From: Jeremy Harris Date: Sun, 30 Jun 2013 16:02:05 +0000 (+0100) Subject: Merge branch 'master' into transp_logging_1031 X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/35e4802b4bdf92823c4813e61d9e6ddf5162f8ca?hp=f9850c6c4851862a66f6ce58bb9ac19ddac7895c Merge branch 'master' into transp_logging_1031 Conflicts: doc/doc-txt/experimental-spec.txt src/src/EDITME src/src/deliver.c src/src/exim.c --- diff --git a/.gitignore b/.gitignore index a7bbb6cda..094ad9696 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,6 @@ exim-packaging-* *~ *.bak .*.swp +0*.patch +*.orig +*.rej diff --git a/doc/doc-docbook/.gitignore b/doc/doc-docbook/.gitignore index 3bdbb25eb..fdcaf8b27 100644 --- a/doc/doc-docbook/.gitignore +++ b/doc/doc-docbook/.gitignore @@ -1,6 +1,9 @@ +spec*.html spec*.xml spec.ps spec.pdf +spec.txt filter*.xml filter.ps filter.pdf +local_params diff --git a/doc/doc-docbook/Makefile b/doc/doc-docbook/Makefile index f39c01208..07eb322fa 100644 --- a/doc/doc-docbook/Makefile +++ b/doc/doc-docbook/Makefile @@ -23,10 +23,22 @@ exim.8: spec.xml x2man ######################################################################## +.PHONY: local_params +local_params: + echo .macro version > $@ + echo $(EXIM_VER) >> $@ + echo .endmacro >> $@ + echo .macro fulldate >> $@ + date "+%d %b %Y" >> $@ + echo .endmacro >> $@ + echo .macro year >> $@ + date "+%Y" >> $@ + echo .endmacro >> $@ + ############################### FILTER ################################# -filter.xml: filter.xfpt +filter.xml: local_params filter.xfpt xfpt filter.xfpt filter-pr.xml: filter.xml Pre-xml @@ -104,7 +116,7 @@ filter.info: filter-info.xml ################################ SPEC ################################## -spec.xml: spec.xfpt +spec.xml: local_params spec.xfpt xfpt spec.xfpt spec-pr.xml: spec.xml Pre-xml @@ -282,7 +294,8 @@ os-fixup: clean:; /bin/rm -rf exim.8 \ filter*.xml spec*.xml test*.xml \ - *.fo *.html *.pdf *.ps \ + *.fo *.pdf *.ps \ + filter*.html spec*.html test*.html \ filter*.txt spec*.txt test*.txt \ *.info* *.texinfo *.texi diff --git a/doc/doc-docbook/filter.xfpt b/doc/doc-docbook/filter.xfpt index f235a278d..b40e4e259 100644 --- a/doc/doc-docbook/filter.xfpt +++ b/doc/doc-docbook/filter.xfpt @@ -8,6 +8,7 @@ .include stdflags .include stdmacs +.include ./local_params .docbook . ///////////////////////////////////////////////////////////////////////////// @@ -44,6 +45,13 @@ .endmacro . =========================================================================== +. Copyright year. Update this (only) when changing content. + +.macro copyyear +2010 +.endmacro + +. =========================================================================== . ///////////////////////////////////////////////////////////////////////////// . ///////////////////////////////////////////////////////////////////////////// @@ -59,15 +67,23 @@ Exim's interfaces to mail filtering Exim filtering -23 November 2009 + +.fulldate + PhilipHazel PH - 4.80 - 17 May 2012 + +.version + + +.fulldate + PH -2010University of Cambridge + +.copyyear + University of Cambridge .literal off @@ -77,8 +93,8 @@ .chapter "Forwarding and filtering in Exim" "CHAPforandfilt" This document describes the user interfaces to Exim's in-built mail filtering -facilities, and is copyright © University of Cambridge 2007. It -corresponds to Exim version 4.80. +facilities, and is copyright © University of Cambridge ©year(). It +corresponds to Exim version &version(). diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index ae1f7df03..29214e3e1 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -41,16 +41,19 @@ .book . ///////////////////////////////////////////////////////////////////////////// -. These definitions set some parameters and save some typing. Remember that -. the element must also be updated for each new edition. +. These definitions set some parameters and save some typing. +. Update the Copyright year (only) when changing content. . ///////////////////////////////////////////////////////////////////////////// -.set previousversion "4.75" -.set version "4.80" +.set previousversion "4.80" +.include ./local_params .set ACL "access control lists (ACLs)" .set I "    " +.macro copyyear +2012 +.endmacro . ///////////////////////////////////////////////////////////////////////////// . Additional xfpt markup used by this document, over and above the default @@ -170,15 +173,23 @@ Specification of the Exim Mail Transfer Agent The Exim MTA -17 May 2012 + +.fulldate + EximMaintainers EM - 4.80 - 17 May 2012 + +.version + + +.fulldate + EM -2012University of Cambridge + +.copyyear + University of Cambridge .literal off @@ -367,7 +378,7 @@ contributors. .new .cindex "documentation" -This edition of the Exim specification applies to version &version; of Exim. +This edition of the Exim specification applies to version &version() of Exim. Substantive changes from the &previousversion; edition are marked in some renditions of the document; this paragraph is so marked if the rendition is capable of showing a change indicator. @@ -533,10 +544,23 @@ The &_.bz2_& file is usually a lot smaller than the &_.gz_& file. .cindex "distribution" "signing details" .cindex "distribution" "public key" .cindex "public key for signed distribution" -The distributions are currently signed with Nigel Metheringham's GPG key. The -corresponding public key is available from a number of keyservers, and there is -also a copy in the file &_nigel-pubkey.asc_&. The signatures for the tar bundles are -in: +.new +The distributions will be PGP signed by an individual key of the Release +Coordinator. This key will have a uid containing an email address in the +&'exim.org'& domain and will have signatures from other people, including +other Exim maintainers. We expect that the key will be in the "strong set" of +PGP keys. There should be a trust path to that key from Nigel Metheringham's +PGP key, a version of which can be found in the release directory in the file +&_nigel-pubkey.asc_&. All keys used will be available in public keyserver pools, +such as &'pool.sks-keyservers.net'&. + +At time of last update, releases were being made by Phil Pennock and signed with +key &'0x403043153903637F'&, although that key is expected to be replaced in 2013. +A trust path from Nigel's key to Phil's can be observed at +&url(https://www.security.spodhuis.org/exim-trustpath). +.wen + +The signatures for the tar bundles are in: .display &_exim-n.nn.tar.gz.asc_& &_exim-n.nn.tar.bz2.asc_& @@ -722,6 +746,7 @@ the Exim documentation, &"spool"& is always used in the first sense. .cindex "incorporated code" .cindex "regular expressions" "library" .cindex "PCRE" +.cindex "OpenDMARC" A number of pieces of external code are included in the Exim distribution. .ilist @@ -846,6 +871,14 @@ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .endblockquote +.next +.cindex "opendmarc" "acknowledgment" +The DMARC implementation uses the OpenDMARC library which is Copyrighted by +The Trusted Domain Project. Portions of Exim source which use OpenDMARC +derived code are indicated in the respective source files. The full OpenDMARC +license is provided in the LICENSE.opendmarc file contained in the distributed +source code. + .next Many people have contributed code fragments, some large, some small, that were not covered by any specific licence requirements. It is assumed that the @@ -1348,6 +1381,8 @@ Setting the &%verify%& option actually sets two options, &%verify_sender%& and &%verify_recipient%&, which independently control the use of the router for sender and recipient verification. You can set these options directly if you want a router to be used for only one type of verification. +Note that cutthrough delivery is classed as a recipient verification +for this purpose. .next If the &%address_test%& option is set false, the router is skipped when Exim is run with the &%-bt%& option to test an address routing. This can be helpful @@ -1357,6 +1392,7 @@ having to simulate the effect of the scanner. .next Routers can be designated for use only when verifying an address, as opposed to routing it for delivery. The &%verify_only%& option controls this. +Again, cutthrough delibery counts as a verification. .next Individual routers can be explicitly skipped when running the routers to check an address given in the SMTP EXPN command (see the &%expn%& option). @@ -1602,7 +1638,7 @@ for only a short time (see &%timeout_frozen_after%& and .section "Unpacking" "SECID23" Exim is distributed as a gzipped or bzipped tar file which, when unpacked, creates a directory with the name of the current release (for example, -&_exim-&version;_&) into which the following files are placed: +&_exim-&version()_&) into which the following files are placed: .table2 140pt .irow &_ACKNOWLEDGMENTS_& "contains some acknowledgments" @@ -1647,7 +1683,6 @@ architecture and operating system for itself, but the defaults can be overridden if necessary. -.new .section "PCRE library" "SECTpcre" .cindex "PCRE library" Exim no longer has an embedded PCRE library as the vast majority of @@ -1662,7 +1697,6 @@ If your operating system has no PCRE support then you will need to obtain and build the current PCRE from &url(ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/). More information on PCRE is available at &url(http://www.pcre.org/). -.wen .section "DBM libraries" "SECTdb" .cindex "DBM libraries" "discussion of" @@ -1873,14 +1907,12 @@ SUPPORT_TLS=yes TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto TLS_INCLUDE=-I/usr/local/openssl/include/ .endd -.new .cindex "pkg-config" "OpenSSL" If you have &'pkg-config'& available, then instead you can just use: .code SUPPORT_TLS=yes USE_OPENSSL_PC=openssl .endd -.wen .cindex "USE_GNUTLS" If GnuTLS is installed, you should set .code @@ -1896,7 +1928,6 @@ USE_GNUTLS=yes TLS_LIBS=-L/usr/gnu/lib -lgnutls -ltasn1 -lgcrypt TLS_INCLUDE=-I/usr/gnu/include .endd -.new .cindex "pkg-config" "GnuTLS" If you have &'pkg-config'& available, then instead you can just use: .code @@ -1904,7 +1935,6 @@ SUPPORT_TLS=yes USE_GNUTLS=yes USE_GNUTLS_PC=gnutls .endd -.wen You do not need to set TLS_INCLUDE if the relevant directory is already specified in INCLUDE. Details of how to configure Exim to make use of TLS are @@ -1942,7 +1972,7 @@ in your &_/etc/hosts.allow_& file allows connections from the local host, from the subnet 192.168.1.0/24, and from all hosts in &'friendly.domain.example'&. All other connections are denied. The daemon name used by &'tcpwrappers'& can be changed at build time by setting TCP_WRAPPERS_DAEMON_NAME in -in &_Local/Makefile_&, or by setting tcp_wrappers_daemon_name in the +&_Local/Makefile_&, or by setting tcp_wrappers_daemon_name in the configure file. Consult the &'tcpwrappers'& documentation for further details. @@ -2133,7 +2163,6 @@ files or libraries are required. When a lookup type is not included in the binary, attempts to configure Exim to use it cause run time configuration errors. -.new .cindex "pkg-config" "lookups" .cindex "pkg-config" "authenticators" Many systems now use a tool called &'pkg-config'& to encapsulate information @@ -2153,7 +2182,6 @@ AUTH_GSASL_PC=libgsasl AUTH_HEIMDAL_GSSAPI=yes AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi .endd -.wen .cindex "Perl" "including support for" Exim can be linked with an embedded Perl interpreter, allowing Perl @@ -2306,7 +2334,7 @@ INFO_DIRECTORY, as described in section &<>& below. For the utility programs, old versions are renamed by adding the suffix &_.O_& to their names. The Exim binary itself, however, is handled differently. It is installed under a name that includes the version number and the compile number, -for example &_exim-&version;-1_&. The script then arranges for a symbolic link +for example &_exim-&version()-1_&. The script then arranges for a symbolic link called &_exim_& to point to the binary. If you are updating a previous version of Exim, the script takes care to ensure that the name &_exim_& is never absent from the directory (as seen by other processes). @@ -2686,6 +2714,15 @@ no arguments. This option is an alias for &%-bV%& and causes version information to be displayed. +.new +.vitem &%-Ac%& &&& + &%-Am%& +.oindex "&%-Ac%&" +.oindex "&%-Am%&" +These options are used by Sendmail for selecting configuration files and are +ignored by Exim. +.wen + .vitem &%-B%&<&'type'&> .oindex "&%-B%&" .cindex "8-bit characters" @@ -2945,11 +2982,39 @@ use the &'exim_dbmbuild'& utility, or some other means, to rebuild alias files if this is required. If the &%bi_command%& option is not set, calling Exim with &%-bi%& is a no-op. +.new +. // Keep :help first, then the rest in alphabetical order +.vitem &%-bI:help%& +.oindex "&%-bI:help%&" +.cindex "querying exim information" +We shall provide various options starting &`-bI:`& for querying Exim for +information. The output of many of these will be intended for machine +consumption. This one is not. The &%-bI:help%& option asks Exim for a +synopsis of supported options beginning &`-bI:`&. Use of any of these +options shall cause Exim to exit after producing the requested output. + +.vitem &%-bI:dscp%& +.oindex "&%-bI:dscp%&" +.cindex "DSCP" "values" +This option causes Exim to emit an alphabetically sorted list of all +recognised DSCP names. + +.vitem &%-bI:sieve%& +.oindex "&%-bI:sieve%&" +.cindex "Sieve filter" "capabilities" +This option causes Exim to emit an alphabetically sorted list of all supported +Sieve protocol extensions on stdout, one per line. This is anticipated to be +useful for ManageSieve (RFC 5804) implementations, in providing that protocol's +&`SIEVE`& capability response line. As the precise list may depend upon +compile-time build options, which this option will adapt to, this is the only +way to guarantee a correct response. +.wen + .vitem &%-bm%& .oindex "&%-bm%&" .cindex "local message reception" This option runs an Exim receiving process that accepts an incoming, -locally-generated message on the current input. The recipients are given as the +locally-generated message on the standard input. The recipients are given as the command arguments (except when &%-t%& is also present &-- see below). Each argument can be a comma-separated list of RFC 2822 addresses. This is the default option for selecting the overall action of an Exim call; it is assumed @@ -3058,6 +3123,12 @@ configuration file is output. If a list of configuration files was supplied, the value that is output here is the name of the file that was actually used. +.new +.cindex "options" "hiding name of" +If the &%-n%& flag is given, then for most modes of &%-bP%& operation the +name will not be output. +.wen + .cindex "daemon" "process id (pid)" .cindex "pid (process id)" "of daemon" If &%log_file_path%& or &%pid_file_path%& are given, the names of the @@ -3660,8 +3731,19 @@ if &%-f%& is also present, it overrides &"From&~"&. .vitem &%-G%& .oindex "&%-G%&" -.cindex "Sendmail compatibility" "&%-G%& option ignored" -This is a Sendmail option which is ignored by Exim. +.cindex "submission fixups, suppressing (command-line)" +.new +This option is equivalent to an ACL applying: +.code +control = suppress_local_fixups +.endd +for every message received. Note that Sendmail will complain about such +bad formatting, where Exim silently just does not fix it up. This may change +in future. + +As this affects audit information, the caller must be a trusted user to use +this option. +.wen .vitem &%-h%&&~<&'number'&> .oindex "&%-h%&" @@ -3679,6 +3761,19 @@ line by itself should not terminate an incoming, non-SMTP message. I can find no documentation for this option in Solaris 2.4 Sendmail, but the &'mailx'& command in Solaris 2.4 uses it. See also &%-ti%&. +.new +.vitem &%-L%&&~<&'tag'&> +.oindex "&%-L%&" +.cindex "syslog" "process name; set with flag" +This option is equivalent to setting &%syslog_processname%& in the config +file and setting &%log_file_path%& to &`syslog`&. +Its use is restricted to administrators. The configuration file has to be +read and parsed, to determine access rights, before this is set and takes +effect, so early configuration file errors will not honour this flag. + +The tag should not be longer than 32 characters. +.wen + .vitem &%-M%&&~<&'message&~id'&>&~<&'message&~id'&>&~... .oindex "&%-M%&" .cindex "forcing delivery" @@ -3919,9 +4014,9 @@ for that message. .vitem &%-n%& .oindex "&%-n%&" -.cindex "Sendmail compatibility" "&%-n%& option ignored" -This option is interpreted by Sendmail to mean &"no aliasing"&. It is ignored -by Exim. +This option is interpreted by Sendmail to mean &"no aliasing"&. +For normal modes of operation, it is ignored by Exim. +When combined with &%-bP%& it suppresses the name of an option from being output. .vitem &%-O%&&~<&'data'&> .oindex "&%-O%&" @@ -4035,8 +4130,8 @@ message. Provided this error message is successfully sent, the Exim receiving process exits with a return code of zero. If not, the return code is 2 if the problem -is that the original message has no recipients, or 1 any other error. This is -the default &%-oe%&&'x'& option if Exim is called as &'rmail'&. +is that the original message has no recipients, or 1 for any other error. +This is the default &%-oe%&&'x'& option if Exim is called as &'rmail'&. .vitem &%-oem%& .oindex "&%-oem%&" @@ -4249,7 +4344,7 @@ For compatibility with Sendmail, this option is equivalent to It sets the incoming protocol and host name (for trusted callers). The host name and its colon can be omitted when only the protocol is to be set. Note the Exim already has two private options, &%-pd%& and &%-ps%&, that refer -to embedded Perl. It is therefore impossible to set a protocol value of &`p`& +to embedded Perl. It is therefore impossible to set a protocol value of &`d`& or &`s`& using this option (but that does not seem a real limitation). .vitem &%-q%& @@ -4456,7 +4551,7 @@ has &'f'& or &'ff'& in its flags, the associated action is taken. .vitem &%-Tqt%&&~<&'times'&> .oindex "&%-Tqt%&" -This an option that is exclusively for use by the Exim testing suite. It is not +This is an option that is exclusively for use by the Exim testing suite. It is not recognized when Exim is run normally. It allows for the setting up of explicit &"queue times"& so that various warning/retry features can be tested. @@ -4540,6 +4635,13 @@ AIX uses &%-x%& for a private purpose (&"mail from a local mail program has National Language Support extended characters in the body of the mail item"&). It sets &%-x%& when calling the MTA from its &%mail%& command. Exim ignores this option. + +.new +.vitem &%-X%&&~<&'logfile'&> +.oindex "&%-X%&" +This option is interpreted by Sendmail to cause debug information to be sent +to the named file. It is ignored by Exim. +.wen .endlist .ecindex IIDclo1 @@ -5303,7 +5405,7 @@ it is unset, Exim uses the &[uname()]& system function to obtain the host name. The first three non-comment configuration lines are as follows: .code -domainlist local_domains = @ +domainlist local_domains = @ domainlist relay_to_domains = hostlist relay_from_hosts = 127.0.0.1 .endd @@ -5645,7 +5747,7 @@ examples described in &<>&. This means that no client can in fact authenticate until you complete the authenticator definitions. .code require message = relay not permitted - domains = +local_domains : +relay_domains + domains = +local_domains : +relay_to_domains .endd This statement rejects the address if its domain is neither a local domain nor one of the domains for which this host is a relay. @@ -6007,7 +6109,7 @@ The example PLAIN authenticator looks like this: # server_set_id = $auth2 # server_prompts = : # server_condition = Authentication is not yet configured -# server_advertise_condition = ${if def:tls_cipher } +# server_advertise_condition = ${if def:tls_in_cipher } .endd And the example LOGIN authenticator looks like this: .code @@ -6016,7 +6118,7 @@ And the example LOGIN authenticator looks like this: # server_set_id = $auth1 # server_prompts = <| Username: | Password: # server_condition = Authentication is not yet configured -# server_advertise_condition = ${if def:tls_cipher } +# server_advertise_condition = ${if def:tls_in_cipher } .endd The &%server_set_id%& option makes Exim remember the authenticated username @@ -6245,7 +6347,6 @@ using Berkeley DB versions 3 or 4, it opens existing databases for reading with the DB_UNKNOWN option. This enables it to handle any of the types of database that the library supports, and can be useful for accessing DBM files created by other applications. (For earlier DB versions, DB_HASH is always used.) -.new .next .cindex "lookup" "dbmjz" .cindex "lookup" "dbm &-- embedded NULs" @@ -6257,7 +6358,6 @@ ASCII NUL characters to form the lookup key. An example usage would be to authenticate incoming SMTP calls using the passwords from Cyrus SASL's &_/etc/sasldb2_& file with the &(gsasl)& authenticator or Exim's own &(cram_md5)& authenticator. -.wen .next .cindex "lookup" "dbmnz" .cindex "lookup" "dbm &-- terminating zero" @@ -6756,13 +6856,11 @@ is used on its own as the result. If the lookup does not succeed, the &`fail`& keyword causes a &'forced expansion failure'& &-- see section &<>& for an explanation of what this means. -.new The supported DNS record types are A, CNAME, MX, NS, PTR, SPF, SRV, and TXT, and, when Exim is compiled with IPv6 support, AAAA (and A6 if that is also configured). If no type is given, TXT is assumed. When the type is PTR, the data can be an IP address, written as normal; inversion and the addition of &%in-addr.arpa%& or &%ip6.arpa%& happens automatically. For example: -.wen .code ${lookup dnsdb{ptr=192.168.4.5}{$value}fail} .endd @@ -6789,13 +6887,11 @@ white space is ignored. .cindex "TXT record" "in &(dnsdb)& lookup" .cindex "SPF record" "in &(dnsdb)& lookup" -.new For TXT records with multiple items of data, only the first item is returned, unless a separator for them is specified using a comma after the separator character followed immediately by the TXT record item separator. To concatenate items without a separator, use a semicolon instead. For SPF records the default behaviour is to concatenate multiple items without using a separator. -.wen .code ${lookup dnsdb{>\n,: txt=a.b.example}} ${lookup dnsdb{>\n; txt=a.b.example}} @@ -6851,6 +6947,14 @@ has two space-separated fields: an authorization code and a target host name. The authorization code can be &"Y"& for yes, &"N"& for no, &"X"& for explicit authorization required but absent, or &"?"& for unknown. +.cindex "A+" "in &(dnsdb)& lookup" +The pseudo-type A+ performs an A6 lookup (if configured) followed by an AAAA +and then an A lookup. All results are returned; defer processing +(see below) is handled separately for each lookup. Example: +.code +${lookup dnsdb {>; a+=$sender_helo_name}} +.endd + .section "Multiple dnsdb lookups" "SECID67" In the previous sections, &(dnsdb)& lookups for a single domain are described. @@ -7425,7 +7529,7 @@ ${lookup sqlite {/some/thing/sqlitedb \ .endd In a list, the syntax is similar. For example: .code -domainlist relay_domains = sqlite;/some/thing/sqlitedb \ +domainlist relay_to_domains = sqlite;/some/thing/sqlitedb \ select * from relays where ip='$sender_host_address'; .endd The only character affected by the &%quote_sqlite%& operator is a single @@ -7507,13 +7611,13 @@ subject is not in the set. If the end of the list is reached without the subject having matched any of the patterns, it is in the set if the last item was a negative one, but not if it was a positive one. For example, the list in .code -domainlist relay_domains = !a.b.c : *.b.c +domainlist relay_to_domains = !a.b.c : *.b.c .endd matches any domain ending in &'.b.c'& except for &'a.b.c'&. Domains that match neither &'a.b.c'& nor &'*.b.c'& do not match, because the last item in the list is positive. However, if the setting were .code -domainlist relay_domains = !a.b.c +domainlist relay_to_domains = !a.b.c .endd then all domains other than &'a.b.c'& would match because the last item in the list is negative. In other words, a list that ends with a negative item behaves @@ -7617,7 +7721,7 @@ the words &%domainlist%&, &%hostlist%&, &%addresslist%&, or &%localpartlist%&, respectively. Then there follows the name that you are defining, followed by an equals sign and the list itself. For example: .code -hostlist relay_hosts = 192.168.23.0/24 : my.friend.example +hostlist relay_from_hosts = 192.168.23.0/24 : my.friend.example addresslist bad_senders = cdb;/etc/badsenders .endd A named list may refer to other named lists: @@ -8084,7 +8188,7 @@ case the IP address is used on its own. There are several types of pattern that require Exim to know the name of the remote host. These are either wildcard patterns or lookups by name. (If a complete hostname is given without any wildcarding, it is used to find an IP -address to match against, as described in the section &<>& +address to match against, as described in section &<>& above.) If the remote host name is not already known when Exim encounters one of these @@ -8253,7 +8357,7 @@ use masked IP addresses in database queries, you can use the &%mask%& expansion operator. If the query contains a reference to &$sender_host_name$&, Exim automatically -looks up the host name if has not already done so. (See section +looks up the host name if it has not already done so. (See section &<>& for comments on finding host names.) Historical note: prior to release 4.30, Exim would always attempt to find a @@ -8453,7 +8557,7 @@ but the separating colon must still be included at line breaks. White space surrounding the colons is ignored. For example: .code aol.com: spammer1 : spammer2 : ^[0-9]+$ : -spammer3 : spammer4 + spammer3 : spammer4 .endd As in all colon-separated lists in Exim, a colon can be included in an item by doubling. @@ -8698,6 +8802,23 @@ string easier to understand. This item inserts &"basic"& header lines. It is described with the &%header%& expansion item below. + +.vitem "&*${acl{*&<&'name'&>&*}{*&<&'arg'&>&*}...}*&" +.cindex "expansion" "calling an acl" +.cindex "&%acl%&" "call from expansion" +The name and zero to nine argument strings are first expanded separately. The expanded +arguments are assigned to the variables &$acl_arg1$& to &$acl_arg9$& in order. +Any unused are made empty. The variable &$acl_narg$& is set to the number of +arguments. The named ACL (see chapter &<>&) is called +and may use the variables; if another acl expansion is used the values +are restored after it returns. If the ACL sets +a value using a "message =" modifier and returns accept or deny, the value becomes +the result of the expansion. +If no message is set and the ACL returns accept or deny +the expansion result is an empty string. +If the ACL returns defer the result is a forced-fail. Otherwise the expansion fails. + + .vitem "&*${dlfunc{*&<&'file'&>&*}{*&<&'function'&>&*}{*&<&'arg'&>&*}&&& {*&<&'arg'&>&*}...}*&" .cindex &%dlfunc%& @@ -9328,6 +9449,20 @@ can be the word &"fail"& (not in braces) to force expansion failure if the command does not succeed. If both strings are omitted, the result is contents of the standard output/error on success, and nothing on failure. +.vindex "&$run_in_acl$&" +The standard output/error of the command is put in the variable &$value$&. +In this ACL example, the output of a command is logged for the admin to +troubleshoot: +.code +warn condition = ${run{/usr/bin/id}{yes}{no}} + log_message = Output of id: $value +.endd +If the command requires shell idioms, such as the > redirect operator, the +shell must be invoked directly, such as with: +.code +${run{/bin/bash -c "/usr/bin/id >/tmp/id"}{yes}{yes}} +.endd + .vindex "&$runrc$&" The return code from the command is put in the variable &$runrc$&, and this remains set afterwards, so in a filter file you can do things like this: @@ -9507,6 +9642,7 @@ environments where Exim uses base 36 instead of base 62 for its message identifiers, base-36 digits. The number is converted to decimal and output as a string. + .vitem &*${domain:*&<&'string'&>&*}*& .cindex "domain" "extraction" .cindex "expansion" "domain extraction" @@ -9641,6 +9777,16 @@ This operator converts a hex string into one that is base64 encoded. This can be useful for processing the output of the MD5 and SHA-1 hashing functions. + +.vitem &*${hexquote:*&<&'string'&>&*}*& +.cindex "quoting" "hex-encoded unprintable characters" +.cindex "&%hexquote%& expansion item" +This operator converts non-printable characters in a string into a hex +escape form. Byte values between 33 (!) and 126 (~) inclusive are left +as is, and other byte values are converted to &`\xNN`&, for example a +byt value 127 is converted to &`\x7f`&. + + .vitem &*${lc:*&<&'string'&>&*}*& .cindex "case forcing in strings" .cindex "string" "case forcing" @@ -9666,6 +9812,25 @@ See the description of the general &%length%& item above for details. Note that when &%length%& is used as an operator. +.vitem &*${listcount:*&<&'string'&>&*}*& +.cindex "expansion" "list item count" +.cindex "list" "item count" +.cindex "list" "count of items" +.cindex "&%listcount%& expansion item" +The string is interpreted as a list and the number of items is returned. + + +.vitem &*${listnamed:*&<&'name'&>&*}*&&~and&~&*${list_*&<&'type'&>&*name*&>&*}*& +.cindex "expansion" "named list" +.cindex "&%listnamed%& expansion item" +The name is interpreted as a named list and the content of the list is returned, +expanding any referenced lists, re-quoting as needed for colon-separation. +If the optional type if given it must be one of "a", "d", "h" or "l" +and selects address-, domain-, host- or localpart- lists to search among respectively. +Otherwise all types are searched in an undefined order and the first +matching list is returned. + + .vitem &*${local_part:*&<&'string'&>&*}*& .cindex "expansion" "local part extraction" .cindex "&%local_part%& expansion item" @@ -9773,10 +9938,8 @@ This operator returns a somewhat random number which is less than the supplied number and is at least 0. The quality of this randomness depends on how Exim was built; the values are not suitable for keying material. If Exim is linked against OpenSSL then RAND_pseudo_bytes() is used. -.new If Exim is linked against GnuTLS then gnutls_rnd(GNUTLS_RND_NONCE) is used, for versions of GnuTLS with that function. -.wen Otherwise, the implementation may be arc4random(), random() seeded by srandomdev() or srandom(), or a custom implementation even weaker than random(). @@ -9790,12 +9953,12 @@ dotted-nibble hexadecimal form. In both cases, this is the "natural" form for DNS. For example, .code ${reverse_ip:192.0.2.4} -${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.3} +${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.127} .endd returns .code 4.2.0.192 -3.0.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2 +f.7.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2 .endd @@ -9955,8 +10118,8 @@ ${if >{$message_size}{10M} ... .endd Note that the general negation operator provides for inequality testing. The two strings must take the form of optionally signed decimal integers, -optionally followed by one of the letters &"K"& or &"M"& (in either upper or -lower case), signifying multiplication by 1024 or 1024*1024, respectively. +optionally followed by one of the letters &"K"&, &"M"& or &"G"& (in either upper or +lower case), signifying multiplication by 1024, 1024*1024 or 1024*1024*1024, respectively. As a special case, the numerical value of an empty string is taken as zero. @@ -9965,6 +10128,21 @@ In all cases, a relative comparator OP is testing if <&'string1'&> OP 10M, not if 10M is larger than &$message_size$&. +.vitem &*acl&~{{*&<&'name'&>&*}{*&<&'arg1'&>&*}&&& + {*&<&'arg2'&>&*}...}*& +.cindex "expansion" "calling an acl" +.cindex "&%acl%&" "expansion condition" +The name and zero to nine argument strings are first expanded separately. The expanded +arguments are assigned to the variables &$acl_arg1$& to &$acl_arg9$& in order. +Any unused are made empty. The variable &$acl_narg$& is set to the number of +arguments. The named ACL (see chapter &<>&) is called +and may use the variables; if another acl expansion is used the values +are restored after it returns. If the ACL sets +a value using a "message =" modifier the variable $value becomes +the result of the expansion, otherwise it is empty. +If the ACL returns accept the condition is true; if deny, false. +If the ACL returns defer the result is a forced-fail. + .vitem &*bool&~{*&<&'string'&>&*}*& .cindex "expansion" "boolean parsing" .cindex "&%bool%& expansion condition" @@ -10159,6 +10337,8 @@ ${if forany{<, $recipients}{match{$item}{^user3@}}{yes}{no}} The value of &$item$& is saved and restored while &*forany*& or &*forall*& is being processed, to enable these expansion items to be nested. +To scan a named list, expand it with the &*listnamed*& operator. + .vitem &*ge&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& &&& &*gei&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& @@ -10182,7 +10362,6 @@ string is lexically greater than the second string. For &%gt%& the comparison includes the case of letters, whereas for &%gti%& the comparison is case-independent. -.new .vitem &*inlist&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& &&& &*inlisti&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& .cindex "string" "comparison" @@ -10199,7 +10378,6 @@ ${if inlist{needle}{foo:needle:bar}} ${if inlisti{Needle}{fOo:NeeDLE:bAr}} ${if forany{fOo:NeeDLE:bAr}{eqi{$item}{Needle}}} .endd -.wen .vitem &*isip&~{*&<&'string'&>&*}*& &&& &*isip4&~{*&<&'string'&>&*}*& &&& @@ -10311,12 +10489,10 @@ See &*match_local_part*&. .vitem &*match_ip&~{*&<&'string1'&>&*}{*&<&'string2'&>&*}*& .cindex "&%match_ip%& expansion condition" -.new This condition matches an IP address to a list of IP address patterns. It must be followed by two argument strings. The first (after expansion) must be an IP address or an empty string. The second (not expanded) is a restricted host list that can match only an IP address, not a host name. For example: -.wen .code ${if match_ip{$sender_host_address}{1.2.3.4:5.6.7.8}{...}{...}} .endd @@ -10362,10 +10538,8 @@ just as easy to use the fact that a lookup is itself a condition, and write: .endd .endlist ilist -.new Note that <&'string2'&> is not itself subject to string expansion, unless Exim was built with the EXPAND_LISTMATCH_RHS option. -.wen Consult section &<>& for further details of these patterns. @@ -10394,10 +10568,8 @@ item can be used, as in all address lists, to cause subsequent items to have their local parts matched casefully. Domains are always matched caselessly. -.new Note that <&'string2'&> is not itself subject to string expansion, unless Exim was built with the EXPAND_LISTMATCH_RHS option. -.wen &*Note*&: Host lists are &'not'& supported in this way. This is because hosts have two identities: a name and an IP address, and it is not clear @@ -10744,14 +10916,12 @@ is empty and &$authentication_failed$& is set to &"1"&). Failure includes any negative response to an AUTH command, including (for example) an attempt to use an undefined mechanism. -.new .vitem &$av_failed$& .cindex "content scanning" "AV scanner failure" This variable is available when Exim is compiled with the content-scanning extension. It is set to &"0"& by default, but will be set to &"1"& if any problem occurs with the virus scanner (specified by &%av_scanner%&) during the ACL malware condition. -.wen .vitem &$body_linecount$& .cindex "message body" "line count" @@ -10925,6 +11095,12 @@ inserting the message header line with the given name. Note that the name must be terminated by colon or white space, because it may contain a wide variety of characters. Note also that braces must &'not'& be used. +.vitem &$headers_added$& +.vindex "&$headers_added$&" +Within an ACL this variable contains the headers added so far by +the ACL modifier add_header (section &<>&). +The headers are a newline-separated list. + .vitem &$home$& .vindex "&$home$&" When the &%check_local_user%& option is set for a router, the user's home @@ -11595,6 +11771,12 @@ envelope sender. .vindex "&$return_size_limit$&" This is an obsolete name for &$bounce_return_size_limit$&. +.vitem &$router_name$& +.cindex "router" "name" +.cindex "name" "of router" +.vindex "&$router_name$&" +During the running of a router this variable contains its name. + .vitem &$runrc$& .cindex "return code" "from &%run%& expansion" .vindex "&$runrc$&" @@ -11686,6 +11868,31 @@ driver that successfully authenticated the client from which the message was received. It is empty if there was no successful authentication. See also &$authenticated_id$&. +.new +.vitem &$sender_host_dnssec$& +.vindex "&$sender_host_dnssec$&" +If &$sender_host_name$& has been populated (by reference, &%hosts_lookup%& or +otherwise) then this boolean will have been set true if, and only if, the +resolver library states that the reverse DNS was authenticated data. At all +other times, this variable is false. + +It is likely that you will need to coerce DNSSEC support on in the resolver +library, by setting: +.code +dns_use_dnssec = 1 +.endd + +Exim does not perform DNSSEC validation itself, instead leaving that to a +validating resolver (eg, unbound, or bind with suitable configuration). + +Exim does not (currently) check to see if the forward DNS was also secured +with DNSSEC, only the reverse DNS. + +If you have changed &%host_lookup_order%& so that &`bydns`& is not the first +mechanism in the list, then this variable will be false. +.wen + + .vitem &$sender_host_name$& .vindex "&$sender_host_name$&" When a message is received from a remote host, this variable contains the @@ -11884,22 +12091,43 @@ command in a filter file. Its use is explained in the description of that command, which can be found in the separate document entitled &'Exim's interfaces to mail filtering'&. -.new -.vitem &$tls_bits$& -.vindex "&$tls_bits$&" -Contains an approximation of the TLS cipher's bit-strength; the meaning of +.vitem &$tls_in_bits$& +.vindex "&$tls_in_bits$&" +Contains an approximation of the TLS cipher's bit-strength +on the inbound connection; the meaning of this depends upon the TLS implementation used. If TLS has not been negotiated, the value will be 0. The value of this is automatically fed into the Cyrus SASL authenticator when acting as a server, to specify the "external SSF" (a SASL term). -.wen -.vitem &$tls_certificate_verified$& -.vindex "&$tls_certificate_verified$&" +The deprecated &$tls_bits$& variable refers to the inbound side +except when used in the context of an outbound SMTP delivery, when it refers to +the outbound. + +.vitem &$tls_out_bits$& +.vindex "&$tls_out_bits$&" +Contains an approximation of the TLS cipher's bit-strength +on an outbound SMTP connection; the meaning of +this depends upon the TLS implementation used. +If TLS has not been negotiated, the value will be 0. + +.vitem &$tls_in_certificate_verified$& +.vindex "&$tls_in_certificate_verified$&" This variable is set to &"1"& if a TLS certificate was verified when the message was received, and &"0"& otherwise. -.vitem &$tls_cipher$& +The deprecated &$tls_certificate_verfied$& variable refers to the inbound side +except when used in the context of an outbound SMTP delivery, when it refers to +the outbound. + +.vitem &$tls_out_certificate_verified$& +.vindex "&$tls_out_certificate_verified$&" +This variable is set to &"1"& if a TLS certificate was verified when an +outbound SMTP connection was made, +and &"0"& otherwise. + +.vitem &$tls_in_cipher$& +.vindex "&$tls_in_cipher$&" .vindex "&$tls_cipher$&" When a message is received from a remote host over an encrypted SMTP connection, this variable is set to the cipher suite that was negotiated, for @@ -11908,24 +12136,39 @@ received over unencrypted connections, the variable is empty. Testing &$tls_cipher$& for emptiness is one way of distinguishing between encrypted and non-encrypted connections during ACL processing. -The &$tls_cipher$& variable retains its value during message delivery, except -when an outward SMTP delivery takes place via the &(smtp)& transport. In this -case, &$tls_cipher$& is cleared before any outgoing SMTP connection is made, +The deprecated &$tls_cipher$& variable is the same as &$tls_in_cipher$& during message reception, +but in the context of an outward SMTP delivery taking place via the &(smtp)& transport +becomes the same as &$tls_out_cipher$&. + +.vitem &$tls_out_cipher$& +.vindex "&$tls_out_cipher$&" +This variable is +cleared before any outgoing SMTP connection is made, and then set to the outgoing cipher suite if one is negotiated. See chapter &<>& for details of TLS support and chapter &<>& for details of the &(smtp)& transport. -.vitem &$tls_peerdn$& +.vitem &$tls_in_peerdn$& +.vindex "&$tls_in_peerdn$&" .vindex "&$tls_peerdn$&" When a message is received from a remote host over an encrypted SMTP connection, and Exim is configured to request a certificate from the client, the value of the Distinguished Name of the certificate is made available in the -&$tls_peerdn$& during subsequent processing. Like &$tls_cipher$&, the -value is retained during message delivery, except during outbound SMTP -deliveries. +&$tls_in_peerdn$& during subsequent processing. -.new -.vitem &$tls_sni$& +The deprecated &$tls_peerdn$& variable refers to the inbound side +except when used in the context of an outbound SMTP delivery, when it refers to +the outbound. + +.vitem &$tls_out_peerdn$& +.vindex "&$tls_out_peerdn$&" +When a message is being delivered to a remote host over an encrypted SMTP +connection, and Exim is configured to request a certificate from the server, +the value of the Distinguished Name of the certificate is made available in the +&$tls_out_peerdn$& during subsequent processing. + +.vitem &$tls_in_sni$& +.vindex "&$tls_in_sni$&" .vindex "&$tls_sni$&" .cindex "TLS" "Server Name Indication" When a TLS session is being established, if the client sends the Server @@ -11936,10 +12179,16 @@ will be re-expanded early in the TLS session, to permit a different certificate to be presented (and optionally a different key to be used) to the client, based upon the value of the SNI extension. -The value will be retained for the lifetime of the message. During outbound -SMTP deliveries, it reflects the value of the &%tls_sni%& option on +The deprecated &$tls_sni$& variable refers to the inbound side +except when used in the context of an outbound SMTP delivery, when it refers to +the outbound. + +.vitem &$tls_out_sni$& +.vindex "&$tls_out_sni$&" +.cindex "TLS" "Server Name Indication" +During outbound +SMTP deliveries, this variable reflects the value of the &%tls_sni%& option on the transport. -.wen .vitem &$tod_bsdinbox$& .vindex "&$tod_bsdinbox$&" @@ -11982,6 +12231,12 @@ This variable contains the numerical value of the local timezone, for example: This variable contains the UTC date and time in &"Zulu"& format, as specified by ISO 8601, for example: 20030221154023Z. +.vitem &$transport_name$& +.cindex "transport" "name" +.cindex "name" "of transport" +.vindex "&$transport_name$&" +During the running of a transport, this variable contains its name. + .vitem &$value$& .vindex "&$value$&" This variable contains the result of an expansion lookup, extraction operation, @@ -12393,7 +12648,7 @@ local_interfaces = 0.0.0.0 : 127.0.0.1.26 .endd To specify listening on the default port on specific interfaces only: .code -local_interfaces = 192.168.34.67 : 192.168.34.67 +local_interfaces = 10.0.0.67 : 192.168.34.67 .endd &*Warning*&: Such a setting excludes listening on the loopback interfaces. @@ -12690,6 +12945,7 @@ listed in more than one group. .section "TLS" "SECID108" .table2 .row &%gnutls_compat_mode%& "use GnuTLS compatibility mode" +.row &%gnutls_enable_pkcs11%& "allow GnuTLS to autoload PKCS11 modules" .row &%openssl_options%& "adjust OpenSSL compatibility options" .row &%tls_advertise_hosts%& "advertise TLS to these hosts" .row &%tls_certificate%& "location of server certificate" @@ -12839,6 +13095,7 @@ See also the &'Policy controls'& section above. .row &%dns_ipv4_lookup%& "only v4 lookup for these domains" .row &%dns_retrans%& "parameter for resolver" .row &%dns_retry%& "parameter for resolver" +.row &%dns_use_dnssec%& "parameter for resolver" .row &%dns_use_edns0%& "parameter for resolver" .row &%hold_domains%& "hold delivery for these domains" .row &%local_interfaces%& "for routing checks" @@ -12883,10 +13140,11 @@ See also the &'Policy controls'& section above. Those options that undergo string expansion before use are marked with †. -.new .option accept_8bitmime main boolean true .cindex "8BITMIME" .cindex "8-bit characters" +.cindex "log" "selectors" +.cindex "log" "8BITMIME" This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it @@ -12899,7 +13157,11 @@ A more detailed analysis of the issues is provided by Dan Bernstein: .display &url(http://cr.yp.to/smtp/8bitmime.html) .endd -.wen + +To log received 8BITMIME status use +.code +log_selector = +8bitmime +.endd .option acl_not_smtp main string&!! unset .cindex "&ACL;" "for non-SMTP messages" @@ -13080,10 +13342,10 @@ If you want to advertise the availability of AUTH only when the connection is encrypted using TLS, you can make use of the fact that the value of this option is expanded, with a setting like this: .code -auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}} +auth_advertise_hosts = ${if eq{$tls_in_cipher}{}{}{*}} .endd -.vindex "&$tls_cipher$&" -If &$tls_cipher$& is empty, the session is not encrypted, and the result of +.vindex "&$tls_in_cipher$&" +If &$tls_in_cipher$& is empty, the session is not encrypted, and the result of the expansion is empty, thus matching no hosts. Otherwise, the result of the expansion is *, which matches all hosts. @@ -13482,6 +13744,17 @@ See &%dns_retrans%& above. .new +.option dns_use_dnssec main integer -1 +.cindex "DNS" "resolver options" +.cindex "DNS" "DNSSEC" +If this option is set to a non-negative number then Exim will initialise the +DNS resolver library to either use or not use DNSSEC, overriding the system +default. A value of 0 coerces DNSSEC off, a value of 1 coerces DNSSEC on. + +If the resolver library does not support DNSSEC then this option has no effect. +.wen + + .option dns_use_edns0 main integer -1 .cindex "DNS" "resolver options" .cindex "DNS" "EDNS0" @@ -13491,7 +13764,6 @@ the system default. A value of 0 coerces EDNS0 off, a value of 1 coerces EDNS0 on. If the resolver library does not support EDNS0 then this option has no effect. -.wen .option drop_cr main boolean false @@ -13707,6 +13979,19 @@ This option controls whether GnuTLS is used in compatibility mode in an Exim server. This reduces security slightly, but improves interworking with older implementations of TLS. + +.new +option gnutls_enable_pkcs11 main boolean unset +This option will let GnuTLS (2.12.0 or later) autoload PKCS11 modules with +the p11-kit configuration files in &_/etc/pkcs11/modules/_&. + +See +&url(http://www.gnu.org/software/gnutls/manual/gnutls.html#Smart-cards-and-HSMs) +for documentation. +.wen + + + .option headers_charset main string "see below" This option sets a default character set for translating from encoded MIME &"words"& in header lines, when referenced by an &$h_xxx$& expansion item. The @@ -14405,12 +14690,10 @@ yourself in the foot in various unpleasant ways. This option should not be adjusted lightly. An unrecognised item will be detected at startup, by invoking Exim with the &%-bV%& flag. -.new Historical note: prior to release 4.80, Exim defaulted this value to "+dont_insert_empty_fragments", which may still be needed for compatibility with some clients, but which lowers security by increasing exposure to some now infamous attacks. -.wen An example: .code @@ -14459,6 +14742,8 @@ Possible options may include: .next &`no_tlsv1_2`& .next +&`safari_ecdhe_ecdsa_bug`& +.next &`single_dh_use`& .next &`single_ecdh_use`& @@ -14474,6 +14759,15 @@ Possible options may include: &`tls_rollback_bug`& .endlist +.new +As an aside, the &`safari_ecdhe_ecdsa_bug`& item is a misnomer and affects +all clients connecting using the MacOS SecureTransport TLS facility prior +to MacOS 10.8.4, including email clients. If you see old MacOS clients failing +to negotiate TLS then this option value might help, provided that your OpenSSL +release is new enough to contain this work-around. This may be a situation +where you have to upgrade OpenSSL to get buggy clients working. +.wen + .option oracle_servers main "string list" unset .cindex "Oracle" "server list" @@ -14800,7 +15094,7 @@ received_header_text = Received: \ ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\ by $primary_hostname \ ${if def:received_protocol {with $received_protocol}} \ - ${if def:tls_cipher {($tls_cipher)\n\t}}\ + ${if def:tls_in_cipher {($tls_in_cipher)\n\t}}\ (Exim $version_number)\n\t\ ${if def:sender_address \ {(envelope-from <$sender_address>)\n\t}}\ @@ -15044,7 +15338,7 @@ live with. . Allow this long option name to split; give it unsplit as a fifth argument . for the automatic .oindex that is generated by .option. -.option "smtp_accept_max_per_ &~&~connection" main integer 1000 &&& +.option "smtp_accept_max_per_connection" main integer 1000 &&& smtp_accept_max_per_connection .cindex "SMTP" "limiting incoming message count" .cindex "limit" "messages per SMTP connection" @@ -15663,12 +15957,10 @@ receiving incoming messages as a server. If you want to supply certificates for use when sending messages as a client, you must set the &%tls_certificate%& option in the relevant &(smtp)& transport. -.new -If the option contains &$tls_sni$& and Exim is built against OpenSSL, then +If the option contains &$tls_out_sni$& and Exim is built against OpenSSL, then if the OpenSSL build supports TLS extensions and the TLS client sends the Server Name Indication extension, then this option and others documented in &<>& will be re-expanded. -.wen .option tls_crl main string&!! unset .cindex "TLS" "server certificate revocation list" @@ -15676,12 +15968,9 @@ Server Name Indication extension, then this option and others documented in This option specifies a certificate revocation list. The expanded value must be the name of a file that contains a CRL in PEM format. -.new See &<>& for discussion of when this option might be re-expanded. -.wen -.new .option tls_dh_max_bits main integer 2236 .cindex "TLS" "D-H bit count" The number of bits used for Diffie-Hellman key-exchange may be suggested by @@ -15701,12 +15990,10 @@ number. Note that the value passed to GnuTLS for *generating* a new prime may be a little less than this figure, because GnuTLS is inexact and may produce a larger prime than requested. -.wen .option tls_dhparam main string&!! unset .cindex "TLS" "D-H parameters for server" -.new The value of this option is expanded and indicates the source of DH parameters to be used by Exim. @@ -15743,7 +16030,6 @@ The available primes are: Some of these will be too small to be accepted by clients. Some may be too large to be accepted by clients. -.wen .option tls_on_connect_ports main "string list" unset @@ -15762,9 +16048,7 @@ the expansion is forced to fail, or the result is an empty string, the private key is assumed to be in the same file as the server's certificates. See chapter &<>& for further details. -.new See &<>& for discussion of when this option might be re-expanded. -.wen .option tls_remember_esmtp main boolean false @@ -15812,9 +16096,10 @@ connecting clients, defining the list of accepted certificate authorities. Thus the values defined should be considered public data. To avoid this, use OpenSSL with a directory. -.new See &<>& for discussion of when this option might be re-expanded. -.wen + +A forced expansion failure or setting to an empty string is equivalent to +being unset. .option tls_verify_hosts main "host list&!!" unset @@ -16153,7 +16438,7 @@ router is skipped, and the address is offered to the next one. If the result is any other value, the router is run (as this is the last precondition to be evaluated, all the other preconditions must be true). -This option is unique in that multiple &%condition%& options may be present. +This option is unusual in that multiple &%condition%& options may be present. All &%condition%& options must succeed. The &%condition%& option provides a means of applying custom conditions to the @@ -16182,7 +16467,8 @@ be specified using &%condition%&. .option debug_print routers string&!! unset .cindex "testing" "variables in drivers" If this option is set and debugging is enabled (see the &%-d%& command line -option), the string is expanded and included in the debugging output. +option) or in address-testing mode (see the &%-bt%& command line option), +the string is expanded and included in the debugging output. If expansion of the string fails, the error message is written to the debugging output, and Exim carries on processing. This option is provided to help with checking out the values of variables and @@ -16191,6 +16477,7 @@ option appears not to be working, &%debug_print%& can be used to output the variables it references. The output happens after checks for &%domains%&, &%local_parts%&, and &%check_local_user%& but before any other preconditions are tested. A newline is added to the text if it does not end with one. +The variable &$router_name$& contains the name of the router. @@ -16352,6 +16639,9 @@ The &%headers_add%& option is expanded after &%errors_to%&, but before the expansion is forced to fail, the option has no effect. Other expansion failures are treated as configuration errors. +Unlike most options, &%headers_add%& can be specified multiple times +for a router; all listed headers are added. + &*Warning 1*&: The &%headers_add%& option cannot be used for a &(redirect)& router that has the &%one_time%& option set. @@ -16385,6 +16675,9 @@ The &%headers_remove%& option is expanded after &%errors_to%& and the option has no effect. Other expansion failures are treated as configuration errors. +Unlike most options, &%headers_remove%& can be specified multiple times +for a router; all listed headers are removed. + &*Warning 1*&: The &%headers_remove%& option cannot be used for a &(redirect)& router that has the &%one_time%& option set. @@ -17021,7 +17314,8 @@ Setting this option has the effect of setting &%verify_sender%& and .cindex "EXPN" "with &%verify_only%&" .oindex "&%-bv%&" .cindex "router" "used only when verifying" -If this option is set, the router is used only when verifying an address or +If this option is set, the router is used only when verifying an address, +delivering in cutthrough mode or testing with the &%-bv%& option, not when actually doing a delivery, testing with the &%-bt%& option, or running the SMTP EXPN command. It can be further restricted to verifying only senders or recipients by means of @@ -17035,7 +17329,8 @@ user or group. .option verify_recipient routers&!? boolean true If this option is false, the router is skipped when verifying recipient -addresses +addresses, +delivering in cutthrough mode or testing recipient verification using &%-bv%&. See section &<>& for a list of the order in which preconditions are evaluated. @@ -17136,7 +17431,6 @@ look for A or AAAA records, unless the domain matches &%mx_domains%&, in which case routing fails. -.new .section "Declining addresses by dnslookup" "SECTdnslookupdecline" .cindex "&(dnslookup)& router" "declines" There are a few cases where a &(dnslookup)& router will decline to accept @@ -17167,7 +17461,6 @@ The domain is not syntactically valid (see also &%allow_utf8_domains%& and &%check_secondary_mx%& is set on this router but the local host can not be found in the MX records (see below) .endlist -.wen @@ -18393,6 +18686,18 @@ quote just the command. An item such as .endd is interpreted as a pipe with a rather strange command name, and no arguments. +.new +Note that the above example assumes that the text comes from a lookup source +of some sort, so that the quotes are part of the data. If composing a +redirect router with a &%data%& option directly specifying this command, the +quotes will be used by the configuration parser to define the extent of one +string, but will not be passed down into the redirect router itself. There +are two main approaches to get around this: escape quotes to be part of the +data itself, or avoid using this mechanism and instead create a custom +transport with the &%command%& option set and reference that transport from +an &%accept%& router. +.wen + .next .cindex "file" "in redirection list" .cindex "address redirection" "to file" @@ -19333,6 +19638,8 @@ so on when debugging driver configurations. For example, if a &%headers_add%& option is not working properly, &%debug_print%& could be used to output the variables it references. A newline is added to the text if it does not end with one. +The variables &$transport_name$& and &$router_name$& contain the name of the +transport and the router that called it. .option delivery_date_add transports boolean false @@ -19378,6 +19685,9 @@ routers. If the result of the expansion is an empty string, or if the expansion is forced to fail, no action is taken. Other expansion failures are treated as errors and cause the delivery to be deferred. +Unlike most options, &%headers_add%& can be specified multiple times +for a transport; all listed headers are added. + .option headers_only transports boolean false @@ -19400,6 +19710,9 @@ routers. If the result of the expansion is an empty string, or if the expansion is forced to fail, no action is taken. Other expansion failures are treated as errors and cause the delivery to be deferred. +Unlike most options, &%headers_remove%& can be specified multiple times +for a router; all listed headers are added. + .option headers_rewrite transports string unset @@ -19704,7 +20017,7 @@ message, which happens if the &%return_message%& option is set. .option transport_filter_timeout transports time 5m .cindex "transport" "filter, timeout" -When Exim is reading the output of a transport filter, it a applies a timeout +When Exim is reading the output of a transport filter, it applies a timeout that can be set by this option. Exceeding the timeout is normally treated as a temporary delivery failure. However, if a transport filter is used with a &(pipe)& transport, a timeout in the transport filter is treated in the same @@ -20288,7 +20601,6 @@ This option applies only to deliveries in maildir format, and is described in section &<>& below. -.new .option maildir_use_size_file appendfile&!! boolean false .cindex "maildir format" "&_maildirsize_& file" The result of string expansion for this option must be a valid boolean value. @@ -20297,7 +20609,6 @@ creates a &_maildirsize_& file in a maildir if one does not exist, taking the quota from the &%quota%& option of the transport. If &%quota%& is unset, the value is zero. See &%maildir_quota_directory_regex%& above and section &<>& below for further details. -.wen .option maildirfolder_create_regex appendfile string unset .cindex "maildir format" "&_maildirfolder_& file" @@ -21322,10 +21633,10 @@ that are routed to the transport. .vindex "&$address_pipe$&" A router redirects an address directly to a pipe command (for example, from an alias or forward file). In this case, &$address_pipe$& contains the text of the -pipe command, and the &%command%& option on the transport is ignored. If only -one address is being transported (&%batch_max%& is not greater than one, or -only one address was redirected to this pipe command), &$local_part$& contains -the local part that was redirected. +pipe command, and the &%command%& option on the transport is ignored unless +&%force_command%& is set. If only one address is being transported +(&%batch_max%& is not greater than one, or only one address was redirected to +this pipe command), &$local_part$& contains the local part that was redirected. .endlist @@ -21433,6 +21744,15 @@ inserted in the argument list at that point &'as a separate argument'&. This avoids any problems with spaces or shell metacharacters, and is of use when a &(pipe)& transport is handling groups of addresses in a batch. +If &%force_command%& is enabled on the transport, Special handling takes place +for an argument that consists of precisely the text &`$address_pipe`&. It +is handled similarly to &$pipe_addresses$& above. It is expanded and each +argument is inserted in the argument list at that point +&'as a separate argument'&. The &`$address_pipe`& item does not need to be +the only item in the argument; in fact, if it were then &%force_command%& +should behave as a no-op. Rather, it should be used to adjust the command +run while preserving the argument vector separation. + After splitting up into arguments and expansion, the resulting command is run in a subprocess directly from the transport, &'not'& under a shell. The message that is being delivered is supplied on the standard input, and the @@ -21585,6 +21905,23 @@ a bounce message is sent. If &%freeze_signal%& is set, the message will be frozen in Exim's queue instead. +.option force_command pipe boolean false +.cindex "force command" +.cindex "&(pipe)& transport", "force command" +Normally when a router redirects an address directly to a pipe command +the &%command%& option on the transport is ignored. If &%force_command%& +is set, the &%command%& option will used. This is especially +useful for forcing a wrapper or additional argument to be added to the +command. For example: +.code +command = /usr/bin/remote_exec myhost -- $address_pipe +force_command +.endd + +Note that &$address_pipe$& is handled specially in &%command%& when +&%force_command%& is set, expanding out to the original argument vector as +separate items, similarly to a Unix shell &`"$@"`& construct. + .option ignore_status pipe boolean false If this option is true, the status returned by the subprocess that is set up to run the command is ignored, and Exim behaves as if zero had been returned. @@ -21946,6 +22283,9 @@ appropriate values for the outgoing connection, and these are the values that are in force when any authenticators are run and when the &%authenticated_sender%& option is expanded. +These variables are deprecated in favour of &$tls_in_cipher$& et. al. +and will be removed in a future release. + .section "Private options for smtp" "SECID146" .cindex "options" "&(smtp)& transport" @@ -21983,7 +22323,7 @@ ignored. The expansion happens after the outgoing connection has been made and TLS started, if required. This means that the &$host$&, &$host_address$&, -&$tls_cipher$&, and &$tls_peerdn$& variables are set according to the +&$tls_out_cipher$&, and &$tls_out_peerdn$& variables are set according to the particular connection. If the SMTP session is not authenticated, the expansion of @@ -22079,6 +22419,22 @@ See the &%search_parents%& option in chapter &<>& for more details. +.new +.option dscp smtp string&!! unset +.cindex "DCSP" "outbound" +This option causes the DSCP value associated with a socket to be set to one +of a number of fixed strings or to numeric value. +The &%-bI:dscp%& option may be used to ask Exim which names it knows of. +Common values include &`throughput`&, &`mincost`&, and on newer systems +&`ef`&, &`af41`&, etc. Numeric values may be in the range 0 to 0x3F. + +The outbound packets from Exim will be marked with this value in the header +(for IPv4, the TOS field; for IPv6, the TCLASS field); there is no guarantee +that these values will have any effect, not be stripped by networking +equipment, or do much of anything without cooperation with your Network +Engineer and those of all network operators between the source and destination. +.wen + .option fallback_hosts smtp "string list" unset .cindex "fallback" "hosts specified on transport" @@ -22212,6 +22568,13 @@ that matches this list, even if the server host advertises PIPELINING support. Exim will not try to start a TLS session when delivering to any host that matches this list. See chapter &<>& for details of TLS. +.option hosts_verify_avoid_tls smtp "host list&!!" * +.cindex "TLS" "avoiding for certain hosts" +Exim will not try to start a TLS session for a verify callout, +or when delivering in cutthrough mode, +to any host that matches this list. +Note that the default is to not use TLS. + .option hosts_max_try smtp integer 5 .cindex "host" "maximum number to try" @@ -22389,12 +22752,10 @@ protocol (RFC 2033) instead of SMTP. This protocol is sometimes used for local deliveries into closed message stores. Exim also has support for running LMTP over a pipe to a local process &-- see chapter &<>&. -.new If this option is set to &"smtps"&, the default vaule for the &%port%& option changes to &"smtps"&, and the transport initiates TLS immediately after connecting, as an outbound SSL-on-connect, instead of using STARTTLS to upgrade. The Internet standards bodies strongly discourage use of this mode. -.wen .option retry_include_ip_address smtp boolean true @@ -22478,6 +22839,19 @@ This option specifies a certificate revocation list. The expanded value must be the name of a file that contains a CRL in PEM format. +.new +.option tls_dh_min_bits smtp integer 1024 +.cindex "TLS" "Diffie-Hellman minimum acceptable size" +When establishing a TLS session, if a ciphersuite which uses Diffie-Hellman +key agreement is negotiated, the server will provide a large prime number +for use. This option establishes the minimum acceptable size of that number. +If the parameter offered by the server is too small, then the TLS handshake +will fail. + +Only supported when using GnuTLS. +.wen + + .option tls_privatekey smtp string&!! unset .cindex "TLS" "client private key, location of" .vindex "&$host$&" @@ -22507,19 +22881,19 @@ ciphers is a preference order. -.new .option tls_sni smtp string&!! unset .cindex "TLS" "Server Name Indication" .vindex "&$tls_sni$&" -If this option is set then it sets the $tls_sni variable and causes any +If this option is set then it sets the $tls_out_sni variable and causes any TLS session to pass this value as the Server Name Indication extension to the remote side, which can be used by the remote side to select an appropriate certificate and private key for the session. See &<>& for more information. -OpenSSL only, also requiring a build of OpenSSL that supports TLS extensions. -.wen +Note that for OpenSSL, this feature requires a build of OpenSSL that supports +TLS extensions. + @@ -23698,18 +24072,15 @@ included by setting .code AUTH_CRAM_MD5=yes AUTH_CYRUS_SASL=yes -.new AUTH_DOVECOT=yes AUTH_GSASL=yes AUTH_HEIMDAL_GSSAPI=yes -.wen AUTH_PLAINTEXT=yes AUTH_SPA=yes .endd in &_Local/Makefile_&, respectively. The first of these supports the CRAM-MD5 authentication mechanism (RFC 2195), and the second provides an interface to the Cyrus SASL authentication library. -.new The third is an interface to Dovecot's authentication system, delegating the work via a socket interface. The fourth provides an interface to the GNU SASL authentication library, which @@ -23720,7 +24091,6 @@ The sixth can be configured to support the PLAIN authentication mechanism (RFC 2595) or the LOGIN mechanism, which is not formally documented, but used by several MUAs. The seventh authenticator supports Microsoft's &'Secure Password Authentication'& mechanism. -.wen The authenticators are configured using the same syntax as other drivers (see section &<>&). If no authenticators are required, no @@ -23752,7 +24122,6 @@ The remainder of this chapter covers the generic options for the authenticators, followed by general discussion of the way authentication works in Exim. -.new &*Beware:*& the meaning of &$auth1$&, &$auth2$&, ... varies on a per-driver and per-mechanism basis. Please read carefully to determine which variables hold account labels such as usercodes and which hold passwords or other @@ -23774,7 +24143,6 @@ A &'realm'& is a text string, typically a domain name, presented by a server to a client to help it select an account and credentials to use. In some mechanisms, the client and server provably agree on the realm, but clients typically can not treat the realm as secure data to be blindly trusted. -.wen @@ -23788,11 +24156,14 @@ When Exim is authenticating as a client, it skips any authenticator whose used, for example, to skip plain text authenticators when the connection is not encrypted by a setting such as: .code -client_condition = ${if !eq{$tls_cipher}{}} +client_condition = ${if !eq{$tls_out_cipher}{}} .endd -(Older documentation incorrectly states that &$tls_cipher$& contains the cipher -used for incoming messages. In fact, during SMTP delivery, it contains the -cipher used for the delivery.) + + +.option client_set_id authenticators string&!! unset +When client authentication succeeds, this condition is expanded; the +result is used in the log lines for outbound messasges. +Typically it will be the user name used for authentication. .option driver authenticators string unset @@ -23822,10 +24193,8 @@ This option must be set for a &%plaintext%& server authenticator, where it is used directly to control authentication. See section &<>& for details. -.new For the &(gsasl)& authenticator, this option is required for various mechanisms; see chapter &<>& for details. -.wen For the other authenticators, &%server_condition%& can be used as an additional authentication or authorization mechanism that is applied after the other @@ -23954,10 +24323,10 @@ authentication mechanisms. For example, it can be used to restrict the advertisement of a particular mechanism to encrypted connections, by a setting such as: .code -server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}} +server_advertise_condition = ${if eq{$tls_in_cipher}{}{no}{yes}} .endd -.vindex "&$tls_cipher$&" -If the session is encrypted, &$tls_cipher$& is not empty, and so the expansion +.vindex "&$tls_in_cipher$&" +If the session is encrypted, &$tls_in_cipher$& is not empty, and so the expansion yields &"yes"&, which allows the advertisement to happen. When an Exim server receives an AUTH command from a client, it rejects it @@ -24432,7 +24801,6 @@ lookup_cram: Note that this expansion explicitly forces failure if the lookup fails because &$auth1$& contains an unknown user name. -.new As another example, if you wish to re-use a Cyrus SASL sasldb2 file without using the relevant libraries, you need to know the realm to specify in the lookup and then ask for the &"userPassword"& attribute for that user in that @@ -24445,7 +24813,6 @@ cyrusless_crammd5: dbmjz{/etc/sasldb2}} server_set_id = $auth1 .endd -.wen .section "Using cram_md5 as a client" "SECID177" .cindex "options" "&(cram_md5)& authenticator (client)" @@ -24520,7 +24887,7 @@ Kerberos, note that because of limitations in the GSSAPI interface, changing the server keytab might need to be communicated down to the Kerberos layer independently. The mechanism for doing so is dependent upon the Kerberos implementation. -.new + For example, for older releases of Heimdal, the environment variable KRB5_KTNAME may be set to point to an alternative keytab file. Exim will pass this variable through from its own inherited environment when started as root or the @@ -24529,7 +24896,6 @@ With newer releases of Heimdal, a setuid Exim may cause Heimdal to discard the environment variable. In practice, for those releases, the Cyrus authenticator is not a suitable interface for GSSAPI (Kerberos) support. Instead, consider the &(heimdal_gssapi)& authenticator, described in chapter &<>& -.wen .section "Using cyrus_sasl as a server" "SECID178" @@ -24560,10 +24926,8 @@ sasl: server_set_id = $auth1 .endd -.new .option server_realm cyrus_sasl string&!! unset This specifies the SASL realm that the server claims to be in. -.wen .option server_service cyrus_sasl string &`smtp`& @@ -24636,7 +25000,6 @@ who authenticated is placed in &$auth1$&. . //////////////////////////////////////////////////////////////////////////// . //////////////////////////////////////////////////////////////////////////// -.new .chapter "The gsasl authenticator" "CHAPgsasl" .scindex IIDgsaslauth1 "&(gsasl)& authenticator" .scindex IIDgsaslauth2 "authenticators" "&(gsasl)&" @@ -24791,12 +25154,10 @@ gsasl_cyrusless_crammd5: server_condition = yes .endd -.wen . //////////////////////////////////////////////////////////////////////////// . //////////////////////////////////////////////////////////////////////////// -.new .chapter "The heimdal_gssapi authenticator" "CHAPheimdalgss" .scindex IIDheimdalgssauth1 "&(heimdal_gssapi)& authenticator" .scindex IIDheimdalgssauth2 "authenticators" "&(heimdal_gssapi)&" @@ -24843,7 +25204,6 @@ authentication. If that was empty, this will also be set to the GSS Display Name. .endlist -.wen . //////////////////////////////////////////////////////////////////////////// . //////////////////////////////////////////////////////////////////////////// @@ -25029,14 +25389,13 @@ There are some differences in usage when using GnuTLS instead of OpenSSL: The &%tls_verify_certificates%& option must contain the name of a file, not the name of a directory (for OpenSSL it can be either). .next -.new The default value for &%tls_dhparam%& differs for historical reasons. -.wen .next -.vindex "&$tls_peerdn$&" +.vindex "&$tls_in_peerdn$&" +.vindex "&$tls_out_peerdn$&" Distinguished Name (DN) strings reported by the OpenSSL library use a slash for separating fields; GnuTLS uses commas, in accordance with RFC 2253. This -affects the value of the &$tls_peerdn$& variable. +affects the value of the &$tls_in_peerdn$& and &$tls_out_peerdn$& variables. .next OpenSSL identifies cipher suites using hyphens as separators, for example: DES-CBC3-SHA. GnuTLS historically used underscores, for example: @@ -25049,18 +25408,22 @@ option). .next The &%tls_require_ciphers%& options operate differently, as described in the sections &<>& and &<>&. +.next .new +The &%tls_dh_min_bits%& SMTP transport option is only honoured by GnuTLS. +When using OpenSSL, this option is ignored. +(If an API is found to let OpenSSL be configured in this way, +let the Exim Maintainers know and we'll likely use it). +.wen .next Some other recently added features may only be available in one or the other. This should be documented with the feature. If the documentation does not explicitly state that the feature is infeasible in the other TLS implementation, then patches are welcome. -.wen .endlist .section "GnuTLS parameter computation" "SECTgnutlsparam" -.new This section only applies if &%tls_dhparam%& is set to &`historic`& or to an explicit path; if the latter, then the text about generation still applies, but not the chosen filename. @@ -25141,7 +25504,6 @@ increase the chance of the generated prime actually being within acceptable bounds, as GnuTLS has been observed to overshoot. Note the check step in the procedure above. There is no sane procedure available to Exim to double-check the size of the generated prime, so it might still be too large. -.wen .section "Requiring specific ciphers in OpenSSL" "SECTreqciphssl" @@ -25191,7 +25553,6 @@ includes any ciphers already present they will be ignored: that is, they will not be moved to the end of the list. .endlist -.new The OpenSSL &'ciphers(1)'& command may be used to test the results of a given string: .code @@ -25209,11 +25570,9 @@ tls_require_ciphers = ${if =={$received_port}{25}\ {DEFAULT}\ {HIGH:!MD5:!SHA1}} .endd -.wen -.new .section "Requiring specific ciphers or other parameters in GnuTLS" &&& "SECTreqciphgnu" .cindex "GnuTLS" "specifying parameters for" @@ -25259,7 +25618,6 @@ tls_require_ciphers = ${if =={$received_port}{25}\ {NORMAL:%COMPAT}\ {SECURE128}} .endd -.wen .section "Configuring an Exim server to use TLS" "SECID182" @@ -25320,7 +25678,6 @@ tls_dhparam = /some/file/name .endd is set, the SSL library is initialized for the use of Diffie-Hellman ciphers with the parameters contained in the file. -.new Set this to &`none`& to disable use of DH entirely, by making no prime available: .code @@ -25336,7 +25693,6 @@ See the command openssl dhparam .endd for a way of generating file data. -.wen The strings supplied for these three options are expanded every time a client host connects. It is therefore possible to use different certificates and keys @@ -25346,15 +25702,13 @@ forced to fail, Exim behaves as if the option is not set. .cindex "cipher" "logging" .cindex "log" "TLS cipher" -.vindex "&$tls_cipher$&" -The variable &$tls_cipher$& is set to the cipher suite that was negotiated for +.vindex "&$tls_in_cipher$&" +The variable &$tls_in_cipher$& is set to the cipher suite that was negotiated for an incoming TLS connection. It is included in the &'Received:'& header of an incoming message (by default &-- you can, of course, change this), and it is also included in the log line that records a message's arrival, keyed by &"X="&, unless the &%tls_cipher%& log selector is turned off. The &%encrypted%& condition can be used to test for specific cipher suites in ACLs. -(For outgoing SMTP deliveries, &$tls_cipher$& is reset &-- see section -&<>&.) Once TLS has been established, the ACLs that run for subsequent SMTP commands can check the name of the cipher suite and vary their actions accordingly. The @@ -25363,6 +25717,9 @@ example, OpenSSL uses the name DES-CBC3-SHA for the cipher suite which in other contexts is known as TLS_RSA_WITH_3DES_EDE_CBC_SHA. Check the OpenSSL or GnuTLS documentation for more details. +For outgoing SMTP deliveries, &$tls_out_cipher$& is used and logged +(again depending on the &%tls_cipher%& log selector). + .section "Requesting and verifying client certificates" "SECID183" .cindex "certificate" "verification of client" @@ -25399,17 +25756,17 @@ fact that no certificate was verified, and vary their actions accordingly. For example, you can insist on a certificate before accepting a message for relaying, but not when the message is destined for local delivery. -.vindex "&$tls_peerdn$&" +.vindex "&$tls_in_peerdn$&" When a client supplies a certificate (whether it verifies or not), the value of the Distinguished Name of the certificate is made available in the variable -&$tls_peerdn$& during subsequent processing of the message. +&$tls_in_peerdn$& during subsequent processing of the message. .cindex "log" "distinguished name" Because it is often a long text string, it is not included in the log line or &'Received:'& header by default. You can arrange for it to be logged, keyed by &"DN="&, by setting the &%tls_peerdn%& log selector, and you can use &%received_header_text%& to change the &'Received:'& header. When no -certificate is supplied, &$tls_peerdn$& is empty. +certificate is supplied, &$tls_in_peerdn$& is empty. .section "Revoked certificates" "SECID184" @@ -25490,12 +25847,12 @@ All the TLS options in the &(smtp)& transport are expanded before use, with which the client is connected. Forced failure of an expansion causes Exim to behave as if the relevant option were unset. -.vindex &$tls_bits$& -.vindex &$tls_cipher$& -.vindex &$tls_peerdn$& -.vindex &$tls_sni$& +.vindex &$tls_out_bits$& +.vindex &$tls_out_cipher$& +.vindex &$tls_out_peerdn$& +.vindex &$tls_out_sni$& Before an SMTP connection is established, the -&$tls_bits$&, &$tls_cipher$&, &$tls_peerdn$& and &$tls_sni$& +&$tls_out_bits$&, &$tls_out_cipher$&, &$tls_out_peerdn$& and &$tls_out_sni$& variables are emptied. (Until the first connection, they contain the values that were set when the message was received.) If STARTTLS is subsequently successfully obeyed, these variables are set to the relevant values for the @@ -25503,11 +25860,10 @@ outgoing connection. -.new .section "Use of TLS Server Name Indication" "SECTtlssni" .cindex "TLS" "Server Name Indication" -.vindex "&$tls_sni$&" -.oindex "&%tls_sni%&" +.vindex "&$tls_in_sni$&" +.oindex "&%tls_in_sni%&" With TLS1.0 or above, there is an extension mechanism by which extra information can be included at various points in the protocol. One of these extensions, documented in RFC 6066 (and before that RFC 4366) is @@ -25534,14 +25890,14 @@ different clients. Or even negotiate different cipher suites. The &%tls_sni%& option on an SMTP transport is an expanded string; the result, if not empty, will be sent on a TLS session as part of the handshake. There's nothing more to it. Choosing a sensible value not derived insecurely is the -only point of caution. The &$tls_sni$& variable will be set to this string +only point of caution. The &$tls_out_sni$& variable will be set to this string for the lifetime of the client connection (including during authentication). -Except during SMTP client sessions, if &$tls_sni$& is set then it is a string +Except during SMTP client sessions, if &$tls_in_sni$& is set then it is a string received from a client. It can be logged with the &%log_selector%& item &`+tls_sni`&. -If the string &`tls_sni`& appears in the main section's &%tls_certificate%& +If the string &`tls_in_sni`& appears in the main section's &%tls_certificate%& option (prior to expansion) then the following options will be re-expanded during TLS session handshake, to permit alternative values to be chosen: @@ -25575,7 +25931,6 @@ see &`-servername`& in the output, then OpenSSL has support. When Exim is built against GnuTLS, SNI support is available as of GnuTLS 0.5.10. (Its presence predates the current API which Exim uses, so if Exim built, then you have SNI support). -.wen @@ -25654,6 +26009,8 @@ install if the receiving end is a client MUA that can interact with a user. .cindex "certificate" "self-signed" You can create a self-signed certificate using the &'req'& command provided with OpenSSL, like this: +. ==== Do not shorten the duration here without reading and considering +. ==== the text below. Please leave it at 9999 days. .code openssl req -x509 -newkey rsa:1024 -keyout file1 -out file2 \ -days 9999 -nodes @@ -25666,6 +26023,22 @@ that you are prompted for, and any use that is made of the key causes more prompting for the passphrase. This is not helpful if you are going to use this certificate and key in an MTA, where prompting is not possible. +. ==== I expect to still be working 26 years from now. The less technical +. ==== debt I create, in terms of storing up trouble for my later years, the +. ==== happier I will be then. We really have reached the point where we +. ==== should start, at the very least, provoking thought and making folks +. ==== pause before proceeding, instead of leaving all the fixes until two +. ==== years before 2^31 seconds after the 1970 Unix epoch. +. ==== -pdp, 2012 +NB: we are now past the point where 9999 days takes us past the 32-bit Unix +epoch. If your system uses unsigned time_t (most do) and is 32-bit, then +the above command might produce a date in the past. Think carefully about +the lifetime of the systems you're deploying, and either reduce the duration +of the certificate or reconsider your platform deployment. (At time of +writing, reducing the duration is the most likely choice, but the inexorable +progression of time takes us steadily towards an era where this will not +be a sensible resolution). + A self-signed certificate made in this way is sufficient for testing, and may be adequate for all your requirements if you are mainly interested in encrypting transfers, and not in secure identification. @@ -25864,6 +26237,9 @@ before or after the data) correctly &-- they keep the message on their queues and try again later, but that is their problem, though it does waste some of your resources. +The &%acl_smtp_data%& ACL is run after both the &%acl_smtp_dkim%& and +the &%acl_smtp_mime%& ACLs. + .section "The SMTP DKIM ACL" "SECTDKIMACL" The &%acl_smtp_dkim%& ACL is available only when Exim is compiled with DKIM support @@ -25873,13 +26249,17 @@ The ACL test specified by &%acl_smtp_dkim%& happens after a message has been received, and is executed for each DKIM signature found in a message. If not otherwise specified, the default action is to accept. -For details on the operation of DKIM, see chapter &<>&. +This ACL is evaluated before &%acl_smtp_mime%& and &%acl_smtp_data%&. + +For details on the operation of DKIM, see chapter &<>&. .section "The SMTP MIME ACL" "SECID194" The &%acl_smtp_mime%& option is available only when Exim is compiled with the content-scanning extension. For details, see chapter &<>&. +This ACL is evaluated after &%acl_smtp_dkim%& but before &%acl_smtp_data%&. + .section "The QUIT ACL" "SECTQUITACL" .cindex "QUIT, ACL for" @@ -25910,7 +26290,7 @@ connection is closed. In these special cases, the QUIT ACL does not run. .section "The not-QUIT ACL" "SECTNOTQUITACL" .vindex &$acl_smtp_notquit$& The not-QUIT ACL, specified by &%acl_smtp_notquit%&, is run in most cases when -an SMTP session ends without sending QUIT. However, when Exim itself is is bad +an SMTP session ends without sending QUIT. However, when Exim itself is in bad trouble, such as being unable to write to its log files, this ACL is not run, because it might try to do things (such as write to log files) that make the situation even worse. @@ -26264,8 +26644,8 @@ duplicates to be written, use the &%logwrite%& modifier instead. If &%log_message%& is not present, a &%warn%& verb just checks its conditions and obeys any &"immediate"& modifiers (such as &%control%&, &%set%&, -&%logwrite%&, and &%add_header%&) that appear before the first failing -condition. There is more about adding header lines in section +&%logwrite%&, &%add_header%&, and &%remove_header%&) that appear before the +first failing condition. There is more about adding header lines in section &<>&. If any condition on a &%warn%& statement cannot be completed (that is, there is @@ -26383,7 +26763,7 @@ others specify text for messages that are used when access is denied or a warning is generated. The &%control%& modifier affects the way an incoming message is handled. -The positioning of the modifiers in an ACL statement important, because the +The positioning of the modifiers in an ACL statement is important, because the processing of a verb ceases as soon as its outcome is known. Only those modifiers that have already been encountered will take effect. For example, consider this use of the &%message%& modifier: @@ -26504,12 +26884,12 @@ If you want to apply a control unconditionally, you can use it with a .vitem &*delay*&&~=&~<&'time'&> .cindex "&%delay%& ACL modifier" .oindex "&%-bh%&" -This modifier may appear in any ACL. It causes Exim to wait for the time -interval before proceeding. However, when testing Exim using the &%-bh%& -option, the delay is not actually imposed (an appropriate message is output -instead). The time is given in the usual Exim notation, and the delay happens -as soon as the modifier is processed. In an SMTP session, pending output is -flushed before the delay is imposed. +This modifier may appear in any ACL except notquit. It causes Exim to wait for +the time interval before proceeding. However, when testing Exim using the +&%-bh%& option, the delay is not actually imposed (an appropriate message is +output instead). The time is given in the usual Exim notation, and the delay +happens as soon as the modifier is processed. In an SMTP session, pending +output is flushed before the delay is imposed. Like &%control%&, &%delay%& can be used with &%accept%& or &%deny%&, for example: @@ -26556,7 +26936,7 @@ confusing to some people, so the use of &%endpass%& is no longer recommended as This modifier sets up a message that is used as part of the log message if the ACL denies access or a &%warn%& statement's conditions are true. For example: .code -require log_message = wrong cipher suite $tls_cipher +require log_message = wrong cipher suite $tls_in_cipher encrypted = DES-CBC3-SHA .endd &%log_message%& is also used when recipients are discarded by &%discard%&. For @@ -26707,10 +27087,31 @@ all the conditions are true, wherever it appears in an ACL command, whereas effect. +.vitem &*remove_header*&&~=&~<&'text'&> +This modifier specifies one or more header names in a colon-separated list + that are to be removed from an incoming message, assuming, of course, that +the message is ultimately accepted. For details, see section &<>&. + + .vitem &*set*&&~<&'acl_name'&>&~=&~<&'value'&> .cindex "&%set%& ACL modifier" This modifier puts a value into one of the ACL variables (see section &<>&). + + +.vitem &*udpsend*&&~=&~<&'parameters'&> +This modifier sends a UDP packet, for purposes such as statistics +collection or behaviour monitoring. The parameters are expanded, and +the result of the expansion must be a colon-separated list consisting +of a destination server, port number, and the packet contents. The +server can be specified as a host name or IPv4 or IPv6 address. The +separator can be changed with the usual angle bracket syntax. For +example, you might want to collect information on which hosts connect +when: +.code +udpsend = <; 2001:dB8::dead:beef ; 1234 ;\ + $tod_zulu $sender_host_address +.endd .endlist @@ -26773,6 +27174,29 @@ Notice that we put back the lower cased version afterwards, assuming that is what is wanted for subsequent tests. +.new +.vitem &*control&~=&~cutthrough_delivery*& +.cindex "&ACL;" "cutthrough routing" +.cindex "cutthrough" "requesting" +This option requests delivery be attempted while the item is being received. +It is usable in the RCPT ACL and valid only for single-recipient mails forwarded +from one SMTP connection to another. If a recipient-verify callout connection is +requested in the same ACL it is held open and used for the data, otherwise one is made +after the ACL completes. Note that routers are used in verify mode. + +Should the ultimate destination system positively accept or reject the mail, +a corresponding indication is given to the source system and nothing is queued. +If there is a temporary error the item is queued for later delivery in the +usual fashion. If the item is successfully delivered in cutthrough mode the log line +is tagged with ">>" rather than "=>" and appears before the acceptance "<=" +line. + +Delivery in this mode avoids the generation of a bounce mail to a (possibly faked) +sender when the destination system is doing content-scan based rejection. +.wen + + +.new .vitem &*control&~=&~debug/*&<&'options'&> .cindex "&ACL;" "enabling debug logging" .cindex "debugging" "enabling from an ACL" @@ -26789,6 +27213,35 @@ contexts): control = debug/opts=+expand+acl control = debug/tag=.$message_exim_id/opts=+expand .endd +.wen + + +.new +.vitem &*control&~=&~dkim_disable_verify*& +.cindex "disable DKIM verify" +.cindex "DKIM" "disable verify" +This control turns off DKIM verification processing entirely. For details on +the operation and configuration of DKIM, see chapter &<>&. +.wen + + +.new +.vitem &*control&~=&~dscp/*&<&'value'&> +.cindex "&ACL;" "setting DSCP value" +.cindex "DSCP" "inbound" +This option causes the DSCP value associated with the socket for the inbound +connection to be adjusted to a given value, given as one of a number of fixed +strings or to numeric value. +The &%-bI:dscp%& option may be used to ask Exim which names it knows of. +Common values include &`throughput`&, &`mincost`&, and on newer systems +&`ef`&, &`af41`&, etc. Numeric values may be in the range 0 to 0x3F. + +The outbound packets from Exim will be marked with this value in the header +(for IPv4, the TOS field; for IPv6, the TCLASS field); there is no guarantee +that these values will have any effect, not be stripped by networking +equipment, or do much of anything without cooperation with your Network +Engineer and those of all network operators between the source and destination. +.wen .vitem &*control&~=&~enforce_sync*& &&& @@ -26981,7 +27434,7 @@ Remotely submitted, fixups applied: use &`control = submission`&. .section "Adding header lines in ACLs" "SECTaddheadacl" .cindex "header lines" "adding in an ACL" .cindex "header lines" "position of added lines" -.cindex "&%message%& ACL modifier" +.cindex "&%add_header%& ACL modifier" The &%add_header%& modifier can be used to add one or more extra header lines to an incoming message, as in this example: .code @@ -26996,7 +27449,9 @@ receiving a message). The message must ultimately be accepted for any ACL verb, including &%deny%& (though this is potentially useful only in a RCPT ACL). -If the data for the &%add_header%& modifier contains one or more newlines that +Leading and trailing newlines are removed from +the data for the &%add_header%& modifier; if it then +contains one or more newlines that are not followed by a space or a tab, it is assumed to contain multiple header lines. Each one is checked for valid syntax; &`X-ACL-Warn:`& is added to the front of any line that is not a valid header line. @@ -27014,7 +27469,9 @@ message is rejected after DATA or by the non-SMTP ACL, all added header lines are included in the entry that is written to the reject log. .cindex "header lines" "added; visibility of" -Header lines are not visible in string expansions until they are added to the +Header lines are not visible in string expansions +of message headers +until they are added to the message. It follows that header lines defined in the MAIL, RCPT, and predata ACLs are not visible until the DATA ACL and MIME ACLs are run. Similarly, header lines that are added by the DATA or MIME ACLs are not visible in those @@ -27023,7 +27480,9 @@ passing data between (for example) the MAIL and RCPT ACLs. If you want to do this, you can use ACL variables, as described in section &<>&. -The &%add_header%& modifier acts immediately it is encountered during the +The list of headers yet to be added is given by the &%$headers_added%& variable. + +The &%add_header%& modifier acts immediately as it is encountered during the processing of an ACL. Notice the difference between these two cases: .display &`accept add_header = ADDED: some text`& @@ -27072,10 +27531,81 @@ system filter or in a router or transport. +.section "Removing header lines in ACLs" "SECTremoveheadacl" +.cindex "header lines" "removing in an ACL" +.cindex "header lines" "position of removed lines" +.cindex "&%remove_header%& ACL modifier" +The &%remove_header%& modifier can be used to remove one or more header lines +from an incoming message, as in this example: +.code +warn message = Remove internal headers + remove_header = x-route-mail1 : x-route-mail2 +.endd +The &%remove_header%& modifier is permitted in the MAIL, RCPT, PREDATA, DATA, +MIME, and non-SMTP ACLs (in other words, those that are concerned with +receiving a message). The message must ultimately be accepted for +&%remove_header%& to have any significant effect. You can use &%remove_header%& +with any ACL verb, including &%deny%&, though this is really not useful for +any verb that doesn't result in a delivered message. + +More than one header can be removed at the same time by using a colon separated +list of header names. The header matching is case insensitive. Wildcards are +not permitted, nor is list expansion performed, so you cannot use hostlists to +create a list of headers, however both connection and message variable expansion +are performed (&%$acl_c_*%& and &%$acl_m_*%&), illustrated in this example: +.code +warn hosts = +internal_hosts + set acl_c_ihdrs = x-route-mail1 : x-route-mail2 +warn message = Remove internal headers + remove_header = $acl_c_ihdrs +.endd +Removed header lines are accumulated during the MAIL, RCPT, and predata ACLs. +They are removed from the message before processing the DATA and MIME ACLs. +There is no harm in attempting to remove the same header twice nor is removing +a non-existent header. Further header lines to be removed may be accumulated +during the DATA and MIME ACLs, after which they are removed from the message, +if present. In the case of non-SMTP messages, headers to be removed are +accumulated during the non-SMTP ACLs, and are removed from the message after +all the ACLs have run. If a message is rejected after DATA or by the non-SMTP +ACL, there really is no effect because there is no logging of what headers +would have been removed. + +.cindex "header lines" "removed; visibility of" +Header lines are not visible in string expansions until the DATA phase when it +is received. Any header lines removed in the MAIL, RCPT, and predata ACLs are +not visible in the DATA ACL and MIME ACLs. Similarly, header lines that are +removed by the DATA or MIME ACLs are still visible in those ACLs. Because of +this restriction, you cannot use header lines as a way of controlling data +passed between (for example) the MAIL and RCPT ACLs. If you want to do this, +you should instead use ACL variables, as described in section +&<>&. + +The &%remove_header%& modifier acts immediately as it is encountered during the +processing of an ACL. Notice the difference between these two cases: +.display +&`accept remove_header = X-Internal`& +&` `&<&'some condition'&> + +&`accept `&<&'some condition'&> +&` remove_header = X-Internal`& +.endd +In the first case, the header line is always removed, whether or not the +condition is true. In the second case, the header line is removed only if the +condition is true. Multiple occurrences of &%remove_header%& may occur in the +same ACL statement. All those that are encountered before a condition fails +are honoured. + +&*Warning*&: This facility currently applies only to header lines that are +present during ACL processing. It does NOT remove header lines that are added +in a system filter or in a router or transport. + + + + .section "ACL conditions" "SECTaclconditions" .cindex "&ACL;" "conditions; list of" -Some of conditions listed in this section are available only when Exim is +Some of the conditions listed in this section are available only when Exim is compiled with the content-scanning extension. They are included here briefly for completeness. More detailed descriptions can be found in the discussion on content scanning in chapter &<>&. @@ -27093,6 +27623,7 @@ The conditions are as follows: .vitem &*acl&~=&~*&<&'name&~of&~acl&~or&~ACL&~string&~or&~file&~name&~'&> .cindex "&ACL;" "nested" .cindex "&ACL;" "indirect" +.cindex "&ACL;" "arguments" .cindex "&%acl%& ACL condition" The possible values of the argument are the same as for the &%acl_smtp_%&&'xxx'& options. The named or inline ACL is run. If it returns @@ -27102,6 +27633,12 @@ condition is on a &%warn%& verb. In that case, a &"defer"& return makes the condition false. This means that further processing of the &%warn%& verb ceases, but processing of the ACL continues. +If the argument is a named ACL, up to nine space-separated optional values +can be appended; they appear within the called ACL in $acl_arg1 to $acl_arg9, +and $acl_narg is set to the count of values. +Previous values of these variables are restored after the call returns. +The name and values are expanded separately. + If the nested &%acl%& returns &"drop"& and the outer condition denies access, the connection is dropped. If it returns &"discard"&, the verb must be &%accept%& or &%discard%&, and the action is taken immediately &-- no further @@ -27190,7 +27727,7 @@ encrypted = * .endd -.vitem &*hosts&~=&~*&<&'&~host&~list'&> +.vitem &*hosts&~=&~*&<&'host&~list'&> .cindex "&%hosts%& ACL condition" .cindex "host" "ACL checking" .cindex "&ACL;" "testing the client host" @@ -27850,7 +28387,7 @@ dnslists = a.b.c!