+expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
+ }}
+ result: from CALLER (helo=myhost.test.ex)
+
+condition: def:received_protocol
+ result: true
+expanding: with $received_protocol
+ result: with local-esmtp
+condition: def:sender_address
+ result: true
+expanding: (envelope-from <$sender_address>)
+
+ result: (envelope-from <CALLER@myhost.test.ex>)
+
+condition: def:received_for
+ result: true
+expanding:
+ for $received_for
+ result:
+ for usery@domain.com
+PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+expanding: ${tod_full}
+ result: Tue, 2 Mar 1999 09:44:33 +0000
+ SMTP>> .
+ SMTP<< 250 OK id=10HmbB-0005vi-00
+LOG: MAIN
+ >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00"
+ SMTP>> QUIT
+----------- cutthrough shutdown (delivered) ------------
+LOG: MAIN
+ <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss
+LOG: MAIN
+ Completed
+LOG: smtp_connection MAIN
+ SMTP connection from CALLER closed by QUIT
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
+
+******** SERVER ********
--- /dev/null
+
+******** SERVER ********
--- /dev/null
+
+******** SERVER ********
--- /dev/null
+
+******** SERVER ********
locking TESTSUITE/spool/db/retry.lockfile
locking TESTSUITE/spool/db/wait-t1.lockfile
LOG: MAIN
- => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]
+ => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00"
LOG: MAIN
Completed
Exim version x.yz ....
> reduce: 6
> reduce: 9
>
+> listnamed: *.aa.bb : ^\Nxxx(.*)
+> listnamed: *.aa.bb : ^\Nxxx(.*)
+> listnamed: V4NET.11.12.13 : iplsearch;TESTSUITE/aux-fixed/0002.iplsearch
+> listnamed: *.aa.bb : ^\Nxxx(.*) : ;;
+> listnamed: a : b;c : *.aa.bb : ^\Nxxx(.*) : ;; : 2001::630::212::8::204::::b664
+> Failed: "nolist" is not a named list
+> listnamed: *.aa.bb : ^\Nxxx(.*)
+> Failed: "hlist" is not a domain named list
+> Failed: bad suffix on "list" operator
+>
+> listcount: 3
+> listcount: 0
+> listcount: 3
+> listcount: 2
+>
> # Tests with iscntrl() and illegal separators
>
> map: 'a'
>
> # Operators
>
+> Failed: missing or misplaced { or }
+> Failed: missing or misplaced { or }
+> Failed: error from acl "a_nosuch"
+> acl: (0) [] []
+> acl: (1) [person@dom.ain] []
+> acl: (2) [firstarg] [secondarg]
+> acl: (1) [arg with spaces] []
+> acl:
+> acl:
+> acl: (0) [] []
+> acl: (1) [person@dom.ain] []
+> Failed: error from acl "a_defer"
+> acl: (2) [new arg1] [top_arg_1]
+> acl: (1) [1] [] (1) [2] [] (1) [3] [] (1) [4] []
+>
> addrss: local-part@dom.ain
> addrss: local-part@dom.ain
> domain: dom.ain
> md5: NO
> mask: NO
>
+> # Number suffixes in conditions
+> 1k: y
+> 1K: y
+> 1M: y
+> 1G: y
+>
> # Numeric overflow
> # >32b should work, >64b not
>
> queue_running after or: y
> first_delivery after or: y
>
+> # acl expansion condition
+> acl if: Y:(0) [] []
+> acl if: Y:(1) [argY] []
+> acl if: N:(2) [argN] [arg2]
+> Failed: error from acl "a_defer"
+>
> # Default values for both if strings
>
> ${if eq{1}{1}} >true<
> match_ip: 15
> match_ip: 16
>
+> in list
+> in list
+>
550 Sender verify failed\r
250 Reset OK\r
250 OK\r
+550-Verification failed for <"unknown with spaces"@test.ex>\r
+550-Unrouteable address\r
+550 Sender verify failed\r
+250 Reset OK\r
+250 OK\r
250 Accepted\r
354 Enter message, ending with "." on a line by itself\r
550 Administrative prohibition\r
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
550 Error for <>