&0.0.0.1 If the DNS lookup yields both 127.0.0.1 and 127.0.0.2, the condition is false because 127.0.0.1 matches. .next -If &`!==`& or &`!=&&`& is used, the condition is true there is at least one +If &`!==`& or &`!=&&`& is used, the condition is true if there is at least one looked up IP address that does not match. Consider: .code dnslists = a.b.c!=&0.0.0.1 @@ -28345,6 +28882,9 @@ following SMTP commands are sent: LHLO is used instead of HELO if the transport's &%protocol%& option is set to &"lmtp"&. +The callout may use EHLO, AUTH and/or STARTTLS given appropriate option +settings. + A recipient callout check is similar. By default, it also uses an empty address for the sender. This default is chosen because most hosts do not make use of the sender address when verifying a recipient. Using the same address means @@ -28860,16 +29400,16 @@ Suppose your LAN is 192.168.45.0/24. In the main part of the configuration, you put the following definitions: .code -domainlist local_domains = my.dom1.example : my.dom2.example -domainlist relay_domains = friend1.example : friend2.example -hostlist relay_hosts = 192.168.45.0/24 +domainlist local_domains = my.dom1.example : my.dom2.example +domainlist relay_to_domains = friend1.example : friend2.example +hostlist relay_from_hosts = 192.168.45.0/24 .endd Now you can use these definitions in the ACL that is run for every RCPT command: .code acl_check_rcpt: - accept domains = +local_domains : +relay_domains - accept hosts = +relay_hosts + accept domains = +local_domains : +relay_to_domains + accept hosts = +relay_from_hosts .endd The first statement accepts any RCPT command that contains an address in the local or relay domains. For any other domain, control passes to the second @@ -31236,6 +31776,10 @@ headers_add = X-added-header: added by $primary_hostname\n\ .endd Exim does not check the syntax of these added header lines. +Multiple &%headers_add%& options for a single router or transport can be +specified; the values will be concatenated (with a separating newline +added) before expansion. + The result of expanding &%headers_remove%& must consist of a colon-separated list of header names. This is confusing, because header names themselves are often terminated by colons. In this case, the colons are the list separators, @@ -31243,6 +31787,11 @@ not part of the names. For example: .code headers_remove = return-receipt-to:acknowledge-to .endd + +Multiple &%headers_remove%& options for a single router or transport can be +specified; the values will be concatenated (with a separating colon +added) before expansion. + When &%headers_add%& or &%headers_remove%& is specified on a router, its value is expanded at routing time, and then associated with all addresses that are accepted by that router, and also with any new addresses that it generates. If @@ -31481,6 +32030,8 @@ required for the transaction. If the remote server advertises support for the STARTTLS command, and Exim was built to support TLS encryption, it tries to start a TLS session unless the server matches &%hosts_avoid_tls%&. See chapter &<>& for more details. +Either a match in that or &%hosts_verify_avoid_tls%& apply when the transport +is called for verification. If the remote server advertises support for the AUTH command, Exim scans the authenticators configuration for any suitable client settings, as described @@ -33104,6 +33655,7 @@ timestamp. The flags are: &`<=`& message arrival &`=>`& normal message delivery &`->`& additional address in same delivery +&`>>`& cutthrough message delivery &`*>`& delivery suppressed by &%-N%& &`**`& delivery failed; address bounced &`==`& delivery deferred; temporary problem @@ -33203,6 +33755,11 @@ intermediate address(es) exist between the original and the final address, the last of these is given in parentheses after the final address. The R and T fields record the router and transport that were used to process the address. +If SMTP AUTH was used for the delivery there is an additional item A= +followed by the name of the authenticator that was used. +If an authenticated identification was set up by the authenticator's &%client_set_id%& +option, this is logged too, separated by a colon from the authenticator name. + If a shadow transport was run after a successful local delivery, the log line for the successful delivery has an item added on the end, of the form .display @@ -33218,6 +33775,12 @@ flagged with &`->`& instead of &`=>`&. When two or more messages are delivered down a single SMTP connection, an asterisk follows the IP address in the log lines for the second and subsequent messages. +.cindex "delivery" "cutthrough; logging" +.cindex "cutthrough" "logging" +When delivery is done in cutthrough mode it is flagged with &`>>`& and the log +line precedes the reception line, since cutthrough waits for a possible +rejection from the destination in case it can reject the sourced item. + The generation of a reply message by a filter file gets logged as a &"delivery"& to the addressee, preceded by &">"&. @@ -33310,7 +33873,7 @@ at the end of its processing. A summary of the field identifiers that are used in log lines is shown in the following table: .display -&`A `& authenticator name (and optional id) +&`A `& authenticator name (and optional id and sender) &`C `& SMTP confirmation on delivery &` `& command list for &"no mail in SMTP session"& &`CV `& certificate verification status @@ -33394,6 +33957,7 @@ log_selector = +arguments -retry_defer The list of optional log items is in the following table, with the default selection marked by asterisks: .display +&` 8bitmime `& received 8BITMIME status &`*acl_warn_skipped `& skipped &%warn%& statement in ACL &` address_rewrite `& address rewriting &` all_parents `& all parents in => lines @@ -33423,9 +33987,10 @@ selection marked by asterisks: &`*sender_verify_fail `& sender verification failures &`*size_reject `& rejection because too big &`*skip_delivery `& delivery skipped in a queue run -&` smtp_confirmation `& SMTP confirmation on => lines +&`*smtp_confirmation `& SMTP confirmation on => lines &` smtp_connection `& SMTP connections &` smtp_incomplete_transaction`& incomplete SMTP transactions +&` smtp_mailauth `& AUTH argument to MAIL commands &` smtp_no_mail `& session with no MAIL commands &` smtp_protocol_error `& SMTP protocol errors &` smtp_syntax_error `& SMTP syntax errors @@ -33441,6 +34006,14 @@ selection marked by asterisks: More details on each of these items follows: .ilist +.cindex "8BITMIME" +.cindex "log" "8BITMIME" +&%8bitmime%&: This causes Exim to log any 8BITMIME status of received messages, +which may help in tracking down interoperability issues with ancient MTAs +that are not 8bit clean. This is added to the &"<="& line, tagged with +&`M8S=`& and a value of &`0`&, &`7`& or &`8`&, corresponding to "not given", +&`7BIT`& and &`8BITMIME`& respectively. +.next .cindex "&%warn%& ACL verb" "log when skipping" &%acl_warn_skipped%&: When an ACL &%warn%& statement is skipped because one of its conditions cannot be evaluated, a log line to this effect is written if @@ -33686,6 +34259,11 @@ the last 20 are listed, preceded by &"..."&. However, with the default setting of 10 for &%smtp_accep_max_nonmail%&, the connection will in any case have been aborted before 20 non-mail commands are processed. .next +&%smtp_mailauth%&: A third subfield with the authenticated sender, +colon-separated, is appended to the A= item for a message arrival or delivery +log line, if an AUTH argument to the SMTP MAIL command (see &<>&) +was accepted or used. +.next .cindex "log" "SMTP protocol error" .cindex "SMTP" "logging protocol error" &%smtp_protocol_error%&: A log line is written for every SMTP protocol error @@ -35088,6 +35666,50 @@ are given in chapter &<>&. +.section "Running local commands" "SECTsecconslocalcmds" +There are a number of ways in which an administrator can configure Exim to run +commands based upon received, untrustworthy, data. Further, in some +configurations a user who can control a &_.forward_& file can also arrange to +run commands. Configuration to check includes, but is not limited to: + +.ilist +Use of &%use_shell%& in the pipe transport: various forms of shell command +injection may be possible with this option present. It is dangerous and should +be used only with considerable caution. Consider constraints which whitelist +allowed characters in a variable which is to be used in a pipe transport that +has &%use_shell%& enabled. +.next +A number of options such as &%forbid_filter_run%&, &%forbid_filter_perl%&, +&%forbid_filter_dlfunc%& and so forth which restrict facilities available to +&_.forward_& files in a redirect router. If Exim is running on a central mail +hub to which ordinary users do not have shell access, but home directories are +NFS mounted (for instance) then administrators should review the list of these +forbid options available, and should bear in mind that the options that may +need forbidding can change as new features are added between releases. +.next +The &%${run...}%& expansion item does not use a shell by default, but +administrators can configure use of &_/bin/sh_& as part of the command. +Such invocations should be viewed with prejudicial suspicion. +.next +Administrators who use embedded Perl are advised to explore how Perl's +taint checking might apply to their usage. +.next +Use of &%${expand...}%& is somewhat analagous to shell's eval builtin and +administrators are well advised to view its use with suspicion, in case (for +instance) it allows a local-part to contain embedded Exim directives. +.next +Use of &%${match_local_part...}%& and friends becomes more dangerous if +Exim was built with EXPAND_LISTMATCH_RHS defined: the second string in +each can reference arbitrary lists and files, rather than just being a list +of opaque strings. +The EXPAND_LISTMATCH_RHS option was added and set false by default because of +real-world security vulnerabilities caused by its use with untrustworthy data +injected in, for SQL injection attacks. +Consider the use of the &%inlisti%& expansion condition instead. +.endlist + + + .section "IPv4 source routing" "SECID272" .cindex "source routing" "in IP packets" .cindex "IP source routing" @@ -35545,7 +36167,7 @@ unqualified domain &'foundation'&. . //////////////////////////////////////////////////////////////////////////// . //////////////////////////////////////////////////////////////////////////// -.chapter "Support for DKIM (DomainKeys Identified Mail)" "CHID12" &&& +.chapter "Support for DKIM (DomainKeys Identified Mail)" "CHAPdkim" &&& "DKIM Support" .cindex "DKIM" @@ -35796,7 +36418,7 @@ warn log_message = GMail sender without DKIM signature .vitem &%dkim_status%& ACL condition that checks a colon-separated list of possible DKIM verification -results agains the actual result of verification. This is typically used +results against the actual result of verification. This is typically used to restrict an ACL verb to a list of verification outcomes, for example: .code @@ -35842,6 +36464,12 @@ Add to &_src/config.h.defaults_& the line: Edit &_src/drtables.c_&, adding conditional code to pull in the private header and create a table entry as is done for all the other drivers and lookup types. .next +Edit &_scripts/lookups-Makefile_& if this is a new lookup; there is a for-loop +near the bottom, ranging the &`name_mod`& variable over a list of all lookups. +Add your &`NEWDRIVER`& to that list. +As long as the dynamic module would be named &_newdriver.so_&, you can use the +simple form that most lookups have. +.next Edit &_Makefile_& in the appropriate sub-directory (&_src/routers_&, &_src/transports_&, &_src/auths_&, or &_src/lookups_&); add a line for the new driver or lookup type and add it to the definition of OBJ. diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 6c0554b5a..f9a376779 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,6 +1,223 @@ Change log file for Exim from version 4.21 ------------------------------------------- +Exim version 4.82 +----------------- + +PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities. + +PP/02 Make -n do something, by making it not do something. + When combined with -bP, the name of an option is not output. + +PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured + by GnuTLS. + +PP/04 First step towards DNSSEC, provide $sender_host_dnssec for + $sender_host_name and config options to manage this, and basic check + routines. + +PP/05 DSCP support for outbound connections and control modifier for inbound. + +PP/06 Cyrus SASL: set local and remote IP;port properties for driver. + (Only plugin which currently uses this is kerberos4, which nobody should + be using, but we should make it available and other future plugins might + conceivably use it, even though it would break NAT; stuff *should* be + using channel bindings instead). + +PP/07 Handle "exim -L " to indicate to use syslog with tag as the process + name; added for Sendmail compatibility; requires admin caller. + Handle -G as equivalent to "control = suppress_local_fixups" (we used to + just ignore it); requires trusted caller. + Also parse but ignore: -Ac -Am -X + Bugzilla 1117. + +TL/01 Bugzilla 1258 - Refactor MAIL FROM optional args processing. + +TL/02 Add +smtp_confirmation as a default logging option. + +TL/03 Bugzilla 198 - Implement remove_header ACL modifier. + Patch by Magnus Holmgren from 2007-02-20. + +TL/04 Bugzilla 1281 - Spec typo. + Bugzilla 1283 - Spec typo. + Bugzilla 1290 - Spec grammar fixes. + +TL/05 Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation. + +TL/06 Add Experimental DMARC support using libopendmarc libraries. + +TL/07 Fix an out of order global option causing a segfault. Reported to dev + mailing list by by Dmitry Isaikin. + +JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support. + +JH/02 Support "G" suffix to numbers in ${if comparisons. + +PP/08 Handle smtp transport tls_sni option forced-fail for OpenSSL. + +NM/01 Bugzilla 1197 - Spec typo + Bugzilla 1196 - Spec examples corrections + +JH/03 Add expansion operators ${listnamed:name} and ${listcount:string} + +PP/09 Add gnutls_enable_pkcs11 option. + +PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC. + Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler. + +JH/04 Add expansion item ${acl {name}{arg}...}, expansion condition + "acl {{name}{arg}...}", and optional args on acl condition + "acl = name arg..." + +JH/05 Permit multiple router/transport headers_add/remove lines. + +JH/06 Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination. + +JH/07 Avoid using a waiting database for a single-message-only transport. + Performance patch from Paul Fisher. Bugzilla 1262. + +JH/08 Strip leading/trailing newlines from add_header ACL modifier data. + Bugzilla 884. + +JH/09 Add $headers_added variable, with content from use of ACL modifier + add_header (but not yet added to the message). Bugzilla 199. + +JH/10 Add 8bitmime log_selector, for 8bitmime status on the received line. + Pulled from Bugzilla 817 by Wolfgang Breyha. + +PP/11 SECURITY: protect DKIM DNS decoding from remote exploit. + CVE-2012-5671 + +JH/11 Add A= logging on delivery lines, and a client_set_id option on + authenticators. + +JH/12 Add optional authenticated_sender logging to A= and a log_selector + for control. + +PP/12 Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29. + +PP/13 Dovecot auth: log better reason to rejectlog if Dovecot did not + advertise SMTP AUTH mechanism to us, instead of a generic + protocol violation error. Also, make Exim more robust to bad + data from the Dovecot auth socket. + +TF/01 Fix ultimate retry timeouts for intermittently deliverable recipients. + + When a queue runner is handling a message, Exim first routes the + recipient addresses, during which it prunes them based on the retry + hints database. After that it attempts to deliver the message to + any remaining recipients. It then updates the hints database using + the retry rules. + + So if a recipient address works intermittently, it can get repeatedly + deferred at routing time. The retry hints record remains fresh so the + address never reaches the final cutoff time. + + This is a fairly common occurrence when a user is bumping up against + their storage quota. Exim had some logic in its local delivery code + to deal with this. However it did not apply to per-recipient defers + in remote deliveries, e.g. over LMTP to a separate IMAP message store. + + This change adds a proper retry rule check during routing so that the + final cutoff time is checked against the message's age. We only do + this check if there is an address retry record and there is not a + domain retry record; this implies that previous attempts to handle + the address had the retry_use_local_parts option turned on. We use + this as an approximation for the destination being like a local + delivery, as in LMTP. + + I suspect this new check makes the old local delivery cutoff check + redundant, but I have not verified this so I left the code in place. + +TF/02 Correct gecos expansion when From: is a prefix of the username. + + Test 0254 submits a message to Exim with the header + + Resent-From: f + + When I ran the test suite under the user fanf2, Exim expanded + the header to contain my full name, whereas it should have added + a Resent-Sender: header. It erroneously treats any prefix of the + username as equal to the username. + + This change corrects that bug. + +GF/01 DCC debug and logging tidyup + Error conditions log to paniclog rather than rejectlog. + Debug lines prefixed by "DCC: " to remove any ambiguity. + +TF/03 Avoid unnecessary rebuilds of lookup-related code. + +PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server. + Bug spotted by Jeremy Harris; was flawed since initial commit. + Would have resulted in OCSP responses post-SNI triggering an Exim + NULL dereference and crash. + +JH/13 Add $router_name and $transport_name variables. Bugzilla 308. + +PP/15 Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd. + Bug detection, analysis and fix by Samuel Thibault. + Bugzilla 1331, Debian bug #698092. + +SC/01 Update eximstats to watch out for senders sending 'HELO [IpAddr]' + +JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt). + Server implementation by Todd Lyons, client by JH. + Only enabled when compiled with EXPERIMENTAL_PRDR. A new + config variable "prdr_enable" controls whether the server + advertises the facility. If the client requests PRDR a new + acl_data_smtp_prdr ACL is called once for each recipient, after + the body content is received and before the acl_smtp_data ACL. + The client is controlled by bolth of: a hosts_try_prdr option + on the smtp transport, and the server advertisement. + Default client logging of deliveries and rejections involving + PRDR are flagged with the string "PRDR". + +PP/16 Fix problems caused by timeouts during quit ACLs trying to double + fclose(). Diagnosis by Todd Lyons. + +PP/17 Update configure.default to handle IPv6 localhost better. + Patch by Alain Williams (plus minor tweaks). + Bugzilla 880. + +PP/18 OpenSSL made graceful with empty tls_verify_certificates setting. + This is now consistent with GnuTLS, and is now documented: the + previous undocumented portable approach to treating the option as + unset was to force an expansion failure. That still works, and + an empty string is now equivalent. + +PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it + clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag, + not performing validation itself. + +PP/20 Added force_command boolean option to pipe transport. + Patch from Nick Koston, of cPanel Inc. + +JH/15 AUTH support on callouts (and hence cutthrough-deliveries). + Bugzilla 321, 823. + +PP/21 Fix eximon continuous updating with timestamped log-files. + Broken in a format-string cleanup in 4.80, missed when I repaired the + other false fix of the same issue. + Report and fix from Heiko Schlichting. + Bugzilla 1363. + +PP/22 Guard LDAP TLS usage against Solaris LDAP variant. + Report from Prashanth Katuri. + +PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options. + It's SecureTransport, so affects any MacOS clients which use the + system-integrated TLS libraries, including email clients. + + +Exim version 4.80.1 +------------------- + +PP/01 SECURITY: protect DKIM DNS decoding from remote exploit. + CVE-2012-5671 + This, or similar/improved, will also be change PP/11 of 4.82. + + Exim version 4.80 ----------------- @@ -772,7 +989,7 @@ NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --" NM/33 Bugzilla 898: Transport filter timeout fix. Patch by Todd Rinaldo. -NM/34 Bugzilla 901: Fix sign/unsigned and UTF mistmatches. +NM/34 Bugzilla 901: Fix sign/unsigned and UTF mismatches. Patch by Serge Demonchaux. NM/35 Bugzilla 39: Base64 decode bug fixes. diff --git a/doc/doc-txt/GnuTLS-FAQ.txt b/doc/doc-txt/GnuTLS-FAQ.txt index 8d5887bac..766e27927 100644 --- a/doc/doc-txt/GnuTLS-FAQ.txt +++ b/doc/doc-txt/GnuTLS-FAQ.txt @@ -103,9 +103,9 @@ signed. MD5 was once very popular. It still is far too popular. Real world attacks have been proven possible against MD5. Including an attack against PKI (Public Key Infrastructure) certificates used for SSL/TLS. In that attack, -the attackers got a certificate for one identity but we able to then public a -certificate with the same signature but a different identity. This undermines -the whole purpose of having certificates. +the attackers got a certificate for one identity but were able to then publish +a certificate with the same signature but a different identity. This +undermines the whole purpose of having certificates. So GnuTLS stopped trusting any certificate with an MD5-based hash used in it. The world has been hurriedly moving away from MD5 in certificates for a while. @@ -150,7 +150,7 @@ unset, so that you get one of the standard built-in primes used for DH. DH, Diffie-Hellman (or Diffie-Hellman-Merkle, or something naming Williamson) is the common name for a way for two parties to a communication stream to exchange some private random data so that both end up with a shared secret -which no evesdropper can get. It does not provide for proof of the identity +which no eavesdropper can get. It does not provide for proof of the identity of either party, so on its own is subject to man-in-the-middle attacks, but is often combined with systems which do provide such proof, improving them by separating the session key (the shared secret) from the long-term identity, @@ -159,7 +159,7 @@ and so protecting past communications from a break of the long-term identity. To do this, the server sends to the client a very large prime number; this is in the clear, an attacker can see it. This is not a problem; it's so not a problem, that there are standard named primes which applications can use, and -which a future release of Exim will probably support. +which Exim now supports. The size of the prime number affects how difficult it is to break apart the shared secret and decrypt the data. As time passes, the size required to @@ -177,13 +177,14 @@ such matters than the Exim folks, we just say "er, what they said". One of the new pieces of the GnuTLS API is a means for an application to ask it for guidance and advice on how large some numbers should be. This is not -entirely internal to GnuTLS since generating the numbers is slow, an +entirely internal to GnuTLS, since generating the numbers is slow, an application might want to use a standard prime, etc. So, in an attempt to get away from being involved in cryptographic policy, and to get rid of a hard-coded "1024" in Exim's source-code, we switched to asking GnuTLS how many -bits should be in the prime number generated for use for Diffie-Hellman. To -give back to GnuTLS for use We can ask for various sizes, and did not expose -this to the administrator but instead just asked for "NORMAL" protection. +bits should be in the prime number generated for use for Diffie-Hellman. We +then give this number straight back to GnuTLS when generating a DH prime. +We can ask for various sizes, and did not expose this to the administrator but +instead just asked for "NORMAL" protection. Literally: dh_bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_NORMAL); diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 4b9142238..d1d0d7279 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -6,6 +6,138 @@ Before a formal release, there may be quite a lot of detail so that people can test from the snapshots or the CVS before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.82 +------------ + + 1. New command-line option -bI:sieve will list all supported sieve extensions + of this Exim build on standard output, one per line. + ManageSieve (RFC 5804) providers managing scripts for use by Exim should + query this to establish the correct list to include in the protocol's + SIEVE capability line. + + 2. If the -n option is combined with the -bP option, then the name of an + emitted option is not output, only the value (if visible to you). + For instance, "exim -n -bP pid_file_path" should just emit a pathname + followed by a newline, and no other text. + + 3. When built with SUPPORT_TLS and USE_GNUTLS, the SMTP transport driver now + has a "tls_dh_min_bits" option, to set the minimum acceptable number of + bits in the Diffie-Hellman prime offered by a server (in DH ciphersuites) + acceptable for security. (Option accepted but ignored if using OpenSSL). + Defaults to 1024, the old value. May be lowered only to 512, or raised as + far as you like. Raising this may hinder TLS interoperability with other + sites and is not currently recommended. Lowering this will permit you to + establish a TLS session which is not as secure as you might like. + + Unless you really know what you are doing, leave it alone. + + 4. If not built with DISABLE_DNSSEC, Exim now has the main option + dns_dnssec_ok; if set to 1 then Exim will initialise the resolver library + to send the DO flag to your recursive resolver. If you have a recursive + resolver, which can set the Authenticated Data (AD) flag in results, Exim + can now detect this. Exim does not perform validation itself, instead + relying upon a trusted path to the resolver. + + Current status: work-in-progress; $sender_host_dnssec variable added. + + 5. DSCP support for outbound connections: on a transport using the smtp driver, + set "dscp = ef", for instance, to cause the connections to have the relevant + DSCP (IPv4 TOS or IPv6 TCLASS) value in the header. + + Similarly for inbound connections, there is a new control modifier, dscp, + so "warn control = dscp/ef" in the connect ACL, or after authentication. + + Supported values depend upon system libraries. "exim -bI:dscp" to list the + ones Exim knows of. You can also set a raw number 0..0x3F. + + 6. The -G command-line flag is no longer ignored; it is now equivalent to an + ACL setting "control = suppress_local_fixups". The -L command-line flag + is now accepted and forces use of syslog, with the provided tag as the + process name. A few other flags used by Sendmail are now accepted and + ignored. + + 7. New cutthrough routing feature. Requested by a "control = cutthrough_delivery" + ACL modifier; works for single-recipient mails which are recieved on and + deliverable via SMTP. Using the connection made for a recipient verify, + if requested before the verify, or a new one made for the purpose while + the inbound connection is still active. The bulk of the mail item is copied + direct from the inbound socket to the outbound (as well as the spool file). + When the source notifies the end of data, the data acceptance by the destination + is negociated before the acceptance is sent to the source. If the destination + does not accept the mail item, for example due to content-scanning, the item + is not accepted from the source and therefore there is no need to generate + a bounce mail. This is of benefit when providing a secondary-MX service. + The downside is that delays are under the control of the ultimate destination + system not your own. + + The Recieved-by: header on items delivered by cutthrough is generated + early in reception rather than at the end; this will affect any timestamp + included. The log line showing delivery is recorded before that showing + reception; it uses a new ">>" tag instead of "=>". + + To support the feature, verify-callout connections can now use ESMTP and TLS. + The usual smtp transport options are honoured, plus a (new, default everything) + hosts_verify_avoid_tls. + + New variable families named tls_in_cipher, tls_out_cipher etc. are introduced + for specific access to the information for each connection. The old names + are present for now but deprecated. + + Not yet supported: IGNOREQUOTA, SIZE, PIPELINING. + + 8. New expansion operators ${listnamed:name} to get the content of a named list + and ${listcount:string} to count the items in a list. + + 9. New global option "gnutls_enable_pkcs11", defaults false. The GnuTLS + rewrite in 4.80 combines with GnuTLS 2.12.0 or later, to autoload PKCS11 + modules. For some situations this is desirable, but we expect admin in + those situations to know they want the feature. More commonly, it means + that GUI user modules get loaded and are broken by the setuid Exim being + unable to access files specified in environment variables and passed + through, thus breakage. So we explicitly inhibit the PKCS11 initialisation + unless this new option is set. + +10. The "acl = name" condition on an ACL now supports optional arguments. + New expansion item "${acl {name}{arg}...}" and expansion condition + "acl {{name}{arg}...}" are added. In all cases up to nine arguments + can be used, appearing in $acl_arg1 to $acl_arg9 for the called ACL. + Variable $acl_narg contains the number of arguments. If the ACL sets + a "message =" value this becomes the result of the expansion item, + or the value of $value for the expansion condition. If the ACL returns + accept the expansion condition is true; if reject, false. A defer + return results in a forced fail. + +11. Routers and transports can now have multiple headers_add and headers_remove + option lines. The concatenated list is used. + +12. New ACL modifier "remove_header" can remove headers before message gets + handled by routers/transports. + +13. New dnsdb lookup pseudo-type "a+". A sequence of "a6" (if configured), + "aaaa" and "a" lookups is done and the full set of results returned. + +14. New expansion variable $headers_added with content from ACL add_header + modifier (but not yet added to messsage). + +15. New 8bitmime status logging option for received messages. Log field "M8S". + +16. New authenticated_sender logging option, adding to log field "A". + +17. New expansion variables $router_name and $transport_name. Useful + particularly for debug_print as -bt commandline option does not + require privilege whereas -d does. + +18. If built with EXPERIMENTAL_PRDR, per-recipient data responses per a + proposed extension to SMTP from Eric Hall. + +19. The pipe transport has gained the force_command option, to allow + decorating commands from user .forward pipe aliases with prefix + wrappers, for instance. + +20. Callout connections can now AUTH; the same controls as normal delivery + connections apply. + + Version 4.80 ------------ @@ -252,13 +384,13 @@ Version 4.73 then henceforth you will have to maintain your own local patches to strip the safeties off. - 8. There is a new expansion operator, bool_lax{}. Where bool{} uses the ACL + 8. There is a new expansion condition, bool_lax{}. Where bool{} uses the ACL condition logic to determine truth/failure and will fail to expand many strings, bool_lax{} uses the router condition logic, where most strings do evaluate true. Note: bool{00} is false, bool_lax{00} is true. - 9. Routers now support multiple "condition" tests, + 9. Routers now support multiple "condition" tests. 10. There is now a runtime configuration option "tcp_wrappers_daemon_name". Setting this allows an admin to define which entry in the tcpwrappers diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index 45b7997d1..8787d4888 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -54,6 +54,8 @@ acl_not_smtp_mime string* unset main acl_smtp_auth string* unset main 4.00 acl_smtp_connect string* unset main 4.11 acl_smtp_data string* unset main 4.00 +acl_smtp_data_prdr string* unset main 4.82 with expreimental_prdr +acl_smtp_dkim string* unset main 4.70 unless disable_dkim acl_smtp_etrn string* unset main 4.00 acl_smtp_expn string* unset main 4.00 acl_smtp_helo string* unset main 4.20 @@ -171,6 +173,9 @@ directory_transport string* unset redirect disable_ipv6 boolean false main 4.61 disable_logging boolean false routers 4.11 false transports 4.11 +dmarc_forensic_sender string unset main 4.82 if experimental_dmarc +dmarc_history_file string unset main 4.82 if experimental_dmarc +dmarc_tld_file string unset main 4.82 if experimental_dmarc dns_again_means_nonexist domain list unset main 1.89 dns_check_names_pattern string + main 2.11 dns_csa_search_limit integer 5 main 4.60 @@ -180,12 +185,14 @@ dns_qualify_single boolean true smtp dns_retrans time 0s main 1.60 dns_retry integer 0 main 1.60 dns_search_parents boolean false smtp +dns_use_dnssec integer -1 main 4.82 dns_use_edns0 integer -1 main 4.76 domains domain list unset routers 4.00 driver string unset authenticators unset routers 4.00 unset transports drop_cr boolean false main 4.00 became a no-op in 4.21 +dscp string unset smtp 4.82 dsn_from string* + main 4.67 envelope_to_add boolean false transports envelope_to_remove boolean true main @@ -233,6 +240,7 @@ forbid_include boolean false redirect forbid_pipe boolean false redirect 4.00 forbid_sieve_filter boolean false redirect 4.44 forbid_smtp_code boolean false redirect 4.63 +force_command boolean false pipe 4.82 freeze_exec_fail boolean false pipe 1.89 freeze_signal boolean false pipe 4.75 freeze_tell boolean false main 4.00 replaces freeze_tell_mailmaster @@ -241,6 +249,7 @@ gecos_name string* unset main gecos_pattern string unset main gethostbyname boolean false smtp gnutls_compat_mode boolean unset main 4.70 +gnutls_enable_pkcs11 boolean false main 4.82 gnutls_require_kx string* unset main 4.67 deprecated, warns string* unset smtp 4.67 deprecated, warns gnutls_require_mac string* unset main 4.67 deprecated, warns @@ -286,9 +295,11 @@ hosts_override boolean false smtp hosts_randomize boolean false manualroute 4.00 false smtp 3.14 hosts_require_auth host list unset smtp 4.00 +hosts_require_ocsp host list unset smtp 4.82 if experimental_ocsp hosts_require_tls host list unset smtp 3.20 hosts_treat_as_local domain list unset main 1.95 hosts_try_auth host list unset smtp 4.00 +hosts_try_prdr host list unset smtp 4.82 if experimental_prdr ibase_servers string unset main 4.23 ignore_bounce_errors_after time 0s main 4.00 ignore_eacces boolean false redirect 4.00 @@ -393,6 +404,7 @@ pipelining_advertise_hosts host list "*" main port integer 0 iplookup 4.00 string "smtp" smtp preserve_message_logs boolean false main +prdr_enable boolean false main 4.82 if experimental_prdr primary_hostname string + main print_topbitchars boolean false main 1.89 process_log_path string unset main 4.21 @@ -548,7 +560,9 @@ tls_advertise_hosts host list * main tls_certificate string* unset main 3.20 unset smtp 3.20 tls_dh_max_bits integer 2236 main 4.80 +tls_dh_min_bits integer 1024 smtp 4.82 tls_dhparam string* unset main 3.20 +tls_ocsp_file string* unset main 4.80 if experimental_ocsp tls_on_connect_ports string unset main 4.43 tls_privatekey string* unset main 3.20 unset smtp 3.20 @@ -623,6 +637,7 @@ provide compatibility with Sendmail. -bh Test incoming SMTP call, omitting callouts -bhc Test incoming SMTP call, with callouts -bi * Run bi_command +-bI:help Show list of accepted -bI: options -bm Accept message on standard input -bmalware + Invoke configured malware scanning against supplied filename -bnq Don't qualify addresses in locally submitted messages @@ -838,6 +853,7 @@ DEFAULT_CRYPT optional default crypt() function DELIVER_IN_BUFFER_SIZE optional* DELIVER_OUT_BUFFER_SIZE optional* DISABLE_DKIM optional disables DKIM support +DISABLE_DNSSEC optional disables attempts to use DNSSEC DISABLE_D_OPTION optional disables -D option ERRNO_QUOTA optional* error code for system quota failures EXICYCLOG_MAX optional number of old log files to keep diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 047440611..565c01851 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -2,14 +2,42 @@ From time to time, experimental features may be added to Exim. While a feature is experimental, there will be a build-time option whose name starts "EXPERIMENTAL_" that must be set in order to include the feature. This file contains information -about experimenatal features, all of which are unstable and -liable to incompatibile change. +about experimental features, all of which are unstable and +liable to incompatible change. + + +PRDR support +-------------------------------------------------------------- + +Per-Recipient Data Reponse is an SMTP extension proposed by Eric Hall +in a (now-expired) IETF draft from 2007. It's not hit mainstream +use, but has apparently been implemented in the META1 MTA. + +There is mention at http://mail.aegee.org/intern/sendmail.html +of a patch to sendmail "to make it PRDR capable". + + ref: http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt + +If Exim is built with EXPERIMENTAL_PRDR there is a new config +boolean "prdr_enable" which controls whether PRDR is advertised +as part of an EHLO response, a new "acl_data_smtp_prdr" ACL +(called for each recipient, after data arrives but before the +data ACL), and a new smtp transport option "hosts_try_prdr". + +PRDR may be used to support per-user content filtering. Without it +one must defer any recipient after the first that has a different +content-filter configuration. With PRDR, the RCPT-time check +for this can be disabled when the MAIL-time $smtp_command included +"PRDR". Any required difference in behaviour of the main DATA-time +ACL should however depend on the PRDR-time ACL having run, as Exim +will avoid doing so in some situations (eg. single-recipient mails). + OCSP Stapling support -------------------------------------------------------------- -X509 PKI certificates expire and can be revoked; to handle this, the +X.509 PKI certificates expire and can be revoked; to handle this, the clients need some way to determine if a particular certificate, from a particular Certificate Authority (CA), is still valid. There are three main ways to do so. @@ -41,7 +69,7 @@ starts retrying to fetch an OCSP proof some time before its current proof expires. The downside is that it requires server support. If Exim is built with EXPERIMENTAL_OCSP and it was built with OpenSSL, -then it gains one new option: "tls_ocsp_file". +then it gains a new global option: "tls_ocsp_file". The file specified therein is expected to be in DER format, and contain an OCSP proof. Exim will serve it as part of the TLS handshake. This @@ -58,10 +86,30 @@ next connection. Exim will check for a valid next update timestamp in the OCSP proof; if not present, or if the proof has expired, it will be ignored. +Also, given EXPERIMENTAL_OCSP and OpenSSL, the smtp transport gains +a "hosts_require_ocsp" option; a host-list for which an OCSP Stapling +is requested and required for the connection to proceed. The host(s) +should also be in "hosts_require_tls", and "tls_verify_certificates" +configured for the transport. + +For the client to be able to verify the stapled OCSP the server must +also supply, in its stapled information, any intermediate +certificates for the chain leading to the OCSP proof from the signer +of the server certificate. There may be zero or one such. These +intermediate certificates should be added to the server OCSP stapling +file (named by tls_ocsp_file). + At this point in time, we're gathering feedback on use, to determine if it's worth adding complexity to the Exim daemon to periodically re-fetch -OCSP files and somehow handling multiple files. There is no client support -for OCSP in Exim, this is feature expected to be used by mail clients. +OCSP files and somehow handling multiple files. + + A helper script "ocsp_fetch.pl" for fetching a proof from a CA + OCSP server is supplied. The server URL may be included in the + server certificate, if the CA is helpful. + + One fail mode seen was the OCSP Signer cert expiring before the end + of vailidity of the OCSP proof. The checking done by Exim/OpenSSL + noted this as invalid overall, but the re-fetch script did not. @@ -380,7 +428,7 @@ their default locations. You can now run SPF checks in incoming SMTP by using the "spf" ACL condition in either the MAIL, RCPT or DATA ACLs. When -using it in the RCPT ACL, you can make the checks dependend on +using it in the RCPT ACL, you can make the checks dependent on the RCPT address (or domain), so you can check SPF records only for certain target domains. This gives you the possibility to opt-out certain customers that do not want @@ -491,7 +539,7 @@ reject message. When the spf_guess condition has run, it sets up the same expansion variables as when spf condition is run, described above. -Additionally, since Best-guess is not standarized, you may redefine +Additionally, since Best-guess is not standardized, you may redefine what "Best-guess" means to you by redefining spf_guess variable in global config. For example, the following: @@ -546,7 +594,7 @@ In the DATA ACL you can use the new condition After that "$dcc_header" contains the X-DCC-Header. -Returnvalues are: +Return values are: fail for overall "R", "G" from dccifd defer for overall "T" from dccifd accept for overall "A", "S" from dccifd @@ -570,10 +618,232 @@ through to eg. SpamAssassin. If you want to pass even more headers in the middle of the DATA stage you can set $acl_m_dcc_add_header -to tell the DCC routines add more information; eg, you might set +to tell the DCC routines to add more information; eg, you might set this to some results from ClamAV. Be careful. Header syntax is not checked and is added "as is". +In case you've troubles with sites sending the same queue items from several +hosts and fail to get through greylisting you can use +$acl_m_dcc_override_client_ip + +Setting $acl_m_dcc_override_client_ip to an IP address overrides the default +of $sender_host_address. eg. use the following ACL in DATA stage: + + warn set acl_m_dcc_override_client_ip = \ + ${lookup{$sender_helo_name}nwildlsearch{/etc/mail/multipleip_sites}{$value}{}} + condition = ${if def:acl_m_dcc_override_client_ip} + log_message = dbg: acl_m_dcc_override_client_ip set to \ + $acl_m_dcc_override_client_ip + +Then set something like +# cat /etc/mail/multipleip_sites +mout-xforward.gmx.net 82.165.159.12 +mout.gmx.net 212.227.15.16 + +Use a reasonable IP. eg. one the sending cluster acutally uses. + +DMARC Support +-------------------------------------------------------------- + +DMARC combines feedback from SPF, DKIM, and header From: in order +to attempt to provide better indicators of the authenticity of an +email. This document does not explain the fundamentals, you +should read and understand how it works by visiting the website at +http://www.dmarc.org/. + +DMARC support is added via the libopendmarc library. Visit: + + http://sourceforge.net/projects/opendmarc/ + +to obtain a copy, or find it in your favorite rpm package +repository. If building from source, this description assumes +that headers will be in /usr/local/include, and that the libraries +are in /usr/local/lib. + +1. To compile Exim with DMARC support, you must first enable SPF. +Please read the above section on enabling the EXPERIMENTAL_SPF +feature. You must also have DKIM support, so you cannot set the +DISABLE_DKIM feature. Once both of those conditions have been met +you can enable DMARC in Local/Makefile: + +EXPERIMENTAL_DMARC=yes +LDFLAGS += -lopendmarc +# CFLAGS += -I/usr/local/include +# LDFLAGS += -L/usr/local/lib + +The first line sets the feature to include the correct code, and +the second line says to link the libopendmarc libraries into the +exim binary. The commented out lines should be uncommented if you +built opendmarc from source and installed in the default location. +Adjust the paths if you installed them elsewhere, but you do not +need to uncomment them if an rpm (or you) installed them in the +package controlled locations (/usr/include and /usr/lib). + + +2. Use the following global settings to configure DMARC: + +Required: +dmarc_tld_file Defines the location of a text file of valid + top level domains the opendmarc library uses + during domain parsing. Maintained by Mozilla, + the most current version can be downloaded + from a link at http://publicsuffix.org/list/. + +Optional: +dmarc_history_file Defines the location of a file to log results + of dmarc verification on inbound emails. The + contents are importable by the opendmarc tools + which will manage the data, send out DMARC + reports, and expire the data. Make sure the + directory of this file is writable by the user + exim runs as. + +dmarc_forensic_sender The email address to use when sending a + forensic report detailing alignment failures + if a sender domain's dmarc record specifies it + and you have configured Exim to send them. + Default: do-not-reply@$default_hostname + + +3. By default, the DMARC processing will run for any remote, +non-authenticated user. It makes sense to only verify DMARC +status of messages coming from remote, untrusted sources. You can +use standard conditions such as hosts, senders, etc, to decide that +DMARC verification should *not* be performed for them and disable +DMARC with a control setting: + + control = dmarc_verify_disable + +A DMARC record can also specify a "forensic address", which gives +exim an email address to submit reports about failed alignment. +Exim does not do this by default because in certain conditions it +results in unintended information leakage (what lists a user might +be subscribed to, etc). You must configure exim to submit forensic +reports to the owner of the domain. If the DMARC record contains a +forensic address and you specify the control statement below, then +exim will send these forensic emails. It's also advised that you +configure a dmarc_forensic_sender because the default sender address +construction might be inadequate. + + control = dmarc_forensic_enable + +(AGAIN: You can choose not to send these forensic reports by simply +not putting the dmarc_forensic_enable control line at any point in +your exim config. If you don't tell it to send them, it will not +send them.) + +There are no options to either control. Both must appear before +the DATA acl. + + +4. You can now run DMARC checks in incoming SMTP by using the +"dmarc_status" ACL condition in the DATA ACL. You are required to +call the spf condition first in the ACLs, then the "dmarc_status" +condition. Putting this condition in the ACLs is required in order +for a DMARC check to actually occur. All of the variables are set +up before the DATA ACL, but there is no actual DMARC check that +occurs until a "dmarc_status" condition is encountered in the ACLs. + +The dmarc_status condition takes a list of strings on its +right-hand side. These strings describe recommended action based +on the DMARC check. To understand what the policy recommendations +mean, refer to the DMARC website above. Valid strings are: + + o accept The DMARC check passed and the library recommends + accepting the email. + o reject The DMARC check failed and the library recommends + rejecting the email. + o quarantine The DMARC check failed and the library recommends + keeping it for further inspection. + o norecord No policy section in the DMARC record for this + sender domain. + o nofrom Unable to determine the domain of the sender. + o none There is no DMARC record for this sender domain. + o error Library error or dns error. + +You can prefix each string with an exclamation mark to invert its +meaning, for example "!accept" will match all results but +"accept". The string list is evaluated left-to-right in a +short-circuit fashion. When a string matches the outcome of the +DMARC check, the condition succeeds. If none of the listed +strings matches the outcome of the DMARC check, the condition +fails. + +Of course, you can also use any other lookup method that Exim +supports, including LDAP, Postgres, MySQL, etc, as long as the +result is a list of colon-separated strings; + +Several expansion variables are set before the DATA ACL is +processed, and you can use them in this ACL. The following +expansion variables are available: + + o $dmarc_status + This is a one word status indicating what the DMARC library + thinks of the email. + + o $dmarc_status_text + This is a slightly longer, human readable status. + + o $dmarc_used_domain + This is the domain which DMARC used to look up the DMARC + policy record. + + o $dmarc_ar_header + This is the entire Authentication-Results header which you can + add using an add_header modifier. + + +5. How to enable DMARC advanced operation: +By default, Exim's DMARC configuration is intended to be +non-intrusive and conservative. To facilitate this, Exim will not +create any type of logging files without explicit configuration by +you, the admin. Nor will Exim send out any emails/reports about +DMARC issues without explicit configuration by you, the admin (other +than typical bounce messages that may come about due to ACL +processing or failure delivery issues). + +In order to log statistics suitable to be imported by the opendmarc +tools, you need to: +a. Configure the global setting dmarc_history_file. +b. Configure cron jobs to call the appropriate opendmarc history + import scripts and truncating the dmarc_history_file. + +In order to send forensic reports, you need to: +a. Configure the global setting dmarc_forensic_sender. +b. Configure, somewhere before the DATA ACL, the control option to + enable sending DMARC forensic reports. + + +6. Example usage: +(RCPT ACL) + warn domains = +local_domains + hosts = +local_hosts + control = dmarc_verify_disable + + warn !domains = +screwed_up_dmarc_records + control = dmarc_enable_forensic + +(DATA ACL) + warn dmarc_status = accept : none : off + !authenticated = * + log_message = DMARC DEBUG: $dmarc_status $dmarc_used_domain + add_header = $dmarc_ar_header + + warn dmarc_status = !accept + !authenticated = * + log_message = DMARC DEBUG: '$dmarc_status' for $dmarc_used_domain + + warn dmarc_status = quarantine + !authenticated = * + set $acl_m_quarantine = 1 + # Do something in a transport with this flag variable + + deny dmarc_status = reject + !authenticated = * + message = Message from $domain_used_domain failed sender's DMARC policy, REJECT + + + DBL (Database Logging) -------------------------------------------------------------- diff --git a/release-process/scripts/mk_exim_release.pl b/release-process/scripts/mk_exim_release.pl index fe18da106..d29770d27 100755 --- a/release-process/scripts/mk_exim_release.pl +++ b/release-process/scripts/mk_exim_release.pl @@ -146,8 +146,11 @@ sub build_html_documentation { mkdir($dir); - my @cmd = - ( $genpath, '--spec', $spec, '--filter', $filter, '--latest', $context->{trelease}, '--tmpl', $templates, '--docroot', $dir ); + my @cmd = ( + $genpath, '--spec', $spec, '--filter', + $filter, '--latest', $context->{trelease}, '--tmpl', + $templates, '--docroot', $dir, '--localstatic' + ); print "Executing ", join( ' ', @cmd ), "\n"; system(@cmd); @@ -188,7 +191,7 @@ sub build_documentation { my $context = shift; my $docdir = File::Spec->catdir( $context->{release_tree}, 'doc', 'doc-docbook' ); - system("cd '$docdir' && ./OS-Fixups && make everything") == 0 + system("cd '$docdir' && ./OS-Fixups && make EXIM_VER=$context->{release} everything") == 0 || croak "Doc build failed"; copy_docbook_files($context); diff --git a/src/.gitattributes b/src/.gitattributes new file mode 100644 index 000000000..554385cf9 --- /dev/null +++ b/src/.gitattributes @@ -0,0 +1 @@ +ACKNOWLEDGMENTS encoding=utf-8 diff --git a/src/.gitignore b/src/.gitignore index 2d6e95a32..09d989b6d 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -1,2 +1,3 @@ Local build-* +tags diff --git a/src/ACKNOWLEDGMENTS b/src/ACKNOWLEDGMENTS index a965469cf..4474de322 100644 --- a/src/ACKNOWLEDGMENTS +++ b/src/ACKNOWLEDGMENTS @@ -1,5 +1,26 @@ EXIM ACKNOWLEDGEMENTS +This file is divided into two parts. The first is the original list maintained +by Exim's author, Philip Hazel, before he retired. That has two sub-lists of +contributors. The second main part is an attempt to bring this up-to-date, +using information from ChangeLog and git. + +Names may well occur more than once. + +There was a five year gap. It is unlikely that this file is complete. +If you contributed and are not listed, then *please* let us know. Even if you +don't much care, we want to acknowledge your help. A contribution isn't just +code, it includes reporting real bugs, helping with tracking problems down, +documentation fixes and more. + +(Note that we have patches from folks in various countries and Latin1 is not + sufficient to handle all of their names acceptably. + This file should be in UTF-8). + +-Phil Pennock, pp The Exim Maintainers. + +============================8< cut here >8============================== + I have not been very good at keeping a proper record of all the people who have sent in patches and other contributions to Exim. I am going to try to do better in the future by keeping a record in this file. First, I'll put a list of all @@ -20,11 +41,6 @@ Philip Hazel Lists created: 20 November 2002 Last updated (by PH): 22 August 2007 - Note: at current time, Exim is maintained in git; the commit messages - typically credit sources, at the very least. Also the ChangeLog file - will record who provided patches. This file is not very up-to-date. - -Phil Pennock, 2012 - THE OLD LIST Alan Barratt First code for relay checking @@ -198,7 +214,7 @@ Alex Kiernan Patches for libradius Tom Kistner SPA server code Writing and maintaining the content scanning extension (exiscan) -Jürgen Kreileder Fix for cyrus_sasl advertisement problem +Jürgen Kreileder Fix for cyrus_sasl advertisement problem Friso Kuipers Patch for GDBM problem Matthias Lederhofer Diagnosing and patching obscure and subtle socket bug Chris Liddiard Fix for bug in exiqsumm @@ -287,3 +303,166 @@ David Woodhouse SQLite support proof of concept code control=freeze/no_tell basic code Erik ? patch to use select() instead of poll() on OS X **** + +============================8< cut here >8============================== + +The Exim Maintainers Lists +========================== + +We'll start with the Exim Maintainers, who are the people with commit +access to the master git repository and a couple more folk; then we'll list +known contributors since the lists above. Then we list the folks who work +to make Exim available on various operating systems as porters/packagers. + +For the Maintainers, we may list primary focus area. All maintainers +will have contributed to work outside those areas. The maintainers' +contributions are initialled in ChangeLog. Changes from before maintainership +should be listed as a contributor. + +For other contributors, we will attempt to track all contributions. Note that +the entries per-person were added initially by scanning back through the +ChangeLog and git, so are not in chronological order. + +[ With names from all over the world, we need one sort order. I've arbitrarily + decreed it to be "normal British address-book sort order, but based on family + name rather than whichever comes last and using whatever seems sanest for + sort order of characters which do not collate onto an English character", + which should handle the majority of cases. If it is not adequate for some + situation, we'll resolve it then. + We leave out titles and honourifics, just names and handles. ] + + +Maintainers +----------- +Steve Campbell eximstats maintainer. +Mike Cardwell Exim webmaster. +Tony Finch Unbreaks lots of things. Ratelimit code. +Graeme Fowler +Michael Haardt Maintains Sieve support, works on DKIM. +Jeremy Harris +Philip Hazel Retired. + Originating architect and author of the Exim project. +John Jetmore +Tom Kistner DKIM. Content scanning. SPA. +Todd Lyons +Nigel Metheringham Transitioning out of Default Victim status. +Phil Pennock Release Coordinator. Breaks lots of things. +David Woodhouse Dynamic modules. Security. + + +Contributors +------------ +Andrew Aitchison Spotted cmdline AV scanner regression with -bmalware +Simon Arlott Code for outbound SSL-on-connect + Patch implementing %M datestamping in log filenames + Patch restoring SIGPIPE handler for child_open_uid + Patch fixing NUL term/init of DKIM strings + Patch fixing dnsdb TXT record handling for DKIM + Patch speeding up DomainKeys signing +Dmitry Banschikov Path to check for LDAP TLS initialisation errors +René Berber Pointed out mistake in build instructions for QNX +Johannes Berg Maintained dynamically loadable module code out-of-tree + Patch expanding spamd_address if contains $ +Jasen Betts Spotted lack of docs re bool{} on empty string + and typo fixes +Wolfgang Breyha DCC integration; expandable spamd_address + Patch handling IPv6 addresses for SPF + Patch fixing DKIM verification when signature header + not prepended + Unbroke Cyrus SASL auth after incorrect SSF addition + Logging of 8bitmime reception +David Brownlee Patch improving local interface IP address detection +Eugene Bujak Security patch fixing buffer overflow in string_format +Adam Ciarcinski Patch for TLS-enabled LDAP (alternative to ldaps) +Dennis Davis Patches fixing compilation in older compilers + Reported dynlookup framework build issues on Solaris +Serge Demonchaux Maintained dynamically loadable module code out-of-tree + Patch fixing sign/unsigned and UTF mismatches +Uwe Doering Patch fixing DKIM multiple signature generation +Maxim Dounin Patch portability of accept() len +Frank Elsner Fixed build reliability by exporting LC_ALL=C +Paul Fisher Diagnosed smtp_cmd_buffer_size affecting GSSAPI SASL + initial response, raised buffer size + Patch adjusting connection_max_messages wait-DB usage +Oliver Fleischmann Patches fixing compilation in older compilers +Julian Gilbey Helped improve userforward local_part_suffix docs +Richard Godbee Patch fixing usage fprintf +Steve Haslam Maintained dynamically loadable module code out-of-tree +Oliver Heesakkers Debugged dynamic lookup build issues for LOOKUP_foo. +Dmitry Isaikin Spotted short writes to local files + Patch for format string regression +Alun Jones Patch for NULL dereference in localhost_number +Brad Jorsch Patches fixing Resent-*: header handling +John Hall Updated PCRE to 7.4 (when in-tree) +Jeremy Harris Patch to log authentication information in reject log + Reported a ${extract error message typo +Jakob Hirsch Patch implementing freeze_signal on pipe transports + Suggested X-Envelope-Sender: for content-scanning + Patch fixing Base64 decode bugs +John Horne Patch adding $av_failed + Patch escaping log text after lookup expansion defer + Documentation fixes + Pointed out ClamAV ExtendedDetectionInfo compat issue +Regid Ichira Documentation fixes +Andreas M. Kirchwitz Let /dev/null have normal permissions (4.73 fallout) +J. Nick Koston Patch adding force_command pipe transport option +Roberto Lima Patch letting exicyclog rotate paniclog +Todd Lyons Patch handling TAB in MAIL arguments +Christof Meerwald Provided insight & suggested patch for GnuTLS update +Andreas Metzler Patch upgrading PolarSSL (DKIM) + Reported delivery logging problems (4.73 fallout) + Patch to build without WITH_CONTENT_SCAN + Patches fixing docs for max_rcpts, relay hosts/domains + Documentation fixes +Kirill Miazine Multiple patches improving Dovecot authenticator +Robert Millan Wrote SPF Best Guess support +Marcin Mirosław Running static analysis tools for us, catching issues +Dirk Mueller Patch extending use of our printf() compiler checking +Andrey Oktyabrski Patch fixing wide character breakage in rfc2047 coding + Patch keeping SQL errors from being returned over SMTP +Phil Pennock Patch adding gnutls_compat_mode + Patches adding bool{} and later bool_lax{} + Patch for TLS library version reporting build/runtime + Patch letting EXPN work under TLS + More patches built up & applied when became maintainer +Mark Daniel Reidel Patch adding f-protd malware scanner support +Steven A Reisman Pointed out ${eval:x % 0} SIGFPE +Todd Rinaldo Patch fixing transport filter timeout +Dan Rosenberg Security notification & patch for hardlink attack on + sticky mail directory + Security notification of race condition in MBX locking +Jay Rouman Kept our copyright claim in the 21st century, not 11th + Drew attention to SSL docs and epoch issue on 32bit +Heiko Schlittermann Patch making maildir_use_size_file expand + Patch fixing maildir quota file races + Patch fixing make parallelisation + Updates to eximstats, exiwhat +Janne Snabb TLS extensive debugging & failure root cause analysis + Added SPF record type support to dnsdb lookup +Jan Srzednicki Patch improving Dovecot authenticator + Reported crash in Dovecot authenticator +Samuel Thibault Patch fixing IPv6 interface address detection on Hurd +Martin Tscholak Reported issue with TLS anonymous ciphersuites +Stephen Usher Patch fixing use of Oracle's LDAP libraries on Solaris +Holger Weiß Patch leting ${run} return more data than OS pipe + buffer size +Moritz Wilhelmy Pointed out PCRE_PRERELEASE glitch +Alain Williams Patch supporting MySQL stored procedures +Mark Zealey Patch updating $message_linecount for maildir_tag + Patch improving spamd server selection + + +Packagers +--------- +Mark Baker Debian, through Exim 3 +Hilko Bengen Debian, Exim 4, current(*) maintenance +Tim Cutts Debian, initial packaging +Marc Haber Debian, Exim 4, current(*) maintenance +Steve Haslam Debian, Exim 4 +Andreas Metzler Debian, current(*) maintenance +Christian Perrier Debian, current(*) maintenance + +(*) Current as of our last information as of release: Exim 4.82 + + +# vim: set fileencoding=utf-8 expandtab : diff --git a/src/LICENSE.opendmarc b/src/LICENSE.opendmarc new file mode 100644 index 000000000..e2ba06b04 --- /dev/null +++ b/src/LICENSE.opendmarc @@ -0,0 +1,29 @@ +Copyright (c) 2009, 2010, 2012, The Trusted Domain Project. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of The Trusted Domain Project nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +Portions of this project are also covered by the Sendmail Open Source +License, available in this distribution in the file "LICENSE.Sendmail". +See the copyright notice(s) in each file to determine whether or not it is +covered by both licenses. + +THIS SOFTWARE IS PROVIDED BY THE OPENDKIM PROJECT ''AS IS'' AND ANY +EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE OPENDKIM PROJECT BE LIABLE FOR ANY +DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/Makefile b/src/Makefile index 4c8300ca7..ec573b5d6 100644 --- a/src/Makefile +++ b/src/Makefile @@ -45,23 +45,24 @@ build-directory: $(SHELL) -c "test -d $$builddir -a -r $$builddir/version.c || \ (mkdir $$builddir; cd $$builddir; $(SHELL) ../scripts/MakeLinks)"; +checks: + $(SHELL) scripts/source_checks + # The "configure" target ensures that the build directory exists, then arranges # to build the main makefile from inside the build directory, by calling the # Configure-Makefile script. This does its own dependency checking because of # the optional files. -configure: build-directory +configure: checks build-directory @cd build-$(buildname); \ - build=$(build) $(SHELL) ../scripts/Configure-Makefile; \ - $(SHELL) ../scripts/lookups-Makefile + build=$(build) $(SHELL) ../scripts/Configure-Makefile # The "makefile" target forces a rebuild of the makefile (as opposed to # "configure", which doesn't force it). makefile: build-directory @cd build-$(buildname); $(RM_COMMAND) -f Makefile; \ - build=$(build) $(SHELL) ../scripts/Configure-Makefile; \ - $(SHELL) ../scripts/lookups-Makefile + build=$(build) $(SHELL) ../scripts/Configure-Makefile # The installation commands are kept in a separate script, which expects # to be run from inside the build directory. diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base index 281294558..1500e85ec 100644 --- a/src/OS/Makefile-Base +++ b/src/OS/Makefile-Base @@ -298,7 +298,7 @@ convert4r4: Makefile ../src/convert4r4.src OBJ_WITH_CONTENT_SCAN = malware.o mime.o regex.o spam.o spool_mbox.o OBJ_WITH_OLD_DEMIME = demime.o -OBJ_EXPERIMENTAL = bmi_spam.o spf.o srs.o dcc.o +OBJ_EXPERIMENTAL = bmi_spam.o spf.o srs.o dcc.o dmarc.o # Targets for final binaries; the main one has a build number which is # updated each time. We don't bother with that for the auxiliaries. @@ -605,6 +605,7 @@ bmi_spam.o: $(HDRS) bmi_spam.c spf.o: $(HDRS) spf.h spf.c srs.o: $(HDRS) srs.h srs.c dcc.o: $(HDRS) dcc.h dcc.c +dmarc.o: $(HDRS) dmarc.h dmarc.c # The module containing tables of available lookups, routers, auths, and # transports must be rebuilt if any of them are. However, because the makefiles @@ -620,7 +621,7 @@ drtables.o: $(HDRS) drtables.c # When using parallel make, we don't have the dependency to force building # in the sub-directory unless we force that dependency: -$(OBJ_LOOKUPS): buildlookups +$(OBJ_LOOKUPS): lookups/lookups.a # The exim monitor's private modules - the sources live in a private # subdirectory. The final binary combines the private modules with some diff --git a/src/OS/Makefile-FreeBSD b/src/OS/Makefile-FreeBSD index 30e383c44..ebb116bf2 100644 --- a/src/OS/Makefile-FreeBSD +++ b/src/OS/Makefile-FreeBSD @@ -2,8 +2,6 @@ # There's no setting of CFLAGS here, to allow the system default # for "make" to be the default. -PORTOBJFORMAT!= test -x /usr/bin/objformat && /usr/bin/objformat || echo aout - CHOWN_COMMAND=/usr/sbin/chown STRIP_COMMAND=/usr/bin/strip CHMOD_COMMAND=/bin/chmod @@ -28,11 +26,19 @@ X11=$(LOCALBASE) X11=/usr/local .endif +# nb: FreeBSD is entirely elf; objformat was removed prior to FreeBSD 7 +# http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.bin/objformat/Attic/objformat.c +# deleted Jan 2007. +# +# So if this fails, you're on an ancient unsupported FreeBSD release *and* +# running GUI software, which seems both unusual and unwise. +# +# http://www.freebsd.org/doc/handbook/binary-formats.html suggests that the +# switch to default to ELF came with FreeBSD 3. elf(5) claims ELF support +# introduced in FreeBSD 2.2.6. +# XINCLUDE=-I$(X11)/include -XLFLAGS=-L$(X11)/lib -.if ${PORTOBJFORMAT} == "elf" -XLFLAGS+=-Wl,-rpath,${X11}/lib -.endif +XLFLAGS=-L$(X11)/lib -Wl,-rpath,${X11}/lib X11_LD_LIB=$(X11)/lib EXIWHAT_PS_ARG=-ax diff --git a/src/OS/Makefile-Linux b/src/OS/Makefile-Linux index 8b721410e..990f884e9 100644 --- a/src/OS/Makefile-Linux +++ b/src/OS/Makefile-Linux @@ -1,5 +1,9 @@ # Exim: OS-specific make file for Linux. This is for modern Linuxes, # which use libc6. +# +# For Linux, we assume GNU Make; at time of writing, the only extension +# used is ?= which is actually portable to other maintained Make variants, +# just is not POSIX. HAVE_ICONV=yes @@ -8,8 +12,9 @@ CHOWN_COMMAND=look_for_it CHGRP_COMMAND=look_for_it CHMOD_COMMAND=look_for_it -CFLAGS=-O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -CFLAGS_DYNAMIC=-shared -rdynamic +# Preserve CFLAGS and CFLAGS_DYNAMIC from the caller/environment +CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE +CFLAGS_DYNAMIC ?= -shared -rdynamic DBMLIB = -ldb USE_DB = yes diff --git a/src/OS/os.Configuring b/src/OS/os.Configuring index b5e4677d2..465bc2657 100644 --- a/src/OS/os.Configuring +++ b/src/OS/os.Configuring @@ -88,7 +88,7 @@ On some operating systems, the SIOCGIFCONF ioctl returns the IP addresses with the list of interfaces, and there is no need to call SIOCGIFADDR for each individual address. Mostly, making the second call does no harm, but on Linux when there are IP aliases, it causes things to go wrong. This also happens on -BSDI. Therefore, there is now a macro to cut it out, called +BSDI and GNU Hurd. Therefore, there is now a macro to cut it out, called SIOCGIFCONF_GIVES_ADDR. Note that, if IPv6 support is configured, Exim cannot find the IPv6 addresses diff --git a/src/OS/os.h-GNU b/src/OS/os.h-GNU index 0f8a8d63b..cc4da0e3b 100644 --- a/src/OS/os.h-GNU +++ b/src/OS/os.h-GNU @@ -2,11 +2,12 @@ #define CRYPT_H #define GLIBC_IP_OPTIONS -#define HAVE_MMAP #define HAVE_BSD_GETLOADAVG +#define HAVE_MMAP #define HAVE_SYS_VFS_H #define NO_IP_VAR_H #define SIG_IGN_WORKS +#define SIOCGIFCONF_GIVES_ADDR #define F_FREESP O_TRUNC typedef struct flock flock_t; diff --git a/src/OS/os.h-Linux b/src/OS/os.h-Linux index fe4eaa6c7..3fead17d7 100644 --- a/src/OS/os.h-Linux +++ b/src/OS/os.h-Linux @@ -57,4 +57,16 @@ extern struct ip_address_item *os_find_running_interfaces_linux(void); #endif /* __linux__ */ +/* Some folks running "unusual" setups with very old libc environments have +found that _GNU_SOURCE=1 before is not sufficient to define some +constants needed for 64-bit arithmetic. If you encounter build errors based +on LLONG_MIN being undefined and various other escape hatches have not helped, +then change the 0 to 1 in the next block. */ + +#if 0 +# define LLONG_MIN LONG_LONG_MIN +# define LLONG_MAX LONG_LONG_MAX +#endif + + /* End */ diff --git a/src/README b/src/README index 972d417c8..652cee6ef 100644 --- a/src/README +++ b/src/README @@ -1,7 +1,7 @@ THE EXIM MAIL TRANSFER AGENT VERSION 4 -------------------------------------- -Copyright (c) 1995 - 2005 University of Cambridge. +Copyright (c) 1995 - 2012 University of Cambridge. See the file NOTICE for conditions of use and distribution. There is a book about Exim by Philip Hazel called "The Exim SMTP Mail Server", @@ -47,7 +47,7 @@ Please see the documentation files for full instructions on how to build, install, and run Exim. For straightforward installations on operating systems to which Exim has already been ported, the building process is as follows: -. Ensure that the top-level Exim directory (e.g. exim-4.40) is the current +. Ensure that the top-level Exim directory (e.g. exim-4.80) is the current directory (containing the files and directories listed above). . Edit the file called src/EDITME and put the result in a new file called diff --git a/src/README.UPDATING b/src/README.UPDATING index d34dec1e1..dacb5d3aa 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -26,6 +26,18 @@ The rest of this document contains information about changes in 4.xx releases that might affect a running system. +Exim version 4.82 +----------------- + + * New option gnutls_enable_pkcs11 defaults false; if you have GnuTLS 2.12.0 + or later and do want PKCS11 modules to be autoloaded, then set this option. + + * A per-transport wait- database is no longer updated if the transport + sets "connection_max_messages" to 1, as it can not be used and causes + unnecessary serialisation and load. External tools tracking the state of + Exim by the hints databases may need modification to take this into account. + + Exim version 4.80 ----------------- diff --git a/src/exim_monitor/em_globals.c b/src/exim_monitor/em_globals.c index 816d42d05..b0a912e5f 100644 --- a/src/exim_monitor/em_globals.c +++ b/src/exim_monitor/em_globals.c @@ -211,12 +211,16 @@ int string_datestamp_length= 0; int string_datestamp_type = -1; BOOL timestamps_utc = FALSE; -BOOL tls_certificate_verified = FALSE; -uschar *tls_cipher = NULL; -uschar *tls_peerdn = NULL; -#ifdef SUPPORT_TLS -uschar *tls_sni = NULL; -#endif +tls_support tls_in = { + -1, /* tls_active */ + 0, /* bits */ + FALSE, /* tls_certificate_verified */ + NULL, /* tls_cipher */ + FALSE, /* tls_on_connect */ + NULL, /* tls_on_connect_ports */ + NULL, /* tls_peerdn */ + NULL /* tls_sni */ +}; tree_node *tree_duplicates = NULL; tree_node *tree_nonrecipients = NULL; diff --git a/src/exim_monitor/em_hdr.h b/src/exim_monitor/em_hdr.h index 93d961142..ed95716a3 100644 --- a/src/exim_monitor/em_hdr.h +++ b/src/exim_monitor/em_hdr.h @@ -100,6 +100,7 @@ that this kind of kludge isn't needed. */ #include "local_scan.h" #include "structs.h" #include "globals.h" +#include "dbstuff.h" #include "functions.h" #include "osfunctions.h" #include "store.h" diff --git a/src/exim_monitor/em_log.c b/src/exim_monitor/em_log.c index bd1d462bf..0441edd2e 100644 --- a/src/exim_monitor/em_log.c +++ b/src/exim_monitor/em_log.c @@ -364,7 +364,9 @@ link count of zero on the currently open file. */ if (log_datestamping) { uschar log_file_wanted[256]; - string_format(log_file_wanted, sizeof(log_file_wanted), "%s", CS log_file); + /* Do *not* use "%s" here, we need the %D datestamp in the log_file to + * be expanded! */ + string_format(log_file_wanted, sizeof(log_file_wanted), CS log_file); if (Ustrcmp(log_file_wanted, log_file_open) != 0) { if (LOG != NULL) diff --git a/src/scripts/Configure b/src/scripts/Configure index 06bd8bdd4..6c340ee25 100755 --- a/src/scripts/Configure +++ b/src/scripts/Configure @@ -1,4 +1,4 @@ -#! /bin/sh +#! /bin/sh -e # A script to be called to run all the other configuring scripts manually. diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile index 3e901e6a6..58b2b5770 100755 --- a/src/scripts/Configure-Makefile +++ b/src/scripts/Configure-Makefile @@ -77,8 +77,9 @@ mf=Makefile mft=$mf-t mftt=$mf-tt -look_mf=lookups/Makefile.predynamic -look_mft=${look_mf}-t +look_mf=lookups/Makefile +look_mf_pre=${look_mf}.predynamic +look_mf_post=${look_mf}.postdynamic # Ensure the temporary does not exist and start the new one by setting # the OSTYPE and ARCHTYPE variables. @@ -195,10 +196,10 @@ fi rm -f $mftt # make the lookups Makefile with the definitions +# the auxiliary script generates $look_mf_post from $look_mf_pre -## prepend stuff here; eg: grep LOOKUP_ $mft > $look_mft -## cat ../src/lookups/Makefile >> $look_mft -cp ../src/lookups/Makefile $look_mft +cp ../src/lookups/Makefile $look_mf_pre +../scripts/lookups-Makefile # See if there is a definition of EXIM_PERL in what we have built so far. # If so, run Perl to find the default values for PERL_CC, PERL_CCOPTS, @@ -249,14 +250,14 @@ cat ../OS/Makefile-Base >> $mft || exit 1 # If the new makefile is the same as the existing one, say so, and just # update the timestamp. Otherwise remove the old and install the new. -if [ -s $mf ] && cmp -s $mft $mf && [ -s $look_mf ] && cmp -s $look_mft $look_mf +if [ -s $mf ] && cmp -s $mft $mf && [ -s $look_mf ] && cmp -s $look_mf_post $look_mf then echo ">>> rebuilt $mf unchanged" echo " " touch $mf || exit - rm -f $mft -elif rm -f $mf $look_mf + rm -f $mft $look_mf_pre $look_mf_post +elif rm -f $mf $look_mf $look_mf_pre mv $mft $mf - mv $look_mft $look_mf + mv $look_mf_post $look_mf then echo ">>> New $mf & $look_mf installed" echo '>>> Use "make makefile" if you need to force rebuilding of the makefile' echo " " diff --git a/src/scripts/MakeLinks b/src/scripts/MakeLinks index 62d248a3c..a9abdab25 100755 --- a/src/scripts/MakeLinks +++ b/src/scripts/MakeLinks @@ -241,6 +241,8 @@ ln -s ../src/verify.c verify.c ln -s ../src/version.c version.c ln -s ../src/dkim.c dkim.c ln -s ../src/dkim.h dkim.h +ln -s ../src/dmarc.c dmarc.c +ln -s ../src/dmarc.h dmarc.h ln -s ../src/valgrind.h valgrind.h ln -s ../src/memcheck.h memcheck.h diff --git a/src/scripts/lookups-Makefile b/src/scripts/lookups-Makefile index 14c15259e..e7aeaa08a 100755 --- a/src/scripts/lookups-Makefile +++ b/src/scripts/lookups-Makefile @@ -28,8 +28,8 @@ then fi input=lookups/Makefile.predynamic -target=lookups/Makefile -defs_source=Makefile +target=lookups/Makefile.postdynamic +defs_source=Makefile-t tag_marker='MAGIC-TAG-MODS-OBJ-RULES-GO-HERE' tab=' ' @@ -44,20 +44,19 @@ export LC_ALL # nb: do not permit leading whitespace for this, as CFLAGS_DYNAMIC is exported # to the lookups subdir via a line with leading whitespace which otherwise # matches -if grep -q "^CFLAGS_DYNAMIC[ $tab]*=" "$defs_source" +if grep -q "^CFLAGS_DYNAMIC[ $tab?:]*=" "$defs_source" then # we have a definition, we're good to go + echo >&2 ">>> Creating lookups/Makefile for building dynamic modules" enable_dynamic=yes else - echo >&2 "Missing CFLAGS_DYNAMIC inhibits building dynamic module lookup" + echo >&2 ">>> Creating lookups/Makefile without dynamic module support" enable_dynamic='' # We always do something now, since there should always be a lookup, # and now we need to run in order to put the OBJ=$(OBJ)+ rules in. So we # continue on. fi -tmp="$target.t" - # For the want_ checks, we need to let the user override values from the make # command-line, not just check the Makefile. @@ -96,7 +95,7 @@ emit_module_rule() { if want_dynamic "$lookup_name" then if [ -z "$enable_dynamic" ]; then - echo >&2 "Inhibited dynamic modules prevents building dynamic $lookup_name" + echo >&2 "Missing CFLAGS_DYNAMIC prevents building dynamic $lookup_name" exit 1 fi MODS="${MODS} ${mod_name}.so" @@ -116,8 +115,9 @@ emit_module_rule() { fi } +rm -f "$target" exec 5>&1 -exec > "$tmp" +exec > "$target" sed -n "1,/$tag_marker/p" < "$input" @@ -145,7 +145,7 @@ echo "OBJ = $OBJ" sed -n "/$tag_marker/,\$p" < "$input" exec >&5 -mv "$tmp" "$target" +# Configure-Makefile will move $target into place # vim: set ft=sh sw=2 : diff --git a/src/scripts/source_checks b/src/scripts/source_checks new file mode 100644 index 000000000..79f9c3555 --- /dev/null +++ b/src/scripts/source_checks @@ -0,0 +1,50 @@ +#!/bin/sh + +cd src; + +# Tables with struct items +while read file table +do + : $file $table + < $file \ + perl -e '$/= undef; while (<>) { print $1 if /(?<='$table'\[\])\s*=\s*{\n(([^}].*\n)+)/m }' \ + | awk '/{ (US)?"/ {print $2}' \ + | awk -F\" '{print $2}' \ + | LANG=C sort -c \ + || exit 1 +done <<-END + readconf.c optionlist_config + globals.c optionlist_auths + globals.c debug_options + globals.c header_names + globals.c log_options + expand.c item_table + transport.c optionlist_transports + route.c optionlist_routers + transports/appendfile.c appendfile_transport_options + transports/autoreply.c autoreply_transport_options + transports/lmtp.c lmtp_transport_options + transports/pipe.c pipe_transport_options + transports/smtp.c smtp_transport_options + expand.c var_table +END + +# Tables with just string items +while read file table +do + : $file $table + < $file \ + perl -e '$/= undef; while (<>) { print $1 if /(?<='$table'\[\])\s*=\s*{\s?(([^}]*)+)}/m }' \ + | awk -F\" '/"/ {print $2}' \ + | LANG=C sort -c \ + || exit 1 + +done <<-END + expand.c item_table + expand.c op_table_underscore + expand.c op_table_main + expand.c cond_table + acl.c verbs + acl.c conditions +END + diff --git a/src/src/EDITME b/src/src/EDITME index 1387b980a..637256c7d 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -411,6 +411,14 @@ EXIM_MONITOR=eximon.bin # DISABLE_DKIM=yes +#------------------------------------------------------------------------------ +# By default, Exim has support for checking the AD bit in a DNS response, to +# determine if DNSSEC validation was successful. If your system libraries +# do not support that bit, then set DISABLE_DNSSEC to "yes" + +# DISABLE_DNSSEC=yes + + #------------------------------------------------------------------------------ # Compiling Exim with experimental features. These are documented in # experimental-spec.txt. "Experimental" means that the way these features are @@ -452,10 +460,20 @@ EXIM_MONITOR=eximon.bin # EXPERIMENTAL_OCSP=yes +# Uncomment the following line to add DMARC checking capability, implemented +# using libopendmarc libraries. +# EXPERIMENTAL_DMARC=yes +# CFLAGS += -I/usr/local/include +# LDFLAGS += -lopendmarc + +# Uncomment the following line to add Per-Recipient-Data-Response support. +# EXPERIMENTAL_PRDR=yes + # This feature allows to write log information about a completed # delivery into a database # EXPERIMENTAL_DBL=yes + ############################################################################### # THESE ARE THINGS YOU MIGHT WANT TO SPECIFY # ############################################################################### diff --git a/src/src/acl.c b/src/src/acl.c index 5b5390d8d..e3efb7ed8 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -21,8 +21,13 @@ enum { ACL_ACCEPT, ACL_DEFER, ACL_DENY, ACL_DISCARD, ACL_DROP, ACL_REQUIRE, /* ACL verbs */ -static uschar *verbs[] = - { US"accept", US"defer", US"deny", US"discard", US"drop", US"require", +static uschar *verbs[] = { + US"accept", + US"defer", + US"deny", + US"discard", + US"drop", + US"require", US"warn" }; /* For each verb, the conditions for which "message" or "log_message" are used @@ -66,6 +71,9 @@ enum { ACLC_ACL, #ifndef DISABLE_DKIM ACLC_DKIM_SIGNER, ACLC_DKIM_STATUS, +#endif +#ifdef EXPERIMENTAL_DMARC + ACLC_DMARC_STATUS, #endif ACLC_DNSLISTS, ACLC_DOMAINS, @@ -88,6 +96,7 @@ enum { ACLC_ACL, #ifdef WITH_CONTENT_SCAN ACLC_REGEX, #endif + ACLC_REMOVE_HEADER, ACLC_SENDER_DOMAINS, ACLC_SENDERS, ACLC_SET, @@ -98,6 +107,7 @@ enum { ACLC_ACL, ACLC_SPF, ACLC_SPF_GUESS, #endif + ACLC_UDPSEND, ACLC_VERIFY }; /* ACL conditions/modifiers: "delay", "control", "continue", "endpass", @@ -128,6 +138,9 @@ static uschar *conditions[] = { #ifndef DISABLE_DKIM US"dkim_signers", US"dkim_status", +#endif +#ifdef EXPERIMENTAL_DMARC + US"dmarc_status", #endif US"dnslists", US"domains", @@ -150,6 +163,7 @@ static uschar *conditions[] = { #ifdef WITH_CONTENT_SCAN US"regex", #endif + US"remove_header", US"sender_domains", US"senders", US"set", #ifdef WITH_CONTENT_SCAN US"spam", @@ -158,6 +172,7 @@ static uschar *conditions[] = { US"spf", US"spf_guess", #endif + US"udpsend", US"verify" }; @@ -173,9 +188,15 @@ enum { #ifndef DISABLE_DKIM CONTROL_DKIM_VERIFY, #endif + #ifdef EXPERIMENTAL_DMARC + CONTROL_DMARC_VERIFY, + CONTROL_DMARC_FORENSIC, + #endif + CONTROL_DSCP, CONTROL_ERROR, CONTROL_CASEFUL_LOCAL_PART, CONTROL_CASELOWER_LOCAL_PART, + CONTROL_CUTTHROUGH_DELIVERY, CONTROL_ENFORCE_SYNC, CONTROL_NO_ENFORCE_SYNC, CONTROL_FREEZE, @@ -207,9 +228,15 @@ static uschar *controls[] = { #ifndef DISABLE_DKIM US"dkim_disable_verify", #endif + #ifdef EXPERIMENTAL_DMARC + US"dmarc_disable_verify", + US"dmarc_enable_forensic", + #endif + US"dscp", US"error", US"caseful_local_part", US"caselower_local_part", + US"cutthrough_delivery", US"enforce_sync", US"no_enforce_sync", US"freeze", @@ -232,7 +259,7 @@ at the outer level. In the other cases, expansion already occurs in the checking functions. */ static uschar cond_expand_at_top[] = { - TRUE, /* acl */ + FALSE, /* acl */ TRUE, /* add_header */ FALSE, /* authenticated */ #ifdef EXPERIMENTAL_BRIGHTMAIL @@ -254,6 +281,9 @@ static uschar cond_expand_at_top[] = { #ifndef DISABLE_DKIM TRUE, /* dkim_signers */ TRUE, /* dkim_status */ +#endif +#ifdef EXPERIMENTAL_DMARC + TRUE, /* dmarc_status */ #endif TRUE, /* dnslists */ FALSE, /* domains */ @@ -276,6 +306,7 @@ static uschar cond_expand_at_top[] = { #ifdef WITH_CONTENT_SCAN TRUE, /* regex */ #endif + TRUE, /* remove_header */ FALSE, /* sender_domains */ FALSE, /* senders */ TRUE, /* set */ @@ -286,6 +317,7 @@ static uschar cond_expand_at_top[] = { TRUE, /* spf */ TRUE, /* spf_guess */ #endif + TRUE, /* udpsend */ TRUE /* verify */ }; @@ -314,6 +346,9 @@ static uschar cond_modifiers[] = { #ifndef DISABLE_DKIM FALSE, /* dkim_signers */ FALSE, /* dkim_status */ +#endif +#ifdef EXPERIMENTAL_DMARC + FALSE, /* dmarc_status */ #endif FALSE, /* dnslists */ FALSE, /* domains */ @@ -336,6 +371,7 @@ static uschar cond_modifiers[] = { #ifdef WITH_CONTENT_SCAN FALSE, /* regex */ #endif + TRUE, /* remove_header */ FALSE, /* sender_domains */ FALSE, /* senders */ TRUE, /* set */ @@ -346,6 +382,7 @@ static uschar cond_modifiers[] = { FALSE, /* spf */ FALSE, /* spf_guess */ #endif + TRUE, /* udpsend */ FALSE /* verify */ }; @@ -360,6 +397,9 @@ static unsigned int cond_forbids[] = { (unsigned int) ~((1<text; + while ((cp = Ustrchr(s, '\n')) != NULL) + { + if (cp[1] == '\0') break; + + /* contains embedded newline; needs doubling */ + ret = string_cat(ret, &size, &ptr, s, cp-s+1); + ret = string_cat(ret, &size, &ptr, US"\n", 1); + s = cp+1; + } + /* last bit of header */ + + ret = string_cat(ret, &size, &ptr, s, cp-s+1); /* newline-sep list */ + } +while((h = h->next)); + +ret[ptr-1] = '\0'; /* overwrite last newline */ +return ret; +} + + +/************************************************* +* Set up removed header line(s) * +*************************************************/ + +/* This function is called by the remove_header modifier. The argument is +treated as a sequence of header names which are added to a colon separated +list, provided there isn't an identical one already there. + +Argument: string of header names +Returns: nothing +*/ + +static void +setup_remove_header(uschar *hnames) +{ +if (*hnames != 0) + { + if (acl_removed_headers == NULL) + acl_removed_headers = hnames; + else + acl_removed_headers = string_sprintf("%s : %s", acl_removed_headers, hnames); + } +} + + /************************************************* * Handle warnings * @@ -1602,7 +1787,7 @@ switch(vp->value) test whether it was successful or not. (This is for optional verification; for mandatory verification, the connection doesn't last this long.) */ - if (tls_certificate_verified) return OK; + if (tls_in.certificate_verified) return OK; *user_msgptr = US"no verified certificate"; return FAIL; @@ -2637,6 +2822,106 @@ return rc; +/************************************************* +* The udpsend ACL modifier * +*************************************************/ + +/* Called by acl_check_condition() below. + +Arguments: + arg the option string for udpsend= + log_msgptr for error messages + +Returns: OK - Completed. + DEFER - Problem with DNS lookup. + ERROR - Syntax error in options. +*/ + +static int +acl_udpsend(uschar *arg, uschar **log_msgptr) +{ +int sep = 0; +uschar *hostname; +uschar *portstr; +uschar *portend; +host_item *h; +int portnum; +int host_af; +int len; +int r, s; + +hostname = string_nextinlist(&arg, &sep, NULL, 0); +portstr = string_nextinlist(&arg, &sep, NULL, 0); + +if (hostname == NULL) + { + *log_msgptr = US"missing destination host in \"udpsend\" modifier"; + return ERROR; + } +if (portstr == NULL) + { + *log_msgptr = US"missing destination port in \"udpsend\" modifier"; + return ERROR; + } +if (arg == NULL) + { + *log_msgptr = US"missing datagram payload in \"udpsend\" modifier"; + return ERROR; + } +portnum = Ustrtol(portstr, &portend, 10); +if (*portend != '\0') + { + *log_msgptr = US"bad destination port in \"udpsend\" modifier"; + return ERROR; + } + +/* Make a single-item host list. */ +h = store_get(sizeof(host_item)); +memset(h, 0, sizeof(host_item)); +h->name = hostname; +h->port = portnum; +h->mx = MX_NONE; + +if (string_is_ip_address(hostname, NULL)) + h->address = hostname, r = HOST_FOUND; +else + r = host_find_byname(h, NULL, 0, NULL, FALSE); +if (r == HOST_FIND_FAILED || r == HOST_FIND_AGAIN) + { + *log_msgptr = US"DNS lookup failed in \"udpsend\" modifier"; + return DEFER; + } + +HDEBUG(D_acl) + debug_printf("udpsend [%s]:%d %s\n", h->address, portnum, arg); + +host_af = (Ustrchr(h->address, ':') == NULL)? AF_INET:AF_INET6; +r = s = ip_socket(SOCK_DGRAM, host_af); +if (r < 0) goto defer; +r = ip_connect(s, host_af, h->address, portnum, 1); +if (r < 0) goto defer; +len = Ustrlen(arg); +r = send(s, arg, len, MSG_NOSIGNAL); +if (r < 0) goto defer; +if (r < len) + { + *log_msgptr = + string_sprintf("\"udpsend\" truncated from %d to %d octets", len, r); + return DEFER; + } + +HDEBUG(D_acl) + debug_printf("udpsend %d bytes\n", r); + +return OK; + +defer: +*log_msgptr = string_sprintf("\"udpsend\" failed: %s", strerror(errno)); +return DEFER; +} + + + /************************************************* * Handle conditions/modifiers on an ACL item * *************************************************/ @@ -2772,14 +3057,14 @@ for (; cb != NULL; cb = cb->next) "discard" verb. */ case ACLC_ACL: - rc = acl_check_internal(where, addr, arg, level+1, user_msgptr, log_msgptr); - if (rc == DISCARD && verb != ACL_ACCEPT && verb != ACL_DISCARD) - { - *log_msgptr = string_sprintf("nested ACL returned \"discard\" for " - "\"%s\" command (only allowed with \"accept\" or \"discard\")", - verbs[verb]); - return ERROR; - } + rc = acl_check_wargs(where, addr, arg, level+1, user_msgptr, log_msgptr); + if (rc == DISCARD && verb != ACL_ACCEPT && verb != ACL_DISCARD) + { + *log_msgptr = string_sprintf("nested ACL returned \"discard\" for " + "\"%s\" command (only allowed with \"accept\" or \"discard\")", + verbs[verb]); + return ERROR; + } break; case ACLC_AUTHENTICATED: @@ -2844,9 +3129,64 @@ for (; cb != NULL; cb = cb->next) #ifndef DISABLE_DKIM case CONTROL_DKIM_VERIFY: dkim_disable_verify = TRUE; + #ifdef EXPERIMENTAL_DMARC + /* Since DKIM was blocked, skip DMARC too */ + dmarc_disable_verify = TRUE; + dmarc_enable_forensic = FALSE; + #endif + break; + #endif + + #ifdef EXPERIMENTAL_DMARC + case CONTROL_DMARC_VERIFY: + dmarc_disable_verify = TRUE; + break; + + case CONTROL_DMARC_FORENSIC: + dmarc_enable_forensic = TRUE; break; #endif + case CONTROL_DSCP: + if (*p == '/') + { + int fd, af, level, optname, value; + /* If we are acting on stdin, the setsockopt may fail if stdin is not + a socket; we can accept that, we'll just debug-log failures anyway. */ + fd = fileno(smtp_in); + af = ip_get_address_family(fd); + if (af < 0) + { + HDEBUG(D_acl) + debug_printf("smtp input is probably not a socket [%s], not setting DSCP\n", + strerror(errno)); + break; + } + if (dscp_lookup(p+1, af, &level, &optname, &value)) + { + if (setsockopt(fd, level, optname, &value, sizeof(value)) < 0) + { + HDEBUG(D_acl) debug_printf("failed to set input DSCP[%s]: %s\n", + p+1, strerror(errno)); + } + else + { + HDEBUG(D_acl) debug_printf("set input DSCP to \"%s\"\n", p+1); + } + } + else + { + *log_msgptr = string_sprintf("unrecognised DSCP value in \"control=%s\"", arg); + return ERROR; + } + } + else + { + *log_msgptr = string_sprintf("syntax error in \"control=%s\"", arg); + return ERROR; + } + break; + case CONTROL_ERROR: return ERROR; @@ -2986,6 +3326,20 @@ for (; cb != NULL; cb = cb->next) case CONTROL_SUPPRESS_LOCAL_FIXUPS: suppress_local_fixups = TRUE; break; + + case CONTROL_CUTTHROUGH_DELIVERY: + if (deliver_freeze) + { + *log_msgptr = string_sprintf("\"control=%s\" on frozen item", arg); + return ERROR; + } + if (queue_only_policy) + { + *log_msgptr = string_sprintf("\"control=%s\" on queue-only item", arg); + return ERROR; + } + cutthrough_delivery = TRUE; + break; } break; @@ -3083,6 +3437,18 @@ for (; cb != NULL; cb = cb->next) break; #endif + #ifdef EXPERIMENTAL_DMARC + case ACLC_DMARC_STATUS: + if (!dmarc_has_been_checked) + dmarc_process(); + dmarc_has_been_checked = TRUE; + /* used long way of dmarc_exim_expand_query() in case we need more + * view into the process in the future. */ + rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS), + &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL); + break; + #endif + case ACLC_DNSLISTS: rc = verify_check_dnsbl(&arg); break; @@ -3099,11 +3465,11 @@ for (; cb != NULL; cb = cb->next) writing is poorly documented. */ case ACLC_ENCRYPTED: - if (tls_cipher == NULL) rc = FAIL; else + if (tls_in.cipher == NULL) rc = FAIL; else { uschar *endcipher = NULL; - uschar *cipher = Ustrchr(tls_cipher, ':'); - if (cipher == NULL) cipher = tls_cipher; else + uschar *cipher = Ustrchr(tls_in.cipher, ':'); + if (cipher == NULL) cipher = tls_in.cipher; else { endcipher = Ustrchr(++cipher, ':'); if (endcipher != NULL) *endcipher = 0; @@ -3227,6 +3593,10 @@ for (; cb != NULL; cb = cb->next) break; #endif + case ACLC_REMOVE_HEADER: + setup_remove_header(arg); + break; + case ACLC_SENDER_DOMAINS: { uschar *sdomain; @@ -3282,6 +3652,10 @@ for (; cb != NULL; cb = cb->next) break; #endif + case ACLC_UDPSEND: + rc = acl_udpsend(arg, log_msgptr); + break; + /* If the verb is WARN, discard any user message from verification, because such messages are SMTP responses, not header additions. The latter come only from explicit "message" modifiers. However, put the user message into @@ -3796,10 +4170,97 @@ return FAIL; } + + +/* Same args as acl_check_internal() above, but the string s is +the name of an ACL followed optionally by up to 9 space-separated arguments. +The name and args are separately expanded. Args go into $acl_arg globals. */ +static int +acl_check_wargs(int where, address_item *addr, uschar *s, int level, + uschar **user_msgptr, uschar **log_msgptr) +{ +uschar * tmp; +uschar * tmp_arg[9]; /* must match acl_arg[] */ +uschar * sav_arg[9]; /* must match acl_arg[] */ +int sav_narg; +uschar * name; +int i; +int ret; + +if (!(tmp = string_dequote(&s)) || !(name = expand_string(tmp))) + goto bad; + +for (i = 0; i < 9; i++) + { + while (*s && isspace(*s)) s++; + if (!*s) break; + if (!(tmp = string_dequote(&s)) || !(tmp_arg[i] = expand_string(tmp))) + { + tmp = name; + goto bad; + } + } + +sav_narg = acl_narg; +acl_narg = i; +for (i = 0; i < acl_narg; i++) + { + sav_arg[i] = acl_arg[i]; + acl_arg[i] = tmp_arg[i]; + } +while (i < 9) + { + sav_arg[i] = acl_arg[i]; + acl_arg[i++] = NULL; + } + +ret = acl_check_internal(where, addr, name, level, user_msgptr, log_msgptr); + +acl_narg = sav_narg; +for (i = 0; i < 9; i++) acl_arg[i] = sav_arg[i]; +return ret; + +bad: +if (expand_string_forcedfail) return ERROR; +*log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s", + tmp, expand_string_message); +return search_find_defer?DEFER:ERROR; +} + + + /************************************************* * Check access using an ACL * *************************************************/ +/* Alternate interface for ACL, used by expansions */ +int +acl_eval(int where, uschar *s, uschar **user_msgptr, uschar **log_msgptr) +{ +address_item adb; +address_item *addr = NULL; + +*user_msgptr = *log_msgptr = NULL; +sender_verified_failed = NULL; +ratelimiters_cmd = NULL; +log_reject_target = LOG_MAIN|LOG_REJECT; + +if (where == ACL_WHERE_RCPT) + { + adb = address_defaults; + addr = &adb; + addr->address = expand_string(US"$local_part@$domain"); + addr->domain = deliver_domain; + addr->local_part = deliver_localpart; + addr->cc_local_part = deliver_localpart; + addr->lc_local_part = deliver_localpart; + } + +return acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr); +} + + + /* This is the external interface for ACL checks. It sets up an address and the expansions for $domain and $local_part when called after RCPT, then calls acl_check_internal() to do the actual work. @@ -3818,6 +4279,7 @@ Returns: OK access is granted by an ACCEPT verb DEFER can't tell at the moment ERROR disaster */ +int acl_where = ACL_WHERE_UNKNOWN; int acl_check(int where, uschar *recipient, uschar *s, uschar **user_msgptr, @@ -3832,7 +4294,11 @@ sender_verified_failed = NULL; ratelimiters_cmd = NULL; log_reject_target = LOG_MAIN|LOG_REJECT; -if (where == ACL_WHERE_RCPT) +#ifdef EXPERIMENTAL_PRDR +if (where == ACL_WHERE_RCPT || where == ACL_WHERE_PRDR ) +#else +if (where == ACL_WHERE_RCPT ) +#endif { adb = address_defaults; addr = &adb; @@ -3846,7 +4312,56 @@ if (where == ACL_WHERE_RCPT) deliver_localpart = addr->local_part; } +acl_where = where; rc = acl_check_internal(where, addr, s, 0, user_msgptr, log_msgptr); +acl_where = ACL_WHERE_UNKNOWN; + +/* Cutthrough - if requested, +and WHERE_RCPT and not yet opened conn as result of recipient-verify, +and rcpt acl returned accept, +and first recipient (cancel on any subsequents) +open one now and run it up to RCPT acceptance. +A failed verify should cancel cutthrough request. + +Initial implementation: dual-write to spool. +Assume the rxd datastream is now being copied byte-for-byte to an open cutthrough connection. + +Cease cutthrough copy on rxd final dot; do not send one. + +On a data acl, if not accept and a cutthrough conn is open, hard-close it (no SMTP niceness). + +On data acl accept, terminate the dataphase on an open cutthrough conn. If accepted or +perm-rejected, reflect that to the original sender - and dump the spooled copy. +If temp-reject, close the conn (and keep the spooled copy). +If conn-failure, no action (and keep the spooled copy). +*/ +switch (where) +{ +case ACL_WHERE_RCPT: +#ifdef EXPERIMENTAL_PRDR +case ACL_WHERE_PRDR: +#endif + if( rcpt_count > 1 ) + cancel_cutthrough_connection("more than one recipient"); + else if (rc == OK && cutthrough_delivery && cutthrough_fd < 0) + open_cutthrough_connection(addr); + break; + +case ACL_WHERE_PREDATA: + if( rc == OK ) + cutthrough_predata(); + else + cancel_cutthrough_connection("predata acl not ok"); + break; + +case ACL_WHERE_QUIT: +case ACL_WHERE_NOTQUIT: + cancel_cutthrough_connection("quit or notquit"); + break; + +default: + break; +} deliver_domain = deliver_localpart = deliver_address_data = sender_address_data = NULL; @@ -3885,7 +4400,6 @@ return rc; } - /************************************************* * Create ACL variable * *************************************************/ diff --git a/src/src/auths/auth-spa.c b/src/src/auths/auth-spa.c index 87e5f4e8f..7ad5a1de8 100644 --- a/src/src/auths/auth-spa.c +++ b/src/src/auths/auth-spa.c @@ -1236,7 +1236,7 @@ char versionString[] = "libntlm version 0.21"; #define spa_bytes_add(ptr, header, buf, count) \ { \ -if (buf && count) \ +if (buf != NULL && count) \ { \ SSVAL(&ptr->header.len,0,count); \ SSVAL(&ptr->header.maxlen,0,count); \ diff --git a/src/src/auths/call_pam.c b/src/src/auths/call_pam.c index bec5c5744..710de7ded 100644 --- a/src/src/auths/call_pam.c +++ b/src/src/auths/call_pam.c @@ -16,10 +16,13 @@ available for compiling. Therefore, compile these functions only if SUPPORT_PAM is defined. However, some compilers don't like compiling empty modules, so keep them happy with a dummy when skipping the rest. Make it reference itself to stop picky compilers complaining that it is unused, and put in a dummy argument -to stop even pickier compilers complaining about infinite loops. */ +to stop even pickier compilers complaining about infinite loops. +Then use a mutually-recursive pair as gcc is just getting stupid. */ #ifndef SUPPORT_PAM -static void dummy(int x) { dummy(x-1); } +static void dummy(int x); +static void dummy2(int x) { dummy(x-1); } +static void dummy(int x) { dummy2(x-1); } #else /* SUPPORT_PAM */ #ifdef PAM_H_IN_PAM diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c index 4bbe6d754..2064ed221 100644 --- a/src/src/auths/call_radius.c +++ b/src/src/auths/call_radius.c @@ -20,10 +20,12 @@ RADIUS_CONFIG_FILE is defined. However, some compilers don't like compiling empty modules, so keep them happy with a dummy when skipping the rest. Make it reference itself to stop picky compilers complaining that it is unused, and put in a dummy argument to stop even pickier compilers complaining about infinite -loops. */ +loops. Then use a mutually-recursive pair as gcc is just getting stupid. */ #ifndef RADIUS_CONFIG_FILE -static void dummy(int x) { dummy(x-1); } +static void dummy(int x); +static void dummy2(int x) { dummy(x-1); } +static void dummy(int x) { dummy2(x-1); } #else /* RADIUS_CONFIG_FILE */ diff --git a/src/src/auths/cyrus_sasl.c b/src/src/auths/cyrus_sasl.c index 9b80f8d83..c7fb59348 100644 --- a/src/src/auths/cyrus_sasl.c +++ b/src/src/auths/cyrus_sasl.c @@ -25,7 +25,9 @@ in a dummy argument to stop even pickier compilers complaining about infinite loops. */ #ifndef AUTH_CYRUS_SASL -static void dummy(int x) { dummy(x-1); } +static void dummy(int x); +static void dummy2(int x) { dummy(x-1); } +static void dummy(int x) { dummy2(x-1); } #else @@ -205,7 +207,7 @@ uschar *debug = NULL; /* Stops compiler complaining */ sasl_callback_t cbs[]={{SASL_CB_LIST_END, NULL, NULL}}; sasl_conn_t *conn; char *realm_expanded; -int rc, firsttime=1, clen, *negotiated_ssf_ptr=NULL, negotiated_ssf; +int rc, i, firsttime=1, clen, *negotiated_ssf_ptr=NULL, negotiated_ssf; unsigned int inlen, outlen; input=data; @@ -256,23 +258,81 @@ if( rc != SASL_OK ) return DEFER; } -if (tls_cipher) +if (tls_in.cipher) { - rc = sasl_setprop(conn, SASL_SSF_EXTERNAL, (sasl_ssf_t *) &tls_bits); + rc = sasl_setprop(conn, SASL_SSF_EXTERNAL, (sasl_ssf_t *) &tls_in.bits); if (rc != SASL_OK) { HDEBUG(D_auth) debug_printf("Cyrus SASL EXTERNAL SSF set %d failed: %s\n", - tls_bits, sasl_errstring(rc, NULL, NULL)); + tls_in.bits, sasl_errstring(rc, NULL, NULL)); auth_defer_msg = US"couldn't set Cyrus SASL EXTERNAL SSF"; sasl_done(); return DEFER; } else - HDEBUG(D_auth) debug_printf("Cyrus SASL set EXTERNAL SSF to %d\n", tls_bits); + HDEBUG(D_auth) debug_printf("Cyrus SASL set EXTERNAL SSF to %d\n", tls_in.bits); } else HDEBUG(D_auth) debug_printf("Cyrus SASL: no TLS, no EXTERNAL SSF set\n"); +/* So sasl_setprop() documents non-shorted IPv6 addresses which is incredibly +annoying; looking at cyrus-imapd-2.3.x source, the IP address is constructed +with their iptostring() function, which just wraps +getnameinfo(..., NI_NUMERICHOST|NI_NUMERICSERV), which is equivalent to the +inet_ntop which we wrap in our host_ntoa() function. + +So the docs are too strict and we shouldn't worry about :: contractions. */ + +/* Set properties for remote and local host-ip;port */ +for (i=0; i < 2; ++i) + { + struct sockaddr_storage ss; + int (*query)(int, struct sockaddr *, socklen_t *); + int propnum, port; + const uschar *label; + uschar *address, *address_port; + const char *s_err; + socklen_t sslen; + + if (i) + { + query = &getpeername; + propnum = SASL_IPREMOTEPORT; + label = CUS"peer"; + } + else + { + query = &getsockname; + propnum = SASL_IPLOCALPORT; + label = CUS"local"; + } + + sslen = sizeof(ss); + rc = query(fileno(smtp_in), (struct sockaddr *) &ss, &sslen); + if (rc < 0) + { + HDEBUG(D_auth) + debug_printf("Failed to get %s address information: %s\n", + label, strerror(errno)); + break; + } + + address = host_ntoa(-1, &ss, NULL, &port); + address_port = string_sprintf("%s;%d", address, port); + + rc = sasl_setprop(conn, propnum, address_port); + if (rc != SASL_OK) + { + s_err = sasl_errdetail(conn); + HDEBUG(D_auth) + debug_printf("Failed to set %s SASL property: [%d] %s\n", + label, rc, s_err ? s_err : ""); + break; + } + HDEBUG(D_auth) debug_printf("Cyrus SASL set %s hostport to: %s\n", + label, address_port); + } + rc=SASL_CONTINUE; while(rc==SASL_CONTINUE) diff --git a/src/src/auths/dovecot.c b/src/src/auths/dovecot.c index ba0b8943a..032a089ca 100644 --- a/src/src/auths/dovecot.c +++ b/src/src/auths/dovecot.c @@ -12,12 +12,42 @@ commented them specially, but now they are getting quite extensive, so I have ceased doing that. The biggest change is to use unbuffered I/O on the socket because using C buffered I/O gives problems on some operating systems. PH */ +/* Protocol specifications: + * Dovecot 1, protocol version 1.1 + * http://wiki.dovecot.org/Authentication%20Protocol + * + * Dovecot 2, protocol version 1.1 + * http://wiki2.dovecot.org/Design/AuthProtocol + */ + #include "../exim.h" #include "dovecot.h" #define VERSION_MAJOR 1 #define VERSION_MINOR 0 +/* http://wiki.dovecot.org/Authentication%20Protocol +"The maximum line length isn't defined, + but it's currently expected to fit into 8192 bytes" +*/ +#define DOVECOT_AUTH_MAXLINELEN 8192 + +/* This was hard-coded as 8. +AUTH req C->S sends {"AUTH", id, mechanism, service } + params, 5 defined for +Dovecot 1; Dovecot 2 (same protocol version) defines 9. + +Master->Server sends {"USER", id, userid} + params, 6 defined. +Server->Client only gives {"OK", id} + params, unspecified, only 1 guaranteed. + +We only define here to accept S->C; max seen is 3+, plus the two +for the command and id, where unspecified might include _at least_ user=... + +So: allow for more fields than we ever expect to see, while aware that count +can go up without changing protocol version. +The cost is the length of an array of pointers on the stack. +*/ +#define DOVECOT_AUTH_MAXFIELDCOUNT 16 + /* Options specific to the authentication mechanism. */ optionlist auth_dovecot_options[] = { { @@ -43,7 +73,7 @@ auth_dovecot_options_block auth_dovecot_option_defaults = { /* Static variables for reading from the socket */ static uschar sbuffer[256]; -static int sbp; +static int socket_buffer_left; @@ -67,9 +97,28 @@ void auth_dovecot_init(auth_instance *ablock) ablock->client = FALSE; } -static int strcut(uschar *str, uschar **ptrs, int nptrs) +/************************************************* + * "strcut" to split apart server lines * + *************************************************/ + +/* Dovecot auth protocol uses TAB \t as delimiter; a line consists +of a command-name, TAB, and then any parameters, each separated by a TAB. +A parameter can be param=value or a bool, just param. + +This function modifies the original str in-place, inserting NUL characters. +It initialises ptrs entries, setting all to NULL and only setting +non-NULL N entries, where N is the return value, the number of fields seen +(one more than the number of tabs). + +Note that the return value will always be at least 1, is the count of +actual fields (so last valid offset into ptrs is one less). +*/ + +static int +strcut(uschar *str, uschar **ptrs, int nptrs) { - uschar *tmp = str; + uschar *last_sub_start = str; + uschar *lastvalid = str + Ustrlen(str); int n; for (n = 0; n < nptrs; n++) @@ -79,19 +128,44 @@ static int strcut(uschar *str, uschar **ptrs, int nptrs) while (*str) { if (*str == '\t') { if (n <= nptrs) { - *ptrs++ = tmp; - tmp = str + 1; - *str = 0; + *ptrs++ = last_sub_start; + last_sub_start = str + 1; + *str = '\0'; } n++; } str++; } - if (n < nptrs) - *ptrs = tmp; + if (last_sub_start < lastvalid) { + if (n <= nptrs) { + *ptrs = last_sub_start; + } else { + HDEBUG(D_auth) debug_printf("dovecot: warning: too many results from tab-splitting; saw %d fields, room for %d\n", n, nptrs); + n = nptrs; + } + } else { + n--; + HDEBUG(D_auth) debug_printf("dovecot: warning: ignoring trailing tab\n"); + } + + return n <= nptrs ? n : nptrs; +} - return n; +static void debug_strcut(uschar **ptrs, int nlen, int alen) ARG_UNUSED; +static void +debug_strcut(uschar **ptrs, int nlen, int alen) +{ + int i; + debug_printf("%d read but unreturned bytes; strcut() gave %d results: ", + socket_buffer_left, nlen); + for (i = 0; i < nlen; i++) { + debug_printf(" {%s}", ptrs[i]); + } + if (nlen < alen) + debug_printf(" last is %s\n", ptrs[i] ? ptrs[i] : US""); + else + debug_printf(" (max for capacity)\n"); } #define CHECK_COMMAND(str, arg_min, arg_max) do { \ @@ -125,27 +199,27 @@ int count = 0; for (;;) { - if (sbp == 0) + if (socket_buffer_left == 0) { - sbp = read(fd, sbuffer, sizeof(sbuffer)); - if (sbp == 0) { if (count == 0) return NULL; else break; } + socket_buffer_left = read(fd, sbuffer, sizeof(sbuffer)); + if (socket_buffer_left == 0) { if (count == 0) return NULL; else break; } p = 0; } - while (p < sbp) + while (p < socket_buffer_left) { if (count >= n - 1) break; s[count++] = sbuffer[p]; if (sbuffer[p++] == '\n') break; } - memmove(sbuffer, sbuffer + p, sbp - p); - sbp -= p; + memmove(sbuffer, sbuffer + p, socket_buffer_left - p); + socket_buffer_left -= p; if (s[count-1] == '\n' || count >= n - 1) break; } -s[count] = 0; +s[count] = '\0'; return s; } @@ -161,12 +235,14 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data) auth_dovecot_options_block *ob = (auth_dovecot_options_block *)(ablock->options_block); struct sockaddr_un sa; - uschar buffer[4096]; - uschar *args[8]; + uschar buffer[DOVECOT_AUTH_MAXLINELEN]; + uschar *args[DOVECOT_AUTH_MAXFIELDCOUNT]; uschar *auth_command; uschar *auth_extra_data = US""; + uschar *p; int nargs, tmp; - int cuid = 0, cont = 1, found = 0, fd, ret = DEFER; + int crequid = 1, cont = 1, fd, ret = DEFER; + BOOL found = FALSE; HDEBUG(D_auth) debug_printf("dovecot authentication\n"); @@ -198,37 +274,46 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data) auth_defer_msg = US"authentication socket protocol error"; - sbp = 0; /* Socket buffer pointer */ + socket_buffer_left = 0; /* Global, used to read more than a line but return by line */ while (cont) { if (dc_gets(buffer, sizeof(buffer), fd) == NULL) OUT("authentication socket read error or premature eof"); - - buffer[Ustrlen(buffer) - 1] = 0; + p = buffer + Ustrlen(buffer) - 1; + if (*p != '\n') { + OUT("authentication socket protocol line too long"); + } + *p = '\0'; HDEBUG(D_auth) debug_printf("received: %s\n", buffer); nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0])); + /* HDEBUG(D_auth) debug_strcut(args, nargs, sizeof(args) / sizeof(args[0])); */ /* Code below rewritten by Kirill Miazine (km@krot.org). Only check commands that Exim will need. Original code also failed if Dovecot server sent unknown command. E.g. COOKIE in version 1.1 of the protocol would cause troubles. */ - if (Ustrcmp(args[0], US"CUID") == 0) { - CHECK_COMMAND("CUID", 1, 1); - cuid = Uatoi(args[1]); - } else if (Ustrcmp(args[0], US"VERSION") == 0) { + /* pdp: note that CUID is a per-connection identifier sent by the server, + which increments at server discretion. + By contrast, the "id" field of the protocol is a connection-specific request + identifier, which needs to be unique per request from the client and is not + connected to the CUID value, so we ignore CUID from server. It's purely for + diagnostics. */ + if (Ustrcmp(args[0], US"VERSION") == 0) { CHECK_COMMAND("VERSION", 2, 2); if (Uatoi(args[1]) != VERSION_MAJOR) OUT("authentication socket protocol version mismatch"); } else if (Ustrcmp(args[0], US"MECH") == 0) { CHECK_COMMAND("MECH", 1, INT_MAX); if (strcmpic(US args[1], ablock->public_name) == 0) - found = 1; + found = TRUE; } else if (Ustrcmp(args[0], US"DONE") == 0) { CHECK_COMMAND("DONE", 0, 0); cont = 0; } } - if (!found) + if (!found) { + auth_defer_msg = string_sprintf("Dovecot did not advertise mechanism \"%s\" to us", ablock->public_name); goto out; + } /* Added by PH: data must not contain tab (as it is b64 it shouldn't, but check for safety). */ @@ -241,10 +326,10 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data) /* Added by PH: extra fields when TLS is in use or if the TCP/IP connection is local. */ - if (tls_cipher != NULL) + if (tls_in.cipher != NULL) auth_extra_data = string_sprintf("secured\t%s%s", - tls_certificate_verified? "valid-client-cert" : "", - tls_certificate_verified? "\t" : ""); + tls_in.certificate_verified? "valid-client-cert" : "", + tls_in.certificate_verified? "\t" : ""); else if (interface_address != NULL && Ustrcmp(sender_host_address, interface_address) == 0) auth_extra_data = US"secured\t"; @@ -264,14 +349,11 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data) Subsequently, the command was modified to add "secured" and "valid-client- cert" when relevant. - - The auth protocol is documented here: - http://wiki.dovecot.org/Authentication_Protocol ****************************************************************************/ auth_command = string_sprintf("VERSION\t%d\t%d\nCPID\t%d\n" "AUTH\t%d\t%s\tservice=smtp\t%srip=%s\tlip=%s\tnologin\tresp=%s\n", - VERSION_MAJOR, VERSION_MINOR, getpid(), cuid, + VERSION_MAJOR, VERSION_MINOR, getpid(), crequid, ablock->public_name, auth_extra_data, sender_host_address, interface_address, data ? (char *) data : ""); @@ -295,7 +377,7 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data) HDEBUG(D_auth) debug_printf("received: %s\n", buffer); nargs = strcut(buffer, args, sizeof(args) / sizeof(args[0])); - if (Uatoi(args[1]) != cuid) + if (Uatoi(args[1]) != crequid) OUT("authentication socket connection id mismatch"); switch (toupper(*args[0])) { @@ -316,7 +398,7 @@ int auth_dovecot_server(auth_instance *ablock, uschar *data) goto out; } - temp = string_sprintf("CONT\t%d\t%s\n", cuid, data); + temp = string_sprintf("CONT\t%d\t%s\n", crequid, data); if (write(fd, temp, Ustrlen(temp)) < 0) OUT("authentication socket write error"); break; diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c index aef337c44..87be9b5e1 100644 --- a/src/src/auths/gsasl_exim.c +++ b/src/src/auths/gsasl_exim.c @@ -29,7 +29,9 @@ sense in all contexts. For some, we can do checks at init time. #ifndef AUTH_GSASL /* dummy function to satisfy compilers when we link in an "empty" file. */ -static void dummy(int x) { dummy(x-1); } +static void dummy(int x); +static void dummy2(int x) { dummy(x-1); } +static void dummy(int x) { dummy2(x-1); } #else #include diff --git a/src/src/auths/heimdal_gssapi.c b/src/src/auths/heimdal_gssapi.c index c6e973ad9..21ed75bf4 100644 --- a/src/src/auths/heimdal_gssapi.c +++ b/src/src/auths/heimdal_gssapi.c @@ -43,7 +43,9 @@ Without rename, we could add an option for GS2 support in the future. #ifndef AUTH_HEIMDAL_GSSAPI /* dummy function to satisfy compilers when we link in an "empty" file. */ -static void dummy(int x) { dummy(x-1); } +static void dummy(int x); +static void dummy2(int x) { dummy(x-1); } +static void dummy(int x) { dummy2(x-1); } #else #include diff --git a/src/src/auths/spa.c b/src/src/auths/spa.c index 1abd65781..0bf7b0428 100644 --- a/src/src/auths/spa.c +++ b/src/src/auths/spa.c @@ -196,17 +196,14 @@ that causes failure if the size of msgbuf is exceeded. ****/ /***************************************************************/ /* Put the username in $auth1 and $1. The former is now the preferred variable; -the latter is the original variable. */ +the latter is the original variable. These have to be out of stack memory, and +need to be available once known even if not authenticated, for error messages +(server_set_id, which only makes it to authenticated_id if we return OK) */ -auth_vars[0] = expand_nstring[1] = msgbuf; +auth_vars[0] = expand_nstring[1] = string_copy(msgbuf); expand_nlength[1] = Ustrlen(msgbuf); expand_nmax = 1; -/* clean up globals which aren't referenced, but still shouldn't be left -pointing to stack memory */ -#define CLEANUP_RETURN(Code) do { auth_vars[0] = expand_nstring[1] = NULL; \ - expand_nlength[1] = expand_nmax = 0; return (Code); } while (0); - debug_print_string(ablock->server_debug_string); /* customized debug */ /* look up password */ @@ -218,13 +215,13 @@ if (clearpass == NULL) { DEBUG(D_auth) debug_printf("auth_spa_server(): forced failure while " "expanding spa_serverpassword\n"); - CLEANUP_RETURN(FAIL); + return FAIL; } else { DEBUG(D_auth) debug_printf("auth_spa_server(): error while expanding " "spa_serverpassword: %s\n", expand_string_message); - CLEANUP_RETURN(DEFER); + return DEFER; } } @@ -240,13 +237,12 @@ if (memcmp(ntRespData, 24) == 0) /* success. we have a winner. */ { - int rc = auth_check_serv_cond(ablock); - CLEANUP_RETURN(rc); + return auth_check_serv_cond(ablock); } /* Expand server_condition as an authorization check (PH) */ -CLEANUP_RETURN(FAIL); +return FAIL; } diff --git a/src/src/buildconfig.c b/src/src/buildconfig.c index 62114fc09..f3390cb75 100644 --- a/src/src/buildconfig.c +++ b/src/src/buildconfig.c @@ -847,16 +847,17 @@ else if (isgroup) } /* how many bits Exim, as a client, demands must be in D-H */ - /* as of GnuTLS 2.12.x, we ask for "normal" for D-H PK; before that, we - specify the number of bits. We've stuck with the historical value, but - it can be overridden. */ - else if ((strcmp(name, "EXIM_CLIENT_DH_MIN_BITS") == 0) || + /* 1024 is a historical figure; some sites actually use lower, so we + permit the value to be lowered "dangerously" low, but not "insanely" + low. Though actually, 1024 is becoming "dangerous". */ + else if ((strcmp(name, "EXIM_CLIENT_DH_MIN_MIN_BITS") == 0) || + (strcmp(name, "EXIM_CLIENT_DH_DEFAULT_MIN_BITS") == 0) || (strcmp(name, "EXIM_SERVER_DH_BITS_PRE2_12") == 0)) { long nv; char *end; nv = strtol(value, &end, 10); - if (end != value && *end == '\0' && nv >= 1000 && nv < 50000) + if (end != value && *end == '\0' && nv >= 512 && nv < 500000) { fprintf(new, "%s\n", value); } diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index 1652c7842..bcbc70b38 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -41,6 +41,7 @@ it's a default value. */ #define DELIVER_IN_BUFFER_SIZE 8192 #define DELIVER_OUT_BUFFER_SIZE 8192 #define DISABLE_DKIM +#define DISABLE_DNSSEC #define DISABLE_D_OPTION #define ENABLE_DISABLE_FSYNC @@ -49,7 +50,8 @@ it's a default value. */ #define EXIMDB_LOCK_TIMEOUT 60 #define EXIMDB_LOCKFILE_MODE 0640 #define EXIMDB_MODE 0640 -#define EXIM_CLIENT_DH_MIN_BITS +#define EXIM_CLIENT_DH_MIN_MIN_BITS 512 +#define EXIM_CLIENT_DH_DEFAULT_MIN_BITS 1024 #define EXIM_GNUTLS_LIBRARY_LOG_LEVEL #define EXIM_SERVER_DH_BITS_PRE2_12 #define EXIM_PERL @@ -163,7 +165,9 @@ it's a default value. */ /* EXPERIMENTAL features */ #define EXPERIMENTAL_BRIGHTMAIL #define EXPERIMENTAL_DCC +#define EXPERIMENTAL_DMARC #define EXPERIMENTAL_OCSP +#define EXPERIMENTAL_PRDR #define EXPERIMENTAL_SPF #define EXPERIMENTAL_SRS #define EXPERIMENTAL_DBL @@ -179,18 +183,13 @@ just in case. */ #define ROOT_UID 0 #define ROOT_GID 0 -/* Sizes for integer arithmetic. Go for 64bit; can be overridden in OS/os.h-FOO */ -#ifndef int_eximarith_t - #define int_eximarith_t int64_t -#endif -#ifndef PR_EXIM_ARITH - #define PR_EXIM_ARITH "%" PRId64 /* C99 standard, printf %lld */ -#endif -#ifndef SC_EXIM_ARITH - #define SC_EXIM_ARITH "%" SCNi64 /* scanf incl. 0x prefix */ -#endif -#ifndef SC_EXIM_DEC - #define SC_EXIM_DEC "%" SCNd64 /* scanf decimal */ -#endif +/* Sizes for integer arithmetic. +Go for 64bit; can be overridden in OS/Makefile-FOO +If you make it a different number of bits, provide a definition +for EXIM_64B_MAX and _MIN in OS/oh.h-FOO */ +#define int_eximarith_t int64_t +#define PR_EXIM_ARITH "%" PRId64 /* C99 standard, printf %lld */ +#define SC_EXIM_ARITH "%" SCNi64 /* scanf incl. 0x prefix */ +#define SC_EXIM_DEC "%" SCNd64 /* scanf decimal */ /* End of config.h.defaults */ diff --git a/src/src/configure.default b/src/src/configure.default index 963ec1696..12743499c 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -56,7 +56,9 @@ domainlist local_domains = @ domainlist relay_to_domains = -hostlist relay_from_hosts = 127.0.0.1 +hostlist relay_from_hosts = localhost +# (We rely upon hostname resolution working for localhost, because the default +# uncommented configuration needs to work in IPv4-only environments.) # Most straightforward access control requirements can be obtained by # appropriate settings of the above options. In more complicated situations, @@ -91,12 +93,13 @@ hostlist relay_from_hosts = 127.0.0.1 # to any other host on the Internet. Such a setting commonly refers to a # complete local network as well as the localhost. For example: # -# hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/16 +# hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 192.168.0.0/16 # # The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you # have to include 127.0.0.1 if you want to allow processes on your host to send # SMTP mail by using the loopback address. A number of MUAs use this method of -# sending mail. +# sending mail. Often, connections are made to "localhost", which might be ::1 +# on IPv6-enabled hosts. Do not forget CIDR for your IPv6 networks. # All three of these lists may contain many different kinds of item, including # wildcarded names, regular expressions, and file lookups. See the reference @@ -539,9 +542,26 @@ dnslookup: domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 +# if ipv6-enabled then instead use: +# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1 no_more +# This alternative router can be used when you want to send all mail to a +# server which handles DNS lookups for you; an ISP will typically run such +# a server for their customers. If you uncomment "smarthost" then you +# should comment out "dnslookup" above. Setting a real hostname in route_data +# wouldn't hurt either. + +# smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_data = MAIL.HOSTNAME.FOR.CENTRAL.SERVER.EXAMPLE +# ignore_target_hosts = <; 0.0.0.0 ; 127.0.0.0/8 ; ::1 +# no_more + + # The remaining routers handle addresses in the local domain(s), that is those # domains that are defined by "domainlist local_domains" above. @@ -771,7 +791,7 @@ begin authenticators # server_set_id = $auth2 # server_prompts = : # server_condition = Authentication is not yet configured -# server_advertise_condition = ${if def:tls_cipher } +# server_advertise_condition = ${if def:tls_in_cipher } # LOGIN authentication has traditional prompts and responses. There is no # authorization ID in this mechanism, so unlike PLAIN the username and @@ -783,7 +803,7 @@ begin authenticators # server_set_id = $auth1 # server_prompts = <| Username: | Password: # server_condition = Authentication is not yet configured -# server_advertise_condition = ${if def:tls_cipher } +# server_advertise_condition = ${if def:tls_in_cipher } ###################################################################### diff --git a/src/src/daemon.c b/src/src/daemon.c index 9385a91f4..3467f14a7 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -382,7 +382,7 @@ if (pid == 0) /* Check for a tls-on-connect port */ - if (host_is_tls_on_connect_port(interface_port)) tls_on_connect = TRUE; + if (host_is_tls_on_connect_port(interface_port)) tls_in.on_connect = TRUE; /* Expand smtp_active_hostname if required. We do not do this any earlier, because it may depend on the local interface address (indeed, that is most @@ -639,7 +639,7 @@ if (pid == 0) the data structures if necessary. */ #ifdef SUPPORT_TLS - tls_close(FALSE); + tls_close(FALSE, FALSE); #endif /* Reset SIGHUP and SIGCHLD in the child in both cases. */ diff --git a/src/src/dbfn.c b/src/src/dbfn.c index c74ac9c50..4a1c20fe6 100644 --- a/src/src/dbfn.c +++ b/src/src/dbfn.c @@ -208,7 +208,8 @@ if (created && geteuid() == root_uid) if (Ustat(buffer, &statbuf) >= 0 && statbuf.st_uid != exim_uid) { DEBUG(D_hints_lookup) debug_printf("ensuring %s is owned by exim\n", buffer); - (void)Uchown(buffer, exim_uid, exim_gid); + if (Uchown(buffer, exim_uid, exim_gid)) + DEBUG(D_hints_lookup) debug_printf("failed setting %s to owned by exim\n", buffer); } } } diff --git a/src/src/dcc.c b/src/src/dcc.c index 20bd75afa..44c0c009a 100644 --- a/src/src/dcc.c +++ b/src/src/dcc.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Wolfgang Breyha 2005-2012 +/* Copyright (c) Wolfgang Breyha 2005-2013 * Vienna University Computer Center * wbreyha@gmx.net * See the file NOTICE for conditions of use and distribution. @@ -30,15 +30,16 @@ int flushbuffer (int socket, uschar *buffer) int retval, rsp; rsp = write(socket, buffer, Ustrlen(buffer)); DEBUG(D_acl) - debug_printf("Result of the write() = %d\n", rsp); + debug_printf("DCC: Result of the write() = %d\n", rsp); if(rsp < 0) { DEBUG(D_acl) - debug_printf("Error writing buffer to socket: %s\n", strerror(errno)); + debug_printf("DCC: Error writing buffer to socket: %s\n", strerror(errno)); retval = errno; - } else { + } + else { DEBUG(D_acl) - debug_printf("Wrote buffer to socket:\n%s\n", buffer); + debug_printf("DCC: Wrote buffer to socket:\n%s\n", buffer); retval = 0; } return retval; @@ -48,12 +49,11 @@ int dcc_process(uschar **listptr) { int sep = 0; uschar *list = *listptr; FILE *data_file; - uschar *dcc_daemon_ip = US""; uschar *dcc_default_ip_option = US"127.0.0.1"; - uschar *dcc_ip_option = US""; uschar *dcc_helo_option = US"localhost"; uschar *dcc_reject_message = US"Rejected by DCC"; uschar *xtra_hdrs = NULL; + uschar *override_client_ip = NULL; /* from local_scan */ int i, j, k, c, retval, sockfd, resp, line; @@ -140,24 +140,26 @@ int dcc_process(uschar **listptr) { /* opts is what we send as dccifd options - see man dccifd */ /* We don't support any other option than 'header' so just copy that */ bzero(opts,sizeof(opts)); - Ustrncpy(opts, "header", sizeof(opts)-1); - Ustrncpy(client_ip, dcc_ip_option, sizeof(client_ip)-1); - /* If the dcc_client_ip is not provided use the - * sender_host_address or 127.0.0.1 if it is NULL */ - DEBUG(D_acl) - debug_printf("my_ip_option = %s - client_ip = %s - sender_host_address = %s\n", dcc_ip_option, client_ip, sender_host_address); - if(!(Ustrcmp(client_ip, ""))){ - /* Do we have a sender_host_address or is it NULL? */ - if(sender_host_address){ - Ustrncpy(client_ip, sender_host_address, sizeof(client_ip)-1); - } else { - /* sender_host_address is NULL which means it comes from localhost */ - Ustrncpy(client_ip, dcc_default_ip_option, sizeof(client_ip)-1); - } + Ustrncpy(opts, dccifd_options, sizeof(opts)-1); + /* if $acl_m_dcc_override_client_ip is set use it */ + if (((override_client_ip = expand_string(US"$acl_m_dcc_override_client_ip")) != NULL) && + (override_client_ip[0] != '\0')) { + Ustrncpy(client_ip, override_client_ip, sizeof(client_ip)-1); + DEBUG(D_acl) + debug_printf("DCC: Client IP (overridden): %s\n", client_ip); + } + else if(sender_host_address) { + /* else if $sender_host_address is available use that? */ + Ustrncpy(client_ip, sender_host_address, sizeof(client_ip)-1); + DEBUG(D_acl) + debug_printf("DCC: Client IP (sender_host_address): %s\n", client_ip); + } + else { + /* sender_host_address is NULL which means it comes from localhost */ + Ustrncpy(client_ip, dcc_default_ip_option, sizeof(client_ip)-1); + DEBUG(D_acl) + debug_printf("DCC: Client IP (default): %s\n", client_ip); } - DEBUG(D_acl) - debug_printf("Client IP: %s\n", client_ip); - Ustrncpy(sockip, dcc_daemon_ip, sizeof(sockip)-1); /* strncat(opts, my_request, strlen(my_request)); */ Ustrcat(opts, "\n"); Ustrncat(opts, client_ip, sizeof(opts)-Ustrlen(opts)-1); @@ -186,7 +188,7 @@ int dcc_process(uschar **listptr) { * Now creating the socket connection * **************************************/ - /* If there is a dcc_daemon_ip, we use a tcp socket, otherwise a UNIX socket */ + /* If sockip contains an ip, we use a tcp socket, otherwise a UNIX socket */ if(Ustrcmp(sockip, "")){ ipaddress = gethostbyname((char *)sockip); bzero((char *) &serv_addr_in, sizeof(serv_addr_in)); @@ -195,8 +197,8 @@ int dcc_process(uschar **listptr) { serv_addr_in.sin_port = htons(portnr); if ((sockfd = socket(AF_INET, SOCK_STREAM,0)) < 0){ DEBUG(D_acl) - debug_printf("Creating socket failed: %s\n", strerror(errno)); - log_write(0,LOG_REJECT,"Creating socket failed: %s\n", strerror(errno)); + debug_printf("DCC: Creating TCP socket connection failed: %s\n", strerror(errno)); + log_write(0,LOG_PANIC,"DCC: Creating TCP socket connection failed: %s\n", strerror(errno)); /* if we cannot create the socket, defer the mail */ (void)fclose(data_file); return retval; @@ -204,8 +206,8 @@ int dcc_process(uschar **listptr) { /* Now connecting the socket (INET) */ if (connect(sockfd, (struct sockaddr *)&serv_addr_in, sizeof(serv_addr_in)) < 0){ DEBUG(D_acl) - debug_printf("Connecting socket failed: %s\n", strerror(errno)); - log_write(0,LOG_REJECT,"Connecting socket failed: %s\n", strerror(errno)); + debug_printf("DCC: Connecting to TCP socket failed: %s\n", strerror(errno)); + log_write(0,LOG_PANIC,"DCC: Connecting to TCP socket failed: %s\n", strerror(errno)); /* if we cannot contact the socket, defer the mail */ (void)fclose(data_file); return retval; @@ -217,8 +219,8 @@ int dcc_process(uschar **listptr) { Ustrcpy(serv_addr.sun_path, sockpath); if ((sockfd = socket(AF_UNIX, SOCK_STREAM,0)) < 0){ DEBUG(D_acl) - debug_printf("Creating socket failed: %s\n", strerror(errno)); - log_write(0,LOG_REJECT,"Creating socket failed: %s\n", strerror(errno)); + debug_printf("DCC: Creating UNIX socket connection failed: %s\n", strerror(errno)); + log_write(0,LOG_PANIC,"DCC: Creating UNIX socket connection failed: %s\n", strerror(errno)); /* if we cannot create the socket, defer the mail */ (void)fclose(data_file); return retval; @@ -226,8 +228,8 @@ int dcc_process(uschar **listptr) { /* Now connecting the socket (UNIX) */ if (connect(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0){ DEBUG(D_acl) - debug_printf("Connecting socket failed: %s\n", strerror(errno)); - log_write(0,LOG_REJECT,"Connecting socket failed: %s\n", strerror(errno)); + debug_printf("DCC: Connecting to UNIX socket failed: %s\n", strerror(errno)); + log_write(0,LOG_PANIC,"DCC: Connecting to UNIX socket failed: %s\n", strerror(errno)); /* if we cannot contact the socket, defer the mail */ (void)fclose(data_file); return retval; @@ -235,25 +237,25 @@ int dcc_process(uschar **listptr) { } /* the socket is open, now send the options to dccifd*/ DEBUG(D_acl) - debug_printf("\n---------------------------\nSocket opened; now sending input\n-----------------\n"); + debug_printf("\nDCC: ---------------------------\nDCC: Socket opened; now sending input\nDCC: -----------------\n"); /* First, fill in the input buffer */ Ustrncpy(sendbuf, opts, sizeof(sendbuf)); Ustrncat(sendbuf, from, sizeof(sendbuf)-Ustrlen(sendbuf)-1); DEBUG(D_acl) { - debug_printf("opts = %s\nsender = %s\nrcpt count = %d\n", opts, from, recipients_count); - debug_printf("Sending options:\n****************************\n"); + debug_printf("DCC: opts = %s\nDCC: sender = %s\nDCC: rcpt count = %d\n", opts, from, recipients_count); + debug_printf("DCC: Sending options:\nDCC: ****************************\n"); } /* let's send each of the recipients to dccifd */ for (i = 0; i < recipients_count; i++){ DEBUG(D_acl) - debug_printf("recipient = %s\n",recipients_list[i].address); + debug_printf("DCC: recipient = %s\n",recipients_list[i].address); if(Ustrlen(sendbuf) + Ustrlen(recipients_list[i].address) > sizeof(sendbuf)) { DEBUG(D_acl) - debug_printf("Writing buffer: %s\n", sendbuf); + debug_printf("DCC: Writing buffer: %s\n", sendbuf); flushbuffer(sockfd, sendbuf); bzero(sendbuf, sizeof(sendbuf)); } @@ -264,7 +266,7 @@ int dcc_process(uschar **listptr) { Ustrncat(sendbuf, "\n", sizeof(sendbuf)-Ustrlen(sendbuf)-1); /* Now we send the input buffer */ DEBUG(D_acl) - debug_printf("%s\n****************************\n", sendbuf); + debug_printf("DCC: %s\nDCC: ****************************\n", sendbuf); flushbuffer(sockfd, sendbuf); /* now send the message */ @@ -273,7 +275,7 @@ int dcc_process(uschar **listptr) { /* First send the headers */ /* Now send the headers */ DEBUG(D_acl) - debug_printf("Sending headers:\n****************************\n"); + debug_printf("DCC: Sending headers:\nDCC: ****************************\n"); Ustrncpy(sendbuf, dcchdr->text, sizeof(sendbuf)-2); while((dcchdr=dcchdr->next)) { if(dcchdr->slen > sizeof(sendbuf)-2) { @@ -304,40 +306,40 @@ int dcc_process(uschar **listptr) { Ustrncat(sendbuf, "\n", sizeof(sendbuf)-Ustrlen(sendbuf)-1); flushbuffer(sockfd, sendbuf); DEBUG(D_acl) - debug_printf("\n****************************\n%s", sendbuf); + debug_printf("\nDCC: ****************************\n%s", sendbuf); /* Clear the input buffer */ bzero(sendbuf, sizeof(sendbuf)); /* now send the body */ DEBUG(D_acl) - debug_printf("Writing body:\n****************************\n"); + debug_printf("DCC: Writing body:\nDCC: ****************************\n"); (void)fseek(data_file, SPOOL_DATA_START_OFFSET, SEEK_SET); while((fread(sendbuf, 1, sizeof(sendbuf)-1, data_file)) > 0) { flushbuffer(sockfd, sendbuf); bzero(sendbuf, sizeof(sendbuf)); } DEBUG(D_acl) - debug_printf("\n****************************\n"); + debug_printf("\nDCC: ****************************\n"); /* shutdown() the socket */ if(shutdown(sockfd, 1) < 0){ DEBUG(D_acl) - debug_printf("Couldn't shutdown socket: %s\n", strerror(errno)); - log_write(0,LOG_MAIN,"Couldn't shutdown socket: %s\n", strerror(errno)); + debug_printf("DCC: Couldn't shutdown socket: %s\n", strerror(errno)); + log_write(0,LOG_MAIN,"DCC: Couldn't shutdown socket: %s\n", strerror(errno)); /* If there is a problem with the shutdown() * defer the mail. */ (void)fclose(data_file); return retval; } DEBUG(D_acl) - debug_printf("\n-------------------------\nInput sent.\n-------------------------\n"); + debug_printf("\nDCC: -------------------------\nDCC: Input sent.\nDCC: -------------------------\n"); /******************************** * receiving output from dccifd * ********************************/ DEBUG(D_acl) - debug_printf("\n-------------------------------------\nNow receiving output from server\n-----------------------------------\n"); + debug_printf("\nDCC: -------------------------------------\nDCC: Now receiving output from server\nDCC: -----------------------------------\n"); /****************************************************************** * We should get 3 lines: * @@ -359,7 +361,7 @@ int dcc_process(uschar **listptr) { /* How much did we get from the socket */ c = Ustrlen(recvbuf) + 1; DEBUG(D_acl) - debug_printf("Length of the output buffer is: %d\nOutput buffer is:\n------------\n%s\n-----------\n", c, recvbuf); + debug_printf("DCC: Length of the output buffer is: %d\nDCC: Output buffer is:\nDCC: ------------\nDCC: %s\nDCC: -----------\n", c, recvbuf); /* Now let's read each character and see what we've got */ for(i = 0; i < c; i++) { @@ -378,14 +380,14 @@ int dcc_process(uschar **listptr) { * return value accordingly */ if(recvbuf[i] == 'A') { DEBUG(D_acl) - debug_printf("Overall result = A\treturning OK\n"); + debug_printf("DCC: Overall result = A\treturning OK\n"); Ustrcpy(dcc_return_text, "Mail accepted by DCC"); dcc_result = US"A"; retval = OK; } else if(recvbuf[i] == 'R') { DEBUG(D_acl) - debug_printf("Overall result = R\treturning FAIL\n"); + debug_printf("DCC: Overall result = R\treturning FAIL\n"); dcc_result = US"R"; retval = FAIL; if(sender_host_name) { @@ -398,7 +400,7 @@ int dcc_process(uschar **listptr) { } else if(recvbuf[i] == 'S') { DEBUG(D_acl) - debug_printf("Overall result = S\treturning OK\n"); + debug_printf("DCC: Overall result = S\treturning OK\n"); Ustrcpy(dcc_return_text, "Not all recipients accepted by DCC"); /* Since we're in an ACL we want a global result * so we accept for all */ @@ -407,14 +409,14 @@ int dcc_process(uschar **listptr) { } else if(recvbuf[i] == 'G') { DEBUG(D_acl) - debug_printf("Overall result = G\treturning FAIL\n"); + debug_printf("DCC: Overall result = G\treturning FAIL\n"); Ustrcpy(dcc_return_text, "Greylisted by DCC"); dcc_result = US"G"; retval = FAIL; } else if(recvbuf[i] == 'T') { DEBUG(D_acl) - debug_printf("Overall result = T\treturning DEFER\n"); + debug_printf("DCC: Overall result = T\treturning DEFER\n"); retval = DEFER; log_write(0,LOG_MAIN,"Temporary error with DCC: %s\n", recvbuf); Ustrcpy(dcc_return_text, "Temporary error with DCC"); @@ -422,7 +424,7 @@ int dcc_process(uschar **listptr) { } else { DEBUG(D_acl) - debug_printf("Overall result = something else\treturning DEFER\n"); + debug_printf("DCC: Overall result = something else\treturning DEFER\n"); retval = DEFER; log_write(0,LOG_MAIN,"Unknown DCC response: %s\n", recvbuf); Ustrcpy(dcc_return_text, "Unknown DCC response"); @@ -433,7 +435,7 @@ int dcc_process(uschar **listptr) { /* We're on the first line but not on the first character, * there must be something wrong. */ DEBUG(D_acl) - debug_printf("Line = %d but i = %d != 0 character is %c - This is wrong!\n", line, i, recvbuf[i]); + debug_printf("DCC: Line = %d but i = %d != 0 character is %c - This is wrong!\n", line, i, recvbuf[i]); log_write(0,LOG_MAIN,"Wrong header from DCC, output is %s\n", recvbuf); } } @@ -453,13 +455,13 @@ int dcc_process(uschar **listptr) { } else { DEBUG(D_acl) - debug_printf("We got more output than we can store in the X-DCC header. Truncating at 120 characters.\n"); + debug_printf("DCC: We got more output than we can store in the X-DCC header. Truncating at 120 characters.\n"); } } else { /* Wrong line number. There must be a problem with the output. */ DEBUG(D_acl) - debug_printf("Wrong line number in output. Line number is %d\n", line); + debug_printf("DCC: Wrong line number in output. Line number is %d\n", line); } } } @@ -474,7 +476,7 @@ int dcc_process(uschar **listptr) { /* Now let's sum up what we've got. */ DEBUG(D_acl) - debug_printf("\n--------------------------\nOverall result = %d\nX-DCC header: %sReturn message: %s\ndcc_result: %s\n", retval, dcc_header_str, dcc_return_text, dcc_result); + debug_printf("\nDCC: --------------------------\nDCC: Overall result = %d\nDCC: X-DCC header: %sReturn message: %s\nDCC: dcc_result: %s\n", retval, dcc_header_str, dcc_return_text, dcc_result); /* We only add the X-DCC header if it starts with X-DCC */ if(!(Ustrncmp(dcc_header_str, "X-DCC", 5))){ @@ -487,7 +489,7 @@ int dcc_process(uschar **listptr) { } else { DEBUG(D_acl) - debug_printf("Wrong format of the X-DCC header: %s\n", dcc_header_str); + debug_printf("DCC: Wrong format of the X-DCC header: %s\n", dcc_header_str); } /* check if we should add additional headers passed in acl_m_dcc_add_header */ @@ -498,14 +500,14 @@ int dcc_process(uschar **listptr) { Ustrcat(dcc_xtra_hdrs, "\n"); header_add(' ', "%s", dcc_xtra_hdrs); DEBUG(D_acl) - debug_printf("adding additional headers in $acl_m_dcc_add_header: %s", dcc_xtra_hdrs); + debug_printf("DCC: adding additional headers in $acl_m_dcc_add_header: %s", dcc_xtra_hdrs); } } dcc_ok = 1; /* Now return to exim main process */ DEBUG(D_acl) - debug_printf("Before returning to exim main process:\nreturn_text = %s - retval = %d\ndcc_result = %s\n", dcc_return_text, retval, dcc_result); + debug_printf("DCC: Before returning to exim main process:\nDCC: return_text = %s - retval = %d\nDCC: dcc_result = %s\n", dcc_return_text, retval, dcc_result); (void)fclose(data_file); dcc_rc = retval; diff --git a/src/src/deliver.c b/src/src/deliver.c index 1c3c4bafd..7ff25f22a 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -673,6 +673,177 @@ while (addr->parent != NULL) +/* If msg is NULL this is a delivery log and logchar is used. Otherwise +this is a nonstandard call; no two-characher delivery flag is written +but sender-host and sender are prefixed and "msg" is inserted in the log line. + +Arguments: + flags passed to log_write() +*/ +void +delivery_log(int flags, address_item * addr, int logchar, uschar * msg) +{ +uschar *log_address; +int size = 256; /* Used for a temporary, */ +int ptr = 0; /* expanding buffer, for */ +uschar *s; /* building log lines; */ +void *reset_point; /* released afterwards. */ + + +/* Log the delivery on the main log. We use an extensible string to build up +the log line, and reset the store afterwards. Remote deliveries should always +have a pointer to the host item that succeeded; local deliveries can have a +pointer to a single host item in their host list, for use by the transport. */ + +s = reset_point = store_get(size); + +log_address = string_log_address(addr, (log_write_selector & L_all_parents) != 0, TRUE); +if (msg) + s = string_append(s, &size, &ptr, 3, host_and_ident(TRUE), US" ", log_address); +else + { + s[ptr++] = logchar; + s = string_append(s, &size, &ptr, 2, US"> ", log_address); + } + +if ((log_extra_selector & LX_sender_on_delivery) != 0 || msg) + s = string_append(s, &size, &ptr, 3, US" F=<", sender_address, US">"); + +#ifdef EXPERIMENTAL_SRS +if(addr->p.srs_sender) + s = string_append(s, &size, &ptr, 3, US" SRS=<", addr->p.srs_sender, US">"); +#endif +#ifdef EXPERIMENTAL_DBL + dbl_delivery_ip = NULL; /* presume no successful remote delivery */ +#endif + +/* You might think that the return path must always be set for a successful +delivery; indeed, I did for some time, until this statement crashed. The case +when it is not set is for a delivery to /dev/null which is optimised by not +being run at all. */ + +if (used_return_path != NULL && + (log_extra_selector & LX_return_path_on_delivery) != 0) + s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">"); + +if (msg) + s = string_append(s, &size, &ptr, 2, US" ", msg); + +/* For a delivery from a system filter, there may not be a router */ +if (addr->router != NULL) + s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); + +s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name); + +if ((log_extra_selector & LX_delivery_size) != 0) + s = string_append(s, &size, &ptr, 2, US" S=", + string_sprintf("%d", transport_count)); + +/* Local delivery */ + +if (addr->transport->info->local) + { + if (addr->host_list != NULL) + s = string_append(s, &size, &ptr, 2, US" H=", addr->host_list->name); + if (addr->shadow_message != NULL) + s = string_cat(s, &size, &ptr, addr->shadow_message, + Ustrlen(addr->shadow_message)); + } + +/* Remote delivery */ + +else + { + if (addr->host_used != NULL) + { + s = string_append(s, &size, &ptr, 5, US" H=", addr->host_used->name, + US" [", addr->host_used->address, US"]"); + if ((log_extra_selector & LX_outgoing_port) != 0) + s = string_append(s, &size, &ptr, 2, US":", string_sprintf("%d", + addr->host_used->port)); + if (continue_sequence > 1) + s = string_cat(s, &size, &ptr, US"*", 1); + } + + #ifdef SUPPORT_TLS + if ((log_extra_selector & LX_tls_cipher) != 0 && addr->cipher != NULL) + s = string_append(s, &size, &ptr, 2, US" X=", addr->cipher); + if ((log_extra_selector & LX_tls_certificate_verified) != 0 && + addr->cipher != NULL) + s = string_append(s, &size, &ptr, 2, US" CV=", + testflag(addr, af_cert_verified)? "yes":"no"); + if ((log_extra_selector & LX_tls_peerdn) != 0 && addr->peerdn != NULL) + s = string_append(s, &size, &ptr, 3, US" DN=\"", + string_printing(addr->peerdn), US"\""); + #endif + + if (addr->authenticator) + { + s = string_append(s, &size, &ptr, 2, US" A=", addr->authenticator); + if (addr->auth_id) + { + s = string_append(s, &size, &ptr, 2, US":", addr->auth_id); + if (log_extra_selector & LX_smtp_mailauth && addr->auth_sndr) + s = string_append(s, &size, &ptr, 2, US":", addr->auth_sndr); + } + } + + #ifdef EXPERIMENTAL_PRDR + if (addr->flags & af_prdr_used) + s = string_append(s, &size, &ptr, 1, US" PRDR"); + #endif + + if ((log_extra_selector & LX_smtp_confirmation) != 0 && + addr->message != NULL) + { + int i; + uschar *p = big_buffer; + uschar *ss = addr->message; + *p++ = '\"'; + for (i = 0; i < 100 && ss[i] != 0; i++) + { + if (ss[i] == '\"' || ss[i] == '\\') *p++ = '\\'; + *p++ = ss[i]; + } + *p++ = '\"'; + *p = 0; + s = string_append(s, &size, &ptr, 2, US" C=", big_buffer); + } + } + +/* Time on queue and actual time taken to deliver */ + +if ((log_extra_selector & LX_queue_time) != 0) + { + s = string_append(s, &size, &ptr, 2, US" QT=", + readconf_printtime(time(NULL) - received_time)); + } + +if ((log_extra_selector & LX_deliver_time) != 0) + { + s = string_append(s, &size, &ptr, 2, US" DT=", + readconf_printtime(addr->more_errno)); + } + +/* string_cat() always leaves room for the terminator. Release the +store we used to build the line after writing it. */ + +s[ptr] = 0; +log_write(0, flags, "%s", s); +#ifdef EXPERIMENTAL_DBL +DEBUG(D_deliver) + { + debug_printf(" DBL(Delivery): dbl_delivery_query=|%s| dbl_delivery_IP=%s\n", dbl_delivery_query, dbl_delivery_ip); + } +if (dbl_delivery_ip != NULL && dbl_delivery_query != NULL) + expand_string(dbl_delivery_query); +#endif +store_reset(reset_point); +return; +} + + + /************************************************* * Actions at the end of handling an address * *************************************************/ @@ -835,12 +1006,6 @@ if (addr->return_file >= 0 && addr->return_filename != NULL) (void)close(addr->return_file); } -/* Create the address string for logging. Must not do this earlier, because -an OK result may be changed to FAIL when a pipe returns text. */ - -log_address = string_log_address(addr, - (log_write_selector & L_all_parents) != 0, result == OK); - /* The sucess case happens only after delivery by a transport. */ if (result == OK) @@ -868,138 +1033,7 @@ if (result == OK) child_done(addr, now); } - /* Log the delivery on the main log. We use an extensible string to build up - the log line, and reset the store afterwards. Remote deliveries should always - have a pointer to the host item that succeeded; local deliveries can have a - pointer to a single host item in their host list, for use by the transport. */ - - s = reset_point = store_get(size); - s[ptr++] = logchar; - - s = string_append(s, &size, &ptr, 2, US"> ", log_address); - - if ((log_extra_selector & LX_sender_on_delivery) != 0) - s = string_append(s, &size, &ptr, 3, US" F=<", sender_address, US">"); - - #ifdef EXPERIMENTAL_SRS - if(addr->p.srs_sender) - s = string_append(s, &size, &ptr, 3, US" SRS=<", addr->p.srs_sender, US">"); - #endif - #ifdef EXPERIMENTAL_DBL - dbl_delivery_ip = NULL; /* presume no successful remote delivery */ - #endif - - /* You might think that the return path must always be set for a successful - delivery; indeed, I did for some time, until this statement crashed. The case - when it is not set is for a delivery to /dev/null which is optimised by not - being run at all. */ - - if (used_return_path != NULL && - (log_extra_selector & LX_return_path_on_delivery) != 0) - s = string_append(s, &size, &ptr, 3, US" P=<", used_return_path, US">"); - - /* For a delivery from a system filter, there may not be a router */ - - if (addr->router != NULL) - s = string_append(s, &size, &ptr, 2, US" R=", addr->router->name); - - s = string_append(s, &size, &ptr, 2, US" T=", addr->transport->name); - - if ((log_extra_selector & LX_delivery_size) != 0) - s = string_append(s, &size, &ptr, 2, US" S=", - string_sprintf("%d", transport_count)); - - /* Local delivery */ - - if (addr->transport->info->local) - { - if (addr->host_list != NULL) - s = string_append(s, &size, &ptr, 2, US" H=", addr->host_list->name); - if (addr->shadow_message != NULL) - s = string_cat(s, &size, &ptr, addr->shadow_message, - Ustrlen(addr->shadow_message)); - } - - /* Remote delivery */ - - else - { - if (addr->host_used != NULL) - { - s = string_append(s, &size, &ptr, 5, US" H=", addr->host_used->name, - US" [", addr->host_used->address, US"]"); - if ((log_extra_selector & LX_outgoing_port) != 0) - s = string_append(s, &size, &ptr, 2, US":", string_sprintf("%d", - addr->host_used->port)); - if (continue_sequence > 1) - s = string_cat(s, &size, &ptr, US"*", 1); - #ifdef EXPERIMENTAL_DBL - dbl_delivery_ip = string_copy(addr->host_used->address); - dbl_delivery_port = addr->host_used->port; - dbl_delivery_fqdn = string_copy(addr->host_used->name); - dbl_delivery_local_part = string_copy(addr->local_part); - dbl_delivery_domain = string_copy(addr->domain); - dbl_delivery_confirmation = string_copy(addr->message); - #endif - } - #ifdef SUPPORT_TLS - if ((log_extra_selector & LX_tls_cipher) != 0 && addr->cipher != NULL) - s = string_append(s, &size, &ptr, 2, US" X=", addr->cipher); - if ((log_extra_selector & LX_tls_certificate_verified) != 0 && - addr->cipher != NULL) - s = string_append(s, &size, &ptr, 2, US" CV=", - testflag(addr, af_cert_verified)? "yes":"no"); - if ((log_extra_selector & LX_tls_peerdn) != 0 && addr->peerdn != NULL) - s = string_append(s, &size, &ptr, 3, US" DN=\"", - string_printing(addr->peerdn), US"\""); - #endif - - if ((log_extra_selector & LX_smtp_confirmation) != 0 && - addr->message != NULL) - { - int i; - uschar *p = big_buffer; - uschar *ss = addr->message; - *p++ = '\"'; - for (i = 0; i < 100 && ss[i] != 0; i++) - { - if (ss[i] == '\"' || ss[i] == '\\') *p++ = '\\'; - *p++ = ss[i]; - } - *p++ = '\"'; - *p = 0; - s = string_append(s, &size, &ptr, 2, US" C=", big_buffer); - } - } - - /* Time on queue and actual time taken to deliver */ - - if ((log_extra_selector & LX_queue_time) != 0) - { - s = string_append(s, &size, &ptr, 2, US" QT=", - readconf_printtime(time(NULL) - received_time)); - } - - if ((log_extra_selector & LX_deliver_time) != 0) - { - s = string_append(s, &size, &ptr, 2, US" DT=", - readconf_printtime(addr->more_errno)); - } - - /* string_cat() always leaves room for the terminator. Release the - store we used to build the line after writing it. */ - - s[ptr] = 0; - log_write(0, LOG_MAIN, "%s", s); - #ifdef EXPERIMENTAL_DBL - DEBUG(D_deliver) - { - debug_printf(" DBL(Delivery): dbl_delivery_query=|%s| dbl_delivery_IP=%s\n", dbl_delivery_query, dbl_delivery_ip); - } - if (dbl_delivery_ip != NULL && dbl_delivery_query != NULL) - expand_string(dbl_delivery_query); - #endif - store_reset(reset_point); + delivery_log(LOG_MAIN, addr, logchar, NULL); } @@ -1047,6 +1081,13 @@ else if (result == DEFER || result == PANIC) log. */ s = reset_point = store_get(size); + + /* Create the address string for logging. Must not do this earlier, because + an OK result may be changed to FAIL when a pipe returns text. */ + + log_address = string_log_address(addr, + (log_write_selector & L_all_parents) != 0, result == OK); + s = string_cat(s, &size, &ptr, log_address, Ustrlen(log_address)); /* Either driver_name contains something and driver_kind contains @@ -1147,6 +1188,13 @@ else /* Build up the log line for the message and main logs */ s = reset_point = store_get(size); + + /* Create the address string for logging. Must not do this earlier, because + an OK result may be changed to FAIL when a pipe returns text. */ + + log_address = string_log_address(addr, + (log_write_selector & L_all_parents) != 0, result == OK); + s = string_cat(s, &size, &ptr, log_address, Ustrlen(log_address)); if ((log_extra_selector & LX_sender_on_delivery) != 0) @@ -1839,6 +1887,9 @@ if ((pid = fork()) == 0) set_process_info("delivering %s to %s using %s", message_id, addr->local_part, addr->transport->name); + /* Setting this global in the subprocess means we need never clear it */ + transport_name = addr->transport->name; + /* If a transport filter has been specified, set up its argument list. Any errors will get put into the address, and FALSE yielded. */ @@ -1872,33 +1923,40 @@ if ((pid = fork()) == 0) int i; int local_part_length = Ustrlen(addr2->local_part); uschar *s; + int ret; - (void)write(pfd[pipe_write], (void *)&(addr2->transport_return), sizeof(int)); - (void)write(pfd[pipe_write], (void *)&transport_count, sizeof(transport_count)); - (void)write(pfd[pipe_write], (void *)&(addr2->flags), sizeof(addr2->flags)); - (void)write(pfd[pipe_write], (void *)&(addr2->basic_errno), sizeof(int)); - (void)write(pfd[pipe_write], (void *)&(addr2->more_errno), sizeof(int)); - (void)write(pfd[pipe_write], (void *)&(addr2->special_action), sizeof(int)); - (void)write(pfd[pipe_write], (void *)&(addr2->transport), - sizeof(transport_instance *)); + if( (ret = write(pfd[pipe_write], (void *)&(addr2->transport_return), sizeof(int))) != sizeof(int) + || (ret = write(pfd[pipe_write], (void *)&transport_count, sizeof(transport_count))) != sizeof(transport_count) + || (ret = write(pfd[pipe_write], (void *)&(addr2->flags), sizeof(addr2->flags))) != sizeof(addr2->flags) + || (ret = write(pfd[pipe_write], (void *)&(addr2->basic_errno), sizeof(int))) != sizeof(int) + || (ret = write(pfd[pipe_write], (void *)&(addr2->more_errno), sizeof(int))) != sizeof(int) + || (ret = write(pfd[pipe_write], (void *)&(addr2->special_action), sizeof(int))) != sizeof(int) + || (ret = write(pfd[pipe_write], (void *)&(addr2->transport), + sizeof(transport_instance *))) != sizeof(transport_instance *) /* For a file delivery, pass back the local part, in case the original was only part of the final delivery path. This gives more complete logging. */ - if (testflag(addr2, af_file)) - { - (void)write(pfd[pipe_write], (void *)&local_part_length, sizeof(int)); - (void)write(pfd[pipe_write], addr2->local_part, local_part_length); - } + || (testflag(addr2, af_file) + && ( (ret = write(pfd[pipe_write], (void *)&local_part_length, sizeof(int))) != sizeof(int) + || (ret = write(pfd[pipe_write], addr2->local_part, local_part_length)) != local_part_length + ) + ) + ) + log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n", + ret == -1 ? strerror(errno) : "short write"); /* Now any messages */ for (i = 0, s = addr2->message; i < 2; i++, s = addr2->user_message) { int message_length = (s == NULL)? 0 : Ustrlen(s) + 1; - (void)write(pfd[pipe_write], (void *)&message_length, sizeof(int)); - if (message_length > 0) (void)write(pfd[pipe_write], s, message_length); + if( (ret = write(pfd[pipe_write], (void *)&message_length, sizeof(int))) != sizeof(int) + || (message_length > 0 && (ret = write(pfd[pipe_write], s, message_length)) != message_length) + ) + log_write(0, LOG_MAIN|LOG_PANIC, "Failed writing transport results to pipe: %s\n", + ret == -1 ? strerror(errno) : "short write"); } } @@ -2347,45 +2405,8 @@ while (addr_local != NULL) to do, which is for the ultimate address timeout. */ if (!ok) - { - retry_config *retry = - retry_find_config(retry_key+2, addr2->domain, - retry_record->basic_errno, - retry_record->more_errno); - - DEBUG(D_deliver|D_retry) - { - debug_printf("retry time not reached for %s: " - "checking ultimate address timeout\n", addr2->address); - debug_printf(" now=%d first_failed=%d next_try=%d expired=%d\n", - (int)now, (int)retry_record->first_failed, - (int)retry_record->next_try, retry_record->expired); - } - - if (retry != NULL && retry->rules != NULL) - { - retry_rule *last_rule; - for (last_rule = retry->rules; - last_rule->next != NULL; - last_rule = last_rule->next); - DEBUG(D_deliver|D_retry) - debug_printf(" received_time=%d diff=%d timeout=%d\n", - received_time, (int)now - received_time, last_rule->timeout); - if (now - received_time > last_rule->timeout) ok = TRUE; - } - else - { - DEBUG(D_deliver|D_retry) - debug_printf("no retry rule found: assume timed out\n"); - ok = TRUE; /* No rule => timed out */ - } - - DEBUG(D_deliver|D_retry) - { - if (ok) debug_printf("on queue longer than maximum retry for " - "address - allowing delivery\n"); - } - } + ok = retry_ultimate_address_timeout(retry_key, addr2->domain, + retry_record, now); } } else DEBUG(D_retry) debug_printf("no retry record exists\n"); @@ -2892,6 +2913,27 @@ while (!done) break; #endif + case 'C': /* client authenticator information */ + switch (*ptr++) + { + case '1': + addr->authenticator = (*ptr)? string_copy(ptr) : NULL; + break; + case '2': + addr->auth_id = (*ptr)? string_copy(ptr) : NULL; + break; + case '3': + addr->auth_sndr = (*ptr)? string_copy(ptr) : NULL; + break; + } + while (*ptr++); + break; + +#ifdef EXPERIMENTAL_PRDR + case 'P': + addr->flags |= af_prdr_used; break; +#endif + case 'A': if (addr == NULL) { @@ -3401,6 +3443,15 @@ while (parcount > max) +static void +rmt_dlv_checked_write(int fd, void * buf, int size) +{ +int ret = write(fd, buf, size); +if(ret != size) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Failed writing transport result to pipe: %s\n", + ret == -1 ? strerror(errno) : "short write"); +} + /************************************************* * Do remote deliveries * *************************************************/ @@ -3633,6 +3684,9 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) deliver_set_expansions(addr); + /* Ensure any transport-set auth info is fresh */ + addr->authenticator = addr->auth_id = addr->auth_sndr = NULL; + /* Compute the return path, expanding a new one if required. The old one must be set first, as it might be referred to in the expansion. */ @@ -3825,8 +3879,10 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) int fd = pfd[pipe_write]; host_item *h; - /* There are weird circumstances in which logging is disabled */ + /* Setting this global in the subprocess means we need never clear it */ + transport_name = tp->name; + /* There are weird circumstances in which logging is disabled */ disable_logging = tp->disable_logging; /* Show pids on debug output if parallelism possible */ @@ -3917,7 +3973,7 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) { if (h->address == NULL || h->status < hstatus_unusable) continue; sprintf(CS big_buffer, "H%c%c%s", h->status, h->why, h->address); - (void)write(fd, big_buffer, Ustrlen(big_buffer+3) + 4); + rmt_dlv_checked_write(fd, big_buffer, Ustrlen(big_buffer+3) + 4); } /* The number of bytes written. This is the same for each address. Even @@ -3927,12 +3983,12 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) big_buffer[0] = 'S'; memcpy(big_buffer+1, &transport_count, sizeof(transport_count)); - (void)write(fd, big_buffer, sizeof(transport_count) + 1); + rmt_dlv_checked_write(fd, big_buffer, sizeof(transport_count) + 1); - /* Information about what happened to each address. Three item types are - used: an optional 'X' item first, for TLS information, followed by 'R' - items for any retry settings, and finally an 'A' item for the remaining - data. */ + /* Information about what happened to each address. Four item types are + used: an optional 'X' item first, for TLS information, then an optional "C" + item for any client-auth info followed by 'R' items for any retry settings, + and finally an 'A' item for the remaining data. */ for(; addr != NULL; addr = addr->next) { @@ -3941,7 +3997,7 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) /* The certificate verification status goes into the flags */ - if (tls_certificate_verified) setflag(addr, af_cert_verified); + if (tls_out.certificate_verified) setflag(addr, af_cert_verified); /* Use an X item only if there's something to send */ @@ -3949,18 +4005,43 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) if (addr->cipher != NULL) { ptr = big_buffer; - *ptr++ = 'X'; - sprintf(CS ptr, "%.128s", addr->cipher); + sprintf(CS ptr, "X%.128s", addr->cipher); while(*ptr++); if (addr->peerdn == NULL) *ptr++ = 0; else { sprintf(CS ptr, "%.512s", addr->peerdn); while(*ptr++); } - (void)write(fd, big_buffer, ptr - big_buffer); + rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); } #endif + if (client_authenticator) + { + ptr = big_buffer; + sprintf(CS big_buffer, "C1%.64s", client_authenticator); + while(*ptr++); + rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); + } + if (client_authenticated_id) + { + ptr = big_buffer; + sprintf(CS big_buffer, "C2%.64s", client_authenticated_id); + while(*ptr++); + rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); + } + if (client_authenticated_sender) + { + ptr = big_buffer; + sprintf(CS big_buffer, "C3%.64s", client_authenticated_sender); + while(*ptr++); + rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); + } + + #ifdef EXPERIMENTAL_PRDR + if (addr->flags & af_prdr_used) rmt_dlv_checked_write(fd, "P", 1); + #endif + /* Retry information: for most success cases this will be null. */ for (r = addr->retries; r != NULL; r = r->next) @@ -3977,7 +4058,7 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) sprintf(CS ptr, "%.512s", r->message); while(*ptr++); } - (void)write(fd, big_buffer, ptr - big_buffer); + rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); } /* The rest of the information goes in an 'A' item. */ @@ -4013,7 +4094,7 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) memcpy(ptr, &(addr->host_used->port), sizeof(addr->host_used->port)); ptr += sizeof(addr->host_used->port); } - (void)write(fd, big_buffer, ptr - big_buffer); + rmt_dlv_checked_write(fd, big_buffer, ptr - big_buffer); } /* Add termination flag, close the pipe, and that's it. The character @@ -4023,7 +4104,7 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) big_buffer[0] = 'Z'; big_buffer[1] = (continue_transport == NULL)? '0' : '1'; - (void)write(fd, big_buffer, 2); + rmt_dlv_checked_write(fd, big_buffer, 2); (void)close(fd); exit(EXIT_SUCCESS); } @@ -4494,6 +4575,7 @@ FILE *jread; int process_recipients = RECIP_ACCEPT; open_db dbblock; open_db *dbm_file; +extern int acl_where; uschar *info = (queue_run_pid == (pid_t)0)? string_sprintf("delivering %s", id) : @@ -4544,6 +4626,9 @@ message_size = 0; update_spool = FALSE; remove_journal = TRUE; +/* Set a known context for any ACLs we call via expansions */ +acl_where = ACL_WHERE_DELIVERY; + /* Reset the random number generator, so that if several delivery processes are started from a queue runner that has already used random numbers (for sorting), they don't all get the same sequence. */ @@ -5564,7 +5649,18 @@ while (addr_new != NULL) /* Loop until all addresses dealt with */ will be far too many attempts for an address that gets a 4xx error. In fact, after such an error, we should not get here because, the host should not be remembered as one this message needs. However, there was a bug that - used to cause this to happen, so it is best to be on the safe side. */ + used to cause this to happen, so it is best to be on the safe side. + + Even if we haven't reached the retry time in the hints, there is one more + check to do, which is for the ultimate address timeout. We only do this + check if there is an address retry record and there is not a domain retry + record; this implies that previous attempts to handle the address had the + retry_use_local_parts option turned on. We use this as an approximation + for the destination being like a local delivery, for example delivery over + LMTP to an IMAP message store. In this situation users are liable to bump + into their quota and thereby have intermittently successful deliveries, + which keep the retry record fresh, which can lead to us perpetually + deferring messages. */ else if (((queue_running && !deliver_force) || continue_hostname != NULL) && @@ -5574,7 +5670,11 @@ while (addr_new != NULL) /* Loop until all addresses dealt with */ || (address_retry_record != NULL && now < address_retry_record->next_try)) - ) + && + (domain_retry_record != NULL || + address_retry_record == NULL || + !retry_ultimate_address_timeout(addr->address_retry_key, + addr->domain, address_retry_record, now))) { addr->message = US"retry time not reached"; addr->basic_errno = ERRNO_RRETRY; @@ -5946,12 +6046,23 @@ if (addr_local != NULL || addr_remote != NULL) that the mode is correct - the group setting doesn't always seem to get set automatically. */ - (void)fcntl(journal_fd, F_SETFD, fcntl(journal_fd, F_GETFD) | FD_CLOEXEC); - (void)fchown(journal_fd, exim_uid, exim_gid); - (void)fchmod(journal_fd, SPOOL_MODE); + if( fcntl(journal_fd, F_SETFD, fcntl(journal_fd, F_GETFD) | FD_CLOEXEC) + || fchown(journal_fd, exim_uid, exim_gid) + || fchmod(journal_fd, SPOOL_MODE) + ) + { + int ret = Uunlink(spoolname); + log_write(0, LOG_MAIN|LOG_PANIC, "Couldn't set perms on journal file %s: %s", + spoolname, strerror(errno)); + if(ret && errno != ENOENT) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to unlink %s: %s", + spoolname, strerror(errno)); + return DELIVER_NOT_ATTEMPTED; + } } + /* Now we can get down to the business of actually doing deliveries. Local deliveries are done first, then remote ones. If ever the problems of how to handle fallback transports are figured out, this section can be put into a loop @@ -6015,6 +6126,11 @@ if (addr_remote != NULL) regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); #endif + #ifdef EXPERIMENTAL_PRDR + if (regex_PRDR == NULL) regex_PRDR = + regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); + #endif + /* Now sort the addresses if required, and do the deliveries. The yield of do_remote_deliveries is FALSE when mua_wrapper is set and all addresses cannot be delivered in one transaction. */ @@ -7013,6 +7129,7 @@ expand_check_condition) to do a lookup. We must therefore be sure everything is released. */ search_tidyup(); +acl_where = ACL_WHERE_UNKNOWN; return final_yield; } diff --git a/src/src/directory.c b/src/src/directory.c index c6d46aa5d..5c55a4524 100644 --- a/src/src/directory.c +++ b/src/src/directory.c @@ -74,7 +74,12 @@ while (c != 0 && *p != 0) /* Set the ownership if necessary. */ - if (use_chown) (void)Uchown(buffer, exim_uid, exim_gid); + if (use_chown && Uchown(buffer, exim_uid, exim_gid)) + { + if (!panic) return FALSE; + log_write(0, LOG_MAIN|LOG_PANIC_DIE, + "Failed to set owner on directory \"%s\": %s\n", buffer, strerror(errno)); + } /* It appears that any mode bits greater than 0777 are ignored by mkdir(), at least on some operating systems. Therefore, if the mode diff --git a/src/src/dkim.c b/src/src/dkim.c index 87e91dea2..cb7fc7065 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -42,6 +42,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) { "%.*s", (int)len, (char *)((rr->data)+rr_offset)); rr_offset+=len; answer_offset+=len; + if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) { + return PDKIM_FAIL; + } } } else return PDKIM_FAIL; @@ -501,7 +504,12 @@ uschar *dkim_exim_sign(int dkim_fd, rc = NULL; goto CLEANUP; } - (void)read(privkey_fd,big_buffer,(big_buffer_size-2)); + if (read(privkey_fd,big_buffer,(big_buffer_size-2)) < 0) { + log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s", + dkim_private_key_expanded); + rc = NULL; + goto CLEANUP; + } (void)close(privkey_fd); dkim_private_key_expanded = big_buffer; } diff --git a/src/src/dmarc.c b/src/src/dmarc.c new file mode 100644 index 000000000..ea91fee9f --- /dev/null +++ b/src/src/dmarc.c @@ -0,0 +1,611 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ +/* Experimental DMARC support. + Copyright (c) Todd Lyons 2012, 2013 + License: GPL */ + +/* Portions Copyright (c) 2012, 2013, The Trusted Domain Project; + All rights reserved, licensed for use per LICENSE.opendmarc. */ + +/* Code for calling dmarc checks via libopendmarc. Called from acl.c. */ + +#include "exim.h" +#ifdef EXPERIMENTAL_DMARC +#if !defined EXPERIMENTAL_SPF +#error SPF must also be enabled for DMARC +#elif defined DISABLE_DKIM +#error DKIM must also be enabled for DMARC +#else + +#include "functions.h" +#include "dmarc.h" +#include "pdkim/pdkim.h" + +OPENDMARC_LIB_T dmarc_ctx; +DMARC_POLICY_T *dmarc_pctx = NULL; +OPENDMARC_STATUS_T libdm_status, action, dmarc_policy; +OPENDMARC_STATUS_T da, sa, action; +BOOL dmarc_abort = FALSE; +uschar *dmarc_pass_fail = US"skipped"; +extern pdkim_signature *dkim_signatures; +header_line *from_header = NULL; +extern SPF_response_t *spf_response; +int dmarc_spf_ares_result = 0; +uschar *spf_sender_domain = NULL; +uschar *spf_human_readable = NULL; +u_char *header_from_sender = NULL; +int history_file_status = DMARC_HIST_OK; +uschar *dkim_history_buffer= NULL; + +/* Accept an error_block struct, initialize if empty, parse to the + * end, and append the two strings passed to it. Used for adding + * variable amounts of value:pair data to the forensic emails. */ + +static error_block * +add_to_eblock(error_block *eblock, uschar *t1, uschar *t2) +{ + error_block *eb = malloc(sizeof(error_block)); + if (eblock == NULL) + eblock = eb; + else + { + /* Find the end of the eblock struct and point it at eb */ + error_block *tmp = eblock; + while(tmp->next != NULL) + tmp = tmp->next; + tmp->next = eb; + } + eb->text1 = t1; + eb->text2 = t2; + eb->next = NULL; + return eblock; +} + +/* dmarc_init sets up a context that can be re-used for several + messages on the same SMTP connection (that come from the + same host with the same HELO string) */ + +int dmarc_init() +{ + int *netmask = NULL; /* Ignored */ + int is_ipv6 = 0; + char *tld_file = (dmarc_tld_file == NULL) ? + "/etc/exim/opendmarc.tlds" : + (char *)dmarc_tld_file; + + /* Set some sane defaults. Also clears previous results when + * multiple messages in one connection. */ + dmarc_pctx = NULL; + dmarc_status = US"none"; + dmarc_abort = FALSE; + dmarc_pass_fail = US"skipped"; + dmarc_used_domain = US""; + header_from_sender = NULL; + spf_sender_domain = NULL; + spf_human_readable = NULL; + + /* ACLs have "control=dmarc_disable_verify" */ + if (dmarc_disable_verify == TRUE) + return OK; + + (void) memset(&dmarc_ctx, '\0', sizeof dmarc_ctx); + dmarc_ctx.nscount = 0; + libdm_status = opendmarc_policy_library_init(&dmarc_ctx); + if (libdm_status != DMARC_PARSE_OKAY) + { + log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to init library: %s", + opendmarc_policy_status_to_str(libdm_status)); + dmarc_abort = TRUE; + } + if (dmarc_tld_file == NULL) + dmarc_abort = TRUE; + else if (opendmarc_tld_read_file(tld_file, NULL, NULL, NULL)) + { + log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure to load tld list %s: %d", + tld_file, errno); + dmarc_abort = TRUE; + } + if (sender_host_address == NULL) + dmarc_abort = TRUE; + /* This catches locally originated email and startup errors above. */ + if ( dmarc_abort == FALSE ) + { + is_ipv6 = string_is_ip_address(sender_host_address, netmask); + is_ipv6 = (is_ipv6 == 6) ? TRUE : + (is_ipv6 == 4) ? FALSE : FALSE; + dmarc_pctx = opendmarc_policy_connect_init(sender_host_address, is_ipv6); + if (dmarc_pctx == NULL ) + { + log_write(0, LOG_MAIN|LOG_PANIC, "DMARC failure creating policy context: ip=%s", + sender_host_address); + dmarc_abort = TRUE; + } + } + + return OK; +} + + +/* dmarc_store_data stores the header data so that subsequent + * dmarc_process can access the data */ + +int dmarc_store_data(header_line *hdr) { + /* No debug output because would change every test debug output */ + if (dmarc_disable_verify != TRUE) + from_header = hdr; + return OK; +} + + +/* dmarc_process adds the envelope sender address to the existing + context (if any), retrieves the result, sets up expansion + strings and evaluates the condition outcome. */ + +int dmarc_process() { + int sr, origin; /* used in SPF section */ + int dmarc_spf_result = 0; /* stores spf into dmarc conn ctx */ + pdkim_signature *sig = NULL; + BOOL has_dmarc_record = TRUE; + u_char **ruf; /* forensic report addressees, if called for */ + + /* ACLs have "control=dmarc_disable_verify" */ + if (dmarc_disable_verify == TRUE) + { + dmarc_ar_header = dmarc_auth_results_header(from_header, NULL); + return OK; + } + + /* Store the header From: sender domain for this part of DMARC. + * If there is no from_header struct, then it's likely this message + * is locally generated and relying on fixups to add it. Just skip + * the entire DMARC system if we can't find a From: header....or if + * there was a previous error. + */ + if (from_header == NULL || dmarc_abort == TRUE) + dmarc_abort = TRUE; + else + { + /* I strongly encourage anybody who can make this better to contact me directly! + * Is this an insane way to extract the email address from the From: header? + * it's sure a horrid layer-crossing.... + * I'm not denying that :-/ + * there may well be no better though + */ + header_from_sender = expand_string( + string_sprintf("${domain:${extract{1}{:}{${addresses:%s}}}}", + from_header->text) ); + /* The opendmarc library extracts the domain from the email address, but + * only try to store it if it's not empty. Otherwise, skip out of DMARC. */ + if (strcmp( CCS header_from_sender, "") == 0) + dmarc_abort = TRUE; + libdm_status = (dmarc_abort == TRUE) ? + DMARC_PARSE_OKAY : + opendmarc_policy_store_from_domain(dmarc_pctx, header_from_sender); + if (libdm_status != DMARC_PARSE_OKAY) + { + log_write(0, LOG_MAIN|LOG_PANIC, "failure to store header From: in DMARC: %s, header was '%s'", + opendmarc_policy_status_to_str(libdm_status), from_header->text); + dmarc_abort = TRUE; + } + } + + /* Skip DMARC if connection is SMTP Auth. Temporarily, admin should + * instead do this in the ACLs. */ + if (dmarc_abort == FALSE && sender_host_authenticated == NULL) + { + /* Use the envelope sender domain for this part of DMARC */ + spf_sender_domain = expand_string(US"$sender_address_domain"); + if ( spf_response == NULL ) + { + /* No spf data means null envelope sender so generate a domain name + * from the sender_helo_name */ + if (spf_sender_domain == NULL) + { + spf_sender_domain = sender_helo_name; + log_write(0, LOG_MAIN, "DMARC using synthesized SPF sender domain = %s\n", + spf_sender_domain); + DEBUG(D_receive) + debug_printf("DMARC using synthesized SPF sender domain = %s\n", spf_sender_domain); + } + dmarc_spf_result = DMARC_POLICY_SPF_OUTCOME_NONE; + dmarc_spf_ares_result = ARES_RESULT_UNKNOWN; + origin = DMARC_POLICY_SPF_ORIGIN_HELO; + spf_human_readable = US""; + } + else + { + sr = spf_response->result; + dmarc_spf_result = (sr == SPF_RESULT_NEUTRAL) ? DMARC_POLICY_SPF_OUTCOME_NONE : + (sr == SPF_RESULT_PASS) ? DMARC_POLICY_SPF_OUTCOME_PASS : + (sr == SPF_RESULT_FAIL) ? DMARC_POLICY_SPF_OUTCOME_FAIL : + (sr == SPF_RESULT_SOFTFAIL) ? DMARC_POLICY_SPF_OUTCOME_TMPFAIL : + DMARC_POLICY_SPF_OUTCOME_NONE; + dmarc_spf_ares_result = (sr == SPF_RESULT_NEUTRAL) ? ARES_RESULT_NEUTRAL : + (sr == SPF_RESULT_PASS) ? ARES_RESULT_PASS : + (sr == SPF_RESULT_FAIL) ? ARES_RESULT_FAIL : + (sr == SPF_RESULT_SOFTFAIL) ? ARES_RESULT_SOFTFAIL : + (sr == SPF_RESULT_NONE) ? ARES_RESULT_NONE : + (sr == SPF_RESULT_TEMPERROR) ? ARES_RESULT_TEMPERROR : + (sr == SPF_RESULT_PERMERROR) ? ARES_RESULT_PERMERROR : + ARES_RESULT_UNKNOWN; + origin = DMARC_POLICY_SPF_ORIGIN_MAILFROM; + spf_human_readable = (uschar *)spf_response->header_comment; + DEBUG(D_receive) + debug_printf("DMARC using SPF sender domain = %s\n", spf_sender_domain); + } + if (strcmp( CCS spf_sender_domain, "") == 0) + dmarc_abort = TRUE; + if (dmarc_abort == FALSE) + { + libdm_status = opendmarc_policy_store_spf(dmarc_pctx, spf_sender_domain, + dmarc_spf_result, origin, spf_human_readable); + if (libdm_status != DMARC_PARSE_OKAY) + log_write(0, LOG_MAIN|LOG_PANIC, "failure to store spf for DMARC: %s", + opendmarc_policy_status_to_str(libdm_status)); + } + + /* Now we cycle through the dkim signature results and put into + * the opendmarc context, further building the DMARC reply. */ + sig = dkim_signatures; + dkim_history_buffer = US""; + while (sig != NULL) + { + int dkim_result, dkim_ares_result, vs, ves; + vs = sig->verify_status; + ves = sig->verify_ext_status; + dkim_result = ( vs == PDKIM_VERIFY_PASS ) ? DMARC_POLICY_DKIM_OUTCOME_PASS : + ( vs == PDKIM_VERIFY_FAIL ) ? DMARC_POLICY_DKIM_OUTCOME_FAIL : + ( vs == PDKIM_VERIFY_INVALID ) ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL : + DMARC_POLICY_DKIM_OUTCOME_NONE; + libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, (uschar *)sig->domain, + dkim_result, US""); + DEBUG(D_receive) + debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain); + if (libdm_status != DMARC_PARSE_OKAY) + log_write(0, LOG_MAIN|LOG_PANIC, "failure to store dkim (%s) for DMARC: %s", + sig->domain, opendmarc_policy_status_to_str(libdm_status)); + + dkim_ares_result = ( vs == PDKIM_VERIFY_PASS ) ? ARES_RESULT_PASS : + ( vs == PDKIM_VERIFY_FAIL ) ? ARES_RESULT_FAIL : + ( vs == PDKIM_VERIFY_NONE ) ? ARES_RESULT_NONE : + ( vs == PDKIM_VERIFY_INVALID ) ? + ( ves == PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE ? ARES_RESULT_PERMERROR : + ves == PDKIM_VERIFY_INVALID_BUFFER_SIZE ? ARES_RESULT_PERMERROR : + ves == PDKIM_VERIFY_INVALID_PUBKEY_PARSING ? ARES_RESULT_PERMERROR : + ARES_RESULT_UNKNOWN ) : + ARES_RESULT_UNKNOWN; + dkim_history_buffer = string_sprintf("%sdkim %s %d\n", dkim_history_buffer, + sig->domain, dkim_ares_result); + sig = sig->next; + } + libdm_status = opendmarc_policy_query_dmarc(dmarc_pctx, US""); + switch (libdm_status) + { + case DMARC_DNS_ERROR_NXDOMAIN: + case DMARC_DNS_ERROR_NO_RECORD: + DEBUG(D_receive) + debug_printf("DMARC no record found for %s\n", header_from_sender); + has_dmarc_record = FALSE; + break; + case DMARC_PARSE_OKAY: + DEBUG(D_receive) + debug_printf("DMARC record found for %s\n", header_from_sender); + break; + case DMARC_PARSE_ERROR_BAD_VALUE: + DEBUG(D_receive) + debug_printf("DMARC record parse error for %s\n", header_from_sender); + has_dmarc_record = FALSE; + break; + default: + /* everything else, skip dmarc */ + DEBUG(D_receive) + debug_printf("DMARC skipping (%d), unsure what to do with %s", + libdm_status, from_header->text); + has_dmarc_record = FALSE; + break; + } + /* Can't use exim's string manipulation functions so allocate memory + * for libopendmarc using its max hostname length definition. */ + uschar *dmarc_domain = (uschar *)calloc(DMARC_MAXHOSTNAMELEN, sizeof(uschar)); + libdm_status = opendmarc_policy_fetch_utilized_domain(dmarc_pctx, dmarc_domain, + DMARC_MAXHOSTNAMELEN-1); + dmarc_used_domain = string_copy(dmarc_domain); + free(dmarc_domain); + if (libdm_status != DMARC_PARSE_OKAY) + { + log_write(0, LOG_MAIN|LOG_PANIC, "failure to read domainname used for DMARC lookup: %s", + opendmarc_policy_status_to_str(libdm_status)); + } + libdm_status = opendmarc_get_policy_to_enforce(dmarc_pctx); + dmarc_policy = libdm_status; + switch(libdm_status) + { + case DMARC_POLICY_ABSENT: /* No DMARC record found */ + dmarc_status = US"norecord"; + dmarc_pass_fail = US"temperror"; + dmarc_status_text = US"No DMARC record"; + action = DMARC_RESULT_ACCEPT; + break; + case DMARC_FROM_DOMAIN_ABSENT: /* No From: domain */ + dmarc_status = US"nofrom"; + dmarc_pass_fail = US"temperror"; + dmarc_status_text = US"No From: domain found"; + action = DMARC_RESULT_ACCEPT; + break; + case DMARC_POLICY_NONE: /* Accept and report */ + dmarc_status = US"none"; + dmarc_pass_fail = US"none"; + dmarc_status_text = US"None, Accept"; + action = DMARC_RESULT_ACCEPT; + break; + case DMARC_POLICY_PASS: /* Explicit accept */ + dmarc_status = US"accept"; + dmarc_pass_fail = US"pass"; + dmarc_status_text = US"Accept"; + action = DMARC_RESULT_ACCEPT; + break; + case DMARC_POLICY_REJECT: /* Explicit reject */ + dmarc_status = US"reject"; + dmarc_pass_fail = US"fail"; + dmarc_status_text = US"Reject"; + action = DMARC_RESULT_REJECT; + break; + case DMARC_POLICY_QUARANTINE: /* Explicit quarantine */ + dmarc_status = US"quarantine"; + dmarc_pass_fail = US"fail"; + dmarc_status_text = US"Quarantine"; + action = DMARC_RESULT_QUARANTINE; + break; + default: + dmarc_status = US"temperror"; + dmarc_pass_fail = US"temperror"; + dmarc_status_text = US"Internal Policy Error"; + action = DMARC_RESULT_TEMPFAIL; + break; + } + + libdm_status = opendmarc_policy_fetch_alignment(dmarc_pctx, &da, &sa); + if (libdm_status != DMARC_PARSE_OKAY) + { + log_write(0, LOG_MAIN|LOG_PANIC, "failure to read DMARC alignment: %s", + opendmarc_policy_status_to_str(libdm_status)); + } + + if (has_dmarc_record == TRUE) + { + log_write(0, LOG_MAIN, "DMARC results: spf_domain=%s dmarc_domain=%s " + "spf_align=%s dkim_align=%s enforcement='%s'", + spf_sender_domain, dmarc_used_domain, + (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?"yes":"no", + (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?"yes":"no", + dmarc_status_text); + history_file_status = dmarc_write_history_file(); + /* Now get the forensic reporting addresses, if any */ + ruf = opendmarc_policy_fetch_ruf(dmarc_pctx, NULL, 0, 1); + dmarc_send_forensic_report(ruf); + } + } + + /* set some global variables here */ + dmarc_ar_header = dmarc_auth_results_header(from_header, NULL); + + /* shut down libopendmarc */ + if ( dmarc_pctx != NULL ) + (void) opendmarc_policy_connect_shutdown(dmarc_pctx); + if ( dmarc_disable_verify == FALSE ) + (void) opendmarc_policy_library_shutdown(&dmarc_ctx); + + return OK; +} + +int dmarc_write_history_file() +{ + int history_file_fd; + ssize_t written_len; + int tmp_ans; + u_char **rua; /* aggregate report addressees */ + uschar *history_buffer = NULL; + + if (dmarc_history_file == NULL) + return DMARC_HIST_DISABLED; + history_file_fd = log_create(dmarc_history_file); + + if (history_file_fd < 0) + { + log_write(0, LOG_MAIN|LOG_PANIC, "failure to create DMARC history file: %s", + dmarc_history_file); + return DMARC_HIST_FILE_ERR; + } + + /* Generate the contents of the history file */ + history_buffer = string_sprintf("job %s\n", message_id); + history_buffer = string_sprintf("%sreporter %s\n", history_buffer, primary_hostname); + history_buffer = string_sprintf("%sreceived %ld\n", history_buffer, time(NULL)); + history_buffer = string_sprintf("%sipaddr %s\n", history_buffer, sender_host_address); + history_buffer = string_sprintf("%sfrom %s\n", history_buffer, header_from_sender); + history_buffer = string_sprintf("%smfrom %s\n", history_buffer, + expand_string(US"$sender_address_domain")); + + if (spf_response != NULL) + history_buffer = string_sprintf("%sspf %d\n", history_buffer, dmarc_spf_ares_result); + // history_buffer = string_sprintf("%sspf -1\n", history_buffer); + + history_buffer = string_sprintf("%s%s", history_buffer, dkim_history_buffer); + history_buffer = string_sprintf("%spdomain %s\n", history_buffer, dmarc_used_domain); + history_buffer = string_sprintf("%spolicy %d\n", history_buffer, dmarc_policy); + + rua = opendmarc_policy_fetch_rua(dmarc_pctx, NULL, 0, 1); + if (rua != NULL) + { + for (tmp_ans = 0; rua[tmp_ans] != NULL; tmp_ans++) + { + history_buffer = string_sprintf("%srua %s\n", history_buffer, rua[tmp_ans]); + } + } + else + history_buffer = string_sprintf("%srua -\n", history_buffer); + + opendmarc_policy_fetch_pct(dmarc_pctx, &tmp_ans); + history_buffer = string_sprintf("%spct %d\n", history_buffer, tmp_ans); + + opendmarc_policy_fetch_adkim(dmarc_pctx, &tmp_ans); + history_buffer = string_sprintf("%sadkim %d\n", history_buffer, tmp_ans); + + opendmarc_policy_fetch_aspf(dmarc_pctx, &tmp_ans); + history_buffer = string_sprintf("%saspf %d\n", history_buffer, tmp_ans); + + opendmarc_policy_fetch_p(dmarc_pctx, &tmp_ans); + history_buffer = string_sprintf("%sp %d\n", history_buffer, tmp_ans); + + opendmarc_policy_fetch_sp(dmarc_pctx, &tmp_ans); + history_buffer = string_sprintf("%ssp %d\n", history_buffer, tmp_ans); + + history_buffer = string_sprintf("%salign_dkim %d\n", history_buffer, da); + history_buffer = string_sprintf("%salign_spf %d\n", history_buffer, sa); + history_buffer = string_sprintf("%saction %d\n", history_buffer, action); + + /* Write the contents to the history file */ + DEBUG(D_receive) + debug_printf("DMARC logging history data for opendmarc reporting%s\n", + (host_checking || running_in_test_harness) ? " (not really)" : ""); + if (host_checking || running_in_test_harness) + { + DEBUG(D_receive) + debug_printf("DMARC history data for debugging:\n%s", history_buffer); + } + else + { + written_len = write_to_fd_buf(history_file_fd, + history_buffer, + Ustrlen(history_buffer)); + if (written_len == 0) + { + log_write(0, LOG_MAIN|LOG_PANIC, "failure to write to DMARC history file: %s", + dmarc_history_file); + return DMARC_HIST_WRITE_ERR; + } + (void)close(history_file_fd); + } + return DMARC_HIST_OK; +} + +void dmarc_send_forensic_report(u_char **ruf) +{ + int c; + uschar *recipient, *save_sender; + BOOL send_status = FALSE; + error_block *eblock = NULL; + FILE *message_file = NULL; + + /* Earlier ACL does not have *required* control=dmarc_enable_forensic */ + if (dmarc_enable_forensic == FALSE) + return; + + if ((dmarc_policy == DMARC_POLICY_REJECT && action == DMARC_RESULT_REJECT) || + (dmarc_policy == DMARC_POLICY_QUARANTINE && action == DMARC_RESULT_QUARANTINE) ) + { + if (ruf != NULL) + { + eblock = add_to_eblock(eblock, US"Sender Domain", dmarc_used_domain); + eblock = add_to_eblock(eblock, US"Sender IP Address", sender_host_address); + eblock = add_to_eblock(eblock, US"Received Date", tod_stamp(tod_full)); + eblock = add_to_eblock(eblock, US"SPF Alignment", + (sa==DMARC_POLICY_SPF_ALIGNMENT_PASS) ?US"yes":US"no"); + eblock = add_to_eblock(eblock, US"DKIM Alignment", + (da==DMARC_POLICY_DKIM_ALIGNMENT_PASS)?US"yes":US"no"); + eblock = add_to_eblock(eblock, US"DMARC Results", dmarc_status_text); + /* Set a sane default envelope sender */ + dsn_from = dmarc_forensic_sender ? dmarc_forensic_sender : + dsn_from ? dsn_from : + string_sprintf("do-not-reply@%s",primary_hostname); + for (c = 0; ruf[c] != NULL; c++) + { + recipient = string_copylc(ruf[c]); + if (Ustrncmp(recipient, "mailto:",7)) + continue; + /* Move to first character past the colon */ + recipient += 7; + DEBUG(D_receive) + debug_printf("DMARC forensic report to %s%s\n", recipient, + (host_checking || running_in_test_harness) ? " (not really)" : ""); + if (host_checking || running_in_test_harness) + continue; + save_sender = sender_address; + sender_address = recipient; + send_status = moan_to_sender(ERRMESS_DMARC_FORENSIC, eblock, + header_list, message_file, FALSE); + sender_address = save_sender; + if (send_status == FALSE) + log_write(0, LOG_MAIN|LOG_PANIC, "failure to send DMARC forensic report to %s", + recipient); + } + } + } +} + +uschar *dmarc_exim_expand_query(int what) +{ + if (dmarc_disable_verify || !dmarc_pctx) + return dmarc_exim_expand_defaults(what); + + switch(what) { + case DMARC_VERIFY_STATUS: + return(dmarc_status); + default: + return US""; + } +} + +uschar *dmarc_exim_expand_defaults(int what) +{ + switch(what) { + case DMARC_VERIFY_STATUS: + return (dmarc_disable_verify) ? + US"off" : + US"none"; + default: + return US""; + } +} + +uschar *dmarc_auth_results_header(header_line *from_header, uschar *hostname) +{ + uschar *hdr_tmp = US""; + + /* Allow a server hostname to be passed to this function, but is + * currently unused */ + if (hostname == NULL) + hostname = primary_hostname; + hdr_tmp = string_sprintf("%s %s;", DMARC_AR_HEADER, hostname); + +#if 0 + /* I don't think this belongs here, but left it here commented out + * because it was a lot of work to get working right. */ + if (spf_response != NULL) { + uschar *dmarc_ar_spf = US""; + int sr = 0; + sr = spf_response->result; + dmarc_ar_spf = (sr == SPF_RESULT_NEUTRAL) ? US"neutral" : + (sr == SPF_RESULT_PASS) ? US"pass" : + (sr == SPF_RESULT_FAIL) ? US"fail" : + (sr == SPF_RESULT_SOFTFAIL) ? US"softfail" : + US"none"; + hdr_tmp = string_sprintf("%s spf=%s (%s) smtp.mail=%s;", + hdr_tmp, dmarc_ar_spf_result, + spf_response->header_comment, + expand_string(US"$sender_address") ); + } +#endif + hdr_tmp = string_sprintf("%s dmarc=%s", + hdr_tmp, dmarc_pass_fail); + if (header_from_sender) + hdr_tmp = string_sprintf("%s header.from=%s", + hdr_tmp, header_from_sender); + return hdr_tmp; +} + +#endif /* EXPERIMENTAL_SPF */ +#endif /* EXPERIMENTAL_DMARC */ + +// vim:sw=2 expandtab diff --git a/src/src/dmarc.h b/src/src/dmarc.h new file mode 100644 index 000000000..356a8e423 --- /dev/null +++ b/src/src/dmarc.h @@ -0,0 +1,64 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Experimental DMARC support. + Copyright (c) Todd Lyons 2012, 2013 + License: GPL */ + +/* Portions Copyright (c) 2012, 2013, The Trusted Domain Project; + All rights reserved, licensed for use per LICENSE.opendmarc. */ + +#ifdef EXPERIMENTAL_DMARC + +#include "opendmarc/dmarc.h" +#ifdef EXPERIMENTAL_SPF +#include "spf2/spf.h" +#endif /* EXPERIMENTAL_SPF */ + +/* prototypes */ +int dmarc_init(); +int dmarc_store_data(header_line *); +int dmarc_process(); +uschar *dmarc_exim_expand_query(int); +uschar *dmarc_exim_expand_defaults(int); +uschar *dmarc_auth_results_header(header_line *,uschar *); +int dmarc_write_history_file(); +void dmarc_send_forensic_report(u_char **); + +#define DMARC_AR_HEADER US"Authentication-Results:" +#define DMARC_VERIFY_STATUS 1 + +#define DMARC_HIST_OK 1 +#define DMARC_HIST_DISABLED 2 +#define DMARC_HIST_EMPTY 3 +#define DMARC_HIST_FILE_ERR 4 +#define DMARC_HIST_WRITE_ERR 5 + +/* From opendmarc.c */ +#define DMARC_RESULT_REJECT 0 +#define DMARC_RESULT_DISCARD 1 +#define DMARC_RESULT_ACCEPT 2 +#define DMARC_RESULT_TEMPFAIL 3 +#define DMARC_RESULT_QUARANTINE 4 + +/* From opendmarc-ar.h */ +/* ARES_RESULT_T -- type for specifying an authentication result */ +#define ARES_RESULT_UNDEFINED (-1) +#define ARES_RESULT_PASS 0 +#define ARES_RESULT_UNUSED 1 +#define ARES_RESULT_SOFTFAIL 2 +#define ARES_RESULT_NEUTRAL 3 +#define ARES_RESULT_TEMPERROR 4 +#define ARES_RESULT_PERMERROR 5 +#define ARES_RESULT_NONE 6 +#define ARES_RESULT_FAIL 7 +#define ARES_RESULT_POLICY 8 +#define ARES_RESULT_NXDOMAIN 9 +#define ARES_RESULT_SIGNED 10 +#define ARES_RESULT_UNKNOWN 11 +#define ARES_RESULT_DISCARD 12 + +#endif /* EXPERIMENTAL_DMARC */ + +// vim:sw=2 expandtab diff --git a/src/src/dns.c b/src/src/dns.c index ae76e9e3f..820adff01 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -201,6 +201,36 @@ if (dns_use_edns0 >= 0) dns_use_edns0 ? "" : "un"); #endif +#ifndef DISABLE_DNSSEC +# ifdef RES_USE_DNSSEC +# ifndef RES_USE_EDNS0 +# error Have RES_USE_DNSSEC but not RES_USE_EDNS0? Something hinky ... +# endif +if (dns_dnssec_ok >= 0) + { + if (dns_use_edns0 == 0 && dns_dnssec_ok != 0) + { + DEBUG(D_resolver) + debug_printf("CONFLICT: dns_use_edns0 forced false, dns_dnssec_ok forced true, ignoring latter!