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
550-Multiline error for <>
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
550 REJECT MAIL FROM
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<somesender@a.domain>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<postmaster@myhost.test.ex>
250 OK
command = /x/y
environment =
escape_string =
+no_force_command
no_freeze_exec_fail
no_freeze_signal
no_ignore_status
command = /x/y
environment =
escape_string =
+no_force_command
no_freeze_exec_fail
no_freeze_signal
no_ignore_status
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO mail.test.ex
+EHLO mail.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO mail.test.ex
+EHLO mail.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO mail.test.ex
+EHLO mail.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO mail.test.ex
+EHLO mail.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [ip4.ip4.ip4.ip4]
220 Server ready
-HELO mail.test.ex
+EHLO mail.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO mail.test.ex
+EHLO mail.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
*sleep 2
Expected EOF read from client
End of script
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO the.local.host.name
+EHLO the.local.host.name
250 OK
MAIL FROM:<s1@test.ex>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO the.local.host.name
+EHLO the.local.host.name
250 OK
MAIL FROM:<s2@test.ex>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO the.local.host.name
+EHLO the.local.host.name
250 OK
MAIL FROM:<s3@other.ex>
550 NOTOK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO the.local.host.name
+EHLO the.local.host.name
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO the.local.host.name
+EHLO the.local.host.name
250 OK
MAIL FROM:<postmaster@the.local.host.name>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 server ready
-HELO the.local.host.name
+EHLO the.local.host.name
250 OK
MAIL FROM:<x9@test.ex>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 server ready
-HELO the.local.host.name
+EHLO the.local.host.name
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO the.local.host.name
+EHLO the.local.host.name
250 OK
MAIL FROM:<postmaster@the.local.host.name>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Server ready
-HELO the.local.host.name
+EHLO the.local.host.name
250 OK
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<>
250 OK
220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250 OK\r
-550-Verification failed for <unknown@x.x.x.x>\r
-550-Called: 127.0.0.1\r
-550-Sent: RCPT TO:<unknown@x.x.x.x>\r
-550-Response: 550 unrouteable address\r
-550 Sender verify failed\r
+451 Could not complete sender verify callout\r
221 myhost.test.ex closing connection\r
-
-******** SERVER ********
-Listening on port 1224 ...
-Connection request from [127.0.0.1]
-220 Welcome
-HELO myhost.test.ex
-250 Hi
-MAIL FROM:<>
-250 OK
-RCPT TO:<unknown@x.x.x.x>
-550 unrouteable address
-QUIT
-221 Bye
-End of script
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<>
550 I'm misconfigured
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<userx@ok.example>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO localhost
+EHLO localhost
250 Hi
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO aname
+EHLO aname
250 Hi
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<>
250 OK
Listening on port 1224 ...
Connection request from [127.0.0.1]
220 Welcome
-HELO myhost.test.ex
+EHLO myhost.test.ex
250 Hi
MAIL FROM:<>
250 OK
--- /dev/null
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+550 SIZE value too big\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+550 SIZE value too big\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaX-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaY-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaZ-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at Testing\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+501 invalid data for BODY\r
+503 sender not yet given\r
+503-All RCPT commands were rejected with this error:\r
+503-503 sender not yet given\r
+503 Valid RCPT command must precede DATA\r
+500 unrecognized command\r
+500 unrecognized command\r
+500-unrecognized command\r
+500 Too many syntax or protocol errors\r
--- /dev/null
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250 OK\r
+250 Accepted\r
+550 Administrative prohibition\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaX-0005vi-00\r
+221 myhost.test.ex closing connection\r
+451 Temporary local problem - please try later\r
--- /dev/null
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at the.client\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-AUTH PLAIN\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at the.client\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-AUTH PLAIN\r
+250 HELP\r
+235 Authentication succeeded\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at the.client\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-AUTH PLAIN\r
+250 HELP\r
+235 Authentication succeeded\r
+250 OK\r
+250 Accepted\r
+221 myhost.test.ex closing connection\r
+
+******** SERVER ********
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Welcome
+EHLO myhost.test.ex
+250-wotcher mate
+250-AUTH PLAIN
+250 Hi
+AUTH PLAIN AHVzZXJ4AHNlY3JldA==
+250 Oh alright then
+MAIL FROM:<> AUTH=brian
+250 OK
+RCPT TO:<abc@force>
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Welcome
+EHLO myhost.test.ex
+250-wotcher mate
+250-AUTH PLAIN
+250 Hi
+AUTH PLAIN AHVzZXJ4AHNlY3JldA==
+250 Oh alright then
+MAIL FROM:<> AUTH=freddy
+250 OK
+RCPT TO:<abc@normal>
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Welcome
+EHLO myhost.test.ex
+250-wotcher mate
+250-AUTH PLAIN
+250 Hi
+AUTH PLAIN AHVzZXJ4AHNlY3JldA==
+250 Oh alright then
+MAIL FROM:<> AUTH=brian
+250 OK
+RCPT TO:<def@force>
+250 OK
+QUIT
+250 OK
+End of script
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+Succeeded in starting TLS
+>>> mail from:<"name with spaces"@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<CALLER@test.ex>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 3
+<<< 354 Enter message, ending with "." on a line by itself
+>>> This is a test encrypted message.
+>>> .
+??? 250
+<<< 250 OK id=10HmaY-0005vi-00
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> This is a test encrypted message from a verified host.
>>> .
??? 250
-<<< 250 OK id=10HmaY-0005vi-00
+<<< 250 OK id=10HmaZ-0005vi-00
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
??? 221
<<< 221 myhost.test.ex closing connection
End of script
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL info: before/connect initialization
+SSL info: before/connect initialization
+SSL info: SSLv2/v3 write client hello A
+SSL info: SSLv3 read server hello A
+SSL info: SSLv3 read server certificate A
+SSL info: SSLv3 read server key exchange A
+SSL info: SSLv3 read server done A
+SSL info: SSLv3 write client key exchange A
+SSL info: SSLv3 write change cipher spec A
+SSL info: SSLv3 write finished A
+SSL info: SSLv3 flush data
+SSL info: SSLv3 read server session ticket A
+SSL info: SSLv3 read finished A
+SSL info: SSL negotiation finished successfully
+SSL info: SSL negotiation finished successfully
+SSL connection using AES256-SHA
+Succeeded in starting TLS
+>>> mail from:<"name with spaces"@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<CALLER@test.ex>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 3
+<<< 354 Enter message, ending with "." on a line by itself
+>>> This is a test encrypted message.
+>>> .
+??? 250
+<<< 250 OK id=10HmaY-0005vi-00
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
??? 220
<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
>>> This is a test encrypted message from a verified host.
>>> .
??? 250
-<<< 250 OK id=10HmaY-0005vi-00
+<<< 250 OK id=10HmaZ-0005vi-00
>>> quit
??? 221
<<< 221 myhost.test.ex closing connection
> ptr=V6NET:0:12:1:a00:20ff:fe86:a062 testptr-arpa.ipv6.test.ex
> ptr=V6NET:0:12:1:a00:20ff:fe86:a062 testptr-arpa.ipv6.test.ex
>
+> a=46.test.ex V4NET.0.0.4
+> aaaa=46.test.ex V6NET:ffff:836f:a00:a:800:200a:c031
+> a+=46.test.ex V6NET:ffff:836f:a00:a:800:200a:c031;V4NET.0.0.4
+>
a1 authenticator:
client_condition =
+client_set_id =
driver = plaintext
public_name = PLAIN
server_advertise_condition =
a2 authenticator:
client_condition =
+client_set_id =
driver = plaintext
public_name = PLAIN
server_advertise_condition =
a3 authenticator:
client_condition =
+client_set_id =
driver = plaintext
public_name = LOGIN
server_advertise_condition =
a4 authenticator:
client_condition =
+client_set_id =
driver = plaintext
public_name = LOGIN
server_advertise_condition =
SSL info: SSLv3 read finished A
SSL info: SSL negotiation finished successfully
SSL info: SSL negotiation finished successfully
-SSL connection using DHE-RSA-AES256-SHA
+SSL connection using AES256-SHA
Succeeded in starting TLS
>>> ehlo foobar
??? 250-
SSL info: SSLv3 read finished A
SSL info: SSL negotiation finished successfully
SSL info: SSL negotiation finished successfully
-SSL connection using DHE-RSA-AES256-SHA
+SSL connection using AES256-SHA
Succeeded in starting TLS
>>> auth plain AHVzZXJ4AHNlY3JldA==
??? 503
SSL info: SSLv3 read finished A
SSL info: SSL negotiation finished successfully
SSL info: SSL negotiation finished successfully
-SSL connection using DHE-RSA-AES256-SHA
+SSL connection using AES256-SHA
Succeeded in starting TLS
>>> ehlo foobar
??? 250-myhost
--- /dev/null
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaX-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaY-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaZ-0005vi-00\r
+221 myhost.test.ex closing connection\r
+
+******** SERVER ********
+Listening on port 1224 ...