\n"); + } + else + { + if (dns_dnssec_ok) + resp->options |= RES_USE_DNSSEC; + else + resp->options &= ~RES_USE_DNSSEC; + DEBUG(D_resolver) debug_printf("Coerced resolver DNSSEC support %s.\n", + dns_dnssec_ok ? "on" : "off"); + } + } +# else +if (dns_dnssec_ok >= 0) + DEBUG(D_resolver) + debug_printf("Unable to %sset DNSSEC without resolver support.\n", + dns_dnssec_ok ? "" : "un"); +# endif +#endif /* DISABLE_DNSSEC */ + os_put_dns_resolver_res(resp); } @@ -394,6 +424,34 @@ return &(dnss->srr); +/************************************************* +* Return whether AD bit set in DNS result * +*************************************************/ + +/* We do not perform DNSSEC work ourselves; if the administrator has installed +a verifying resolver which sets AD as appropriate, though, we'll use that. +(AD = Authentic Data) + +Argument: pointer to dns answer block +Returns: bool indicating presence of AD bit +*/ + +BOOL +dns_is_secure(dns_answer *dnsa) +{ +#ifdef DISABLE_DNSSEC +DEBUG(D_dns) + debug_printf("DNSSEC support disabled at build-time; dns_is_secure() false\n"); +return FALSE; +#else +HEADER *h = (HEADER *)dnsa->answer; +return h->ad ? TRUE : FALSE; +#endif +} + + + + /************************************************* * Turn DNS type into text * *************************************************/ diff --git a/src/src/exim.c b/src/src/exim.c index 587e13685..1e4d6d646 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -52,6 +52,16 @@ store_free(block); +/************************************************* +* Enums for cmdline interface * +*************************************************/ + +enum commandline_info { CMDINFO_NONE=0, + CMDINFO_HELP, CMDINFO_SIEVE, CMDINFO_DSCP }; + + + + /************************************************* * Compile regular expression and panic on fail * *************************************************/ @@ -212,7 +222,7 @@ to disrupt whatever is going on outside the signal handler. */ if (fd < 0) return; -(void)write(fd, process_info, process_info_len); +{int dummy = write(fd, process_info, process_info_len); dummy = dummy; } (void)close(fd); } @@ -516,7 +526,7 @@ close_unwanted(void) if (smtp_input) { #ifdef SUPPORT_TLS - tls_close(FALSE); /* Shut down the TLS library */ + tls_close(FALSE, FALSE); /* Shut down the TLS library */ #endif (void)close(fileno(smtp_in)); (void)close(fileno(smtp_out)); @@ -806,6 +816,15 @@ fprintf(f, "Support for:"); #ifdef EXPERIMENTAL_DCC fprintf(f, " Experimental_DCC"); #endif +#ifdef EXPERIMENTAL_DMARC + fprintf(f, " Experimental_DMARC"); +#endif +#ifdef EXPERIMENTAL_OCSP + fprintf(f, " Experimental_OCSP"); +#endif +#ifdef EXPERIMENTAL_PRDR + fprintf(f, " Experimental_PRDR"); +#endif #ifdef EXPERIMENTAL_DBL fprintf(f, " EXPERIMENTAL_DBL"); #endif @@ -1017,6 +1036,39 @@ DEBUG(D_any) do { } +/************************************************* +* Show auxiliary information about Exim * +*************************************************/ + +static void +show_exim_information(enum commandline_info request, FILE *stream) +{ +const uschar **pp; + +switch(request) + { + case CMDINFO_NONE: + fprintf(stream, "Oops, something went wrong.\n"); + return; + case CMDINFO_HELP: + fprintf(stream, +"The -bI: flag takes a string indicating which information to provide.\n" +"If the string is not recognised, you'll get this help (on stderr).\n" +"\n" +" exim -bI:help this information\n" +" exim -bI:dscp dscp value keywords known\n" +" exim -bI:sieve list of supported sieve extensions, one per line.\n" +); + return; + case CMDINFO_SIEVE: + for (pp = exim_sieve_extension_list; *pp; ++pp) + fprintf(stream, "%s\n", *pp); + return; + case CMDINFO_DSCP: + dscp_list_to_stream(stream); + return; + } +} /************************************************* @@ -1394,6 +1446,8 @@ BOOL checking = FALSE; BOOL count_queue = FALSE; BOOL expansion_test = FALSE; BOOL extract_recipients = FALSE; +BOOL flag_G = FALSE; +BOOL flag_n = FALSE; BOOL forced_delivery = FALSE; BOOL f_end_dot = FALSE; BOOL deliver_give_up = FALSE; @@ -1414,6 +1468,7 @@ BOOL verify_as_sender = FALSE; BOOL version_printed = FALSE; uschar *alias_arg = NULL; uschar *called_as = US""; +uschar *cmdline_syslog_name = NULL; uschar *start_queue_run_id = NULL; uschar *stop_queue_run_id = NULL; uschar *expansion_test_message = NULL; @@ -1424,6 +1479,7 @@ uschar *ftest_suffix = NULL; uschar *malware_test_file = NULL; uschar *real_sender_address; uschar *originator_home = US"/"; +size_t sz; void *reset_point; struct passwd *pw; @@ -1432,6 +1488,10 @@ pid_t passed_qr_pid = (pid_t)0; int passed_qr_pipe = -1; gid_t group_list[NGROUPS_MAX]; +/* For the -bI: flag */ +enum commandline_info info_flag = CMDINFO_NONE; +BOOL info_stdout = FALSE; + /* Possible options for -R and -S */ static uschar *rsopts[] = { US"f", US"ff", US"r", US"rf", US"rff" }; @@ -1830,6 +1890,26 @@ for (i = 1; i < argc; i++) switch(switchchar) { + + /* sendmail uses -Ac and -Am to control which .cf file is used; + we ignore them. */ + case 'A': + if (*argrest == '\0') { badarg = TRUE; break; } + else + { + BOOL ignore = FALSE; + switch (*argrest) + { + case 'c': + case 'm': + if (*(argrest + 1) == '\0') + ignore = TRUE; + break; + } + if (!ignore) { badarg = TRUE; break; } + } + break; + /* -Btype is a sendmail option for 7bit/8bit setting. Exim is 8-bit clean so has no need of it. */ @@ -1931,6 +2011,32 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "i") == 0) bi_option = TRUE; + /* -bI: provide information, of the type to follow after a colon. + This is an Exim flag. */ + + else if (argrest[0] == 'I' && Ustrlen(argrest) >= 2 && argrest[1] == ':') + { + uschar *p = &argrest[2]; + info_flag = CMDINFO_HELP; + if (Ustrlen(p)) + { + if (strcmpic(p, CUS"sieve") == 0) + { + info_flag = CMDINFO_SIEVE; + info_stdout = TRUE; + } + else if (strcmpic(p, CUS"dscp") == 0) + { + info_flag = CMDINFO_DSCP; + info_stdout = TRUE; + } + else if (strcmpic(p, CUS"help") == 0) + { + info_stdout = TRUE; + } + } + } + /* -bm: Accept and deliver message - the default option. Reinstate receiving_message, which got turned off for all -b options. */ @@ -2413,9 +2519,13 @@ for (i = 1; i < argc; i++) } break; - /* This is some Sendmail thing which can be ignored */ + /* -G: sendmail invocation to specify that it's a gateway submission and + sendmail may complain about problems instead of fixing them. + We make it equivalent to an ACL "control = suppress_local_fixups" and do + not at this time complain about problems. */ case 'G': + flag_G = TRUE; break; /* -h: Set the hop count for an incoming message. Exim does not currently @@ -2440,6 +2550,29 @@ for (i = 1; i < argc; i++) break; + /* -L: set the identifier used for syslog; equivalent to setting + syslog_processname in the config file, but needs to be an admin option. */ + + case 'L': + if (*argrest == '\0') + { + if(++i < argc) argrest = argv[i]; else + { badarg = TRUE; break; } + } + sz = Ustrlen(argrest); + if (sz > 32) + { + fprintf(stderr, "exim: the -L syslog name is too long: \"%s\"\n", argrest); + return EXIT_FAILURE; + } + if (sz < 1) + { + fprintf(stderr, "exim: the -L syslog name is too short\n"); + return EXIT_FAILURE; + } + cmdline_syslog_name = argrest; + break; + case 'M': receiving_message = FALSE; @@ -2702,10 +2835,12 @@ for (i = 1; i < argc; i++) break; - /* -n: This means "don't alias" in sendmail, apparently. Just ignore - it. */ + /* -n: This means "don't alias" in sendmail, apparently. + For normal invocations, it has no effect. + It may affect some other options. */ case 'n': + flag_n = TRUE; break; /* -O: Just ignore it. In sendmail, apparently -O option=value means set @@ -3153,7 +3288,7 @@ for (i = 1; i < argc; i++) /* -tls-on-connect: don't wait for STARTTLS (for old clients) */ #ifdef SUPPORT_TLS - else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_on_connect = TRUE; + else if (Ustrcmp(argrest, "ls-on-connect") == 0) tls_in.on_connect = TRUE; #endif else badarg = TRUE; @@ -3194,6 +3329,20 @@ for (i = 1; i < argc; i++) if (*argrest != 0) badarg = TRUE; break; + /* -X: in sendmail: takes one parameter, logfile, and sends debugging + logs to that file. We swallow the parameter and otherwise ignore it. */ + + case 'X': + if (*argrest == '\0') + { + if (++i >= argc) + { + fprintf(stderr, "exim: string expected after -X\n"); + exit(EXIT_FAILURE); + } + } + break; + /* All other initial characters are errors */ default: @@ -3498,6 +3647,66 @@ configuration data for delivery can be read if needed. */ readconf_main(); +/* If an action on specific messages is requested, or if a daemon or queue +runner is being started, we need to know if Exim was called by an admin user. +This is the case if the real user is root or exim, or if the real group is +exim, or if one of the supplementary groups is exim or a group listed in +admin_groups. We don't fail all message actions immediately if not admin_user, +since some actions can be performed by non-admin users. Instead, set admin_user +for later interrogation. */ + +if (real_uid == root_uid || real_uid == exim_uid || real_gid == exim_gid) + admin_user = TRUE; +else + { + int i, j; + for (i = 0; i < group_count; i++) + { + if (group_list[i] == exim_gid) admin_user = TRUE; + else if (admin_groups != NULL) + { + for (j = 1; j <= (int)(admin_groups[0]); j++) + if (admin_groups[j] == group_list[i]) + { admin_user = TRUE; break; } + } + if (admin_user) break; + } + } + +/* Another group of privileged users are the trusted users. These are root, +exim, and any caller matching trusted_users or trusted_groups. Trusted callers +are permitted to specify sender_addresses with -f on the command line, and +other message parameters as well. */ + +if (real_uid == root_uid || real_uid == exim_uid) + trusted_caller = TRUE; +else + { + int i, j; + + if (trusted_users != NULL) + { + for (i = 1; i <= (int)(trusted_users[0]); i++) + if (trusted_users[i] == real_uid) + { trusted_caller = TRUE; break; } + } + + if (!trusted_caller && trusted_groups != NULL) + { + for (i = 1; i <= (int)(trusted_groups[0]); i++) + { + if (trusted_groups[i] == real_gid) + trusted_caller = TRUE; + else for (j = 0; j < group_count; j++) + { + if (trusted_groups[i] == group_list[j]) + { trusted_caller = TRUE; break; } + } + if (trusted_caller) break; + } + } + } + /* Handle the decoding of logging options. */ decode_bits(&log_write_selector, &log_extra_selector, 0, 0, @@ -3529,6 +3738,24 @@ if (sender_address != NULL) } } +/* See if an admin user overrode our logging. */ + +if (cmdline_syslog_name != NULL) + { + if (admin_user) + { + syslog_processname = cmdline_syslog_name; + log_file_path = string_copy(CUS"syslog"); + } + else + { + /* not a panic, non-privileged users should not be able to spam paniclog */ + fprintf(stderr, + "exim: you lack sufficient privilege to specify syslog process name\n"); + return EXIT_FAILURE; + } + } + /* Paranoia check of maximum lengths of certain strings. There is a check on the length of the log file path in log.c, which will come into effect if there are any calls to write the log earlier than this. However, if we @@ -3690,8 +3917,9 @@ if (((debug_selector & D_any) != 0 || (log_extra_selector & LX_arguments) != 0) { int i; uschar *p = big_buffer; - Ustrcpy(p, "cwd="); - (void)getcwd(CS p+4, big_buffer_size - 4); + char * dummy; + Ustrcpy(p, "cwd= (failed)"); + dummy = /* quieten compiler */ getcwd(CS p+4, big_buffer_size - 4); while (*p) p++; (void)string_format(p, big_buffer_size - (p - big_buffer), " %d args:", argc); while (*p) p++; @@ -3734,8 +3962,9 @@ privilege by now. Before the chdir, we try to ensure that the directory exists. if (Uchdir(spool_directory) != 0) { + int dummy; (void)directory_make(spool_directory, US"", SPOOL_DIRECTORY_MODE, FALSE); - (void)Uchdir(spool_directory); + dummy = /* quieten compiler */ Uchdir(spool_directory); } /* Handle calls with the -bi option. This is a sendmail option to rebuild *the* @@ -3772,65 +4001,9 @@ if (bi_option) } } -/* If an action on specific messages is requested, or if a daemon or queue -runner is being started, we need to know if Exim was called by an admin user. -This is the case if the real user is root or exim, or if the real group is -exim, or if one of the supplementary groups is exim or a group listed in -admin_groups. We don't fail all message actions immediately if not admin_user, -since some actions can be performed by non-admin users. Instead, set admin_user -for later interrogation. */ - -if (real_uid == root_uid || real_uid == exim_uid || real_gid == exim_gid) - admin_user = TRUE; -else - { - int i, j; - for (i = 0; i < group_count; i++) - { - if (group_list[i] == exim_gid) admin_user = TRUE; - else if (admin_groups != NULL) - { - for (j = 1; j <= (int)(admin_groups[0]); j++) - if (admin_groups[j] == group_list[i]) - { admin_user = TRUE; break; } - } - if (admin_user) break; - } - } - -/* Another group of privileged users are the trusted users. These are root, -exim, and any caller matching trusted_users or trusted_groups. Trusted callers -are permitted to specify sender_addresses with -f on the command line, and -other message parameters as well. */ - -if (real_uid == root_uid || real_uid == exim_uid) - trusted_caller = TRUE; -else - { - int i, j; - - if (trusted_users != NULL) - { - for (i = 1; i <= (int)(trusted_users[0]); i++) - if (trusted_users[i] == real_uid) - { trusted_caller = TRUE; break; } - } - - if (!trusted_caller && trusted_groups != NULL) - { - for (i = 1; i <= (int)(trusted_groups[0]); i++) - { - if (trusted_groups[i] == real_gid) - trusted_caller = TRUE; - else for (j = 0; j < group_count; j++) - { - if (trusted_groups[i] == group_list[j]) - { trusted_caller = TRUE; break; } - } - if (trusted_caller) break; - } - } - } +/* We moved the admin/trusted check to be immediately after reading the +configuration file. We leave these prints here to ensure that syslog setup, +logfile setup, and so on has already happened. */ if (trusted_caller) DEBUG(D_any) debug_printf("trusted user\n"); if (admin_user) DEBUG(D_any) debug_printf("admin user\n"); @@ -3898,6 +4071,21 @@ else interface_port = check_port(interface_address); } +/* If the caller is trusted, then they can use -G to suppress_local_fixups. */ +if (flag_G) + { + if (trusted_caller) + { + suppress_local_fixups = suppress_local_fixups_default = TRUE; + DEBUG(D_acl) debug_printf("suppress_local_fixups forced on by -G\n"); + } + else + { + fprintf(stderr, "exim: permission denied (-G requires a trusted user)\n"); + return EXIT_FAILURE; + } + } + /* If an SMTP message is being received check to see if the standard input is a TCP/IP socket. If it is, we assume that Exim was called from inetd if the caller is root or the Exim user, or if the port is a privileged one. Otherwise, @@ -3919,7 +4107,7 @@ if (smtp_input) interface_address = host_ntoa(-1, &interface_sock, NULL, &interface_port); - if (host_is_tls_on_connect_port(interface_port)) tls_on_connect = TRUE; + if (host_is_tls_on_connect_port(interface_port)) tls_in.on_connect = TRUE; if (real_uid == root_uid || real_uid == exim_uid || interface_port < 1024) { @@ -4226,11 +4414,12 @@ if (test_retry_arg >= 0) } /* Handle a request to list one or more configuration options */ +/* If -n was set, we suppress some information */ if (list_options) { set_process_info("listing variables"); - if (recipients_arg >= argc) readconf_print(US"all", NULL); + if (recipients_arg >= argc) readconf_print(US"all", NULL, flag_n); else for (i = recipients_arg; i < argc; i++) { if (i < argc - 1 && @@ -4239,10 +4428,10 @@ if (list_options) Ustrcmp(argv[i], "authenticator") == 0 || Ustrcmp(argv[i], "macro") == 0)) { - readconf_print(argv[i+1], argv[i]); + readconf_print(argv[i+1], argv[i], flag_n); i++; } - else readconf_print(argv[i], NULL); + else readconf_print(argv[i], NULL, flag_n); } exim_exit(EXIT_SUCCESS); } @@ -4769,7 +4958,8 @@ if (host_checking) /* Arrange for message reception if recipients or SMTP were specified; otherwise complain unless a version print (-bV) happened or this is a filter -verification test. In the former case, show the configuration file name. */ +verification test or info dump. +In the former case, show the configuration file name. */ if (recipients_arg >= argc && !extract_recipients && !smtp_input) { @@ -4779,6 +4969,12 @@ if (recipients_arg >= argc && !extract_recipients && !smtp_input) return EXIT_SUCCESS; } + if (info_flag != CMDINFO_NONE) + { + show_exim_information(info_flag, info_stdout ? stdout : stderr); + return info_stdout ? EXIT_SUCCESS : EXIT_FAILURE; + } + if (filter_test == FTEST_NONE) exim_usage(called_as); } @@ -5216,7 +5412,11 @@ while (more) if (ftest_prefix != NULL) printf("Prefix = %s\n", ftest_prefix); if (ftest_suffix != NULL) printf("Suffix = %s\n", ftest_suffix); - (void)chdir("/"); /* Get away from wherever the user is running this from */ + if (chdir("/")) /* Get away from wherever the user is running this from */ + { + DEBUG(D_receive) debug_printf("chdir(\"/\") failed\n"); + exim_exit(EXIT_FAILURE); + } /* Now we run either a system filter test, or a user filter test, or both. In the latter case, headers added by the system filter will persist and be diff --git a/src/src/exim.h b/src/src/exim.h index 32871660d..ec809d6b7 100644 --- a/src/src/exim.h +++ b/src/src/exim.h @@ -106,6 +106,15 @@ making unique names. */ #define UCHAR_MAX 255 #endif + +/* To match int_eximarith_t. Define in OS/os.h- to override. */ +#ifndef EXIM_ARITH_MAX +# define EXIM_ARITH_MAX ((int_eximarith_t)9223372036854775807LL) +#endif +#ifndef EXIM_ARITH_MIN +# define EXIM_ARITH_MIN (-EXIM_ARITH_MAX - 1) +#endif + /* Some systems have PATH_MAX and some have MAX_PATH_LEN. */ #ifndef PATH_MAX @@ -354,6 +363,7 @@ side, put in definitions for all the ones that Exim uses. */ #define T_ZNS (-1) #define T_MXH (-2) #define T_CSA (-3) +#define T_APL (-4) /* The resolv.h header defines __P(x) on some Solaris 2.5.1 systems (without checking that it is already defined, in fact). This conflicts with other @@ -485,6 +495,10 @@ config.h, mytypes.h, and store.h, so we don't need to mention them explicitly. #ifndef DISABLE_DKIM #include "dkim.h" #endif +#ifdef EXPERIMENTAL_DMARC +#include "dmarc.h" +#include +#endif /* The following stuff must follow the inclusion of config.h because it requires various things that are set therein. */ diff --git a/src/src/exim_lock.c b/src/src/exim_lock.c index 0a9dfde2d..0d3475138 100644 --- a/src/src/exim_lock.c +++ b/src/src/exim_lock.c @@ -583,12 +583,14 @@ if (restore_times) struct stat strestore; struct utimbuf ut; stat(filename, &strestore); - (void)system(command); + i = system(command); ut.actime = strestore.st_atime; ut.modtime = strestore.st_mtime; utime(filename, &ut); } -else (void)system(command); +else i = system(command); + +if(i && !quiet) printf("warning: nonzero status %d\n", i); /* Remove the locks and exit. Unlink the /tmp file if we can get an exclusive lock on the mailbox. This should be a non-blocking lock call, as there is no diff --git a/src/src/eximstats.src b/src/src/eximstats.src index 4edb7e54b..56721ed62 100644 --- a/src/src/eximstats.src +++ b/src/src/eximstats.src @@ -284,6 +284,8 @@ # 2007-09-20 V1.60 Heiko Schlittermann # Fix for misinterpreted log lines # +# 2013-01-14 V1.61 Steve Campbell +# Watch out for senders sending "HELO [IpAddr]" # # # For documentation on the logfile format, see @@ -582,7 +584,7 @@ use vars qw($WEEK $DAY $HOUR $MINUTE); @days_per_month = (0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334); $gig = 1024 * 1024 * 1024; -$VERSION = '1.60'; +$VERSION = '1.61'; # How much space do we allow for the Hosts/Domains/Emails/Edomains column headers? $COLUMN_WIDTHS = 8; @@ -1924,7 +1926,8 @@ sub generate_parser { # "H=Host (UnverifiedHost) [IpAddr]" or "H=(UnverifiedHost) [IpAddr]". # We do 2 separate matches to keep the matches simple and fast. # Host is local unless otherwise specified. - $ip = (/\\bH=.*?(\\[[^]]+\\])/) ? $1 + # Watch out for "H=([IpAddr])" in case they send "[IpAddr]" as their HELO! + $ip = (/\\bH=(?:|.*? )(\\[[^]]+\\])/) ? $1 # 2008-03-31 06:25:22 Connection from [213.246.33.217]:39456 refused: too many connections from that IP address // .hs : (/Connection from (\[\S+\])/) ? $1 # 2008-03-31 06:52:40 SMTP call from mail.cacoshrf.com (ccsd02.ccsd.local) [69.24.118.229]:4511 dropped: too many nonmail commands (last was "RSET") // .hs diff --git a/src/src/expand.c b/src/src/expand.c index 31d51d79e..d808d1bf3 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -102,6 +102,7 @@ bcrypt ({CRYPT}$2a$). alphabetical order. */ static uschar *item_table[] = { + US"acl", US"dlfunc", US"extract", US"filter", @@ -124,6 +125,7 @@ static uschar *item_table[] = { US"tr" }; enum { + EITEM_ACL, EITEM_DLFUNC, EITEM_EXTRACT, EITEM_FILTER, @@ -179,9 +181,12 @@ static uschar *op_table_main[] = { US"h", US"hash", US"hex2b64", + US"hexquote", US"l", US"lc", US"length", + US"listcount", + US"listnamed", US"mask", US"md5", US"nh", @@ -212,9 +217,12 @@ enum { EOP_H, EOP_HASH, EOP_HEX2B64, + EOP_HEXQUOTE, EOP_L, EOP_LC, EOP_LENGTH, + EOP_LISTCOUNT, + EOP_LISTNAMED, EOP_MASK, EOP_MD5, EOP_NH, @@ -243,6 +251,7 @@ static uschar *cond_table[] = { US"==", /* Backward compatibility */ US">", US">=", + US"acl", US"and", US"bool", US"bool_lax", @@ -288,6 +297,7 @@ enum { ECOND_NUM_EE, ECOND_NUM_G, ECOND_NUM_GE, + ECOND_ACL, ECOND_AND, ECOND_BOOL, ECOND_BOOL_LAX, @@ -351,6 +361,7 @@ enum { vtype_ino, /* value is address of ino_t (not always an int) */ vtype_uid, /* value is address of uid_t (not always an int) */ vtype_gid, /* value is address of gid_t (not always an int) */ + vtype_bool, /* value is address of bool */ vtype_stringptr, /* value is address of pointer to string */ vtype_msgbody, /* as stringptr, but read when first required */ vtype_msgbody_end, /* ditto, the end of the message */ @@ -358,9 +369,7 @@ enum { vtype_msgheaders_raw, /* the message's headers, unprocessed */ vtype_localpart, /* extract local part from string */ vtype_domain, /* extract domain from string */ - vtype_recipients, /* extract recipients from recipients list */ - /* (available only in system filters, ACLs, and */ - /* local_scan()) */ + vtype_string_func, /* value is string returned by given function */ vtype_todbsdin, /* value not used; generate BSD inbox tod */ vtype_tode, /* value not used; generate tod in epoch format */ vtype_todel, /* value not used; generate tod in epoch/usec format */ @@ -380,11 +389,23 @@ enum { #endif }; +static uschar * fn_recipients(void); + /* This table must be kept in alphabetical order. */ static var_entry var_table[] = { /* WARNING: Do not invent variables whose names start acl_c or acl_m because they will be confused with user-creatable ACL variables. */ + { "acl_arg1", vtype_stringptr, &acl_arg[0] }, + { "acl_arg2", vtype_stringptr, &acl_arg[1] }, + { "acl_arg3", vtype_stringptr, &acl_arg[2] }, + { "acl_arg4", vtype_stringptr, &acl_arg[3] }, + { "acl_arg5", vtype_stringptr, &acl_arg[4] }, + { "acl_arg6", vtype_stringptr, &acl_arg[5] }, + { "acl_arg7", vtype_stringptr, &acl_arg[6] }, + { "acl_arg8", vtype_stringptr, &acl_arg[7] }, + { "acl_arg9", vtype_stringptr, &acl_arg[8] }, + { "acl_narg", vtype_int, &acl_narg }, { "acl_verify_message", vtype_stringptr, &acl_verify_message }, { "address_data", vtype_stringptr, &deliver_address_data }, { "address_file", vtype_stringptr, &address_file }, @@ -449,6 +470,12 @@ static var_entry var_table[] = { { "dkim_signers", vtype_stringptr, &dkim_signers }, { "dkim_verify_reason", vtype_dkim, (void *)DKIM_VERIFY_REASON }, { "dkim_verify_status", vtype_dkim, (void *)DKIM_VERIFY_STATUS}, +#endif +#ifdef EXPERIMENTAL_DMARC + { "dmarc_ar_header", vtype_stringptr, &dmarc_ar_header }, + { "dmarc_status", vtype_stringptr, &dmarc_status }, + { "dmarc_status_text", vtype_stringptr, &dmarc_status_text }, + { "dmarc_used_domain", vtype_stringptr, &dmarc_used_domain }, #endif { "dnslist_domain", vtype_stringptr, &dnslist_domain }, { "dnslist_matched", vtype_stringptr, &dnslist_matched }, @@ -462,6 +489,7 @@ static var_entry var_table[] = { #ifdef WITH_OLD_DEMIME { "found_extension", vtype_stringptr, &found_extension }, #endif + { "headers_added", vtype_string_func, &fn_hdrs_added }, { "home", vtype_stringptr, &deliver_home }, { "host", vtype_stringptr, &deliver_host }, { "host_address", vtype_stringptr, &deliver_host_address }, @@ -553,7 +581,7 @@ static var_entry var_table[] = { { "received_time", vtype_int, &received_time }, { "recipient_data", vtype_stringptr, &recipient_data }, { "recipient_verify_failure",vtype_stringptr,&recipient_verify_failure }, - { "recipients", vtype_recipients, NULL }, + { "recipients", vtype_string_func, &fn_recipients }, { "recipients_count", vtype_int, &recipients_count }, #ifdef WITH_CONTENT_SCAN { "regex_match_string", vtype_stringptr, ®ex_match_string }, @@ -561,6 +589,7 @@ static var_entry var_table[] = { { "reply_address", vtype_reply, NULL }, { "return_path", vtype_stringptr, &return_path }, { "return_size_limit", vtype_int, &bounce_return_size_limit }, + { "router_name", vtype_stringptr, &router_name }, { "runrc", vtype_int, &runrc }, { "self_hostname", vtype_stringptr, &self_hostname }, { "sender_address", vtype_stringptr, &sender_address }, @@ -572,6 +601,7 @@ static var_entry var_table[] = { { "sender_helo_name", vtype_stringptr, &sender_helo_name }, { "sender_host_address", vtype_stringptr, &sender_host_address }, { "sender_host_authenticated",vtype_stringptr, &sender_host_authenticated }, + { "sender_host_dnssec", vtype_bool, &sender_host_dnssec }, { "sender_host_name", vtype_host_lookup, NULL }, { "sender_host_port", vtype_int, &sender_host_port }, { "sender_ident", vtype_stringptr, &sender_ident }, @@ -622,13 +652,32 @@ static var_entry var_table[] = { { "srs_status", vtype_stringptr, &srs_status }, #endif { "thisaddress", vtype_stringptr, &filter_thisaddress }, - { "tls_bits", vtype_int, &tls_bits }, - { "tls_certificate_verified", vtype_int, &tls_certificate_verified }, - { "tls_cipher", vtype_stringptr, &tls_cipher }, - { "tls_peerdn", vtype_stringptr, &tls_peerdn }, -#ifdef SUPPORT_TLS - { "tls_sni", vtype_stringptr, &tls_sni }, + + /* The non-(in,out) variables are now deprecated */ + { "tls_bits", vtype_int, &tls_in.bits }, + { "tls_certificate_verified", vtype_int, &tls_in.certificate_verified }, + { "tls_cipher", vtype_stringptr, &tls_in.cipher }, + + { "tls_in_bits", vtype_int, &tls_in.bits }, + { "tls_in_certificate_verified", vtype_int, &tls_in.certificate_verified }, + { "tls_in_cipher", vtype_stringptr, &tls_in.cipher }, + { "tls_in_peerdn", vtype_stringptr, &tls_in.peerdn }, +#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS) + { "tls_in_sni", vtype_stringptr, &tls_in.sni }, #endif + { "tls_out_bits", vtype_int, &tls_out.bits }, + { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified }, + { "tls_out_cipher", vtype_stringptr, &tls_out.cipher }, + { "tls_out_peerdn", vtype_stringptr, &tls_out.peerdn }, +#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS) + { "tls_out_sni", vtype_stringptr, &tls_out.sni }, +#endif + + { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */ +#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS) + { "tls_sni", vtype_stringptr, &tls_in.sni }, /* mind the alphabetical order! */ +#endif + { "tod_bsdinbox", vtype_todbsdin, NULL }, { "tod_epoch", vtype_tode, NULL }, { "tod_epoch_l", vtype_todel, NULL }, @@ -637,6 +686,7 @@ static var_entry var_table[] = { { "tod_logfile", vtype_todlf, NULL }, { "tod_zone", vtype_todzone, NULL }, { "tod_zulu", vtype_todzulu, NULL }, + { "transport_name", vtype_stringptr, &transport_name }, { "value", vtype_stringptr, &lookup_value }, { "version_number", vtype_stringptr, &version_string }, { "warn_message_delay", vtype_stringptr, &warnmsg_delay }, @@ -754,8 +804,11 @@ return -1; /* This function is called to expand a string, and test the result for a "true" or "false" value. Failure of the expansion yields FALSE; logged unless it was a -forced fail or lookup defer. All store used by the function can be released on -exit. +forced fail or lookup defer. + +We used to release all store used, but this is not not safe due +to ${dlfunc } and ${acl }. In any case expand_string_internal() +is reasonably careful to release what it can. The actual false-value tests should be replicated for ECOND_BOOL_LAX. @@ -771,7 +824,6 @@ BOOL expand_check_condition(uschar *condition, uschar *m1, uschar *m2) { int rc; -void *reset_point = store_get(0); uschar *ss = expand_string(condition); if (ss == NULL) { @@ -782,7 +834,6 @@ if (ss == NULL) } rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 && strcmpic(ss, US"false") != 0; -store_reset(reset_point); return rc; } @@ -1417,6 +1468,34 @@ return yield; +/************************************************* +* Return list of recipients * +*************************************************/ +/* A recipients list is available only during system message filtering, +during ACL processing after DATA, and while expanding pipe commands +generated from a system filter, but not elsewhere. */ + +static uschar * +fn_recipients(void) +{ +if (!enable_dollar_recipients) return NULL; else + { + int size = 128; + int ptr = 0; + int i; + uschar * s = store_get(size); + for (i = 0; i < recipients_count; i++) + { + if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2); + s = string_cat(s, &size, &ptr, recipients_list[i].address, + Ustrlen(recipients_list[i].address)); + } + s[ptr] = 0; /* string_cat() leaves room */ + return s; + } +} + + /************************************************* * Find value of a variable * *************************************************/ @@ -1513,6 +1592,10 @@ while (last > first) sprintf(CS var_buffer, "%ld", (long int)(*(uid_t *)(var_table[middle].value))); /* uid */ return var_buffer; + case vtype_bool: + sprintf(CS var_buffer, "%s", *(BOOL *)(var_table[middle].value) ? "yes" : "no"); /* bool */ + return var_buffer; + case vtype_stringptr: /* Pointer to string */ s = *((uschar **)(var_table[middle].value)); return (s == NULL)? US"" : s; @@ -1638,26 +1721,11 @@ while (last > first) } return (s == NULL)? US"" : s; - /* A recipients list is available only during system message filtering, - during ACL processing after DATA, and while expanding pipe commands - generated from a system filter, but not elsewhere. */ - - case vtype_recipients: - if (!enable_dollar_recipients) return NULL; else + case vtype_string_func: { - int size = 128; - int ptr = 0; - int i; - s = store_get(size); - for (i = 0; i < recipients_count; i++) - { - if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2); - s = string_cat(s, &size, &ptr, recipients_list[i].address, - Ustrlen(recipients_list[i].address)); - } - s[ptr] = 0; /* string_cat() leaves room */ + uschar * (*fn)() = var_table[middle].value; + return fn(); } - return s; case vtype_pspace: { @@ -1689,6 +1757,31 @@ return NULL; /* Unknown variable name */ +void +modify_variable(uschar *name, void * value) +{ +int first = 0; +int last = var_table_size; + +while (last > first) + { + int middle = (first + last)/2; + int c = Ustrcmp(name, var_table[middle].name); + + if (c > 0) { first = middle + 1; continue; } + if (c < 0) { last = middle; continue; } + + /* Found an existing variable; change the item it refers to */ + var_table[middle].value = value; + return; + } +return; /* Unknown variable name, fail silently */ +} + + + + + /************************************************* * Read and expand substrings * *************************************************/ @@ -1778,6 +1871,58 @@ if (Ustrncmp(name, "acl_", 4) == 0) +/* +Load args from sub array to globals, and call acl_check(). +Sub array will be corrupted on return. + +Returns: OK access is granted by an ACCEPT verb + DISCARD access is granted by a DISCARD verb + FAIL access is denied + FAIL_DROP access is denied; drop the connection + DEFER can't tell at the moment + ERROR disaster +*/ +static int +eval_acl(uschar ** sub, int nsub, uschar ** user_msgp) +{ +int i; +uschar *tmp; +int sav_narg = acl_narg; +int ret; +extern int acl_where; + +if(--nsub > sizeof(acl_arg)/sizeof(*acl_arg)) nsub = sizeof(acl_arg)/sizeof(*acl_arg); +for (i = 0; i < nsub && sub[i+1]; i++) + { + tmp = acl_arg[i]; + acl_arg[i] = sub[i+1]; /* place callers args in the globals */ + sub[i+1] = tmp; /* stash the old args using our caller's storage */ + } +acl_narg = i; +while (i < nsub) + { + sub[i+1] = acl_arg[i]; + acl_arg[i++] = NULL; + } + +DEBUG(D_expand) + debug_printf("expanding: acl: %s arg: %s%s\n", + sub[0], + acl_narg>0 ? sub[1] : US"", + acl_narg>1 ? " +more" : ""); + +ret = acl_eval(acl_where, sub[0], user_msgp, &tmp); + +for (i = 0; i < nsub; i++) + acl_arg[i] = sub[i+1]; /* restore old args */ +acl_narg = sav_narg; + +return ret; +} + + + + /************************************************* * Read and evaluate a condition * *************************************************/ @@ -1805,7 +1950,7 @@ int i, rc, cond_type, roffset; int_eximarith_t num[2]; struct stat statbuf; uschar name[256]; -uschar *sub[4]; +uschar *sub[10]; const pcre *re; const uschar *rerror; @@ -1872,6 +2017,7 @@ switch(cond_type) Ustrncmp(name, "bheader_", 8) == 0) { s = read_header_name(name, 256, s); + /* {-for-text-editors */ if (Ustrchr(name, '}') != NULL) malformed_header = TRUE; if (yield != NULL) *yield = (find_header(name, TRUE, NULL, FALSE, NULL) != NULL) == testfor; @@ -1931,10 +2077,11 @@ switch(cond_type) case ECOND_PWCHECK: while (isspace(*s)) s++; - if (*s != '{') goto COND_FAILED_CURLY_START; + if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE); if (sub[0] == NULL) return NULL; + /* {-for-text-editors */ if (*s++ != '}') goto COND_FAILED_CURLY_END; if (yield == NULL) return s; /* No need to run the test if skipping */ @@ -2010,19 +2157,71 @@ switch(cond_type) return s; + /* call ACL (in a conditional context). Accept true, deny false. + Defer is a forced-fail. Anything set by message= goes to $value. + Up to ten parameters are used; we use the braces round the name+args + like the saslauthd condition does, to permit a variable number of args. + See also the expansion-item version EITEM_ACL and the traditional + acl modifier ACLC_ACL. + */ + + case ECOND_ACL: + /* ${if acl {{name}{arg1}{arg2}...} {yes}{no}} */ + { + uschar *user_msg; + BOOL cond = FALSE; + int size = 0; + int ptr = 0; + + while (isspace(*s)) s++; + if (*s++ != '{') goto COND_FAILED_CURLY_START; /*}*/ + + switch(read_subs(sub, sizeof(sub)/sizeof(*sub), 1, + &s, yield == NULL, TRUE, US"acl")) + { + case 1: expand_string_message = US"too few arguments or bracketing " + "error for acl"; + case 2: + case 3: return NULL; + } + + if (yield != NULL) switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg)) + { + case OK: + cond = TRUE; + case FAIL: + lookup_value = NULL; + if (user_msg) + { + lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg)); + lookup_value[ptr] = '\0'; + } + *yield = cond == testfor; + break; + + case DEFER: + expand_string_forcedfail = TRUE; + default: + expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]); + return NULL; + } + return s; + } + + /* saslauthd: does Cyrus saslauthd authentication. Four parameters are used: ${if saslauthd {{username}{password}{service}{realm}} {yes}[no}} However, the last two are optional. That is why the whole set is enclosed - in their own set or braces. */ + in their own set of braces. */ case ECOND_SASLAUTHD: #ifndef CYRUS_SASLAUTHD_SOCKET goto COND_FAILED_NOT_COMPILED; #else while (isspace(*s)) s++; - if (*s++ != '{') goto COND_FAILED_CURLY_START; + if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ switch(read_subs(sub, 4, 2, &s, yield == NULL, TRUE, US"saslauthd")) { case 1: expand_string_message = US"too few arguments or bracketing " @@ -2141,63 +2340,63 @@ switch(cond_type) { case ECOND_NUM_E: case ECOND_NUM_EE: - *yield = (num[0] == num[1]) == testfor; + tempcond = (num[0] == num[1]); break; case ECOND_NUM_G: - *yield = (num[0] > num[1]) == testfor; + tempcond = (num[0] > num[1]); break; case ECOND_NUM_GE: - *yield = (num[0] >= num[1]) == testfor; + tempcond = (num[0] >= num[1]); break; case ECOND_NUM_L: - *yield = (num[0] < num[1]) == testfor; + tempcond = (num[0] < num[1]); break; case ECOND_NUM_LE: - *yield = (num[0] <= num[1]) == testfor; + tempcond = (num[0] <= num[1]); break; case ECOND_STR_LT: - *yield = (Ustrcmp(sub[0], sub[1]) < 0) == testfor; + tempcond = (Ustrcmp(sub[0], sub[1]) < 0); break; case ECOND_STR_LTI: - *yield = (strcmpic(sub[0], sub[1]) < 0) == testfor; + tempcond = (strcmpic(sub[0], sub[1]) < 0); break; case ECOND_STR_LE: - *yield = (Ustrcmp(sub[0], sub[1]) <= 0) == testfor; + tempcond = (Ustrcmp(sub[0], sub[1]) <= 0); break; case ECOND_STR_LEI: - *yield = (strcmpic(sub[0], sub[1]) <= 0) == testfor; + tempcond = (strcmpic(sub[0], sub[1]) <= 0); break; case ECOND_STR_EQ: - *yield = (Ustrcmp(sub[0], sub[1]) == 0) == testfor; + tempcond = (Ustrcmp(sub[0], sub[1]) == 0); break; case ECOND_STR_EQI: - *yield = (strcmpic(sub[0], sub[1]) == 0) == testfor; + tempcond = (strcmpic(sub[0], sub[1]) == 0); break; case ECOND_STR_GT: - *yield = (Ustrcmp(sub[0], sub[1]) > 0) == testfor; + tempcond = (Ustrcmp(sub[0], sub[1]) > 0); break; case ECOND_STR_GTI: - *yield = (strcmpic(sub[0], sub[1]) > 0) == testfor; + tempcond = (strcmpic(sub[0], sub[1]) > 0); break; case ECOND_STR_GE: - *yield = (Ustrcmp(sub[0], sub[1]) >= 0) == testfor; + tempcond = (Ustrcmp(sub[0], sub[1]) >= 0); break; case ECOND_STR_GEI: - *yield = (strcmpic(sub[0], sub[1]) >= 0) == testfor; + tempcond = (strcmpic(sub[0], sub[1]) >= 0); break; case ECOND_MATCH: /* Regular expression match */ @@ -2209,7 +2408,7 @@ switch(cond_type) "\"%s\": %s at offset %d", sub[1], rerror, roffset); return NULL; } - *yield = regex_match_and_setup(re, sub[0], 0, -1) == testfor; + tempcond = regex_match_and_setup(re, sub[0], 0, -1); break; case ECOND_MATCH_ADDRESS: /* Match in an address list */ @@ -2265,11 +2464,11 @@ switch(cond_type) switch(rc) { case OK: - *yield = testfor; + tempcond = TRUE; break; case FAIL: - *yield = !testfor; + tempcond = FALSE; break; case DEFER: @@ -2283,6 +2482,7 @@ switch(cond_type) /* Various "encrypted" comparisons. If the second string starts with "{" then an encryption type is given. Default to crypt() or crypt16() (build-time choice). */ + /* }-for-text-editors */ case ECOND_CRYPTEQ: #ifndef SUPPORT_CRYPTEQ @@ -2307,7 +2507,7 @@ switch(cond_type) uschar *coded = auth_b64encode((uschar *)digest, 16); DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n" " subject=%s\n crypted=%s\n", coded, sub[1]+5); - *yield = (Ustrcmp(coded, sub[1]+5) == 0) == testfor; + tempcond = (Ustrcmp(coded, sub[1]+5) == 0); } else if (sublen == 32) { @@ -2317,13 +2517,13 @@ switch(cond_type) coded[32] = 0; DEBUG(D_auth) debug_printf("crypteq: using MD5+hex hashing\n" " subject=%s\n crypted=%s\n", coded, sub[1]+5); - *yield = (strcmpic(coded, sub[1]+5) == 0) == testfor; + tempcond = (strcmpic(coded, sub[1]+5) == 0); } else { DEBUG(D_auth) debug_printf("crypteq: length for MD5 not 24 or 32: " "fail\n crypted=%s\n", sub[1]+5); - *yield = !testfor; + tempcond = FALSE; } } @@ -2345,7 +2545,7 @@ switch(cond_type) uschar *coded = auth_b64encode((uschar *)digest, 20); DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n" " subject=%s\n crypted=%s\n", coded, sub[1]+6); - *yield = (Ustrcmp(coded, sub[1]+6) == 0) == testfor; + tempcond = (Ustrcmp(coded, sub[1]+6) == 0); } else if (sublen == 40) { @@ -2355,13 +2555,13 @@ switch(cond_type) coded[40] = 0; DEBUG(D_auth) debug_printf("crypteq: using SHA1+hex hashing\n" " subject=%s\n crypted=%s\n", coded, sub[1]+6); - *yield = (strcmpic(coded, sub[1]+6) == 0) == testfor; + tempcond = (strcmpic(coded, sub[1]+6) == 0); } else { DEBUG(D_auth) debug_printf("crypteq: length for SHA-1 not 28 or 40: " "fail\n crypted=%s\n", sub[1]+6); - *yield = !testfor; + tempcond = FALSE; } } @@ -2381,7 +2581,7 @@ switch(cond_type) sub[1] += 9; which = 2; } - else if (sub[1][0] == '{') + else if (sub[1][0] == '{') /* }-for-text-editors */ { expand_string_message = string_sprintf("unknown encryption mechanism " "in \"%s\"", sub[1]); @@ -2408,8 +2608,8 @@ switch(cond_type) salt), force failure. Otherwise we get false positives: with an empty string the yield of crypt() is an empty string! */ - *yield = (Ustrlen(sub[1]) < 2)? !testfor : - (Ustrcmp(coded, sub[1]) == 0) == testfor; + tempcond = (Ustrlen(sub[1]) < 2)? FALSE : + (Ustrcmp(coded, sub[1]) == 0); } break; #endif /* SUPPORT_CRYPTEQ */ @@ -2418,10 +2618,10 @@ switch(cond_type) case ECOND_INLISTI: { int sep = 0; - BOOL found = FALSE; uschar *save_iterate_item = iterate_item; int (*compare)(const uschar *, const uschar *); + tempcond = FALSE; if (cond_type == ECOND_INLISTI) compare = strcmpic; else @@ -2430,15 +2630,15 @@ switch(cond_type) while ((iterate_item = string_nextinlist(&sub[1], &sep, NULL, 0)) != NULL) if (compare(sub[0], iterate_item) == 0) { - found = TRUE; + tempcond = TRUE; break; } iterate_item = save_iterate_item; - *yield = found; } } /* Switch for comparison conditions */ + *yield = tempcond == testfor; return s; /* End of comparison conditions */ @@ -2450,13 +2650,14 @@ switch(cond_type) combined_cond = (cond_type == ECOND_AND); while (isspace(*s)) s++; - if (*s++ != '{') goto COND_FAILED_CURLY_START; + if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ for (;;) { while (isspace(*s)) s++; + /* {-for-text-editors */ if (*s == '}') break; - if (*s != '{') + if (*s != '{') /* }-for-text-editors */ { expand_string_message = string_sprintf("each subcondition " "inside an \"%s{...}\" condition must be in its own {}", name); @@ -2472,8 +2673,10 @@ switch(cond_type) } while (isspace(*s)) s++; + /* {-for-text-editors */ if (*s++ != '}') { + /* {-for-text-editors */ expand_string_message = string_sprintf("missing } at end of condition " "inside \"%s\" group", name); return NULL; @@ -2507,13 +2710,14 @@ switch(cond_type) uschar *save_iterate_item = iterate_item; while (isspace(*s)) s++; - if (*s++ != '{') goto COND_FAILED_CURLY_START; + if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE); if (sub[0] == NULL) return NULL; + /* {-for-text-editors */ if (*s++ != '}') goto COND_FAILED_CURLY_END; while (isspace(*s)) s++; - if (*s++ != '{') goto COND_FAILED_CURLY_START; + if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ sub[1] = s; @@ -2530,8 +2734,10 @@ switch(cond_type) } while (isspace(*s)) s++; + /* {-for-text-editors */ if (*s++ != '}') { + /* {-for-text-editors */ expand_string_message = string_sprintf("missing } at end of condition " "inside \"%s\"", name); return NULL; @@ -2579,7 +2785,7 @@ switch(cond_type) size_t len; BOOL boolvalue = FALSE; while (isspace(*s)) s++; - if (*s != '{') goto COND_FAILED_CURLY_START; + if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ ourname = cond_type == ECOND_BOOL_LAX ? US"bool_lax" : US"bool"; switch(read_subs(sub_arg, 1, 1, &s, yield == NULL, FALSE, ourname)) { @@ -3203,12 +3409,12 @@ if (*error == NULL) * can just let the other invalid results occur otherwise, as they have * until now. For this one case, we can coerce. */ - if (y == -1 && x == LLONG_MIN && op != '*') + if (y == -1 && x == EXIM_ARITH_MIN && op != '*') { DEBUG(D_expand) debug_printf("Integer exception dodging: " PR_EXIM_ARITH "%c-1 coerced to " PR_EXIM_ARITH "\n", - LLONG_MIN, op, LLONG_MAX); - x = LLONG_MAX; + EXIM_ARITH_MIN, op, EXIM_ARITH_MAX); + x = EXIM_ARITH_MAX; continue; } if (op == '*') @@ -3380,8 +3586,8 @@ $message_headers which can get very long. There's a problem if a ${dlfunc item has side-effects that cause allocation, since resetting the store at the end of the expansion will free store that was allocated by the plugin code as well as the slop after the expanded string. So -we skip any resets if ${dlfunc has been used. This is an unfortunate -consequence of string expansion becoming too powerful. +we skip any resets if ${dlfunc has been used. The same applies for ${acl. This +is an unfortunate consequence of string expansion becoming too powerful. Arguments: string the string to be expanded @@ -3597,6 +3803,46 @@ while (*s != 0) switch(item_type) { + /* Call an ACL from an expansion. We feed data in via $acl_arg1 - $acl_arg9. + If the ACL returns accept or reject we return content set by "message =" + There is currently no limit on recursion; this would have us call + acl_check_internal() directly and get a current level from somewhere. + See also the acl expansion condition ECOND_ACL and the traditional + acl modifier ACLC_ACL. + Assume that the function has side-effects on the store that must be preserved. + */ + + case EITEM_ACL: + /* ${acl {name} {arg1}{arg2}...} */ + { + uschar *sub[10]; /* name + arg1-arg9 (which must match number of acl_arg[]) */ + uschar *user_msg; + + switch(read_subs(sub, 10, 1, &s, skipping, TRUE, US"acl")) + { + case 1: goto EXPAND_FAILED_CURLY; + case 2: + case 3: goto EXPAND_FAILED; + } + if (skipping) continue; + + resetok = FALSE; + switch(eval_acl(sub, sizeof(sub)/sizeof(*sub), &user_msg)) + { + case OK: + case FAIL: + if (user_msg) + yield = string_cat(yield, &size, &ptr, user_msg, Ustrlen(user_msg)); + continue; + + case DEFER: + expand_string_forcedfail = TRUE; + default: + expand_string_message = string_sprintf("error from acl \"%s\"", sub[0]); + goto EXPAND_FAILED; + } + } + /* Handle conditionals - preserve the values of the numerical expansion variables in case they get changed by a regular expression match in the condition. If not, they retain their external settings. At the end @@ -5430,6 +5676,122 @@ while (*s != 0) continue; } + /* Convert octets outside 0x21..0x7E to \xXX form */ + + case EOP_HEXQUOTE: + { + uschar *t = sub - 1; + while (*(++t) != 0) + { + if (*t < 0x21 || 0x7E < *t) + yield = string_cat(yield, &size, &ptr, + string_sprintf("\\x%02x", *t), 4); + else + yield = string_cat(yield, &size, &ptr, t, 1); + } + continue; + } + + /* count the number of list elements */ + + case EOP_LISTCOUNT: + { + int cnt = 0; + int sep = 0; + uschar * cp; + uschar buffer[256]; + + while (string_nextinlist(&sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++; + cp = string_sprintf("%d", cnt); + yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp)); + continue; + } + + /* expand a named list given the name */ + /* handles nested named lists; requotes as colon-sep list */ + + case EOP_LISTNAMED: + { + tree_node *t = NULL; + uschar * list; + int sep = 0; + uschar * item; + uschar * suffix = US""; + BOOL needsep = FALSE; + uschar buffer[256]; + + if (*sub == '+') sub++; + if (arg == NULL) /* no-argument version */ + { + if (!(t = tree_search(addresslist_anchor, sub)) && + !(t = tree_search(domainlist_anchor, sub)) && + !(t = tree_search(hostlist_anchor, sub))) + t = tree_search(localpartlist_anchor, sub); + } + else switch(*arg) /* specific list-type version */ + { + case 'a': t = tree_search(addresslist_anchor, sub); suffix = US"_a"; break; + case 'd': t = tree_search(domainlist_anchor, sub); suffix = US"_d"; break; + case 'h': t = tree_search(hostlist_anchor, sub); suffix = US"_h"; break; + case 'l': t = tree_search(localpartlist_anchor, sub); suffix = US"_l"; break; + default: + expand_string_message = string_sprintf("bad suffix on \"list\" operator"); + goto EXPAND_FAILED; + } + + if(!t) + { + expand_string_message = string_sprintf("\"%s\" is not a %snamed list", + sub, !arg?"" + : *arg=='a'?"address " + : *arg=='d'?"domain " + : *arg=='h'?"host " + : *arg=='l'?"localpart " + : 0); + goto EXPAND_FAILED; + } + + list = ((namedlist_block *)(t->data.ptr))->string; + + while ((item = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL) + { + uschar * buf = US" : "; + if (needsep) + yield = string_cat(yield, &size, &ptr, buf, 3); + else + needsep = TRUE; + + if (*item == '+') /* list item is itself a named list */ + { + uschar * sub = string_sprintf("${listnamed%s:%s}", suffix, item); + item = expand_string_internal(sub, FALSE, NULL, FALSE, TRUE); + } + else if (sep != ':') /* item from non-colon-sep list, re-quote for colon list-separator */ + { + char * cp; + char tok[3]; + tok[0] = sep; tok[1] = ':'; tok[2] = 0; + while ((cp= strpbrk((const char *)item, tok))) + { + yield = string_cat(yield, &size, &ptr, item, cp-(char *)item); + if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */ + { + yield = string_cat(yield, &size, &ptr, US"::", 2); + item = (uschar *)cp; + } + else /* sep in item; should already be doubled; emit once */ + { + yield = string_cat(yield, &size, &ptr, (uschar *)tok, 1); + if (*cp == sep) cp++; + item = (uschar *)cp; + } + } + } + yield = string_cat(yield, &size, &ptr, item, Ustrlen(item)); + } + continue; + } + /* mask applies a mask to an IP address; for example the result of ${mask:131.111.10.206/28} is 131.111.10.192/28. */ @@ -6183,18 +6545,25 @@ else if (value < 0 && isplus) } else { - if (tolower(*endptr) == 'k') + switch (tolower(*endptr)) { - if (value > LLONG_MAX/1024 || value < LLONG_MIN/1024) errno = ERANGE; + default: + break; + case 'k': + if (value > EXIM_ARITH_MAX/1024 || value < EXIM_ARITH_MIN/1024) errno = ERANGE; else value *= 1024; - endptr++; - } - else if (tolower(*endptr) == 'm') - { - if (value > LLONG_MAX/(1024*1024) || value < LLONG_MIN/(1024*1024)) - errno = ERANGE; - else value *= 1024*1024; - endptr++; + endptr++; + break; + case 'm': + if (value > EXIM_ARITH_MAX/(1024*1024) || value < EXIM_ARITH_MIN/(1024*1024)) errno = ERANGE; + else value *= 1024*1024; + endptr++; + break; + case 'g': + if (value > EXIM_ARITH_MAX/(1024*1024*1024) || value < EXIM_ARITH_MIN/(1024*1024*1024)) errno = ERANGE; + else value *= 1024*1024*1024; + endptr++; + break; } if (errno == ERANGE) msg = US"absolute value of integer \"%s\" is too large (overflow)"; diff --git a/src/src/functions.h b/src/src/functions.h index 29e7db2bd..e76cd140e 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -25,18 +25,21 @@ extern const char * std_dh_prime_default(void); extern const char * std_dh_prime_named(const uschar *); -extern int tls_client_start(int, host_item *, address_item *, uschar *, +extern int tls_client_start(int, host_item *, address_item *, uschar *, uschar *, uschar *, uschar *, uschar *, uschar *, - int); -extern void tls_close(BOOL); +# ifdef EXPERIMENTAL_OCSP + uschar *, +# endif + int, int); +extern void tls_close(BOOL, BOOL); extern int tls_feof(void); extern int tls_ferror(void); extern int tls_getc(void); -extern int tls_read(uschar *, size_t); +extern int tls_read(BOOL, uschar *, size_t); extern int tls_server_start(const uschar *); extern BOOL tls_smtp_buffered(void); extern int tls_ungetc(int); -extern int tls_write(const uschar *, size_t); +extern int tls_write(BOOL, const uschar *, size_t); extern uschar *tls_validate_require_cipher(void); extern void tls_version_report(FILE *); #ifndef USE_GNUTLS @@ -49,6 +52,8 @@ extern BOOL tls_openssl_options_parse(uschar *, long *); extern acl_block *acl_read(uschar *(*)(void), uschar **); extern int acl_check(int, uschar *, uschar *, uschar **, uschar **); +extern int acl_eval(int, uschar *, uschar **, uschar **); + extern tree_node *acl_var_create(uschar *); extern void acl_var_write(uschar *, uschar *, void *); extern uschar *auth_b64encode(uschar *, int); @@ -66,10 +71,17 @@ extern int auth_get_no64_data(uschar **, uschar *); extern uschar *auth_xtextencode(uschar *, int); extern int auth_xtextdecode(uschar *, uschar **); +extern void cancel_cutthrough_connection(const char *); extern int check_host(void *, uschar *, uschar **, uschar **); extern uschar **child_exec_exim(int, BOOL, int *, BOOL, int, ...); extern pid_t child_open_uid(uschar **, uschar **, int, uid_t *, gid_t *, int *, int *, uschar *, BOOL); +extern uschar *cutthrough_finaldot(void); +extern BOOL cutthrough_flush_send(void); +extern BOOL cutthrough_headers_send(void); +extern BOOL cutthrough_predata(void); +extern BOOL cutthrough_puts(uschar *, int); +extern BOOL cutthrough_put_nl(void); extern void daemon_go(void); @@ -86,6 +98,7 @@ extern void debug_vprintf(const char *, va_list); extern void decode_bits(unsigned int *, unsigned int *, int, int, uschar *, bit_table *, int, uschar *, int); extern address_item *deliver_make_addr(uschar *, BOOL); +extern void delivery_log(int, address_item *, int, uschar *); extern int deliver_message(uschar *, BOOL, BOOL); extern void deliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2); extern void deliver_set_expansions(address_item *); @@ -104,10 +117,13 @@ extern dns_address *dns_address_from_rr(dns_answer *, dns_record *); extern void dns_build_reverse(uschar *, uschar *); extern void dns_init(BOOL, BOOL); extern int dns_basic_lookup(dns_answer *, uschar *, int); +extern BOOL dns_is_secure(dns_answer *); extern int dns_lookup(dns_answer *, uschar *, int, uschar **); extern int dns_special_lookup(dns_answer *, uschar *, int, uschar **); extern dns_record *dns_next_rr(dns_answer *, dns_scan *, int); extern uschar *dns_text_type(int); +extern void dscp_list_to_stream(FILE *); +extern BOOL dscp_lookup(const uschar *, int, int *, int *, int *); extern void enq_end(uschar *); extern BOOL enq_start(uschar *); @@ -120,12 +136,15 @@ extern BOOL expand_check_condition(uschar *, uschar *, uschar *); extern uschar *expand_string(uschar *); extern uschar *expand_string_copy(uschar *); extern int_eximarith_t expand_string_integer(uschar *, BOOL); +extern void modify_variable(uschar *, void *); extern int filter_interpret(uschar *, int, address_item **, uschar **); extern BOOL filter_personal(string_item *, BOOL); extern BOOL filter_runtest(int, uschar *, BOOL, BOOL); extern BOOL filter_system_interpret(address_item **, uschar **); +extern uschar * fn_hdrs_added(void); + extern void header_add(int, const char *, ...); extern int header_checkname(header_line *, BOOL); extern BOOL header_match(uschar *, BOOL, BOOL, string_item *, int, ...); @@ -152,11 +171,13 @@ extern int host_scan_for_local_hosts(host_item *, host_item **, BOOL *); extern void invert_address(uschar *, uschar *); extern int ip_bind(int, int, uschar *, int); extern int ip_connect(int, int, uschar *, int, int); +extern int ip_get_address_family(int); extern void ip_keepalive(int, uschar *, BOOL); extern int ip_recv(int, uschar *, int, int); extern int ip_socket(int, int); extern uschar *local_part_quote(uschar *); +extern int log_create(uschar *); extern int log_create_as_exim(uschar *); extern void log_close_all(void); @@ -194,6 +215,8 @@ extern BOOL moan_to_sender(int, error_block *, header_line *, FILE *, BOOL); extern void moan_write_from(FILE *); extern FILE *modefopen(const uschar *, const char *, mode_t); +extern void open_cutthrough_connection( address_item * addr ); + extern uschar *parse_extract_address(uschar *, uschar **, int *, int *, int *, BOOL); extern int parse_forward_list(uschar *, int, address_item **, uschar **, @@ -228,7 +251,7 @@ extern void readconf_driver_init(uschar *, driver_instance **, driver_info *, int, void *, int, optionlist *, int); extern uschar *readconf_find_option(void *); extern void readconf_main(void); -extern void readconf_print(uschar *, uschar *); +extern void readconf_print(uschar *, uschar *, BOOL); extern uschar *readconf_printtime(int); extern uschar *readconf_readname(uschar *, int, uschar *); extern int readconf_readtime(uschar *, int, BOOL); @@ -250,6 +273,8 @@ extern void retry_add_item(address_item *, uschar *, int); extern BOOL retry_check_address(uschar *, host_item *, uschar *, BOOL, uschar **, uschar **); extern retry_config *retry_find_config(uschar *, uschar *, int, int); +extern BOOL retry_ultimate_address_timeout(uschar *, uschar *, + dbdata_retry *, time_t); extern void retry_update(address_item **, address_item **, address_item **); extern uschar *rewrite_address(uschar *, BOOL, BOOL, rewrite_rule *, int); extern uschar *rewrite_address_qualify(uschar *, BOOL); @@ -289,7 +314,7 @@ extern int sieve_interpret(uschar *, int, uschar *, uschar *, uschar *, extern void sigalrm_handler(int); extern BOOL smtp_buffered(void); extern void smtp_closedown(uschar *); -extern int smtp_connect(host_item *, int, int, uschar *, int, BOOL); +extern int smtp_connect(host_item *, int, int, uschar *, int, BOOL, const uschar *); extern int smtp_feof(void); extern int smtp_ferror(void); extern uschar *smtp_get_connection_info(void); diff --git a/src/src/globals.c b/src/src/globals.c index 47f78e9dc..e9f626665 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -17,6 +17,8 @@ data blocks and hence have the opt_public flag set. */ optionlist optionlist_auths[] = { { "client_condition", opt_stringptr | opt_public, (void *)(offsetof(auth_instance, client_condition)) }, + { "client_set_id", opt_stringptr | opt_public, + (void *)(offsetof(auth_instance, set_client_id)) }, { "driver", opt_stringptr | opt_public, (void *)(offsetof(auth_instance, driver_name)) }, { "public_name", opt_stringptr | opt_public, @@ -93,16 +95,31 @@ BOOL move_frozen_messages = FALSE; cluttered in several places (e.g. during logging) if we can always refer to them. Also, the tls_ variables are now always visible. */ -BOOL tls_active = -1; -int tls_bits = 0; -BOOL tls_certificate_verified = FALSE; -uschar *tls_cipher = NULL; -BOOL tls_on_connect = FALSE; -uschar *tls_on_connect_ports = NULL; -uschar *tls_peerdn = NULL; +tls_support tls_in = { + -1, /* tls_active */ + 0, /* tls_bits */ + FALSE,/* tls_certificate_verified */ + NULL, /* tls_cipher */ + FALSE,/* tls_on_connect */ + NULL, /* tls_on_connect_ports */ + NULL, /* tls_peerdn */ + NULL /* tls_sni */ +}; +tls_support tls_out = { + -1, /* tls_active */ + 0, /* tls_bits */ + FALSE,/* tls_certificate_verified */ + NULL, /* tls_cipher */ + FALSE,/* tls_on_connect */ + NULL, /* tls_on_connect_ports */ + NULL, /* tls_peerdn */ + NULL /* tls_sni */ +}; + #ifdef SUPPORT_TLS BOOL gnutls_compat_mode = FALSE; +BOOL gnutls_enable_pkcs11 = FALSE; uschar *gnutls_require_mac = NULL; uschar *gnutls_require_kx = NULL; uschar *gnutls_require_proto = NULL; @@ -123,12 +140,17 @@ BOOL tls_offered = FALSE; uschar *tls_privatekey = NULL; BOOL tls_remember_esmtp = FALSE; uschar *tls_require_ciphers = NULL; -uschar *tls_sni = NULL; uschar *tls_try_verify_hosts = NULL; uschar *tls_verify_certificates= NULL; uschar *tls_verify_hosts = NULL; #endif +#ifdef EXPERIMENTAL_PRDR +/* Per Recipient Data Response variables */ +BOOL prdr_enable = FALSE; +BOOL prdr_requested = FALSE; +const pcre *regex_PRDR = NULL; +#endif /* Input-reading functions for messages, so we can use special ones for incoming TCP/IP. The defaults use stdin. We never need these for any @@ -173,16 +195,22 @@ int address_expansions_count = sizeof(address_expansions)/sizeof(uschar **); header_line *acl_added_headers = NULL; tree_node *acl_anchor = NULL; +uschar *acl_arg[9] = {NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL}; +int acl_narg = 0; uschar *acl_not_smtp = NULL; #ifdef WITH_CONTENT_SCAN uschar *acl_not_smtp_mime = NULL; #endif uschar *acl_not_smtp_start = NULL; - +uschar *acl_removed_headers = NULL; uschar *acl_smtp_auth = NULL; uschar *acl_smtp_connect = NULL; uschar *acl_smtp_data = NULL; +#ifdef EXPERIMENTAL_PRDR +uschar *acl_smtp_data_prdr = NULL; +#endif #ifndef DISABLE_DKIM uschar *acl_smtp_dkim = NULL; #endif @@ -216,6 +244,9 @@ uschar *acl_wherenames[] = { US"RCPT", US"MIME", US"DKIM", US"DATA", +#ifdef EXPERIMENTAL_PRDR + US"PRDR", +#endif US"non-SMTP", US"AUTH", US"connection", @@ -227,7 +258,9 @@ uschar *acl_wherenames[] = { US"RCPT", US"NOTQUIT", US"QUIT", US"STARTTLS", - US"VRFY" + US"VRFY", + US"delivery", + US"unknown" }; uschar *acl_wherecodes[] = { US"550", /* RCPT */ @@ -236,6 +269,9 @@ uschar *acl_wherecodes[] = { US"550", /* RCPT */ US"550", /* MIME */ US"550", /* DKIM */ US"550", /* DATA */ +#ifdef EXPERIMENTAL_PRDR + US"550", /* RCPT PRDR */ +#endif US"0", /* not SMTP; not relevant */ US"503", /* AUTH */ US"550", /* connect */ @@ -247,11 +283,14 @@ uschar *acl_wherecodes[] = { US"550", /* RCPT */ US"0", /* NOTQUIT; not relevant */ US"0", /* QUIT; not relevant */ US"550", /* STARTTLS */ - US"252" /* VRFY */ + US"252", /* VRFY */ + US"0", /* delivery; not relevant */ + US"0" /* unknown; not relevant */ }; BOOL active_local_from_check = FALSE; BOOL active_local_sender_retain = FALSE; +int body_8bitmime = 0; BOOL accept_8bitmime = TRUE; /* deliberately not RFC compliant */ address_item *addr_duplicate = NULL; @@ -291,6 +330,9 @@ address_item address_defaults = { NULL, /* cipher */ NULL, /* peerdn */ #endif + NULL, /* authenticator */ + NULL, /* auth_id */ + NULL, /* auth_sndr */ (uid_t)(-1), /* uid */ (gid_t)(-1), /* gid */ 0, /* flags */ @@ -344,6 +386,7 @@ auth_instance auth_defaults = { NULL, /* client_condition */ NULL, /* public_name */ NULL, /* set_id */ + NULL, /* set_client_id */ NULL, /* server_mail_auth_condition */ NULL, /* server_debug_string */ NULL, /* server_condition */ @@ -404,6 +447,9 @@ int check_log_space = 0; BOOL check_rfc2047_length = TRUE; int check_spool_inodes = 0; int check_spool_space = 0; +uschar *client_authenticator = NULL; +uschar *client_authenticated_id = NULL; +uschar *client_authenticated_sender = NULL; int clmacro_count = 0; uschar *clmacros[MAX_CLMACROS]; BOOL config_changed = FALSE; @@ -429,6 +475,8 @@ int continue_sequence = 1; uschar *continue_transport = NULL; uschar *csa_status = NULL; +BOOL cutthrough_delivery = FALSE; +int cutthrough_fd = -1; BOOL daemon_listen = FALSE; uschar *daemon_smtp_port = US"smtp"; @@ -554,6 +602,18 @@ uschar *dkim_verify_signers = US"$dkim_signers"; BOOL dkim_collect_input = FALSE; BOOL dkim_disable_verify = FALSE; #endif +#ifdef EXPERIMENTAL_DMARC +BOOL dmarc_has_been_checked = FALSE; +uschar *dmarc_ar_header = NULL; +uschar *dmarc_forensic_sender = NULL; +uschar *dmarc_history_file = NULL; +uschar *dmarc_status = NULL; +uschar *dmarc_status_text = NULL; +uschar *dmarc_tld_file = NULL; +uschar *dmarc_used_domain = NULL; +BOOL dmarc_disable_verify = FALSE; +BOOL dmarc_enable_forensic = FALSE; +#endif uschar *dns_again_means_nonexist = NULL; int dns_csa_search_limit = 5; @@ -561,6 +621,7 @@ BOOL dns_csa_use_reverse = TRUE; uschar *dns_ipv4_lookup = NULL; int dns_retrans = 0; int dns_retry = 0; +int dns_dnssec_ok = -1; /* <0 = not coerced */ int dns_use_edns0 = -1; /* <0 = not coerced */ uschar *dnslist_domain = NULL; uschar *dnslist_matched = NULL; @@ -724,6 +785,7 @@ selectors was getting close to filling a 32-bit word. */ /* Note that this list must be in alphabetical order. */ bit_table log_options[] = { + { US"8bitmime", LX_8bitmime }, { US"acl_warn_skipped", LX_acl_warn_skipped }, { US"address_rewrite", L_address_rewrite }, { US"all", L_all }, @@ -758,6 +820,7 @@ bit_table log_options[] = { { US"smtp_confirmation", LX_smtp_confirmation }, { US"smtp_connection", L_smtp_connection }, { US"smtp_incomplete_transaction", L_smtp_incomplete_transaction }, + { US"smtp_mailauth", LX_smtp_mailauth }, { US"smtp_no_mail", LX_smtp_no_mail }, { US"smtp_protocol_error", L_smtp_protocol_error }, { US"smtp_syntax_error", L_smtp_syntax_error }, @@ -1047,6 +1110,8 @@ router_instance router_defaults = { NULL /* redirect_router */ }; +uschar *router_name = NULL; + ip_address_item *running_interfaces = NULL; BOOL running_in_test_harness = FALSE; @@ -1078,6 +1143,7 @@ uschar **sender_host_aliases = &no_aliases; uschar *sender_host_address = NULL; uschar *sender_host_authenticated = NULL; unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32]; +BOOL sender_host_dnssec = FALSE; uschar *sender_host_name = NULL; int sender_host_port = 0; BOOL sender_host_notsocket = FALSE; @@ -1197,6 +1263,7 @@ uschar *submission_domain = NULL; BOOL submission_mode = FALSE; uschar *submission_name = NULL; BOOL suppress_local_fixups = FALSE; +BOOL suppress_local_fixups_default = FALSE; BOOL synchronous_delivery = FALSE; BOOL syslog_duplication = TRUE; int syslog_facility = LOG_MAIL; @@ -1279,6 +1346,7 @@ transport_instance transport_defaults = { }; int transport_count; +uschar *transport_name = NULL; int transport_newlines; uschar **transport_filter_argv = NULL; int transport_filter_timeout; diff --git a/src/src/globals.h b/src/src/globals.h index 2e1ed4618..4f2283296 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -74,16 +74,22 @@ extern BOOL move_frozen_messages; /* Get them out of the normal directory * cluttered in several places (e.g. during logging) if we can always refer to them. Also, the tls_ variables are now always visible. */ -extern int tls_active; /* fd/socket when in a TLS session */ -extern int tls_bits; /* bits used in TLS session */ -extern BOOL tls_certificate_verified; /* Client certificate verified */ -extern uschar *tls_cipher; /* Cipher used */ -extern BOOL tls_on_connect; /* For older MTAs that don't STARTTLS */ -extern uschar *tls_on_connect_ports; /* Ports always tls-on-connect */ -extern uschar *tls_peerdn; /* DN from peer */ +typedef struct { + int active; /* fd/socket when in a TLS session */ + int bits; /* bits used in TLS session */ + BOOL certificate_verified; /* Client certificate verified */ + uschar *cipher; /* Cipher used */ + BOOL on_connect; /* For older MTAs that don't STARTTLS */ + uschar *on_connect_ports; /* Ports always tls-on-connect */ + uschar *peerdn; /* DN from peer */ + uschar *sni; /* Server Name Indication */ +} tls_support; +extern tls_support tls_in; +extern tls_support tls_out; #ifdef SUPPORT_TLS extern BOOL gnutls_compat_mode; /* Less security, more compatibility */ +extern BOOL gnutls_enable_pkcs11; /* Let GnuTLS autoload PKCS11 modules */ extern uschar *gnutls_require_mac; /* So some can be avoided */ extern uschar *gnutls_require_kx; /* So some can be avoided */ extern uschar *gnutls_require_proto; /* So some can be avoided */ @@ -102,7 +108,6 @@ extern BOOL tls_offered; /* Server offered TLS */ extern uschar *tls_privatekey; /* Private key file */ extern BOOL tls_remember_esmtp; /* For YAEB */ extern uschar *tls_require_ciphers; /* So some can be avoided */ -extern uschar *tls_sni; /* Server Name Indication */ extern uschar *tls_try_verify_hosts; /* Optional client verification */ extern uschar *tls_verify_certificates;/* Path for certificates to check */ extern uschar *tls_verify_hosts; /* Mandatory client verification */ @@ -128,16 +133,24 @@ extern uschar **address_expansions[ADDRESS_EXPANSIONS_COUNT]; /* General global variables */ extern BOOL accept_8bitmime; /* Allow *BITMIME incoming */ +extern int body_8bitmime; /* sender declared BODY= ; 7=7BIT, 8=8BITMIME */ extern header_line *acl_added_headers; /* Headers added by an ACL */ extern tree_node *acl_anchor; /* Tree of named ACLs */ +extern uschar *acl_arg[9]; /* Argument to ACL call */ +extern int acl_narg; /* Number of arguments to ACL call */ extern uschar *acl_not_smtp; /* ACL run for non-SMTP messages */ #ifdef WITH_CONTENT_SCAN extern uschar *acl_not_smtp_mime; /* For MIME parts of ditto */ #endif extern uschar *acl_not_smtp_start; /* ACL run at the beginning of a non-SMTP session */ +extern uschar *acl_removed_headers; /* Headers deleted by an ACL */ extern uschar *acl_smtp_auth; /* ACL run for AUTH */ extern uschar *acl_smtp_connect; /* ACL run on SMTP connection */ extern uschar *acl_smtp_data; /* ACL run after DATA received */ +#ifdef EXPERIMENTAL_PRDR +extern uschar *acl_smtp_data_prdr; /* ACL run after DATA received if in PRDR mode*/ +const extern pcre *regex_PRDR; /* For recognizing PRDR settings */ +#endif #ifndef DISABLE_DKIM extern uschar *acl_smtp_dkim; /* ACL run for DKIM signatures / domains */ #endif @@ -229,6 +242,9 @@ extern int check_log_space; /* Minimum for message acceptance */ extern BOOL check_rfc2047_length; /* Check RFC 2047 encoded string length */ extern int check_spool_inodes; /* Minimum for message acceptance */ extern int check_spool_space; /* Minimum for message acceptance */ +extern uschar *client_authenticator; /* Authenticator name used for smtp delivery */ +extern uschar *client_authenticated_id; /* "login" name used for SMTP AUTH */ +extern uschar *client_authenticated_sender; /* AUTH option to SMTP MAIL FROM (not yet used) */ extern int clmacro_count; /* Number of command line macros */ extern uschar *clmacros[]; /* Copy of them, for re-exec */ extern int connection_max_messages;/* Max down one SMTP connection */ @@ -251,6 +267,8 @@ extern int continue_sequence; /* Sequence num for continued delivery */ extern uschar *continue_transport; /* Transport for continued delivery */ extern uschar *csa_status; /* Client SMTP Authorization result */ +extern BOOL cutthrough_delivery; /* Deliver in foreground */ +extern int cutthrough_fd; /* Connection for ditto */ extern BOOL daemon_listen; /* True if listening required */ extern uschar *daemon_smtp_port; /* Can be a list of ports */ @@ -340,6 +358,18 @@ extern uschar *dkim_verify_signers; /* Colon-separated list of domains for ea extern BOOL dkim_collect_input; /* Runtime flag that tracks wether SMTP input is fed to DKIM validation */ extern BOOL dkim_disable_verify; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */ #endif +#ifdef EXPERIMENTAL_DMARC +extern BOOL dmarc_has_been_checked; /* Global variable to check if test has been called yet */ +extern uschar *dmarc_ar_header; /* Expansion variable, suggested header for dmarc auth results */ +extern uschar *dmarc_forensic_sender; /* Set sender address for forensic reports */ +extern uschar *dmarc_history_file; /* Expansion variable, file to store dmarc results */ +extern uschar *dmarc_status; /* Expansion variable, one word value */ +extern uschar *dmarc_status_text; /* Expansion variable, human readable value */ +extern uschar *dmarc_tld_file; /* Mozilla TLDs text file */ +extern uschar *dmarc_used_domain; /* Expansion variable, domain libopendmarc chose for DMARC policy lookup */ +extern BOOL dmarc_disable_verify; /* Set via ACL control statement. When set, DMARC verification is disabled for the current message */ +extern BOOL dmarc_enable_forensic; /* Set via ACL control statement. When set, DMARC forensic reports are enabled for the current message */ +#endif extern uschar *dns_again_means_nonexist; /* Domains that are badly set up */ extern int dns_csa_search_limit; /* How deep to search for CSA SRV records */ @@ -347,6 +377,7 @@ extern BOOL dns_csa_use_reverse; /* Check CSA in reverse DNS? (non-standar extern uschar *dns_ipv4_lookup; /* For these domains, don't look for AAAA (or A6) */ extern int dns_retrans; /* Retransmission time setting */ extern int dns_retry; /* Number of retries */ +extern int dns_dnssec_ok; /* When constructing DNS query, set DO flag */ extern int dns_use_edns0; /* Coerce EDNS0 support on/off in resolver. */ extern uschar *dnslist_domain; /* DNS (black) list domain */ extern uschar *dnslist_matched; /* DNS (black) list matched key */ @@ -372,6 +403,7 @@ extern int errors_sender_rc; /* Return after message to sender*/ extern gid_t exim_gid; /* To be used with exim_uid */ extern BOOL exim_gid_set; /* TRUE if exim_gid set */ extern uschar *exim_path; /* Path to exec exim */ +extern const uschar *exim_sieve_extension_list[]; /* list of sieve extensions */ extern uid_t exim_uid; /* Non-root uid for exim */ extern BOOL exim_uid_set; /* TRUE if exim_uid set */ extern int expand_forbid; /* RDO flags for forbidding things */ @@ -556,6 +588,10 @@ extern uschar *percent_hack_domains; /* Local domains for which '% operates */ extern uschar *pid_file_path; /* For writing daemon pids */ extern uschar *pipelining_advertise_hosts; /* As it says */ extern BOOL pipelining_enable; /* As it says */ +#ifdef EXPERIMENTAL_PRDR +extern BOOL prdr_enable; /* As it says */ +extern BOOL prdr_requested; /* Connecting mail server wants PRDR */ +#endif extern BOOL preserve_message_logs; /* Save msglog files */ extern uschar *primary_hostname; /* Primary name of this computer */ extern BOOL print_topbitchars; /* Topbit chars are printing chars */ @@ -653,6 +689,7 @@ extern uid_t root_uid; /* The uid for root */ extern router_info routers_available[];/* Vector of available routers */ extern router_instance *routers; /* Chain of instantiated routers */ extern router_instance router_defaults;/* Default values */ +extern uschar *router_name; /* Name of router last started */ extern BOOL running_in_test_harness; /*TRUE when running_status is patched */ extern ip_address_item *running_interfaces; /* Host's running interfaces */ extern uschar *running_status; /* Flag string for testing */ @@ -671,6 +708,7 @@ extern uschar *sender_fullhost; /* Sender host name + address */ extern uschar *sender_helo_name; /* Host name from HELO/EHLO */ extern uschar **sender_host_aliases; /* Points to list of alias names */ extern unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32]; /* Cache bits for incoming host */ +extern BOOL sender_host_dnssec; /* true if sender_host_name verified in DNSSEC */ extern BOOL sender_host_notsocket; /* Set for -bs and -bS */ extern BOOL sender_host_unknown; /* TRUE for -bs and -bS except inetd */ extern uschar *sender_ident; /* Sender identity via RFC 1413 */ @@ -780,6 +818,7 @@ extern uschar *submission_domain; /* Domain for submission mode */ extern BOOL submission_mode; /* Can be forced from ACL */ extern uschar *submission_name; /* User name set from ACL */ extern BOOL suppress_local_fixups; /* Can be forced from ACL */ +extern BOOL suppress_local_fixups_default; /* former is reset to this; override with -G */ extern BOOL synchronous_delivery; /* TRUE if -odi is set */ extern BOOL syslog_duplication; /* FALSE => no duplicate logging */ extern int syslog_facility; /* As defined by Syslog.h */ @@ -806,6 +845,7 @@ extern int test_harness_load_avg; /* For use when testing */ extern int thismessage_size_limit; /* Limit for this message */ extern int timeout_frozen_after; /* Max time to keep frozen messages */ extern BOOL timestamps_utc; /* Use UTC for all times */ +extern uschar *transport_name; /* Name of transport last started */ extern int transport_count; /* Count of bytes transported */ extern int transport_newlines; /* Accurate count of number of newline chars transported */ extern uschar **transport_filter_argv; /* For on-the-fly filtering */ diff --git a/src/src/host.c b/src/src/host.c index 9dc9c9a3e..785eea412 100644 --- a/src/src/host.c +++ b/src/src/host.c @@ -1177,10 +1177,10 @@ host_is_tls_on_connect_port(int port) { int sep = 0; uschar buffer[32]; -uschar *list = tls_on_connect_ports; +uschar *list = tls_in.on_connect_ports; uschar *s; -if (tls_on_connect) return TRUE; +if (tls_in.on_connect) return TRUE; while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL) { @@ -1597,7 +1597,7 @@ dns_record *rr; dns_answer dnsa; dns_scan dnss; -host_lookup_deferred = host_lookup_failed = FALSE; +sender_host_dnssec = host_lookup_deferred = host_lookup_failed = FALSE; HDEBUG(D_host_lookup) debug_printf("looking up host name for %s\n", sender_host_address); @@ -1639,6 +1639,13 @@ while ((ordername = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) int count = 0; int old_pool = store_pool; + /* Ideally we'd check DNSSEC both forward and reverse, but we use the + gethost* routines for forward, so can't do that unless/until we rewrite. */ + sender_host_dnssec = dns_is_secure(&dnsa); + DEBUG(D_dns) + debug_printf("Reverse DNS security status: %s\n", + sender_host_dnssec ? "DNSSEC verified (AD)" : "unverified"); + store_pool = POOL_PERM; /* Save names in permanent storage */ for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); diff --git a/src/src/ip.c b/src/src/ip.c index 8dbc2b3e0..b0c98878b 100644 --- a/src/src/ip.c +++ b/src/src/ip.c @@ -347,8 +347,10 @@ for (;;) close down of the connection), set errno to zero; otherwise leave it alone. */ #ifdef SUPPORT_TLS -if (tls_active == sock) - rc = tls_read(buffer, buffsize); +if (tls_out.active == sock) + rc = tls_read(FALSE, buffer, buffsize); +else if (tls_in.active == sock) + rc = tls_read(TRUE, buffer, buffsize); else #endif rc = recv(sock, buffer, buffsize, 0); @@ -359,4 +361,181 @@ return -1; } + + +/************************************************* +* Lookup address family of potential socket * +*************************************************/ + +/* Given a file-descriptor, check to see if it's a socket and, if so, +return the address family; detects IPv4 vs IPv6. If not a socket then +return -1. + +The value 0 is typically AF_UNSPEC, which should not be seen on a connected +fd. If the return is -1, the errno will be from getsockname(); probably +ENOTSOCK or ECONNRESET. + +Arguments: socket-or-not fd +Returns: address family or -1 +*/ + +int +ip_get_address_family(int fd) +{ +struct sockaddr_storage ss; +socklen_t sslen = sizeof(ss); + +if (getsockname(fd, (struct sockaddr *) &ss, &sslen) < 0) + return -1; + +return (int) ss.ss_family; +} + + + + +/************************************************* +* Lookup DSCP settings for a socket * +*************************************************/ + +struct dscp_name_tableentry { + const uschar *name; + int value; +}; +/* Keep both of these tables sorted! */ +static struct dscp_name_tableentry dscp_table[] = { +#ifdef IPTOS_DSCP_AF11 + { CUS"af11", IPTOS_DSCP_AF11 }, + { CUS"af12", IPTOS_DSCP_AF12 }, + { CUS"af13", IPTOS_DSCP_AF13 }, + { CUS"af21", IPTOS_DSCP_AF21 }, + { CUS"af22", IPTOS_DSCP_AF22 }, + { CUS"af23", IPTOS_DSCP_AF23 }, + { CUS"af31", IPTOS_DSCP_AF31 }, + { CUS"af32", IPTOS_DSCP_AF32 }, + { CUS"af33", IPTOS_DSCP_AF33 }, + { CUS"af41", IPTOS_DSCP_AF41 }, + { CUS"af42", IPTOS_DSCP_AF42 }, + { CUS"af43", IPTOS_DSCP_AF43 }, + { CUS"ef", IPTOS_DSCP_EF }, +#endif +#ifdef IPTOS_LOWCOST + { CUS"lowcost", IPTOS_LOWCOST }, +#endif + { CUS"lowdelay", IPTOS_LOWDELAY }, +#ifdef IPTOS_MINCOST + { CUS"mincost", IPTOS_MINCOST }, +#endif + { CUS"reliability", IPTOS_RELIABILITY }, + { CUS"throughput", IPTOS_THROUGHPUT } +}; +static int dscp_table_size = + sizeof(dscp_table) / sizeof(struct dscp_name_tableentry); + +/* DSCP values change by protocol family, and so do the options used for +setsockopt(); this utility does all the lookups. It takes an unexpanded +option string, expands it, strips off affix whitespace, then checks if it's +a number. If all of what's left is a number, then that's how the option will +be parsed and success/failure is a range check. If it's not all a number, +then it must be a supported keyword. + +Arguments: + dscp_name a string, so far unvalidated + af address_family in use + level setsockopt level to use + optname setsockopt name to use + dscp_value value for dscp_name + +Returns: TRUE if okay to setsockopt(), else FALSE + +*level and *optname may be set even if FALSE is returned +*/ + +BOOL +dscp_lookup(const uschar *dscp_name, int af, + int *level, int *optname, int *dscp_value) +{ +uschar *dscp_lookup, *p; +int first, last; +long rawlong; + +if (af == AF_INET) + { + *level = IPPROTO_IP; + *optname = IP_TOS; + } +else if (af == AF_INET6) + { + *level = IPPROTO_IPV6; + *optname = IPV6_TCLASS; + } +else + { + DEBUG(D_transport) + debug_printf("Unhandled address family %d in dscp_lookup()\n", af); + return FALSE; + } +if (!dscp_name) + { + DEBUG(D_transport) + debug_printf("[empty DSCP]\n"); + return FALSE; + } +dscp_lookup = expand_string(US dscp_name); +if (dscp_lookup == NULL || *dscp_lookup == '\0') + return FALSE; + +p = dscp_lookup + Ustrlen(dscp_lookup) - 1; +while (isspace(*p)) *p-- = '\0'; +while (isspace(*dscp_lookup) && dscp_lookup < p) dscp_lookup++; +if (*dscp_lookup == '\0') + return FALSE; + +rawlong = Ustrtol(dscp_lookup, &p, 0); +if (p != dscp_lookup && *p == '\0') + { + /* We have six bits available, which will end up shifted to fit in 0xFC mask. + RFC 2597 defines the values unshifted. */ + if (rawlong < 0 || rawlong > 0x3F) + { + DEBUG(D_transport) + debug_printf("DSCP value %ld out of range, ignored.\n", rawlong); + return FALSE; + } + *dscp_value = rawlong << 2; + return TRUE; + } + +first = 0; +last = dscp_table_size; +while (last > first) + { + int middle = (first + last)/2; + int c = Ustrcmp(dscp_lookup, dscp_table[middle].name); + if (c == 0) + { + *dscp_value = dscp_table[middle].value; + return TRUE; + } + else if (c > 0) + { + first = middle + 1; + } + else + { + last = middle; + } + } +return FALSE; +} + +void +dscp_list_to_stream(FILE *stream) +{ +int i; +for (i=0; i < dscp_table_size; ++i) + fprintf(stream, "%s\n", dscp_table[i].name); +} + + /* End of ip.c */ diff --git a/src/src/log.c b/src/src/log.c index 3a91ed295..1523874d9 100644 --- a/src/src/log.c +++ b/src/src/log.c @@ -179,7 +179,7 @@ overwrite it temporarily if it is necessary to create the directory. Returns: a file descriptor, or < 0 on failure (errno set) */ -static int +int log_create(uschar *name) { int fd = Uopen(name, O_CREAT|O_APPEND|O_WRONLY, LOG_MODE); @@ -1093,7 +1093,10 @@ if ((flags & LOG_PANIC) != 0) panic_recurseflag = FALSE; if (panic_save_buffer != NULL) - (void) write(paniclogfd, panic_save_buffer, Ustrlen(panic_save_buffer)); + { + int i = write(paniclogfd, panic_save_buffer, Ustrlen(panic_save_buffer)); + i = i; /* compiler quietening */ + } written_len = write_to_fd_buf(paniclogfd, log_buffer, length); if (written_len != length) diff --git a/src/src/lookups/dnsdb.c b/src/src/lookups/dnsdb.c index 0bbc86a56..a8eab2e47 100644 --- a/src/src/lookups/dnsdb.c +++ b/src/src/lookups/dnsdb.c @@ -27,6 +27,7 @@ header files. */ static const char *type_names[] = { "a", #if HAVE_IPV6 + "a+", "aaaa", #ifdef SUPPORT_A6 "a6", @@ -47,6 +48,7 @@ static const char *type_names[] = { static int type_values[] = { T_A, #if HAVE_IPV6 + T_APL, /* Private type for AAAA + A */ T_AAAA, #ifdef SUPPORT_A6 T_A6, @@ -280,157 +282,180 @@ while ((domain = string_nextinlist(&keystring, &sep, buffer, sizeof(buffer))) domain = rbuffer; } - DEBUG(D_lookup) debug_printf("dnsdb key: %s\n", domain); - - /* Do the lookup and sort out the result. There are three special types that - are handled specially: T_CSA, T_ZNS and T_MXH. The former two are handled in - a special lookup function so that the facility could be used from other - parts of the Exim code. The latter affects only what happens later on in - this function, but for tidiness it is handled in a similar way. If the - lookup fails, continue with the next domain. In the case of DEFER, adjust - the final "nothing found" result, but carry on to the next domain. */ - - found = domain; - rc = dns_special_lookup(&dnsa, domain, type, &found); - - if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue; - if (rc != DNS_SUCCEED) + do { - if (defer_mode == DEFER) return DEFER; /* always defer */ - else if (defer_mode == PASS) failrc = DEFER; /* defer only if all do */ - continue; /* treat defer as fail */ - } - - /* Search the returned records */ + DEBUG(D_lookup) debug_printf("dnsdb key: %s\n", domain); + + /* Do the lookup and sort out the result. There are four special types that + are handled specially: T_CSA, T_ZNS, T_APL and T_MXH. + The first two are handled in a special lookup function so that the facility + could be used from other parts of the Exim code. T_APL is handled by looping + over the types of A lookup. T_MXH affects only what happens later on in + this function, but for tidiness it is handled by the "special". If the + lookup fails, continue with the next domain. In the case of DEFER, adjust + the final "nothing found" result, but carry on to the next domain. */ + + found = domain; +#if HAVE_IPV6 + if (type == T_APL) /* NB cannot happen unless HAVE_IPV6 */ + { + if (searchtype == T_APL) +# if defined(SUPPORT_A6) + searchtype = T_A6; +# else + searchtype = T_AAAA; +# endif + else if (searchtype == T_A6) searchtype = T_AAAA; + else if (searchtype == T_AAAA) searchtype = T_A; + rc = dns_special_lookup(&dnsa, domain, searchtype, &found); + } + else +#endif + rc = dns_special_lookup(&dnsa, domain, type, &found); - for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); - rr != NULL; - rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) - { - if (rr->type != searchtype) continue; + if (rc == DNS_NOMATCH || rc == DNS_NODATA) continue; + if (rc != DNS_SUCCEED) + { + if (defer_mode == DEFER) return DEFER; /* always defer */ + if (defer_mode == PASS) failrc = DEFER; /* defer only if all do */ + continue; /* treat defer as fail */ + } - /* There may be several addresses from an A6 record. Put the configured - separator between them, just as for between several records. However, A6 - support is not normally configured these days. */ + /* Search the returned records */ - if (type == T_A || - #ifdef SUPPORT_A6 - type == T_A6 || - #endif - type == T_AAAA) + for (rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); + rr != NULL; + rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) { - dns_address *da; - for (da = dns_address_from_rr(&dnsa, rr); da != NULL; da = da->next) + if (rr->type != searchtype) continue; + + /* There may be several addresses from an A6 record. Put the configured + separator between them, just as for between several records. However, A6 + support is not normally configured these days. */ + + if (type == T_A || + #ifdef SUPPORT_A6 + type == T_A6 || + #endif + type == T_AAAA || + type == T_APL) { - if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1); - yield = string_cat(yield, &size, &ptr, da->address, - Ustrlen(da->address)); + dns_address *da; + for (da = dns_address_from_rr(&dnsa, rr); da != NULL; da = da->next) + { + if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1); + yield = string_cat(yield, &size, &ptr, da->address, + Ustrlen(da->address)); + } + continue; } - continue; - } - /* Other kinds of record just have one piece of data each, but there may be - several of them, of course. */ + /* Other kinds of record just have one piece of data each, but there may be + several of them, of course. */ - if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1); + if (ptr != 0) yield = string_cat(yield, &size, &ptr, outsep, 1); - if (type == T_TXT || type == T_SPF) - { - if (outsep2 == NULL) - { - /* output only the first item of data */ - yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1), - (rr->data)[0]); - } - else + if (type == T_TXT || type == T_SPF) { - /* output all items */ - int data_offset = 0; - while (data_offset < rr->size) + if (outsep2 == NULL) { - uschar chunk_len = (rr->data)[data_offset++]; - if (outsep2[0] != '\0' && data_offset != 1) - yield = string_cat(yield, &size, &ptr, outsep2, 1); - yield = string_cat(yield, &size, &ptr, + /* output only the first item of data */ + yield = string_cat(yield, &size, &ptr, (uschar *)(rr->data+1), + (rr->data)[0]); + } + else + { + /* output all items */ + int data_offset = 0; + while (data_offset < rr->size) + { + uschar chunk_len = (rr->data)[data_offset++]; + if (outsep2[0] != '\0' && data_offset != 1) + yield = string_cat(yield, &size, &ptr, outsep2, 1); + yield = string_cat(yield, &size, &ptr, (uschar *)((rr->data)+data_offset), chunk_len); - data_offset += chunk_len; + data_offset += chunk_len; + } } } - } - else /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */ - { - int priority, weight, port; - uschar s[264]; - uschar *p = (uschar *)(rr->data); - - if (type == T_MXH) - { - /* mxh ignores the priority number and includes only the hostnames */ - GETSHORT(priority, p); - } - else if (type == T_MX) - { - GETSHORT(priority, p); - sprintf(CS s, "%d ", priority); - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); - } - else if (type == T_SRV) - { - GETSHORT(priority, p); - GETSHORT(weight, p); - GETSHORT(port, p); - sprintf(CS s, "%d %d %d ", priority, weight, port); - yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); - } - else if (type == T_CSA) + else /* T_CNAME, T_CSA, T_MX, T_MXH, T_NS, T_PTR, T_SRV */ { - /* See acl_verify_csa() for more comments about CSA. */ - - GETSHORT(priority, p); - GETSHORT(weight, p); - GETSHORT(port, p); - - if (priority != 1) continue; /* CSA version must be 1 */ + int priority, weight, port; + uschar s[264]; + uschar *p = (uschar *)(rr->data); - /* If the CSA record we found is not the one we asked for, analyse - the subdomain assertions in the port field, else analyse the direct - authorization status in the weight field. */ - - if (found != domain) + if (type == T_MXH) { - if (port & 1) *s = 'X'; /* explicit authorization required */ - else *s = '?'; /* no subdomain assertions here */ + /* mxh ignores the priority number and includes only the hostnames */ + GETSHORT(priority, p); } - else + else if (type == T_MX) { - if (weight < 2) *s = 'N'; /* not authorized */ - else if (weight == 2) *s = 'Y'; /* authorized */ - else if (weight == 3) *s = '?'; /* unauthorizable */ - else continue; /* invalid */ + GETSHORT(priority, p); + sprintf(CS s, "%d ", priority); + yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + } + else if (type == T_SRV) + { + GETSHORT(priority, p); + GETSHORT(weight, p); + GETSHORT(port, p); + sprintf(CS s, "%d %d %d ", priority, weight, port); + yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); + } + else if (type == T_CSA) + { + /* See acl_verify_csa() for more comments about CSA. */ + + GETSHORT(priority, p); + GETSHORT(weight, p); + GETSHORT(port, p); + + if (priority != 1) continue; /* CSA version must be 1 */ + + /* If the CSA record we found is not the one we asked for, analyse + the subdomain assertions in the port field, else analyse the direct + authorization status in the weight field. */ + + if (found != domain) + { + if (port & 1) *s = 'X'; /* explicit authorization required */ + else *s = '?'; /* no subdomain assertions here */ + } + else + { + if (weight < 2) *s = 'N'; /* not authorized */ + else if (weight == 2) *s = 'Y'; /* authorized */ + else if (weight == 3) *s = '?'; /* unauthorizable */ + else continue; /* invalid */ + } + + s[1] = ' '; + yield = string_cat(yield, &size, &ptr, s, 2); } - s[1] = ' '; - yield = string_cat(yield, &size, &ptr, s, 2); - } - - /* GETSHORT() has advanced the pointer to the target domain. */ + /* GETSHORT() has advanced the pointer to the target domain. */ - rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p, - (DN_EXPAND_ARG4_TYPE)(s), sizeof(s)); + rc = dn_expand(dnsa.answer, dnsa.answer + dnsa.answerlen, p, + (DN_EXPAND_ARG4_TYPE)(s), sizeof(s)); - /* If an overlong response was received, the data will have been - truncated and dn_expand may fail. */ + /* If an overlong response was received, the data will have been + truncated and dn_expand may fail. */ - if (rc < 0) - { - log_write(0, LOG_MAIN, "host name alias list truncated: type=%s " - "domain=%s", dns_text_type(type), domain); - break; + if (rc < 0) + { + log_write(0, LOG_MAIN, "host name alias list truncated: type=%s " + "domain=%s", dns_text_type(type), domain); + break; + } + else yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); } - else yield = string_cat(yield, &size, &ptr, s, Ustrlen(s)); - } - } /* Loop for list of returned records */ - } /* Loop for list of domains */ + } /* Loop for list of returned records */ + + /* Loop for set of A-lookupu types */ + } while (type == T_APL && searchtype != T_A); + + } /* Loop for list of domains */ /* Reclaim unused memory */ diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c index 244d67561..40345bafc 100644 --- a/src/src/lookups/ldap.c +++ b/src/src/lookups/ldap.c @@ -519,18 +519,25 @@ if (!lcp->bound || { DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n", (lcp->bound)? "re-" : "", user, password); -#ifdef LDAP_OPT_X_TLS - /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this: */ if (eldap_start_tls) { - if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) { - *errmsg = string_sprintf("failed to initiate TLS processing on an " - "LDAP session to server %s%s - ldap_start_tls_s() returned %d:" - " %s", host, porttext, rc, ldap_err2string(rc)); - goto RETURN_ERROR; - } - } +#if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS) + /* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this. + * Note: moreover, they appear to now define LDAP_OPT_X_TLS and still not + * export an ldap_start_tls_s symbol. + */ + if ( (rc = ldap_start_tls_s(lcp->ld, NULL, NULL)) != LDAP_SUCCESS) + { + *errmsg = string_sprintf("failed to initiate TLS processing on an " + "LDAP session to server %s%s - ldap_start_tls_s() returned %d:" + " %s", host, porttext, rc, ldap_err2string(rc)); + goto RETURN_ERROR; + } +#else + DEBUG(D_lookup) + debug_printf("TLS initiation not supported with this Exim and your LDAP library.