+Connection request from [ip4.ip4.ip4.ip4]
+220 ESMTP
+EHLO myhost.test.ex
+250 OK
+MAIL FROM:<CALLER@myhost.test.ex>
+250 Sender OK
+RCPT TO:<userx@domain.com>
+250 Recipient OK
+DATA
+354 Send data
+Received: from CALLER (helo=myhost.test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaX-0005vi-00
+ for userx@domain.com; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+.
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [ip4.ip4.ip4.ip4]
+220 SMTP only spoken here
+EHLO myhost.test.ex
+550 Not here, mate
+HELO myhost.test.ex
+250 OK
+MAIL FROM:<CALLER@myhost.test.ex>
+250 Sender OK
+RCPT TO:<userz@domain.com>
+250 Recipient OK
+DATA
+354 Send data
+Received: from CALLER (helo=myhost.test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaY-0005vi-00
+ for userz@domain.com; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+.
+250 OK
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [ip4.ip4.ip4.ip4]
+220 ESMTP
+EHLO myhost.test.ex
+250 OK
+MAIL FROM:<CALLER@myhost.test.ex>
+250 Sender OK
+RCPT TO:<usery@domain.com>
+250 Recipient OK
+QUIT
+Expected EOF read from client
+Listening on port 1224 ...
+Connection request from [ip4.ip4.ip4.ip4]
+220 ESMTP
+EHLO myhost.test.ex
+250 OK
+MAIL FROM:<CALLER@myhost.test.ex>
+250 Sender OK
+RCPT TO:<usery@domain.com>
+250 Recipient OK
+RCPT TO:<userx@domain.com>
+250 Recipient OK
+DATA
+354 Send data
+Received: from CALLER (helo=myhost.test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaZ-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaZ-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+.
+250 OK
+QUIT
+250 OK
+End of script
--- /dev/null
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaX-0005vi-00\r
+221 myhost.test.ex closing connection\r
+
+******** SERVER ********
+Listening on port 1224 ...
+Connection request from [ip4.ip4.ip4.ip4]
+220 ESMTP
+EHLO myhost.test.ex
+250 OK
+MAIL FROM:<CALLER@myhost.test.ex>
+250 Sender OK
+RCPT TO:<userx@domain.com>
+250 Recipient OK
+DATA
+354 Send data
+Received: from CALLER (helo=myhost.test.ex)
+ by myhost.test.ex with local-esmtp (Exim x.yz)
+ (envelope-from <CALLER@myhost.test.ex>)
+ id 10HmaX-0005vi-00
+ for userx@domain.com; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+.
+250 OK
+QUIT
+250 OK
+End of script
--- /dev/null
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-STARTTLS\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaY-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-STARTTLS\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmbA-0005vi-00\r
+221 myhost.test.ex closing connection\r
--- /dev/null
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-STARTTLS\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaY-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-STARTTLS\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmbA-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-STARTTLS\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmbC-0005vi-00\r
+221 myhost.test.ex closing connection\r
--- /dev/null
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-STARTTLS\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmaY-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-STARTTLS\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmbA-0005vi-00\r
+221 myhost.test.ex closing connection\r
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
+250-myhost.test.ex Hello CALLER at myhost.test.ex\r
+250-SIZE 52428800\r
+250-8BITMIME\r
+250-PIPELINING\r
+250-STARTTLS\r
+250 HELP\r
+250 OK\r
+250 Accepted\r
+354 Enter message, ending with "." on a line by itself\r
+250 OK id=10HmbC-0005vi-00\r
+221 myhost.test.ex closing connection\r
--- /dev/null
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-PRDR
+<<< 250-PRDR
+??? 250
+<<< 250 HELP
+>>> mail from:<> PRDR
+??? 250
+<<< 250 OK, PRDR Requested
+>>> rcpt to:<userx@test.ex>
+??? 250
+<<< 250 Accepted
+>>> rcpt to:<usery@test.ex>
+??? 250
+<<< 250 Accepted
+>>> rcpt to:<userz@test.ex>
+??? 250
+<<< 250 Accepted
+>>> data
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> Sender: sender@some.where
+>>> .
+??? 353
+<<< 353 PRDR content analysis beginning
+??? 250
+<<< 250 PRDR R=<userx@test.ex> acceptance
+??? 450
+<<< 450 PRDR R=<usery@test.ex> temporary refusal
+??? 550
+<<< 550 PRDR R=<userz@test.ex> refusal
+??? 250
+<<< 250 id=10HmaY-0005vi-00 message accepted for some recipients
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-PRDR
+<<< 250-PRDR
+??? 250
+<<< 250 HELP
+>>> mail from:<> PRDR
+??? 250
+<<< 250 OK, PRDR Requested
+>>> rcpt to:<userp@test.ex>
+??? 250
+<<< 250 Accepted
+>>> rcpt to:<userq@test.ex>
+??? 250
+<<< 250 Accepted
+>>> data
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> Sender: sender@some.where
+>>> .
+??? 353
+<<< 353 PRDR content analysis beginning
+??? 250
+<<< 250 PRDR R=<userp@test.ex> acceptance
+??? 250
+<<< 250 PRDR R=<userq@test.ex> acceptance
+??? 550
+<<< 550 Administrative prohibition
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-PRDR
+<<< 250-PRDR
+??? 250
+<<< 250 HELP
+>>> mail from:<> PRDR
+??? 250
+<<< 250 OK, PRDR Requested
+>>> rcpt to:<user1@test.ex>
+??? 250
+<<< 250 Accepted
+>>> data
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> Sender: sender@some.where
+>>> .
+??? 250
+<<< 250 OK id=10HmaZ-0005vi-00
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-PRDR
+<<< 250-PRDR
+??? 250
+<<< 250 HELP
+>>> mail from:<> PRDR
+??? 250
+<<< 250 OK, PRDR Requested
+>>> rcpt to:<usery@test.ex>
+??? 250
+<<< 250 Accepted
+>>> rcpt to:<usery@test.ex>
+??? 250
+<<< 250 Accepted
+>>> data
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> Sender: sender@some.where
+>>> .
+??? 353
+<<< 353 PRDR content analysis beginning
+??? 450
+<<< 450 PRDR R=<usery@test.ex> temporary refusal
+??? 450
+<<< 450 PRDR R=<usery@test.ex> temporary refusal
+??? 250
+<<< 250 id=10HmbA-0005vi-00 message accepted for some recipients
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-PRDR
+<<< 250-PRDR
+??? 250
+<<< 250 HELP
+>>> mail from:<> PRDR
+??? 250
+<<< 250 OK, PRDR Requested
+>>> rcpt to:<userz@test.ex>
+??? 250
+<<< 250 Accepted
+>>> rcpt to:<userz@test.ex>
+??? 250
+<<< 250 Accepted
+>>> data
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> Sender: sender@some.where
+>>> .