\n"); #endif + } if ((msgid = ldap_bind(lcp->ld, CS user, CS password, LDAP_AUTH_SIMPLE)) == -1) { diff --git a/src/src/lookups/spf.c b/src/src/lookups/spf.c index 862243850..23ad2addd 100644 --- a/src/src/lookups/spf.c +++ b/src/src/lookups/spf.c @@ -18,7 +18,9 @@ #include "../exim.h" #ifndef EXPERIMENTAL_SPF -static void dummy(int x) { dummy(x-1); } +static void dummy(int x); +static void dummy2(int x) { dummy(x-1); } +static void dummy(int x) { dummy2(x-1); } #else #include "lf_functions.h" diff --git a/src/src/macros.h b/src/src/macros.h index f7a22b668..a73bb0ba6 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -81,7 +81,7 @@ as unsigned. */ a no-op once an SSL session is in progress. */ #ifdef SUPPORT_TLS -#define mac_smtp_fflush() if (tls_active < 0) fflush(smtp_out); +#define mac_smtp_fflush() if (tls_in.active < 0) fflush(smtp_out); #else #define mac_smtp_fflush() fflush(smtp_out); #endif @@ -222,6 +222,9 @@ enum { ERRMESS_TOOMANYRECIP, /* Too many recipients */ ERRMESS_LOCAL_SCAN, /* Rejected by local scan */ ERRMESS_LOCAL_ACL /* Rejected by non-SMTP ACL */ +#ifdef EXPERIMENTAL_DMARC + ,ERRMESS_DMARC_FORENSIC /* DMARC Forensic Report */ +#endif }; /* Error handling styles - set by option, and apply only when receiving @@ -409,6 +412,8 @@ set all the bits in a multi-word selector. */ #define LX_tls_peerdn 0x80400000 #define LX_tls_sni 0x80800000 #define LX_unknown_in_list 0x81000000 +#define LX_8bitmime 0x82000000 +#define LX_smtp_mailauth 0x84000000 #define L_default (L_connection_reject | \ L_delay_delivery | \ @@ -424,6 +429,7 @@ set all the bits in a multi-word selector. */ #define LX_default ((LX_acl_warn_skipped | \ LX_rejected_header | \ LX_sender_verify_fail | \ + LX_smtp_confirmation | \ LX_tls_cipher) & 0x7fffffff) /* Private error numbers for delivery failures, set negative so as not @@ -624,7 +630,9 @@ for booleans that are kept in one bit. */ #define opt_public 0x200 /* Stored in the main instance block */ #define opt_set 0x400 /* Option is set */ #define opt_secure 0x800 /* "hide" prefix used */ -#define opt_mask 0x0ff +#define opt_rep_con 0x1000 /* Can be appended to by a repeated line (condition) */ +#define opt_rep_str 0x2000 /* Can be appended to by a repeated line (string) */ +#define opt_mask 0x00ff /* Verify types when directing and routing */ @@ -808,6 +816,9 @@ enum { ACL_WHERE_RCPT, /* Some controls are for RCPT only */ ACL_WHERE_MIME, /* ) implemented by <= WHERE_NOTSMTP */ ACL_WHERE_DKIM, /* ) */ ACL_WHERE_DATA, /* ) */ +#ifdef EXPERIMENTAL_PRDR + ACL_WHERE_PRDR, /* ) */ +#endif ACL_WHERE_NOTSMTP, /* ) */ ACL_WHERE_AUTH, /* These remaining ones are not currently */ @@ -820,7 +831,10 @@ enum { ACL_WHERE_RCPT, /* Some controls are for RCPT only */ ACL_WHERE_NOTQUIT, ACL_WHERE_QUIT, ACL_WHERE_STARTTLS, - ACL_WHERE_VRFY + ACL_WHERE_VRFY, + + ACL_WHERE_DELIVERY, + ACL_WHERE_UNKNOWN /* Currently used by a ${acl:name} expansion */ }; /* Situations for spool_write_header() */ diff --git a/src/src/malware.c b/src/src/malware.c index 7de913f49..994c62993 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -1214,7 +1214,7 @@ static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking) sizeof(sophie_options_buffer))) == NULL) { /* no options supplied, use default options */ sophie_options = sophie_options_default; - }; + } /* open the sophie socket */ sock = socket(AF_UNIX, SOCK_STREAM, 0); @@ -1249,14 +1249,14 @@ static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking) DEBUG(D_acl) debug_printf("Malware scan: issuing %s scan [%s]\n", scanner_name, sophie_options); - if (write(sock, file_name, Ustrlen(file_name)) < 0) { + if ( write(sock, file_name, Ustrlen(file_name)) < 0 + || write(sock, "\n", 1) != 1 + ) { (void)close(sock); log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to write to sophie UNIX socket (%s)", sophie_options); return DEFER; - }; - - (void)write(sock, "\n", 1); + } /* wait for result */ memset(av_buffer, 0, sizeof(av_buffer)); @@ -1265,7 +1265,7 @@ static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking) log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: unable to read from sophie UNIX socket (%s)", sophie_options); return DEFER; - }; + } (void)close(sock); @@ -1283,7 +1283,7 @@ static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking) else { /* all ok, no virus */ malware_name = NULL; - }; + } } /* ----------------------------------------------------------------------- */ diff --git a/src/src/match.c b/src/src/match.c index 792581790..66ae3dddb 100644 --- a/src/src/match.c +++ b/src/src/match.c @@ -1010,7 +1010,7 @@ uschar *s, *pdomain, *sdomain; error = error; /* Keep clever compilers from complaining */ -DEBUG(D_lists) debug_printf("address match: subject=%s pattern=%s\n", +DEBUG(D_lists) debug_printf("address match test: subject=%s pattern=%s\n", subject, pattern); /* Find the subject's domain */ diff --git a/src/src/moan.c b/src/src/moan.c index 6c04f7a57..3b670a144 100644 --- a/src/src/moan.c +++ b/src/src/moan.c @@ -202,6 +202,26 @@ switch(ident) fprintf(f, "\n"); break; +#ifdef EXPERIMENTAL_DMARC + case ERRMESS_DMARC_FORENSIC: + bounce_return_message = TRUE; + bounce_return_body = FALSE; + fprintf(f, + "Subject: DMARC Forensic Report for %s from IP %s\n\n", + ((eblock == NULL) ? US"Unknown" : eblock->text2), + sender_host_address); + fprintf(f, + "A message claiming to be from you has failed the published DMARC\n" + "policy for your domain.\n\n"); + while (eblock != NULL) + { + fprintf(f, " %s: %s\n", eblock->text1, eblock->text2); + count++; + eblock = eblock->next; + } + break; +#endif + default: fprintf(f, "Subject: Mail failure\n\n"); fprintf(f, @@ -280,8 +300,16 @@ if (bounce_return_message) } } } +#ifdef EXPERIMENTAL_DMARC + /* Overkill, but use exact test in case future code gets inserted */ + else if (bounce_return_body && message_file == NULL) + { + /* This doesn't print newlines, disable until can parse and fix + * output to be legible. */ + fprintf(f, "%s", expand_string(US"$message_body")); + } +#endif } - /* Close the file, which should send an EOF to the child process that is receiving the message. Wait for it to finish, without a timeout. */ diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index 764cc83be..1d364a3c9 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -27,8 +27,8 @@ /* -------------------------------------------------------------------------- */ /* Length of the preallocated buffer for the "answer" from the dns/txt - callback function. */ -#define PDKIM_DNS_TXT_MAX_RECLEN 4096 + callback function. This should match the maximum RDLENGTH from DNS. */ +#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16) /* -------------------------------------------------------------------------- */ /* Function success / error codes */ diff --git a/src/src/queue.c b/src/src/queue.c index b3dbd2c4e..8876e09be 100644 --- a/src/src/queue.c +++ b/src/src/queue.c @@ -650,7 +650,8 @@ for (i = (queue_run_in_order? -1 : 0); the mere fact that read() unblocks is enough. */ set_process_info("running queue: waiting for children of %d", pid); - (void)read(pfd[pipe_read], buffer, sizeof(buffer)); + if (read(pfd[pipe_read], buffer, sizeof(buffer)) > 0) + log_write(0, LOG_MAIN|LOG_PANIC, "queue run: unexpected data on pipe"); (void)close(pfd[pipe_read]); set_process_info("running queue"); @@ -1018,7 +1019,7 @@ if (action >= MSG_SHOW_BODY) } while((rc = read(fd, big_buffer, big_buffer_size)) > 0) - (void)write(fileno(stdout), big_buffer, rc); + rc = write(fileno(stdout), big_buffer, rc); (void)close(fd); return TRUE; diff --git a/src/src/rda.c b/src/src/rda.c index 877434098..f915ce740 100644 --- a/src/src/rda.c +++ b/src/src/rda.c @@ -433,22 +433,24 @@ return parse_forward_list(data, * Write string down pipe * *************************************************/ -/* This function is used for tranferring a string down a pipe between +/* This function is used for transferring a string down a pipe between processes. If the pointer is NULL, a length of zero is written. Arguments: fd the pipe s the string -Returns: nothing +Returns: -1 on error, else 0 */ -static void +static int rda_write_string(int fd, uschar *s) { int len = (s == NULL)? 0 : Ustrlen(s) + 1; -(void)write(fd, &len, sizeof(int)); -if (s != NULL) (void)write(fd, s, len); +return ( write(fd, &len, sizeof(int)) != sizeof(int) + || (s != NULL && write(fd, s, len) != len) + ) + ? -1 : 0; } @@ -645,9 +647,11 @@ if ((pid = fork()) == 0) /* Pass back whether it was a filter, and the return code and any overall error text via the pipe. */ - (void)write(fd, filtertype, sizeof(int)); - (void)write(fd, &yield, sizeof(int)); - rda_write_string(fd, *error); + if ( write(fd, filtertype, sizeof(int)) != sizeof(int) + || write(fd, &yield, sizeof(int)) != sizeof(int) + || rda_write_string(fd, *error) != 0 + ) + goto bad; /* Pass back the contents of any syntax error blocks if we have a pointer */ @@ -655,11 +659,12 @@ if ((pid = fork()) == 0) { error_block *ep; for (ep = *eblockp; ep != NULL; ep = ep->next) - { - rda_write_string(fd, ep->text1); - rda_write_string(fd, ep->text2); - } - rda_write_string(fd, NULL); /* Indicates end of eblocks */ + if ( rda_write_string(fd, ep->text1) != 0 + || rda_write_string(fd, ep->text2) != 0 + ) + goto bad; + if (rda_write_string(fd, NULL) != 0) /* Indicates end of eblocks */ + goto bad; } /* If this is a system filter, we have to pass back the numbers of any @@ -671,27 +676,33 @@ if ((pid = fork()) == 0) int i = 0; header_line *h; for (h = header_list; h != waslast->next; i++, h = h->next) - { - if (h->type == htype_old) (void)write(fd, &i, sizeof(i)); - } + if ( h->type == htype_old + && write(fd, &i, sizeof(i)) != sizeof(i) + ) + goto bad; + i = -1; - (void)write(fd, &i, sizeof(i)); + if (write(fd, &i, sizeof(i)) != sizeof(i)) + goto bad; while (waslast != header_last) { waslast = waslast->next; if (waslast->type != htype_old) - { - rda_write_string(fd, waslast->text); - (void)write(fd, &(waslast->type), sizeof(waslast->type)); - } + if ( rda_write_string(fd, waslast->text) != 0 + || write(fd, &(waslast->type), sizeof(waslast->type)) + != sizeof(waslast->type) + ) + goto bad; } - rda_write_string(fd, NULL); /* Indicates end of added headers */ + if (rda_write_string(fd, NULL) != 0) /* Indicates end of added headers */ + goto bad; } /* Write the contents of the $n variables */ - (void)write(fd, filter_n, sizeof(filter_n)); + if (write(fd, filter_n, sizeof(filter_n)) != sizeof(filter_n)) + goto bad; /* If the result was DELIVERED or NOTDELIVERED, we pass back the generated addresses, and their associated information, through the pipe. This is @@ -707,52 +718,71 @@ if ((pid = fork()) == 0) { int reply_options = 0; - rda_write_string(fd, addr->address); - (void)write(fd, &(addr->mode), sizeof(addr->mode)); - (void)write(fd, &(addr->flags), sizeof(addr->flags)); - rda_write_string(fd, addr->p.errors_address); + if ( rda_write_string(fd, addr->address) != 0 + || write(fd, &(addr->mode), sizeof(addr->mode)) + != sizeof(addr->mode) + || write(fd, &(addr->flags), sizeof(addr->flags)) + != sizeof(addr->flags) + || rda_write_string(fd, addr->p.errors_address) != 0 + ) + goto bad; if (addr->pipe_expandn != NULL) { uschar **pp; for (pp = addr->pipe_expandn; *pp != NULL; pp++) - rda_write_string(fd, *pp); + if (rda_write_string(fd, *pp) != 0) + goto bad; } - rda_write_string(fd, NULL); + if (rda_write_string(fd, NULL) != 0) + goto bad; if (addr->reply == NULL) - (void)write(fd, &reply_options, sizeof(int)); /* 0 means no reply */ + { + if (write(fd, &reply_options, sizeof(int)) != sizeof(int)) /* 0 means no reply */ + goto bad; + } else { reply_options |= REPLY_EXISTS; if (addr->reply->file_expand) reply_options |= REPLY_EXPAND; if (addr->reply->return_message) reply_options |= REPLY_RETURN; - (void)write(fd, &reply_options, sizeof(int)); - (void)write(fd, &(addr->reply->expand_forbid), sizeof(int)); - (void)write(fd, &(addr->reply->once_repeat), sizeof(time_t)); - rda_write_string(fd, addr->reply->to); - rda_write_string(fd, addr->reply->cc); - rda_write_string(fd, addr->reply->bcc); - rda_write_string(fd, addr->reply->from); - rda_write_string(fd, addr->reply->reply_to); - rda_write_string(fd, addr->reply->subject); - rda_write_string(fd, addr->reply->headers); - rda_write_string(fd, addr->reply->text); - rda_write_string(fd, addr->reply->file); - rda_write_string(fd, addr->reply->logfile); - rda_write_string(fd, addr->reply->oncelog); + if ( write(fd, &reply_options, sizeof(int)) != sizeof(int) + || write(fd, &(addr->reply->expand_forbid), sizeof(int)) + != sizeof(int) + || write(fd, &(addr->reply->once_repeat), sizeof(time_t)) + != sizeof(time_t) + || rda_write_string(fd, addr->reply->to) != 0 + || rda_write_string(fd, addr->reply->cc) != 0 + || rda_write_string(fd, addr->reply->bcc) != 0 + || rda_write_string(fd, addr->reply->from) != 0 + || rda_write_string(fd, addr->reply->reply_to) != 0 + || rda_write_string(fd, addr->reply->subject) != 0 + || rda_write_string(fd, addr->reply->headers) != 0 + || rda_write_string(fd, addr->reply->text) != 0 + || rda_write_string(fd, addr->reply->file) != 0 + || rda_write_string(fd, addr->reply->logfile) != 0 + || rda_write_string(fd, addr->reply->oncelog) != 0 + ) + goto bad; } } - rda_write_string(fd, NULL); /* Marks end of addresses */ + if (rda_write_string(fd, NULL) != 0) /* Marks end of addresses */ + goto bad; } /* OK, this process is now done. Free any cached resources. Must use _exit() and not exit() !! */ +out: (void)close(fd); search_tidyup(); _exit(0); + +bad: + DEBUG(D_rewrite) debug_printf("rda_interpret: failed write to pipe\n"); + goto out; } /* Back in the main process: panic if the fork did not succeed. */ diff --git a/src/src/readconf.c b/src/src/readconf.c index a0c5ca0cd..d0608d7de 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -140,6 +140,9 @@ static optionlist optionlist_config[] = { { "acl_smtp_auth", opt_stringptr, &acl_smtp_auth }, { "acl_smtp_connect", opt_stringptr, &acl_smtp_connect }, { "acl_smtp_data", opt_stringptr, &acl_smtp_data }, +#ifdef EXPERIMENTAL_PRDR + { "acl_smtp_data_prdr", opt_stringptr, &acl_smtp_data_prdr }, +#endif #ifndef DISABLE_DKIM { "acl_smtp_dkim", opt_stringptr, &acl_smtp_dkim }, #endif @@ -211,11 +214,17 @@ static optionlist optionlist_config[] = { { "disable_ipv6", opt_bool, &disable_ipv6 }, #ifndef DISABLE_DKIM { "dkim_verify_signers", opt_stringptr, &dkim_verify_signers }, +#endif +#ifdef EXPERIMENTAL_DMARC + { "dmarc_forensic_sender", opt_stringptr, &dmarc_forensic_sender }, + { "dmarc_history_file", opt_stringptr, &dmarc_history_file }, + { "dmarc_tld_file", opt_stringptr, &dmarc_tld_file }, #endif { "dns_again_means_nonexist", opt_stringptr, &dns_again_means_nonexist }, { "dns_check_names_pattern", opt_stringptr, &check_dns_names_pattern }, { "dns_csa_search_limit", opt_int, &dns_csa_search_limit }, { "dns_csa_use_reverse", opt_bool, &dns_csa_use_reverse }, + { "dns_dnssec_ok", opt_int, &dns_dnssec_ok }, { "dns_ipv4_lookup", opt_stringptr, &dns_ipv4_lookup }, { "dns_retrans", opt_time, &dns_retrans }, { "dns_retry", opt_int, &dns_retry }, @@ -238,6 +247,7 @@ static optionlist optionlist_config[] = { { "gecos_pattern", opt_stringptr, &gecos_pattern }, #ifdef SUPPORT_TLS { "gnutls_compat_mode", opt_bool, &gnutls_compat_mode }, + { "gnutls_enable_pkcs11", opt_bool, &gnutls_enable_pkcs11 }, /* These three gnutls_require_* options stopped working in Exim 4.80 */ { "gnutls_require_kx", opt_stringptr, &gnutls_require_kx }, { "gnutls_require_mac", opt_stringptr, &gnutls_require_mac }, @@ -317,6 +327,9 @@ static optionlist optionlist_config[] = { #endif { "pid_file_path", opt_stringptr, &pid_file_path }, { "pipelining_advertise_hosts", opt_stringptr, &pipelining_advertise_hosts }, +#ifdef EXPERIMENTAL_PRDR + { "prdr_enable", opt_bool, &prdr_enable }, +#endif { "preserve_message_logs", opt_bool, &preserve_message_logs }, { "primary_hostname", opt_stringptr, &primary_hostname }, { "print_topbitchars", opt_bool, &print_topbitchars }, @@ -420,10 +433,10 @@ static optionlist optionlist_config[] = { { "tls_crl", opt_stringptr, &tls_crl }, { "tls_dh_max_bits", opt_int, &tls_dh_max_bits }, { "tls_dhparam", opt_stringptr, &tls_dhparam }, -#if defined(EXPERIMENTAL_OCSP) && !defined(USE_GNUTLS) +# if defined(EXPERIMENTAL_OCSP) && !defined(USE_GNUTLS) { "tls_ocsp_file", opt_stringptr, &tls_ocsp_file }, -#endif - { "tls_on_connect_ports", opt_stringptr, &tls_on_connect_ports }, +# endif + { "tls_on_connect_ports", opt_stringptr, &tls_in.on_connect_ports }, { "tls_privatekey", opt_stringptr, &tls_privatekey }, { "tls_remember_esmtp", opt_bool, &tls_remember_esmtp }, { "tls_require_ciphers", opt_stringptr, &tls_require_ciphers }, @@ -1375,7 +1388,6 @@ uid_t uid; gid_t gid; BOOL boolvalue = TRUE; BOOL freesptr = TRUE; -BOOL extra_condition = FALSE; optionlist *ol, *ol2; struct passwd *pw; void *reset_point; @@ -1438,16 +1450,9 @@ if (ol == NULL) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, CS unknown_txt, name); } -if ((ol->type & opt_set) != 0) - { - uschar *mname = name; - if (Ustrncmp(mname, "no_", 3) == 0) mname += 3; - if (Ustrcmp(mname, "condition") == 0) - extra_condition = TRUE; - else - log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, - "\"%s\" option set for the second time", mname); - } +if ((ol->type & opt_set) && !(ol->type & (opt_rep_con | opt_rep_str))) + log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, + "\"%s\" option set for the second time", name); ol->type |= opt_set | issecure; type = ol->type & opt_mask; @@ -1531,7 +1536,7 @@ switch (type) str_target = (uschar **)(ol->value); else str_target = (uschar **)((uschar *)data_block + (long int)(ol->value)); - if (extra_condition) + if (ol->type & opt_rep_con) { /* We already have a condition, we're conducting a crude hack to let multiple condition rules be chained together, despite storing them in @@ -1540,9 +1545,10 @@ switch (type) strtemp = string_sprintf("${if and{{bool_lax{%s}}{bool_lax{%s}}}}", saved_condition, sptr); *str_target = string_copy_malloc(strtemp); - /* TODO(pdp): there is a memory leak here when we set 3 or more - conditions; I still don't understand the store mechanism enough - to know what's the safe way to free content from an earlier store. + /* TODO(pdp): there is a memory leak here and just below + when we set 3 or more conditions; I still don't + understand the store mechanism enough to know + what's the safe way to free content from an earlier store. AFAICT, stores stack, so freeing an early stored item also stores all data alloc'd after it. If we knew conditions were adjacent, we could survive that, but we don't. So I *think* we need to take @@ -1553,6 +1559,15 @@ switch (type) Because we only do this once, near process start-up, I'm prepared to let this slide for the time being, even though it rankles. */ } + else if (*str_target && (ol->type & opt_rep_str)) + { + uschar sep = Ustrncmp(name, "headers_add", 11)==0 ? '\n' : ':'; + saved_condition = *str_target; + strtemp = saved_condition + Ustrlen(saved_condition)-1; + if (*strtemp == sep) *strtemp = 0; /* eliminate trailing list-sep */ + strtemp = string_sprintf("%s%c%s", saved_condition, sep, sptr); + *str_target = string_copy_malloc(strtemp); + } else { *str_target = sptr; @@ -2153,13 +2168,14 @@ Arguments: resides. oltop points to the option list in which ol exists last one more than the offset of the last entry in optop + no_labels do not show "foo = " at the start. Returns: nothing */ static void print_ol(optionlist *ol, uschar *name, void *options_block, - optionlist *oltop, int last) + optionlist *oltop, int last, BOOL no_labels) { struct passwd *pw; struct group *gr; @@ -2181,7 +2197,11 @@ if (ol == NULL) if (!admin_user && (ol->type & opt_secure) != 0) { - printf("%s = \n", name); + const char * const hidden = ""; + if (no_labels) + printf("%s\n", hidden); + else + printf("%s = %s\n", name, hidden); return; } @@ -2200,11 +2220,13 @@ switch(ol->type & opt_mask) case opt_stringptr: case opt_rewrite: /* Show the text value */ s = *((uschar **)value); - printf("%s = %s\n", name, (s == NULL)? US"" : string_printing2(s, FALSE)); + if (!no_labels) printf("%s = ", name); + printf("%s\n", (s == NULL)? US"" : string_printing2(s, FALSE)); break; case opt_int: - printf("%s = %d\n", name, *((int *)value)); + if (!no_labels) printf("%s = ", name); + printf("%d\n", *((int *)value)); break; case opt_mkint: @@ -2219,23 +2241,30 @@ switch(ol->type & opt_mask) c = 'M'; x >>= 10; } - printf("%s = %d%c\n", name, x, c); + if (!no_labels) printf("%s = ", name); + printf("%d%c\n", x, c); + } + else + { + if (!no_labels) printf("%s = ", name); + printf("%d\n", x); } - else printf("%s = %d\n", name, x); } break; case opt_Kint: { int x = *((int *)value); - if (x == 0) printf("%s = 0\n", name); - else if ((x & 1023) == 0) printf("%s = %dM\n", name, x >> 10); - else printf("%s = %dK\n", name, x); + if (!no_labels) printf("%s = ", name); + if (x == 0) printf("0\n"); + else if ((x & 1023) == 0) printf("%dM\n", x >> 10); + else printf("%dK\n", x); } break; case opt_octint: - printf("%s = %#o\n", name, *((int *)value)); + if (!no_labels) printf("%s = ", name); + printf("%#o\n", *((int *)value)); break; /* Can be negative only when "unset", in which case integer */ @@ -2247,7 +2276,8 @@ switch(ol->type & opt_mask) int d = 100; if (x < 0) printf("%s =\n", name); else { - printf("%s = %d.", name, x/1000); + if (!no_labels) printf("%s = ", name); + printf("%d.", x/1000); do { printf("%d", f/d); @@ -2273,7 +2303,8 @@ switch(ol->type & opt_mask) if (options_block != NULL) value2 = (void *)((uschar *)options_block + (long int)value2); s = *((uschar **)value2); - printf("%s = %s\n", name, (s == NULL)? US"" : string_printing(s)); + if (!no_labels) printf("%s = ", name); + printf("%s\n", (s == NULL)? US"" : string_printing(s)); break; } } @@ -2281,14 +2312,15 @@ switch(ol->type & opt_mask) /* Else fall through */ case opt_uid: + if (!no_labels) printf("%s = ", name); if (! *get_set_flag(name, oltop, last, options_block)) - printf("%s =\n", name); + printf("\n"); else { pw = getpwuid(*((uid_t *)value)); if (pw == NULL) - printf("%s = %ld\n", name, (long int)(*((uid_t *)value))); - else printf("%s = %s\n", name, pw->pw_name); + printf("%ld\n", (long int)(*((uid_t *)value))); + else printf("%s\n", pw->pw_name); } break; @@ -2305,7 +2337,8 @@ switch(ol->type & opt_mask) if (options_block != NULL) value2 = (void *)((uschar *)options_block + (long int)value2); s = *((uschar **)value2); - printf("%s = %s\n", name, (s == NULL)? US"" : string_printing(s)); + if (!no_labels) printf("%s = ", name); + printf("%s\n", (s == NULL)? US"" : string_printing(s)); break; } } @@ -2313,31 +2346,34 @@ switch(ol->type & opt_mask) /* Else fall through */ case opt_gid: + if (!no_labels) printf("%s = ", name); if (! *get_set_flag(name, oltop, last, options_block)) - printf("%s =\n", name); + printf("\n"); else { gr = getgrgid(*((int *)value)); if (gr == NULL) - printf("%s = %ld\n", name, (long int)(*((int *)value))); - else printf("%s = %s\n", name, gr->gr_name); + printf("%ld\n", (long int)(*((int *)value))); + else printf("%s\n", gr->gr_name); } break; case opt_uidlist: uidlist = *((uid_t **)value); - printf("%s =", name); + if (!no_labels) printf("%s =", name); if (uidlist != NULL) { int i; uschar sep = ' '; + if (no_labels) sep = '\0'; for (i = 1; i <= (int)(uidlist[0]); i++) { uschar *name = NULL; pw = getpwuid(uidlist[i]); if (pw != NULL) name = US pw->pw_name; - if (name != NULL) printf("%c%s", sep, name); - else printf("%c%ld", sep, (long int)(uidlist[i])); + if (sep != '\0') printf("%c", sep); + if (name != NULL) printf("%s", name); + else printf("%ld", (long int)(uidlist[i])); sep = ':'; } } @@ -2346,18 +2382,20 @@ switch(ol->type & opt_mask) case opt_gidlist: gidlist = *((gid_t **)value); - printf("%s =", name); + if (!no_labels) printf("%s =", name); if (gidlist != NULL) { int i; uschar sep = ' '; + if (no_labels) sep = '\0'; for (i = 1; i <= (int)(gidlist[0]); i++) { uschar *name = NULL; gr = getgrgid(gidlist[i]); if (gr != NULL) name = US gr->gr_name; - if (name != NULL) printf("%c%s", sep, name); - else printf("%c%ld", sep, (long int)(gidlist[i])); + if (sep != '\0') printf("%c", sep); + if (name != NULL) printf("%s", name); + else printf("%ld", (long int)(gidlist[i])); sep = ':'; } } @@ -2365,14 +2403,15 @@ switch(ol->type & opt_mask) break; case opt_time: - printf("%s = %s\n", name, readconf_printtime(*((int *)value))); + if (!no_labels) printf("%s = ", name); + printf("%s\n", readconf_printtime(*((int *)value))); break; case opt_timelist: { int i; int *list = (int *)value; - printf("%s = ", name); + if (!no_labels) printf("%s = ", name); for (i = 0; i < list[1]; i++) printf("%s%s", (i == 0)? "" : ":", readconf_printtime(list[i+2])); printf("\n"); @@ -2395,7 +2434,8 @@ switch(ol->type & opt_mask) s = *((uschar **)value2); if (s != NULL) { - printf("%s = %s\n", name, string_printing(s)); + if (!no_labels) printf("%s = ", name); + printf("%s\n", string_printing(s)); break; } /* s == NULL => string not set; fall through */ @@ -2441,12 +2481,13 @@ driver whose options are to be printed. Arguments: name option name if type == NULL; else driver name type NULL or driver type name, as described above + no_labels avoid the "foo = " at the start of an item Returns: nothing */ void -readconf_print(uschar *name, uschar *type) +readconf_print(uschar *name, uschar *type, BOOL no_labels) { BOOL names_only = FALSE; optionlist *ol; @@ -2473,8 +2514,11 @@ if (type == NULL) if (t != NULL) { found = TRUE; - printf("%slist %s = %s\n", types[i], name+1, - ((namedlist_block *)(t->data.ptr))->string); + if (no_labels) + printf("%s\n", ((namedlist_block *)(t->data.ptr))->string); + else + printf("%slist %s = %s\n", types[i], name+1, + ((namedlist_block *)(t->data.ptr))->string); } } @@ -2497,7 +2541,9 @@ if (type == NULL) ol < optionlist_config + optionlist_config_size; ol++) { if ((ol->type & opt_hidden) == 0) - print_ol(ol, US ol->name, NULL, optionlist_config, optionlist_config_size); + print_ol(ol, US ol->name, NULL, + optionlist_config, optionlist_config_size, + no_labels); } return; } @@ -2511,7 +2557,7 @@ if (type == NULL) ol < local_scan_options + local_scan_options_count; ol++) { print_ol(ol, US ol->name, NULL, local_scan_options, - local_scan_options_count); + local_scan_options_count, no_labels); } #endif return; @@ -2571,7 +2617,7 @@ if (type == NULL) else { print_ol(find_option(name, optionlist_config, optionlist_config_size), - name, NULL, optionlist_config, optionlist_config_size); + name, NULL, optionlist_config, optionlist_config_size, no_labels); return; } } @@ -2644,14 +2690,14 @@ for (; d != NULL; d = d->next) for (ol = ol2; ol < ol2 + size; ol++) { if ((ol->type & opt_hidden) == 0) - print_ol(ol, US ol->name, d, ol2, size); + print_ol(ol, US ol->name, d, ol2, size, no_labels); } for (ol = d->info->options; ol < d->info->options + *(d->info->options_count); ol++) { if ((ol->type & opt_hidden) == 0) - print_ol(ol, US ol->name, d, d->info->options, *(d->info->options_count)); + print_ol(ol, US ol->name, d, d->info->options, *(d->info->options_count), no_labels); } if (name != NULL) return; } @@ -3786,7 +3832,7 @@ while ((p = get_config_line()) != NULL) pp = p; while (mac_isgraph(*p)) p++; if (p - pp <= 0) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, - "missing error type"); + "missing error type in retry rule"); /* Test error names for things we understand. */ diff --git a/src/src/receive.c b/src/src/receive.c index 378bb8f3a..48c83db03 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -13,6 +13,10 @@ extern int dcc_ok; #endif +#ifdef EXPERIMENTAL_DMARC +#include "dmarc.h" +#endif /* EXPERIMENTAL_DMARC */ + /************************************************* * Local static variables * *************************************************/ @@ -286,32 +290,50 @@ Returns: it doesn't void receive_bomb_out(uschar *reason, uschar *msg) { + static BOOL already_bombing_out; +/* The smtp_notquit_exit() below can call ACLs which can trigger recursive +timeouts, if someone has something slow in their quit ACL. Since the only +things we should be doing are to close down cleanly ASAP, on the second +pass we also close down stuff that might be opened again, before bypassing +the ACL call and exiting. */ + /* If spool_name is set, it contains the name of the data file that is being written. Unlink it before closing so that it cannot be picked up by a delivery process. Ensure that any header file is also removed. */ -if (spool_name[0] != 0) +if (spool_name[0] != '\0') { Uunlink(spool_name); spool_name[Ustrlen(spool_name) - 1] = 'H'; Uunlink(spool_name); + spool_name[0] = '\0'; } /* Now close the file if it is open, either as a fd or a stream. */ -if (data_file != NULL) (void)fclose(data_file); - else if (data_fd >= 0) (void)close(data_fd); +if (data_file != NULL) + { + (void)fclose(data_file); + data_file = NULL; +} else if (data_fd >= 0) { + (void)close(data_fd); + data_fd = -1; + } /* Attempt to close down an SMTP connection tidily. For non-batched SMTP, call smtp_notquit_exit(), which runs the NOTQUIT ACL, if present, and handles the SMTP response. */ -if (smtp_input) +if (!already_bombing_out) { - if (smtp_batched_input) - moan_smtp_batch(NULL, "421 %s - message abandoned", msg); /* No return */ - smtp_notquit_exit(reason, US"421", US"%s %s - closing connection.", - smtp_active_hostname, msg); + already_bombing_out = TRUE; + if (smtp_input) + { + if (smtp_batched_input) + moan_smtp_batch(NULL, "421 %s - message abandoned", msg); /* No return */ + smtp_notquit_exit(reason, US"421", US"%s %s - closing connection.", + smtp_active_hostname, msg); + } } /* Exit from the program (non-BSMTP cases) */ @@ -481,6 +503,36 @@ recipients_list[recipients_count++].errors_to = NULL; +/************************************************* +* Send user response message * +*************************************************/ + +/* This function is passed a default response code and a user message. It calls +smtp_message_code() to check and possibly modify the response code, and then +calls smtp_respond() to transmit the response. I put this into a function +just to avoid a lot of repetition. + +Arguments: + code the response code + user_msg the user message + +Returns: nothing +*/ + +#ifdef EXPERIMENTAL_PRDR +static void +smtp_user_msg(uschar *code, uschar *user_msg) +{ +int len = 3; +smtp_message_code(&code, &len, &user_msg, NULL); +smtp_respond(code, len, TRUE, user_msg); +} +#endif + + + + + /************************************************* * Remove a recipient from the list * *************************************************/ @@ -721,7 +773,7 @@ static int read_message_data_smtp(FILE *fout) { int ch_state = 0; -register int ch; +int ch; register int linelength = 0; while ((ch = (receive_getc)()) != EOF) @@ -768,6 +820,7 @@ while ((ch = (receive_getc)()) != EOF) { message_size++; if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR; + (void) cutthrough_put_nl(); if (ch != '\r') ch_state = 1; else continue; } break; @@ -788,6 +841,7 @@ while ((ch = (receive_getc)()) != EOF) message_size++; body_linecount++; if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR; + (void) cutthrough_put_nl(); if (ch == '\r') { ch_state = 2; @@ -807,6 +861,13 @@ while ((ch = (receive_getc)()) != EOF) if (fputc(ch, fout) == EOF) return END_WERROR; if (message_size > thismessage_size_limit) return END_SIZE; } + if(ch == '\n') + (void) cutthrough_put_nl(); + else + { + uschar c= ch; + (void) cutthrough_puts(&c, 1); + } } /* Fall through here if EOF encountered. This indicates some kind of error, @@ -928,6 +989,38 @@ add_acl_headers(uschar *acl_name) header_line *h, *next; header_line *last_received = NULL; +if (acl_removed_headers != NULL) + { + DEBUG(D_receive|D_acl) debug_printf(">>Headers removed by %s ACL:\n", acl_name); + + for (h = header_list; h != NULL; h = h->next) + { + uschar *list; + BOOL include_header; + + if (h->type == htype_old) continue; + + include_header = TRUE; + list = acl_removed_headers; + + int sep = ':'; /* This is specified as a colon-separated list */ + uschar *s; + uschar buffer[128]; + while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) + != NULL) + { + int len = Ustrlen(s); + if (header_testname(h, s, len, FALSE)) + { + h->type = htype_old; + DEBUG(D_receive|D_acl) debug_printf(" %s", h->text); + } + } + } + acl_removed_headers = NULL; + DEBUG(D_receive|D_acl) debug_printf(">>\n"); + } + if (acl_added_headers == NULL) return; DEBUG(D_receive|D_acl) debug_printf(">>Headers added by %s ACL:\n", acl_name); @@ -1197,6 +1290,52 @@ return TRUE; #endif /* WITH_CONTENT_SCAN */ + +void +received_header_gen(void) +{ +uschar *received; +uschar *timestamp; +header_line *received_header= header_list; + +timestamp = expand_string(US"${tod_full}"); +if (recipients_count == 1) received_for = recipients_list[0].address; +received = expand_string(received_header_text); +received_for = NULL; + +if (received == NULL) + { + if(spool_name[0] != 0) + Uunlink(spool_name); /* Lose the data file */ + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" " + "(received_header_text) failed: %s", string_printing(received_header_text), + expand_string_message); + } + +/* The first element on the header chain is reserved for the Received header, +so all we have to do is fill in the text pointer, and set the type. However, if +the result of the expansion is an empty string, we leave the header marked as +"old" so as to refrain from adding a Received header. */ + +if (received[0] == 0) + { + received_header->text = string_sprintf("Received: ; %s\n", timestamp); + received_header->type = htype_old; + } +else + { + received_header->text = string_sprintf("%s; %s\n", received, timestamp); + received_header->type = htype_received; + } + +received_header->slen = Ustrlen(received_header->text); + +DEBUG(D_receive) debug_printf(">>Generated Received: header line\n%c %s", + received_header->type, received_header->text); +} + + + /************************************************* * Receive message * *************************************************/ @@ -1206,7 +1345,8 @@ Either a non-null list of recipients, or the extract flag will be true, or both. The flag sender_local is true for locally generated messages. The flag submission_mode is true if an ACL has obeyed "control = submission". The flag suppress_local_fixups is true if an ACL has obeyed "control = -suppress_local_fixups". The flag smtp_input is true if the message is to be +suppress_local_fixups" or -G was passed on the command-line. +The flag smtp_input is true if the message is to be handled using SMTP conventions about termination and lines starting with dots. For non-SMTP messages, dot_ends is true for dot-terminated messages. @@ -1313,6 +1453,7 @@ BOOL resents_exist = FALSE; uschar *resent_prefix = US""; uschar *blackholed_by = NULL; uschar *blackhole_log_msg = US""; +enum {NOT_TRIED, TMP_REJ, PERM_REJ, ACCEPTED} cutthrough_done; flock_t lock_data; error_block *bad_addresses = NULL; @@ -1343,9 +1484,12 @@ header_line *subject_header = NULL; header_line *msgid_header = NULL; header_line *received_header; +#ifdef EXPERIMENTAL_DMARC +int dmarc_up = 0; +#endif /* EXPERIMENTAL_DMARC */ + /* Variables for use when building the Received: header. */ -uschar *received; uschar *timestamp; int tslen; @@ -1355,6 +1499,12 @@ might take a fair bit of real time. */ search_tidyup(); +/* Extracting the recipient list from an input file is incompatible with +cutthrough delivery with the no-spool option. It shouldn't be possible +to set up the combination, but just in case kill any ongoing connection. */ +if (extract_recip || !smtp_input) + cancel_cutthrough_connection("not smtp input"); + /* Initialize the chain of headers by setting up a place-holder for Received: header. Temporarily mark it as "old", i.e. not to be used. We keep header_last pointing to the end of the chain to make adding headers simple. */ @@ -1394,6 +1544,11 @@ message_linecount = body_linecount = body_zerocount = if (smtp_input && !smtp_batched_input && !dkim_disable_verify) dkim_exim_verify_init(); #endif +#ifdef EXPERIMENTAL_DMARC +/* initialize libopendmarc */ +dmarc_up = dmarc_init(); +#endif + /* Remember the time of reception. Exim uses time+pid for uniqueness of message ids, and fractions of a second are required. See the comments that precede the message id creation below. */ @@ -1941,9 +2096,12 @@ for (h = header_list->next; h != NULL; h = h->next) from_header = h; if (!smtp_input) { + int len; uschar *s = Ustrchr(h->text, ':') + 1; while (isspace(*s)) s++; - if (strncmpic(s, originator_login, h->slen - (s - h->text) - 1) == 0) + len = h->slen - (s - h->text) - 1; + if (Ustrlen(originator_login) == len && + strncmpic(s, originator_login, len) == 0) { uschar *name = is_resent? US"Resent-From" : US"From"; header_add(htype_from, "%s: %s <%s@%s>\n", name, originator_name, @@ -2561,7 +2719,6 @@ if (from_header != NULL && } } - /* If there are any rewriting rules, apply them to the sender address, unless it has already been rewritten as part of verification for SMTP input. */ @@ -2644,6 +2801,35 @@ if (filter_test != FTEST_NONE) return message_ended == END_DOT; } +/* Cutthrough delivery: + We have to create the Received header now rather than at the end of reception, + so the timestamp behaviour is a change to the normal case. + XXX Ensure this gets documented XXX. + Having created it, send the headers to the destination. +*/ +if (cutthrough_fd >= 0) + { + if (received_count > received_headers_max) + { + cancel_cutthrough_connection("too many headers"); + if (smtp_input) receive_swallow_smtp(); /* Swallow incoming SMTP */ + log_write(0, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: " + "Too many \"Received\" headers", + sender_address, + (sender_fullhost == NULL)? "" : " H=", + (sender_fullhost == NULL)? US"" : sender_fullhost, + (sender_ident == NULL)? "" : " U=", + (sender_ident == NULL)? US"" : sender_ident); + message_id[0] = 0; /* Indicate no message accepted */ + smtp_reply = US"550 Too many \"Received\" headers - suspected mail loop"; + goto TIDYUP; /* Skip to end of function */ + } + received_header_gen(); + add_acl_headers(US"MAIL or RCPT"); + (void) cutthrough_headers_send(); + } + + /* Open a new spool file for the data portion of the message. We need to access it both via a file descriptor and a stream. Try to make the directory if it isn't there. Note re use of sprintf: spool_directory @@ -2670,7 +2856,10 @@ if (data_fd < 0) /* Make sure the file's group is the Exim gid, and double-check the mode because the group setting doesn't always get set automatically. */ -(void)fchown(data_fd, exim_uid, exim_gid); +if (fchown(data_fd, exim_uid, exim_gid)) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, + "Failed setting ownership on spool file %s: %s", + spool_name, strerror(errno)); (void)fchmod(data_fd, SPOOL_MODE); /* We now have data file open. Build a stream for it and lock it. We lock only @@ -2700,7 +2889,7 @@ if (next != NULL) { uschar *s = next->text; int len = next->slen; - (void)fwrite(s, 1, len, data_file); + len = fwrite(s, 1, len, data_file); len = len; /* compiler quietening */ body_linecount++; /* Assumes only 1 line */ } @@ -2725,6 +2914,7 @@ if (!ferror(data_file) && !(receive_feof)() && message_ended != END_DOT) if (smtp_input && message_ended == END_EOF) { Uunlink(spool_name); /* Lose data file when closed */ + cancel_cutthrough_connection("sender closed connection"); message_id[0] = 0; /* Indicate no message accepted */ smtp_reply = handle_lost_connection(US""); smtp_yield = FALSE; @@ -2737,6 +2927,7 @@ if (!ferror(data_file) && !(receive_feof)() && message_ended != END_DOT) if (message_ended == END_SIZE) { Uunlink(spool_name); /* Lose the data file when closed */ + cancel_cutthrough_connection("mail too big"); if (smtp_input) receive_swallow_smtp(); /* Swallow incoming SMTP */ log_write(L_size_reject, LOG_MAIN|LOG_REJECT, "rejected from <%s>%s%s%s%s: " @@ -2792,6 +2983,7 @@ if (fflush(data_file) == EOF || ferror(data_file) || log_write(0, LOG_MAIN, "Message abandoned: %s", msg); Uunlink(spool_name); /* Lose the data file */ + cancel_cutthrough_connection("error writing spoolfile"); if (smtp_input) { @@ -2911,50 +3103,25 @@ for use when we generate the Received: header. Note: the checking for too many Received: headers is handled by the delivery code. */ +/*XXX eventually add excess Received: check for cutthrough case back when classifying them */ -timestamp = expand_string(US"${tod_full}"); -if (recipients_count == 1) received_for = recipients_list[0].address; -received = expand_string(received_header_text); -received_for = NULL; - -if (received == NULL) - { - Uunlink(spool_name); /* Lose the data file */ - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" " - "(received_header_text) failed: %s", string_printing(received_header_text), - expand_string_message); - } - -/* The first element on the header chain is reserved for the Received header, -so all we have to do is fill in the text pointer, and set the type. However, if -the result of the expansion is an empty string, we leave the header marked as -"old" so as to refrain from adding a Received header. */ - -if (received[0] == 0) +if (received_header->text == NULL) /* Non-cutthrough case */ { - received_header->text = string_sprintf("Received: ; %s\n", timestamp); - received_header->type = htype_old; - } -else - { - received_header->text = string_sprintf("%s; %s\n", received, timestamp); - received_header->type = htype_received; - } + received_header_gen(); -received_header->slen = Ustrlen(received_header->text); + /* Set the value of message_body_size for the DATA ACL and for local_scan() */ -DEBUG(D_receive) debug_printf(">>Generated Received: header line\n%c %s", - received_header->type, received_header->text); - -/* Set the value of message_body_size for the DATA ACL and for local_scan() */ + message_body_size = (fstat(data_fd, &statbuf) == 0)? + statbuf.st_size - SPOOL_DATA_START_OFFSET : -1; -message_body_size = (fstat(data_fd, &statbuf) == 0)? - statbuf.st_size - SPOOL_DATA_START_OFFSET : -1; + /* If an ACL from any RCPT commands set up any warning headers to add, do so + now, before running the DATA ACL. */ -/* If an ACL from any RCPT commands set up any warning headers to add, do so -now, before running the DATA ACL. */ - -add_acl_headers(US"MAIL or RCPT"); + add_acl_headers(US"MAIL or RCPT"); + } +else + message_body_size = (fstat(data_fd, &statbuf) == 0)? + statbuf.st_size - SPOOL_DATA_START_OFFSET : -1; /* If an ACL is specified for checking things at this stage of reception of a message, run it, unless all the recipients were removed by "discard" in earlier @@ -3024,7 +3191,7 @@ else uschar seen_item_buf[256]; uschar *seen_items_list = seen_items; int seen_this_item = 0; - + while ((seen_item = string_nextinlist(&seen_items_list, &sep, seen_item_buf, sizeof(seen_item_buf))) != NULL) @@ -3033,7 +3200,7 @@ else { seen_this_item = 1; break; - } + } } if (seen_this_item > 0) @@ -3042,7 +3209,7 @@ else debug_printf("acl_smtp_dkim: skipping signer %s, already seen\n", item); continue; } - + seen_items = string_append(seen_items,&seen_items_size,&seen_items_offset,1,":"); } @@ -3059,6 +3226,7 @@ else { DEBUG(D_receive) debug_printf("acl_smtp_dkim: acl_check returned %d on %s, skipping remaining items\n", rc, item); + cancel_cutthrough_connection("dkim acl not ok"); break; } } @@ -3091,6 +3259,81 @@ else goto TIDYUP; #endif /* WITH_CONTENT_SCAN */ +#ifdef EXPERIMENTAL_DMARC + dmarc_up = dmarc_store_data(from_header); +#endif /* EXPERIMENTAL_DMARC */ + +#ifdef EXPERIMENTAL_PRDR + if (prdr_requested && recipients_count > 1 && acl_smtp_data_prdr != NULL ) + { + unsigned int c; + int all_pass = OK; + int all_fail = FAIL; + + smtp_printf("353 PRDR content analysis beginning\r\n"); + /* Loop through recipients, responses must be in same order received */ + for (c = 0; recipients_count > c; c++) + { + uschar * addr= recipients_list[c].address; + uschar * msg= US"PRDR R=<%s> %s"; + uschar * code; + DEBUG(D_receive) + debug_printf("PRDR processing recipient %s (%d of %d)\n", + addr, c+1, recipients_count); + rc = acl_check(ACL_WHERE_PRDR, addr, + acl_smtp_data_prdr, &user_msg, &log_msg); + + /* If any recipient rejected content, indicate it in final message */ + all_pass |= rc; + /* If all recipients rejected, indicate in final message */ + all_fail &= rc; + + switch (rc) + { + case OK: case DISCARD: code = US"250"; break; + case DEFER: code = US"450"; break; + default: code = US"550"; break; + } + if (user_msg != NULL) + smtp_user_msg(code, user_msg); + else + { + switch (rc) + { + case OK: case DISCARD: + msg = string_sprintf(CS msg, addr, "acceptance"); break; + case DEFER: + msg = string_sprintf(CS msg, addr, "temporary refusal"); break; + default: + msg = string_sprintf(CS msg, addr, "refusal"); break; + } + smtp_user_msg(code, msg); + } + if (log_msg) log_write(0, LOG_MAIN, "PRDR %s %s", addr, log_msg); + else if (user_msg) log_write(0, LOG_MAIN, "PRDR %s %s", addr, user_msg); + else log_write(0, LOG_MAIN, CS msg); + + if (rc != OK) { receive_remove_recipient(addr); c--; } + } + /* Set up final message, used if data acl gives OK */ + smtp_reply = string_sprintf("%s id=%s message %s", + all_fail == FAIL ? US"550" : US"250", + message_id, + all_fail == FAIL + ? US"rejected for all recipients" + : all_pass == OK + ? US"accepted" + : US"accepted for some recipients"); + if (recipients_count == 0) + { + message_id[0] = 0; /* Indicate no message accepted */ + goto TIDYUP; + } + } + else + prdr_requested = FALSE; +#endif /* EXPERIMENTAL_PRDR */ + /* Check the recipients count again, as the MIME ACL might have changed them. */ @@ -3104,10 +3347,12 @@ else blackholed_by = US"DATA ACL"; if (log_msg != NULL) blackhole_log_msg = string_sprintf(": %s", log_msg); + cancel_cutthrough_connection("data acl discard"); } else if (rc != OK) { Uunlink(spool_name); + cancel_cutthrough_connection("data acl not ok"); #ifdef WITH_CONTENT_SCAN unspool_mbox(); #endif @@ -3365,6 +3610,7 @@ the message to be abandoned. */ signal(SIGTERM, SIG_IGN); signal(SIGINT, SIG_IGN); + /* Ensure the first time flag is set in the newly-received message. */ deliver_firsttime = TRUE; @@ -3479,30 +3725,49 @@ if (message_reference != NULL) s = add_host_info_for_log(s, &size, &sptr); #ifdef SUPPORT_TLS -if ((log_extra_selector & LX_tls_cipher) != 0 && tls_cipher != NULL) - s = string_append(s, &size, &sptr, 2, US" X=", tls_cipher); +if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL) + s = string_append(s, &size, &sptr, 2, US" X=", tls_in.cipher); if ((log_extra_selector & LX_tls_certificate_verified) != 0 && - tls_cipher != NULL) + tls_in.cipher != NULL) s = string_append(s, &size, &sptr, 2, US" CV=", - tls_certificate_verified? "yes":"no"); -if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_peerdn != NULL) + tls_in.certificate_verified? "yes":"no"); +if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL) s = string_append(s, &size, &sptr, 3, US" DN=\"", - string_printing(tls_peerdn), US"\""); -if ((log_extra_selector & LX_tls_sni) != 0 && tls_sni != NULL) + string_printing(tls_in.peerdn), US"\""); +if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL) s = string_append(s, &size, &sptr, 3, US" SNI=\"", - string_printing(tls_sni), US"\""); + string_printing(tls_in.sni), US"\""); #endif if (sender_host_authenticated != NULL) { s = string_append(s, &size, &sptr, 2, US" A=", sender_host_authenticated); if (authenticated_id != NULL) + { s = string_append(s, &size, &sptr, 2, US":", authenticated_id); + if (log_extra_selector & LX_smtp_mailauth && authenticated_sender != NULL) + s = string_append(s, &size, &sptr, 2, US":", authenticated_sender); + } } +#ifdef EXPERIMENTAL_PRDR +if (prdr_requested) + s = string_append(s, &size, &sptr, 1, US" PRDR"); +#endif + sprintf(CS big_buffer, "%d", msg_size); s = string_append(s, &size, &sptr, 2, US" S=", big_buffer); +/* log 8BITMIME mode announced in MAIL_FROM + 0 ... no BODY= used + 7 ... 7BIT + 8 ... 8BITMIME */ +if (log_extra_selector & LX_8bitmime) + { + sprintf(CS big_buffer, "%d", body_8bitmime); + s = string_append(s, &size, &sptr, 2, US" M8S=", big_buffer); + } + /* If an addr-spec in a message-id contains a quoted string, it can contain any characters except " \ and CR and so in particular it can contain NL! Therefore, make sure we use a printing-characters only version for the log. @@ -3550,7 +3815,7 @@ s[sptr] = 0; /* Create a message log file if message logs are being used and this message is not blackholed. Write the reception stuff to it. We used to leave message log -creation until the first delivery, but this has proved confusing for somep +creation until the first delivery, but this has proved confusing for some people. */ if (message_logs && blackholed_by == NULL) @@ -3671,17 +3936,59 @@ if (smtp_input && sender_host_address != NULL && !sender_host_notsocket && /* The connection has not gone away; we really are going to take responsibility for this message. */ -log_write(0, LOG_MAIN | - (((log_extra_selector & LX_received_recipients) != 0)? LOG_RECIPIENTS : 0) | - (((log_extra_selector & LX_received_sender) != 0)? LOG_SENDER : 0), - "%s", s); -receive_call_bombout = FALSE; +/* Cutthrough - had sender last-dot; assume we've sent (or bufferred) all + data onward by now. + + Send dot onward. If accepted, wipe the spooled files, log as delivered and accept + the sender's dot (below). + If rejected: copy response to sender, wipe the spooled files, log approriately. + If temp-reject: accept to sender, keep the spooled files. + + Having the normal spool files lets us do data-filtering, and store/forward on temp-reject. + + XXX We do not handle queue-only, freezing, or blackholes. +*/ +cutthrough_done = NOT_TRIED; +if(cutthrough_fd >= 0) + { + uschar * msg= cutthrough_finaldot(); /* Ask the target system to accept the messsage */ + /* Logging was done in finaldot() */ + switch(msg[0]) + { + case '2': /* Accept. Do the same to the source; dump any spoolfiles. */ + cutthrough_done = ACCEPTED; + break; /* message_id needed for SMTP accept below */ + + default: /* Unknown response, or error. Treat as temp-reject. */ + case '4': /* Temp-reject. Keep spoolfiles and accept. */ + cutthrough_done = TMP_REJ; /* Avoid the usual immediate delivery attempt */ + break; /* message_id needed for SMTP accept below */ + + case '5': /* Perm-reject. Do the same to the source. Dump any spoolfiles */ + smtp_reply= msg; /* Pass on the exact error */ + cutthrough_done = PERM_REJ; + break; + } + } -/* Log any control actions taken by an ACL or local_scan(). */ +if(smtp_reply == NULL +#ifdef EXPERIMENTAL_PRDR + || prdr_requested +#endif + ) + { + log_write(0, LOG_MAIN | + (((log_extra_selector & LX_received_recipients) != 0)? LOG_RECIPIENTS : 0) | + (((log_extra_selector & LX_received_sender) != 0)? LOG_SENDER : 0), + "%s", s); -if (deliver_freeze) log_write(0, LOG_MAIN, "frozen by %s", frozen_by); -if (queue_only_policy) log_write(L_delay_delivery, LOG_MAIN, - "no immediate delivery: queued by %s", queued_by); + /* Log any control actions taken by an ACL or local_scan(). */ + + if (deliver_freeze) log_write(0, LOG_MAIN, "frozen by %s", frozen_by); + if (queue_only_policy) log_write(L_delay_delivery, LOG_MAIN, + "no immediate delivery: queued by %s", queued_by); + } +receive_call_bombout = FALSE; store_reset(s); /* The store for the main log message can be reused */ @@ -3709,6 +4016,7 @@ data file will be flushed(!) out thereby. Nevertheless, it is theoretically possible for fclose() to fail - but what to do? What has happened to the lock if this happens? */ + TIDYUP: process_info[process_info_len] = 0; /* Remove message id */ if (data_file != NULL) (void)fclose(data_file); /* Frees the lock */ @@ -3769,6 +4077,25 @@ if (smtp_input) else smtp_printf("%.1024s\r\n", smtp_reply); } + + switch (cutthrough_done) + { + case ACCEPTED: log_write(0, LOG_MAIN, "Completed");/* Delivery was done */ + case PERM_REJ: { /* Delete spool files */ + sprintf(CS spool_name, "%s/input/%s/%s-D", spool_directory, + message_subdir, message_id); + Uunlink(spool_name); + sprintf(CS spool_name, "%s/input/%s/%s-H", spool_directory, + message_subdir, message_id); + Uunlink(spool_name); + sprintf(CS spool_name, "%s/msglog/%s/%s", spool_directory, + message_subdir, message_id); + Uunlink(spool_name); + } + case TMP_REJ: message_id[0] = 0; /* Prevent a delivery from starting */ + default:break; + } + cutthrough_delivery = FALSE; } /* For batched SMTP, generate an error message on failure, and do diff --git a/src/src/retry.c b/src/src/retry.c index e877bf7d0..480933542 100644 --- a/src/src/retry.c +++ b/src/src/retry.c @@ -17,26 +17,34 @@ *************************************************/ /* This function tests whether a message has been on the queue longer than -the maximum retry time for a particular host. +the maximum retry time for a particular host or address. Arguments: - host_key the key to look up a host retry rule + retry_key the key to look up a retry rule domain the domain to look up a domain retry rule - basic_errno a specific error number, or zero if none - more_errno additional data for the error + retry_record contains error information for finding rule now the time Returns: TRUE if the ultimate timeout has been reached */ -static BOOL -ultimate_address_timeout(uschar *host_key, uschar *domain, int basic_errno, - int more_errno, time_t now) +BOOL +retry_ultimate_address_timeout(uschar *retry_key, uschar *domain, + dbdata_retry *retry_record, time_t now) { -BOOL address_timeout = TRUE; /* no rule => timed out */ +BOOL address_timeout; + +DEBUG(D_retry) + { + debug_printf("retry time not reached: checking ultimate address timeout\n"); + debug_printf(" now=%d first_failed=%d next_try=%d expired=%d\n", + (int)now, (int)retry_record->first_failed, + (int)retry_record->next_try, retry_record->expired); + } retry_config *retry = - retry_find_config(host_key+2, domain, basic_errno, more_errno); + retry_find_config(retry_key+2, domain, + retry_record->basic_errno, retry_record->more_errno); if (retry != NULL && retry->rules != NULL) { @@ -44,17 +52,23 @@ if (retry != NULL && retry->rules != NULL) for (last_rule = retry->rules; last_rule->next != NULL; last_rule = last_rule->next); - DEBUG(D_transport|D_retry) + DEBUG(D_retry) debug_printf(" received_time=%d diff=%d timeout=%d\n", received_time, (int)(now - received_time), last_rule->timeout); address_timeout = (now - received_time > last_rule->timeout); } else { - DEBUG(D_transport|D_retry) + DEBUG(D_retry) debug_printf("no retry rule found: assume timed out\n"); + address_timeout = TRUE; } +DEBUG(D_retry) + if (address_timeout) + debug_printf("on queue longer than maximum retry for address - " + "allowing delivery\n"); + return address_timeout; } @@ -206,25 +220,10 @@ if (host_retry_record != NULL) if (now < host_retry_record->next_try && !deliver_force) { - DEBUG(D_transport|D_retry) - { - debug_printf("host retry time not reached: checking ultimate address " - "timeout\n"); - debug_printf(" now=%d first_failed=%d next_try=%d expired=%d\n", - (int)now, (int)host_retry_record->first_failed, - (int)host_retry_record->next_try, - host_retry_record->expired); - } - if (!host_retry_record->expired && - ultimate_address_timeout(host_key, domain, - host_retry_record->basic_errno, host_retry_record->more_errno, now)) - { - DEBUG(D_transport|D_retry) - debug_printf("on queue longer than maximum retry for " - "address - allowing delivery\n"); + retry_ultimate_address_timeout(host_key, domain, + host_retry_record, now)) return FALSE; - } /* We have not hit the ultimate address timeout; host is unusable. */ @@ -249,25 +248,12 @@ if (message_retry_record != NULL) *retry_message_key = message_key; if (now < message_retry_record->next_try && !deliver_force) { - DEBUG(D_transport|D_retry) - { - debug_printf("host+message retry time not reached: checking ultimate " - "address timeout\n"); - debug_printf(" now=%d first_failed=%d next_try=%d expired=%d\n", - (int)now, (int)message_retry_record->first_failed, - (int)message_retry_record->next_try, message_retry_record->expired); - } - if (!ultimate_address_timeout(host_key, domain, 0, 0, now)) + if (!retry_ultimate_address_timeout(host_key, domain, + message_retry_record, now)) { host->status = hstatus_unusable; host->why = hwhy_retry; } - else - { - DEBUG(D_transport|D_retry) - debug_printf("on queue longer than maximum retry for " - "address - allowing delivery\n"); - } return FALSE; } } diff --git a/src/src/route.c b/src/src/route.c index 43ffc25a9..2fee38271 100644 --- a/src/src/route.c +++ b/src/src/route.c @@ -48,7 +48,7 @@ optionlist optionlist_routers[] = { (void *)(offsetof(router_instance, caseful_local_part)) }, { "check_local_user", opt_bool | opt_public, (void *)(offsetof(router_instance, check_local_user)) }, - { "condition", opt_stringptr|opt_public, + { "condition", opt_stringptr|opt_public|opt_rep_con, (void *)offsetof(router_instance, condition) }, { "debug_print", opt_stringptr | opt_public, (void *)offsetof(router_instance, debug_string) }, @@ -72,9 +72,9 @@ optionlist optionlist_routers[] = { (void *)offsetof(router_instance, fallback_hosts) }, { "group", opt_expand_gid | opt_public, (void *)(offsetof(router_instance, gid)) }, - { "headers_add", opt_stringptr|opt_public, + { "headers_add", opt_stringptr|opt_public|opt_rep_str, (void *)offsetof(router_instance, extra_headers) }, - { "headers_remove", opt_stringptr|opt_public, + { "headers_remove", opt_stringptr|opt_public|opt_rep_str, (void *)offsetof(router_instance, remove_headers) }, { "ignore_target_hosts",opt_stringptr|opt_public, (void *)offsetof(router_instance, ignore_target_hosts) }, @@ -1633,6 +1633,7 @@ for (r = (addr->start_router == NULL)? routers : addr->start_router; /* Set the expansion variables now that we have the affixes and the case of the local part sorted. */ + router_name = r->name; deliver_set_expansions(addr); /* For convenience, the pre-router checks are in a separate function, which @@ -1640,6 +1641,7 @@ for (r = (addr->start_router == NULL)? routers : addr->start_router; if ((rc = check_router_conditions(r, addr, verify, &pw, &error)) != OK) { + router_name = NULL; if (rc == SKIP) continue; addr->message = error; yield = rc; @@ -1678,6 +1680,7 @@ for (r = (addr->start_router == NULL)? routers : addr->start_router; { DEBUG(D_route) debug_printf("\"more\"=false: skipping remaining routers\n"); + router_name = NULL; r = NULL; break; } @@ -1721,6 +1724,8 @@ for (r = (addr->start_router == NULL)? routers : addr->start_router; yield = (r->info->code)(r, addr, pw, verify, paddr_local, paddr_remote, addr_new, addr_succeed); + router_name = NULL; + if (yield == FAIL) { HDEBUG(D_route) debug_printf("%s router forced address failure\n", r->name); @@ -1967,6 +1972,7 @@ if (yield == DEFER) { } deliver_set_expansions(NULL); +router_name = NULL; disable_logging = FALSE; return yield; } diff --git a/src/src/sieve.c b/src/src/sieve.c index e5088eb45..305ff3bf3 100644 --- a/src/src/sieve.c +++ b/src/src/sieve.c @@ -107,6 +107,38 @@ struct Notification struct Notification *next; }; +/* This should be a complete list of supported extensions, so that an external +ManageSieve (RFC 5804) program can interrogate the current Exim binary for the +list of extensions and provide correct information to a client. + +We'll emit the list in the order given here; keep it alphabetically sorted, so +that callers don't get surprised. + +List *MUST* end with a NULL. Which at least makes ifdef-vs-comma easier. */ + +const uschar *exim_sieve_extension_list[] = { + CUS"comparator-i;ascii-numeric", + CUS"copy", +#ifdef ENCODED_CHARACTER + CUS"encoded-character", +#endif +#ifdef ENOTIFY + CUS"enotify", +#endif + CUS"envelope", +#ifdef ENVELOPE_AUTH + CUS"envelope-auth", +#endif + CUS"fileinto", +#ifdef SUBADDRESS + CUS"subaddress", +#endif +#ifdef VACATION + CUS"vacation", +#endif + NULL +}; + static int eq_asciicase(const struct String *needle, const struct String *haystack, int match_prefix); static int parse_test(struct Sieve *filter, int *cond, int exec); static int parse_commands(struct Sieve *filter, int exec, address_item **generated); diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 2b5cc26d3..cb1a86991 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -207,6 +207,30 @@ static uschar *protocols[] = { #define pauthed 2 /* added to pextend */ #define pnlocal 6 /* offset to remove "local" */ +/* Sanity check and validate optional args to MAIL FROM: envelope */ +enum { + ENV_MAIL_OPT_SIZE, ENV_MAIL_OPT_BODY, ENV_MAIL_OPT_AUTH, +#ifdef EXPERIMENTAL_PRDR + ENV_MAIL_OPT_PRDR, +#endif + ENV_MAIL_OPT_NULL + }; +typedef struct { + uschar * name; /* option requested during MAIL cmd */ + int value; /* enum type */ + BOOL need_value; /* TRUE requires value (name=value pair format) + FALSE is a singleton */ + } env_mail_type_t; +static env_mail_type_t env_mail_type_list[] = { + { US"SIZE", ENV_MAIL_OPT_SIZE, TRUE }, + { US"BODY", ENV_MAIL_OPT_BODY, TRUE }, + { US"AUTH", ENV_MAIL_OPT_AUTH, TRUE }, +#ifdef EXPERIMENTAL_PRDR + { US"PRDR", ENV_MAIL_OPT_PRDR, FALSE }, +#endif + { US"NULL", ENV_MAIL_OPT_NULL, FALSE } + }; + /* When reading SMTP from a remote host, we have to use our own versions of the C input-reading functions, in order to be able to flush the SMTP output only when about to read more data from the socket. This is the only way to get @@ -437,9 +461,10 @@ if (rcpt_in_progress) /* Now write the string */ #ifdef SUPPORT_TLS -if (tls_active >= 0) +if (tls_in.active >= 0) { - if (tls_write(big_buffer, Ustrlen(big_buffer)) < 0) smtp_write_error = -1; + if (tls_write(TRUE, big_buffer, Ustrlen(big_buffer)) < 0) + smtp_write_error = -1; } else #endif @@ -465,7 +490,7 @@ Returns: 0 for no error; -1 after an error int smtp_fflush(void) { -if (tls_active < 0 && fflush(smtp_out) != 0) smtp_write_error = -1; +if (tls_in.active < 0 && fflush(smtp_out) != 0) smtp_write_error = -1; return smtp_write_error; } @@ -488,7 +513,7 @@ command_timeout_handler(int sig) sig = sig; /* Keep picky compilers happy */ log_write(L_lost_incoming_connection, LOG_MAIN, "SMTP command timeout on%s connection from %s", - (tls_active >= 0)? " TLS" : "", + (tls_in.active >= 0)? " TLS" : "", host_and_ident(FALSE)); if (smtp_batched_input) moan_smtp_batch(NULL, "421 SMTP command timeout"); /* Does not return */ @@ -689,7 +714,7 @@ fd_set fds; struct timeval tzero; if (!smtp_enforce_sync || sender_host_address == NULL || - sender_host_notsocket || tls_active >= 0) + sender_host_notsocket || tls_in.active >= 0) return TRUE; fd = fileno(smtp_in); @@ -832,18 +857,18 @@ if (sender_host_authenticated != NULL) } #ifdef SUPPORT_TLS -if ((log_extra_selector & LX_tls_cipher) != 0 && tls_cipher != NULL) - s = string_append(s, &size, &ptr, 2, US" X=", tls_cipher); +if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL) + s = string_append(s, &size, &ptr, 2, US" X=", tls_in.cipher); if ((log_extra_selector & LX_tls_certificate_verified) != 0 && - tls_cipher != NULL) + tls_in.cipher != NULL) s = string_append(s, &size, &ptr, 2, US" CV=", - tls_certificate_verified? "yes":"no"); -if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_peerdn != NULL) + tls_in.certificate_verified? "yes":"no"); +if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL) s = string_append(s, &size, &ptr, 3, US" DN=\"", - string_printing(tls_peerdn), US"\""); -if ((log_extra_selector & LX_tls_sni) != 0 && tls_sni != NULL) + string_printing(tls_in.peerdn), US"\""); +if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL) s = string_append(s, &size, &ptr, 3, US" SNI=\"", - string_printing(tls_sni), US"\""); + string_printing(tls_in.sni), US"\""); #endif sep = (smtp_connection_had[SMTP_HBUFF_SIZE-1] != SCH_NONE)? @@ -979,19 +1004,23 @@ uschar *n; uschar *v = smtp_cmd_data + Ustrlen(smtp_cmd_data) - 1; while (isspace(*v)) v--; v[1] = 0; - while (v > smtp_cmd_data && *v != '=' && !isspace(*v)) v--; -if (*v != '=') return FALSE; n = v; -while(isalpha(n[-1])) n--; - -/* RFC says SP, but TAB seen in wild and other major MTAs accept it */ -if (!isspace(n[-1])) return FALSE; - -n[-1] = 0; -*name = n; +if (*v == '=') +{ + while(isalpha(n[-1])) n--; + /* RFC says SP, but TAB seen in wild and other major MTAs accept it */ + if (!isspace(n[-1])) return FALSE; + n[-1] = 0; +} +else +{ + n++; + if (v == smtp_cmd_data) return FALSE; +} *v++ = 0; +*name = n; *value = v; return TRUE; } @@ -1018,9 +1047,11 @@ store_reset(reset_point); recipients_list = NULL; rcpt_count = rcpt_defer_count = rcpt_fail_count = raw_recipients_count = recipients_count = recipients_list_max = 0; +cancel_cutthrough_connection("smtp reset"); message_linecount = 0; message_size = -1; acl_added_headers = NULL; +acl_removed_headers = NULL; queue_only_policy = FALSE; rcpt_smtp_response = NULL; rcpt_smtp_response_same = TRUE; @@ -1032,7 +1063,7 @@ fake_response = OK; /* Can be set by ACL */ no_mbox_unspool = FALSE; /* Can be set by ACL */ #endif submission_mode = FALSE; /* Can be set by ACL */ -suppress_local_fixups = FALSE; /* Can be set by ACL */ +suppress_local_fixups = suppress_local_fixups_default; /* Can be set by ACL */ active_local_from_check = local_from_check; /* Can be set by ACL */ active_local_sender_retain = local_sender_retain; /* Can be set by ACL */ sender_address = NULL; @@ -1385,7 +1416,7 @@ if (!host_checking && !sender_host_notsocket) sender_host_authenticated = NULL; authenticated_by = NULL; #ifdef SUPPORT_TLS -tls_cipher = tls_peerdn = NULL; +tls_in.cipher = tls_in.peerdn = NULL; tls_advertised = FALSE; #endif @@ -1673,8 +1704,7 @@ if (!sender_host_unknown) smtps port for use with older style SSL MTAs. */ #ifdef SUPPORT_TLS - if (tls_on_connect && - tls_server_start(tls_require_ciphers) != OK) + if (tls_in.on_connect && tls_server_start(tls_require_ciphers) != OK) return FALSE; #endif @@ -2181,6 +2211,9 @@ uschar *what = #endif (where == ACL_WHERE_PREDATA)? US"DATA" : (where == ACL_WHERE_DATA)? US"after DATA" : +#ifdef EXPERIMENTAL_PRDR + (where == ACL_WHERE_PRDR)? US"after DATA PRDR" : +#endif (smtp_cmd_data == NULL)? string_sprintf("%s in \"connect\" ACL", acl_wherenames[where]) : string_sprintf("%s %s", acl_wherenames[where], smtp_cmd_data); @@ -2789,7 +2822,7 @@ while (done <= 0) sender_host_authenticated = au->name; authentication_failed = FALSE; received_protocol = - protocols[pextend + pauthed + ((tls_active >= 0)? pcrpted:0)] + + protocols[pextend + pauthed + ((tls_in.active >= 0)? pcrpted:0)] + ((sender_host_address != NULL)? pnlocal : 0); s = ss = US"235 Authentication succeeded"; authenticated_by = au; @@ -2923,7 +2956,7 @@ while (done <= 0) host_build_sender_fullhost(); /* Rebuild */ set_process_info("handling%s incoming connection from %s", - (tls_active >= 0)? " TLS" : "", host_and_ident(FALSE)); + (tls_in.active >= 0)? " TLS" : "", host_and_ident(FALSE)); /* Verify if configured. This doesn't give much security, but it does make some people happy to be able to do it. If helo_required is set, @@ -3099,6 +3132,7 @@ while (done <= 0) pipelining_advertised = TRUE; } + /* If any server authentication mechanisms are configured, advertise them if the current host is in auth_advertise_hosts. The problem with advertising always is that some clients then require users to @@ -3148,7 +3182,7 @@ while (done <= 0) secure connection. */ #ifdef SUPPORT_TLS - if (tls_active < 0 && + if (tls_in.active < 0 && verify_check_host(&tls_advertise_hosts) != FAIL) { s = string_cat(s, &size, &ptr, smtp_code, 3); @@ -3157,6 +3191,14 @@ while (done <= 0) } #endif + #ifdef EXPERIMENTAL_PRDR + /* Per Recipient Data Response, draft by Eric A. Hall extending RFC */ + if (prdr_enable) { + s = string_cat(s, &size, &ptr, smtp_code, 3); + s = string_cat(s, &size, &ptr, US"-PRDR\r\n", 7); + } + #endif + /* Finish off the multiline reply with one that is always available. */ s = string_cat(s, &size, &ptr, smtp_code, 3); @@ -3169,10 +3211,12 @@ while (done <= 0) s[ptr] = 0; #ifdef SUPPORT_TLS - if (tls_active >= 0) (void)tls_write(s, ptr); else + if (tls_in.active >= 0) (void)tls_write(TRUE, s, ptr); else #endif - (void)fwrite(s, 1, ptr, smtp_out); + { + int i = fwrite(s, 1, ptr, smtp_out); i = i; /* compiler quietening */ + } DEBUG(D_receive) { uschar *cr; @@ -3187,9 +3231,9 @@ while (done <= 0) received_protocol = (esmtp? protocols[pextend + ((sender_host_authenticated != NULL)? pauthed : 0) + - ((tls_active >= 0)? pcrpted : 0)] + ((tls_in.active >= 0)? pcrpted : 0)] : - protocols[pnormal + ((tls_active >= 0)? pcrpted : 0)]) + protocols[pnormal + ((tls_in.active >= 0)? pcrpted : 0)]) + ((sender_host_address != NULL)? pnlocal : 0); @@ -3208,6 +3252,7 @@ while (done <= 0) HAD(SCH_MAIL); smtp_mailcmd_count++; /* Count for limit and ratelimit */ was_rej_mail = TRUE; /* Reset if accepted */ + env_mail_type_t * mail_args; /* Sanity check & validate args */ if (helo_required && !helo_seen) { @@ -3256,113 +3301,150 @@ while (done <= 0) { uschar *name, *value, *end; unsigned long int size; + BOOL arg_error = FALSE; if (!extract_option(&name, &value)) break; - /* Handle SIZE= by reading the value. We don't do the check till later, - in order to be able to log the sender address on failure. */ - - if (strcmpic(name, US"SIZE") == 0 && - ((size = Ustrtoul(value, &end, 10)), *end == 0)) + for (mail_args = env_mail_type_list; + (char *)mail_args < (char *)env_mail_type_list + sizeof(env_mail_type_list); + mail_args++ + ) { - if ((size == ULONG_MAX && errno == ERANGE) || size > INT_MAX) - size = INT_MAX; - message_size = (int)size; + if (strcmpic(name, mail_args->name) == 0) + break; } + if (mail_args->need_value && strcmpic(value, US"") == 0) + break; - /* If this session was initiated with EHLO and accept_8bitmime is set, - Exim will have indicated that it supports the BODY=8BITMIME option. In - fact, it does not support this according to the RFCs, in that it does not - take any special action for forwarding messages containing 8-bit - characters. That is why accept_8bitmime is not the default setting, but - some sites want the action that is provided. We recognize both "8BITMIME" - and "7BIT" as body types, but take no action. */ - - else if (accept_8bitmime && strcmpic(name, US"BODY") == 0 && - (strcmpic(value, US"8BITMIME") == 0 || - strcmpic(value, US"7BIT") == 0)) {} - - /* Handle the AUTH extension. If the value given is not "<>" and either - the ACL says "yes" or there is no ACL but the sending host is - authenticated, we set it up as the authenticated sender. However, if the - authenticator set a condition to be tested, we ignore AUTH on MAIL unless - the condition is met. The value of AUTH is an xtext, which means that +, - = and cntrl chars are coded in hex; however "<>" is unaffected by this - coding. */ - - else if (strcmpic(name, US"AUTH") == 0) + switch(mail_args->value) { - if (Ustrcmp(value, "<>") != 0) - { - int rc; - uschar *ignore_msg; - - if (auth_xtextdecode(value, &authenticated_sender) < 0) - { - /* Put back terminator overrides for error message */ - name[-1] = ' '; - value[-1] = '='; - done = synprot_error(L_smtp_syntax_error, 501, NULL, - US"invalid data for AUTH"); - goto COMMAND_LOOP; - } - - if (acl_smtp_mailauth == NULL) + /* Handle SIZE= by reading the value. We don't do the check till later, + in order to be able to log the sender address on failure. */ + case ENV_MAIL_OPT_SIZE: + if (((size = Ustrtoul(value, &end, 10)), *end == 0)) { - ignore_msg = US"client not authenticated"; - rc = (sender_host_authenticated != NULL)? OK : FAIL; + if ((size == ULONG_MAX && errno == ERANGE) || size > INT_MAX) + size = INT_MAX; + message_size = (int)size; } else - { - ignore_msg = US"rejected by ACL"; - rc = acl_check(ACL_WHERE_MAILAUTH, NULL, acl_smtp_mailauth, - &user_msg, &log_msg); + arg_error = TRUE; + break; + + /* If this session was initiated with EHLO and accept_8bitmime is set, + Exim will have indicated that it supports the BODY=8BITMIME option. In + fact, it does not support this according to the RFCs, in that it does not + take any special action for forwarding messages containing 8-bit + characters. That is why accept_8bitmime is not the default setting, but + some sites want the action that is provided. We recognize both "8BITMIME" + and "7BIT" as body types, but take no action. */ + case ENV_MAIL_OPT_BODY: + if (accept_8bitmime) { + if (strcmpic(value, US"8BITMIME") == 0) { + body_8bitmime = 8; + } else if (strcmpic(value, US"7BIT") == 0) { + body_8bitmime = 7; + } else { + body_8bitmime = 0; + done = synprot_error(L_smtp_syntax_error, 501, NULL, + US"invalid data for BODY"); + goto COMMAND_LOOP; } + DEBUG(D_receive) debug_printf("8BITMIME: %d\n", body_8bitmime); + break; + } + arg_error = TRUE; + break; - switch (rc) + /* Handle the AUTH extension. If the value given is not "<>" and either + the ACL says "yes" or there is no ACL but the sending host is + authenticated, we set it up as the authenticated sender. However, if the + authenticator set a condition to be tested, we ignore AUTH on MAIL unless + the condition is met. The value of AUTH is an xtext, which means that +, + = and cntrl chars are coded in hex; however "<>" is unaffected by this + coding. */ + case ENV_MAIL_OPT_AUTH: + if (Ustrcmp(value, "<>") != 0) { - case OK: - if (authenticated_by == NULL || - authenticated_by->mail_auth_condition == NULL || - expand_check_condition(authenticated_by->mail_auth_condition, - authenticated_by->name, US"authenticator")) - break; /* Accept the AUTH */ - - ignore_msg = US"server_mail_auth_condition failed"; - if (authenticated_id != NULL) - ignore_msg = string_sprintf("%s: authenticated ID=\"%s\"", - ignore_msg, authenticated_id); - - /* Fall through */ - - case FAIL: - authenticated_sender = NULL; - log_write(0, LOG_MAIN, "ignoring AUTH=%s from %s (%s)", - value, host_and_ident(TRUE), ignore_msg); - break; + int rc; + uschar *ignore_msg; - /* Should only get DEFER or ERROR here. Put back terminator - overrides for error message */ - - default: - name[-1] = ' '; - value[-1] = '='; - (void)smtp_handle_acl_fail(ACL_WHERE_MAILAUTH, rc, user_msg, - log_msg); - goto COMMAND_LOOP; + if (auth_xtextdecode(value, &authenticated_sender) < 0) + { + /* Put back terminator overrides for error message */ + value[-1] = '='; + name[-1] = ' '; + done = synprot_error(L_smtp_syntax_error, 501, NULL, + US"invalid data for AUTH"); + goto COMMAND_LOOP; + } + if (acl_smtp_mailauth == NULL) + { + ignore_msg = US"client not authenticated"; + rc = (sender_host_authenticated != NULL)? OK : FAIL; + } + else + { + ignore_msg = US"rejected by ACL"; + rc = acl_check(ACL_WHERE_MAILAUTH, NULL, acl_smtp_mailauth, + &user_msg, &log_msg); + } + + switch (rc) + { + case OK: + if (authenticated_by == NULL || + authenticated_by->mail_auth_condition == NULL || + expand_check_condition(authenticated_by->mail_auth_condition, + authenticated_by->name, US"authenticator")) + break; /* Accept the AUTH */ + + ignore_msg = US"server_mail_auth_condition failed"; + if (authenticated_id != NULL) + ignore_msg = string_sprintf("%s: authenticated ID=\"%s\"", + ignore_msg, authenticated_id); + + /* Fall through */ + + case FAIL: + authenticated_sender = NULL; + log_write(0, LOG_MAIN, "ignoring AUTH=%s from %s (%s)", + value, host_and_ident(TRUE), ignore_msg); + break; + + /* Should only get DEFER or ERROR here. Put back terminator + overrides for error message */ + + default: + value[-1] = '='; + name[-1] = ' '; + (void)smtp_handle_acl_fail(ACL_WHERE_MAILAUTH, rc, user_msg, + log_msg); + goto COMMAND_LOOP; + } } - } - } + break; - /* Unknown option. Stick back the terminator characters and break - the loop. An error for a malformed address will occur. */ +#ifdef EXPERIMENTAL_PRDR + case ENV_MAIL_OPT_PRDR: + if ( prdr_enable ) + prdr_requested = TRUE; + break; +#endif - else - { - name[-1] = ' '; - value[-1] = '='; - break; + /* Unknown option. Stick back the terminator characters and break + the loop. Do the name-terminator second as extract_option sets + value==name when it found no equal-sign. + An error for a malformed address will occur. */ + default: + value[-1] = '='; + name[-1] = ' '; + arg_error = TRUE; + break; } + /* Break out of for loop if switch() had bad argument or + when start of the email address is reached */ + if (arg_error) break; } /* If we have passed the threshold for rate limiting, apply the current @@ -3479,8 +3561,21 @@ while (done <= 0) if (rc == OK || rc == DISCARD) { - if (user_msg == NULL) smtp_printf("250 OK\r\n"); - else smtp_user_msg(US"250", user_msg); + if (user_msg == NULL) + smtp_printf("%s%s%s", US"250 OK", + #ifdef EXPERIMENTAL_PRDR + prdr_requested == TRUE ? US", PRDR Requested" : + #endif + US"", + US"\r\n"); + else + { + #ifdef EXPERIMENTAL_PRDR + if ( prdr_requested == TRUE ) + user_msg = string_sprintf("%s%s", user_msg, US", PRDR Requested"); + #endif + smtp_user_msg(US"250",user_msg); + } smtp_delay_rcpt = smtp_rlr_base; recipients_discarded = (rc == DISCARD); was_rej_mail = FALSE; @@ -3729,12 +3824,14 @@ while (done <= 0) } /* If there is an ACL, re-check the synchronization afterwards, since the - ACL may have delayed. */ + ACL may have delayed. To handle cutthrough delivery enforce a dummy call + to get the DATA command sent. */ - if (acl_smtp_predata == NULL) rc = OK; else + if (acl_smtp_predata == NULL && cutthrough_fd < 0) rc = OK; else { + uschar * acl= acl_smtp_predata ? acl_smtp_predata : US"accept"; enable_dollar_recipients = TRUE; - rc = acl_check(ACL_WHERE_PREDATA, NULL, acl_smtp_predata, &user_msg, + rc = acl_check(ACL_WHERE_PREDATA, NULL, acl, &user_msg, &log_msg); enable_dollar_recipients = FALSE; if (rc == OK && !check_sync()) goto SYNC_FAILURE; @@ -3742,9 +3839,11 @@ while (done <= 0) if (rc == OK) { + uschar * code; + code = US"354"; if (user_msg == NULL) - smtp_printf("354 Enter message, ending with \".\" on a line by itself\r\n"); - else smtp_user_msg(US"354", user_msg); + smtp_printf("%s Enter message, ending with \".\" on a line by itself\r\n", code); + else smtp_user_msg(code, user_msg); done = 3; message_ended = END_NOTENDED; /* Indicate in middle of data */ } @@ -3868,7 +3967,7 @@ while (done <= 0) { DEBUG(D_any) debug_printf("Non-empty input buffer after STARTTLS; naive attack?"); - if (tls_active < 0) + if (tls_in.active < 0) smtp_inend = smtp_inptr = smtp_inbuffer; /* and if TLS is already active, tls_server_start() should fail */ } @@ -3929,7 +4028,7 @@ while (done <= 0) } /* Hard failure. Reject everything except QUIT or closed connection. One - cause for failure is a nested STARTTLS, in which case tls_active remains + cause for failure is a nested STARTTLS, in which case tls_in.active remains set, but we must still reject all incoming commands. */ DEBUG(D_tls) debug_printf("TLS failed to start\n"); @@ -3945,7 +4044,7 @@ while (done <= 0) break; /* It is perhaps arguable as to which exit ACL should be called here, - but as it is probably a situtation that almost never arises, it + but as it is probably a situation that almost never arises, it probably doesn't matter. We choose to call the real QUIT ACL, which in some sense is perhaps "right". */ @@ -3973,7 +4072,7 @@ while (done <= 0) break; } } - tls_close(TRUE); + tls_close(TRUE, TRUE); break; #endif @@ -3998,7 +4097,7 @@ while (done <= 0) smtp_respond(US"221", 3, TRUE, user_msg); #ifdef SUPPORT_TLS - tls_close(TRUE); + tls_close(TRUE, TRUE); #endif done = 2; @@ -4036,7 +4135,7 @@ while (done <= 0) buffer[0] = 0; Ustrcat(buffer, " AUTH"); #ifdef SUPPORT_TLS - if (tls_active < 0 && + if (tls_in.active < 0 && verify_check_host(&tls_advertise_hosts) != FAIL) Ustrcat(buffer, " STARTTLS"); #endif @@ -4271,7 +4370,7 @@ while (done <= 0) incomplete_transaction_log(US"too many non-mail commands"); log_write(0, LOG_MAIN|LOG_REJECT, "SMTP call from %s dropped: too many " "nonmail commands (last was \"%.*s\")", host_and_ident(FALSE), - s - smtp_cmd_buffer, smtp_cmd_buffer); + (int)(s - smtp_cmd_buffer), smtp_cmd_buffer); smtp_notquit_exit(US"bad-commands", US"554", US"Too many nonmail commands"); done = 1; /* Pretend eof - drops connection */ break; diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c index d6cfbba7d..0fa4ccd48 100644 --- a/src/src/smtp_out.c +++ b/src/src/smtp_out.c @@ -164,16 +164,20 @@ Arguments: interface outgoing interface address or NULL timeout timeout value or 0 keepalive TRUE to use keepalive + dscp DSCP value to assign to socket Returns: connected socket number, or -1 with errno set */ int smtp_connect(host_item *host, int host_af, int port, uschar *interface, - int timeout, BOOL keepalive) + int timeout, BOOL keepalive, const uschar *dscp) { int on = 1; int save_errno = 0; +int dscp_value; +int dscp_level; +int dscp_option; int sock; if (host->port != PORT_NONE) @@ -202,6 +206,25 @@ if ((sock = ip_socket(SOCK_STREAM, host_af)) < 0) return -1; setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (uschar *)(&on), sizeof(on)); +/* Set DSCP value, if we can. For now, if we fail to set the value, we don't +bomb out, just log it and continue in default traffic class. */ + +if (dscp && dscp_lookup(dscp, host_af, &dscp_level, &dscp_option, &dscp_value)) + { + HDEBUG(D_transport|D_acl|D_v) + debug_printf("DSCP \"%s\"=%x ", dscp, dscp_value); + if (setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)) < 0) + HDEBUG(D_transport|D_acl|D_v) + debug_printf("failed to set DSCP: %s ", strerror(errno)); + /* If the kernel supports IPv4 and IPv6 on an IPv6 socket, we need to set the + option for both; ignore failures here */ + if (host_af == AF_INET6 && + dscp_lookup(dscp, AF_INET, &dscp_level, &dscp_option, &dscp_value)) + { + (void) setsockopt(sock, dscp_level, dscp_option, &dscp_value, sizeof(dscp_value)); + } + } + /* Bind to a specific interface if requested. Caller must ensure the interface is the same type (IPv4 or IPv6) as the outgoing address. */ @@ -277,8 +300,8 @@ flush_buffer(smtp_outblock *outblock) int rc; #ifdef SUPPORT_TLS -if (tls_active == outblock->sock) - rc = tls_write(outblock->buffer, outblock->ptr - outblock->buffer); +if (tls_out.active == outblock->sock) + rc = tls_write(FALSE, outblock->buffer, outblock->ptr - outblock->buffer); else #endif diff --git a/src/src/spool_in.c b/src/src/spool_in.c index 3c611a505..a546b6521 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -283,10 +283,10 @@ dkim_collect_input = FALSE; #endif #ifdef SUPPORT_TLS -tls_certificate_verified = FALSE; -tls_cipher = NULL; -tls_peerdn = NULL; -tls_sni = NULL; +tls_in.certificate_verified = FALSE; +tls_in.cipher = NULL; +tls_in.peerdn = NULL; +tls_in.sni = NULL; #endif #ifdef WITH_CONTENT_SCAN @@ -545,13 +545,13 @@ for (;;) #ifdef SUPPORT_TLS case 't': if (Ustrncmp(p, "ls_certificate_verified", 23) == 0) - tls_certificate_verified = TRUE; + tls_in.certificate_verified = TRUE; else if (Ustrncmp(p, "ls_cipher", 9) == 0) - tls_cipher = string_copy(big_buffer + 12); + tls_in.cipher = string_copy(big_buffer + 12); else if (Ustrncmp(p, "ls_peerdn", 9) == 0) - tls_peerdn = string_unprinting(string_copy(big_buffer + 12)); + tls_in.peerdn = string_unprinting(string_copy(big_buffer + 12)); else if (Ustrncmp(p, "ls_sni", 6) == 0) - tls_sni = string_unprinting(string_copy(big_buffer + 9)); + tls_in.sni = string_unprinting(string_copy(big_buffer + 9)); break; #endif @@ -718,8 +718,8 @@ while ((n = fgetc(f)) != EOF) int i; if (!isdigit(n)) goto SPOOL_FORMAT_ERROR; - (void)ungetc(n, f); - (void)fscanf(f, "%d%c ", &n, flag); + if(ungetc(n, f) == EOF || fscanf(f, "%d%c ", &n, flag) == EOF) + goto SPOOL_READ_ERROR; if (flag[0] != '*') message_size += n; /* Omit non-transmitted headers */ if (read_headers) diff --git a/src/src/spool_mbox.c b/src/src/spool_mbox.c index bdeb2b1a6..12cf3d43e 100644 --- a/src/src/spool_mbox.c +++ b/src/src/spool_mbox.c @@ -96,7 +96,11 @@ FILE *spool_mbox(unsigned long *mbox_file_size, uschar *source_file_override) { }; /* End headers */ - (void)fwrite("\n", 1, 1, mbox_file); + if (fwrite("\n", 1, 1, mbox_file) != 1) { + log_write(0, LOG_MAIN|LOG_PANIC, "Error/short write while writing \ + message headers to %s", mbox_path); + goto OUT; + } /* copy body file */ if (source_file_override == NULL) { diff --git a/src/src/spool_out.c b/src/src/spool_out.c index 1a380dd17..ce25a564e 100644 --- a/src/src/spool_out.c +++ b/src/src/spool_out.c @@ -93,10 +93,12 @@ double-check the mode because the group setting doesn't always get set automatically. */ if (fd >= 0) - { - (void)fchown(fd, exim_uid, exim_gid); - (void)fchmod(fd, SPOOL_MODE); - } + if (fchown(fd, exim_uid, exim_gid) || fchmod(fd, SPOOL_MODE)) + { + DEBUG(D_any) debug_printf("failed setting perms on %s\n", temp_name); + (void) close(fd); fd = -1; + Uunlink(temp_name); + } return fd; } @@ -226,10 +228,10 @@ if (bmi_verdicts != NULL) fprintf(f, "-bmi_verdicts %s\n", bmi_verdicts); #endif #ifdef SUPPORT_TLS -if (tls_certificate_verified) fprintf(f, "-tls_certificate_verified\n"); -if (tls_cipher != NULL) fprintf(f, "-tls_cipher %s\n", tls_cipher); -if (tls_peerdn != NULL) fprintf(f, "-tls_peerdn %s\n", string_printing(tls_peerdn)); -if (tls_sni != NULL) fprintf(f, "-tls_sni %s\n", string_printing(tls_sni)); +if (tls_in.certificate_verified) fprintf(f, "-tls_certificate_verified\n"); +if (tls_in.cipher != NULL) fprintf(f, "-tls_cipher %s\n", tls_in.cipher); +if (tls_in.peerdn != NULL) fprintf(f, "-tls_peerdn %s\n", string_printing(tls_in.peerdn)); +if (tls_in.sni != NULL) fprintf(f, "-tls_sni %s\n", string_printing(tls_in.sni)); #endif /* To complete the envelope, write out the tree of non-recipients, followed by diff --git a/src/src/structs.h b/src/src/structs.h index c319611df..53aa2106b 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -335,7 +335,8 @@ typedef struct auth_instance { uschar *advertise_condition; /* Are we going to advertise this?*/ uschar *client_condition; /* Should the client try this? */ uschar *public_name; /* Advertised name */ - uschar *set_id; /* String to set as authenticated id */ + uschar *set_id; /* String to set when server as authenticated id */ + uschar *set_client_id; /* String to set when client as client_authenticated id */ uschar *mail_auth_condition; /* Condition for AUTH on MAIL command */ uschar *server_debug_string; /* Debugging output */ uschar *server_condition; /* Authorization condition */ @@ -481,6 +482,10 @@ typedef struct address_item_propagated { #define af_cert_verified 0x01000000 /* delivered with verified TLS cert */ #define af_pass_message 0x02000000 /* pass message in bounces */ #define af_bad_reply 0x04000000 /* filter could not generate autoreply */ +#ifdef EXPERIMENTAL_PRDR +# define af_prdr_used 0x08000000 /* delivery used SMTP PRDR */ +#endif +#define af_force_command 0x10000000 /* force_command in pipe transport */ /* These flags must be propagated when a child is created */ @@ -535,6 +540,10 @@ typedef struct address_item { uschar *peerdn; /* DN of server's certificate */ #endif + uschar *authenticator; /* auth driver name used by transport */ + uschar *auth_id; /* auth "login" name used by transport */ + uschar *auth_sndr; /* AUTH arg to SMTP MAIL, used by transport */ + uid_t uid; /* uid for transporting */ gid_t gid; /* gid for transporting */ diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index c8bf634bc..c357ba4e0 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -39,6 +39,10 @@ require current GnuTLS, then we'll drop support for the ancient libraries). #include /* man-page is incorrect, gnutls_rnd() is not in gnutls.h: */ #include +/* needed to disable PKCS11 autoload unless requested */ +#if GNUTLS_VERSION_NUMBER >= 0x020c00 +# include +#endif /* GnuTLS 2 vs 3 @@ -63,8 +67,7 @@ Some of these correspond to variables in globals.c; those variables will be set to point to content in one of these instances, as appropriate for the stage of the process lifetime. -Not handled here: globals tls_active, tls_bits, tls_cipher, tls_peerdn, -tls_certificate_verified, tls_channelbinding_b64, tls_sni. +Not handled here: global tls_channelbinding_b64. */ typedef struct exim_gnutls_state { @@ -95,6 +98,8 @@ typedef struct exim_gnutls_state { uschar *exp_tls_crl; uschar *exp_tls_require_ciphers; + tls_support *tlsp; /* set in tls_init() */ + uschar *xfer_buffer; int xfer_buffer_lwm; int xfer_buffer_hwm; @@ -107,6 +112,7 @@ static const exim_gnutls_state_st exim_gnutls_state_init = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, 0, 0, 0, 0, }; @@ -120,7 +126,6 @@ there's no way for heart-beats to be responded to, for the duration of the second connection. */ static exim_gnutls_state_st state_server, state_client; -static exim_gnutls_state_st *current_global_tls_state; /* dh_params are initialised once within the lifetime of a process using TLS; if we used TLS in a long-lived daemon, we'd have to reconsider this. But we @@ -171,6 +176,7 @@ before, for now. */ #define HAVE_GNUTLS_SESSION_CHANNEL_BINDING #define HAVE_GNUTLS_SEC_PARAM_CONSTANTS #define HAVE_GNUTLS_RND +#define HAVE_GNUTLS_PKCS11 #endif @@ -286,15 +292,13 @@ Sets: tls_cipher a string tls_peerdn a string tls_sni a (UTF-8) string -Also: - current_global_tls_state for API limitations Argument: state the relevant exim_gnutls_state_st * */ static void -extract_exim_vars_from_tls_state(exim_gnutls_state_st *state) +extract_exim_vars_from_tls_state(exim_gnutls_state_st *state, BOOL is_server) { gnutls_cipher_algorithm_t cipher; #ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING @@ -303,19 +307,17 @@ int rc; gnutls_datum_t channel; #endif -current_global_tls_state = state; - -tls_active = state->fd_out; +state->tlsp->active = state->fd_out; cipher = gnutls_cipher_get(state->session); /* returns size in "bytes" */ -tls_bits = gnutls_cipher_get_key_size(cipher) * 8; +state->tlsp->bits = gnutls_cipher_get_key_size(cipher) * 8; -tls_cipher = state->ciphersuite; +state->tlsp->cipher = state->ciphersuite; -DEBUG(D_tls) debug_printf("cipher: %s\n", tls_cipher); +DEBUG(D_tls) debug_printf("cipher: %s\n", state->ciphersuite); -tls_certificate_verified = state->peer_cert_verified; +state->tlsp->certificate_verified = state->peer_cert_verified; /* note that tls_channelbinding_b64 is not saved to the spool file, since it's only available for use for authenticators while this TLS session is running. */ @@ -336,9 +338,8 @@ if (rc) { } #endif -tls_peerdn = state->peerdn; - -tls_sni = state->received_sni; +state->tlsp->peerdn = state->peerdn; +state->tlsp->sni = state->received_sni; } @@ -653,7 +654,11 @@ if (!state->host) { if (!state->received_sni) { - if (state->tls_certificate && Ustrstr(state->tls_certificate, US"tls_sni")) + if (state->tls_certificate && + (Ustrstr(state->tls_certificate, US"tls_sni") || + Ustrstr(state->tls_certificate, US"tls_in_sni") || + Ustrstr(state->tls_certificate, US"tls_out_sni") + )) { DEBUG(D_tls) debug_printf("We will re-expand TLS session files if we receive SNI.\n"); state->trigger_sni_changes = TRUE; @@ -884,6 +889,7 @@ Arguments: cas CA certs file crl CRL file require_ciphers tls_require_ciphers setting + caller_state returned state-info structure Returns: OK/DEFER/FAIL */ @@ -910,6 +916,19 @@ if (!exim_gnutls_base_init_done) { DEBUG(D_tls) debug_printf("GnuTLS global init required.