+??? 353
+<<< 353 PRDR content analysis beginning
+??? 550
+<<< 550 PRDR R=<userz@test.ex> refusal
+??? 550
+<<< 550 PRDR R=<userz@test.ex> refusal
+??? 550
+<<< 550 id=10HmbB-0005vi-00 message rejected for all recipients
+>>> quit
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
--- /dev/null
+
+******** SERVER ********
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-
+250-PRDR
+250 OK
+MAIL FROM:<userx@test.ex> PRDR
+250 OK
+RCPT TO:<usery@test.ex>
+250 OK
+RCPT TO:<userz@test.ex>
+250 OK
+DATA
+300 gimme yer body
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <userx@test.ex>)
+ id 10HmaX-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+From: userx@test.ex
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+Some message text.
+.
+353 prdr responses coming up
+250 first rcpt was good
+250 second rcpt was good
+250 OK, overall
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-
+250-PRDR
+250 OK
+MAIL FROM:<userx@test.ex> PRDR
+250 OK
+RCPT TO:<user2.1@test.ex>
+250 OK
+RCPT TO:<user2.2@test.ex>
+250 OK
+DATA
+300 gimme that body
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <userx@test.ex>)
+ id 10HmaY-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
+From: userx@test.ex
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+Some message text.
+.
+250 OK got that
+QUIT
+250 OK, bye
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-
+250-PRDR
+250 OK
+MAIL FROM:<userx@test.ex> PRDR
+250 OK
+RCPT TO:<usery@test.ex>
+250 OK
+RCPT TO:<userz@test.ex>
+250 OK
+DATA
+300 gimme yer body
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ (envelope-from <userx@test.ex>)
+ id 10HmaZ-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaZ-0005vi-00@myhost.test.ex>
+From: userx@test.ex
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+Some message text.
+.
+353 prdr responses coming up
+250 first rcpt was good
+450 cannot handle second rcpt right now
+250 OK, overall
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-
+250-PRDR
+250 OK
+MAIL FROM:<> PRDR
+250 OK
+RCPT TO:<userp@test.ex>
+250 OK
+RCPT TO:<userq@test.ex>
+250 OK
+DATA
+300 gimme yer body
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ id 10HmbA-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmbA-0005vi-00@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+Some message text.
+.
+353 prdr responses coming up
+250 first rcpt was good
+550 second rcpt does not like content
+250 OK, overall
+Unexpected EOF read from client
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-
+250-PRDR
+250 OK
+MAIL FROM:<> PRDR
+250 OK
+RCPT TO:<user5.1@test.ex>
+250 OK
+RCPT TO:<user5.2@test.ex>
+250 OK
+DATA
+300 yeah baby
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ id 10HmbB-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmbB-0005vi-00@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+text
+.
+353 prdr responses coming up
+250 first rcpt was good
+250 second rcpt was good
+550 oops, overall rejection
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-
+250-PRDR
+250 OK
+MAIL FROM:<> PRDR
+250 OK
+RCPT TO:<user6.1@test.ex>
+250 OK
+RCPT TO:<user6.2@test.ex>
+250 OK
+DATA
+300 yeah baby
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ id 10HmbC-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmbC-0005vi-00@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+text
+.
+550 naah mate
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-
+250-PRDR
+250 OK
+MAIL FROM:<> PRDR
+250 OK
+RCPT TO:<user7.1@test.ex>
+250 OK
+RCPT TO:<user7.2@test.ex>
+250 OK
+RCPT TO:<user7.3@test.ex>
+250 OK
+DATA
+300 go ahead
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ id 10HmbD-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmbD-0005vi-00@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+text
+.
+353 prdr responses coming up
+250 first rcpt does not like you
+250 second rcpt has a temporary problem
+250 third rcpt is ok
+450 oops, try again later please
+QUIT
+250 OK
+End of script
+Listening on port 1224 ...
+Connection request from [127.0.0.1]
+220 Server ready
+EHLO myhost.test.ex
+250-
+250-PRDR
+250 OK
+MAIL FROM:<>
+250 OK
+RCPT TO:<user8.1@test.ex>
+250 OK
+DATA
+300 go ahead
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+ id 10HmbE-0005vi-00
+ for user8.1@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmbE-0005vi-00@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+text
+.
+250 OK, got that
+QUIT
+250 OK, bye
+End of script
--- /dev/null
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/cert2
+Key file = aux-fixed/cert2
+??? 220
+<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL info: before/connect initialization
+SSL info: before/connect initialization
+SSL info: SSLv2/v3 write client hello A
+SSL info: SSLv3 read server hello A
+SSL info: SSLv3 read server certificate A
+Response verify OK
+SSL info: unknown state
+SSL info: SSLv3 read server key exchange A
+SSL info: SSLv3 read server certificate request A
+SSL info: SSLv3 read server done A
+SSL info: SSLv3 write client certificate A
+SSL info: SSLv3 write client key exchange A
+SSL info: SSLv3 write certificate verify A
+SSL info: SSLv3 write change cipher spec A
+SSL info: SSLv3 write finished A
+SSL info: SSLv3 flush data
+SSL info: SSLv3 read server session ticket A
+SSL info: SSLv3 read finished A
+SSL info: SSL negotiation finished successfully
+SSL info: SSL negotiation finished successfully
+SSL connection using AES256-SHA
+Succeeded in starting TLS
+>>> mail from:<userx@test.ex>
+??? 250
+<<< 250 OK
+>>> rcpt to:<userx@test.ex>
+??? 250
+<<< 250 Accepted
+>>> quit
+??? 221
+<<< 221 server1.example.com closing connection
+End of script
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/cert2
+Key file = aux-fixed/cert2
+??? 220
+<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL info: before/connect initialization
+SSL info: before/connect initialization
+SSL info: SSLv2/v3 write client hello A
+no response received
+SSL info: SSLv3 read server hello A
+SSL info: SSLv3 read server certificate A
+SSL info: SSLv3 read server key exchange A
+SSL info: SSLv3 read server certificate request A
+SSL info: SSLv3 read server done A
+SSL info: SSLv3 write client certificate A
+SSL info: SSLv3 write client key exchange A
+SSL info: SSLv3 write certificate verify A
+SSL info: SSLv3 write change cipher spec A
+SSL info: SSLv3 write finished A
+SSL info: SSLv3 flush data
+SSL info: SSLv3 read server session ticket A
+SSL info: SSLv3 read finished A
+SSL info: SSL negotiation finished successfully
+SSL info: SSL negotiation finished successfully
+SSL connection using AES256-SHA
+Succeeded in starting TLS
+End of script
+Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected
+Certificate file = aux-fixed/cert2
+Key file = aux-fixed/cert2
+??? 220
+<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> ehlo rhu.barb
+??? 250-
+<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4]
+??? 250-
+<<< 250-SIZE 52428800
+??? 250-
+<<< 250-8BITMIME
+??? 250-
+<<< 250-PIPELINING
+??? 250-
+<<< 250-STARTTLS
+??? 250
+<<< 250 HELP
+>>> starttls
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL info: before/connect initialization
+SSL info: before/connect initialization
+SSL info: SSLv2/v3 write client hello A
+no response received
+SSL info: SSLv3 read server hello A
+SSL info: SSLv3 read server certificate A
+SSL info: SSLv3 read server key exchange A
+SSL info: SSLv3 read server certificate request A
+SSL info: SSLv3 read server done A
+SSL info: SSLv3 write client certificate A
+SSL info: SSLv3 write client key exchange A
+SSL info: SSLv3 write certificate verify A
+SSL info: SSLv3 write change cipher spec A
+SSL info: SSLv3 write finished A
+SSL info: SSLv3 flush data
+SSL info: SSLv3 read server session ticket A
+SSL info: SSLv3 read finished A
+SSL info: SSL negotiation finished successfully
+SSL info: SSL negotiation finished successfully
+SSL connection using AES256-SHA
+Succeeded in starting TLS
+End of script
git://git.exim.org / users / jgh / exim.git / commitdiff