\n"); +#ifdef HAVE_GNUTLS_PKCS11 + /* By default, gnutls_global_init will init PKCS11 support in auto mode, + which loads modules from a config file, which sounds good and may be wanted + by some sysadmin, but also means in common configurations that GNOME keyring + environment variables are used and so breaks for users calling mailq. + To prevent this, we init PKCS11 first, which is the documented approach. */ + if (!gnutls_enable_pkcs11) + { + rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + exim_gnutls_err_check(US"gnutls_pkcs11_init"); + } +#endif + rc = gnutls_global_init(); exim_gnutls_err_check(US"gnutls_global_init"); @@ -929,6 +948,7 @@ if (host) { state = &state_client; memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init)); + state->tlsp = &tls_out; DEBUG(D_tls) debug_printf("initialising GnuTLS client session\n"); rc = gnutls_init(&state->session, GNUTLS_CLIENT); } @@ -936,6 +956,7 @@ else { state = &state_server; memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init)); + state->tlsp = &tls_in; DEBUG(D_tls) debug_printf("initialising GnuTLS server session\n"); rc = gnutls_init(&state->session, GNUTLS_SERVER); } @@ -967,7 +988,7 @@ if (rc != OK) return rc; /* set SNI in client, only */ if (host) { - if (!expand_check_tlsvar(tls_sni)) + if (!expand_check(state->tlsp->sni, US"tls_out_sni", &state->exp_tls_sni)) return DEFER; if (state->exp_tls_sni && *state->exp_tls_sni) { @@ -1038,8 +1059,6 @@ if (gnutls_compat_mode) } *caller_state = state; -/* needs to happen before callbacks during handshake */ -current_global_tls_state = state; return OK; } @@ -1118,7 +1137,7 @@ old_pool = store_pool; store_pool = POOL_PERM; state->ciphersuite = string_copy(cipherbuf); store_pool = old_pool; -tls_cipher = state->ciphersuite; +state->tlsp->cipher = state->ciphersuite; /* tls_peerdn */ cert_list = gnutls_certificate_get_peers(state->session, &cert_list_size); @@ -1240,7 +1259,7 @@ else state->peerdn ? state->peerdn : US""); } -tls_peerdn = state->peerdn; +state->tlsp->peerdn = state->peerdn; return TRUE; } @@ -1284,6 +1303,7 @@ handshake.". For inability to get SNI information, we return 0. We only return non-zero if re-setup failed. +Only used for server-side TLS. */ static int @@ -1291,7 +1311,7 @@ exim_sni_handling_cb(gnutls_session_t session) { char sni_name[MAX_HOST_LEN]; size_t data_len = MAX_HOST_LEN; -exim_gnutls_state_st *state = current_global_tls_state; +exim_gnutls_state_st *state = &state_server; unsigned int sni_type; int rc, old_pool; @@ -1321,7 +1341,7 @@ state->received_sni = string_copyn(US sni_name, data_len); store_pool = old_pool; /* We set this one now so that variable expansions below will work */ -tls_sni = state->received_sni; +state->tlsp->sni = state->received_sni; DEBUG(D_tls) debug_printf("Received TLS SNI \"%s\"%s\n", sni_name, state->trigger_sni_changes ? "" : " (unused for certificate selection)"); @@ -1377,9 +1397,7 @@ const char *error; exim_gnutls_state_st *state = NULL; /* Check for previous activation */ -/* nb: this will not be TLS callout safe, needs reworking as part of that. */ - -if (tls_active >= 0) +if (tls_in.active >= 0) { tls_error(US"STARTTLS received after TLS started", "", NULL); smtp_printf("554 Already in TLS\r\n"); @@ -1430,10 +1448,10 @@ make them disconnect. We need to have an explicit fflush() here, to force out the response. Other smtp_printf() calls do not need it, because in non-TLS mode, the fflush() happens when smtp_getc() is called. */ -if (!tls_on_connect) +if (!state->tlsp->on_connect) { smtp_printf("220 TLS go ahead\r\n"); - fflush(smtp_out); + fflush(smtp_out); /*XXX JGH */ } /* Now negotiate the TLS session. We put our own timer on it, since it seems @@ -1500,7 +1518,7 @@ if (rc != OK) return rc; /* Sets various Exim expansion variables; always safe within server */ -extract_exim_vars_from_tls_state(state); +extract_exim_vars_from_tls_state(state, TRUE); /* TLS has been set up. Adjust the input functions to read via TLS, and initialize appropriately. */ @@ -1529,13 +1547,13 @@ Arguments: fd the fd of the connection host connected host (for messages) addr the first address (not used) - dhparam DH parameter file (ignored, we're a client) certificate certificate file privatekey private key file sni TLS SNI to send to remote host verify_certs file for certificate verify verify_crl CRL for verify require_ciphers list of allowed ciphers or NULL + dh_min_bits minimum number of bits acceptable in server's DH prime timeout startup timeout Returns: OK/DEFER/FAIL (because using common functions), @@ -1544,10 +1562,14 @@ Returns: OK/DEFER/FAIL (because using common functions), int tls_client_start(int fd, host_item *host, - address_item *addr ARG_UNUSED, uschar *dhparam ARG_UNUSED, + address_item *addr ARG_UNUSED, uschar *certificate, uschar *privatekey, uschar *sni, uschar *verify_certs, uschar *verify_crl, - uschar *require_ciphers, int timeout) + uschar *require_ciphers, +#ifdef EXPERIMENTAL_OCSP + uschar *require_ocsp ARG_UNUSED, +#endif + int dh_min_bits, int timeout) { int rc; const char *error; @@ -1559,7 +1581,17 @@ rc = tls_init(host, certificate, privatekey, sni, verify_certs, verify_crl, require_ciphers, &state); if (rc != OK) return rc; -gnutls_dh_set_prime_bits(state->session, EXIM_CLIENT_DH_MIN_BITS); +if (dh_min_bits < EXIM_CLIENT_DH_MIN_MIN_BITS) + { + DEBUG(D_tls) + debug_printf("WARNING: tls_dh_min_bits far too low, clamping %d up to %d\n", + dh_min_bits, EXIM_CLIENT_DH_MIN_MIN_BITS); + dh_min_bits = EXIM_CLIENT_DH_MIN_MIN_BITS; + } + +DEBUG(D_tls) debug_printf("Setting D-H prime minimum acceptable bits to %d\n", + dh_min_bits); +gnutls_dh_set_prime_bits(state->session, dh_min_bits); if (verify_certs == NULL) { @@ -1609,7 +1641,7 @@ if (rc != OK) return rc; /* Sets various Exim expansion variables; may need to adjust for ACL callouts */ -extract_exim_vars_from_tls_state(state); +extract_exim_vars_from_tls_state(state, FALSE); return OK; } @@ -1630,11 +1662,11 @@ Returns: nothing */ void -tls_close(BOOL shutdown) +tls_close(BOOL is_server, BOOL shutdown) { -exim_gnutls_state_st *state = current_global_tls_state; +exim_gnutls_state_st *state = is_server ? &state_server : &state_client; -if (tls_active < 0) return; /* TLS was not active */ +if (!state->tlsp || state->tlsp->active < 0) return; /* TLS was not active */ if (shutdown) { @@ -1644,6 +1676,7 @@ if (shutdown) gnutls_deinit(state->session); +state->tlsp->active = -1; memcpy(state, &exim_gnutls_state_init, sizeof(exim_gnutls_state_init)); if ((state_server.session == NULL) && (state_client.session == NULL)) @@ -1652,7 +1685,6 @@ if ((state_server.session == NULL) && (state_client.session == NULL)) exim_gnutls_base_init_done = FALSE; } -tls_active = -1; } @@ -1664,6 +1696,7 @@ tls_active = -1; /* This gets the next byte from the TLS input buffer. If the buffer is empty, it refills the buffer via the GnuTLS reading function. +Only used by the server-side TLS. This feeds DKIM and should be used for all message-body reads. @@ -1674,7 +1707,7 @@ Returns: the next character or EOF int tls_getc(void) { -exim_gnutls_state_st *state = current_global_tls_state; +exim_gnutls_state_st *state = &state_server; if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm) { ssize_t inbytes; @@ -1703,12 +1736,12 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm) gnutls_deinit(state->session); state->session = NULL; - tls_active = -1; - tls_bits = 0; - tls_certificate_verified = FALSE; - tls_channelbinding_b64 = NULL; - tls_cipher = NULL; - tls_peerdn = NULL; + state->tlsp->active = -1; + state->tlsp->bits = 0; + state->tlsp->certificate_verified = FALSE; + tls_channelbinding_b64 = NULL; /*XXX JGH */ + state->tlsp->cipher = NULL; + state->tlsp->peerdn = NULL; return smtp_getc(); } @@ -1742,6 +1775,7 @@ return state->xfer_buffer[state->xfer_buffer_lwm++]; /* This does not feed DKIM, so if the caller uses this for reading message body, then the caller must feed DKIM. + Arguments: buff buffer of data len size of buffer @@ -1751,9 +1785,9 @@ Returns: the number of bytes read */ int -tls_read(uschar *buff, size_t len) +tls_read(BOOL is_server, uschar *buff, size_t len) { -exim_gnutls_state_st *state = current_global_tls_state; +exim_gnutls_state_st *state = is_server ? &state_server : &state_client; ssize_t inbytes; if (len > INT_MAX) @@ -1789,6 +1823,7 @@ return -1; /* Arguments: + is_server channel specifier buff buffer of data len number of bytes @@ -1797,11 +1832,11 @@ Returns: the number of bytes after a successful write, */ int -tls_write(const uschar *buff, size_t len) +tls_write(BOOL is_server, const uschar *buff, size_t len) { ssize_t outbytes; size_t left = len; -exim_gnutls_state_st *state = current_global_tls_state; +exim_gnutls_state_st *state = is_server ? &state_server : &state_client; DEBUG(D_tls) debug_printf("tls_do_write(%p, " SIZE_T_FMT ")\n", buff, left); while (left > 0) @@ -1931,6 +1966,13 @@ if (exim_gnutls_base_init_done) log_write(0, LOG_MAIN|LOG_PANIC, "already initialised GnuTLS, Exim developer bug"); +#ifdef HAVE_GNUTLS_PKCS11 +if (!gnutls_enable_pkcs11) + { + rc = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL); + validate_check_rc(US"gnutls_pkcs11_init"); + } +#endif rc = gnutls_global_init(); validate_check_rc(US"gnutls_global_init()"); exim_gnutls_base_init_done = TRUE; diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 22c0730c3..b273fff75 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -5,6 +5,8 @@ /* Copyright (c) University of Cambridge 1995 - 2012 */ /* See the file NOTICE for conditions of use and distribution. */ +/* Portions Copyright (c) The OpenSSL Project 1999 */ + /* This module provides the TLS (aka SSL) support for Exim using the OpenSSL library. It is #included into the tls.c file when that library is used. The code herein is based on a patch that was originally contributed by Steve @@ -42,30 +44,62 @@ typedef struct randstuff { /* Local static variables */ -static BOOL verify_callback_called = FALSE; +static BOOL client_verify_callback_called = FALSE; +static BOOL server_verify_callback_called = FALSE; static const uschar *sid_ctx = US"exim"; -static SSL_CTX *ctx = NULL; +/* We have three different contexts to care about. + +Simple case: client, `client_ctx` + As a client, we can be doing a callout or cut-through delivery while receiving + a message. So we have a client context, which should have options initialised + from the SMTP Transport. + +Server: + There are two cases: with and without ServerNameIndication from the client. + Given TLS SNI, we can be using different keys, certs and various other + configuration settings, because they're re-expanded with $tls_sni set. This + allows vhosting with TLS. This SNI is sent in the handshake. + A client might not send SNI, so we need a fallback, and an initial setup too. + So as a server, we start out using `server_ctx`. + If SNI is sent by the client, then we as server, mid-negotiation, try to clone + `server_sni` from `server_ctx` and then initialise settings by re-expanding + configuration. +*/ + +static SSL_CTX *client_ctx = NULL; +static SSL_CTX *server_ctx = NULL; +static SSL *client_ssl = NULL; +static SSL *server_ssl = NULL; + #ifdef EXIM_HAVE_OPENSSL_TLSEXT -static SSL_CTX *ctx_sni = NULL; +static SSL_CTX *server_sni = NULL; #endif -static SSL *ssl = NULL; static char ssl_errstring[256]; static int ssl_session_timeout = 200; -static BOOL verify_optional = FALSE; +static BOOL client_verify_optional = FALSE; +static BOOL server_verify_optional = FALSE; -static BOOL reexpand_tls_files_for_sni = FALSE; +static BOOL reexpand_tls_files_for_sni = FALSE; typedef struct tls_ext_ctx_cb { uschar *certificate; uschar *privatekey; #ifdef EXPERIMENTAL_OCSP - uschar *ocsp_file; - uschar *ocsp_file_expanded; - OCSP_RESPONSE *ocsp_response; + BOOL is_server; + union { + struct { + uschar *file; + uschar *file_expanded; + OCSP_RESPONSE *response; + } server; + struct { + X509_STORE *verify_store; + } client; + } u_ocsp; #endif uschar *dhparam; /* these are cached from first expand */ @@ -77,17 +111,19 @@ typedef struct tls_ext_ctx_cb { /* should figure out a cleanup of API to handle state preserved per implementation, for various reasons, which can be void * in the APIs. For now, we hack around it. */ -tls_ext_ctx_cb *static_cbinfo = NULL; +tls_ext_ctx_cb *client_static_cbinfo = NULL; +tls_ext_ctx_cb *server_static_cbinfo = NULL; static int -setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional); +setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional, + int (*cert_vfy_cb)(int, X509_STORE_CTX *) ); /* Callbacks */ #ifdef EXIM_HAVE_OPENSSL_TLSEXT static int tls_servername_cb(SSL *s, int *ad ARG_UNUSED, void *arg); #endif #ifdef EXPERIMENTAL_OCSP -static int tls_stapling_cb(SSL *s, void *arg); +static int tls_server_stapling_cb(SSL *s, void *arg); #endif @@ -171,6 +207,29 @@ return rsa_key; +/* Extreme debug +#if defined(EXPERIMENTAL_OCSP) +void +x509_store_dump_cert_s_names(X509_STORE * store) +{ +STACK_OF(X509_OBJECT) * roots= store->objs; +int i; +static uschar name[256]; + +for(i= 0; itype == X509_LU_X509) + { + X509 * current_cert= tmp_obj->data.x509; + X509_NAME_oneline(X509_get_subject_name(current_cert), CS name, sizeof(name)); + debug_printf(" %s\n", name); + } + } +} +#endif +*/ + /************************************************* * Callback for verification * @@ -196,12 +255,13 @@ setting SSL_VERIFY_FAIL_IF_NO_PEER_CERT in the non-optional case. Arguments: state current yes/no state as 1/0 x509ctx certificate information. + client TRUE for client startup, FALSE for server startup Returns: 1 if verified, 0 if not */ static int -verify_callback(int state, X509_STORE_CTX *x509ctx) +verify_callback(int state, X509_STORE_CTX *x509ctx, tls_support *tlsp, BOOL *calledp, BOOL *optionalp) { static uschar txt[256]; @@ -214,9 +274,9 @@ if (state == 0) x509ctx->error_depth, X509_verify_cert_error_string(x509ctx->error), txt); - tls_certificate_verified = FALSE; - verify_callback_called = TRUE; - if (!verify_optional) return 0; /* reject */ + tlsp->certificate_verified = FALSE; + *calledp = TRUE; + if (!*optionalp) return 0; /* reject */ DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in " "tls_try_verify_hosts)\n"); return 1; /* accept */ @@ -226,20 +286,50 @@ if (x509ctx->error_depth != 0) { DEBUG(D_tls) debug_printf("SSL verify ok: depth=%d cert=%s\n", x509ctx->error_depth, txt); +#ifdef EXPERIMENTAL_OCSP + if (tlsp == &tls_out && client_static_cbinfo->u_ocsp.client.verify_store) + { /* client, wanting stapling */ + /* Add the server cert's signing chain as the one + for the verification of the OCSP stapled information. */ + + if (!X509_STORE_add_cert(client_static_cbinfo->u_ocsp.client.verify_store, + x509ctx->current_cert)) + ERR_clear_error(); + } +#endif } else { DEBUG(D_tls) debug_printf("SSL%s peer: %s\n", - verify_callback_called? "" : " authenticated", txt); - tls_peerdn = txt; + *calledp ? "" : " authenticated", txt); + tlsp->peerdn = txt; } -if (!verify_callback_called) tls_certificate_verified = TRUE; -verify_callback_called = TRUE; +/*XXX JGH: this looks bogus - we set "verified" first time through, which +will be for the root CS cert (calls work down the chain). Why should it +not be on the last call, where we're setting peerdn? + +To test: set up a chain anchored by a good root-CA but with a bad server cert. +Does certificate_verified get set? +*/ +if (!*calledp) tlsp->certificate_verified = TRUE; +*calledp = TRUE; return 1; /* accept */ } +static int +verify_callback_client(int state, X509_STORE_CTX *x509ctx) +{ +return verify_callback(state, x509ctx, &tls_out, &client_verify_callback_called, &client_verify_optional); +} + +static int +verify_callback_server(int state, X509_STORE_CTX *x509ctx) +{ +return verify_callback(state, x509ctx, &tls_in, &server_verify_callback_called, &server_verify_optional); +} + /************************************************* @@ -364,7 +454,7 @@ return TRUE; * Load OCSP information into state * *************************************************/ -/* Called to load the OCSP response from the given file into memory, once +/* Called to load the server OCSP response from the given file into memory, once caller has determined this is needed. Checks validity. Debugs a message if invalid. @@ -378,9 +468,7 @@ Arguments: */ static void -ocsp_load_response(SSL_CTX *sctx, - tls_ext_ctx_cb *cbinfo, - const uschar *expanded) +ocsp_load_response(SSL_CTX *sctx, tls_ext_ctx_cb *cbinfo, const uschar *expanded) { BIO *bio; OCSP_RESPONSE *resp; @@ -391,18 +479,18 @@ X509_STORE *store; unsigned long verify_flags; int status, reason, i; -cbinfo->ocsp_file_expanded = string_copy(expanded); -if (cbinfo->ocsp_response) +cbinfo->u_ocsp.server.file_expanded = string_copy(expanded); +if (cbinfo->u_ocsp.server.response) { - OCSP_RESPONSE_free(cbinfo->ocsp_response); - cbinfo->ocsp_response = NULL; + OCSP_RESPONSE_free(cbinfo->u_ocsp.server.response); + cbinfo->u_ocsp.server.response = NULL; } -bio = BIO_new_file(CS cbinfo->ocsp_file_expanded, "rb"); +bio = BIO_new_file(CS cbinfo->u_ocsp.server.file_expanded, "rb"); if (!bio) { DEBUG(D_tls) debug_printf("Failed to open OCSP response file \"%s\"\n", - cbinfo->ocsp_file_expanded); + cbinfo->u_ocsp.server.file_expanded); return; } @@ -419,7 +507,7 @@ if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { DEBUG(D_tls) debug_printf("OCSP response not valid: %s (%d)\n", OCSP_response_status_str(status), status); - return; + goto bad; } basic_response = OCSP_response_get1_basic(resp); @@ -427,7 +515,7 @@ if (!basic_response) { DEBUG(D_tls) debug_printf("OCSP response parse error: unable to extract basic response.\n"); - return; + goto bad; } store = SSL_CTX_get_cert_store(sctx); @@ -443,8 +531,8 @@ if (i <= 0) DEBUG(D_tls) { ERR_error_string(ERR_get_error(), ssl_errstring); debug_printf("OCSP response verify failure: %s\n", US ssl_errstring); - } - return; + } + goto bad; } /* Here's the simplifying assumption: there's only one response, for the @@ -459,27 +547,43 @@ if (!single_response) { DEBUG(D_tls) debug_printf("Unable to get first response from OCSP basic response.\n"); - return; + goto bad; } status = OCSP_single_get0_status(single_response, &reason, &rev, &thisupd, &nextupd); -/* how does this status differ from the one above? */ -if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) +if (status != V_OCSP_CERTSTATUS_GOOD) { - DEBUG(D_tls) debug_printf("OCSP response not valid (take 2): %s (%d)\n", - OCSP_response_status_str(status), status); - return; + DEBUG(D_tls) debug_printf("OCSP response bad cert status: %s (%d) %s (%d)\n", + OCSP_cert_status_str(status), status, + OCSP_crl_reason_str(reason), reason); + goto bad; } if (!OCSP_check_validity(thisupd, nextupd, EXIM_OCSP_SKEW_SECONDS, EXIM_OCSP_MAX_AGE)) { DEBUG(D_tls) debug_printf("OCSP status invalid times.\n"); - return; + goto bad; } -cbinfo->ocsp_response = resp; +supply_response: +cbinfo->u_ocsp.server.response = resp; +return; + +bad: +if (running_in_test_harness) + { + extern char ** environ; + uschar ** p; + for (p = USS environ; *p != NULL; p++) + if (Ustrncmp(*p, "EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK", 42) == 0) + { + DEBUG(D_tls) debug_printf("Supplying known bad OCSP response\n"); + goto supply_response; + } + } +return; } -#endif +#endif /*EXPERIMENTAL_OCSP*/ @@ -488,7 +592,7 @@ cbinfo->ocsp_response = resp; * Expand key and cert file specs * *************************************************/ -/* Called once during tls_init and possibly againt during TLS setup, for a +/* Called once during tls_init and possibly again during TLS setup, for a new context, if Server Name Indication was used and tls_sni was seen in the certificate string. @@ -507,7 +611,10 @@ uschar *expanded; if (cbinfo->certificate == NULL) return OK; -if (Ustrstr(cbinfo->certificate, US"tls_sni")) +if (Ustrstr(cbinfo->certificate, US"tls_sni") || + Ustrstr(cbinfo->certificate, US"tls_in_sni") || + Ustrstr(cbinfo->certificate, US"tls_out_sni") + ) reexpand_tls_files_for_sni = TRUE; if (!expand_check(cbinfo->certificate, US"tls_certificate", &expanded)) @@ -539,16 +646,16 @@ if (expanded != NULL && *expanded != 0) } #ifdef EXPERIMENTAL_OCSP -if (cbinfo->ocsp_file != NULL) +if (cbinfo->is_server && cbinfo->u_ocsp.server.file != NULL) { - if (!expand_check(cbinfo->ocsp_file, US"tls_ocsp_file", &expanded)) + if (!expand_check(cbinfo->u_ocsp.server.file, US"tls_ocsp_file", &expanded)) return DEFER; if (expanded != NULL && *expanded != 0) { DEBUG(D_tls) debug_printf("tls_ocsp_file %s\n", expanded); - if (cbinfo->ocsp_file_expanded && - (Ustrcmp(expanded, cbinfo->ocsp_file_expanded) == 0)) + if (cbinfo->u_ocsp.server.file_expanded && + (Ustrcmp(expanded, cbinfo->u_ocsp.server.file_expanded) == 0)) { DEBUG(D_tls) debug_printf("tls_ocsp_file value unchanged, using existing values.\n"); @@ -599,7 +706,7 @@ DEBUG(D_tls) debug_printf("Received TLS SNI \"%s\"%s\n", servername, /* Make the extension value available for expansion */ store_pool = POOL_PERM; -tls_sni = string_copy(US servername); +tls_in.sni = string_copy(US servername); store_pool = old_pool; if (!reexpand_tls_files_for_sni) @@ -609,8 +716,8 @@ if (!reexpand_tls_files_for_sni) not confident that memcpy wouldn't break some internal reference counting. Especially since there's a references struct member, which would be off. */ -ctx_sni = SSL_CTX_new(SSLv23_server_method()); -if (!ctx_sni) +server_sni = SSL_CTX_new(SSLv23_server_method()); +if (!server_sni) { ERR_error_string(ERR_get_error(), ssl_errstring); DEBUG(D_tls) debug_printf("SSL_CTX_new() failed: %s\n", ssl_errstring); @@ -620,35 +727,35 @@ if (!ctx_sni) /* Not sure how many of these are actually needed, since SSL object already exists. Might even need this selfsame callback, for reneg? */ -SSL_CTX_set_info_callback(ctx_sni, SSL_CTX_get_info_callback(ctx)); -SSL_CTX_set_mode(ctx_sni, SSL_CTX_get_mode(ctx)); -SSL_CTX_set_options(ctx_sni, SSL_CTX_get_options(ctx)); -SSL_CTX_set_timeout(ctx_sni, SSL_CTX_get_timeout(ctx)); -SSL_CTX_set_tlsext_servername_callback(ctx_sni, tls_servername_cb); -SSL_CTX_set_tlsext_servername_arg(ctx_sni, cbinfo); +SSL_CTX_set_info_callback(server_sni, SSL_CTX_get_info_callback(server_ctx)); +SSL_CTX_set_mode(server_sni, SSL_CTX_get_mode(server_ctx)); +SSL_CTX_set_options(server_sni, SSL_CTX_get_options(server_ctx)); +SSL_CTX_set_timeout(server_sni, SSL_CTX_get_timeout(server_ctx)); +SSL_CTX_set_tlsext_servername_callback(server_sni, tls_servername_cb); +SSL_CTX_set_tlsext_servername_arg(server_sni, cbinfo); if (cbinfo->server_cipher_list) - SSL_CTX_set_cipher_list(ctx_sni, CS cbinfo->server_cipher_list); + SSL_CTX_set_cipher_list(server_sni, CS cbinfo->server_cipher_list); #ifdef EXPERIMENTAL_OCSP -if (cbinfo->ocsp_file) +if (cbinfo->u_ocsp.server.file) { - SSL_CTX_set_tlsext_status_cb(ctx_sni, tls_stapling_cb); - SSL_CTX_set_tlsext_status_arg(ctx, cbinfo); + SSL_CTX_set_tlsext_status_cb(server_sni, tls_server_stapling_cb); + SSL_CTX_set_tlsext_status_arg(server_sni, cbinfo); } #endif -rc = setup_certs(ctx_sni, tls_verify_certificates, tls_crl, NULL, FALSE); +rc = setup_certs(server_sni, tls_verify_certificates, tls_crl, NULL, FALSE, verify_callback_server); if (rc != OK) return SSL_TLSEXT_ERR_NOACK; /* do this after setup_certs, because this can require the certs for verifying OCSP information. */ -rc = tls_expand_session_files(ctx_sni, cbinfo); +rc = tls_expand_session_files(server_sni, cbinfo); if (rc != OK) return SSL_TLSEXT_ERR_NOACK; -rc = init_dh(ctx_sni, cbinfo->dhparam, NULL); +rc = init_dh(server_sni, cbinfo->dhparam, NULL); if (rc != OK) return SSL_TLSEXT_ERR_NOACK; DEBUG(D_tls) debug_printf("Switching SSL context.\n"); -SSL_set_SSL_CTX(s, ctx_sni); +SSL_set_SSL_CTX(s, server_sni); return SSL_TLSEXT_ERR_OK; } @@ -658,6 +765,7 @@ return SSL_TLSEXT_ERR_OK; #ifdef EXPERIMENTAL_OCSP + /************************************************* * Callback to handle OCSP Stapling * *************************************************/ @@ -671,28 +779,158 @@ project. */ static int -tls_stapling_cb(SSL *s, void *arg) +tls_server_stapling_cb(SSL *s, void *arg) { const tls_ext_ctx_cb *cbinfo = (tls_ext_ctx_cb *) arg; uschar *response_der; int response_der_len; -DEBUG(D_tls) debug_printf("Received TLS status request (OCSP stapling); %s response.\n", - cbinfo->ocsp_response ? "have" : "lack"); -if (!cbinfo->ocsp_response) +if (log_extra_selector & LX_tls_cipher) + log_write(0, LOG_MAIN, "[%s] Recieved OCSP stapling req;%s responding", + sender_host_address, cbinfo->u_ocsp.server.response ? "":" not"); +else + DEBUG(D_tls) debug_printf("Received TLS status request (OCSP stapling); %s response.", + cbinfo->u_ocsp.server.response ? "have" : "lack"); + +if (!cbinfo->u_ocsp.server.response) return SSL_TLSEXT_ERR_NOACK; response_der = NULL; -response_der_len = i2d_OCSP_RESPONSE(cbinfo->ocsp_response, &response_der); +response_der_len = i2d_OCSP_RESPONSE(cbinfo->u_ocsp.server.response, &response_der); if (response_der_len <= 0) return SSL_TLSEXT_ERR_NOACK; -SSL_set_tlsext_status_ocsp_resp(ssl, response_der, response_der_len); +SSL_set_tlsext_status_ocsp_resp(server_ssl, response_der, response_der_len); return SSL_TLSEXT_ERR_OK; } -#endif /* EXPERIMENTAL_OCSP */ +static void +time_print(BIO * bp, const char * str, ASN1_GENERALIZEDTIME * time) +{ +BIO_printf(bp, "\t%s: ", str); +ASN1_GENERALIZEDTIME_print(bp, time); +BIO_puts(bp, "\n"); +} + +static int +tls_client_stapling_cb(SSL *s, void *arg) +{ +tls_ext_ctx_cb * cbinfo = arg; +const unsigned char * p; +int len; +OCSP_RESPONSE * rsp; +OCSP_BASICRESP * bs; +int i; + +DEBUG(D_tls) debug_printf("Received TLS status response (OCSP stapling):"); +len = SSL_get_tlsext_status_ocsp_resp(s, &p); +if(!p) + { + if (log_extra_selector & LX_tls_cipher) + log_write(0, LOG_MAIN, "Received TLS status response, null content"); + else + DEBUG(D_tls) debug_printf(" null\n"); + return 0; /* This is the fail case for require-ocsp; none from server */ + } +if(!(rsp = d2i_OCSP_RESPONSE(NULL, &p, len))) + { + if (log_extra_selector & LX_tls_cipher) + log_write(0, LOG_MAIN, "Received TLS status response, parse error"); + else + DEBUG(D_tls) debug_printf(" parse error\n"); + return 0; + } + +if(!(bs = OCSP_response_get1_basic(rsp))) + { + if (log_extra_selector & LX_tls_cipher) + log_write(0, LOG_MAIN, "Received TLS status response, error parsing response"); + else + DEBUG(D_tls) debug_printf(" error parsing response\n"); + OCSP_RESPONSE_free(rsp); + return 0; + } + +/* We'd check the nonce here if we'd put one in the request. */ +/* However that would defeat cacheability on the server so we don't. */ + + +/* This section of code reworked from OpenSSL apps source; + The OpenSSL Project retains copyright: + Copyright (c) 1999 The OpenSSL Project. All rights reserved. +*/ + { + BIO * bp = NULL; + OCSP_CERTID *id; + int status, reason; + ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; + + DEBUG(D_tls) bp = BIO_new_fp(stderr, BIO_NOCLOSE); + + /*OCSP_RESPONSE_print(bp, rsp, 0); extreme debug: stapling content */ + + /* Use the chain that verified the server cert to verify the stapled info */ + /* DEBUG(D_tls) x509_store_dump_cert_s_names(cbinfo->u_ocsp.client.verify_store); */ + + if ((i = OCSP_basic_verify(bs, NULL, cbinfo->u_ocsp.client.verify_store, 0)) <= 0) + { + BIO_printf(bp, "OCSP response verify failure\n"); + ERR_print_errors(bp); + i = 0; + goto out; + } + + BIO_printf(bp, "OCSP response well-formed and signed OK\n"); + + { + STACK_OF(OCSP_SINGLERESP) * sresp = bs->tbsResponseData->responses; + OCSP_SINGLERESP * single; + + if (sk_OCSP_SINGLERESP_num(sresp) != 1) + { + log_write(0, LOG_MAIN, "OCSP stapling with multiple responses not handled"); + goto out; + } + single = OCSP_resp_get0(bs, 0); + status = OCSP_single_get0_status(single, &reason, &rev, &thisupd, &nextupd); + } + + i = 0; + DEBUG(D_tls) time_print(bp, "This OCSP Update", thisupd); + DEBUG(D_tls) if(nextupd) time_print(bp, "Next OCSP Update", nextupd); + if (!OCSP_check_validity(thisupd, nextupd, EXIM_OCSP_SKEW_SECONDS, EXIM_OCSP_MAX_AGE)) + { + DEBUG(D_tls) ERR_print_errors(bp); + log_write(0, LOG_MAIN, "Server OSCP dates invalid"); + goto out; + } + + DEBUG(D_tls) BIO_printf(bp, "Certificate status: %s\n", OCSP_cert_status_str(status)); + switch(status) + { + case V_OCSP_CERTSTATUS_GOOD: + i = 1; + break; + case V_OCSP_CERTSTATUS_REVOKED: + log_write(0, LOG_MAIN, "Server certificate revoked%s%s", + reason != -1 ? "; reason: " : "", reason != -1 ? OCSP_crl_reason_str(reason) : ""); + DEBUG(D_tls) time_print(bp, "Revocation Time", rev); + i = 0; + break; + default: + log_write(0, LOG_MAIN, "Server certificate status unknown, in OCSP stapling"); + i = 0; + break; + } + out: + BIO_free(bp); + } + +OCSP_RESPONSE_free(rsp); +return i; +} +#endif /*EXPERIMENTAL_OCSP*/ @@ -708,18 +946,19 @@ Arguments: dhparam DH parameter file certificate certificate file privatekey private key + ocsp_file file of stapling info (server); flag for require ocsp (client) addr address if client; NULL if server (for some randomness) Returns: OK/DEFER/FAIL */ static int -tls_init(host_item *host, uschar *dhparam, uschar *certificate, +tls_init(SSL_CTX **ctxp, host_item *host, uschar *dhparam, uschar *certificate, uschar *privatekey, #ifdef EXPERIMENTAL_OCSP uschar *ocsp_file, #endif - address_item *addr) + address_item *addr, tls_ext_ctx_cb ** cbp) { long init_options; int rc; @@ -730,7 +969,14 @@ cbinfo = store_malloc(sizeof(tls_ext_ctx_cb)); cbinfo->certificate = certificate; cbinfo->privatekey = privatekey; #ifdef EXPERIMENTAL_OCSP -cbinfo->ocsp_file = ocsp_file; +if ((cbinfo->is_server = host==NULL)) + { + cbinfo->u_ocsp.server.file = ocsp_file; + cbinfo->u_ocsp.server.file_expanded = NULL; + cbinfo->u_ocsp.server.response = NULL; + } +else + cbinfo->u_ocsp.client.verify_store = NULL; #endif cbinfo->dhparam = dhparam; cbinfo->host = host; @@ -752,10 +998,10 @@ when OpenSSL is built without SSLv2 support. By disabling with openssl_options, we can let admins re-enable with the existing knob. */ -ctx = SSL_CTX_new((host == NULL)? +*ctxp = SSL_CTX_new((host == NULL)? SSLv23_server_method() : SSLv23_client_method()); -if (ctx == NULL) return tls_error(US"SSL_CTX_new", host, NULL); +if (*ctxp == NULL) return tls_error(US"SSL_CTX_new", host, NULL); /* It turns out that we need to seed the random number generator this early in order to get the full complement of ciphers to work. It took me roughly a day @@ -783,10 +1029,10 @@ if (!RAND_status()) /* Set up the information callback, which outputs if debugging is at a suitable level. */ -SSL_CTX_set_info_callback(ctx, (void (*)())info_callback); +SSL_CTX_set_info_callback(*ctxp, (void (*)())info_callback); /* Automatically re-try reads/writes after renegotiation. */ -(void) SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); +(void) SSL_CTX_set_mode(*ctxp, SSL_MODE_AUTO_RETRY); /* Apply administrator-supplied work-arounds. Historically we applied just one requested option, @@ -804,7 +1050,7 @@ if (!okay) if (init_options) { DEBUG(D_tls) debug_printf("setting SSL CTX options: %#lx\n", init_options); - if (!(SSL_CTX_set_options(ctx, init_options))) + if (!(SSL_CTX_set_options(*ctxp, init_options))) return tls_error(string_sprintf( "SSL_CTX_set_option(%#lx)", init_options), host, NULL); } @@ -813,45 +1059,58 @@ else /* Initialize with DH parameters if supplied */ -if (!init_dh(ctx, dhparam, host)) return DEFER; +if (!init_dh(*ctxp, dhparam, host)) return DEFER; /* Set up certificate and key (and perhaps OCSP info) */ -rc = tls_expand_session_files(ctx, cbinfo); +rc = tls_expand_session_files(*ctxp, cbinfo); if (rc != OK) return rc; /* If we need to handle SNI, do so */ #ifdef EXIM_HAVE_OPENSSL_TLSEXT -if (host == NULL) +if (host == NULL) /* server */ { -#ifdef EXPERIMENTAL_OCSP - /* We check ocsp_file, not ocsp_response, because we care about if +# ifdef EXPERIMENTAL_OCSP + /* We check u_ocsp.server.file, not server.response, because we care about if the option exists, not what the current expansion might be, as SNI might change the certificate and OCSP file in use between now and the time the callback is invoked. */ - if (cbinfo->ocsp_file) + if (cbinfo->u_ocsp.server.file) { - SSL_CTX_set_tlsext_status_cb(ctx, tls_stapling_cb); - SSL_CTX_set_tlsext_status_arg(ctx, cbinfo); + SSL_CTX_set_tlsext_status_cb(server_ctx, tls_server_stapling_cb); + SSL_CTX_set_tlsext_status_arg(server_ctx, cbinfo); } -#endif +# endif /* We always do this, so that $tls_sni is available even if not used in tls_certificate */ - SSL_CTX_set_tlsext_servername_callback(ctx, tls_servername_cb); - SSL_CTX_set_tlsext_servername_arg(ctx, cbinfo); + SSL_CTX_set_tlsext_servername_callback(*ctxp, tls_servername_cb); + SSL_CTX_set_tlsext_servername_arg(*ctxp, cbinfo); } +# ifdef EXPERIMENTAL_OCSP +else /* client */ + if(ocsp_file) /* wanting stapling */ + { + if (!(cbinfo->u_ocsp.client.verify_store = X509_STORE_new())) + { + DEBUG(D_tls) debug_printf("failed to create store for stapling verify\n"); + return FAIL; + } + SSL_CTX_set_tlsext_status_cb(*ctxp, tls_client_stapling_cb); + SSL_CTX_set_tlsext_status_arg(*ctxp, cbinfo); + } +# endif #endif /* Set up the RSA callback */ -SSL_CTX_set_tmp_rsa_callback(ctx, rsa_callback); +SSL_CTX_set_tmp_rsa_callback(*ctxp, rsa_callback); /* Finally, set the timeout, and we are done */ -SSL_CTX_set_timeout(ctx, ssl_session_timeout); +SSL_CTX_set_timeout(*ctxp, ssl_session_timeout); DEBUG(D_tls) debug_printf("Initialized TLS\n"); -static_cbinfo = cbinfo; +*cbp = cbinfo; return OK; } @@ -863,17 +1122,17 @@ return OK; * Get name of cipher in use * *************************************************/ -/* The answer is left in a static buffer, and tls_cipher is set to point -to it. - +/* Argument: pointer to an SSL structure for the connection + buffer to use for answer + size of buffer + pointer to number of bits for cipher Returns: nothing */ static void -construct_cipher_name(SSL *ssl) +construct_cipher_name(SSL *ssl, uschar *cipherbuf, int bsize, int *bits) { -static uschar cipherbuf[256]; /* With OpenSSL 1.0.0a, this needs to be const but the documentation doesn't yet reflect that. It should be a safe change anyway, even 0.9.8 versions have the accessor functions use const in the prototype. */ @@ -911,11 +1170,10 @@ switch (ssl->session->ssl_version) } c = (const SSL_CIPHER *) SSL_get_current_cipher(ssl); -SSL_CIPHER_get_bits(c, &tls_bits); +SSL_CIPHER_get_bits(c, bits); -string_format(cipherbuf, sizeof(cipherbuf), "%s:%s:%u", ver, - SSL_CIPHER_get_name(c), tls_bits); -tls_cipher = cipherbuf; +string_format(cipherbuf, bsize, "%s:%s:%u", ver, + SSL_CIPHER_get_name(c), *bits); DEBUG(D_tls) debug_printf("Cipher: %s\n", cipherbuf); } @@ -937,19 +1195,21 @@ Arguments: host NULL in a server; the remote host in a client optional TRUE if called from a server for a host in tls_try_verify_hosts; otherwise passed as FALSE + cert_vfy_cb Callback function for certificate verification Returns: OK/DEFER/FAIL */ static int -setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional) +setup_certs(SSL_CTX *sctx, uschar *certs, uschar *crl, host_item *host, BOOL optional, + int (*cert_vfy_cb)(int, X509_STORE_CTX *) ) { uschar *expcerts, *expcrl; if (!expand_check(certs, US"tls_verify_certificates", &expcerts)) return DEFER; -if (expcerts != NULL) +if (expcerts != NULL && *expcerts != '\0') { struct stat statbuf; if (!SSL_CTX_set_default_verify_paths(sctx)) @@ -1041,7 +1301,7 @@ if (expcerts != NULL) SSL_CTX_set_verify(sctx, SSL_VERIFY_PEER | (optional? 0 : SSL_VERIFY_FAIL_IF_NO_PEER_CERT), - verify_callback); + cert_vfy_cb); } return OK; @@ -1072,10 +1332,11 @@ tls_server_start(const uschar *require_ciphers) int rc; uschar *expciphers; tls_ext_ctx_cb *cbinfo; +static uschar cipherbuf[256]; /* Check for previous activation */ -if (tls_active >= 0) +if (tls_in.active >= 0) { tls_error(US"STARTTLS received after TLS started", NULL, US""); smtp_printf("554 Already in TLS\r\n"); @@ -1085,13 +1346,13 @@ if (tls_active >= 0) /* Initialize the SSL library. If it fails, it will already have logged the error. */ -rc = tls_init(NULL, tls_dhparam, tls_certificate, tls_privatekey, +rc = tls_init(&server_ctx, NULL, tls_dhparam, tls_certificate, tls_privatekey, #ifdef EXPERIMENTAL_OCSP tls_ocsp_file, #endif - NULL); + NULL, &server_static_cbinfo); if (rc != OK) return rc; -cbinfo = static_cbinfo; +cbinfo = server_static_cbinfo; if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers)) return FAIL; @@ -1106,7 +1367,7 @@ if (expciphers != NULL) uschar *s = expciphers; while (*s != 0) { if (*s == '_') *s = '-'; s++; } DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers); - if (!SSL_CTX_set_cipher_list(ctx, CS expciphers)) + if (!SSL_CTX_set_cipher_list(server_ctx, CS expciphers)) return tls_error(US"SSL_CTX_set_cipher_list", NULL, NULL); cbinfo->server_cipher_list = expciphers; } @@ -1114,25 +1375,27 @@ if (expciphers != NULL) /* If this is a host for which certificate verification is mandatory or optional, set up appropriately. */ -tls_certificate_verified = FALSE; -verify_callback_called = FALSE; +tls_in.certificate_verified = FALSE; +server_verify_callback_called = FALSE; if (verify_check_host(&tls_verify_hosts) == OK) { - rc = setup_certs(ctx, tls_verify_certificates, tls_crl, NULL, FALSE); + rc = setup_certs(server_ctx, tls_verify_certificates, tls_crl, NULL, + FALSE, verify_callback_server); if (rc != OK) return rc; - verify_optional = FALSE; + server_verify_optional = FALSE; } else if (verify_check_host(&tls_try_verify_hosts) == OK) { - rc = setup_certs(ctx, tls_verify_certificates, tls_crl, NULL, TRUE); + rc = setup_certs(server_ctx, tls_verify_certificates, tls_crl, NULL, + TRUE, verify_callback_server); if (rc != OK) return rc; - verify_optional = TRUE; + server_verify_optional = TRUE; } /* Prepare for new connection */ -if ((ssl = SSL_new(ctx)) == NULL) return tls_error(US"SSL_new", NULL, NULL); +if ((server_ssl = SSL_new(server_ctx)) == NULL) return tls_error(US"SSL_new", NULL, NULL); /* Warning: we used to SSL_clear(ssl) here, it was removed. * @@ -1153,8 +1416,8 @@ make them disconnect. We need to have an explicit fflush() here, to force out the response. Other smtp_printf() calls do not need it, because in non-TLS mode, the fflush() happens when smtp_getc() is called. */ -SSL_set_session_id_context(ssl, sid_ctx, Ustrlen(sid_ctx)); -if (!tls_on_connect) +SSL_set_session_id_context(server_ssl, sid_ctx, Ustrlen(sid_ctx)); +if (!tls_in.on_connect) { smtp_printf("220 TLS go ahead\r\n"); fflush(smtp_out); @@ -1163,15 +1426,15 @@ if (!tls_on_connect) /* Now negotiate the TLS session. We put our own timer on it, since it seems that the OpenSSL library doesn't. */ -SSL_set_wfd(ssl, fileno(smtp_out)); -SSL_set_rfd(ssl, fileno(smtp_in)); -SSL_set_accept_state(ssl); +SSL_set_wfd(server_ssl, fileno(smtp_out)); +SSL_set_rfd(server_ssl, fileno(smtp_in)); +SSL_set_accept_state(server_ssl); DEBUG(D_tls) debug_printf("Calling SSL_accept\n"); sigalrm_seen = FALSE; if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout); -rc = SSL_accept(ssl); +rc = SSL_accept(server_ssl); alarm(0); if (rc <= 0) @@ -1188,16 +1451,22 @@ DEBUG(D_tls) debug_printf("SSL_accept was successful\n"); /* TLS has been set up. Adjust the input functions to read via TLS, and initialize things. */ -construct_cipher_name(ssl); +construct_cipher_name(server_ssl, cipherbuf, sizeof(cipherbuf), &tls_in.bits); +tls_in.cipher = cipherbuf; DEBUG(D_tls) { uschar buf[2048]; - if (SSL_get_shared_ciphers(ssl, CS buf, sizeof(buf)) != NULL) + if (SSL_get_shared_ciphers(server_ssl, CS buf, sizeof(buf)) != NULL) debug_printf("Shared ciphers: %s\n", buf); } +/* Only used by the server-side tls (tls_in), including tls_getc. + Client-side (tls_out) reads (seem to?) go via + smtp_read_response()/ip_recv(). + Hence no need to duplicate for _in and _out. + */ ssl_xfer_buffer = store_malloc(ssl_xfer_buffer_size); ssl_xfer_buffer_lwm = ssl_xfer_buffer_hwm = 0; ssl_xfer_eof = ssl_xfer_error = 0; @@ -1208,7 +1477,7 @@ receive_feof = tls_feof; receive_ferror = tls_ferror; receive_smtp_buffered = tls_smtp_buffered; -tls_active = fileno(smtp_out); +tls_in.active = fileno(smtp_out); return OK; } @@ -1226,13 +1495,14 @@ Argument: fd the fd of the connection host connected host (for messages) addr the first address - dhparam DH parameter file certificate certificate file privatekey private key file sni TLS SNI to send to remote host verify_certs file for certificate verify crl file containing CRL require_ciphers list of allowed ciphers + dh_min_bits minimum number of bits acceptable in server's DH prime + (unused in OpenSSL) timeout startup timeout Returns: OK on success @@ -1241,25 +1511,34 @@ Returns: OK on success */ int -tls_client_start(int fd, host_item *host, address_item *addr, uschar *dhparam, +tls_client_start(int fd, host_item *host, address_item *addr, uschar *certificate, uschar *privatekey, uschar *sni, uschar *verify_certs, uschar *crl, - uschar *require_ciphers, int timeout) + uschar *require_ciphers, +#ifdef EXPERIMENTAL_OCSP + uschar *hosts_require_ocsp, +#endif + int dh_min_bits ARG_UNUSED, int timeout) { static uschar txt[256]; uschar *expciphers; X509* server_cert; int rc; +static uschar cipherbuf[256]; +#ifdef EXPERIMENTAL_OCSP +BOOL require_ocsp = verify_check_this_host(&hosts_require_ocsp, + NULL, host->name, host->address, NULL) == OK; +#endif -rc = tls_init(host, dhparam, certificate, privatekey, +rc = tls_init(&client_ctx, host, NULL, certificate, privatekey, #ifdef EXPERIMENTAL_OCSP - NULL, + require_ocsp ? US"" : NULL, #endif - addr); + addr, &client_static_cbinfo); if (rc != OK) return rc; -tls_certificate_verified = FALSE; -verify_callback_called = FALSE; +tls_out.certificate_verified = FALSE; +client_verify_callback_called = FALSE; if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers)) return FAIL; @@ -1273,43 +1552,54 @@ if (expciphers != NULL) uschar *s = expciphers; while (*s != 0) { if (*s == '_') *s = '-'; s++; } DEBUG(D_tls) debug_printf("required ciphers: %s\n", expciphers); - if (!SSL_CTX_set_cipher_list(ctx, CS expciphers)) + if (!SSL_CTX_set_cipher_list(client_ctx, CS expciphers)) return tls_error(US"SSL_CTX_set_cipher_list", host, NULL); } -rc = setup_certs(ctx, verify_certs, crl, host, FALSE); +rc = setup_certs(client_ctx, verify_certs, crl, host, FALSE, verify_callback_client); if (rc != OK) return rc; -if ((ssl = SSL_new(ctx)) == NULL) return tls_error(US"SSL_new", host, NULL); -SSL_set_session_id_context(ssl, sid_ctx, Ustrlen(sid_ctx)); -SSL_set_fd(ssl, fd); -SSL_set_connect_state(ssl); +if ((client_ssl = SSL_new(client_ctx)) == NULL) return tls_error(US"SSL_new", host, NULL); +SSL_set_session_id_context(client_ssl, sid_ctx, Ustrlen(sid_ctx)); +SSL_set_fd(client_ssl, fd); +SSL_set_connect_state(client_ssl); if (sni) { - if (!expand_check(sni, US"tls_sni", &tls_sni)) + if (!expand_check(sni, US"tls_sni", &tls_out.sni)) return FAIL; - if (!Ustrlen(tls_sni)) - tls_sni = NULL; + if (tls_out.sni == NULL) + { + DEBUG(D_tls) debug_printf("Setting TLS SNI forced to fail, not sending\n"); + } + else if (!Ustrlen(tls_out.sni)) + tls_out.sni = NULL; else { #ifdef EXIM_HAVE_OPENSSL_TLSEXT - DEBUG(D_tls) debug_printf("Setting TLS SNI \"%s\"\n", tls_sni); - SSL_set_tlsext_host_name(ssl, tls_sni); + DEBUG(D_tls) debug_printf("Setting TLS SNI \"%s\"\n", tls_out.sni); + SSL_set_tlsext_host_name(client_ssl, tls_out.sni); #else DEBUG(D_tls) debug_printf("OpenSSL at build-time lacked SNI support, ignoring \"%s\"\n", - tls_sni); + tls_out.sni); #endif } } +#ifdef EXPERIMENTAL_OCSP +/* Request certificate status at connection-time. If the server +does OCSP stapling we will get the callback (set in tls_init()) */ +if (require_ocsp) + SSL_set_tlsext_status_type(client_ssl, TLSEXT_STATUSTYPE_ocsp); +#endif + /* There doesn't seem to be a built-in timeout on connection. */ DEBUG(D_tls) debug_printf("Calling SSL_connect\n"); sigalrm_seen = FALSE; alarm(timeout); -rc = SSL_connect(ssl); +rc = SSL_connect(client_ssl); alarm(0); if (rc <= 0) @@ -1318,19 +1608,20 @@ if (rc <= 0) DEBUG(D_tls) debug_printf("SSL_connect succeeded\n"); /* Beware anonymous ciphers which lead to server_cert being NULL */ -server_cert = SSL_get_peer_certificate (ssl); +server_cert = SSL_get_peer_certificate (client_ssl); if (server_cert) { - tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert), + tls_out.peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert), CS txt, sizeof(txt)); - tls_peerdn = txt; + tls_out.peerdn = txt; } else - tls_peerdn = NULL; + tls_out.peerdn = NULL; -construct_cipher_name(ssl); /* Sets tls_cipher */ +construct_cipher_name(client_ssl, cipherbuf, sizeof(cipherbuf), &tls_out.bits); +tls_out.cipher = cipherbuf; -tls_active = fd; +tls_out.active = fd; return OK; } @@ -1347,6 +1638,8 @@ it refills the buffer via the SSL reading function. Arguments: none Returns: the next character or EOF + +Only used by the server-side TLS. */ int @@ -1357,12 +1650,12 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) int error; int inbytes; - DEBUG(D_tls) debug_printf("Calling SSL_read(%p, %p, %u)\n", ssl, + DEBUG(D_tls) debug_printf("Calling SSL_read(%p, %p, %u)\n", server_ssl, ssl_xfer_buffer, ssl_xfer_buffer_size); if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout); - inbytes = SSL_read(ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size); - error = SSL_get_error(ssl, inbytes); + inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size); + error = SSL_get_error(server_ssl, inbytes); alarm(0); /* SSL_ERROR_ZERO_RETURN appears to mean that the SSL session has been @@ -1379,13 +1672,13 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) receive_ferror = smtp_ferror; receive_smtp_buffered = smtp_buffered; - SSL_free(ssl); - ssl = NULL; - tls_active = -1; - tls_bits = 0; - tls_cipher = NULL; - tls_peerdn = NULL; - tls_sni = NULL; + SSL_free(server_ssl); + server_ssl = NULL; + tls_in.active = -1; + tls_in.bits = 0; + tls_in.cipher = NULL; + tls_in.peerdn = NULL; + tls_in.sni = NULL; return smtp_getc(); } @@ -1432,11 +1725,14 @@ Arguments: Returns: the number of bytes read -1 after a failed read + +Only used by the client-side TLS. */ int -tls_read(uschar *buff, size_t len) +tls_read(BOOL is_server, uschar *buff, size_t len) { +SSL *ssl = is_server ? server_ssl : client_ssl; int inbytes; int error; @@ -1469,19 +1765,23 @@ return inbytes; /* Arguments: + is_server channel specifier buff buffer of data len number of bytes Returns: the number of bytes after a successful write, -1 after a failed write + +Used by both server-side and client-side TLS. */ int -tls_write(const uschar *buff, size_t len) +tls_write(BOOL is_server, const uschar *buff, size_t len) { int outbytes; int error; int left = len; +SSL *ssl = is_server ? server_ssl : client_ssl; DEBUG(D_tls) debug_printf("tls_do_write(%p, %d)\n", buff, left); while (left > 0) @@ -1506,6 +1806,11 @@ while (left > 0) log_write(0, LOG_MAIN, "SSL channel closed on write"); return -1; + case SSL_ERROR_SYSCALL: + log_write(0, LOG_MAIN, "SSL_write: (from %s) syscall: %s", + sender_fullhost ? sender_fullhost : US"", + strerror(errno)); + default: log_write(0, LOG_MAIN, "SSL_write error %d", error); return -1; @@ -1526,23 +1831,28 @@ would tamper with the SSL session in the parent process). Arguments: TRUE if SSL_shutdown is to be called Returns: nothing + +Used by both server-side and client-side TLS. */ void -tls_close(BOOL shutdown) +tls_close(BOOL is_server, BOOL shutdown) { -if (tls_active < 0) return; /* TLS was not active */ +SSL **sslp = is_server ? &server_ssl : &client_ssl; +int *fdp = is_server ? &tls_in.active : &tls_out.active; + +if (*fdp < 0) return; /* TLS was not active */ if (shutdown) { DEBUG(D_tls) debug_printf("tls_close(): shutting down SSL\n"); - SSL_shutdown(ssl); + SSL_shutdown(*sslp); } -SSL_free(ssl); -ssl = NULL; +SSL_free(*sslp); +*sslp = NULL; -tls_active = -1; +*fdp = -1; } @@ -1660,12 +1970,26 @@ vaguely_random_number(int max) { unsigned int r; int i, needed_len; +static pid_t pidlast = 0; +pid_t pidnow; uschar *p; uschar smallbuf[sizeof(r)]; if (max <= 1) return 0; +pidnow = getpid(); +if (pidnow != pidlast) + { + /* Although OpenSSL documents that "OpenSSL makes sure that the PRNG state + is unique for each thread", this doesn't apparently apply across processes, + so our own warning from vaguely_random_number_fallback() applies here too. + Fix per PostgreSQL. */ + if (pidlast != 0) + RAND_cleanup(); + pidlast = pidnow; + } + /* OpenSSL auto-seeds from /dev/random, etc, but this a double-check. */ if (!RAND_status()) { @@ -1737,7 +2061,9 @@ all options unless explicitly for DTLS, let the administrator choose which to apply. This list is current as of: - ==> 1.0.1b <== */ + ==> 1.0.1b <== +Plus SSL_OP_SAFARI_ECDHE_ECDSA_BUG from 2013-June patch/discussion on openssl-dev +*/ static struct exim_openssl_option exim_openssl_options[] = { /* KEEP SORTED ALPHABETICALLY! */ #ifdef SSL_OP_ALL @@ -1802,6 +2128,9 @@ static struct exim_openssl_option exim_openssl_options[] = { #ifdef SSL_OP_NO_TLSv1_2 { US"no_tlsv1_2", SSL_OP_NO_TLSv1_2 }, #endif +#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG + { US"safari_ecdhe_ecdsa_bug", SSL_OP_SAFARI_ECDHE_ECDSA_BUG }, +#endif #ifdef SSL_OP_SINGLE_DH_USE { US"single_dh_use", SSL_OP_SINGLE_DH_USE }, #endif diff --git a/src/src/tls.c b/src/src/tls.c index 0c98aeba9..0625c48b8 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -86,11 +86,11 @@ return TRUE; #ifdef USE_GNUTLS #include "tls-gnu.c" -#define ssl_xfer_buffer (current_global_tls_state->xfer_buffer) -#define ssl_xfer_buffer_lwm (current_global_tls_state->xfer_buffer_lwm) -#define ssl_xfer_buffer_hwm (current_global_tls_state->xfer_buffer_hwm) -#define ssl_xfer_eof (current_global_tls_state->xfer_eof) -#define ssl_xfer_error (current_global_tls_state->xfer_error) +#define ssl_xfer_buffer (state_server.xfer_buffer) +#define ssl_xfer_buffer_lwm (state_server.xfer_buffer_lwm) +#define ssl_xfer_buffer_hwm (state_server.xfer_buffer_hwm) +#define ssl_xfer_eof (state_server.xfer_eof) +#define ssl_xfer_error (state_server.xfer_error) #else #include "tls-openssl.c" @@ -104,6 +104,7 @@ return TRUE; /* Puts a character back in the input buffer. Only ever called once. +Only used by the server-side TLS. Arguments: ch the character @@ -125,6 +126,7 @@ return ch; *************************************************/ /* Tests for a previous EOF +Only used by the server-side TLS. Arguments: none Returns: non-zero if the eof flag is set @@ -144,6 +146,7 @@ return ssl_xfer_eof; /* Tests for a previous read error, and returns with errno restored to what it was when the error was detected. +Only used by the server-side TLS. >>>>> Hmm. Errno not handled yet. Where do we get it from? >>>>> @@ -163,6 +166,7 @@ return ssl_xfer_error; *************************************************/ /* Tests for unused chars in the TLS input buffer. +Only used by the server-side TLS. Arguments: none Returns: TRUE/FALSE diff --git a/src/src/transport.c b/src/src/transport.c index 6894e96df..7dd1afb85 100644 --- a/src/src/transport.c +++ b/src/src/transport.c @@ -68,11 +68,11 @@ optionlist optionlist_transports[] = { (void *)(offsetof(transport_instance, envelope_to_add)) }, { "group", opt_expand_gid|opt_public, (void *)offsetof(transport_instance, gid) }, - { "headers_add", opt_stringptr|opt_public, + { "headers_add", opt_stringptr|opt_public|opt_rep_str, (void *)offsetof(transport_instance, add_headers) }, { "headers_only", opt_bool|opt_public, (void *)offsetof(transport_instance, headers_only) }, - { "headers_remove", opt_stringptr|opt_public, + { "headers_remove", opt_stringptr|opt_public|opt_rep_str, (void *)offsetof(transport_instance, remove_headers) }, { "headers_rewrite", opt_rewrite|opt_public, (void *)offsetof(transport_instance, headers_rewrite) }, @@ -219,7 +219,7 @@ for (i = 0; i < 100; i++) if (transport_write_timeout <= 0) /* No timeout wanted */ { #ifdef SUPPORT_TLS - if (tls_active == fd) rc = tls_write(block, len); else + if (tls_out.active == fd) rc = tls_write(FALSE, block, len); else #endif rc = write(fd, block, len); save_errno = errno; @@ -231,7 +231,7 @@ for (i = 0; i < 100; i++) { alarm(local_timeout); #ifdef SUPPORT_TLS - if (tls_active == fd) rc = tls_write(block, len); else + if (tls_out.active == fd) rc = tls_write(FALSE, block, len); else #endif rc = write(fd, block, len); save_errno = errno; @@ -1046,7 +1046,7 @@ dkim_transport_write_message(address_item *addr, int fd, int options, int siglen = Ustrlen(dkim_signature); while(siglen > 0) { #ifdef SUPPORT_TLS - if (tls_active == fd) wwritten = tls_write(dkim_signature, siglen); else + if (tls_out.active == fd) wwritten = tls_write(FALSE, dkim_signature, siglen); else #endif wwritten = write(fd,dkim_signature,siglen); if (wwritten == -1) { @@ -1072,7 +1072,7 @@ dkim_transport_write_message(address_item *addr, int fd, int options, to the socket. However only if we don't use TLS, in which case theres another layer of indirection before the data finally hits the socket. */ - if (tls_active != fd) + if (tls_out.active != fd) { ssize_t copied = 0; off_t offset = 0; @@ -1096,7 +1096,7 @@ dkim_transport_write_message(address_item *addr, int fd, int options, /* write the chunk */ DKIM_WRITE: #ifdef SUPPORT_TLS - if (tls_active == fd) wwritten = tls_write(US p, sread); else + if (tls_out.active == fd) wwritten = tls_write(FALSE, US p, sread); else #endif wwritten = write(fd,p,sread); if (wwritten == -1) @@ -1226,9 +1226,14 @@ if ((write_pid = fork()) == 0) size_limit, add_headers, remove_headers, NULL, NULL, rewrite_rules, rewrite_existflags); save_errno = errno; - (void)write(pfd[pipe_write], (void *)&rc, sizeof(BOOL)); - (void)write(pfd[pipe_write], (void *)&save_errno, sizeof(int)); - (void)write(pfd[pipe_write], (void *)&(addr->more_errno), sizeof(int)); + if ( write(pfd[pipe_write], (void *)&rc, sizeof(BOOL)) + != sizeof(BOOL) + || write(pfd[pipe_write], (void *)&save_errno, sizeof(int)) + != sizeof(int) + || write(pfd[pipe_write], (void *)&(addr->more_errno), sizeof(int)) + != sizeof(int) + ) + rc = FALSE; /* compiler quietening */ _exit(0); } save_errno = errno; @@ -1339,11 +1344,11 @@ if (write_pid > 0) if (rc == 0) { BOOL ok; - (void)read(pfd[pipe_read], (void *)&ok, sizeof(BOOL)); + int dummy = read(pfd[pipe_read], (void *)&ok, sizeof(BOOL)); if (!ok) { - (void)read(pfd[pipe_read], (void *)&save_errno, sizeof(int)); - (void)read(pfd[pipe_read], (void *)&(addr->more_errno), sizeof(int)); + dummy = read(pfd[pipe_read], (void *)&save_errno, sizeof(int)); + dummy = read(pfd[pipe_read], (void *)&(addr->more_errno), sizeof(int)); yield = FALSE; } } @@ -1992,7 +1997,122 @@ if (expand_arguments) memmove(argv + i + 1 + additional, argv + i + 1, (argcount - i)*sizeof(uschar *)); - for (ad = addr; ad != NULL; ad = ad->next) argv[i++] = ad->address; + for (ad = addr; ad != NULL; ad = ad->next) { + argv[i++] = ad->address; + argcount++; + } + + /* Subtract one since we replace $pipe_addresses */ + argcount--; + i--; + } + + /* Handle special case of $address_pipe when af_force_command is set */ + + else if (addr != NULL && testflag(addr,af_force_command) && + (Ustrcmp(argv[i], "$address_pipe") == 0 || + Ustrcmp(argv[i], "${address_pipe}") == 0)) + { + int address_pipe_i; + int address_pipe_argcount = 0; + int address_pipe_max_args; + uschar **address_pipe_argv; + + /* We can never have more then the argv we will be loading into */ + address_pipe_max_args = max_args - argcount + 1; + + DEBUG(D_transport) + debug_printf("address_pipe_max_args=%d\n", address_pipe_max_args); + + /* We allocate an additional for (uschar *)0 */ + address_pipe_argv = store_get((address_pipe_max_args+1)*sizeof(uschar *)); + + /* +1 because addr->local_part[0] == '|' since af_force_command is set */ + s = expand_string(addr->local_part + 1); + + if (s == NULL || *s == '\0') + { + addr->transport_return = FAIL; + addr->message = string_sprintf("Expansion of \"%s\" " + "from command \"%s\" in %s failed: %s", + (addr->local_part + 1), cmd, etext, expand_string_message); + return FALSE; + } + + while (isspace(*s)) s++; /* strip leading space */ + + while (*s != 0 && address_pipe_argcount < address_pipe_max_args) + { + if (*s == '\'') + { + ss = s + 1; + while (*ss != 0 && *ss != '\'') ss++; + address_pipe_argv[address_pipe_argcount++] = ss = store_get(ss - s++); + while (*s != 0 && *s != '\'') *ss++ = *s++; + if (*s != 0) s++; + *ss++ = 0; + } + else address_pipe_argv[address_pipe_argcount++] = string_dequote(&s); + while (isspace(*s)) s++; /* strip space after arg */ + } + + address_pipe_argv[address_pipe_argcount] = (uschar *)0; + + /* If *s != 0 we have run out of argument slots. */ + if (*s != 0) + { + uschar *msg = string_sprintf("Too many arguments in $address_pipe " + "\"%s\" in %s", addr->local_part + 1, etext); + if (addr != NULL) + { + addr->transport_return = FAIL; + addr->message = msg; + } + else *errptr = msg; + return FALSE; + } + + /* address_pipe_argcount - 1 + * because we are replacing $address_pipe in the argument list + * with the first thing it expands to */ + if (argcount + address_pipe_argcount - 1 > max_args) + { + addr->transport_return = FAIL; + addr->message = string_sprintf("Too many arguments to command " + "\"%s\" after expanding $address_pipe in %s", cmd, etext); + return FALSE; + } + + /* If we are not just able to replace the slot that contained + * $address_pipe (address_pipe_argcount == 1) + * We have to move the existing argv by address_pipe_argcount - 1 + * Visually if address_pipe_argcount == 2: + * [argv 0][argv 1][argv 2($address_pipe)][argv 3][0] + * [argv 0][argv 1][ap_arg0][ap_arg1][old argv 3][0] + */ + if (address_pipe_argcount > 1) + memmove( + /* current position + additonal args */ + argv + i + address_pipe_argcount, + /* current position + 1 (for the (uschar *)0 at the end) */ + argv + i + 1, + /* -1 for the (uschar *)0 at the end)*/ + (argcount - i)*sizeof(uschar *) + ); + + /* Now we fill in the slots we just moved argv out of + * [argv 0][argv 1][argv 2=pipeargv[0]][argv 3=pipeargv[1]][old argv 3][0] + */ + for (address_pipe_i = 0; + address_pipe_argv[address_pipe_i] != (uschar *)0; + address_pipe_i++) + { + argv[i++] = address_pipe_argv[address_pipe_i]; + argcount++; + } + + /* Subtract one since we replace $address_pipe */ + argcount--; i--; } diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c index 11c59bb0b..db3b5aeee 100644 --- a/src/src/transports/appendfile.c +++ b/src/src/transports/appendfile.c @@ -1771,8 +1771,14 @@ if (!isdirectory) /* We have successfully created and opened the file. Ensure that the group and the mode are correct. */ - (void)Uchown(filename, uid, gid); - (void)Uchmod(filename, mode); + if(Uchown(filename, uid, gid) || Uchmod(filename, mode)) + { + addr->basic_errno = errno; + addr->message = string_sprintf("while setting perms on mailbox %s", + filename); + addr->transport_return = FAIL; + goto RETURN; + } } @@ -2573,8 +2579,13 @@ else /* Why are these here? Put in because they are present in the non-maildir directory case above. */ - (void)Uchown(filename, uid, gid); - (void)Uchmod(filename, mode); + if(Uchown(filename, uid, gid) || Uchmod(filename, mode)) + { + addr->basic_errno = errno; + addr->message = string_sprintf("while setting perms on maildir %s", + filename); + return FALSE; + } } #endif /* SUPPORT_MAILDIR */ @@ -2615,8 +2626,13 @@ else /* Why are these here? Put in because they are present in the non-maildir directory case above. */ - (void)Uchown(filename, uid, gid); - (void)Uchmod(filename, mode); + if(Uchown(filename, uid, gid) || Uchmod(filename, mode)) + { + addr->basic_errno = errno; + addr->message = string_sprintf("while setting perms on file %s", + filename); + return FALSE; + } /* Built a C stream from the open file descriptor. */ @@ -2707,8 +2723,13 @@ else Uunlink(filename); return FALSE; } - (void)Uchown(dataname, uid, gid); - (void)Uchmod(dataname, mode); + if(Uchown(dataname, uid, gid) || Uchmod(dataname, mode)) + { + addr->basic_errno = errno; + addr->message = string_sprintf("while setting perms on file %s", + dataname); + return FALSE; + } } #endif /* SUPPORT_MAILSTORE */ @@ -2717,8 +2738,13 @@ else /* In all cases of writing to a new file, ensure that the file which is going to be renamed has the correct ownership and mode. */ - (void)Uchown(filename, uid, gid); - (void)Uchmod(filename, mode); + if(Uchown(filename, uid, gid) || Uchmod(filename, mode)) + { + addr->basic_errno = errno; + addr->message = string_sprintf("while setting perms on file %s", + filename); + return FALSE; + } } @@ -3095,7 +3121,8 @@ if (yield != OK) investigated so far have ftruncate(), whereas not all have the F_FREESP fcntl() call (BSDI & FreeBSD do not). */ - if (!isdirectory) (void)ftruncate(fd, saved_size); + if (!isdirectory && ftruncate(fd, saved_size)) + DEBUG(D_transport) debug_printf("Error restting file size\n"); } /* Handle successful writing - we want the modification time to be now for diff --git a/src/src/transports/autoreply.c b/src/src/transports/autoreply.c index cce1cd771..4e391b8db 100644 --- a/src/src/transports/autoreply.c +++ b/src/src/transports/autoreply.c @@ -529,8 +529,10 @@ if (oncelog != NULL && *oncelog != 0 && to != NULL) uschar *ptr = log_buffer; sprintf(CS ptr, "%s\n previously sent to %.200s\n", tod_stamp(tod_log), to); while(*ptr) ptr++; - (void)write(log_fd, log_buffer, ptr - log_buffer); - (void)close(log_fd); + if(write(log_fd, log_buffer, ptr - log_buffer) != ptr-log_buffer + || close(log_fd)) + DEBUG(D_transport) debug_printf("Problem writing log file %s for %s " + "transport\n", logfile, tblock->name); } goto END_OFF; } @@ -753,7 +755,9 @@ if (cache_fd >= 0) } memcpy(cache_time, &now, sizeof(time_t)); - (void)write(cache_fd, from, size); + if(write(cache_fd, from, size) != size) + DEBUG(D_transport) debug_printf("Problem writing cache file %s for %s " + "transport\n", oncelog, tblock->name); } /* Update DBM file */ @@ -849,8 +853,10 @@ if (logfile != NULL) " %s\n", headers); while(*ptr) ptr++; } - (void)write(log_fd, log_buffer, ptr - log_buffer); - (void)close(log_fd); + if(write(log_fd, log_buffer, ptr - log_buffer) != ptr-log_buffer + || close(log_fd)) + DEBUG(D_transport) debug_printf("Problem writing log file %s for %s " + "transport\n", logfile, tblock->name); } else DEBUG(D_transport) debug_printf("Failed to open log file %s for %s " "transport: %s\n", logfile, tblock->name, strerror(errno)); diff --git a/src/src/transports/pipe.c b/src/src/transports/pipe.c index 15714f3f4..54989410a 100644 --- a/src/src/transports/pipe.c +++ b/src/src/transports/pipe.c @@ -37,6 +37,8 @@ optionlist pipe_transport_options[] = { (void *)offsetof(pipe_transport_options_block, environment) }, { "escape_string", opt_stringptr, (void *)offsetof(pipe_transport_options_block, escape_string) }, + { "force_command", opt_bool, + (void *)offsetof(pipe_transport_options_block, force_command) }, { "freeze_exec_fail", opt_bool, (void *)offsetof(pipe_transport_options_block, freeze_exec_fail) }, { "freeze_signal", opt_bool, @@ -110,6 +112,7 @@ pipe_transport_options_block pipe_transport_option_defaults = { 20480, /* max_output */ 60*60, /* timeout */ 0, /* options */ + FALSE, /* force_command */ FALSE, /* freeze_exec_fail */ FALSE, /* freeze_signal */ FALSE, /* ignore_status */ @@ -186,7 +189,7 @@ if (ob->permit_coredump) if (errno != ENOSYS && errno != ENOTSUP) #endif log_write(0, LOG_MAIN, - "delivery setrlimit(RLIMIT_CORE, RLIMI_INFINITY) failed: %s", + "delivery setrlimit(RLIMIT_CORE, RLIM_INFINITY) failed: %s", strerror(errno)); } } @@ -569,10 +572,21 @@ options. */ if (testflag(addr, af_pfr) && addr->local_part[0] == '|') { - cmd = addr->local_part + 1; - while (isspace(*cmd)) cmd++; - expand_arguments = testflag(addr, af_expand_pipe); - expand_fail = FAIL; + if (ob->force_command) + { + /* Enables expansion of $address_pipe into seperate arguments */ + setflag(addr, af_force_command); + cmd = ob->cmd; + expand_arguments = TRUE; + expand_fail = PANIC; + } + else + { + cmd = addr->local_part + 1; + while (isspace(*cmd)) cmd++; + expand_arguments = testflag(addr, af_expand_pipe); + expand_fail = FAIL; + } } else { @@ -581,9 +595,12 @@ else expand_fail = PANIC; } -/* If no command has been supplied, we are in trouble. */ +/* If no command has been supplied, we are in trouble. + * We also check for an empty string since it may be + * coming from addr->local_part[0] == '|' + */ -if (cmd == NULL) +if (cmd == NULL || *cmd == '\0') { addr->transport_return = DEFER; addr->message = string_sprintf("no command specified for %s transport", @@ -749,14 +766,19 @@ if (outpid == 0) while ((rc = read(fd_out, big_buffer, big_buffer_size)) > 0) { if (addr->return_file >= 0) - write(addr->return_file, big_buffer, rc); + if(write(addr->return_file, big_buffer, rc) != rc) + DEBUG(D_transport) debug_printf("Problem writing to return_file\n"); count += rc; if (count > ob->max_output) { - uschar *message = US"\n\n*** Too much output - remainder discarded ***\n"; DEBUG(D_transport) debug_printf("Too much output from pipe - killed\n"); if (addr->return_file >= 0) - write(addr->return_file, message, Ustrlen(message)); + { + uschar *message = US"\n\n*** Too much output - remainder discarded ***\n"; + rc = Ustrlen(message); + if(write(addr->return_file, message, rc) != rc) + DEBUG(D_transport) debug_printf("Problem writing to return_file\n"); + } killpg(pid, SIGKILL); break; } diff --git a/src/src/transports/pipe.h b/src/src/transports/pipe.h index 343628e20..e10117458 100644 --- a/src/src/transports/pipe.h +++ b/src/src/transports/pipe.h @@ -21,6 +21,7 @@ typedef struct { int max_output; int timeout; int options; + BOOL force_command; BOOL freeze_exec_fail; BOOL freeze_signal; BOOL ignore_status; diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 814a63085..04bee7fab 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -59,6 +59,8 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, dns_qualify_single) }, { "dns_search_parents", opt_bool, (void *)offsetof(smtp_transport_options_block, dns_search_parents) }, + { "dscp", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, dscp) }, { "fallback_hosts", opt_stringptr, (void *)offsetof(smtp_transport_options_block, fallback_hosts) }, { "final_timeout", opt_time, @@ -103,11 +105,23 @@ optionlist smtp_transport_options[] = { { "hosts_require_auth", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_require_auth) }, #ifdef SUPPORT_TLS +# if defined EXPERIMENTAL_OCSP + { "hosts_require_ocsp", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, hosts_require_ocsp) }, +# endif { "hosts_require_tls", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_require_tls) }, #endif { "hosts_try_auth", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_try_auth) }, +#ifdef EXPERIMENTAL_PRDR + { "hosts_try_prdr", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, hosts_try_prdr) }, +#endif +#ifdef SUPPORT_TLS + { "hosts_verify_avoid_tls", opt_stringptr, + (void *)offsetof(smtp_transport_options_block, hosts_verify_avoid_tls) }, +#endif { "interface", opt_stringptr, (void *)offsetof(smtp_transport_options_block, interface) }, { "keepalive", opt_bool, @@ -133,6 +147,8 @@ optionlist smtp_transport_options[] = { (void *)offsetof(smtp_transport_options_block, tls_certificate) }, { "tls_crl", opt_stringptr, (void *)offsetof(smtp_transport_options_block, tls_crl) }, + { "tls_dh_min_bits", opt_int, + (void *)offsetof(smtp_transport_options_block, tls_dh_min_bits) }, { "tls_privatekey", opt_stringptr, (void *)offsetof(smtp_transport_options_block, tls_privatekey) }, { "tls_require_ciphers", opt_stringptr, @@ -164,11 +180,19 @@ smtp_transport_options_block smtp_transport_option_defaults = { NULL, /* interface */ NULL, /* port */ US"smtp", /* protocol */ + NULL, /* DSCP */ NULL, /* serialize_hosts */ NULL, /* hosts_try_auth */ NULL, /* hosts_require_auth */ +#ifdef EXPERIMENTAL_PRDR + NULL, /* hosts_try_prdr */ +#endif +#ifdef EXPERIMENTAL_OCSP + NULL, /* hosts_require_ocsp */ +#endif NULL, /* hosts_require_tls */ NULL, /* hosts_avoid_tls */ + US"*", /* hosts_verify_avoid_tls */ NULL, /* hosts_avoid_pipelining */ NULL, /* hosts_avoid_esmtp */ NULL, /* hosts_nopass_tls */ @@ -199,9 +223,11 @@ smtp_transport_options_block smtp_transport_option_defaults = { NULL, /* gnutls_require_kx */ NULL, /* gnutls_require_mac */ NULL, /* gnutls_require_proto */ + NULL, /* tls_sni */ NULL, /* tls_verify_certificates */ - TRUE, /* tls_tempfail_tryclear */ - NULL /* tls_sni */ + EXIM_CLIENT_DH_DEFAULT_MIN_BITS, + /* tls_dh_min_bits */ + TRUE /* tls_tempfail_tryclear */ #endif #ifndef DISABLE_DKIM ,NULL, /* dkim_canon */ @@ -841,6 +867,229 @@ return yield; +/* Do the client side of smtp-level authentication */ +/* +Arguments: + buffer EHLO response from server (gets overwritten) + addrlist chain of potential addresses to deliver + host host to deliver to + ob transport options + ibp, obp comms channel control blocks + +Returns: + OK Success, or failed (but not required): global "smtp_authenticated" set + DEFER Failed authentication (and was required) + ERROR Internal problem + + FAIL_SEND Failed communications - transmit + FAIL - response +*/ + +int +smtp_auth(uschar *buffer, unsigned bufsize, address_item *addrlist, host_item *host, + smtp_transport_options_block *ob, BOOL is_esmtp, + smtp_inblock *ibp, smtp_outblock *obp) +{ + int require_auth; + uschar *fail_reason = US"server did not advertise AUTH support"; + + smtp_authenticated = FALSE; + client_authenticator = client_authenticated_id = client_authenticated_sender = NULL; + require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL, + host->name, host->address, NULL); + + if (is_esmtp && !regex_AUTH) regex_AUTH = + regex_must_compile(US"\\n250[\\s\\-]AUTH\\s+([\\-\\w\\s]+)(?:\\n|$)", + FALSE, TRUE); + + if (is_esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1)) + { + uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]); + expand_nmax = -1; /* reset */ + + /* Must not do this check until after we have saved the result of the + regex match above. */ + + if (require_auth == OK || + verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name, + host->address, NULL) == OK) + { + auth_instance *au; + fail_reason = US"no common mechanisms were found"; + + DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n"); + + /* Scan the configured authenticators looking for one which is configured + for use as a client, which is not suppressed by client_condition, and + whose name matches an authentication mechanism supported by the server. + If one is found, attempt to authenticate by calling its client function. + */ + + for (au = auths; !smtp_authenticated && au != NULL; au = au->next) + { + uschar *p = names; + if (!au->client || + (au->client_condition != NULL && + !expand_check_condition(au->client_condition, au->name, + US"client authenticator"))) + { + DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n", + au->name, + (au->client)? "client_condition is false" : + "not configured as a client"); + continue; + } + + /* Loop to scan supported server mechanisms */ + + while (*p != 0) + { + int rc; + int len = Ustrlen(au->public_name); + while (isspace(*p)) p++; + + if (strncmpic(au->public_name, p, len) != 0 || + (p[len] != 0 && !isspace(p[len]))) + { + while (*p != 0 && !isspace(*p)) p++; + continue; + } + + /* Found data for a listed mechanism. Call its client entry. Set + a flag in the outblock so that data is overwritten after sending so + that reflections don't show it. */ + + fail_reason = US"authentication attempt(s) failed"; + obp->authenticating = TRUE; + rc = (au->info->clientcode)(au, ibp, obp, + ob->command_timeout, buffer, bufsize); + obp->authenticating = FALSE; + DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n", + au->name, rc); + + /* A temporary authentication failure must hold up delivery to + this host. After a permanent authentication failure, we carry on + to try other authentication methods. If all fail hard, try to + deliver the message unauthenticated unless require_auth was set. */ + + switch(rc) + { + case OK: + smtp_authenticated = TRUE; /* stops the outer loop */ + client_authenticator = au->name; + if (au->set_client_id != NULL) + client_authenticated_id = expand_string(au->set_client_id); + break; + + /* Failure after writing a command */ + + case FAIL_SEND: + return FAIL_SEND; + + /* Failure after reading a response */ + + case FAIL: + if (errno != 0 || buffer[0] != '5') return FAIL; + log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s", + au->name, host->name, host->address, buffer); + break; + + /* Failure by some other means. In effect, the authenticator + decided it wasn't prepared to handle this case. Typically this + is the result of "fail" in an expansion string. Do we need to + log anything here? Feb 2006: a message is now put in the buffer + if logging is required. */ + + case CANCELLED: + if (*buffer != 0) + log_write(0, LOG_MAIN, "%s authenticator cancelled " + "authentication H=%s [%s] %s", au->name, host->name, + host->address, buffer); + break; + + /* Internal problem, message in buffer. */ + + case ERROR: + set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE); + return ERROR; + } + + break; /* If not authenticated, try next authenticator */ + } /* Loop for scanning supported server mechanisms */ + } /* Loop for further authenticators */ + } + } + + /* If we haven't authenticated, but are required to, give up. */ + + if (require_auth == OK && !smtp_authenticated) + { + set_errno(addrlist, ERRNO_AUTHFAIL, + string_sprintf("authentication required but %s", fail_reason), DEFER, + FALSE); + return DEFER; + } + + return OK; +} + + +/* Construct AUTH appendix string for MAIL TO */ +/* +Arguments + buffer to build string + addrlist chain of potential addresses to deliver + ob transport options + +Globals smtp_authenticated + client_authenticated_sender +Return True on error, otherwise buffer has (possibly empty) terminated string +*/ + +BOOL +smtp_mail_auth_str(uschar *buffer, unsigned bufsize, address_item *addrlist, + smtp_transport_options_block *ob) +{ +uschar *local_authenticated_sender = authenticated_sender; + +#ifdef notdef + debug_printf("smtp_mail_auth_str: as<%s> os<%s> SA<%s>\n", authenticated_sender, ob->authenticated_sender, smtp_authenticated?"Y":"N"); +#endif + +if (ob->authenticated_sender != NULL) + { + uschar *new = expand_string(ob->authenticated_sender); + if (new == NULL) + { + if (!expand_string_forcedfail) + { + uschar *message = string_sprintf("failed to expand " + "authenticated_sender: %s", expand_string_message); + set_errno(addrlist, 0, message, DEFER, FALSE); + return TRUE; + } + } + else if (new[0] != 0) local_authenticated_sender = new; + } + +/* Add the authenticated sender address if present */ + +if ((smtp_authenticated || ob->authenticated_sender_force) && + local_authenticated_sender != NULL) + { + string_format(buffer, bufsize, " AUTH=%s", + auth_xtextencode(local_authenticated_sender, + Ustrlen(local_authenticated_sender))); + client_authenticated_sender = string_copy(local_authenticated_sender); + } +else + *buffer= 0; + +return FALSE; +} + + + /************************************************* * Deliver address list to given host * *************************************************/ @@ -912,11 +1161,14 @@ BOOL completed_address = FALSE; BOOL esmtp = TRUE; BOOL pending_MAIL; BOOL pass_message = FALSE; +#ifdef EXPERIMENTAL_PRDR +BOOL prdr_offered = FALSE; +BOOL prdr_active; +#endif smtp_inblock inblock; smtp_outblock outblock; int max_rcpt = tblock->max_addresses; uschar *igquotstr = US""; -uschar *local_authenticated_sender = authenticated_sender; uschar *helo_data = NULL; uschar *message = NULL; uschar new_message_id[MESSAGE_ID_LENGTH + 1]; @@ -948,35 +1200,19 @@ outblock.authenticating = FALSE; /* Reset the parameters of a TLS session. */ -tls_bits = 0; -tls_cipher = NULL; -tls_peerdn = NULL; +tls_in.bits = 0; +tls_in.cipher = NULL; /* for back-compatible behaviour */ +tls_in.peerdn = NULL; #if defined(SUPPORT_TLS) && !defined(USE_GNUTLS) -tls_sni = NULL; +tls_in.sni = NULL; #endif -/* If an authenticated_sender override has been specified for this transport -instance, expand it. If the expansion is forced to fail, and there was already -an authenticated_sender for this message, the original value will be used. -Other expansion failures are serious. An empty result is ignored, but there is -otherwise no check - this feature is expected to be used with LMTP and other -cases where non-standard addresses (e.g. without domains) might be required. */ - -if (ob->authenticated_sender != NULL) - { - uschar *new = expand_string(ob->authenticated_sender); - if (new == NULL) - { - if (!expand_string_forcedfail) - { - uschar *message = string_sprintf("failed to expand " - "authenticated_sender: %s", expand_string_message); - set_errno(addrlist, 0, message, DEFER, FALSE); - return ERROR; - } - } - else if (new[0] != 0) local_authenticated_sender = new; - } +tls_out.bits = 0; +tls_out.cipher = NULL; /* the one we may use for this transport */ +tls_out.peerdn = NULL; +#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS) +tls_out.sni = NULL; +#endif #ifndef SUPPORT_TLS if (smtps) @@ -994,7 +1230,7 @@ if (continue_hostname == NULL) { inblock.sock = outblock.sock = smtp_connect(host, host_af, port, interface, ob->connect_timeout, - ob->keepalive); /* This puts port into host->port */ + ob->keepalive, ob->dscp); /* This puts port into host->port */ if (inblock.sock < 0) { @@ -1123,6 +1359,17 @@ goto SEND_QUIT; pcre_exec(regex_STARTTLS, NULL, CS buffer, Ustrlen(buffer), 0, PCRE_EOPT, NULL, 0) >= 0; #endif + + #ifdef EXPERIMENTAL_PRDR + prdr_offered = esmtp && + (pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(buffer), 0, + PCRE_EOPT, NULL, 0) >= 0) && + (verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name, + host->address, NULL) == OK); + + if (prdr_offered) + {DEBUG(D_transport) debug_printf("PRDR usable\n");} + #endif } /* For continuing deliveries down the same channel, the socket is the standard @@ -1182,13 +1429,16 @@ if (tls_offered && !suppress_tls && int rc = tls_client_start(inblock.sock, host, addrlist, - NULL, /* No DH param */ ob->tls_certificate, ob->tls_privatekey, ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl, ob->tls_require_ciphers, +#ifdef EXPERIMENTAL_OCSP + ob->hosts_require_ocsp, +#endif + ob->tls_dh_min_bits, ob->command_timeout); /* TLS negotiation failed; give an error. From outside, this function may @@ -1209,8 +1459,8 @@ if (tls_offered && !suppress_tls && { if (addr->transport_return == PENDING_DEFER) { - addr->cipher = tls_cipher; - addr->peerdn = tls_peerdn; + addr->cipher = tls_out.cipher; + addr->peerdn = tls_out.peerdn; } } } @@ -1226,7 +1476,7 @@ another process, and so we won't have expanded helo_data above. We have to expand it here. $sending_ip_address and $sending_port are set up right at the start of the Exim process (in exim.c). */ -if (tls_active >= 0) +if (tls_out.active >= 0) { char *greeting_cmd; if (helo_data == NULL) @@ -1288,13 +1538,10 @@ we skip this. */ if (continue_hostname == NULL #ifdef SUPPORT_TLS - || tls_active >= 0 + || tls_out.active >= 0 #endif ) { - int require_auth; - uschar *fail_reason = US"server did not advertise AUTH support"; - /* Set for IGNOREQUOTA if the response to LHLO specifies support and the lmtp_ignore_quota option was set. */ @@ -1322,140 +1569,29 @@ if (continue_hostname == NULL DEBUG(D_transport) debug_printf("%susing PIPELINING\n", smtp_use_pipelining? "" : "not "); +#ifdef EXPERIMENTAL_PRDR + prdr_offered = esmtp && + pcre_exec(regex_PRDR, NULL, CS buffer, Ustrlen(CS buffer), 0, + PCRE_EOPT, NULL, 0) >= 0 && + verify_check_this_host(&(ob->hosts_try_prdr), NULL, host->name, + host->address, NULL) == OK; + + if (prdr_offered) + {DEBUG(D_transport) debug_printf("PRDR usable\n");} +#endif + /* Note if the response to EHLO specifies support for the AUTH extension. If it has, check that this host is one we want to authenticate to, and do the business. The host name and address must be available when the authenticator's client driver is running. */ - smtp_authenticated = FALSE; - require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL, - host->name, host->address, NULL); - - if (esmtp && regex_match_and_setup(regex_AUTH, buffer, 0, -1)) + switch (yield = smtp_auth(buffer, sizeof(buffer), addrlist, host, + ob, esmtp, &inblock, &outblock)) { - uschar *names = string_copyn(expand_nstring[1], expand_nlength[1]); - expand_nmax = -1; /* reset */ - - /* Must not do this check until after we have saved the result of the - regex match above. */ - - if (require_auth == OK || - verify_check_this_host(&(ob->hosts_try_auth), NULL, host->name, - host->address, NULL) == OK) - { - auth_instance *au; - fail_reason = US"no common mechanisms were found"; - - DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n"); - - /* Scan the configured authenticators looking for one which is configured - for use as a client, which is not suppressed by client_condition, and - whose name matches an authentication mechanism supported by the server. - If one is found, attempt to authenticate by calling its client function. - */ - - for (au = auths; !smtp_authenticated && au != NULL; au = au->next) - { - uschar *p = names; - if (!au->client || - (au->client_condition != NULL && - !expand_check_condition(au->client_condition, au->name, - US"client authenticator"))) - { - DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n", - au->name, - (au->client)? "client_condition is false" : - "not configured as a client"); - continue; - } - - /* Loop to scan supported server mechanisms */ - - while (*p != 0) - { - int rc; - int len = Ustrlen(au->public_name); - while (isspace(*p)) p++; - - if (strncmpic(au->public_name, p, len) != 0 || - (p[len] != 0 && !isspace(p[len]))) - { - while (*p != 0 && !isspace(*p)) p++; - continue; - } - - /* Found data for a listed mechanism. Call its client entry. Set - a flag in the outblock so that data is overwritten after sending so - that reflections don't show it. */ - - fail_reason = US"authentication attempt(s) failed"; - outblock.authenticating = TRUE; - rc = (au->info->clientcode)(au, &inblock, &outblock, - ob->command_timeout, buffer, sizeof(buffer)); - outblock.authenticating = FALSE; - DEBUG(D_transport) debug_printf("%s authenticator yielded %d\n", - au->name, rc); - - /* A temporary authentication failure must hold up delivery to - this host. After a permanent authentication failure, we carry on - to try other authentication methods. If all fail hard, try to - deliver the message unauthenticated unless require_auth was set. */ - - switch(rc) - { - case OK: - smtp_authenticated = TRUE; /* stops the outer loop */ - break; - - /* Failure after writing a command */ - - case FAIL_SEND: - goto SEND_FAILED; - - /* Failure after reading a response */ - - case FAIL: - if (errno != 0 || buffer[0] != '5') goto RESPONSE_FAILED; - log_write(0, LOG_MAIN, "%s authenticator failed H=%s [%s] %s", - au->name, host->name, host->address, buffer); - break; - - /* Failure by some other means. In effect, the authenticator - decided it wasn't prepared to handle this case. Typically this - is the result of "fail" in an expansion string. Do we need to - log anything here? Feb 2006: a message is now put in the buffer - if logging is required. */ - - case CANCELLED: - if (*buffer != 0) - log_write(0, LOG_MAIN, "%s authenticator cancelled " - "authentication H=%s [%s] %s", au->name, host->name, - host->address, buffer); - break; - - /* Internal problem, message in buffer. */ - - case ERROR: - yield = ERROR; - set_errno(addrlist, 0, string_copy(buffer), DEFER, FALSE); - goto SEND_QUIT; - } - - break; /* If not authenticated, try next authenticator */ - } /* Loop for scanning supported server mechanisms */ - } /* Loop for further authenticators */ - } - } - - /* If we haven't authenticated, but are required to, give up. */ - - if (require_auth == OK && !smtp_authenticated) - { - yield = DEFER; - set_errno(addrlist, ERRNO_AUTHFAIL, - string_sprintf("authentication required but %s", fail_reason), DEFER, - FALSE); - goto SEND_QUIT; + default: goto SEND_QUIT; + case OK: break; + case FAIL_SEND: goto SEND_FAILED; + case FAIL: goto RESPONSE_FAILED; } } @@ -1521,15 +1657,35 @@ if (smtp_use_size) while (*p) p++; } -/* Add the authenticated sender address if present */ - -if ((smtp_authenticated || ob->authenticated_sender_force) && - local_authenticated_sender != NULL) +#ifdef EXPERIMENTAL_PRDR +prdr_active = FALSE; +if (prdr_offered) { - string_format(p, sizeof(buffer) - (p-buffer), " AUTH=%s", - auth_xtextencode(local_authenticated_sender, - Ustrlen(local_authenticated_sender))); + for (addr = first_addr; addr; addr = addr->next) + if (addr->transport_return == PENDING_DEFER) + { + for (addr = addr->next; addr; addr = addr->next) + if (addr->transport_return == PENDING_DEFER) + { /* at least two recipients to send */ + prdr_active = TRUE; + sprintf(CS p, " PRDR"); p += 5; + goto prdr_is_active; + } + break; + } } +prdr_is_active: +#endif + +/* If an authenticated_sender override has been specified for this transport +instance, expand it. If the expansion is forced to fail, and there was already +an authenticated_sender for this message, the original value will be used. +Other expansion failures are serious. An empty result is ignored, but there is +otherwise no check - this feature is expected to be used with LMTP and other +cases where non-standard addresses (e.g. without domains) might be required. */ + +if (smtp_mail_auth_str(p, sizeof(buffer) - (p-buffer), addrlist, ob)) + return ERROR; /* From here until we send the DATA command, we can make use of PIPELINING if the server host supports it. The code has to be able to check the responses @@ -1737,8 +1893,31 @@ if (!ok) ok = TRUE; else smtp_command = US"end of data"; - /* For SMTP, we now read a single response that applies to the whole message. - If it is OK, then all the addresses have been delivered. */ +#ifdef EXPERIMENTAL_PRDR + /* For PRDR we optionally get a partial-responses warning + * followed by the individual responses, before going on with + * the overall response. If we don't get the warning then deal + * with per non-PRDR. */ + if(prdr_active) + { + ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '3', + ob->final_timeout); + if (!ok && errno == 0) + switch(buffer[0]) + { + case '2': prdr_active = FALSE; + ok = TRUE; + break; + case '4': errno = ERRNO_DATA4XX; + addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + break; + } + } + else +#endif + + /* For non-PRDR SMTP, we now read a single response that applies to the + whole message. If it is OK, then all the addresses have been delivered. */ if (!lmtp) { @@ -1797,7 +1976,7 @@ if (!ok) ok = TRUE; else conf = (s == buffer)? (uschar *)string_copy(s) : s; } - /* Process all transported addresses - for LMTP, read a status for + /* Process all transported addresses - for LMTP or PRDR, read a status for each one. */ for (addr = addrlist; addr != first_addr; addr = addr->next) @@ -1809,13 +1988,22 @@ if (!ok) ok = TRUE; else address. For temporary errors, add a retry item for the address so that it doesn't get tried again too soon. */ +#ifdef EXPERIMENTAL_PRDR + if (lmtp || prdr_active) +#else if (lmtp) +#endif { if (!smtp_read_response(&inblock, buffer, sizeof(buffer), '2', ob->final_timeout)) { if (errno != 0 || buffer[0] == 0) goto RESPONSE_FAILED; - addr->message = string_sprintf("LMTP error after %s: %s", + addr->message = string_sprintf( +#ifdef EXPERIMENTAL_PRDR + "%s error after %s: %s", prdr_active ? "PRDR":"LMTP", +#else + "LMTP error after %s: %s", +#endif big_buffer, string_printing(buffer)); setflag(addr, af_pass_message); /* Allow message to go to user */ if (buffer[0] == '5') @@ -1825,7 +2013,10 @@ if (!ok) ok = TRUE; else errno = ERRNO_DATA4XX; addr->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; addr->transport_return = DEFER; - retry_add_item(addr, addr->address_retry_key, 0); +#ifdef EXPERIMENTAL_PRDR + if (!prdr_active) +#endif + retry_add_item(addr, addr->address_retry_key, 0); } continue; } @@ -1845,25 +2036,73 @@ if (!ok) ok = TRUE; else addr->host_used = thost; addr->special_action = flag; addr->message = conf; +#ifdef EXPERIMENTAL_PRDR + if (prdr_active) addr->flags |= af_prdr_used; +#endif flag = '-'; - /* Update the journal. For homonymic addresses, use the base address plus - the transport name. See lots of comments in deliver.c about the reasons - for the complications when homonyms are involved. Just carry on after - write error, as it may prove possible to update the spool file later. */ - - if (testflag(addr, af_homonym)) - sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name); - else - sprintf(CS buffer, "%.500s\n", addr->unique); - - DEBUG(D_deliver) debug_printf("journalling %s", buffer); - len = Ustrlen(CS buffer); - if (write(journal_fd, buffer, len) != len) - log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for " - "%s: %s", buffer, strerror(errno)); +#ifdef EXPERIMENTAL_PRDR + if (!prdr_active) +#endif + { + /* Update the journal. For homonymic addresses, use the base address plus + the transport name. See lots of comments in deliver.c about the reasons + for the complications when homonyms are involved. Just carry on after + write error, as it may prove possible to update the spool file later. */ + + if (testflag(addr, af_homonym)) + sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name); + else + sprintf(CS buffer, "%.500s\n", addr->unique); + + DEBUG(D_deliver) debug_printf("journalling %s", buffer); + len = Ustrlen(CS buffer); + if (write(journal_fd, buffer, len) != len) + log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for " + "%s: %s", buffer, strerror(errno)); + } } +#ifdef EXPERIMENTAL_PRDR + if (prdr_active) + { + /* PRDR - get the final, overall response. For any non-success + upgrade all the address statuses. */ + ok = smtp_read_response(&inblock, buffer, sizeof(buffer), '2', + ob->final_timeout); + if (!ok) + { + if(errno == 0 && buffer[0] == '4') + { + errno = ERRNO_DATA4XX; + addrlist->more_errno |= ((buffer[1] - '0')*10 + buffer[2] - '0') << 8; + } + for (addr = addrlist; addr != first_addr; addr = addr->next) + if (buffer[0] == '5' || addr->transport_return == OK) + addr->transport_return = PENDING_OK; /* allow set_errno action */ + goto RESPONSE_FAILED; + } + + /* Update the journal, or setup retry. */ + for (addr = addrlist; addr != first_addr; addr = addr->next) + if (addr->transport_return == OK) + { + if (testflag(addr, af_homonym)) + sprintf(CS buffer, "%.500s/%s\n", addr->unique + 3, tblock->name); + else + sprintf(CS buffer, "%.500s\n", addr->unique); + + DEBUG(D_deliver) debug_printf("journalling(PRDR) %s", buffer); + len = Ustrlen(CS buffer); + if (write(journal_fd, buffer, len) != len) + log_write(0, LOG_MAIN|LOG_PANIC, "failed to write journal for " + "%s: %s", buffer, strerror(errno)); + } + else if (addr->transport_return == DEFER) + retry_add_item(addr, addr->address_retry_key, -2); + } +#endif + /* Ensure the journal file is pushed out to disk. */ if (EXIMfsync(journal_fd) < 0) @@ -2053,7 +2292,7 @@ if (completed_address && ok && send_quit) BOOL more; if (first_addr != NULL || continue_more || ( - (tls_active < 0 || + (tls_out.active < 0 || verify_check_this_host(&(ob->hosts_nopass_tls), NULL, host->name, host->address, NULL) != OK) && @@ -2102,9 +2341,9 @@ if (completed_address && ok && send_quit) don't get a good response, we don't attempt to pass the socket on. */ #ifdef SUPPORT_TLS - if (tls_active >= 0) + if (tls_out.active >= 0) { - tls_close(TRUE); + tls_close(FALSE, TRUE); if (smtps) ok = FALSE; else @@ -2154,7 +2393,7 @@ if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n"); END_OFF: #ifdef SUPPORT_TLS -tls_close(TRUE); +tls_close(FALSE, TRUE); #endif /* Close the socket, and return the appropriate value, first setting @@ -3161,9 +3400,12 @@ for (addr = addrlist; addr != NULL; addr = addr->next) /* Update the database which keeps information about which messages are waiting for which hosts to become available. For some message-specific errors, the update_waiting flag is turned off because we don't want follow-on deliveries in -those cases. */ +those cases. If this transport instance is explicitly limited to one message +per connection then follow-on deliveries are not possible and there's no need +to create/update the per-transport wait- database. */ -if (update_waiting) transport_update_waiting(hostlist, tblock->name); +if (update_waiting && tblock->connection_max_messages != 1) + transport_update_waiting(hostlist, tblock->name); END_TRANSPORT: diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h index 1f23d39c8..176858525 100644 --- a/src/src/transports/smtp.h +++ b/src/src/transports/smtp.h @@ -17,11 +17,19 @@ typedef struct { uschar *interface; uschar *port; uschar *protocol; + uschar *dscp; uschar *serialize_hosts; uschar *hosts_try_auth; uschar *hosts_require_auth; +#ifdef EXPERIMENTAL_PRDR + uschar *hosts_try_prdr; +#endif +#ifdef EXPERIMENTAL_OCSP + uschar *hosts_require_ocsp; +#endif uschar *hosts_require_tls; uschar *hosts_avoid_tls; + uschar *hosts_verify_avoid_tls; uschar *hosts_avoid_pipelining; uschar *hosts_avoid_esmtp; uschar *hosts_nopass_tls; @@ -52,9 +60,10 @@ typedef struct { uschar *gnutls_require_kx; uschar *gnutls_require_mac; uschar *gnutls_require_proto; + uschar *tls_sni; uschar *tls_verify_certificates; + int tls_dh_min_bits; BOOL tls_tempfail_tryclear; - uschar *tls_sni; #endif #ifndef DISABLE_DKIM uschar *dkim_domain; @@ -84,4 +93,12 @@ extern BOOL smtp_transport_entry(transport_instance *, address_item *); extern void smtp_transport_init(transport_instance *); extern void smtp_transport_closedown(transport_instance *); + + +extern int smtp_auth(uschar *, unsigned, address_item *, host_item *, + smtp_transport_options_block *, BOOL, + smtp_inblock *, smtp_outblock *); +extern BOOL smtp_mail_auth_str(uschar *, unsigned, + address_item *, smtp_transport_options_block *); + /* End of transports/smtp.h */ diff --git a/src/src/transports/tf_maildir.c b/src/src/transports/tf_maildir.c index 7a240b6c0..cfe7cb291 100644 --- a/src/src/transports/tf_maildir.c +++ b/src/src/transports/tf_maildir.c @@ -212,7 +212,7 @@ uschar buffer[256]; sprintf(CS buffer, "%d 1\n", size); len = Ustrlen(buffer); (void)lseek(fd, 0, SEEK_END); -(void)write(fd, buffer, len); +len = write(fd, buffer, len); DEBUG(D_transport) debug_printf("added '%.*s' to maildirsize file\n", len-1, buffer); } diff --git a/src/src/verify.c b/src/src/verify.c index 475f52d92..a09782bcd 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -10,6 +10,13 @@ caching was contributed by Kevin Fleming (but I hacked it around a bit). */ #include "exim.h" +#include "transports/smtp.h" + +#define CUTTHROUGH_CMD_TIMEOUT 30 /* timeout for cutthrough-routing calls */ +#define CUTTHROUGH_DATA_TIMEOUT 60 /* timeout for cutthrough-routing calls */ +address_item cutthrough_addr; +static smtp_outblock ctblock; +uschar ctbuffer[8192]; /* Structure for caching DNSBL lookups */ @@ -362,379 +369,626 @@ if (dbm_file != NULL) dbm_file = NULL; } -/* The information wasn't available in the cache, so we have to do a real -callout and save the result in the cache for next time, unless no_cache is set, -or unless we have a previously cached negative random result. If we are to test -with a random local part, ensure that such a local part is available. If not, -log the fact, but carry on without randomming. */ - -if (callout_random && callout_random_local_part != NULL) +if (!addr->transport) { - random_local_part = expand_string(callout_random_local_part); - if (random_local_part == NULL) - log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " - "callout_random_local_part: %s", expand_string_message); + HDEBUG(D_verify) debug_printf("cannot callout via null transport\n"); } +else + { + smtp_transport_options_block *ob = + (smtp_transport_options_block *)(addr->transport->options_block); -/* Default the connect and overall callout timeouts if not set, and record the -time we are starting so that we can enforce it. */ + /* The information wasn't available in the cache, so we have to do a real + callout and save the result in the cache for next time, unless no_cache is set, + or unless we have a previously cached negative random result. If we are to test + with a random local part, ensure that such a local part is available. If not, + log the fact, but carry on without randomming. */ -if (callout_overall < 0) callout_overall = 4 * callout; -if (callout_connect < 0) callout_connect = callout; -callout_start_time = time(NULL); + if (callout_random && callout_random_local_part != NULL) + { + random_local_part = expand_string(callout_random_local_part); + if (random_local_part == NULL) + log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " + "callout_random_local_part: %s", expand_string_message); + } -/* Before doing a real callout, if this is an SMTP connection, flush the SMTP -output because a callout might take some time. When PIPELINING is active and -there are many recipients, the total time for doing lots of callouts can add up -and cause the client to time out. So in this case we forgo the PIPELINING -optimization. */ + /* Default the connect and overall callout timeouts if not set, and record the + time we are starting so that we can enforce it. */ -if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush(); + if (callout_overall < 0) callout_overall = 4 * callout; + if (callout_connect < 0) callout_connect = callout; + callout_start_time = time(NULL); -/* Now make connections to the hosts and do real callouts. The list of hosts -is passed in as an argument. */ + /* Before doing a real callout, if this is an SMTP connection, flush the SMTP + output because a callout might take some time. When PIPELINING is active and + there are many recipients, the total time for doing lots of callouts can add up + and cause the client to time out. So in this case we forgo the PIPELINING + optimization. */ -for (host = host_list; host != NULL && !done; host = host->next) - { - smtp_inblock inblock; - smtp_outblock outblock; - int host_af; - int port = 25; - BOOL send_quit = TRUE; - uschar *active_hostname = smtp_active_hostname; - uschar *helo = US"HELO"; - uschar *interface = NULL; /* Outgoing interface to use; NULL => any */ - uschar inbuffer[4096]; - uschar outbuffer[1024]; - uschar responsebuffer[4096]; - - clearflag(addr, af_verify_pmfail); /* postmaster callout flag */ - clearflag(addr, af_verify_nsfail); /* null sender callout flag */ - - /* Skip this host if we don't have an IP address for it. */ - - if (host->address == NULL) - { - DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n", - host->name); - continue; - } + if (smtp_out != NULL && !disable_callout_flush) mac_smtp_fflush(); - /* Check the overall callout timeout */ + /* Now make connections to the hosts and do real callouts. The list of hosts + is passed in as an argument. */ - if (time(NULL) - callout_start_time >= callout_overall) + for (host = host_list; host != NULL && !done; host = host->next) { - HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n"); - break; - } + smtp_inblock inblock; + smtp_outblock outblock; + int host_af; + int port = 25; + BOOL send_quit = TRUE; + uschar *active_hostname = smtp_active_hostname; + BOOL lmtp; + BOOL smtps; + BOOL esmtp; + BOOL suppress_tls = FALSE; + uschar *interface = NULL; /* Outgoing interface to use; NULL => any */ + uschar inbuffer[4096]; + uschar outbuffer[1024]; + uschar responsebuffer[4096]; + + clearflag(addr, af_verify_pmfail); /* postmaster callout flag */ + clearflag(addr, af_verify_nsfail); /* null sender callout flag */ + + /* Skip this host if we don't have an IP address for it. */ + + if (host->address == NULL) + { + DEBUG(D_verify) debug_printf("no IP address for host name %s: skipping\n", + host->name); + continue; + } - /* Set IPv4 or IPv6 */ + /* Check the overall callout timeout */ - host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6; + if (time(NULL) - callout_start_time >= callout_overall) + { + HDEBUG(D_verify) debug_printf("overall timeout for callout exceeded\n"); + break; + } - /* Expand and interpret the interface and port strings. The latter will not - be used if there is a host-specific port (e.g. from a manualroute router). - This has to be delayed till now, because they may expand differently for - different hosts. If there's a failure, log it, but carry on with the - defaults. */ + /* Set IPv4 or IPv6 */ - deliver_host = host->name; - deliver_host_address = host->address; - deliver_domain = addr->domain; + host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6; - if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface, - US"callout") || - !smtp_get_port(tf->port, addr, &port, US"callout")) - log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address, - addr->message); + /* Expand and interpret the interface and port strings. The latter will not + be used if there is a host-specific port (e.g. from a manualroute router). + This has to be delayed till now, because they may expand differently for + different hosts. If there's a failure, log it, but carry on with the + defaults. */ - /* Set HELO string according to the protocol */ + deliver_host = host->name; + deliver_host_address = host->address; + deliver_domain = addr->domain; - if (Ustrcmp(tf->protocol, "lmtp") == 0) helo = US"LHLO"; + if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface, + US"callout") || + !smtp_get_port(tf->port, addr, &port, US"callout")) + log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address, + addr->message); - HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port); + /* Set HELO string according to the protocol */ + lmtp= Ustrcmp(tf->protocol, "lmtp") == 0; + smtps= Ustrcmp(tf->protocol, "smtps") == 0; - /* Set up the buffer for reading SMTP response packets. */ - inblock.buffer = inbuffer; - inblock.buffersize = sizeof(inbuffer); - inblock.ptr = inbuffer; - inblock.ptrend = inbuffer; + HDEBUG(D_verify) debug_printf("interface=%s port=%d\n", interface, port); - /* Set up the buffer for holding SMTP commands while pipelining */ + /* Set up the buffer for reading SMTP response packets. */ - outblock.buffer = outbuffer; - outblock.buffersize = sizeof(outbuffer); - outblock.ptr = outbuffer; - outblock.cmd_count = 0; - outblock.authenticating = FALSE; + inblock.buffer = inbuffer; + inblock.buffersize = sizeof(inbuffer); + inblock.ptr = inbuffer; + inblock.ptrend = inbuffer; - /* Connect to the host; on failure, just loop for the next one, but we - set the error for the last one. Use the callout_connect timeout. */ + /* Set up the buffer for holding SMTP commands while pipelining */ - inblock.sock = outblock.sock = - smtp_connect(host, host_af, port, interface, callout_connect, TRUE); - if (inblock.sock < 0) - { - addr->message = string_sprintf("could not connect to %s [%s]: %s", - host->name, host->address, strerror(errno)); - deliver_host = deliver_host_address = NULL; - deliver_domain = save_deliver_domain; - continue; - } + outblock.buffer = outbuffer; + outblock.buffersize = sizeof(outbuffer); + outblock.ptr = outbuffer; + outblock.cmd_count = 0; + outblock.authenticating = FALSE; - /* Expand the helo_data string to find the host name to use. */ + /* Reset the parameters of a TLS session */ + tls_out.cipher = tls_out.peerdn = NULL; - if (tf->helo_data != NULL) - { - uschar *s = expand_string(tf->helo_data); - if (s == NULL) - log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's " - "helo_data value for callout: %s", addr->address, - expand_string_message); - else active_hostname = s; - } + /* Connect to the host; on failure, just loop for the next one, but we + set the error for the last one. Use the callout_connect timeout. */ - deliver_host = deliver_host_address = NULL; - deliver_domain = save_deliver_domain; + tls_retry_connection: - /* Wait for initial response, and send HELO. The smtp_write_command() - function leaves its command in big_buffer. This is used in error responses. - Initialize it in case the connection is rejected. */ + inblock.sock = outblock.sock = + smtp_connect(host, host_af, port, interface, callout_connect, TRUE, NULL); + /* reconsider DSCP here */ + if (inblock.sock < 0) + { + addr->message = string_sprintf("could not connect to %s [%s]: %s", + host->name, host->address, strerror(errno)); + deliver_host = deliver_host_address = NULL; + deliver_domain = save_deliver_domain; + continue; + } - Ustrcpy(big_buffer, "initial connection"); + /* Expand the helo_data string to find the host name to use. */ - done = - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout) && - smtp_write_command(&outblock, FALSE, "%s %s\r\n", helo, - active_hostname) >= 0 && - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout); + if (tf->helo_data != NULL) + { + uschar *s = expand_string(tf->helo_data); + if (s == NULL) + log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: failed to expand transport's " + "helo_data value for callout: %s", addr->address, + expand_string_message); + else active_hostname = s; + } - /* Failure to accept HELO is cached; this blocks the whole domain for all - senders. I/O errors and defer responses are not cached. */ + deliver_host = deliver_host_address = NULL; + deliver_domain = save_deliver_domain; - if (!done) - { - *failure_ptr = US"mail"; /* At or before MAIL */ - if (errno == 0 && responsebuffer[0] == '5') + /* Wait for initial response, and send HELO. The smtp_write_command() + function leaves its command in big_buffer. This is used in error responses. + Initialize it in case the connection is rejected. */ + + Ustrcpy(big_buffer, "initial connection"); + + /* Unless ssl-on-connect, wait for the initial greeting */ + smtps_redo_greeting: + + #ifdef SUPPORT_TLS + if (!smtps || (smtps && tls_out.active >= 0)) + #endif + if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout))) + goto RESPONSE_FAILED; + + /* Not worth checking greeting line for ESMTP support */ + if (!(esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL, + host->name, host->address, NULL) != OK)) + DEBUG(D_transport) + debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n"); + + tls_redo_helo: + + #ifdef SUPPORT_TLS + if (smtps && tls_out.active < 0) /* ssl-on-connect, first pass */ { - setflag(addr, af_verify_nsfail); - new_domain_record.result = ccache_reject; + tls_offered = TRUE; + ob->tls_tempfail_tryclear = FALSE; } - } + else /* all other cases */ + #endif - /* Send the MAIL command */ + { esmtp_retry: - else done = - smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n", - from_address) >= 0 && - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout); + if (!(done= smtp_write_command(&outblock, FALSE, "%s %s\r\n", + !esmtp? "HELO" : lmtp? "LHLO" : "EHLO", active_hostname) >= 0)) + goto SEND_FAILED; + if (!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout)) + { + if (errno != 0 || responsebuffer[0] == 0 || lmtp || !esmtp || tls_out.active >= 0) + { + done= FALSE; + goto RESPONSE_FAILED; + } + #ifdef SUPPORT_TLS + tls_offered = FALSE; + #endif + esmtp = FALSE; + goto esmtp_retry; /* fallback to HELO */ + } - /* If the host does not accept MAIL FROM:<>, arrange to cache this - information, but again, don't record anything for an I/O error or a defer. Do - not cache rejections of MAIL when a non-empty sender has been used, because - that blocks the whole domain for all senders. */ + /* Set tls_offered if the response to EHLO specifies support for STARTTLS. */ + #ifdef SUPPORT_TLS + if (esmtp && !suppress_tls && tls_out.active < 0) + { + if (regex_STARTTLS == NULL) regex_STARTTLS = + regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); - if (!done) - { - *failure_ptr = US"mail"; /* At or before MAIL */ - if (errno == 0 && responsebuffer[0] == '5') + tls_offered = pcre_exec(regex_STARTTLS, NULL, CS responsebuffer, + Ustrlen(responsebuffer), 0, PCRE_EOPT, NULL, 0) >= 0; + } + else + tls_offered = FALSE; + #endif + } + + /* If TLS is available on this connection attempt to + start up a TLS session, unless the host is in hosts_avoid_tls. If successful, + send another EHLO - the server may give a different answer in secure mode. We + use a separate buffer for reading the response to STARTTLS so that if it is + negative, the original EHLO data is available for subsequent analysis, should + the client not be required to use TLS. If the response is bad, copy the buffer + for error analysis. */ + + #ifdef SUPPORT_TLS + if (tls_offered && + verify_check_this_host(&(ob->hosts_avoid_tls), NULL, host->name, + host->address, NULL) != OK && + verify_check_this_host(&(ob->hosts_verify_avoid_tls), NULL, host->name, + host->address, NULL) != OK + ) { - setflag(addr, af_verify_nsfail); - if (from_address[0] == 0) - new_domain_record.result = ccache_reject_mfnull; + uschar buffer2[4096]; + if ( !smtps + && !(done= smtp_write_command(&outblock, FALSE, "STARTTLS\r\n") >= 0)) + goto SEND_FAILED; + + /* If there is an I/O error, transmission of this message is deferred. If + there is a temporary rejection of STARRTLS and tls_tempfail_tryclear is + false, we also defer. However, if there is a temporary rejection of STARTTLS + and tls_tempfail_tryclear is true, or if there is an outright rejection of + STARTTLS, we carry on. This means we will try to send the message in clear, + unless the host is in hosts_require_tls (tested below). */ + + if (!smtps && !smtp_read_response(&inblock, buffer2, sizeof(buffer2), '2', + ob->command_timeout)) + { + if (errno != 0 || buffer2[0] == 0 || + (buffer2[0] == '4' && !ob->tls_tempfail_tryclear)) + { + Ustrncpy(responsebuffer, buffer2, sizeof(responsebuffer)); + done= FALSE; + goto RESPONSE_FAILED; + } + } + + /* STARTTLS accepted or ssl-on-connect: try to negotiate a TLS session. */ + else + { + int rc = tls_client_start(inblock.sock, host, addr, + ob->tls_certificate, ob->tls_privatekey, + ob->tls_sni, + ob->tls_verify_certificates, ob->tls_crl, + ob->tls_require_ciphers, +#ifdef EXPERIMENTAL_OCSP + ob->hosts_require_ocsp, +#endif + ob->tls_dh_min_bits, callout); + + /* TLS negotiation failed; give an error. Try in clear on a new connection, + if the options permit it for this host. */ + if (rc != OK) + { + if (rc == DEFER && ob->tls_tempfail_tryclear && !smtps && + verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name, + host->address, NULL) != OK) + { + (void)close(inblock.sock); + log_write(0, LOG_MAIN, "TLS session failure: delivering unencrypted " + "to %s [%s] (not in hosts_require_tls)", host->name, host->address); + suppress_tls = TRUE; + goto tls_retry_connection; + } + /*save_errno = ERRNO_TLSFAILURE;*/ + /*message = US"failure while setting up TLS session";*/ + send_quit = FALSE; + done= FALSE; + goto TLS_FAILED; + } + + /* TLS session is set up. Copy info for logging. */ + addr->cipher = tls_out.cipher; + addr->peerdn = tls_out.peerdn; + + /* For SMTPS we need to wait for the initial OK response, then do HELO. */ + if (smtps) + goto smtps_redo_greeting; + + /* For STARTTLS we need to redo EHLO */ + goto tls_redo_helo; + } } - } - /* Otherwise, proceed to check a "random" address (if required), then the - given address, and the postmaster address (if required). Between each check, - issue RSET, because some servers accept only one recipient after MAIL - FROM:<>. + /* If the host is required to use a secure channel, ensure that we have one. */ + if (tls_out.active < 0) + if (verify_check_this_host(&(ob->hosts_require_tls), NULL, host->name, + host->address, NULL) == OK) + { + /*save_errno = ERRNO_TLSREQUIRED;*/ + log_write(0, LOG_MAIN, "a TLS session is required for %s [%s], but %s", + host->name, host->address, + tls_offered? "an attempt to start TLS failed" : "the server did not offer TLS support"); + done= FALSE; + goto TLS_FAILED; + } - Before doing this, set the result in the domain cache record to "accept", - unless its previous value was ccache_reject_mfnull. In that case, the domain - rejects MAIL FROM:<> and we want to continue to remember that. When that is - the case, we have got here only in the case of a recipient verification with - a non-null sender. */ + #endif /*SUPPORT_TLS*/ - else - { - new_domain_record.result = - (old_domain_cache_result == ccache_reject_mfnull)? - ccache_reject_mfnull: ccache_accept; + done = TRUE; /* so far so good; have response to HELO */ - /* Do the random local part check first */ + /*XXX the EHLO response would be analyzed here for IGNOREQUOTA, SIZE, PIPELINING, AUTH */ + /* If we haven't authenticated, but are required to, give up. */ - if (random_local_part != NULL) - { - uschar randombuffer[1024]; - BOOL random_ok = - smtp_write_command(&outblock, FALSE, - "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part, - addr->domain) >= 0 && - smtp_read_response(&inblock, randombuffer, - sizeof(randombuffer), '2', callout); + /*XXX "filter command specified for this transport" ??? */ + /* for now, transport_filter by cutthrough-delivery is not supported */ + /* Need proper integration with the proper transport mechanism. */ - /* Remember when we last did a random test */ - new_domain_record.random_stamp = time(NULL); + SEND_FAILED: + RESPONSE_FAILED: + TLS_FAILED: + ; + /* Clear down of the TLS, SMTP and TCP layers on error is handled below. */ - /* If accepted, we aren't going to do any further tests below. */ - if (random_ok) + /* Failure to accept HELO is cached; this blocks the whole domain for all + senders. I/O errors and defer responses are not cached. */ + + if (!done) + { + *failure_ptr = US"mail"; /* At or before MAIL */ + if (errno == 0 && responsebuffer[0] == '5') { - new_domain_record.random_result = ccache_accept; + setflag(addr, af_verify_nsfail); + new_domain_record.result = ccache_reject; } + } - /* Otherwise, cache a real negative response, and get back to the right - state to send RCPT. Unless there's some problem such as a dropped - connection, we expect to succeed, because the commands succeeded above. */ + /* Try to AUTH */ - else if (errno == 0) - { - if (randombuffer[0] == '5') - new_domain_record.random_result = ccache_reject; + else done = smtp_auth(responsebuffer, sizeof(responsebuffer), + addr, host, ob, esmtp, &inblock, &outblock) == OK && - done = - smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 && - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout) && + /* Copy AUTH info for logging */ + ( (addr->authenticator = client_authenticator), + (addr->auth_id = client_authenticated_id), - smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n", - from_address) >= 0 && - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout); - } - else done = FALSE; /* Some timeout/connection problem */ - } /* Random check */ + /* Build a mail-AUTH string (re-using responsebuffer for convenience */ + !smtp_mail_auth_str(responsebuffer, sizeof(responsebuffer), addr, ob) + ) && + + ( (addr->auth_sndr = client_authenticated_sender), + + /* Send the MAIL command */ + (smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>%s\r\n", + from_address, responsebuffer) >= 0) + ) && + + smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), + '2', callout); - /* If the host is accepting all local parts, as determined by the "random" - check, we don't need to waste time doing any further checking. */ + /* If the host does not accept MAIL FROM:<>, arrange to cache this + information, but again, don't record anything for an I/O error or a defer. Do + not cache rejections of MAIL when a non-empty sender has been used, because + that blocks the whole domain for all senders. */ - if (new_domain_record.random_result != ccache_accept && done) + if (!done) { - /* Get the rcpt_include_affixes flag from the transport if there is one, - but assume FALSE if there is not. */ - - done = - smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n", - transport_rcpt_address(addr, - (addr->transport == NULL)? FALSE : - addr->transport->rcpt_include_affixes)) >= 0 && - smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), - '2', callout); - - if (done) - new_address_record.result = ccache_accept; - else if (errno == 0 && responsebuffer[0] == '5') + *failure_ptr = US"mail"; /* At or before MAIL */ + if (errno == 0 && responsebuffer[0] == '5') { - *failure_ptr = US"recipient"; - new_address_record.result = ccache_reject; + setflag(addr, af_verify_nsfail); + if (from_address[0] == 0) + new_domain_record.result = ccache_reject_mfnull; } + } - /* Do postmaster check if requested; if a full check is required, we - check for RCPT TO: (no domain) in accordance with RFC 821. */ + /* Otherwise, proceed to check a "random" address (if required), then the + given address, and the postmaster address (if required). Between each check, + issue RSET, because some servers accept only one recipient after MAIL + FROM:<>. - if (done && pm_mailfrom != NULL) - { - done = - smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) && + Before doing this, set the result in the domain cache record to "accept", + unless its previous value was ccache_reject_mfnull. In that case, the domain + rejects MAIL FROM:<> and we want to continue to remember that. When that is + the case, we have got here only in the case of a recipient verification with + a non-null sender. */ - smtp_write_command(&outblock, FALSE, - "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) && + else + { + new_domain_record.result = + (old_domain_cache_result == ccache_reject_mfnull)? + ccache_reject_mfnull: ccache_accept; - /* First try using the current domain */ + /* Do the random local part check first */ - (( + if (random_local_part != NULL) + { + uschar randombuffer[1024]; + BOOL random_ok = smtp_write_command(&outblock, FALSE, - "RCPT TO:\r\n", addr->domain) >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) - ) + "RCPT TO:<%.1000s@%.1000s>\r\n", random_local_part, + addr->domain) >= 0 && + smtp_read_response(&inblock, randombuffer, + sizeof(randombuffer), '2', callout); - || + /* Remember when we last did a random test */ - /* If that doesn't work, and a full check is requested, - try without the domain. */ + new_domain_record.random_stamp = time(NULL); - ( - (options & vopt_callout_fullpm) != 0 && - smtp_write_command(&outblock, FALSE, - "RCPT TO:\r\n") >= 0 && - smtp_read_response(&inblock, responsebuffer, - sizeof(responsebuffer), '2', callout) - )); + /* If accepted, we aren't going to do any further tests below. */ + + if (random_ok) + { + new_domain_record.random_result = ccache_accept; + } + + /* Otherwise, cache a real negative response, and get back to the right + state to send RCPT. Unless there's some problem such as a dropped + connection, we expect to succeed, because the commands succeeded above. */ + + else if (errno == 0) + { + if (randombuffer[0] == '5') + new_domain_record.random_result = ccache_reject; + + done = + smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 && + smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), + '2', callout) && + + smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n", + from_address) >= 0 && + smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), + '2', callout); + } + else done = FALSE; /* Some timeout/connection problem */ + } /* Random check */ + + /* If the host is accepting all local parts, as determined by the "random" + check, we don't need to waste time doing any further checking. */ - /* Sort out the cache record */ + if (new_domain_record.random_result != ccache_accept && done) + { + /* Get the rcpt_include_affixes flag from the transport if there is one, + but assume FALSE if there is not. */ - new_domain_record.postmaster_stamp = time(NULL); + done = + smtp_write_command(&outblock, FALSE, "RCPT TO:<%.1000s>\r\n", + transport_rcpt_address(addr, + (addr->transport == NULL)? FALSE : + addr->transport->rcpt_include_affixes)) >= 0 && + smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), + '2', callout); if (done) - new_domain_record.postmaster_result = ccache_accept; + new_address_record.result = ccache_accept; else if (errno == 0 && responsebuffer[0] == '5') { - *failure_ptr = US"postmaster"; - setflag(addr, af_verify_pmfail); - new_domain_record.postmaster_result = ccache_reject; + *failure_ptr = US"recipient"; + new_address_record.result = ccache_reject; } - } - } /* Random not accepted */ - } /* MAIL FROM: accepted */ - /* For any failure of the main check, other than a negative response, we just - close the connection and carry on. We can identify a negative response by the - fact that errno is zero. For I/O errors it will be non-zero + /* Do postmaster check if requested; if a full check is required, we + check for RCPT TO: (no domain) in accordance with RFC 821. */ - Set up different error texts for logging and for sending back to the caller - as an SMTP response. Log in all cases, using a one-line format. For sender - callouts, give a full response to the caller, but for recipient callouts, - don't give the IP address because this may be an internal host whose identity - is not to be widely broadcast. */ + if (done && pm_mailfrom != NULL) + { + /*XXX not suitable for cutthrough - sequencing problems */ + cutthrough_delivery= FALSE; + HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of postmaster verify\n"); - if (!done) - { - if (errno == ETIMEDOUT) - { - HDEBUG(D_verify) debug_printf("SMTP timeout\n"); - send_quit = FALSE; - } - else if (errno == 0) - { - if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped"); + done = + smtp_write_command(&outblock, FALSE, "RSET\r\n") >= 0 && + smtp_read_response(&inblock, responsebuffer, + sizeof(responsebuffer), '2', callout) && - addr->message = - string_sprintf("response to \"%s\" from %s [%s] was: %s", - big_buffer, host->name, host->address, - string_printing(responsebuffer)); + smtp_write_command(&outblock, FALSE, + "MAIL FROM:<%s>\r\n", pm_mailfrom) >= 0 && + smtp_read_response(&inblock, responsebuffer, + sizeof(responsebuffer), '2', callout) && - addr->user_message = is_recipient? - string_sprintf("Callout verification failed:\n%s", responsebuffer) - : - string_sprintf("Called: %s\nSent: %s\nResponse: %s", - host->address, big_buffer, responsebuffer); + /* First try using the current domain */ + + (( + smtp_write_command(&outblock, FALSE, + "RCPT TO:\r\n", addr->domain) >= 0 && + smtp_read_response(&inblock, responsebuffer, + sizeof(responsebuffer), '2', callout) + ) + + || - /* Hard rejection ends the process */ + /* If that doesn't work, and a full check is requested, + try without the domain. */ - if (responsebuffer[0] == '5') /* Address rejected */ + ( + (options & vopt_callout_fullpm) != 0 && + smtp_write_command(&outblock, FALSE, + "RCPT TO:\r\n") >= 0 && + smtp_read_response(&inblock, responsebuffer, + sizeof(responsebuffer), '2', callout) + )); + + /* Sort out the cache record */ + + new_domain_record.postmaster_stamp = time(NULL); + + if (done) + new_domain_record.postmaster_result = ccache_accept; + else if (errno == 0 && responsebuffer[0] == '5') + { + *failure_ptr = US"postmaster"; + setflag(addr, af_verify_pmfail); + new_domain_record.postmaster_result = ccache_reject; + } + } + } /* Random not accepted */ + } /* MAIL FROM: accepted */ + + /* For any failure of the main check, other than a negative response, we just + close the connection and carry on. We can identify a negative response by the + fact that errno is zero. For I/O errors it will be non-zero + + Set up different error texts for logging and for sending back to the caller + as an SMTP response. Log in all cases, using a one-line format. For sender + callouts, give a full response to the caller, but for recipient callouts, + don't give the IP address because this may be an internal host whose identity + is not to be widely broadcast. */ + + if (!done) + { + if (errno == ETIMEDOUT) { - yield = FAIL; - done = TRUE; + HDEBUG(D_verify) debug_printf("SMTP timeout\n"); + send_quit = FALSE; + } + else if (errno == 0) + { + if (*responsebuffer == 0) Ustrcpy(responsebuffer, US"connection dropped"); + + addr->message = + string_sprintf("response to \"%s\" from %s [%s] was: %s", + big_buffer, host->name, host->address, + string_printing(responsebuffer)); + + addr->user_message = is_recipient? + string_sprintf("Callout verification failed:\n%s", responsebuffer) + : + string_sprintf("Called: %s\nSent: %s\nResponse: %s", + host->address, big_buffer, responsebuffer); + + /* Hard rejection ends the process */ + + if (responsebuffer[0] == '5') /* Address rejected */ + { + yield = FAIL; + done = TRUE; + } } } - } - /* End the SMTP conversation and close the connection. */ + /* End the SMTP conversation and close the connection. */ + + /* Cutthrough - on a successfull connect and recipient-verify with use-sender + and we have no cutthrough conn so far + here is where we want to leave the conn open */ + if ( cutthrough_delivery + && done + && yield == OK + && (options & (vopt_callout_recipsender|vopt_callout_recippmaster)) == vopt_callout_recipsender + && !random_local_part + && !pm_mailfrom + && cutthrough_fd < 0 + ) + { + cutthrough_fd= outblock.sock; /* We assume no buffer in use in the outblock */ + cutthrough_addr = *addr; /* Save the address_item for later logging */ + cutthrough_addr.host_used = store_get(sizeof(host_item)); + cutthrough_addr.host_used->name = host->name; + cutthrough_addr.host_used->address = host->address; + cutthrough_addr.host_used->port = port; + if (addr->parent) + *(cutthrough_addr.parent = store_get(sizeof(address_item)))= *addr->parent; + ctblock.buffer = ctbuffer; + ctblock.buffersize = sizeof(ctbuffer); + ctblock.ptr = ctbuffer; + /* ctblock.cmd_count = 0; ctblock.authenticating = FALSE; */ + ctblock.sock = cutthrough_fd; + } + else + { + /* Ensure no cutthrough on multiple address verifies */ + if (options & vopt_callout_recipsender) + cancel_cutthrough_connection("multiple verify calls"); + if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n"); + + #ifdef SUPPORT_TLS + tls_close(FALSE, TRUE); + #endif + (void)close(inblock.sock); + } - if (send_quit) (void)smtp_write_command(&outblock, FALSE, "QUIT\r\n"); - (void)close(inblock.sock); - } /* Loop through all hosts, while !done */ + } /* Loop through all hosts, while !done */ + } /* If we get here with done == TRUE, a successful callout happened, and yield will be set OK or FAIL according to the response to the RCPT command. @@ -826,6 +1080,252 @@ return yield; +/* Called after recipient-acl to get a cutthrough connection open when + one was requested and a recipient-verify wasn't subsequently done. +*/ +void +open_cutthrough_connection( address_item * addr ) +{ +address_item addr2; + +/* Use a recipient-verify-callout to set up the cutthrough connection. */ +/* We must use a copy of the address for verification, because it might +get rewritten. */ + +addr2 = *addr; +HDEBUG(D_acl) debug_printf("----------- start cutthrough setup ------------\n"); +(void) verify_address(&addr2, NULL, + vopt_is_recipient | vopt_callout_recipsender | vopt_callout_no_cache, + CUTTHROUGH_CMD_TIMEOUT, -1, -1, + NULL, NULL, NULL); +HDEBUG(D_acl) debug_printf("----------- end cutthrough setup ------------\n"); +return; +} + + + +/* Send given number of bytes from the buffer */ +static BOOL +cutthrough_send(int n) +{ +if(cutthrough_fd < 0) + return TRUE; + +if( +#ifdef SUPPORT_TLS + (tls_out.active == cutthrough_fd) ? tls_write(FALSE, ctblock.buffer, n) : +#endif + send(cutthrough_fd, ctblock.buffer, n, 0) > 0 + ) +{ + transport_count += n; + ctblock.ptr= ctblock.buffer; + return TRUE; +} + +HDEBUG(D_transport|D_acl) debug_printf("cutthrough_send failed: %s\n", strerror(errno)); +return FALSE; +} + + + +static BOOL +_cutthrough_puts(uschar * cp, int n) +{ +while(n--) + { + if(ctblock.ptr >= ctblock.buffer+ctblock.buffersize) + if(!cutthrough_send(ctblock.buffersize)) + return FALSE; + + *ctblock.ptr++ = *cp++; + } +return TRUE; +} + +/* Buffered output of counted data block. Return boolean success */ +BOOL +cutthrough_puts(uschar * cp, int n) +{ +if (cutthrough_fd < 0) return TRUE; +if (_cutthrough_puts(cp, n)) return TRUE; +cancel_cutthrough_connection("transmit failed"); +return FALSE; +} + + +static BOOL +_cutthrough_flush_send( void ) +{ +int n= ctblock.ptr-ctblock.buffer; + +if(n>0) + if(!cutthrough_send(n)) + return FALSE; +return TRUE; +} + + +/* Send out any bufferred output. Return boolean success. */ +BOOL +cutthrough_flush_send( void ) +{ +if (_cutthrough_flush_send()) return TRUE; +cancel_cutthrough_connection("transmit failed"); +return FALSE; +} + + +BOOL +cutthrough_put_nl( void ) +{ +return cutthrough_puts(US"\r\n", 2); +} + + +/* Get and check response from cutthrough target */ +static uschar +cutthrough_response(char expect, uschar ** copy) +{ +smtp_inblock inblock; +uschar inbuffer[4096]; +uschar responsebuffer[4096]; + +inblock.buffer = inbuffer; +inblock.buffersize = sizeof(inbuffer); +inblock.ptr = inbuffer; +inblock.ptrend = inbuffer; +inblock.sock = cutthrough_fd; +/* this relies on (inblock.sock == tls_out.active) */ +if(!smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), expect, CUTTHROUGH_DATA_TIMEOUT)) + cancel_cutthrough_connection("target timeout on read"); + +if(copy != NULL) + { + uschar * cp; + *copy= cp= string_copy(responsebuffer); + /* Trim the trailing end of line */ + cp += Ustrlen(responsebuffer); + if(cp > *copy && cp[-1] == '\n') *--cp = '\0'; + if(cp > *copy && cp[-1] == '\r') *--cp = '\0'; + } + +return responsebuffer[0]; +} + + +/* Negotiate dataphase with the cutthrough target, returning success boolean */ +BOOL +cutthrough_predata( void ) +{ +if(cutthrough_fd < 0) + return FALSE; + +HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> DATA\n"); +cutthrough_puts(US"DATA\r\n", 6); +cutthrough_flush_send(); + +/* Assume nothing buffered. If it was it gets ignored. */ +return cutthrough_response('3', NULL) == '3'; +} + + +/* Buffered send of headers. Return success boolean. */ +/* Expands newlines to wire format (CR,NL). */ +/* Also sends header-terminating blank line. */ +BOOL +cutthrough_headers_send( void ) +{ +header_line * h; +uschar * cp1, * cp2; + +if(cutthrough_fd < 0) + return FALSE; + +for(h= header_list; h != NULL; h= h->next) + if(h->type != htype_old && h->text != NULL) + for (cp1 = h->text; *cp1 && (cp2 = Ustrchr(cp1, '\n')); cp1 = cp2+1) + if( !cutthrough_puts(cp1, cp2-cp1) + || !cutthrough_put_nl()) + return FALSE; + +HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>>(nl)\n"); +return cutthrough_put_nl(); +} + + +static void +close_cutthrough_connection( const char * why ) +{ +if(cutthrough_fd >= 0) + { + /* We could be sending this after a bunch of data, but that is ok as + the only way to cancel the transfer in dataphase is to drop the tcp + conn before the final dot. + */ + ctblock.ptr = ctbuffer; + HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> QUIT\n"); + _cutthrough_puts(US"QUIT\r\n", 6); /* avoid recursion */ + _cutthrough_flush_send(); + /* No wait for response */ + + #ifdef SUPPORT_TLS + tls_close(FALSE, TRUE); + #endif + (void)close(cutthrough_fd); + cutthrough_fd= -1; + HDEBUG(D_acl) debug_printf("----------- cutthrough shutdown (%s) ------------\n", why); + } +ctblock.ptr = ctbuffer; +} + +void +cancel_cutthrough_connection( const char * why ) +{ +close_cutthrough_connection(why); +cutthrough_delivery= FALSE; +} + + + + +/* Have senders final-dot. Send one to cutthrough target, and grab the response. + Log an OK response as a transmission. + Close the connection. + Return smtp response-class digit. +*/ +uschar * +cutthrough_finaldot( void ) +{ +HDEBUG(D_transport|D_acl|D_v) debug_printf(" SMTP>> .\n"); + +/* Assume data finshed with new-line */ +if(!cutthrough_puts(US".", 1) || !cutthrough_put_nl() || !cutthrough_flush_send()) + return cutthrough_addr.message; + +switch(cutthrough_response('2', &cutthrough_addr.message)) + { + case '2': + delivery_log(LOG_MAIN, &cutthrough_addr, (int)'>', NULL); + close_cutthrough_connection("delivered"); + break; + + case '4': + delivery_log(LOG_MAIN, &cutthrough_addr, 0, US"tmp-reject from cutthrough after DATA:"); + break; + + case '5': + delivery_log(LOG_MAIN|LOG_REJECT, &cutthrough_addr, 0, US"rejected after DATA:"); + break; + + default: + break; + } + return cutthrough_addr.message; +} + + + /************************************************* * Copy error to toplevel address * *************************************************/ @@ -1038,6 +1538,18 @@ addresses, such rewriting fails. */ if (address[0] == 0) return OK; +/* Flip the legacy TLS-related variables over to the outbound set in case +they're used in the context of a transport used by verification. Reset them +at exit from this routine. */ + +modify_variable(US"tls_bits", &tls_out.bits); +modify_variable(US"tls_certificate_verified", &tls_out.certificate_verified); +modify_variable(US"tls_cipher", &tls_out.cipher); +modify_variable(US"tls_peerdn", &tls_out.peerdn); +#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS) +modify_variable(US"tls_sni", &tls_out.sni); +#endif + /* Save a copy of the sender address for re-instating if we change it to <> while verifying a sender address (a nice bit of self-reference there). */ @@ -1230,6 +1742,9 @@ while (addr_new != NULL) } else { +#ifdef SUPPORT_TLS + deliver_set_expansions(addr); +#endif rc = do_callout(addr, host_list, &tf, callout, callout_overall, callout_connect, options, se_mailfrom, pm_mailfrom); } @@ -1281,9 +1796,14 @@ while (addr_new != NULL) } respond_printf(f, "%s\n", cr); } + cancel_cutthrough_connection("routing hard fail"); - if (!full_info) return copy_error(vaddr, addr, FAIL); - else yield = FAIL; + if (!full_info) + { + yield = copy_error(vaddr, addr, FAIL); + goto out; + } + else yield = FAIL; } /* Soft failure */ @@ -1315,8 +1835,14 @@ while (addr_new != NULL) } respond_printf(f, "%s\n", cr); } - if (!full_info) return copy_error(vaddr, addr, DEFER); - else if (yield == OK) yield = DEFER; + cancel_cutthrough_connection("routing soft fail"); + + if (!full_info) + { + yield = copy_error(vaddr, addr, DEFER); + goto out; + } + else if (yield == OK) yield = DEFER; } /* If we are handling EXPN, we do not want to continue to route beyond @@ -1339,7 +1865,8 @@ while (addr_new != NULL) if (addr_new == NULL) ok_prefix = US"250 "; respond_printf(f, "%s<%s>\r\n", ok_prefix, addr2->address); } - return OK; + yield = OK; + goto out; } /* Successful routing other than EXPN. */ @@ -1374,7 +1901,8 @@ while (addr_new != NULL) of $address_data to be that of the child */ vaddr->p.address_data = addr->p.address_data; - return OK; + yield = OK; + goto out; } } } /* Loop for generated addresses */ @@ -1391,7 +1919,7 @@ discarded, usually because of the use of :blackhole: in an alias file. */ if (allok && addr_local == NULL && addr_remote == NULL) { fprintf(f, "mail to %s is discarded\n", address); - return yield; + goto out; } for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) @@ -1475,9 +2003,19 @@ for (addr_list = addr_local, i = 0; i < 2; addr_list = addr_remote, i++) } } -/* Will be DEFER or FAIL if any one address has, only for full_info (which is +/* Yield will be DEFER or FAIL if any one address has, only for full_info (which is the -bv or -bt case). */ +out: + +modify_variable(US"tls_bits", &tls_in.bits); +modify_variable(US"tls_certificate_verified", &tls_in.certificate_verified); +modify_variable(US"tls_cipher", &tls_in.cipher); +modify_variable(US"tls_peerdn", &tls_in.peerdn); +#if defined(SUPPORT_TLS) && !defined(USE_GNUTLS) +modify_variable(US"tls_sni", &tls_in.sni); +#endif + return yield; } diff --git a/src/util/gen_pkcs3.c b/src/util/gen_pkcs3.c index ae7e7610a..4be2c581e 100644 --- a/src/util/gen_pkcs3.c +++ b/src/util/gen_pkcs3.c @@ -7,6 +7,16 @@ * c99 $(pkg-config --cflags openssl) gen_pkcs3.c $(pkg-config --libs openssl) */ +/* + * Rationale: + * The Diffie-Hellman primes which are embedded into Exim as named primes for + * the tls_dhparam option are in the std-crypto.c file. The source for those + * comes from various RFCs, where they are given in hexadecimal form. + * + * This tool provides convenient conversion, to reduce the risk of human + * error in transcription. + */ + #include #include #include diff --git a/src/util/ocsp_fetch.pl b/src/util/ocsp_fetch.pl new file mode 100755 index 000000000..0d214d62a --- /dev/null +++ b/src/util/ocsp_fetch.pl @@ -0,0 +1,83 @@ +#!/usr/bin/perl +# Copyright (C) 2012 Wizards Internet Ltd +# License GPLv2: GNU GPL version 2 +use strict; +use Getopt::Std; +$Getopt::Std::STANDARD_HELP_VERSION=1; +use IO::Handle; +use Date::Parse; +my ($o,$i,$s,$f,$t,$u,$VERSION); +$VERSION='1.0'; +$o={'m'=>10}; +getopts("c:i:u:a:o:m:fv",$o); +usage('No issuer specified') if ! $o->{'i'} && ! -f $o->{'i'}; +usage('No certificate specified') if ! $o->{'c'} && ! -f $o->{'c'}; +usage('No CA chain specified') if ! $o->{'a'} && ! -f $o->{'a'}; +usage('No OCSP file specified') if ! $o->{'o'}; +usage('No URL specified') if ! $o->{'u'}; +$o->{'t'}=$o->{'o'}.'.tmp'; + +# check if we need to +if ( $o->{'f'} + || ! -f $o->{'o'} + || ( -M $o->{'o'} > 0 ) + ) +{ + $i = new IO::Handle; + open( $i, "openssl ocsp -issuer $o->{'i'} -cert $o->{'c'} -url $o->{'u'} -CAfile $o->{'a'} -respout $o->{'t'} 2>/dev/null |" ) || die 'Unable to execute ocsp command'; + $s = <$i> || die 'Unable to read status'; + $f = <$i> || die 'Unable to read update time'; + $t = <$i> || die 'Unable to read next update time'; + close $i; + # Status ok ? + chomp($s); + chomp($f); + chomp($t); + $s =~ s/[^:]*: //; + $f =~ s/[^:]*: //; + $t =~ s/[^:]*: //; + $t = str2time($t); + die "OCSP status is $s" if $s ne 'good'; + warn "Next Update $t" if $o->{'v'}; + # response is good, adjust mod time and move into place. + $u = $t - $o->{'m'} * (($t - time)/100); + utime $u,$u,$o->{'t'}; + rename $o->{'t'},$o->{'o'}; +} +exit; + +sub +usage +{ + my $m = shift; + print STDERR "$m\n" if $m; + HELP_MESSAGE(\*STDERR); + die; +} +sub +HELP_MESSAGE +{ + my $h = shift; + print $h <chain.pem + +The update procedure would be + + ocsp_fetch -i signing.example.net.pem \ + -c www.example.com.pem \ + -u http://ocsp.example.net/ \ + -a chain.pem \ + -o www.example.com.ocsp.der +EOF +} +# vi: aw ai sw=4 +# End of File diff --git a/test/README b/test/README index 3628da98a..c64b02206 100644 --- a/test/README +++ b/test/README @@ -237,6 +237,11 @@ is as follows: There are some options for the ./runtest script itself: + -CONTINUE This will allow the script to move past some failing tests. It will + write a simple failure line with the test number in a temporary + logfile test/failed-summary.log. Unexpected exit codes will still + stall the test execution and require interaction. + -DEBUG This option is for debugging the test script. It causes some tracing information to be output. @@ -434,6 +439,10 @@ OTHER ISSUES with an extra log line saying the hostname doesn't resolve. You must use a FQDN for the hostname for proper test functionality. +. If you change your hostname to a FQDN, you must delete the test/dnszones + subdirectory. When you next run the runtest script, it will rebuild the + content to use the new hostname. + . If your hostname has an uppercase characters in it, expect that some tests will fail, for example, 0036, because some log lines will have the hostname in all lowercase. The regex which extracts the hostname from the log lines @@ -715,6 +724,12 @@ This command causes the script to sleep for m milliseconds. Nothing is output to the screen. + munge + +This command requests custom munging of the test outputs. The munge names +used are coded in the runtest script. + + need_ipv4 This command must be at the head of a script. If no IPv4 interface has been @@ -828,9 +843,11 @@ and port, using the specified interface, if one is given. When OpenSSL is available on the host, an alternative version of the client program is compiled, one that supports TLS using OpenSSL. The additional -arguments specify a certificate and key file when required. There is one -additional option, -tls-on-connect, that causes the client to initiate TLS -negotiation immediately on connection. +arguments specify a certificate and key file when required for the connection. +There are two additional options: -tls-on-connect, that causes the client to +initiate TLS negociation immediately on connection; -ocsp that causes the TLS +negotiation to include a certificate-status request. The latter takes a +filename argument, the CA info for verifying the stapled response. client-gnutls [] [] \ diff --git a/test/aux-fixed/exim-ca/README b/test/aux-fixed/exim-ca/README new file mode 100644 index 000000000..b8d2a41f9 --- /dev/null +++ b/test/aux-fixed/exim-ca/README @@ -0,0 +1,51 @@ + +The three directories each contain a complete CA with server signing +certificate, OCSP signing certificate and a selection of server +certificates under each domain. + +For each directory there are a number of subdirectories. + + CA - The main certificate signing directory. + + Within this directory the primary file sof interest + will be the two CRL files, crl.empty and crl.v2 + These are valid CRLs; the "v2" containing the two + revoked certs. + + BLANK - a template usable for client-only machines + for clients of this private CA. + + *.example.* - individual server certificates. + +The six certificate subdirs each contain a cert for a machine +by that name; those in the "expired" ones are out-of-date (the +rest expire in 2038). The "1" and "2" systems/certs have +equivalent properties. + +In each certicate subdir: the ".db" files are NSS version of the cert, +the ".pem", ".key" and ".unlocked.key" are usable by OpenSSL (the +ca_chain.pem being a copy of the CA public information and signer +public information). + +The ".p12" file rolls up the CA, Signer and cert info. Both the ".p12" +and NSS info are passworded using the "pwdfile". +The ocsp request file is one a client would send to an OCSP responder. +The ocsp response files are those gotten that way. in .der format; +"good" being all well, "dated" meaning the response (not the cert) +is out-of-date, and "revoked" meaning the cert has been revoked. + + +The files were created using the genall script which utilises a +combination of tools, + + openssl + nss-tools + clica + +of these the only unfamiliar one is likely to be clica, a command +line CA tool which can be found at + + http://people.redhat.com/mpoole/clica/ + + + diff --git a/test/aux-fixed/exim-ca/example.com/BLANK/CA.pem b/test/aux-fixed/exim-ca/example.com/BLANK/CA.pem new file mode 100644 index 000000000..d51c5d089 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/BLANK/CA.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw +MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o +mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+ +ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/BLANK/Signer.pem b/test/aux-fixed/exim-ca/example.com/BLANK/Signer.pem new file mode 100644 index 000000000..fc29ebbda --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/BLANK/Signer.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/BLANK/cert8.db b/test/aux-fixed/exim-ca/example.com/BLANK/cert8.db new file mode 100644 index 000000000..f82510ff6 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/BLANK/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/BLANK/key3.db b/test/aux-fixed/exim-ca/example.com/BLANK/key3.db new file mode 100644 index 000000000..cb031c0af Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/BLANK/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/BLANK/pwdfile b/test/aux-fixed/exim-ca/example.com/BLANK/pwdfile new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/BLANK/pwdfile @@ -0,0 +1 @@ + diff --git a/test/aux-fixed/exim-ca/example.com/BLANK/secmod.db b/test/aux-fixed/exim-ca/example.com/BLANK/secmod.db new file mode 100644 index 000000000..8a8319376 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/BLANK/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/CA.pem b/test/aux-fixed/exim-ca/example.com/CA/CA.pem new file mode 100644 index 000000000..d51c5d089 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/CA.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw +MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o +mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+ +ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/OCSP.key b/test/aux-fixed/exim-ca/example.com/CA/OCSP.key new file mode 100644 index 000000000..7a361dcf9 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/OCSP.key @@ -0,0 +1,14 @@ +Bag Attributes + friendlyName: OCSP Signer + localKeyID: A6 E7 21 3B BE A3 47 BE 58 6F 34 77 E2 AA D5 22 91 AA 0F D6 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEAuGANFQATQUtX6l1r +tDa/TimQ722a/2wGSmty/n9Va36t7O9S0Uxi7yQMN11I284FekjzP82THLWv4TJZ +x7AvywIDAQABAkAhrko1f+IEl4Lj6VT3gtjHqogzdM5PwqgTiDVlkFVGYXp6a8o6 +ySmMofHeEjDgPFI7sz12eQOoofjhjTCnTcJhAiEA3Afe796M2vm5+V6t1ayFhgP0 +9QnSVde6mLvqHFHAKHUCIQDWhAVspNc3bw2PIBqlK2ibANwi9BFurBlATBHhKP3v +PwIgTiwttKMpABOBU2uj7ypgNgDp4rUemYkPrnv07SLOVpECIAVXhEsQT8uxmETY +J9G1IwW5H8I/EbAP2REg09EnlCtBAiBgZn9NxSr05na0P+NjyIPQ44Y9L5R9P3PL +2PceGVDcQw== +-----END PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/OCSP.p12 b/test/aux-fixed/exim-ca/example.com/CA/OCSP.p12 new file mode 100644 index 000000000..208dc6981 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/CA/OCSP.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/OCSP.pem b/test/aux-fixed/exim-ca/example.com/CA/OCSP.pem new file mode 100644 index 000000000..f78456dd6 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/OCSP.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBgDCCASqgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMVoXDTM4MDEwMTEyMzQwMVowMjEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAY +BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB +ALhgDRUAE0FLV+pda7Q2v04pkO9tmv9sBkprcv5/VWt+rezvUtFMYu8kDDddSNvO +BXpI8z/Nkxy1r+EyWcewL8sCAwEAAaMqMCgwDgYDVR0PAQH/BAQDAgeAMBYGA1Ud +JQEB/wQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA0EAQalK8cinGimBjryO +q8scOPr7Zkv2RlhnUUTtpPfFKkTne9yXyXxBVDfy8wwPTz7ZTOzMVtPTgFT9g0Kf +tXze7g== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/Signer.pem b/test/aux-fixed/exim-ca/example.com/CA/Signer.pem new file mode 100644 index 000000000..fc29ebbda --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/Signer.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/ca.conf b/test/aux-fixed/exim-ca/example.com/CA/ca.conf new file mode 100644 index 000000000..90875899f --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/ca.conf @@ -0,0 +1,18 @@ +; Config::Simple 4.59 +; Thu Nov 1 12:34:00 2012 + +[CLICA] +crl_url=http://crl.example.com/latest.crl +crl_signer=Signing Cert +level=1 +signer=Signing Cert +ocsp_signer=OCSP Signer +ocsp_url=http://oscp/example.com/ + +[CA] +org=example.com +subject=clica CA +name=Certificate Authority +bits=512 + + diff --git a/test/aux-fixed/exim-ca/example.com/CA/cert8.db b/test/aux-fixed/exim-ca/example.com/CA/cert8.db new file mode 100644 index 000000000..5ae12015d Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/CA/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.empty b/test/aux-fixed/exim-ca/example.com/CA/crl.empty new file mode 100644 index 000000000..7814b8029 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/CA/crl.empty differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.empty.in.txt b/test/aux-fixed/exim-ca/example.com/CA/crl.empty.in.txt new file mode 100644 index 000000000..250311c00 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/crl.empty.in.txt @@ -0,0 +1 @@ +update=20130127152434Z diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.empty.pem b/test/aux-fixed/exim-ca/example.com/CA/crl.empty.pem new file mode 100644 index 000000000..fdc506dc5 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/crl.empty.pem @@ -0,0 +1,6 @@ +-----BEGIN X509 CRL----- +MIGsMFgCAQEwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5jb20x +GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxMzAxMjcxNTI0MzRaMA0G +CSqGSIb3DQEBBQUAA0EAjClqFKe0w0T5ARNSMOSfuDtbOA0iN2yOrUwJfidgQdVQ +YPW+5TwKhe+Vm6skgHSIWNcuMVzojsuDZcBZnNimPA== +-----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.v2 b/test/aux-fixed/exim-ca/example.com/CA/crl.v2 new file mode 100644 index 000000000..66fb34ddc Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/CA/crl.v2 differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.v2.in.txt b/test/aux-fixed/exim-ca/example.com/CA/crl.v2.in.txt new file mode 100644 index 000000000..434045ffe --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/crl.v2.in.txt @@ -0,0 +1,3 @@ +update=20130127152437Z +addcert 102 20130127152437Z +addcert 202 20130127152437Z diff --git a/test/aux-fixed/exim-ca/example.com/CA/crl.v2.pem b/test/aux-fixed/exim-ca/example.com/CA/crl.v2.pem new file mode 100644 index 000000000..da781d7d8 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/crl.v2.pem @@ -0,0 +1,7 @@ +-----BEGIN X509 CRL----- +MIHcMIGHAgEBMA0GCSqGSIb3DQEBBQUAMDMxFDASBgNVBAoTC2V4YW1wbGUuY29t +MRswGQYDVQQDExJjbGljYSBTaWduaW5nIENlcnQYDzIwMTMwMTI3MTUyNDM3WjAt +MBQCAWYYDzIwMTMwMTI3MTUyNDM3WjAVAgIAyhgPMjAxMzAxMjcxNTI0MzdaMA0G +CSqGSIb3DQEBBQUAA0EAS5A0/pStULkfIhBRMt+DfehLBbppc6FftG3TpBMvBW4k +xGwMPKUN8lk3uMuQxk/cvbaFqPtiR/WnkAFc3i1bpA== +-----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt b/test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt new file mode 100644 index 000000000..d69d74d0c --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/index.revoked.txt @@ -0,0 +1,6 @@ +R 130110200751Z 100201142709Z,superseded 65 unknown CN=server1.example.com +R 130110200751Z 100201142709Z,superseded 66 unknown CN=revoked1.example.com +R 130110200751Z 100201142709Z,superseded 67 unknown CN=expired1.example.com +R 130110200751Z 100201142709Z,superseded c9 unknown CN=server2.example.com +R 130110200751Z 100201142709Z,superseded ca unknown CN=revoked2.example.com +R 130110200751Z 100201142709Z,superseded cb unknown CN=expired2.example.com diff --git a/test/aux-fixed/exim-ca/example.com/CA/index.valid.txt b/test/aux-fixed/exim-ca/example.com/CA/index.valid.txt new file mode 100644 index 000000000..126acf7e4 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/index.valid.txt @@ -0,0 +1,6 @@ +V 130110200751Z 65 unknown CN=server1.example.com +V 130110200751Z 66 unknown CN=revoked1.example.com +V 130110200751Z 67 unknown CN=expired1.example.com +V 130110200751Z c9 unknown CN=server2.example.com +V 130110200751Z ca unknown CN=revoked2.example.com +V 130110200751Z cb unknown CN=expired2.example.com diff --git a/test/aux-fixed/exim-ca/example.com/CA/key3.db b/test/aux-fixed/exim-ca/example.com/CA/key3.db new file mode 100644 index 000000000..30718a996 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/CA/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/CA/noise.file b/test/aux-fixed/exim-ca/example.com/CA/noise.file new file mode 100644 index 000000000..0003cbb45 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/noise.file @@ -0,0 +1,342 @@ +processor : 0 +vendor_id : GenuineIntel +cpu family : 6 +model : 26 +model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz +stepping : 5 +cpu MHz : 2260.628 +cache size : 8192 KB +fpu : yes +fpu_exception : yes +cpuid level : 11 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts +bogomips : 4521.25 +clflush size : 64 +cache_alignment : 64 +address sizes : 40 bits physical, 48 bits virtual +power management: + +processor : 1 +vendor_id : GenuineIntel +cpu family : 6 +model : 26 +model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz +stepping : 5 +cpu MHz : 2260.628 +cache size : 8192 KB +fpu : yes +fpu_exception : yes +cpuid level : 11 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts +bogomips : 4521.25 +clflush size : 64 +cache_alignment : 64 +address sizes : 40 bits physical, 48 bits virtual +power management: + + CPU0 CPU1 + 0: 2481 0 IO-APIC-edge timer + 1: 21441 346 IO-APIC-edge i8042 + 3: 1 0 IO-APIC-edge + 4: 1 0 IO-APIC-edge + 7: 0 0 IO-APIC-edge parport0 + 8: 1 0 IO-APIC-edge rtc0 + 9: 0 0 IO-APIC-fasteoi acpi + 12: 78986 1718 IO-APIC-edge i8042 + 14: 0 0 IO-APIC-edge ata_piix + 15: 2423330 1435 IO-APIC-edge ata_piix + 16: 1025 0 IO-APIC-fasteoi Ensoniq AudioPCI + 17: 239842 2559 IO-APIC-fasteoi ehci_hcd:usb1, ioc0 + 18: 246 0 IO-APIC-fasteoi uhci_hcd:usb2 + 19: 1868676 51479 IO-APIC-fasteoi eth0 + 24: 0 0 PCI-MSI-edge pciehp + 25: 0 0 PCI-MSI-edge pciehp + 26: 0 0 PCI-MSI-edge pciehp + 27: 0 0 PCI-MSI-edge pciehp + 28: 0 0 PCI-MSI-edge pciehp + 29: 0 0 PCI-MSI-edge pciehp + 30: 0 0 PCI-MSI-edge pciehp + 31: 0 0 PCI-MSI-edge pciehp + 32: 0 0 PCI-MSI-edge pciehp + 33: 0 0 PCI-MSI-edge pciehp + 34: 0 0 PCI-MSI-edge pciehp + 35: 0 0 PCI-MSI-edge pciehp + 36: 0 0 PCI-MSI-edge pciehp + 37: 0 0 PCI-MSI-edge pciehp + 38: 0 0 PCI-MSI-edge pciehp + 39: 0 0 PCI-MSI-edge pciehp + 40: 0 0 PCI-MSI-edge pciehp + 41: 0 0 PCI-MSI-edge pciehp + 42: 0 0 PCI-MSI-edge pciehp + 43: 0 0 PCI-MSI-edge pciehp + 44: 0 0 PCI-MSI-edge pciehp + 45: 0 0 PCI-MSI-edge pciehp + 46: 0 0 PCI-MSI-edge pciehp + 47: 0 0 PCI-MSI-edge pciehp + 48: 0 0 PCI-MSI-edge pciehp + 49: 0 0 PCI-MSI-edge pciehp + 50: 0 0 PCI-MSI-edge pciehp + 51: 0 0 PCI-MSI-edge pciehp + 52: 0 0 PCI-MSI-edge pciehp + 53: 0 0 PCI-MSI-edge pciehp + 54: 0 0 PCI-MSI-edge pciehp + 55: 0 0 PCI-MSI-edge pciehp + 56: 1 0 PCI-MSI-edge vmci + 57: 0 0 PCI-MSI-edge vmci +NMI: 0 0 Non-maskable interrupts +LOC: 12397935 14240444 Local timer interrupts +SPU: 0 0 Spurious interrupts +PMI: 0 0 Performance monitoring interrupts +IWI: 0 0 IRQ work interrupts +RES: 282548 308972 Rescheduling interrupts +CAL: 1955 163540 Function call interrupts +TLB: 17884 15542 TLB shootdowns +TRM: 0 0 Thermal event interrupts +THR: 0 0 Threshold APIC interrupts +MCE: 0 0 Machine check exceptions +MCP: 2310 2310 Machine check polls +ERR: 0 +MIS: 0 +MemTotal: 1914844 kB +MemFree: 135496 kB +Buffers: 142048 kB +Cached: 951840 kB +SwapCached: 108 kB +Active: 980724 kB +Inactive: 540136 kB +Active(anon): 287056 kB +Inactive(anon): 143480 kB +Active(file): 693668 kB +Inactive(file): 396656 kB +Unevictable: 0 kB +Mlocked: 0 kB +SwapTotal: 4194296 kB +SwapFree: 4193560 kB +Dirty: 928 kB +Writeback: 0 kB +AnonPages: 427064 kB +Mapped: 70976 kB +Shmem: 3400 kB +Slab: 190892 kB +SReclaimable: 125404 kB +SUnreclaim: 65488 kB +KernelStack: 2304 kB +PageTables: 23476 kB +NFS_Unstable: 0 kB +Bounce: 0 kB +WritebackTmp: 0 kB +CommitLimit: 5151716 kB +Committed_AS: 973184 kB +VmallocTotal: 34359738367 kB +VmallocUsed: 280772 kB +VmallocChunk: 34359441168 kB +HardwareCorrupted: 0 kB +AnonHugePages: 249856 kB +HugePages_Total: 0 +HugePages_Free: 0 +HugePages_Rsvd: 0 +HugePages_Surp: 0 +Hugepagesize: 2048 kB +DirectMap4k: 8192 kB +DirectMap2M: 2088960 kB +slabinfo - version: 2.1 +# name : tunables : slabdata +bridge_fdb_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +fuse_request 0 0 632 6 1 : tunables 54 27 8 : slabdata 0 0 0 +fuse_inode 0 0 768 5 1 : tunables 54 27 8 : slabdata 0 0 0 +rpc_buffers 8 8 2048 2 1 : tunables 24 12 8 : slabdata 4 4 0 +rpc_tasks 8 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +rpc_inode_cache 8 8 832 4 1 : tunables 54 27 8 : slabdata 2 2 0 +hgfsInodeCache 1 6 640 6 1 : tunables 54 27 8 : slabdata 1 1 0 +AF_VMCI 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +nf_conntrack_expect 0 0 240 16 1 : tunables 120 60 8 : slabdata 0 0 0 +nf_conntrack_ffffffff8200cec0 22 26 304 13 1 : tunables 54 27 8 : slabdata 2 2 0 +fib6_nodes 22 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0 +ip6_dst_cache 13 30 384 10 1 : tunables 54 27 8 : slabdata 3 3 0 +ndisc_cache 1 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +ip6_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +RAWv6 67 68 1024 4 1 : tunables 54 27 8 : slabdata 17 17 0 +UDPLITEv6 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +UDPv6 4 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0 +tw_sock_TCPv6 0 0 320 12 1 : tunables 54 27 8 : slabdata 0 0 0 +request_sock_TCPv6 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +TCPv6 9 10 1856 2 1 : tunables 24 12 8 : slabdata 5 5 0 +jbd2_1k 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +avtab_node 502203 502416 24 144 1 : tunables 120 60 8 : slabdata 3489 3489 0 +ext4_inode_cache 74762 74820 1024 4 1 : tunables 54 27 8 : slabdata 18705 18705 0 +ext4_xattr 9 44 88 44 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_free_block_extents 32 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_alloc_context 28 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_prealloc_space 18 37 104 37 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_system_zone 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0 +jbd2_journal_handle 32 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0 +jbd2_journal_head 74 102 112 34 1 : tunables 120 60 8 : slabdata 3 3 0 +jbd2_revoke_table 4 202 16 202 1 : tunables 120 60 8 : slabdata 1 1 0 +jbd2_revoke_record 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +dm_crypt_io 50 50 152 25 1 : tunables 120 60 8 : slabdata 2 2 0 +sd_ext_cdb 2 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0 +scsi_sense_cache 25 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0 +scsi_cmd_cache 28 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0 +dm_raid1_read_record 0 0 1064 7 2 : tunables 24 12 8 : slabdata 0 0 0 +kcopyd_job 0 0 3240 2 2 : tunables 24 12 8 : slabdata 0 0 0 +io 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +dm_uevent 0 0 2608 3 2 : tunables 24 12 8 : slabdata 0 0 0 +dm_rq_clone_bio_info 0 0 16 202 1 : tunables 120 60 8 : slabdata 0 0 0 +dm_rq_target_io 0 0 392 10 1 : tunables 54 27 8 : slabdata 0 0 0 +dm_target_io 844 864 24 144 1 : tunables 120 60 8 : slabdata 6 6 0 +dm_io 828 828 40 92 1 : tunables 120 60 8 : slabdata 9 9 0 +flow_cache 0 0 96 40 1 : tunables 120 60 8 : slabdata 0 0 0 +uhci_urb_priv 6 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0 +cfq_io_context 4 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0 +cfq_queue 5 16 240 16 1 : tunables 120 60 8 : slabdata 1 1 0 +bsg_cmd 0 0 312 12 1 : tunables 54 27 8 : slabdata 0 0 0 +mqueue_inode_cache 1 4 896 4 1 : tunables 54 27 8 : slabdata 1 1 0 +isofs_inode_cache 0 0 640 6 1 : tunables 54 27 8 : slabdata 0 0 0 +hugetlbfs_inode_cache 1 6 608 6 1 : tunables 54 27 8 : slabdata 1 1 0 +dquot 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +kioctx 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0 +kiocb 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +inotify_event_private_data 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +inotify_inode_mark_entry 186 204 112 34 1 : tunables 120 60 8 : slabdata 6 6 0 +dnotify_mark_entry 1 34 112 34 1 : tunables 120 60 8 : slabdata 1 1 0 +dnotify_struct 1 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0 +fasync_cache 6 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0 +khugepaged_mm_slot 83 92 40 92 1 : tunables 120 60 8 : slabdata 1 1 0 +ksm_mm_slot 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +ksm_stable_node 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0 +ksm_rmap_item 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +utrace_engine 0 0 56 67 1 : tunables 120 60 8 : slabdata 0 0 0 +utrace 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +pid_namespace 0 0 2120 3 2 : tunables 24 12 8 : slabdata 0 0 0 +nsproxy 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +posix_timers_cache 0 0 176 22 1 : tunables 120 60 8 : slabdata 0 0 0 +uid_cache 10 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0 +UNIX 459 480 768 5 1 : tunables 54 27 8 : slabdata 96 96 0 +ip_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +UDP-Lite 0 0 832 9 2 : tunables 54 27 8 : slabdata 0 0 0 +tcp_bind_bucket 15 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0 +inet_peer_cache 4 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0 +secpath_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +xfrm_dst_cache 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0 +ip_fib_alias 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +ip_fib_hash 10 106 72 53 1 : tunables 120 60 8 : slabdata 2 2 0 +ip_dst_cache 29 50 384 10 1 : tunables 54 27 8 : slabdata 5 5 0 +arp_cache 4 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +RAW 65 72 832 9 2 : tunables 54 27 8 : slabdata 8 8 0 +UDP 6 18 832 9 2 : tunables 54 27 8 : slabdata 2 2 0 +tw_sock_TCP 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +request_sock_TCP 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +TCP 20 24 1664 4 2 : tunables 24 12 8 : slabdata 6 6 0 +eventpoll_pwq 126 212 72 53 1 : tunables 120 60 8 : slabdata 4 4 0 +eventpoll_epi 126 180 128 30 1 : tunables 120 60 8 : slabdata 6 6 0 +sgpool-128 2 2 4096 1 1 : tunables 24 12 8 : slabdata 2 2 0 +sgpool-64 2 2 2048 2 1 : tunables 24 12 8 : slabdata 1 1 0 +sgpool-32 2 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0 +sgpool-16 2 8 512 8 1 : tunables 54 27 8 : slabdata 1 1 0 +sgpool-8 15 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +scsi_data_buffer 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0 +blkdev_integrity 0 0 112 34 1 : tunables 120 60 8 : slabdata 0 0 0 +blkdev_queue 29 30 2856 2 2 : tunables 24 12 8 : slabdata 15 15 0 +blkdev_requests 42 66 352 11 1 : tunables 54 27 8 : slabdata 5 6 0 +blkdev_ioc 5 48 80 48 1 : tunables 120 60 8 : slabdata 1 1 0 +fsnotify_event_holder 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0 +fsnotify_event 0 0 104 37 1 : tunables 120 60 8 : slabdata 0 0 0 +bio-0 180 180 192 20 1 : tunables 120 60 8 : slabdata 9 9 0 +biovec-256 66 66 4096 1 1 : tunables 24 12 8 : slabdata 66 66 0 +biovec-128 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0 +biovec-64 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +biovec-16 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +bip-256 2 2 4224 1 2 : tunables 8 4 0 : slabdata 2 2 0 +bip-128 0 0 2176 3 2 : tunables 24 12 8 : slabdata 0 0 0 +bip-64 0 0 1152 7 2 : tunables 24 12 8 : slabdata 0 0 0 +bip-16 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0 +bip-4 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +bip-1 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +sock_inode_cache 667 685 704 5 1 : tunables 54 27 8 : slabdata 137 137 0 +skbuff_fclone_cache 7 7 512 7 1 : tunables 54 27 8 : slabdata 1 1 0 +skbuff_head_cache 302 450 256 15 1 : tunables 120 60 8 : slabdata 30 30 0 +file_lock_cache 38 44 176 22 1 : tunables 120 60 8 : slabdata 2 2 0 +net_namespace 0 0 2112 3 2 : tunables 24 12 8 : slabdata 0 0 0 +shmem_inode_cache 774 775 800 5 1 : tunables 54 27 8 : slabdata 155 155 0 +Acpi-Operand 4563 4664 72 53 1 : tunables 120 60 8 : slabdata 88 88 0 +Acpi-ParseExt 0 0 72 53 1 : tunables 120 60 8 : slabdata 0 0 0 +Acpi-Parse 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +Acpi-State 0 0 80 48 1 : tunables 120 60 8 : slabdata 0 0 0 +Acpi-Namespace 3311 3312 40 92 1 : tunables 120 60 8 : slabdata 36 36 0 +task_delay_info 332 340 112 34 1 : tunables 120 60 8 : slabdata 10 10 0 +taskstats 5 12 328 12 1 : tunables 54 27 8 : slabdata 1 1 0 +proc_inode_cache 1008 1008 640 6 1 : tunables 54 27 8 : slabdata 168 168 0 +sigqueue 35 48 160 24 1 : tunables 120 60 8 : slabdata 2 2 0 +bdev_cache 32 36 832 4 1 : tunables 54 27 8 : slabdata 9 9 0 +sysfs_dir_cache 11356 11367 144 27 1 : tunables 120 60 8 : slabdata 421 421 0 +mnt_cache 37 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0 +filp 4614 4700 192 20 1 : tunables 120 60 8 : slabdata 235 235 60 +inode_cache 6883 7308 592 6 1 : tunables 54 27 8 : slabdata 1218 1218 0 +dentry 61000 63960 192 20 1 : tunables 120 60 8 : slabdata 3198 3198 0 +names_cache 26 26 4096 1 1 : tunables 24 12 8 : slabdata 26 26 0 +avc_node 518 1239 64 59 1 : tunables 120 60 8 : slabdata 21 21 0 +selinux_inode_security 84086 86072 72 53 1 : tunables 120 60 8 : slabdata 1624 1624 0 +radix_tree_node 11552 11781 560 7 1 : tunables 54 27 8 : slabdata 1683 1683 0 +key_jar 11 20 192 20 1 : tunables 120 60 8 : slabdata 1 1 0 +buffer_head 220986 230214 104 37 1 : tunables 120 60 8 : slabdata 6222 6222 0 +vm_area_struct 12932 13034 200 19 1 : tunables 120 60 8 : slabdata 686 686 60 +mm_struct 145 145 1408 5 2 : tunables 24 12 8 : slabdata 29 29 0 +fs_cache 137 177 64 59 1 : tunables 120 60 8 : slabdata 3 3 0 +files_cache 162 165 704 11 2 : tunables 54 27 8 : slabdata 15 15 0 +signal_cache 204 204 1024 4 1 : tunables 54 27 8 : slabdata 51 51 0 +sighand_cache 195 195 2112 3 2 : tunables 24 12 8 : slabdata 65 65 0 +task_xstate 232 232 512 8 1 : tunables 54 27 8 : slabdata 29 29 0 +task_struct 303 303 2656 3 2 : tunables 24 12 8 : slabdata 101 101 0 +cred_jar 580 580 192 20 1 : tunables 120 60 8 : slabdata 29 29 0 +anon_vma_chain 7844 8162 48 77 1 : tunables 120 60 8 : slabdata 106 106 60 +anon_vma 5773 5888 40 92 1 : tunables 120 60 8 : slabdata 64 64 60 +pid 322 330 128 30 1 : tunables 120 60 8 : slabdata 11 11 0 +shared_policy_node 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +numa_policy 1 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0 +idr_layer_cache 428 434 544 7 1 : tunables 54 27 8 : slabdata 62 62 0 +size-4194304(DMA) 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0 +size-4194304 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0 +size-2097152(DMA) 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0 +size-2097152 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0 +size-1048576(DMA) 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0 +size-1048576 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0 +size-524288(DMA) 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0 +size-524288 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0 +size-262144(DMA) 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0 +size-262144 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0 +size-131072(DMA) 0 0 131072 1 32 : tunables 8 4 0 : slabdata 0 0 0 +size-131072 1 1 131072 1 32 : tunables 8 4 0 : slabdata 1 1 0 +size-65536(DMA) 0 0 65536 1 16 : tunables 8 4 0 : slabdata 0 0 0 +size-65536 2 2 65536 1 16 : tunables 8 4 0 : slabdata 2 2 0 +size-32768(DMA) 0 0 32768 1 8 : tunables 8 4 0 : slabdata 0 0 0 +size-32768 3 3 32768 1 8 : tunables 8 4 0 : slabdata 3 3 0 +size-16384(DMA) 0 0 16384 1 4 : tunables 8 4 0 : slabdata 0 0 0 +size-16384 11 11 16384 1 4 : tunables 8 4 0 : slabdata 11 11 0 +size-8192(DMA) 0 0 8192 1 2 : tunables 8 4 0 : slabdata 0 0 0 +size-8192 27 27 8192 1 2 : tunables 8 4 0 : slabdata 27 27 0 +size-4096(DMA) 0 0 4096 1 1 : tunables 24 12 8 : slabdata 0 0 0 +size-4096 425 425 4096 1 1 : tunables 24 12 8 : slabdata 425 425 0 +size-2048(DMA) 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0 +size-2048 578 578 2048 2 1 : tunables 24 12 8 : slabdata 289 289 0 +size-1024(DMA) 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +size-1024 1304 1304 1024 4 1 : tunables 54 27 8 : slabdata 326 326 0 +size-512(DMA) 0 0 512 8 1 : tunables 54 27 8 : slabdata 0 0 0 +size-512 1123 1176 512 8 1 : tunables 54 27 8 : slabdata 147 147 0 +size-256(DMA) 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +size-256 870 870 256 15 1 : tunables 120 60 8 : slabdata 58 58 0 +size-192(DMA) 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +size-192 2119 2160 192 20 1 : tunables 120 60 8 : slabdata 108 108 0 +size-128(DMA) 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +size-64(DMA) 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +size-64 33003 40887 64 59 1 : tunables 120 60 8 : slabdata 693 693 0 +size-32(DMA) 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +size-128 3921 4800 128 30 1 : tunables 120 60 8 : slabdata 160 160 0 +size-32 332359 332976 32 112 1 : tunables 120 60 8 : slabdata 2973 2973 0 +kmem_cache 191 191 32896 1 16 : tunables 8 4 0 : slabdata 191 191 0 +Inter-| Receive | Transmit + face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed + lo:267102759 105357 0 0 0 0 0 0 267102759 105357 0 0 0 0 0 0 + eth0:1013756074 1354469 0 0 0 0 0 0 245526499 966773 0 0 0 0 0 0 + pan0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 diff --git a/test/aux-fixed/exim-ca/example.com/CA/pwdfile b/test/aux-fixed/exim-ca/example.com/CA/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/CA/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.com/CA/secmod.db b/test/aux-fixed/exim-ca/example.com/CA/secmod.db new file mode 100644 index 000000000..c7f115bd6 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/CA/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/expired1.example.com/ca_chain.pem new file mode 100644 index 000000000..f8f92755b --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired1.example.com/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.com/CN=clica Signing Cert +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.com/CN=clica CA +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw +MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o +mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+ +ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: expired1.example.com + localKeyID: C3 70 0A 4C 75 DB 50 B7 1F 67 60 9C DC AD 17 A3 C0 65 5F FF +subject=/CN=expired1.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMVoXDTEyMTIwMTEyMzQwMVowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuhbGp8Jqy4UZdYGiPLl+q1m4 +dBdrY6689kqn5x5FUZ4PNl9ty9+mnC2Dx5WiYbrOybQZViM9lAIvGRI1GKsHdwID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w +bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAkrXPLW+etluRGUilUcMsAWEZJ8Syu317 +kXvPuyjNVz3+lGo/4hzhehSusTzy4+22UgsBmgZpjG+uI8tNRmDnAQ== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/expired1.example.com/cert8.db new file mode 100644 index 000000000..29784aef4 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.chain.pem new file mode 100644 index 000000000..fe5dcdf2f --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: expired1.example.com + localKeyID: C3 70 0A 4C 75 DB 50 B7 1F 67 60 9C DC AD 17 A3 C0 65 5F FF +subject=/CN=expired1.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMVoXDTEyMTIwMTEyMzQwMVowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuhbGp8Jqy4UZdYGiPLl+q1m4 +dBdrY6689kqn5x5FUZ4PNl9ty9+mnC2Dx5WiYbrOybQZViM9lAIvGRI1GKsHdwID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w +bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAkrXPLW+etluRGUilUcMsAWEZJ8Syu317 +kXvPuyjNVz3+lGo/4hzhehSusTzy4+22UgsBmgZpjG+uI8tNRmDnAQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.key b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.key new file mode 100644 index 000000000..ecfb0cbc7 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: expired1.example.com + localKeyID: C3 70 0A 4C 75 DB 50 B7 1F 67 60 9C DC AD 17 A3 C0 65 5F FF +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQINZM2aHxF3EcCAggA +MBQGCCqGSIb3DQMHBAjc9XMhJPg/ZwSCAVicoTPaeGXGPJyPdhflErlI9EWbj0PH +bv8AchovLDfYq1Q4EJzkUG1XyelHNha+BS/zFxCcmtpdQtXedL/SdXsOyM99wdJH +tjpJyWxM3bysqDUdhv2g11KTG0M9L7RBtKmbQq0zcHf9oTZbABKSe4EzX6a9khJY +5bRVBSQPNtj3/5aAr0BOQQnythh0880FcYmvbFmZQNR12Cexc0+X0/aTaQ/LhM1y +8GlRBFXGACP+mrY4RfEk/EatcGmqn4JCVASF7Z7zu7JKsEskLDArF9nvVh2xN22n +DugUfQDRPph4ug2MyUcKNSZzGs+khWmS2TgPgUV0gr1tqS4Sqo+59NuZInyGSMRn +FeiFTSYcd+zmxinF20MCs+Y6fFasErs6/zdK5oeV8pMlTCX0/yky9Ye4kfth2oHl +UV+Rfe2Bo40wn6QkxuptagYdoDTJrMUCH9WL/ODRn4IA1Q== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.dated.resp new file mode 100644 index 000000000..d7ba6319e Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.good.resp new file mode 100644 index 000000000..3714a90de Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.req new file mode 100644 index 000000000..37b83a669 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.revoked.resp new file mode 100644 index 000000000..4a259407a Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.p12 b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.p12 new file mode 100644 index 000000000..488e3e58d Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.pem b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.pem new file mode 100644 index 000000000..d30bbe096 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: expired1.example.com + localKeyID: C3 70 0A 4C 75 DB 50 B7 1F 67 60 9C DC AD 17 A3 C0 65 5F FF +subject=/CN=expired1.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMVoXDTEyMTIwMTEyMzQwMVowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuhbGp8Jqy4UZdYGiPLl+q1m4 +dBdrY6689kqn5x5FUZ4PNl9ty9+mnC2Dx5WiYbrOybQZViM9lAIvGRI1GKsHdwID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w +bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAkrXPLW+etluRGUilUcMsAWEZJ8Syu317 +kXvPuyjNVz3+lGo/4hzhehSusTzy4+22UgsBmgZpjG+uI8tNRmDnAQ== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.unlocked.key new file mode 100644 index 000000000..9754e14fe --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired1.example.com/expired1.example.com.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBALoWxqfCasuFGXWBojy5fqtZuHQXa2OuvPZKp+ceRVGeDzZfbcvf +ppwtg8eVomG6zsm0GVYjPZQCLxkSNRirB3cCAwEAAQJAbb0wuY21XP/I27ru6dCa +GoJ2fD+zXL2XQccU7P608kO6R9g73lx48QT21OGvLkKGA4J2U3qqvqJWKP580o3X +gQIhAN8A4PM0w3cLBnibnQcr+5TfhSUye/4AQcaqUQBnjQW5AiEA1Z+eWtugFdR3 +D6ntc4UdyXsO1DMDn6QyuyEyrJqUDq8CIGGfrtqJVLB+gRy3cuy60m3/0/fOu/0b ++6+Oy9sTeebxAiBK7m5RWHBSt+/7YpOTzcGhBrUw4aQHv0S8Nuzbdm0wqQIgYW0B +7KVyChX6OpKifrdrSK3Jp3iXP9pgNunxGNj1QbM= +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/expired1.example.com/key3.db new file mode 100644 index 000000000..706f876a7 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/pwdfile b/test/aux-fixed/exim-ca/example.com/expired1.example.com/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired1.example.com/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.com/expired1.example.com/secmod.db b/test/aux-fixed/exim-ca/example.com/expired1.example.com/secmod.db new file mode 100644 index 000000000..db5dae7d0 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired1.example.com/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/expired2.example.com/ca_chain.pem new file mode 100644 index 000000000..cb3f97569 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired2.example.com/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.com/CN=clica Signing Cert +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.com/CN=clica CA +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw +MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o +mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+ +ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: expired2.example.com + localKeyID: 00 5E 8C 89 32 69 66 73 D9 E7 D3 9C E8 6A 72 27 1D C2 65 87 +subject=/CN=expired2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDJaFw0xMjEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANs6ryDCjUepqaS5l0ZmpJ3m +bU0/nDE43cIfDCU+70Jjvf4rxfiQu1N1iiTO2IdRcxai/STBGxpaJRvo/G5l778C +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBABTJbEBMPo/NbiMz+shKPbN+T+oAoneT +mb1n+3cM5I3RGkkzF8mYDyamimNn+T8GKWdVkiM/Jov1kv+KY5Twg+U= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/expired2.example.com/cert8.db new file mode 100644 index 000000000..1f5daa20e Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.chain.pem new file mode 100644 index 000000000..153025b6c --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: expired2.example.com + localKeyID: 00 5E 8C 89 32 69 66 73 D9 E7 D3 9C E8 6A 72 27 1D C2 65 87 +subject=/CN=expired2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDJaFw0xMjEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANs6ryDCjUepqaS5l0ZmpJ3m +bU0/nDE43cIfDCU+70Jjvf4rxfiQu1N1iiTO2IdRcxai/STBGxpaJRvo/G5l778C +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBABTJbEBMPo/NbiMz+shKPbN+T+oAoneT +mb1n+3cM5I3RGkkzF8mYDyamimNn+T8GKWdVkiM/Jov1kv+KY5Twg+U= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.key b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.key new file mode 100644 index 000000000..4390919d3 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: expired2.example.com + localKeyID: 00 5E 8C 89 32 69 66 73 D9 E7 D3 9C E8 6A 72 27 1D C2 65 87 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI0nrN9i220lwCAggA +MBQGCCqGSIb3DQMHBAjYbPQkuir8nQSCAWANYVbKcEW9iaRzdj6AmMMZw4wnklZI +rR+R/Eaz92xDWHLv9Qo03JK2OoGgkhE3QvyNxP7Sm69hgErN202M1s7CW66HAt60 +T0XmvbZoXYkn3iPzi6Txi1GQnzo7gfd1S0phD/4q+Tq38nRzJjvHjsL1ebjiFZ2y +t5cF+gW7+3LEKT/s0K/WpS6QKTgl/W5iV09Tix1eOPckv7z4Cs2fiurohPocUTFa +B/hdKTun4MwmcchFrgjRda+jz/P42xtgaSmhIETD+C3jnbdEZWFY4xYijyffEUR0 +gUHKH6UPxqoJyeL8ziQmz2jc4j1glnedslHjS+fKlLCU1QKYbhgCcRB4tqILxd9M +e3/QQksgTFZtGymqPuwPMngcR2Om+E3f0UJnCXcaINJp971l971H/yhieYjxQua4 +8NNKVdz6EzYa/46Gv77Nu7+OQ0zGhMowpjGS4kTE9qOQ3udrdL2kFYJm +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.dated.resp new file mode 100644 index 000000000..5690dfa9a Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.good.resp new file mode 100644 index 000000000..db5b8e0a3 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.req new file mode 100644 index 000000000..0242fc407 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.revoked.resp new file mode 100644 index 000000000..db5b8e0a3 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.p12 b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.p12 new file mode 100644 index 000000000..d8327d3a5 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.pem b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.pem new file mode 100644 index 000000000..91a46f95a --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: expired2.example.com + localKeyID: 00 5E 8C 89 32 69 66 73 D9 E7 D3 9C E8 6A 72 27 1D C2 65 87 +subject=/CN=expired2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDJaFw0xMjEyMDExMjM0MDJaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANs6ryDCjUepqaS5l0ZmpJ3m +bU0/nDE43cIfDCU+70Jjvf4rxfiQu1N1iiTO2IdRcxai/STBGxpaJRvo/G5l778C +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBABTJbEBMPo/NbiMz+shKPbN+T+oAoneT +mb1n+3cM5I3RGkkzF8mYDyamimNn+T8GKWdVkiM/Jov1kv+KY5Twg+U= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.unlocked.key new file mode 100644 index 000000000..cc0620beb --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired2.example.com/expired2.example.com.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBANs6ryDCjUepqaS5l0ZmpJ3mbU0/nDE43cIfDCU+70Jjvf4rxfiQ +u1N1iiTO2IdRcxai/STBGxpaJRvo/G5l778CAwEAAQJAads7RulKSMkuxgBrgC39 +3NSwAHXvmIDp61sMhUuPQhF8kxF9IistHoa4TBW3tdSVepBSDoMk0Ote+0UgO3wK +SQIhAPC8xBwjNC+gpnaxOvz2iLGbVwISPgM/TMaa+goBJ3o1AiEA6SDVyZi34Gia +W0YYzmQaJv2VcmGYh0JQ+diJT7qaoKMCIQCfZy6nvvu4KbTv1MzNYWUDzWsgePnM +5qYsv8OeykLcnQIgU4JDkrd2Bpjx0ghGEoihJZ5ozlRPgwQqZZU/eqPph+kCIBAd +MOImezJcizVRRG9PuyxuSvwLlPqjvFKnw2ixRkuW +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/expired2.example.com/key3.db new file mode 100644 index 000000000..9bce6fa62 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/pwdfile b/test/aux-fixed/exim-ca/example.com/expired2.example.com/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/expired2.example.com/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.com/expired2.example.com/secmod.db b/test/aux-fixed/exim-ca/example.com/expired2.example.com/secmod.db new file mode 100644 index 000000000..a21c55fdb Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/expired2.example.com/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/ca_chain.pem new file mode 100644 index 000000000..ea68b9616 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.com/CN=clica Signing Cert +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.com/CN=clica CA +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw +MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o +mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+ +ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: revoked1.example.com + localKeyID: 33 F8 A9 1F FC 62 68 49 CC C9 26 E0 24 22 40 40 B5 8E E6 07 +subject=/CN=revoked1.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMVoXDTM4MDEwMTEyMzQwMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtmfFkNpuJsl8xF0EINs9YniA +h0NKsf8Tt61IVzDsR5ULJOSpA7rcqmbniYuWJ7H1q8Rm5WTqjLs5zIKG+cR/lwID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w +bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAXzFO3fDq0RRzNgmAa9aorYUQUx1f6ifG +e9zS1V/Qua9HguY4FCm5NkLDSA46OA/NYEtnC3tDNF6PLSNi1Ww9NQ== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/cert8.db new file mode 100644 index 000000000..d74575f49 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/key3.db new file mode 100644 index 000000000..a35bc2662 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/pwdfile b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem new file mode 100644 index 000000000..abb2b6c7a --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: revoked1.example.com + localKeyID: 33 F8 A9 1F FC 62 68 49 CC C9 26 E0 24 22 40 40 B5 8E E6 07 +subject=/CN=revoked1.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMVoXDTM4MDEwMTEyMzQwMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtmfFkNpuJsl8xF0EINs9YniA +h0NKsf8Tt61IVzDsR5ULJOSpA7rcqmbniYuWJ7H1q8Rm5WTqjLs5zIKG+cR/lwID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w +bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAXzFO3fDq0RRzNgmAa9aorYUQUx1f6ifG +e9zS1V/Qua9HguY4FCm5NkLDSA46OA/NYEtnC3tDNF6PLSNi1Ww9NQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.key b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.key new file mode 100644 index 000000000..05072316a --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: revoked1.example.com + localKeyID: 33 F8 A9 1F FC 62 68 49 CC C9 26 E0 24 22 40 40 B5 8E E6 07 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIxIBGy/hgXxwCAggA +MBQGCCqGSIb3DQMHBAj96WZ8xRBC6QSCAVjQ7DTLCFeVW0ah1ECV+1bvGiQy9JwH +fxHD3s2Wg7+McsAfF2oSx8R0Za7miR70Ke94xrraIuH0NeltyalI5iQOjbGe1W8V +exnRfXI+87W9QHVI85TW2l6pXCR96cj6zrxQAhXFamDY/SfgwTbaQibrduD2eoct +IvJ8QsaywSKwpnQAN/4XlQ6aus7w1ywtvFek+15oAfgACG/mXaZZa9sg/pRzHT3a +8qJjMpJSDOd5QUxKIShidYPNKA88EIvdg9+0wNj42w9A4rAwaoqol4RzdLu8dXbG +lGjiRdGwkMvlwnAWY68hPnAPOiH8ev7lNPkOkk+YsIVoJK7AoEGyvNk2N02kaBBf +xfrHIt8jh8Suvfp0HJbdeBTTT1qu/acwNbeA2TVVXdXyoZTrSWiwmv4P0lBYXJIx +raWLqaaImi5JvL1o5ATr3s8RtD+0iWH5LUuWdzI/agJKUw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.dated.resp new file mode 100644 index 000000000..692482662 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.good.resp new file mode 100644 index 000000000..ed8cdb33b Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.req new file mode 100644 index 000000000..c16dc3702 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.revoked.resp new file mode 100644 index 000000000..76a2e149e Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.p12 b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.p12 new file mode 100644 index 000000000..bcc39e53c Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.pem b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.pem new file mode 100644 index 000000000..ada2bfd34 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: revoked1.example.com + localKeyID: 33 F8 A9 1F FC 62 68 49 CC C9 26 E0 24 22 40 40 B5 8E E6 07 +subject=/CN=revoked1.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMVoXDTM4MDEwMTEyMzQwMVowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtmfFkNpuJsl8xF0EINs9YniA +h0NKsf8Tt61IVzDsR5ULJOSpA7rcqmbniYuWJ7H1q8Rm5WTqjLs5zIKG+cR/lwID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w +bGUuY29tMA0GCSqGSIb3DQEBBQUAA0EAXzFO3fDq0RRzNgmAa9aorYUQUx1f6ifG +e9zS1V/Qua9HguY4FCm5NkLDSA46OA/NYEtnC3tDNF6PLSNi1Ww9NQ== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key new file mode 100644 index 000000000..f124bccca --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/revoked1.example.com.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBALZnxZDabibJfMRdBCDbPWJ4gIdDSrH/E7etSFcw7EeVCyTkqQO6 +3Kpm54mLliex9avEZuVk6oy7OcyChvnEf5cCAwEAAQJALGjPfRjxQJhFvDk5TBaU +t2jHQidsBDIqRsn1luTeYf7KVwL5p51LV27UBqIF+UPa3Wl04rc5IWSCp5CIpASa +IQIhAN6Ekj/LESey/9nn85fDMUH45PgW/7J+NeqwgK6zoyulAiEA0doPRY/U2ano +Hu94mggwB693XasYuRsSsGZWK1+nCYsCIF1BXjGSH0xt/kAKr9IoodouP3eh2+Oo +dVw4QJX2/ylpAiAZUYjUKLVSiZhS2yue0ewRkU8CgxkZhDWuCLrOwtyhXwIgJr3H +b3LNAipslDnHrNzBK2GB6MlM7/+foJ7Lu7pbK+o= +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked1.example.com/secmod.db b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/secmod.db new file mode 100644 index 000000000..f95ff683b Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked1.example.com/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/ca_chain.pem new file mode 100644 index 000000000..d9830bc9e --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.com/CN=clica Signing Cert +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.com/CN=clica CA +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw +MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o +mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+ +ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: revoked2.example.com + localKeyID: 17 78 A2 B6 AD CE 30 23 61 D1 78 DA EF AD AC 2D 72 C6 16 34 +subject=/CN=revoked2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDJaFw0zODAxMDExMjM0MDJaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALl7NO1x6uz5p6etz9g+bD4n +/s5Wh/XGDL1IHD78fRFFX9B8dCyoMrzjFTIz8QkOr/sA4RD2B2uk83ZnqtNImY0C +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBAKtwWm1WtnL+jH97DwIutT6s4CkIY2uY +JkpV4segUV03S1pN9Cnamy4prQYPCfOI1BQO4krsDNOoV/PtDvqxuso= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/cert8.db new file mode 100644 index 000000000..45ca163f9 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/key3.db new file mode 100644 index 000000000..4976f1463 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/pwdfile b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.chain.pem new file mode 100644 index 000000000..ecdf2a56d --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: revoked2.example.com + localKeyID: 17 78 A2 B6 AD CE 30 23 61 D1 78 DA EF AD AC 2D 72 C6 16 34 +subject=/CN=revoked2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDJaFw0zODAxMDExMjM0MDJaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALl7NO1x6uz5p6etz9g+bD4n +/s5Wh/XGDL1IHD78fRFFX9B8dCyoMrzjFTIz8QkOr/sA4RD2B2uk83ZnqtNImY0C +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBAKtwWm1WtnL+jH97DwIutT6s4CkIY2uY +JkpV4segUV03S1pN9Cnamy4prQYPCfOI1BQO4krsDNOoV/PtDvqxuso= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.key b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.key new file mode 100644 index 000000000..41e27177d --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: revoked2.example.com + localKeyID: 17 78 A2 B6 AD CE 30 23 61 D1 78 DA EF AD AC 2D 72 C6 16 34 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFV1GIQOsrw4CAggA +MBQGCCqGSIb3DQMHBAgtBn7nWaro7ASCAWArJ92GA0suBbeIF2CisKcYFfGP+KD5 +LUOKocnSVgVeEvjQmoLzb/YAnXQsh3HtfHjbsJg1Hix4XIRI6skZD33JhhQZha/0 +M8QsA3GBCPcskjQCIMg0FVltjZOVnR20JxlI0HtMybZrIlhNCcWrLkVhU8CRbzFc +Pubs7P9xIxlfuWVAEBmlOb1LkctHKnWlvVDR4Bef7epwa/KttSmLbBHuayQiwvms +axUke+NYJvzFWfKpTXP0OHOfz7cdb5dN/BcF642LIGu2f7nY7vGbSG9+iZ4Mb85k +FBbuSFquqAdxho6IHL7p/xfsW3k8+o6jKhCqkFaY1O1TNLmNtyJSyULDEbJMBiBF +Q0pLC3AF6EtPDvN7gIvlY6jERZb7j8DJrCnjbEJR1IF09DrH3EdfaYLnGd+0/SRn +UPY0jNEmT8hwj1ANacuSlBaIXYSjtjDYwJTz4DJA36z+03TDo/ahxwaW +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.dated.resp new file mode 100644 index 000000000..2d46e900a Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.good.resp new file mode 100644 index 000000000..4651403ef Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.req new file mode 100644 index 000000000..78aa197a4 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.revoked.resp new file mode 100644 index 000000000..4651403ef Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.p12 b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.p12 new file mode 100644 index 000000000..d94652eda Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.pem b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.pem new file mode 100644 index 000000000..529be660e --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: revoked2.example.com + localKeyID: 17 78 A2 B6 AD CE 30 23 61 D1 78 DA EF AD AC 2D 72 C6 16 34 +subject=/CN=revoked2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDJaFw0zODAxMDExMjM0MDJaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALl7NO1x6uz5p6etz9g+bD4n +/s5Wh/XGDL1IHD78fRFFX9B8dCyoMrzjFTIz8QkOr/sA4RD2B2uk83ZnqtNImY0C +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5jb20vbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUuY29tLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt +cGxlLmNvbTANBgkqhkiG9w0BAQUFAANBAKtwWm1WtnL+jH97DwIutT6s4CkIY2uY +JkpV4segUV03S1pN9Cnamy4prQYPCfOI1BQO4krsDNOoV/PtDvqxuso= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.unlocked.key new file mode 100644 index 000000000..9c8a59b5a --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/revoked2.example.com.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBALl7NO1x6uz5p6etz9g+bD4n/s5Wh/XGDL1IHD78fRFFX9B8dCyo +MrzjFTIz8QkOr/sA4RD2B2uk83ZnqtNImY0CAwEAAQJBAKkeAI07YDOAEnCd1zPY +/sLRns+uMDtUwArZs/9uIe7a3X4ussXCv60z9epuGre7StXrVyDGBnGqGexsKIiH +uaECIQDzrY97z+Zcb1RZ/ncQfiep40jMGmpDX/un+wtfkeICWQIhAMLcSIgL/FTH +t7ehuH5pClcJY0bX0tbOpfNgOWvMniJVAiEAyrYMkewOb8Dxg/gLJn48ErkP2zLy +SWA0orZV7MgYIukCIBcGcIui3u4lq0/HjEVjpBUkxtZYKlG3mWRoumBCjW0BAiEA +tqIijH5G06iofDnTIJzXFfetUPNl/wqJ1Xz6ECFh84s= +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/revoked2.example.com/secmod.db b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/secmod.db new file mode 100644 index 000000000..b7f2179f7 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/revoked2.example.com/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem new file mode 100644 index 000000000..5bb06777d --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.com/CN=clica Signing Cert +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.com/CN=clica CA +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw +MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o +mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+ +ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: server1.example.com + localKeyID: 7B 32 26 98 D0 B8 1E 75 99 29 DC F8 13 EE 29 B7 59 E3 DC DC +subject=/CN=server1.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMVoXDTM4MDEwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC6EbKf3ZB2Zm+SVn7KzSofX5I+ +3KANkvS0aVxUS/mtnKJg6JLKc2dVav1OmPTF/M8J21F6tVd8EHWBrlsgS3QdAgMB +AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu +Y29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw +Oi8vb3NjcC9leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl +LmNvbTANBgkqhkiG9w0BAQUFAANBALDva+1Fm8VMNtBTzLmk0wd+rAGNry/HPB++ +vNngBR33/8N/529Zr4WPrL2BeOZkQeDO1qH/2giCAvYfZoBOIO4= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/server1.example.com/cert8.db new file mode 100644 index 000000000..9d730fe90 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server1.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/server1.example.com/key3.db new file mode 100644 index 000000000..672b08826 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server1.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/pwdfile b/test/aux-fixed/exim-ca/example.com/server1.example.com/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/secmod.db b/test/aux-fixed/exim-ca/example.com/server1.example.com/secmod.db new file mode 100644 index 000000000..0883379dc Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server1.example.com/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem new file mode 100644 index 000000000..6ea0a5291 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: server1.example.com + localKeyID: 7B 32 26 98 D0 B8 1E 75 99 29 DC F8 13 EE 29 B7 59 E3 DC DC +subject=/CN=server1.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMVoXDTM4MDEwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC6EbKf3ZB2Zm+SVn7KzSofX5I+ +3KANkvS0aVxUS/mtnKJg6JLKc2dVav1OmPTF/M8J21F6tVd8EHWBrlsgS3QdAgMB +AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu +Y29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw +Oi8vb3NjcC9leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl +LmNvbTANBgkqhkiG9w0BAQUFAANBALDva+1Fm8VMNtBTzLmk0wd+rAGNry/HPB++ +vNngBR33/8N/529Zr4WPrL2BeOZkQeDO1qH/2giCAvYfZoBOIO4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.key b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.key new file mode 100644 index 000000000..02d5161e4 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: server1.example.com + localKeyID: 7B 32 26 98 D0 B8 1E 75 99 29 DC F8 13 EE 29 B7 59 E3 DC DC +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIt+n3xYebFlACAggA +MBQGCCqGSIb3DQMHBAi30QtCXj3kIQSCAVjO+WdU7jaPYN1v7ev2qNehi8MrvllJ +Q03/xCaiGTI7fUQM55W4Tc5+b952ni6ZtCnYfCojIQ6Wr0uyrabRE9nCRTudKAGv ++RG/vO576Wv69XblZaKwPp1ru5Fb+TqMRDmHsJKzmjx4/iN3l/673w8QEW+opYjI +i+azRCzMjUcFDkExEqXunJCDD4k0iWv/LTiXa/WfKoPncY6dmtjGt/ceGG7gn+sy +IGTPbVyX85I4lfSb42mQjticlqpNWNv+BasZNGIAGkreGEIR1HqvoIeIjyze4j/k +yAA/oAO7WucowZfX6Rcno9yO5Cjsbn60RPMe5aSnCKXH8OnaklegbzQCIXwlRapH +VCE28ladQ1+7zwCBhCW60WwhRN0UDQz9aFTrbhZ0uUZ13t/EcRr17f43hXnjwCVg ++q6ixyRnx4zSncCTL6iOe2ybUV8IXCFdrWnd7CYJOz804w== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp new file mode 100644 index 000000000..0e35bdfff Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp new file mode 100644 index 000000000..c616136d2 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.req new file mode 100644 index 000000000..fb9674a6f Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp new file mode 100644 index 000000000..aa6d371b4 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.p12 b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.p12 new file mode 100644 index 000000000..e7f3cfb95 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem new file mode 100644 index 000000000..5080ef803 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: server1.example.com + localKeyID: 7B 32 26 98 D0 B8 1E 75 99 29 DC F8 13 EE 29 B7 59 E3 DC DC +subject=/CN=server1.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMVoXDTM4MDEwMTEyMzQwMVowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC6EbKf3ZB2Zm+SVn7KzSofX5I+ +3KANkvS0aVxUS/mtnKJg6JLKc2dVav1OmPTF/M8J21F6tVd8EHWBrlsgS3QdAgMB +AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu +Y29tL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw +Oi8vb3NjcC9leGFtcGxlLmNvbS8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl +LmNvbTANBgkqhkiG9w0BAQUFAANBALDva+1Fm8VMNtBTzLmk0wd+rAGNry/HPB++ +vNngBR33/8N/529Zr4WPrL2BeOZkQeDO1qH/2giCAvYfZoBOIO4= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key new file mode 100644 index 000000000..a61697416 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBALoRsp/dkHZmb5JWfsrNKh9fkj7coA2S9LRpXFRL+a2comDokspz +Z1Vq/U6Y9MX8zwnbUXq1V3wQdYGuWyBLdB0CAwEAAQJAC7hRqAAsuUh6fp00H1IM +9Szv6UW8Tx6Si0qXpjei4mx/reGBvQGTIUJuGdXmuBH5tQHLPskjEqXmgiccWydz +gQIhAPCP3JccbCUpKELah84ikXuQs0PEnGfyg4oP22x0B5q3AiEAxgKV7eFrd5Qa +FfjHsK/HfrL8YQYynm8yDqqHnSsJY8sCIFei4Sa/uPoUs1EfkWfcGgnc3iGrB5uq +spbiTfqFjpujAiAcWvhvdU13dUz7AoJOKg3udeEwX7vV9mR7ty3ucuBIWwIgEy7b +le8z7zokRTzIKSMpl5xr/0Vp6DWlS0KwuLNuJjc= +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem b/test/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem new file mode 100644 index 000000000..dc1fbb709 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.com/CN=clica Signing Cert +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.com/CN=clica CA +issuer=/O=example.com/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAwWhcNMzgw +MTAxMTIzNDAwWjApMRQwEgYDVQQKEwtleGFtcGxlLmNvbTERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxYR8NYQvEd7/e4MvOj9dh2+o +mnywT9ajMo1589DWt2z14ouRKhSZWlx4O4AicPZc6n4uvt7++t0tTHhmm5JIbwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBALjVd1KMBadFJFIzTEspoPYxJvXKvLMclekQs5QY0lmmUj5+ +ugITEG6ywu3s+REUB+8Dj+ofQz3tgIm9NBpkfsA= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: server2.example.com + localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE +subject=/CN=server2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDFaFw0zODAxMDExMjM0MDFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA2TCJENbO0UK+Cjs2HSqq1OlM +VIJQs/ctua3DEcPOphjNwLrUqVGv5qkWFDHbsJ00hpiW7uK9tDfawSWmcFis1wID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5jb20wDQYJKoZIhvcNAQEFBQADQQCeF6NprEufUaSaqXhBk7hP7kX2NtTEkHmg +hm1yvEzKL1/7gmqhMAGFapGV90k/8J6L4FiIEaxIHuTvm94KfKZi +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/cert8.db b/test/aux-fixed/exim-ca/example.com/server2.example.com/cert8.db new file mode 100644 index 000000000..840f69431 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server2.example.com/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/key3.db b/test/aux-fixed/exim-ca/example.com/server2.example.com/key3.db new file mode 100644 index 000000000..89bff133c Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server2.example.com/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/pwdfile b/test/aux-fixed/exim-ca/example.com/server2.example.com/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/secmod.db b/test/aux-fixed/exim-ca/example.com/server2.example.com/secmod.db new file mode 100644 index 000000000..8ea139c76 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server2.example.com/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.chain.pem b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.chain.pem new file mode 100644 index 000000000..52263a231 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: server2.example.com + localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE +subject=/CN=server2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDFaFw0zODAxMDExMjM0MDFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA2TCJENbO0UK+Cjs2HSqq1OlM +VIJQs/ctua3DEcPOphjNwLrUqVGv5qkWFDHbsJ00hpiW7uK9tDfawSWmcFis1wID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5jb20wDQYJKoZIhvcNAQEFBQADQQCeF6NprEufUaSaqXhBk7hP7kX2NtTEkHmg +hm1yvEzKL1/7gmqhMAGFapGV90k/8J6L4FiIEaxIHuTvm94KfKZi +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLmNvbTERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAxWhcNMzgw +MTAxMTIzNDAxWjAzMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALGUYGllRw9Y +7ATtT3iqwv3rnnpYYWaxGdamUYznYS6l8lAyHFOqfEktdHZ+bUyRVWsbvyx/a2St +u1vpZpkihvMCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLmNvbS9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EApouSZ4cX2rx+pZWcDHJH+KaCMpMa +ScrHO8bFSCWI02ckzoIxWfu1DMNO++EpyzrTgyaXoCROjvhdslwucMqAIg== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.key b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.key new file mode 100644 index 000000000..a4960f965 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: server2.example.com + localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIFmRnQVx4IM4CAggA +MBQGCCqGSIb3DQMHBAj96PHFOGcW+gSCAVhUx92WT6m/52ZEGgqV+RyBKgHPv0Vk +NCrmKEJJAvGRWGl+jnpU780hLNx+qWHxGV6r+wyPN9F81oDhqeYQtIRIYC8tWBeC +9mouIU/iNXYUkun4ZaH6sIJSFfB/2l/pz5/GaiCqgQPPufGmRFsHcGcZlYpnLHkb +PyRFagan7QYIwUouBTyJ0o/OKBU/r6QM+ZO1zB4YqUutpYMTUbcD9zkj3eAFpIDZ +fuci+WK1imuUek9LdKifM8f5jdc4n/Ya5rFcpHg45CXz+pLntsprjQVzhFdQblZW +60ZyiJm682h7ioHhcJYmYyEa5DMItEqzLasQncMi/s8+SUCqTE0QaWYWJ+ofv1cD +GBYWoM7Ar47zaqgQYlKMKs9mDfUQ4FQy382yrnsPnyo+K8ra5ESUA++uIxMwouHo +x3dD4wV51jP8VC9VN2GWprZWffnxwMP4PxZejmZVbSWvPw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.dated.resp new file mode 100644 index 000000000..baa228161 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.good.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.good.resp new file mode 100644 index 000000000..80180be4b Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.req b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.req new file mode 100644 index 000000000..fe4957efd Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.revoked.resp new file mode 100644 index 000000000..80180be4b Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.p12 b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.p12 new file mode 100644 index 000000000..c080a6a7e Binary files /dev/null and b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.p12 differ diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem new file mode 100644 index 000000000..eacf55c65 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: server2.example.com + localKeyID: 69 B2 C3 8A B6 1C C2 19 F4 1B 4E 74 28 AF 12 89 E8 2E D9 BE +subject=/CN=server2.example.com +issuer=/O=example.com/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5jb20xGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDFaFw0zODAxMDExMjM0MDFaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA2TCJENbO0UK+Cjs2HSqq1OlM +VIJQs/ctua3DEcPOphjNwLrUqVGv5qkWFDHbsJ00hpiW7uK9tDfawSWmcFis1wID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +LmNvbS9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5jb20vMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5jb20wDQYJKoZIhvcNAQEFBQADQQCeF6NprEufUaSaqXhBk7hP7kX2NtTEkHmg +hm1yvEzKL1/7gmqhMAGFapGV90k/8J6L4FiIEaxIHuTvm94KfKZi +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key new file mode 100644 index 000000000..6e0c41e7a --- /dev/null +++ b/test/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBANkwiRDWztFCvgo7Nh0qqtTpTFSCULP3LbmtwxHDzqYYzcC61KlR +r+apFhQx27CdNIaYlu7ivbQ32sElpnBYrNcCAwEAAQJAAT7+ClKxLRIs9PISBWjR +Qhd0kKeOvvmUEZSlodx1uw42qqDQ0vfYMSOWzn8dlGQ/XGJ4xVwvFFklNCfWva4M +QQIhAPaoF/TqmR/dc2CLsQkWoZQqdu7w+uBnTnqqcQ1A2ci9AiEA4Wqw3SszsAwV +ELV+DCDouyncyMmCzJkDjYA1WYNiVyMCIAc3AYRjfFknRCG11Fbct5s65sG0gNIh +k3UZGTd3ByfNAiAbwAqt75eZYKNnPzCZRaPhBrJLdaNIlL2/Ob1Xm7kLiQIgWtVa +weFGKWW86QXScrel5sjNDxFv+ZvMd+heAiPqkXs= +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/BLANK/CA.pem b/test/aux-fixed/exim-ca/example.net/BLANK/CA.pem new file mode 100644 index 000000000..bed3d2fad --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/BLANK/CA.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje +SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2 +iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/BLANK/Signer.pem b/test/aux-fixed/exim-ca/example.net/BLANK/Signer.pem new file mode 100644 index 000000000..5d2b2ea83 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/BLANK/Signer.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/BLANK/cert8.db b/test/aux-fixed/exim-ca/example.net/BLANK/cert8.db new file mode 100644 index 000000000..0d794a075 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/BLANK/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/BLANK/key3.db b/test/aux-fixed/exim-ca/example.net/BLANK/key3.db new file mode 100644 index 000000000..31b9ac72c Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/BLANK/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/BLANK/pwdfile b/test/aux-fixed/exim-ca/example.net/BLANK/pwdfile new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/BLANK/pwdfile @@ -0,0 +1 @@ + diff --git a/test/aux-fixed/exim-ca/example.net/BLANK/secmod.db b/test/aux-fixed/exim-ca/example.net/BLANK/secmod.db new file mode 100644 index 000000000..8a8319376 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/BLANK/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/CA.pem b/test/aux-fixed/exim-ca/example.net/CA/CA.pem new file mode 100644 index 000000000..bed3d2fad --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/CA.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje +SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2 +iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/OCSP.key b/test/aux-fixed/exim-ca/example.net/CA/OCSP.key new file mode 100644 index 000000000..5ab675ca1 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/OCSP.key @@ -0,0 +1,14 @@ +Bag Attributes + friendlyName: OCSP Signer + localKeyID: 16 61 1B 08 43 C0 0E C4 AF 4D 7B E9 27 1D EB B0 D7 05 E9 75 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAsT/jRe87h2kyfvbt +YbvgOPS3y6+BPP8pVdU2CefZAy4mYhuj4ZejZgOf8W9XoonCKTW0Y31feBcy0cM+ +2TNM3QIDAQABAkEApPyuBevggnP2T95zKfUiioGoD43HA8sTY9T53xCTnPOrNNCv +Vn5+ZXao86JF3ly2jY8Eg0b1hFpfZsZMhG/PgQIhAOg/SgSXqPL8oON/Uot1IUHe +xLfwqW4toMwTknwdWO39AiEAw2ClhCYw/YTDdbh8sstP7k9HDNBPynwAuURLqc6/ +oGECIBDxVQgCvFuFnIMcLbxovhVdGALHNsUH5RweLWiKh4tNAiBSgpVD6tETr6bQ +J1paM6yM6uQJkEuyKo4vr5z4mHyq4QIhAMtfRG4+QspRY6aaAAebWBS4zwDiAZCH +6bnyjSzbUHsm +-----END PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/OCSP.p12 b/test/aux-fixed/exim-ca/example.net/CA/OCSP.p12 new file mode 100644 index 000000000..4ebddda7a Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/CA/OCSP.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/OCSP.pem b/test/aux-fixed/exim-ca/example.net/CA/OCSP.pem new file mode 100644 index 000000000..2d71376a7 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/OCSP.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBgDCCASqgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwM1oXDTM4MDEwMTEyMzQwM1owMjEUMBIGA1UEChMLZXhhbXBsZS5uZXQxGjAY +BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB +ALE/40XvO4dpMn727WG74Dj0t8uvgTz/KVXVNgnn2QMuJmIbo+GXo2YDn/FvV6KJ +wik1tGN9X3gXMtHDPtkzTN0CAwEAAaMqMCgwDgYDVR0PAQH/BAQDAgeAMBYGA1Ud +JQEB/wQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA0EAjPHbFyZJZHxLSqn5 +i4i7+sWFAueHbbVXyDkzbspOeAbUeuc+lyZ7gMkRofbfIyXIMzSggVKiBetK5gf8 +OhXNJA== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/Signer.pem b/test/aux-fixed/exim-ca/example.net/CA/Signer.pem new file mode 100644 index 000000000..5d2b2ea83 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/Signer.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/ca.conf b/test/aux-fixed/exim-ca/example.net/CA/ca.conf new file mode 100644 index 000000000..d162ea323 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/ca.conf @@ -0,0 +1,18 @@ +; Config::Simple 4.59 +; Thu Nov 1 12:34:03 2012 + +[CLICA] +crl_url=http://crl.example.net/latest.crl +crl_signer=Signing Cert +level=1 +signer=Signing Cert +ocsp_signer=OCSP Signer +ocsp_url=http://oscp/example.net/ + +[CA] +org=example.net +subject=clica CA +name=Certificate Authority +bits=512 + + diff --git a/test/aux-fixed/exim-ca/example.net/CA/cert8.db b/test/aux-fixed/exim-ca/example.net/CA/cert8.db new file mode 100644 index 000000000..6a130c8e7 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/CA/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.empty b/test/aux-fixed/exim-ca/example.net/CA/crl.empty new file mode 100644 index 000000000..364b43da2 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/CA/crl.empty differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.empty.in.txt b/test/aux-fixed/exim-ca/example.net/CA/crl.empty.in.txt new file mode 100644 index 000000000..250311c00 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/crl.empty.in.txt @@ -0,0 +1 @@ +update=20130127152434Z diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.empty.pem b/test/aux-fixed/exim-ca/example.net/CA/crl.empty.pem new file mode 100644 index 000000000..8236f8598 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/crl.empty.pem @@ -0,0 +1,6 @@ +-----BEGIN X509 CRL----- +MIGsMFgCAQEwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5uZXQx +GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxMzAxMjcxNTI0MzRaMA0G +CSqGSIb3DQEBBQUAA0EAnGNQN1GnKB2PGg9C+vguhNlTRLgf9j9lziLPBkPff4+k +8JLTVhcuQYnYTdw1WKq/DeXJRyZwd7Z8vAMMdsW5ZA== +-----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.v2 b/test/aux-fixed/exim-ca/example.net/CA/crl.v2 new file mode 100644 index 000000000..7473ce83b Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/CA/crl.v2 differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt b/test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt new file mode 100644 index 000000000..434045ffe --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/crl.v2.in.txt @@ -0,0 +1,3 @@ +update=20130127152437Z +addcert 102 20130127152437Z +addcert 202 20130127152437Z diff --git a/test/aux-fixed/exim-ca/example.net/CA/crl.v2.pem b/test/aux-fixed/exim-ca/example.net/CA/crl.v2.pem new file mode 100644 index 000000000..dceb45cd1 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/crl.v2.pem @@ -0,0 +1,7 @@ +-----BEGIN X509 CRL----- +MIHcMIGHAgEBMA0GCSqGSIb3DQEBBQUAMDMxFDASBgNVBAoTC2V4YW1wbGUubmV0 +MRswGQYDVQQDExJjbGljYSBTaWduaW5nIENlcnQYDzIwMTMwMTI3MTUyNDM3WjAt +MBQCAWYYDzIwMTMwMTI3MTUyNDM3WjAVAgIAyhgPMjAxMzAxMjcxNTI0MzdaMA0G +CSqGSIb3DQEBBQUAA0EAL1D/ZMfKSVVozt/TtAPIR/PMLTvBCGrRDbH31tI3pGUJ +l+FZTnkR48HXOkuaPCxMclubZ0ptQ6wXHP58iwKacA== +-----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.net/CA/index.revoked.txt b/test/aux-fixed/exim-ca/example.net/CA/index.revoked.txt new file mode 100644 index 000000000..b141dca6b --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/index.revoked.txt @@ -0,0 +1,6 @@ +R 130110200751Z 100201142709Z,superseded 65 unknown CN=server1.example.net +R 130110200751Z 100201142709Z,superseded 66 unknown CN=revoked1.example.net +R 130110200751Z 100201142709Z,superseded 67 unknown CN=expired1.example.net +R 130110200751Z 100201142709Z,superseded c9 unknown CN=server2.example.net +R 130110200751Z 100201142709Z,superseded ca unknown CN=revoked2.example.net +R 130110200751Z 100201142709Z,superseded cb unknown CN=expired2.example.net diff --git a/test/aux-fixed/exim-ca/example.net/CA/index.valid.txt b/test/aux-fixed/exim-ca/example.net/CA/index.valid.txt new file mode 100644 index 000000000..ee52d8368 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/index.valid.txt @@ -0,0 +1,6 @@ +V 130110200751Z 65 unknown CN=server1.example.net +V 130110200751Z 66 unknown CN=revoked1.example.net +V 130110200751Z 67 unknown CN=expired1.example.net +V 130110200751Z c9 unknown CN=server2.example.net +V 130110200751Z ca unknown CN=revoked2.example.net +V 130110200751Z cb unknown CN=expired2.example.net diff --git a/test/aux-fixed/exim-ca/example.net/CA/key3.db b/test/aux-fixed/exim-ca/example.net/CA/key3.db new file mode 100644 index 000000000..e17cadfbb Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/CA/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/CA/noise.file b/test/aux-fixed/exim-ca/example.net/CA/noise.file new file mode 100644 index 000000000..c19c41f31 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/noise.file @@ -0,0 +1,342 @@ +processor : 0 +vendor_id : GenuineIntel +cpu family : 6 +model : 26 +model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz +stepping : 5 +cpu MHz : 2260.628 +cache size : 8192 KB +fpu : yes +fpu_exception : yes +cpuid level : 11 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts +bogomips : 4521.25 +clflush size : 64 +cache_alignment : 64 +address sizes : 40 bits physical, 48 bits virtual +power management: + +processor : 1 +vendor_id : GenuineIntel +cpu family : 6 +model : 26 +model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz +stepping : 5 +cpu MHz : 2260.628 +cache size : 8192 KB +fpu : yes +fpu_exception : yes +cpuid level : 11 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts +bogomips : 4521.25 +clflush size : 64 +cache_alignment : 64 +address sizes : 40 bits physical, 48 bits virtual +power management: + + CPU0 CPU1 + 0: 2481 0 IO-APIC-edge timer + 1: 21441 346 IO-APIC-edge i8042 + 3: 1 0 IO-APIC-edge + 4: 1 0 IO-APIC-edge + 7: 0 0 IO-APIC-edge parport0 + 8: 1 0 IO-APIC-edge rtc0 + 9: 0 0 IO-APIC-fasteoi acpi + 12: 78986 1718 IO-APIC-edge i8042 + 14: 0 0 IO-APIC-edge ata_piix + 15: 2423337 1435 IO-APIC-edge ata_piix + 16: 1025 0 IO-APIC-fasteoi Ensoniq AudioPCI + 17: 239858 2559 IO-APIC-fasteoi ehci_hcd:usb1, ioc0 + 18: 246 0 IO-APIC-fasteoi uhci_hcd:usb2 + 19: 1868825 51479 IO-APIC-fasteoi eth0 + 24: 0 0 PCI-MSI-edge pciehp + 25: 0 0 PCI-MSI-edge pciehp + 26: 0 0 PCI-MSI-edge pciehp + 27: 0 0 PCI-MSI-edge pciehp + 28: 0 0 PCI-MSI-edge pciehp + 29: 0 0 PCI-MSI-edge pciehp + 30: 0 0 PCI-MSI-edge pciehp + 31: 0 0 PCI-MSI-edge pciehp + 32: 0 0 PCI-MSI-edge pciehp + 33: 0 0 PCI-MSI-edge pciehp + 34: 0 0 PCI-MSI-edge pciehp + 35: 0 0 PCI-MSI-edge pciehp + 36: 0 0 PCI-MSI-edge pciehp + 37: 0 0 PCI-MSI-edge pciehp + 38: 0 0 PCI-MSI-edge pciehp + 39: 0 0 PCI-MSI-edge pciehp + 40: 0 0 PCI-MSI-edge pciehp + 41: 0 0 PCI-MSI-edge pciehp + 42: 0 0 PCI-MSI-edge pciehp + 43: 0 0 PCI-MSI-edge pciehp + 44: 0 0 PCI-MSI-edge pciehp + 45: 0 0 PCI-MSI-edge pciehp + 46: 0 0 PCI-MSI-edge pciehp + 47: 0 0 PCI-MSI-edge pciehp + 48: 0 0 PCI-MSI-edge pciehp + 49: 0 0 PCI-MSI-edge pciehp + 50: 0 0 PCI-MSI-edge pciehp + 51: 0 0 PCI-MSI-edge pciehp + 52: 0 0 PCI-MSI-edge pciehp + 53: 0 0 PCI-MSI-edge pciehp + 54: 0 0 PCI-MSI-edge pciehp + 55: 0 0 PCI-MSI-edge pciehp + 56: 1 0 PCI-MSI-edge vmci + 57: 0 0 PCI-MSI-edge vmci +NMI: 0 0 Non-maskable interrupts +LOC: 12398590 14242910 Local timer interrupts +SPU: 0 0 Spurious interrupts +PMI: 0 0 Performance monitoring interrupts +IWI: 0 0 IRQ work interrupts +RES: 282808 309226 Rescheduling interrupts +CAL: 1955 163556 Function call interrupts +TLB: 18075 15578 TLB shootdowns +TRM: 0 0 Thermal event interrupts +THR: 0 0 Threshold APIC interrupts +MCE: 0 0 Machine check exceptions +MCP: 2310 2310 Machine check polls +ERR: 0 +MIS: 0 +MemTotal: 1914844 kB +MemFree: 133340 kB +Buffers: 142048 kB +Cached: 953728 kB +SwapCached: 108 kB +Active: 982140 kB +Inactive: 540820 kB +Active(anon): 287228 kB +Inactive(anon): 143480 kB +Active(file): 694912 kB +Inactive(file): 397340 kB +Unevictable: 0 kB +Mlocked: 0 kB +SwapTotal: 4194296 kB +SwapFree: 4193560 kB +Dirty: 2760 kB +Writeback: 0 kB +AnonPages: 427016 kB +Mapped: 70844 kB +Shmem: 3400 kB +Slab: 191064 kB +SReclaimable: 125460 kB +SUnreclaim: 65604 kB +KernelStack: 2312 kB +PageTables: 23528 kB +NFS_Unstable: 0 kB +Bounce: 0 kB +WritebackTmp: 0 kB +CommitLimit: 5151716 kB +Committed_AS: 973184 kB +VmallocTotal: 34359738367 kB +VmallocUsed: 280772 kB +VmallocChunk: 34359441168 kB +HardwareCorrupted: 0 kB +AnonHugePages: 249856 kB +HugePages_Total: 0 +HugePages_Free: 0 +HugePages_Rsvd: 0 +HugePages_Surp: 0 +Hugepagesize: 2048 kB +DirectMap4k: 8192 kB +DirectMap2M: 2088960 kB +slabinfo - version: 2.1 +# name : tunables : slabdata +bridge_fdb_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +fuse_request 0 0 632 6 1 : tunables 54 27 8 : slabdata 0 0 0 +fuse_inode 0 0 768 5 1 : tunables 54 27 8 : slabdata 0 0 0 +rpc_buffers 8 8 2048 2 1 : tunables 24 12 8 : slabdata 4 4 0 +rpc_tasks 8 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +rpc_inode_cache 8 8 832 4 1 : tunables 54 27 8 : slabdata 2 2 0 +hgfsInodeCache 1 6 640 6 1 : tunables 54 27 8 : slabdata 1 1 0 +AF_VMCI 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +nf_conntrack_expect 0 0 240 16 1 : tunables 120 60 8 : slabdata 0 0 0 +nf_conntrack_ffffffff8200cec0 11 26 304 13 1 : tunables 54 27 8 : slabdata 2 2 0 +fib6_nodes 22 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0 +ip6_dst_cache 13 30 384 10 1 : tunables 54 27 8 : slabdata 3 3 0 +ndisc_cache 1 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +ip6_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +RAWv6 67 68 1024 4 1 : tunables 54 27 8 : slabdata 17 17 0 +UDPLITEv6 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +UDPv6 4 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0 +tw_sock_TCPv6 0 0 320 12 1 : tunables 54 27 8 : slabdata 0 0 0 +request_sock_TCPv6 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +TCPv6 9 10 1856 2 1 : tunables 24 12 8 : slabdata 5 5 0 +jbd2_1k 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +avtab_node 502203 502416 24 144 1 : tunables 120 60 8 : slabdata 3489 3489 0 +ext4_inode_cache 74880 74880 1024 4 1 : tunables 54 27 8 : slabdata 18720 18720 0 +ext4_xattr 9 44 88 44 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_free_block_extents 32 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_alloc_context 28 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_prealloc_space 18 37 104 37 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_system_zone 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0 +jbd2_journal_handle 32 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0 +jbd2_journal_head 102 102 112 34 1 : tunables 120 60 8 : slabdata 3 3 0 +jbd2_revoke_table 4 202 16 202 1 : tunables 120 60 8 : slabdata 1 1 0 +jbd2_revoke_record 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +dm_crypt_io 50 50 152 25 1 : tunables 120 60 8 : slabdata 2 2 0 +sd_ext_cdb 2 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0 +scsi_sense_cache 22 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0 +scsi_cmd_cache 23 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0 +dm_raid1_read_record 0 0 1064 7 2 : tunables 24 12 8 : slabdata 0 0 0 +kcopyd_job 0 0 3240 2 2 : tunables 24 12 8 : slabdata 0 0 0 +io 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +dm_uevent 0 0 2608 3 2 : tunables 24 12 8 : slabdata 0 0 0 +dm_rq_clone_bio_info 0 0 16 202 1 : tunables 120 60 8 : slabdata 0 0 0 +dm_rq_target_io 0 0 392 10 1 : tunables 54 27 8 : slabdata 0 0 0 +dm_target_io 844 864 24 144 1 : tunables 120 60 8 : slabdata 6 6 0 +dm_io 828 828 40 92 1 : tunables 120 60 8 : slabdata 9 9 0 +flow_cache 0 0 96 40 1 : tunables 120 60 8 : slabdata 0 0 0 +uhci_urb_priv 6 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0 +cfq_io_context 4 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0 +cfq_queue 5 16 240 16 1 : tunables 120 60 8 : slabdata 1 1 0 +bsg_cmd 0 0 312 12 1 : tunables 54 27 8 : slabdata 0 0 0 +mqueue_inode_cache 1 4 896 4 1 : tunables 54 27 8 : slabdata 1 1 0 +isofs_inode_cache 0 0 640 6 1 : tunables 54 27 8 : slabdata 0 0 0 +hugetlbfs_inode_cache 1 6 608 6 1 : tunables 54 27 8 : slabdata 1 1 0 +dquot 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +kioctx 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0 +kiocb 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +inotify_event_private_data 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +inotify_inode_mark_entry 186 204 112 34 1 : tunables 120 60 8 : slabdata 6 6 0 +dnotify_mark_entry 1 34 112 34 1 : tunables 120 60 8 : slabdata 1 1 0 +dnotify_struct 1 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0 +fasync_cache 6 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0 +khugepaged_mm_slot 83 92 40 92 1 : tunables 120 60 8 : slabdata 1 1 0 +ksm_mm_slot 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +ksm_stable_node 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0 +ksm_rmap_item 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +utrace_engine 0 0 56 67 1 : tunables 120 60 8 : slabdata 0 0 0 +utrace 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +pid_namespace 0 0 2120 3 2 : tunables 24 12 8 : slabdata 0 0 0 +nsproxy 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +posix_timers_cache 0 0 176 22 1 : tunables 120 60 8 : slabdata 0 0 0 +uid_cache 10 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0 +UNIX 459 480 768 5 1 : tunables 54 27 8 : slabdata 96 96 0 +ip_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +UDP-Lite 0 0 832 9 2 : tunables 54 27 8 : slabdata 0 0 0 +tcp_bind_bucket 15 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0 +inet_peer_cache 4 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0 +secpath_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +xfrm_dst_cache 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0 +ip_fib_alias 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +ip_fib_hash 10 106 72 53 1 : tunables 120 60 8 : slabdata 2 2 0 +ip_dst_cache 29 50 384 10 1 : tunables 54 27 8 : slabdata 5 5 0 +arp_cache 4 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +RAW 65 72 832 9 2 : tunables 54 27 8 : slabdata 8 8 0 +UDP 6 18 832 9 2 : tunables 54 27 8 : slabdata 2 2 0 +tw_sock_TCP 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +request_sock_TCP 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +TCP 20 24 1664 4 2 : tunables 24 12 8 : slabdata 6 6 0 +eventpoll_pwq 126 212 72 53 1 : tunables 120 60 8 : slabdata 4 4 0 +eventpoll_epi 126 180 128 30 1 : tunables 120 60 8 : slabdata 6 6 0 +sgpool-128 2 2 4096 1 1 : tunables 24 12 8 : slabdata 2 2 0 +sgpool-64 2 2 2048 2 1 : tunables 24 12 8 : slabdata 1 1 0 +sgpool-32 2 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0 +sgpool-16 2 8 512 8 1 : tunables 54 27 8 : slabdata 1 1 0 +sgpool-8 15 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +scsi_data_buffer 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0 +blkdev_integrity 0 0 112 34 1 : tunables 120 60 8 : slabdata 0 0 0 +blkdev_queue 29 30 2856 2 2 : tunables 24 12 8 : slabdata 15 15 0 +blkdev_requests 31 44 352 11 1 : tunables 54 27 8 : slabdata 4 4 0 +blkdev_ioc 5 48 80 48 1 : tunables 120 60 8 : slabdata 1 1 0 +fsnotify_event_holder 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0 +fsnotify_event 0 0 104 37 1 : tunables 120 60 8 : slabdata 0 0 0 +bio-0 180 180 192 20 1 : tunables 120 60 8 : slabdata 9 9 0 +biovec-256 66 66 4096 1 1 : tunables 24 12 8 : slabdata 66 66 0 +biovec-128 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0 +biovec-64 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +biovec-16 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +bip-256 2 2 4224 1 2 : tunables 8 4 0 : slabdata 2 2 0 +bip-128 0 0 2176 3 2 : tunables 24 12 8 : slabdata 0 0 0 +bip-64 0 0 1152 7 2 : tunables 24 12 8 : slabdata 0 0 0 +bip-16 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0 +bip-4 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +bip-1 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +sock_inode_cache 666 685 704 5 1 : tunables 54 27 8 : slabdata 137 137 0 +skbuff_fclone_cache 42 42 512 7 1 : tunables 54 27 8 : slabdata 6 6 0 +skbuff_head_cache 302 450 256 15 1 : tunables 120 60 8 : slabdata 30 30 0 +file_lock_cache 38 44 176 22 1 : tunables 120 60 8 : slabdata 2 2 0 +net_namespace 0 0 2112 3 2 : tunables 24 12 8 : slabdata 0 0 0 +shmem_inode_cache 774 775 800 5 1 : tunables 54 27 8 : slabdata 155 155 0 +Acpi-Operand 4563 4664 72 53 1 : tunables 120 60 8 : slabdata 88 88 0 +Acpi-ParseExt 0 0 72 53 1 : tunables 120 60 8 : slabdata 0 0 0 +Acpi-Parse 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +Acpi-State 0 0 80 48 1 : tunables 120 60 8 : slabdata 0 0 0 +Acpi-Namespace 3311 3312 40 92 1 : tunables 120 60 8 : slabdata 36 36 0 +task_delay_info 332 340 112 34 1 : tunables 120 60 8 : slabdata 10 10 0 +taskstats 5 12 328 12 1 : tunables 54 27 8 : slabdata 1 1 0 +proc_inode_cache 1008 1008 640 6 1 : tunables 54 27 8 : slabdata 168 168 0 +sigqueue 35 48 160 24 1 : tunables 120 60 8 : slabdata 2 2 0 +bdev_cache 32 36 832 4 1 : tunables 54 27 8 : slabdata 9 9 0 +sysfs_dir_cache 11356 11367 144 27 1 : tunables 120 60 8 : slabdata 421 421 0 +mnt_cache 37 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0 +filp 4644 4700 192 20 1 : tunables 120 60 8 : slabdata 235 235 120 +inode_cache 6883 7308 592 6 1 : tunables 54 27 8 : slabdata 1218 1218 0 +dentry 61240 63960 192 20 1 : tunables 120 60 8 : slabdata 3198 3198 0 +names_cache 26 26 4096 1 1 : tunables 24 12 8 : slabdata 26 26 0 +avc_node 510 1239 64 59 1 : tunables 120 60 8 : slabdata 21 21 0 +selinux_inode_security 84206 86072 72 53 1 : tunables 120 60 8 : slabdata 1624 1624 0 +radix_tree_node 11606 11781 560 7 1 : tunables 54 27 8 : slabdata 1683 1683 0 +key_jar 11 20 192 20 1 : tunables 120 60 8 : slabdata 1 1 0 +buffer_head 221526 230214 104 37 1 : tunables 120 60 8 : slabdata 6222 6222 0 +vm_area_struct 12962 13034 200 19 1 : tunables 120 60 8 : slabdata 686 686 0 +mm_struct 145 145 1408 5 2 : tunables 24 12 8 : slabdata 29 29 0 +fs_cache 177 177 64 59 1 : tunables 120 60 8 : slabdata 3 3 0 +files_cache 162 165 704 11 2 : tunables 54 27 8 : slabdata 15 15 0 +signal_cache 208 208 1024 4 1 : tunables 54 27 8 : slabdata 52 52 0 +sighand_cache 201 201 2112 3 2 : tunables 24 12 8 : slabdata 67 67 0 +task_xstate 240 240 512 8 1 : tunables 54 27 8 : slabdata 30 30 0 +task_struct 306 306 2656 3 2 : tunables 24 12 8 : slabdata 102 102 0 +cred_jar 580 580 192 20 1 : tunables 120 60 8 : slabdata 29 29 0 +anon_vma_chain 7874 8162 48 77 1 : tunables 120 60 8 : slabdata 106 106 0 +anon_vma 5773 5888 40 92 1 : tunables 120 60 8 : slabdata 64 64 0 +pid 322 330 128 30 1 : tunables 120 60 8 : slabdata 11 11 0 +shared_policy_node 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +numa_policy 1 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0 +idr_layer_cache 428 434 544 7 1 : tunables 54 27 8 : slabdata 62 62 0 +size-4194304(DMA) 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0 +size-4194304 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0 +size-2097152(DMA) 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0 +size-2097152 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0 +size-1048576(DMA) 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0 +size-1048576 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0 +size-524288(DMA) 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0 +size-524288 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0 +size-262144(DMA) 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0 +size-262144 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0 +size-131072(DMA) 0 0 131072 1 32 : tunables 8 4 0 : slabdata 0 0 0 +size-131072 1 1 131072 1 32 : tunables 8 4 0 : slabdata 1 1 0 +size-65536(DMA) 0 0 65536 1 16 : tunables 8 4 0 : slabdata 0 0 0 +size-65536 2 2 65536 1 16 : tunables 8 4 0 : slabdata 2 2 0 +size-32768(DMA) 0 0 32768 1 8 : tunables 8 4 0 : slabdata 0 0 0 +size-32768 3 3 32768 1 8 : tunables 8 4 0 : slabdata 3 3 0 +size-16384(DMA) 0 0 16384 1 4 : tunables 8 4 0 : slabdata 0 0 0 +size-16384 12 12 16384 1 4 : tunables 8 4 0 : slabdata 12 12 0 +size-8192(DMA) 0 0 8192 1 2 : tunables 8 4 0 : slabdata 0 0 0 +size-8192 27 27 8192 1 2 : tunables 8 4 0 : slabdata 27 27 0 +size-4096(DMA) 0 0 4096 1 1 : tunables 24 12 8 : slabdata 0 0 0 +size-4096 425 425 4096 1 1 : tunables 24 12 8 : slabdata 425 425 0 +size-2048(DMA) 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0 +size-2048 573 578 2048 2 1 : tunables 24 12 8 : slabdata 289 289 0 +size-1024(DMA) 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +size-1024 1340 1340 1024 4 1 : tunables 54 27 8 : slabdata 335 335 0 +size-512(DMA) 0 0 512 8 1 : tunables 54 27 8 : slabdata 0 0 0 +size-512 1123 1176 512 8 1 : tunables 54 27 8 : slabdata 147 147 0 +size-256(DMA) 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +size-256 930 930 256 15 1 : tunables 120 60 8 : slabdata 62 62 0 +size-192(DMA) 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +size-192 2119 2160 192 20 1 : tunables 120 60 8 : slabdata 108 108 0 +size-128(DMA) 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +size-64(DMA) 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +size-64 33093 40887 64 59 1 : tunables 120 60 8 : slabdata 693 693 0 +size-32(DMA) 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +size-128 3921 4800 128 30 1 : tunables 120 60 8 : slabdata 160 160 0 +size-32 332389 332976 32 112 1 : tunables 120 60 8 : slabdata 2973 2973 0 +kmem_cache 191 191 32896 1 16 : tunables 8 4 0 : slabdata 191 191 0 +Inter-| Receive | Transmit + face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed + lo:267102759 105357 0 0 0 0 0 0 267102759 105357 0 0 0 0 0 0 + eth0:1013761672 1354551 0 0 0 0 0 0 245537245 966850 0 0 0 0 0 0 + pan0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 diff --git a/test/aux-fixed/exim-ca/example.net/CA/pwdfile b/test/aux-fixed/exim-ca/example.net/CA/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/CA/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.net/CA/secmod.db b/test/aux-fixed/exim-ca/example.net/CA/secmod.db new file mode 100644 index 000000000..c7f115bd6 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/CA/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/expired1.example.net/ca_chain.pem new file mode 100644 index 000000000..d0ee0619a --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired1.example.net/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.net/CN=clica Signing Cert +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.net/CN=clica CA +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje +SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2 +iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: expired1.example.net + localKeyID: 1E 0D 7E 35 C6 DD 12 8A 56 2B C8 44 4B 60 A9 95 DC 68 6F 37 +subject=/CN=expired1.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwNFoXDTEyMTIwMTEyMzQwNFowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA+LXqjv5NnRW2OlKWyYYH8ZFb +Fj4xAdg4qSa1WK/wlUUdpQldGzpDuq/BzuyQdJjp1vSnqhKjfxz0ef9xJievdwID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w +bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EA0dUUjXeu21xQo+AsptLSwmzhn+EV8ixI +757XRkCnAN0mOZZHcv+imuiEXpf62J+wNyWKNCWu2iPttov/JAcYKA== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/expired1.example.net/cert8.db new file mode 100644 index 000000000..85ea01713 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.chain.pem new file mode 100644 index 000000000..1550cf2aa --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: expired1.example.net + localKeyID: 1E 0D 7E 35 C6 DD 12 8A 56 2B C8 44 4B 60 A9 95 DC 68 6F 37 +subject=/CN=expired1.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwNFoXDTEyMTIwMTEyMzQwNFowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA+LXqjv5NnRW2OlKWyYYH8ZFb +Fj4xAdg4qSa1WK/wlUUdpQldGzpDuq/BzuyQdJjp1vSnqhKjfxz0ef9xJievdwID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w +bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EA0dUUjXeu21xQo+AsptLSwmzhn+EV8ixI +757XRkCnAN0mOZZHcv+imuiEXpf62J+wNyWKNCWu2iPttov/JAcYKA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.key b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.key new file mode 100644 index 000000000..00adfe834 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: expired1.example.net + localKeyID: 1E 0D 7E 35 C6 DD 12 8A 56 2B C8 44 4B 60 A9 95 DC 68 6F 37 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIEobdAguY51UCAggA +MBQGCCqGSIb3DQMHBAjyQJzMIkx+swSCAWBoW5JocLm3XvmW7cnK8Np23KqUs4ST +MG68rJY6pLqdGkn8aK0yZfecdpuHoFCZRdxQy9ztdofB50tkr7evlTuM1u40/9b0 +ygZ9ajxESZmF5mS8r6dFGXOBq7UrMpEvod1lujpP3hwtkqJOlPFhacPUestqDjP4 +zDmEmKQYyRx4DQ3QM4T2Wuc1S8TSECcMLsOgZhOxGULIzmtxceftS/V9NYewZsne +Q05TKH7ygWGvUyYEgDlFlBAk8CAiqIBBz3fU2bmWfR5p6hoSTqGeLlAL7fTid8Vf +g4HEfthygRC28+s5r/MbMBJKwTdRHnQbmK4rOxFUhYCkV8Df28Ukx/RaA9CKjbQl +2fnuTRAms72szZRoKsdS3xVgyaOdgdhVJKWP2QAUvzblX/wpKr9BwrbqIhXOqEiv +9/yCVqUg20sjNvYyw/2Zv9t+g9u3d5CMyU37e8AT8X3DExmpleiOdX4J +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.dated.resp new file mode 100644 index 000000000..8831013ef Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.good.resp new file mode 100644 index 000000000..3b2606daa Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.req new file mode 100644 index 000000000..c67ed9cc7 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.revoked.resp new file mode 100644 index 000000000..6b8b76373 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.p12 b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.p12 new file mode 100644 index 000000000..84f4bf58d Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.pem b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.pem new file mode 100644 index 000000000..310db9b2a --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: expired1.example.net + localKeyID: 1E 0D 7E 35 C6 DD 12 8A 56 2B C8 44 4B 60 A9 95 DC 68 6F 37 +subject=/CN=expired1.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwNFoXDTEyMTIwMTEyMzQwNFowHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA+LXqjv5NnRW2OlKWyYYH8ZFb +Fj4xAdg4qSa1WK/wlUUdpQldGzpDuq/BzuyQdJjp1vSnqhKjfxz0ef9xJievdwID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w +bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EA0dUUjXeu21xQo+AsptLSwmzhn+EV8ixI +757XRkCnAN0mOZZHcv+imuiEXpf62J+wNyWKNCWu2iPttov/JAcYKA== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.unlocked.key new file mode 100644 index 000000000..77c8dad1a --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired1.example.net/expired1.example.net.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBAPi16o7+TZ0VtjpSlsmGB/GRWxY+MQHYOKkmtViv8JVFHaUJXRs6 +Q7qvwc7skHSY6db0p6oSo38c9Hn/cSYnr3cCAwEAAQJBAK1O9tgV1Te1PXp+upxL +TZXD2FkzlSrX5QPZ+VyHnXolg8XNhx2pA1J4iJrnvooWQRZuWRhi/p8g2ygJ8B6I +60ECIQD/cO5OrdRWg3EBgoCWN7WAZ53qMmSRxAnMt95W5yujGQIhAPlBNzbQr2Z7 +DVvwCc2ERxuaFGTcLZH/x+oRhZ9jr0kPAiB/79froDSRgBPBZdNxaUWGol79RXAJ +cd5WomDBtdatQQIgAVyP1qbRLnghnIz1IMBGOypeTia9wPxqtSafWj2LKZUCID/d +8buaLYm3yYYAQwbTBtb89+gpRg0I51DFS6fNIuU4 +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/expired1.example.net/key3.db new file mode 100644 index 000000000..9919dfab3 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/pwdfile b/test/aux-fixed/exim-ca/example.net/expired1.example.net/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired1.example.net/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.net/expired1.example.net/secmod.db b/test/aux-fixed/exim-ca/example.net/expired1.example.net/secmod.db new file mode 100644 index 000000000..4347c0d82 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired1.example.net/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/expired2.example.net/ca_chain.pem new file mode 100644 index 000000000..323ae1688 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired2.example.net/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.net/CN=clica Signing Cert +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.net/CN=clica CA +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje +SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2 +iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: expired2.example.net + localKeyID: 1A 68 61 A3 03 A4 DC 65 19 7A 7E 5E 65 37 39 DB E3 CB 56 AC +subject=/CN=expired2.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDVaFw0xMjEyMDExMjM0MDVaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMRPNIrjXhmHfWrc/c+K9esj +3cXECi38lpKgZyhqN8CjRvifIaMoZaCPoXoppyC3MmtLhT5JnYe8+1vSApl9jPUC +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt +cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAMmrnrUFZRECJcDk4BGSMQp5vvC/uHi0 +1NSP3Ki4Yu+CbXUHtgZqwOB5abU8INeLbJoab2stMFsdevzRYuuqb7s= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/expired2.example.net/cert8.db new file mode 100644 index 000000000..6df2cda50 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.chain.pem new file mode 100644 index 000000000..b8e34d0eb --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: expired2.example.net + localKeyID: 1A 68 61 A3 03 A4 DC 65 19 7A 7E 5E 65 37 39 DB E3 CB 56 AC +subject=/CN=expired2.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDVaFw0xMjEyMDExMjM0MDVaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMRPNIrjXhmHfWrc/c+K9esj +3cXECi38lpKgZyhqN8CjRvifIaMoZaCPoXoppyC3MmtLhT5JnYe8+1vSApl9jPUC +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt +cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAMmrnrUFZRECJcDk4BGSMQp5vvC/uHi0 +1NSP3Ki4Yu+CbXUHtgZqwOB5abU8INeLbJoab2stMFsdevzRYuuqb7s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.key b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.key new file mode 100644 index 000000000..382ad41b9 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: expired2.example.net + localKeyID: 1A 68 61 A3 03 A4 DC 65 19 7A 7E 5E 65 37 39 DB E3 CB 56 AC +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIU+oGNqBSHjcCAggA +MBQGCCqGSIb3DQMHBAjYaI7Iob+lDASCAWDAZIbvl/AbphvMZhynrCFGzj6iN309 +N+U1mQPGWD6hisPfA4aTpIQyHtVah6KCE1fbzGFgiNULsfByVj4XBRbetiVKMuWA +xs/EEcPhNRG0KOeRxzDtSpM0lG078XAC4p7wgqvhf4R9524Vq4PpYzt+tKfh0rPC +leF7VFJ5vi7Tms7q1wqtL76Wgibq4m43XoFrYMbQL2qbXl98rRAP6R6u852f4L/D +Cy1EGsgWIdGjCPQRxdwC0Vf1vIjaspXBmVhbFJR9Djp48DShbAO11cXRSIligH6t +7p+aesQM/illunmCaMzMYFAjdrMYZEO1bqVdU5Nd7/tlQQLgHSdo+iD6XLnci7dw +elQ9bRxYVMEDX16kTXd4NU6xP0Zpac5XHu4ji2PKlSOSxQh5GbPICXdEH7K/Oshv +CUIZbYnlGsOT2uFgnChtUeIwc6OXcSv3LLXIwzg0ec7yN83j0r3jQRQx +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.dated.resp new file mode 100644 index 000000000..7f6c27bf7 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.good.resp new file mode 100644 index 000000000..a9ad37057 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.req new file mode 100644 index 000000000..4684f0756 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.revoked.resp new file mode 100644 index 000000000..a9ad37057 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.p12 b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.p12 new file mode 100644 index 000000000..8f9ef945b Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.pem b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.pem new file mode 100644 index 000000000..8c10ace44 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: expired2.example.net + localKeyID: 1A 68 61 A3 03 A4 DC 65 19 7A 7E 5E 65 37 39 DB E3 CB 56 AC +subject=/CN=expired2.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDVaFw0xMjEyMDExMjM0MDVaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMRPNIrjXhmHfWrc/c+K9esj +3cXECi38lpKgZyhqN8CjRvifIaMoZaCPoXoppyC3MmtLhT5JnYe8+1vSApl9jPUC +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt +cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAMmrnrUFZRECJcDk4BGSMQp5vvC/uHi0 +1NSP3Ki4Yu+CbXUHtgZqwOB5abU8INeLbJoab2stMFsdevzRYuuqb7s= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.unlocked.key new file mode 100644 index 000000000..12a48de18 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired2.example.net/expired2.example.net.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBAMRPNIrjXhmHfWrc/c+K9esj3cXECi38lpKgZyhqN8CjRvifIaMo +ZaCPoXoppyC3MmtLhT5JnYe8+1vSApl9jPUCAwEAAQJAOCkksfs8B3ewlKrmXcK2 +ee/H2XUtKFzTwtzqxjAlBRHwxgSOZr4rn10t+R4j6cvLqhfbXGu0p+1oGgFCYAe6 +/QIhAOU/L1TRGgE1Q0gR+BSyWTlHNSXu1wmy0j/nVSk1fb2bAiEA2zgBX7vxRt1M +d7AKLfqjpMKolmMUyWNQdGFI/+Ch0K8CIHsFMkAgygS18XoecnOg1bKgHMxTZEBH +Hv6+BHxNwUFbAiBpXA98/Y1G69F2rMsXsiC4bT4tmU1CRVNDvAYjxMjAzQIhAOHO +1ynQHqtSfjlkpZtcNqey2SlcqXz7xI/aEXVYj5Q4 +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/expired2.example.net/key3.db new file mode 100644 index 000000000..4489ac32f Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/pwdfile b/test/aux-fixed/exim-ca/example.net/expired2.example.net/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/expired2.example.net/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.net/expired2.example.net/secmod.db b/test/aux-fixed/exim-ca/example.net/expired2.example.net/secmod.db new file mode 100644 index 000000000..372213dd5 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/expired2.example.net/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/ca_chain.pem new file mode 100644 index 000000000..cba5fac7b --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.net/CN=clica Signing Cert +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.net/CN=clica CA +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje +SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2 +iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: revoked1.example.net + localKeyID: 3A 08 2E BA 85 F0 DD 7E C5 FE 51 92 BD 0B C7 35 9D 56 6B A5 +subject=/CN=revoked1.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwNFoXDTM4MDEwMTEyMzQwNFowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAr20bGUprpXdQGlk/FW+RJ19l +FZ//slFysFeG3PEVjVjCnvsoxBFZJFVyfHhyxTvVYdoC6BVZfs9HRAjgZuBImQID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w +bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EACw87yNDj6DBkvF+i1qUyw6vqijmPyOQZ +4S+UOCyyNSsJrA1VMjRjAqGTgyU0OFtfcGuhvZ1ZnlFrvVog/icGcw== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/cert8.db new file mode 100644 index 000000000..e10dae1bc Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/key3.db new file mode 100644 index 000000000..57ab10321 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/pwdfile b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.chain.pem new file mode 100644 index 000000000..6db70169c --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: revoked1.example.net + localKeyID: 3A 08 2E BA 85 F0 DD 7E C5 FE 51 92 BD 0B C7 35 9D 56 6B A5 +subject=/CN=revoked1.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwNFoXDTM4MDEwMTEyMzQwNFowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAr20bGUprpXdQGlk/FW+RJ19l +FZ//slFysFeG3PEVjVjCnvsoxBFZJFVyfHhyxTvVYdoC6BVZfs9HRAjgZuBImQID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w +bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EACw87yNDj6DBkvF+i1qUyw6vqijmPyOQZ +4S+UOCyyNSsJrA1VMjRjAqGTgyU0OFtfcGuhvZ1ZnlFrvVog/icGcw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.key b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.key new file mode 100644 index 000000000..d67c105c2 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: revoked1.example.net + localKeyID: 3A 08 2E BA 85 F0 DD 7E C5 FE 51 92 BD 0B C7 35 9D 56 6B A5 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQITLxrgeizo7ACAggA +MBQGCCqGSIb3DQMHBAiR0pknm91lSASCAWAoe8AKx1R5elFbE1FAZaGyPjegmgc5 +qFLKuVzK43OMKRphZJPKRSa12rzz40qRozJItXiDNL1+qt+IbOirtUlvvKu+5cdC +oHQgSjA58Is1DN6f+OqD7v7S1ZdXrtyMmtvaHLfjsgX7f9acq8Q7OrcdVcJksVRL +7yCULtR0NRxG+elh5lF9SNY+1f8Hee/dfP3LmyE+leO5ECfOWcIFLBCjLbdmMQFf +lIodgPiy1qjuGwuXZQy/3s1tZ4p2R6dQ7FrPWCyDAxkd/Vw5+BWZ/UJD8GDKtvLL +E9lyYuUg7KUaWiSSdsHmXMyrs+xdW+1GHqAVkuJqjWR2nxtXBDQ7GIaDfZr7nosR +OR5ABpVtZ0eAiJz7qX3WjxtoQJ/7RRPYOnINzyRVgHHHVekyFdYd1OiQDgVoh+08 +HOOA6ZbXLyOCGqh5Syp0RAn7d8qSfX/Z8l6wnxblNG16noDPRbNGf9rU +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.dated.resp new file mode 100644 index 000000000..3c7ac6963 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.good.resp new file mode 100644 index 000000000..71c6b2daf Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.req new file mode 100644 index 000000000..829b621ec Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.revoked.resp new file mode 100644 index 000000000..8549f0ecf Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.p12 b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.p12 new file mode 100644 index 000000000..91af59f33 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.pem b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.pem new file mode 100644 index 000000000..286a0ef7b --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: revoked1.example.net + localKeyID: 3A 08 2E BA 85 F0 DD 7E C5 FE 51 92 BD 0B C7 35 9D 56 6B A5 +subject=/CN=revoked1.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwNFoXDTM4MDEwMTEyMzQwNFowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAr20bGUprpXdQGlk/FW+RJ19l +FZ//slFysFeG3PEVjVjCnvsoxBFZJFVyfHhyxTvVYdoC6BVZfs9HRAjgZuBImQID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5uZXQvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w +bGUubmV0MA0GCSqGSIb3DQEBBQUAA0EACw87yNDj6DBkvF+i1qUyw6vqijmPyOQZ +4S+UOCyyNSsJrA1VMjRjAqGTgyU0OFtfcGuhvZ1ZnlFrvVog/icGcw== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.unlocked.key new file mode 100644 index 000000000..412042feb --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/revoked1.example.net.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOwIBAAJBAK9tGxlKa6V3UBpZPxVvkSdfZRWf/7JRcrBXhtzxFY1Ywp77KMQR +WSRVcnx4csU71WHaAugVWX7PR0QI4GbgSJkCAwEAAQJAMvRiFqqDMgDCB6U8qaFK +bEFNP0bGIql9wrLpvWtZc0CFyhV6LSjMBQSQp92r1tMlB4NKQ7leLb7XXgrPRswY +AQIhANW94AFeO6+yIhd1OQuizl8SBQwCi0gvlMqsrf3kyDrZAiEA0hv3G/VQWPKY +n/wikupIE/8jbJvLWLRYYWn6eGg6Y8ECIQC7RN0a1cFdsqkD/IS6mS5PRa5+U0xN +NsMawCjBps14IQIhAL24JLypGSEIBYrIl8uDIwxzYGBMmSQCzJ9Bm7onmznBAiAe +YGSy1e3Vji/YwZGuEyGrVl+BEIQ1p0vUgRZ7aEpVpQ== +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked1.example.net/secmod.db b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/secmod.db new file mode 100644 index 000000000..d38550fce Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked1.example.net/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/ca_chain.pem new file mode 100644 index 000000000..9bd361734 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.net/CN=clica Signing Cert +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.net/CN=clica CA +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje +SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2 +iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: revoked2.example.net + localKeyID: 60 8E D5 FB A7 97 B2 E8 F9 84 11 4F 91 1D 3C 91 B8 19 E8 97 +subject=/CN=revoked2.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDRaFw0zODAxMDExMjM0MDRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMj2mEnZY8N38XJ5ZLTymH2J +hBNiubBU4ddvVQ0y48E/b5fbYwJI458bKgyNhqQtO/MG15oIndFpbazcp1p8++8C +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt +cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAD46Iw05ofRAaw9+yeTDPIydjl1Pkb1/ +ma4/qSK7p8BU/pMN3SH4qxKW7z6nNregMW48d5KcSxUPBmWmDCM8u70= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/cert8.db new file mode 100644 index 000000000..b05fa0166 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/key3.db new file mode 100644 index 000000000..5f70c4b8e Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/pwdfile b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.chain.pem new file mode 100644 index 000000000..e87280122 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: revoked2.example.net + localKeyID: 60 8E D5 FB A7 97 B2 E8 F9 84 11 4F 91 1D 3C 91 B8 19 E8 97 +subject=/CN=revoked2.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDRaFw0zODAxMDExMjM0MDRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMj2mEnZY8N38XJ5ZLTymH2J +hBNiubBU4ddvVQ0y48E/b5fbYwJI458bKgyNhqQtO/MG15oIndFpbazcp1p8++8C +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt +cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAD46Iw05ofRAaw9+yeTDPIydjl1Pkb1/ +ma4/qSK7p8BU/pMN3SH4qxKW7z6nNregMW48d5KcSxUPBmWmDCM8u70= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.key b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.key new file mode 100644 index 000000000..681886b9d --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: revoked2.example.net + localKeyID: 60 8E D5 FB A7 97 B2 E8 F9 84 11 4F 91 1D 3C 91 B8 19 E8 97 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIfHUUKZHRP88CAggA +MBQGCCqGSIb3DQMHBAiGHts1xOcjYASCAWA+TB8P6+MMx7kHWAIrO7eIwxXI/ivw +gKWa/XVFtZeZcBYCdjR0Ubfsv3emeWtZ72badVNNOgbUqaMsTraqYePGS9fVIk8e +Pn3PjKdd7rODvSTN647CrN6ng0x1yYW/RVo5v5CnoantSojUY5eNhO+iSGPFgbvj +h8s0uKZ3+KxlySpIJX9RU/LJQUfrdCAGkdIuPEi4graL8Z9pjyORqppYNCI+u+VG +m76zMJq9vxBcn6v3/DpVCFL7gokwD0GgMtWtTeXiP1Yn92dsn3DPVNI/ieE1ogJs +8WVWmTNBm0UuN0GiUWqQUXv3cqFpNArL/BObHJGWyHObUz3FgDpkP4crmhrFN2Ao +cT34tYaN9SGfoYA+MI2DqKQ0M8aGBvbL5CVGqJqWiVB71jG+JsdS0Q+7K5JQ5d/O +xiynUVJ8FhZBQshqPXAkPD8lOeFQ2QZp53RUSlI3d04Cy8FAZr3HzqEZ +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.dated.resp new file mode 100644 index 000000000..834df2ae2 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.good.resp new file mode 100644 index 000000000..f110fab43 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.req new file mode 100644 index 000000000..0c271ad05 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.revoked.resp new file mode 100644 index 000000000..f110fab43 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.p12 b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.p12 new file mode 100644 index 000000000..368429e92 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.pem b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.pem new file mode 100644 index 000000000..8862a6b78 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: revoked2.example.net + localKeyID: 60 8E D5 FB A7 97 B2 E8 F9 84 11 4F 91 1D 3C 91 B8 19 E8 97 +subject=/CN=revoked2.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDRaFw0zODAxMDExMjM0MDRaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUubmV0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMj2mEnZY8N38XJ5ZLTymH2J +hBNiubBU4ddvVQ0y48E/b5fbYwJI458bKgyNhqQtO/MG15oIndFpbazcp1p8++8C +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5uZXQvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUubmV0LzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt +cGxlLm5ldDANBgkqhkiG9w0BAQUFAANBAD46Iw05ofRAaw9+yeTDPIydjl1Pkb1/ +ma4/qSK7p8BU/pMN3SH4qxKW7z6nNregMW48d5KcSxUPBmWmDCM8u70= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.unlocked.key new file mode 100644 index 000000000..4c9010528 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/revoked2.example.net.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOwIBAAJBAMj2mEnZY8N38XJ5ZLTymH2JhBNiubBU4ddvVQ0y48E/b5fbYwJI +458bKgyNhqQtO/MG15oIndFpbazcp1p8++8CAwEAAQJAdkDE9A+7qLXXmejc3a0z +FgvpcA7T/XK1QjP89DtR0dAbM0tLdWyhshLNcNSW6urwYKkPmw7jPmW1wC14/Ob3 +IQIhAOg4d+nA1BNR2+L2dDJhdTPWzVWERwsMaBVMsKYg8TbjAiEA3Yq7xYMK0aNU +XTvzTnmr+y51Ce5BQK9U2q/B1kyIKIUCIDQZ902K5govo5YYlZl4JEOtPgSh2Q6x +iei9fCTJ31ThAiEAg28IQYCiDYeJyJqFmZwjxSxlsVORkO+0Nt2o8RuMeAUCIQCj +IPd5zjwu8dkolqvof1uMm3An3YhSLWSlJK1BSAk2Yw== +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/revoked2.example.net/secmod.db b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/secmod.db new file mode 100644 index 000000000..a2fa5b666 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/revoked2.example.net/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem new file mode 100644 index 000000000..4696e4e7a --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.net/CN=clica Signing Cert +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.net/CN=clica CA +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje +SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2 +iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: server1.example.net + localKeyID: 4C 81 72 95 D9 D6 9C FD 7A B1 C0 66 9F 85 A7 01 93 A4 6E D7 +subject=/CN=server1.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm5ldDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCtN2Y0S4oROnlfkTeUH2ULUVs +RShAIKdxlXRo+F09rEBzNKKNC4ZWIr+pc8U+iQzGGTiiCTfeq9bI0Uef1493AgMB +AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu +bmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw +Oi8vb3NjcC9leGFtcGxlLm5ldC8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl +Lm5ldDANBgkqhkiG9w0BAQUFAANBAEMi4SnbMDOvnQk2UkvvNVGyBEXNsuskNzo9 +5wAY6x0bUZ6XWZ8+kM60gbmOqwfPA6pw/w7ui3XJ1Ac3BAUverQ= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/server1.example.net/cert8.db new file mode 100644 index 000000000..3c1b67cee Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server1.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/server1.example.net/key3.db new file mode 100644 index 000000000..f9104cf77 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server1.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/pwdfile b/test/aux-fixed/exim-ca/example.net/server1.example.net/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/secmod.db b/test/aux-fixed/exim-ca/example.net/server1.example.net/secmod.db new file mode 100644 index 000000000..535308747 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server1.example.net/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem new file mode 100644 index 000000000..4d4431b2c --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: server1.example.net + localKeyID: 4C 81 72 95 D9 D6 9C FD 7A B1 C0 66 9F 85 A7 01 93 A4 6E D7 +subject=/CN=server1.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm5ldDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCtN2Y0S4oROnlfkTeUH2ULUVs +RShAIKdxlXRo+F09rEBzNKKNC4ZWIr+pc8U+iQzGGTiiCTfeq9bI0Uef1493AgMB +AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu +bmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw +Oi8vb3NjcC9leGFtcGxlLm5ldC8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl +Lm5ldDANBgkqhkiG9w0BAQUFAANBAEMi4SnbMDOvnQk2UkvvNVGyBEXNsuskNzo9 +5wAY6x0bUZ6XWZ8+kM60gbmOqwfPA6pw/w7ui3XJ1Ac3BAUverQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.key b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.key new file mode 100644 index 000000000..d01d43b71 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: server1.example.net + localKeyID: 4C 81 72 95 D9 D6 9C FD 7A B1 C0 66 9F 85 A7 01 93 A4 6E D7 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQItqv8KkyfDOECAggA +MBQGCCqGSIb3DQMHBAi+cLfRJYwdhASCAWDijpItKwM1N1Tk9po65/Et0DLcJt8h +UNc26UWxg4uGMcbyHJv5+OZDhAjla1GwFLBZDQwCsnvwfjHfpwFpSx4Mxj4SMGrx +YCwSB8smLl5cZNJpm2N3JVlrX/ZHR1plwtVccOf9Ry7MFoyj9YcXTs9N39zmpYDD +Oi81eD2CzGEP2NqyycJK3Fu0OMUNT5RYHF7Nja6mGjzyul8rDPHPOcwQ0CCEHUmF +3FaMqji+aCpJ+BeFwcVYZjiuQx4ajKXnu8g4KEa1S59KgSRiAdL8Ih1dN5qrDJB5 +dDTo37DneR1RkudMs2OcbMnbhyWQZ/AhfUqqFM7NLnDSVwhUtL9kPzjqIA1+l9V6 +27ANditdhs3fS6026sC3MMJRrPXmZGU3GuItxi1hU/CjiCb54VsK8MEhWpzU6QiS ++UXkPYKauZKsGtfn0sI8ZUCEyo2vF79KAIGK6DYQ6dIOmjvKqz2xgng/ +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.dated.resp new file mode 100644 index 000000000..8dc2a098e Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp new file mode 100644 index 000000000..b2cb446e7 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.req new file mode 100644 index 000000000..0057816d4 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.revoked.resp new file mode 100644 index 000000000..5e9cee6f6 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.p12 b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.p12 new file mode 100644 index 000000000..9596af088 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem new file mode 100644 index 000000000..4d14e2003 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: server1.example.net + localKeyID: 4C 81 72 95 D9 D6 9C FD 7A B1 C0 66 9F 85 A7 01 93 A4 6E D7 +subject=/CN=server1.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwNFoXDTM4MDEwMTEyMzQwNFowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm5ldDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCtN2Y0S4oROnlfkTeUH2ULUVs +RShAIKdxlXRo+F09rEBzNKKNC4ZWIr+pc8U+iQzGGTiiCTfeq9bI0Uef1493AgMB +AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu +bmV0L2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw +Oi8vb3NjcC9leGFtcGxlLm5ldC8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl +Lm5ldDANBgkqhkiG9w0BAQUFAANBAEMi4SnbMDOvnQk2UkvvNVGyBEXNsuskNzo9 +5wAY6x0bUZ6XWZ8+kM60gbmOqwfPA6pw/w7ui3XJ1Ac3BAUverQ= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key new file mode 100644 index 000000000..422428342 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBAMK03ZjRLihE6eV+RN5QfZQtRWxFKEAgp3GVdGj4XT2sQHM0oo0L +hlYiv6lzxT6JDMYZOKIJN96r1sjRR5/Xj3cCAwEAAQJAYR333g6QeFOPWwH1dfIu +ASfnlc6U+g+PlY8XhnhDgcu2le3IQuOaI0sw/X0vZdhEKJpDHJ1hKGxIQpOB2R/P +EQIhAPUMh9+sUsZSnNbhEggO8h6F4TeLoAVJNzUtW5UvmBgvAiEAy2hlFkLXlP0t +VYwmNqyCs8Jhf0SIrnhPw3ynJhxgYzkCIQDlHd48yAZs3/k9ABu35SGEYHD/WlE4 +IAi6c7pZdrKiiQIgEH48hBuTY29L973Pc2t1haHjSfCCrLLwtMcsvnhakHECIEuy +0/MQz7IYZNJ7g36j3jjv8vFkAdDCGyKzuMGLoq9p +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/ca_chain.pem b/test/aux-fixed/exim-ca/example.net/server2.example.net/ca_chain.pem new file mode 100644 index 000000000..39e5eedc6 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server2.example.net/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.net/CN=clica Signing Cert +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.net/CN=clica CA +issuer=/O=example.net/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjApMRQwEgYDVQQKEwtleGFtcGxlLm5ldDERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp2tm7DhEtMNQPz23MpsxYVje +SgMgmkDx8qdr97SBBVqtPcHMMrCEZ9dQiYCFxbshxXfeova+DbLZISDlHA9xjQID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAG/rfiV0UE6Q//VIKN5CprvNXDGQFfcFCWNRCu6ZGTPpaDf2 +iPqVISD9trZrvtlUIgKjGgOQQbdNH9RBj5+6QKo= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: server2.example.net + localKeyID: E6 14 E8 D3 C2 D6 33 C5 46 4A 62 47 B7 C2 BA D6 3B 26 F2 56 +subject=/CN=server2.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDRaFw0zODAxMDExMjM0MDRaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAoXux6WdUK5xq7w+eMCFo2iEE +GCUYpmqc4H6AmgxmglEfrndnKMv/fLRJpMUMe65a2fIPdMaZO6uX/fBDYSeUjwID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5uZXQvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5uZXQwDQYJKoZIhvcNAQEFBQADQQBhKq+CoKmxvdEJ4+AlNsJGpByKiwsDo0Cz +mtgyGnn4a+3kkKYb2/KWosrBBLIzZbuzQ6sAjDKKioKJy7+ENuki +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/cert8.db b/test/aux-fixed/exim-ca/example.net/server2.example.net/cert8.db new file mode 100644 index 000000000..0478b4b6d Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server2.example.net/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/key3.db b/test/aux-fixed/exim-ca/example.net/server2.example.net/key3.db new file mode 100644 index 000000000..11649e05b Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server2.example.net/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/pwdfile b/test/aux-fixed/exim-ca/example.net/server2.example.net/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server2.example.net/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/secmod.db b/test/aux-fixed/exim-ca/example.net/server2.example.net/secmod.db new file mode 100644 index 000000000..4bdbe54ae Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server2.example.net/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.chain.pem b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.chain.pem new file mode 100644 index 000000000..8f2b6af72 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: server2.example.net + localKeyID: E6 14 E8 D3 C2 D6 33 C5 46 4A 62 47 B7 C2 BA D6 3B 26 F2 56 +subject=/CN=server2.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDRaFw0zODAxMDExMjM0MDRaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAoXux6WdUK5xq7w+eMCFo2iEE +GCUYpmqc4H6AmgxmglEfrndnKMv/fLRJpMUMe65a2fIPdMaZO6uX/fBDYSeUjwID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5uZXQvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5uZXQwDQYJKoZIhvcNAQEFBQADQQBhKq+CoKmxvdEJ4+AlNsJGpByKiwsDo0Cz +mtgyGnn4a+3kkKYb2/KWosrBBLIzZbuzQ6sAjDKKioKJy7+ENuki +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm5ldDERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAzWhcNMzgw +MTAxMTIzNDAzWjAzMRQwEgYDVQQKEwtleGFtcGxlLm5ldDEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN9lXg/7R2gY +392B325b/0eHLOrQG1px0aPuSwCBG0cKwCATtsKjYne15vNXAskVAdejY0Ujvo+a +d4jVi2qYJ8sCAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm5ldC9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EAlm29nFrjiJPaldOtHxpmWzE3Zxit +Sl4RxdeJcJ7aGL2gDOAWmiVh6UPbMm/o6Vg2PxHp2YviOhVunp1C2t85ow== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.key b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.key new file mode 100644 index 000000000..03759044e --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: server2.example.net + localKeyID: E6 14 E8 D3 C2 D6 33 C5 46 4A 62 47 B7 C2 BA D6 3B 26 F2 56 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQId2/8mqWfInACAggA +MBQGCCqGSIb3DQMHBAgvDNlX6TpnZQSCAWD27NSWhbC88NONthVEEIHARSoUieXl +Hsker9qC52voq+kSQf4sFmifD9SgestoXFoxBOWi4mnO2uwUqu/yC3Igrr0DE0VH +zXapBoEbd7Yr4y5BN7M5+oQPGjxCUocP3Bp9dxvo5T3lFLtmaBvdBucVHvn6UqzX +uUZw3O1LdoMm6PqZXBh8vzhapYq5I5oMOhWJsJrauSfXaBJObeo3MgFF6WfUQlnI +fR/O7uJ00t+ArvdkQVIDT70FWWAFvt9DDtVIUcva8BfiGEjPjqso0tElTzPRqRrs +WmS1jn1Lf/EVaVSOIIecjHodxeA7R/vMlG+5U/PcgfeYMEFyn0Aj/tUvdR6tTAUy +1K5zFEGG5YCY2e0HmVyc/qvOoSPwi7f8eJEziTuv2nXlPrjd74OcGn1ffXyMeDZ6 +gDAQB9pe/7m9OZ9MAxuak4DEyFMdNJTFJ3il0ILAi8R2GOGA+TVSrGAT +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.dated.resp new file mode 100644 index 000000000..edb418af1 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.good.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.good.resp new file mode 100644 index 000000000..dcb27f250 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.req b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.req new file mode 100644 index 000000000..54d932eb2 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.revoked.resp new file mode 100644 index 000000000..dda468d12 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.p12 b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.p12 new file mode 100644 index 000000000..e54fff347 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.p12 differ diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.pem b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.pem new file mode 100644 index 000000000..e973e005f --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: server2.example.net + localKeyID: E6 14 E8 D3 C2 D6 33 C5 46 4A 62 47 B7 C2 BA D6 3B 26 F2 56 +subject=/CN=server2.example.net +issuer=/O=example.net/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5uZXQxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDRaFw0zODAxMDExMjM0MDRaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5uZXQwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAoXux6WdUK5xq7w+eMCFo2iEE +GCUYpmqc4H6AmgxmglEfrndnKMv/fLRJpMUMe65a2fIPdMaZO6uX/fBDYSeUjwID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm5ldC9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5uZXQvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5uZXQwDQYJKoZIhvcNAQEFBQADQQBhKq+CoKmxvdEJ4+AlNsJGpByKiwsDo0Cz +mtgyGnn4a+3kkKYb2/KWosrBBLIzZbuzQ6sAjDKKioKJy7+ENuki +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.unlocked.key b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.unlocked.key new file mode 100644 index 000000000..74b350175 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.net/server2.example.net/server2.example.net.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBAKF7selnVCucau8PnjAhaNohBBglGKZqnOB+gJoMZoJRH653ZyjL +/3y0SaTFDHuuWtnyD3TGmTurl/3wQ2EnlI8CAwEAAQJAGXXkRjWperrNzWV7/oC2 +BHZiK+Blc4+prmejpSZBX1hk5XFL8vMx3H1yYnYj3LLr2MzuZ7W410GXBvZkfOy5 +uQIhANSjR5qV2dgzdI7nTjPXZOVPHfh9S4RbgCa8nbm+Yg59AiEAwmnlkEP8BMHx +8GeuItJyuIQYXU/TRFIAB5N9nDWO4PsCIFvZj/OJaUlHqMCVz6T7FL0suMB+tuEc +eTXCYcs7HrYtAiEAi4ivv+xbbBq7B72SSOHcfrwoNIi/bBCifs2H4N67zpMCIBpU +fl/bfvpZ2FtBsZ1yMTgTXzaZyOllhYkaZO3bvQYU +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/BLANK/CA.pem b/test/aux-fixed/exim-ca/example.org/BLANK/CA.pem new file mode 100644 index 000000000..bdb4c061b --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/BLANK/CA.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O +x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl +LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/BLANK/Signer.pem b/test/aux-fixed/exim-ca/example.org/BLANK/Signer.pem new file mode 100644 index 000000000..bbcf3ac09 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/BLANK/Signer.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/BLANK/cert8.db b/test/aux-fixed/exim-ca/example.org/BLANK/cert8.db new file mode 100644 index 000000000..173ac186a Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/BLANK/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/BLANK/key3.db b/test/aux-fixed/exim-ca/example.org/BLANK/key3.db new file mode 100644 index 000000000..f4cc9de79 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/BLANK/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/BLANK/pwdfile b/test/aux-fixed/exim-ca/example.org/BLANK/pwdfile new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/BLANK/pwdfile @@ -0,0 +1 @@ + diff --git a/test/aux-fixed/exim-ca/example.org/BLANK/secmod.db b/test/aux-fixed/exim-ca/example.org/BLANK/secmod.db new file mode 100644 index 000000000..8a8319376 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/BLANK/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/CA.pem b/test/aux-fixed/exim-ca/example.org/CA/CA.pem new file mode 100644 index 000000000..bdb4c061b --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/CA.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O +x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl +LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/OCSP.key b/test/aux-fixed/exim-ca/example.org/CA/OCSP.key new file mode 100644 index 000000000..4248964fd --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/OCSP.key @@ -0,0 +1,14 @@ +Bag Attributes + friendlyName: OCSP Signer + localKeyID: 89 7C 3C C4 3E 60 FD AA 47 69 0A 11 1B 17 C9 BD 6B D2 DA 1E +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAl1EzD7A3887Wit6D +uE5WOuTdCD4RVQFBa85RFHZd/Q3Yiw5SXh7gQaykL/4mrFHzgbKNgj6WmjBp4tNI +FQYqJQIDAQABAkBNigd/X46cef5IdRPMayAW19ZH9f5Nr/IFO1kjAjDRjfASDkBN +V/rMV+78Rh5fOAj1S74VILvKTaaLWhvkDOF1AiEAxxhzyV1rOrdo/tp7W6uD5m0g +OTxUZYn/6Ec/Kkb6SjsCIQDCkN8rSD+IkhJ3zQOvCi2Onxjon5mE4mkbhZLq84W3 +HwIhAJbbRlCbwnY5JwuEjNgG++iLY1E7D0/o4skjww7LvTalAiBCCbH1mtwVmp6y +Et/BNY8o7U8jBaixtbc/JCMto+IquQIhAI6flaLC9nQbBh6BX6GVeGu3XS9M/jFe +EK9fMWn71opJ +-----END PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/OCSP.p12 b/test/aux-fixed/exim-ca/example.org/CA/OCSP.p12 new file mode 100644 index 000000000..e247406e2 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/CA/OCSP.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/OCSP.pem b/test/aux-fixed/exim-ca/example.org/CA/OCSP.pem new file mode 100644 index 000000000..287e61e12 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/OCSP.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBgDCCASqgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMloXDTM4MDEwMTEyMzQwMlowMjEUMBIGA1UEChMLZXhhbXBsZS5vcmcxGjAY +BgNVBAMTEWNsaWNhIE9DU1AgU2lnbmVyMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB +AJdRMw+wN/PO1oreg7hOVjrk3Qg+EVUBQWvOURR2Xf0N2IsOUl4e4EGspC/+JqxR +84GyjYI+lpowaeLTSBUGKiUCAwEAAaMqMCgwDgYDVR0PAQH/BAQDAgeAMBYGA1Ud +JQEB/wQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA0EAZe2NAm2FGEJuLkyZ +AiGPi2pdu5ngE+vQhyTFR3EJ4L6HDkNGE5Mv7lrsSSWU47N3R+Oo+glEau6SyTb1 +zMIYxQ== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/Signer.pem b/test/aux-fixed/exim-ca/example.org/CA/Signer.pem new file mode 100644 index 000000000..bbcf3ac09 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/Signer.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/ca.conf b/test/aux-fixed/exim-ca/example.org/CA/ca.conf new file mode 100644 index 000000000..9d6d2ed78 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/ca.conf @@ -0,0 +1,18 @@ +; Config::Simple 4.59 +; Thu Nov 1 12:34:02 2012 + +[CLICA] +crl_url=http://crl.example.org/latest.crl +crl_signer=Signing Cert +level=1 +signer=Signing Cert +ocsp_signer=OCSP Signer +ocsp_url=http://oscp/example.org/ + +[CA] +org=example.org +subject=clica CA +name=Certificate Authority +bits=512 + + diff --git a/test/aux-fixed/exim-ca/example.org/CA/cert8.db b/test/aux-fixed/exim-ca/example.org/CA/cert8.db new file mode 100644 index 000000000..7f25f8d49 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/CA/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.empty b/test/aux-fixed/exim-ca/example.org/CA/crl.empty new file mode 100644 index 000000000..f35edb0c1 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/CA/crl.empty differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.empty.in.txt b/test/aux-fixed/exim-ca/example.org/CA/crl.empty.in.txt new file mode 100644 index 000000000..250311c00 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/crl.empty.in.txt @@ -0,0 +1 @@ +update=20130127152434Z diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.empty.pem b/test/aux-fixed/exim-ca/example.org/CA/crl.empty.pem new file mode 100644 index 000000000..292e8712d --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/crl.empty.pem @@ -0,0 +1,6 @@ +-----BEGIN X509 CRL----- +MIGsMFgCAQEwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhhbXBsZS5vcmcx +GzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydBgPMjAxMzAxMjcxNTI0MzRaMA0G +CSqGSIb3DQEBBQUAA0EAL3N9NbP2jClLBlaFsAFB959JN6Hm7B6H5uYdGo55Rvt6 +1BZvz36DEQemcEmzrelVOR+bCBTTBkH8SC6jv9dsAQ== +-----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.v2 b/test/aux-fixed/exim-ca/example.org/CA/crl.v2 new file mode 100644 index 000000000..8c7f4d421 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/CA/crl.v2 differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.v2.in.txt b/test/aux-fixed/exim-ca/example.org/CA/crl.v2.in.txt new file mode 100644 index 000000000..434045ffe --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/crl.v2.in.txt @@ -0,0 +1,3 @@ +update=20130127152437Z +addcert 102 20130127152437Z +addcert 202 20130127152437Z diff --git a/test/aux-fixed/exim-ca/example.org/CA/crl.v2.pem b/test/aux-fixed/exim-ca/example.org/CA/crl.v2.pem new file mode 100644 index 000000000..bff595325 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/crl.v2.pem @@ -0,0 +1,7 @@ +-----BEGIN X509 CRL----- +MIHcMIGHAgEBMA0GCSqGSIb3DQEBBQUAMDMxFDASBgNVBAoTC2V4YW1wbGUub3Jn +MRswGQYDVQQDExJjbGljYSBTaWduaW5nIENlcnQYDzIwMTMwMTI3MTUyNDM3WjAt +MBQCAWYYDzIwMTMwMTI3MTUyNDM3WjAVAgIAyhgPMjAxMzAxMjcxNTI0MzdaMA0G +CSqGSIb3DQEBBQUAA0EAVWskomLMAt1QAPrpuIC7WsNrAmPRG1XL+Ggm8d4rESya +WGQxA0p4ZM6THLfJ3ZWAxlMHEGVkqAUQpUnZhNHmEQ== +-----END X509 CRL----- diff --git a/test/aux-fixed/exim-ca/example.org/CA/index.revoked.txt b/test/aux-fixed/exim-ca/example.org/CA/index.revoked.txt new file mode 100644 index 000000000..8c67708d8 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/index.revoked.txt @@ -0,0 +1,6 @@ +R 130110200751Z 100201142709Z,superseded 65 unknown CN=server1.example.org +R 130110200751Z 100201142709Z,superseded 66 unknown CN=revoked1.example.org +R 130110200751Z 100201142709Z,superseded 67 unknown CN=expired1.example.org +R 130110200751Z 100201142709Z,superseded c9 unknown CN=server2.example.org +R 130110200751Z 100201142709Z,superseded ca unknown CN=revoked2.example.org +R 130110200751Z 100201142709Z,superseded cb unknown CN=expired2.example.org diff --git a/test/aux-fixed/exim-ca/example.org/CA/index.valid.txt b/test/aux-fixed/exim-ca/example.org/CA/index.valid.txt new file mode 100644 index 000000000..c8fd76ee8 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/index.valid.txt @@ -0,0 +1,6 @@ +V 130110200751Z 65 unknown CN=server1.example.org +V 130110200751Z 66 unknown CN=revoked1.example.org +V 130110200751Z 67 unknown CN=expired1.example.org +V 130110200751Z c9 unknown CN=server2.example.org +V 130110200751Z ca unknown CN=revoked2.example.org +V 130110200751Z cb unknown CN=expired2.example.org diff --git a/test/aux-fixed/exim-ca/example.org/CA/key3.db b/test/aux-fixed/exim-ca/example.org/CA/key3.db new file mode 100644 index 000000000..e11319ff8 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/CA/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/CA/noise.file b/test/aux-fixed/exim-ca/example.org/CA/noise.file new file mode 100644 index 000000000..864164815 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/noise.file @@ -0,0 +1,342 @@ +processor : 0 +vendor_id : GenuineIntel +cpu family : 6 +model : 26 +model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz +stepping : 5 +cpu MHz : 2260.628 +cache size : 8192 KB +fpu : yes +fpu_exception : yes +cpuid level : 11 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts +bogomips : 4521.25 +clflush size : 64 +cache_alignment : 64 +address sizes : 40 bits physical, 48 bits virtual +power management: + +processor : 1 +vendor_id : GenuineIntel +cpu family : 6 +model : 26 +model name : Intel(R) Xeon(R) CPU E5520 @ 2.27GHz +stepping : 5 +cpu MHz : 2260.628 +cache size : 8192 KB +fpu : yes +fpu_exception : yes +cpuid level : 11 +wp : yes +flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni ssse3 cx16 sse4_1 sse4_2 x2apic popcnt hypervisor lahf_lm ida dts +bogomips : 4521.25 +clflush size : 64 +cache_alignment : 64 +address sizes : 40 bits physical, 48 bits virtual +power management: + + CPU0 CPU1 + 0: 2481 0 IO-APIC-edge timer + 1: 21441 346 IO-APIC-edge i8042 + 3: 1 0 IO-APIC-edge + 4: 1 0 IO-APIC-edge + 7: 0 0 IO-APIC-edge parport0 + 8: 1 0 IO-APIC-edge rtc0 + 9: 0 0 IO-APIC-fasteoi acpi + 12: 78986 1718 IO-APIC-edge i8042 + 14: 0 0 IO-APIC-edge ata_piix + 15: 2423330 1435 IO-APIC-edge ata_piix + 16: 1025 0 IO-APIC-fasteoi Ensoniq AudioPCI + 17: 239850 2559 IO-APIC-fasteoi ehci_hcd:usb1, ioc0 + 18: 246 0 IO-APIC-fasteoi uhci_hcd:usb2 + 19: 1868741 51479 IO-APIC-fasteoi eth0 + 24: 0 0 PCI-MSI-edge pciehp + 25: 0 0 PCI-MSI-edge pciehp + 26: 0 0 PCI-MSI-edge pciehp + 27: 0 0 PCI-MSI-edge pciehp + 28: 0 0 PCI-MSI-edge pciehp + 29: 0 0 PCI-MSI-edge pciehp + 30: 0 0 PCI-MSI-edge pciehp + 31: 0 0 PCI-MSI-edge pciehp + 32: 0 0 PCI-MSI-edge pciehp + 33: 0 0 PCI-MSI-edge pciehp + 34: 0 0 PCI-MSI-edge pciehp + 35: 0 0 PCI-MSI-edge pciehp + 36: 0 0 PCI-MSI-edge pciehp + 37: 0 0 PCI-MSI-edge pciehp + 38: 0 0 PCI-MSI-edge pciehp + 39: 0 0 PCI-MSI-edge pciehp + 40: 0 0 PCI-MSI-edge pciehp + 41: 0 0 PCI-MSI-edge pciehp + 42: 0 0 PCI-MSI-edge pciehp + 43: 0 0 PCI-MSI-edge pciehp + 44: 0 0 PCI-MSI-edge pciehp + 45: 0 0 PCI-MSI-edge pciehp + 46: 0 0 PCI-MSI-edge pciehp + 47: 0 0 PCI-MSI-edge pciehp + 48: 0 0 PCI-MSI-edge pciehp + 49: 0 0 PCI-MSI-edge pciehp + 50: 0 0 PCI-MSI-edge pciehp + 51: 0 0 PCI-MSI-edge pciehp + 52: 0 0 PCI-MSI-edge pciehp + 53: 0 0 PCI-MSI-edge pciehp + 54: 0 0 PCI-MSI-edge pciehp + 55: 0 0 PCI-MSI-edge pciehp + 56: 1 0 PCI-MSI-edge vmci + 57: 0 0 PCI-MSI-edge vmci +NMI: 0 0 Non-maskable interrupts +LOC: 12398298 14241637 Local timer interrupts +SPU: 0 0 Spurious interrupts +PMI: 0 0 Performance monitoring interrupts +IWI: 0 0 IRQ work interrupts +RES: 282673 309097 Rescheduling interrupts +CAL: 1955 163548 Function call interrupts +TLB: 17977 15562 TLB shootdowns +TRM: 0 0 Thermal event interrupts +THR: 0 0 Threshold APIC interrupts +MCE: 0 0 Machine check exceptions +MCP: 2310 2310 Machine check polls +ERR: 0 +MIS: 0 +MemTotal: 1914844 kB +MemFree: 134216 kB +Buffers: 142048 kB +Cached: 952796 kB +SwapCached: 108 kB +Active: 981384 kB +Inactive: 540556 kB +Active(anon): 287092 kB +Inactive(anon): 143480 kB +Active(file): 694292 kB +Inactive(file): 397076 kB +Unevictable: 0 kB +Mlocked: 0 kB +SwapTotal: 4194296 kB +SwapFree: 4193560 kB +Dirty: 1732 kB +Writeback: 0 kB +AnonPages: 427116 kB +Mapped: 70924 kB +Shmem: 3400 kB +Slab: 190944 kB +SReclaimable: 125404 kB +SUnreclaim: 65540 kB +KernelStack: 2312 kB +PageTables: 23536 kB +NFS_Unstable: 0 kB +Bounce: 0 kB +WritebackTmp: 0 kB +CommitLimit: 5151716 kB +Committed_AS: 973184 kB +VmallocTotal: 34359738367 kB +VmallocUsed: 280772 kB +VmallocChunk: 34359441168 kB +HardwareCorrupted: 0 kB +AnonHugePages: 249856 kB +HugePages_Total: 0 +HugePages_Free: 0 +HugePages_Rsvd: 0 +HugePages_Surp: 0 +Hugepagesize: 2048 kB +DirectMap4k: 8192 kB +DirectMap2M: 2088960 kB +slabinfo - version: 2.1 +# name : tunables : slabdata +bridge_fdb_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +fuse_request 0 0 632 6 1 : tunables 54 27 8 : slabdata 0 0 0 +fuse_inode 0 0 768 5 1 : tunables 54 27 8 : slabdata 0 0 0 +rpc_buffers 8 8 2048 2 1 : tunables 24 12 8 : slabdata 4 4 0 +rpc_tasks 8 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +rpc_inode_cache 8 8 832 4 1 : tunables 54 27 8 : slabdata 2 2 0 +hgfsInodeCache 1 6 640 6 1 : tunables 54 27 8 : slabdata 1 1 0 +AF_VMCI 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +nf_conntrack_expect 0 0 240 16 1 : tunables 120 60 8 : slabdata 0 0 0 +nf_conntrack_ffffffff8200cec0 22 26 304 13 1 : tunables 54 27 8 : slabdata 2 2 0 +fib6_nodes 22 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0 +ip6_dst_cache 13 30 384 10 1 : tunables 54 27 8 : slabdata 3 3 0 +ndisc_cache 1 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +ip6_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +RAWv6 67 68 1024 4 1 : tunables 54 27 8 : slabdata 17 17 0 +UDPLITEv6 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +UDPv6 4 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0 +tw_sock_TCPv6 0 0 320 12 1 : tunables 54 27 8 : slabdata 0 0 0 +request_sock_TCPv6 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +TCPv6 9 10 1856 2 1 : tunables 24 12 8 : slabdata 5 5 0 +jbd2_1k 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +avtab_node 502203 502416 24 144 1 : tunables 120 60 8 : slabdata 3489 3489 0 +ext4_inode_cache 74816 74820 1024 4 1 : tunables 54 27 8 : slabdata 18705 18705 0 +ext4_xattr 9 44 88 44 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_free_block_extents 32 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_alloc_context 28 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_prealloc_space 18 37 104 37 1 : tunables 120 60 8 : slabdata 1 1 0 +ext4_system_zone 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0 +jbd2_journal_handle 32 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0 +jbd2_journal_head 74 102 112 34 1 : tunables 120 60 8 : slabdata 3 3 0 +jbd2_revoke_table 4 202 16 202 1 : tunables 120 60 8 : slabdata 1 1 0 +jbd2_revoke_record 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +dm_crypt_io 50 50 152 25 1 : tunables 120 60 8 : slabdata 2 2 0 +sd_ext_cdb 2 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0 +scsi_sense_cache 25 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0 +scsi_cmd_cache 28 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0 +dm_raid1_read_record 0 0 1064 7 2 : tunables 24 12 8 : slabdata 0 0 0 +kcopyd_job 0 0 3240 2 2 : tunables 24 12 8 : slabdata 0 0 0 +io 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +dm_uevent 0 0 2608 3 2 : tunables 24 12 8 : slabdata 0 0 0 +dm_rq_clone_bio_info 0 0 16 202 1 : tunables 120 60 8 : slabdata 0 0 0 +dm_rq_target_io 0 0 392 10 1 : tunables 54 27 8 : slabdata 0 0 0 +dm_target_io 844 864 24 144 1 : tunables 120 60 8 : slabdata 6 6 0 +dm_io 828 828 40 92 1 : tunables 120 60 8 : slabdata 9 9 0 +flow_cache 0 0 96 40 1 : tunables 120 60 8 : slabdata 0 0 0 +uhci_urb_priv 6 67 56 67 1 : tunables 120 60 8 : slabdata 1 1 0 +cfq_io_context 4 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0 +cfq_queue 5 16 240 16 1 : tunables 120 60 8 : slabdata 1 1 0 +bsg_cmd 0 0 312 12 1 : tunables 54 27 8 : slabdata 0 0 0 +mqueue_inode_cache 1 4 896 4 1 : tunables 54 27 8 : slabdata 1 1 0 +isofs_inode_cache 0 0 640 6 1 : tunables 54 27 8 : slabdata 0 0 0 +hugetlbfs_inode_cache 1 6 608 6 1 : tunables 54 27 8 : slabdata 1 1 0 +dquot 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +kioctx 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0 +kiocb 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +inotify_event_private_data 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +inotify_inode_mark_entry 186 204 112 34 1 : tunables 120 60 8 : slabdata 6 6 0 +dnotify_mark_entry 1 34 112 34 1 : tunables 120 60 8 : slabdata 1 1 0 +dnotify_struct 1 112 32 112 1 : tunables 120 60 8 : slabdata 1 1 0 +fasync_cache 6 144 24 144 1 : tunables 120 60 8 : slabdata 1 1 0 +khugepaged_mm_slot 83 92 40 92 1 : tunables 120 60 8 : slabdata 1 1 0 +ksm_mm_slot 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +ksm_stable_node 0 0 40 92 1 : tunables 120 60 8 : slabdata 0 0 0 +ksm_rmap_item 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +utrace_engine 0 0 56 67 1 : tunables 120 60 8 : slabdata 0 0 0 +utrace 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +pid_namespace 0 0 2120 3 2 : tunables 24 12 8 : slabdata 0 0 0 +nsproxy 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +posix_timers_cache 0 0 176 22 1 : tunables 120 60 8 : slabdata 0 0 0 +uid_cache 10 60 128 30 1 : tunables 120 60 8 : slabdata 2 2 0 +UNIX 459 480 768 5 1 : tunables 54 27 8 : slabdata 96 96 0 +ip_mrt_cache 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +UDP-Lite 0 0 832 9 2 : tunables 54 27 8 : slabdata 0 0 0 +tcp_bind_bucket 15 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0 +inet_peer_cache 4 59 64 59 1 : tunables 120 60 8 : slabdata 1 1 0 +secpath_cache 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +xfrm_dst_cache 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0 +ip_fib_alias 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +ip_fib_hash 10 106 72 53 1 : tunables 120 60 8 : slabdata 2 2 0 +ip_dst_cache 29 50 384 10 1 : tunables 54 27 8 : slabdata 5 5 0 +arp_cache 4 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +RAW 65 72 832 9 2 : tunables 54 27 8 : slabdata 8 8 0 +UDP 6 18 832 9 2 : tunables 54 27 8 : slabdata 2 2 0 +tw_sock_TCP 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +request_sock_TCP 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +TCP 20 24 1664 4 2 : tunables 24 12 8 : slabdata 6 6 0 +eventpoll_pwq 126 212 72 53 1 : tunables 120 60 8 : slabdata 4 4 0 +eventpoll_epi 126 180 128 30 1 : tunables 120 60 8 : slabdata 6 6 0 +sgpool-128 2 2 4096 1 1 : tunables 24 12 8 : slabdata 2 2 0 +sgpool-64 2 2 2048 2 1 : tunables 24 12 8 : slabdata 1 1 0 +sgpool-32 2 4 1024 4 1 : tunables 54 27 8 : slabdata 1 1 0 +sgpool-16 2 8 512 8 1 : tunables 54 27 8 : slabdata 1 1 0 +sgpool-8 15 15 256 15 1 : tunables 120 60 8 : slabdata 1 1 0 +scsi_data_buffer 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0 +blkdev_integrity 0 0 112 34 1 : tunables 120 60 8 : slabdata 0 0 0 +blkdev_queue 29 30 2856 2 2 : tunables 24 12 8 : slabdata 15 15 0 +blkdev_requests 42 66 352 11 1 : tunables 54 27 8 : slabdata 5 6 0 +blkdev_ioc 5 48 80 48 1 : tunables 120 60 8 : slabdata 1 1 0 +fsnotify_event_holder 0 0 24 144 1 : tunables 120 60 8 : slabdata 0 0 0 +fsnotify_event 0 0 104 37 1 : tunables 120 60 8 : slabdata 0 0 0 +bio-0 180 180 192 20 1 : tunables 120 60 8 : slabdata 9 9 0 +biovec-256 66 66 4096 1 1 : tunables 24 12 8 : slabdata 66 66 0 +biovec-128 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0 +biovec-64 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +biovec-16 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +bip-256 2 2 4224 1 2 : tunables 8 4 0 : slabdata 2 2 0 +bip-128 0 0 2176 3 2 : tunables 24 12 8 : slabdata 0 0 0 +bip-64 0 0 1152 7 2 : tunables 24 12 8 : slabdata 0 0 0 +bip-16 0 0 384 10 1 : tunables 54 27 8 : slabdata 0 0 0 +bip-4 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +bip-1 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +sock_inode_cache 667 685 704 5 1 : tunables 54 27 8 : slabdata 137 137 0 +skbuff_fclone_cache 35 35 512 7 1 : tunables 54 27 8 : slabdata 5 5 0 +skbuff_head_cache 302 450 256 15 1 : tunables 120 60 8 : slabdata 30 30 0 +file_lock_cache 38 44 176 22 1 : tunables 120 60 8 : slabdata 2 2 0 +net_namespace 0 0 2112 3 2 : tunables 24 12 8 : slabdata 0 0 0 +shmem_inode_cache 774 775 800 5 1 : tunables 54 27 8 : slabdata 155 155 0 +Acpi-Operand 4563 4664 72 53 1 : tunables 120 60 8 : slabdata 88 88 0 +Acpi-ParseExt 0 0 72 53 1 : tunables 120 60 8 : slabdata 0 0 0 +Acpi-Parse 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +Acpi-State 0 0 80 48 1 : tunables 120 60 8 : slabdata 0 0 0 +Acpi-Namespace 3311 3312 40 92 1 : tunables 120 60 8 : slabdata 36 36 0 +task_delay_info 332 340 112 34 1 : tunables 120 60 8 : slabdata 10 10 0 +taskstats 5 12 328 12 1 : tunables 54 27 8 : slabdata 1 1 0 +proc_inode_cache 1008 1008 640 6 1 : tunables 54 27 8 : slabdata 168 168 0 +sigqueue 35 48 160 24 1 : tunables 120 60 8 : slabdata 2 2 0 +bdev_cache 32 36 832 4 1 : tunables 54 27 8 : slabdata 9 9 0 +sysfs_dir_cache 11356 11367 144 27 1 : tunables 120 60 8 : slabdata 421 421 0 +mnt_cache 37 45 256 15 1 : tunables 120 60 8 : slabdata 3 3 0 +filp 4614 4700 192 20 1 : tunables 120 60 8 : slabdata 235 235 0 +inode_cache 6883 7308 592 6 1 : tunables 54 27 8 : slabdata 1218 1218 0 +dentry 61120 63960 192 20 1 : tunables 120 60 8 : slabdata 3198 3198 0 +names_cache 26 26 4096 1 1 : tunables 24 12 8 : slabdata 26 26 0 +avc_node 518 1239 64 59 1 : tunables 120 60 8 : slabdata 21 21 0 +selinux_inode_security 84146 86072 72 53 1 : tunables 120 60 8 : slabdata 1624 1624 0 +radix_tree_node 11579 11781 560 7 1 : tunables 54 27 8 : slabdata 1683 1683 0 +key_jar 11 20 192 20 1 : tunables 120 60 8 : slabdata 1 1 0 +buffer_head 221286 230214 104 37 1 : tunables 120 60 8 : slabdata 6222 6222 0 +vm_area_struct 12992 13034 200 19 1 : tunables 120 60 8 : slabdata 686 686 60 +mm_struct 145 145 1408 5 2 : tunables 24 12 8 : slabdata 29 29 0 +fs_cache 177 177 64 59 1 : tunables 120 60 8 : slabdata 3 3 0 +files_cache 162 165 704 11 2 : tunables 54 27 8 : slabdata 15 15 0 +signal_cache 208 208 1024 4 1 : tunables 54 27 8 : slabdata 52 52 0 +sighand_cache 198 198 2112 3 2 : tunables 24 12 8 : slabdata 66 66 0 +task_xstate 232 232 512 8 1 : tunables 54 27 8 : slabdata 29 29 0 +task_struct 303 303 2656 3 2 : tunables 24 12 8 : slabdata 101 101 0 +cred_jar 580 580 192 20 1 : tunables 120 60 8 : slabdata 29 29 0 +anon_vma_chain 7904 8162 48 77 1 : tunables 120 60 8 : slabdata 106 106 60 +anon_vma 5773 5888 40 92 1 : tunables 120 60 8 : slabdata 64 64 0 +pid 322 330 128 30 1 : tunables 120 60 8 : slabdata 11 11 0 +shared_policy_node 0 0 48 77 1 : tunables 120 60 8 : slabdata 0 0 0 +numa_policy 1 28 136 28 1 : tunables 120 60 8 : slabdata 1 1 0 +idr_layer_cache 428 434 544 7 1 : tunables 54 27 8 : slabdata 62 62 0 +size-4194304(DMA) 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0 +size-4194304 0 0 4194304 1 1024 : tunables 1 1 0 : slabdata 0 0 0 +size-2097152(DMA) 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0 +size-2097152 0 0 2097152 1 512 : tunables 1 1 0 : slabdata 0 0 0 +size-1048576(DMA) 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0 +size-1048576 0 0 1048576 1 256 : tunables 1 1 0 : slabdata 0 0 0 +size-524288(DMA) 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0 +size-524288 0 0 524288 1 128 : tunables 1 1 0 : slabdata 0 0 0 +size-262144(DMA) 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0 +size-262144 0 0 262144 1 64 : tunables 1 1 0 : slabdata 0 0 0 +size-131072(DMA) 0 0 131072 1 32 : tunables 8 4 0 : slabdata 0 0 0 +size-131072 1 1 131072 1 32 : tunables 8 4 0 : slabdata 1 1 0 +size-65536(DMA) 0 0 65536 1 16 : tunables 8 4 0 : slabdata 0 0 0 +size-65536 2 2 65536 1 16 : tunables 8 4 0 : slabdata 2 2 0 +size-32768(DMA) 0 0 32768 1 8 : tunables 8 4 0 : slabdata 0 0 0 +size-32768 3 3 32768 1 8 : tunables 8 4 0 : slabdata 3 3 0 +size-16384(DMA) 0 0 16384 1 4 : tunables 8 4 0 : slabdata 0 0 0 +size-16384 12 12 16384 1 4 : tunables 8 4 0 : slabdata 12 12 0 +size-8192(DMA) 0 0 8192 1 2 : tunables 8 4 0 : slabdata 0 0 0 +size-8192 27 27 8192 1 2 : tunables 8 4 0 : slabdata 27 27 0 +size-4096(DMA) 0 0 4096 1 1 : tunables 24 12 8 : slabdata 0 0 0 +size-4096 425 425 4096 1 1 : tunables 24 12 8 : slabdata 425 425 0 +size-2048(DMA) 0 0 2048 2 1 : tunables 24 12 8 : slabdata 0 0 0 +size-2048 578 578 2048 2 1 : tunables 24 12 8 : slabdata 289 289 0 +size-1024(DMA) 0 0 1024 4 1 : tunables 54 27 8 : slabdata 0 0 0 +size-1024 1332 1332 1024 4 1 : tunables 54 27 8 : slabdata 333 333 0 +size-512(DMA) 0 0 512 8 1 : tunables 54 27 8 : slabdata 0 0 0 +size-512 1123 1176 512 8 1 : tunables 54 27 8 : slabdata 147 147 0 +size-256(DMA) 0 0 256 15 1 : tunables 120 60 8 : slabdata 0 0 0 +size-256 930 930 256 15 1 : tunables 120 60 8 : slabdata 62 62 0 +size-192(DMA) 0 0 192 20 1 : tunables 120 60 8 : slabdata 0 0 0 +size-192 2119 2160 192 20 1 : tunables 120 60 8 : slabdata 108 108 0 +size-128(DMA) 0 0 128 30 1 : tunables 120 60 8 : slabdata 0 0 0 +size-64(DMA) 0 0 64 59 1 : tunables 120 60 8 : slabdata 0 0 0 +size-64 33063 40887 64 59 1 : tunables 120 60 8 : slabdata 693 693 60 +size-32(DMA) 0 0 32 112 1 : tunables 120 60 8 : slabdata 0 0 0 +size-128 3921 4800 128 30 1 : tunables 120 60 8 : slabdata 160 160 0 +size-32 332419 332976 32 112 1 : tunables 120 60 8 : slabdata 2973 2973 60 +kmem_cache 191 191 32896 1 16 : tunables 8 4 0 : slabdata 191 191 0 +Inter-| Receive | Transmit + face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed + lo:267102759 105357 0 0 0 0 0 0 267102759 105357 0 0 0 0 0 0 + eth0:1013758516 1354506 0 0 0 0 0 0 245531629 966810 0 0 0 0 0 0 + pan0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 diff --git a/test/aux-fixed/exim-ca/example.org/CA/pwdfile b/test/aux-fixed/exim-ca/example.org/CA/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/CA/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.org/CA/secmod.db b/test/aux-fixed/exim-ca/example.org/CA/secmod.db new file mode 100644 index 000000000..c7f115bd6 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/CA/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/expired1.example.org/ca_chain.pem new file mode 100644 index 000000000..45c5c6329 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired1.example.org/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.org/CN=clica Signing Cert +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.org/CN=clica CA +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O +x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl +LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: expired1.example.org + localKeyID: 0B 77 EA 83 E1 31 8B 71 88 DB 88 4E DE 08 91 19 A5 4A 4D A6 +subject=/CN=expired1.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwM1oXDTEyMTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA4TTv655lwyf5lL4RkuLHqPdg +mXI36dkjEL/864WoszwLRYYfnlOj4hmKfjq9VoslfDRnOoZSm0NebJJ9Y/ea2wID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w +bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EABG4yReI+VPyFc3kEejJr31rOi3BpgEfP +FsN+9WoTa0B+VW125F47/FySYat+M6KBSW8fe6HFexU6FXQF+mCNvQ== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/expired1.example.org/cert8.db new file mode 100644 index 000000000..133a82f80 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.chain.pem new file mode 100644 index 000000000..d4f9ee3f3 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: expired1.example.org + localKeyID: 0B 77 EA 83 E1 31 8B 71 88 DB 88 4E DE 08 91 19 A5 4A 4D A6 +subject=/CN=expired1.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwM1oXDTEyMTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA4TTv655lwyf5lL4RkuLHqPdg +mXI36dkjEL/864WoszwLRYYfnlOj4hmKfjq9VoslfDRnOoZSm0NebJJ9Y/ea2wID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w +bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EABG4yReI+VPyFc3kEejJr31rOi3BpgEfP +FsN+9WoTa0B+VW125F47/FySYat+M6KBSW8fe6HFexU6FXQF+mCNvQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.key b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.key new file mode 100644 index 000000000..fab90976d --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: expired1.example.org + localKeyID: 0B 77 EA 83 E1 31 8B 71 88 DB 88 4E DE 08 91 19 A5 4A 4D A6 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIL+kummor3pQCAggA +MBQGCCqGSIb3DQMHBAhpvl78t5As+QSCAWBlOt1XpYY+o5G0MSANfiL7BfKlwwYh +MDpKzsNWfwxrNZNmeT293TKVlXEav4FsEnbU0yVJ0HSLC1peXM32mjdezDdMQAwq +QPrIRj5r5m4mTTWhUPnDUrzdwrYbD4flg0H6eO7gX1w2gJw8E/LS8nhAy6ZOfEvL +jlghGljcALDPVDvNEAtcx+Wd4p71vp6wm/3kl3SAl7WXO1HcKwYYIEEL9DFZ/P4n +kqlgCu3pcgKbH9HHjImOkYRWP2Poy3OLJ7h+i/rIEaxiaJFt/1zTm+DxkkM6nbwR +2C0VnX6/gSbpz58xBlJUMiZqvh9ciFhuLCYeiJx+HnKKzTEIfnSyKV7Y7GSzqkUE +kKPVa6NTXq0nlH1fuecTGv3iUE4AXWJPmGNYS0caR8oTFd5pFlOQGazRjLDxTIb/ +N6zXiTCpQt4MWHi71a/GnfUrv0e/Bl24ARJnVWcP4brT8jA/oiPeQGEq +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.dated.resp new file mode 100644 index 000000000..0825ec70a Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.good.resp new file mode 100644 index 000000000..e786da6b8 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.req new file mode 100644 index 000000000..75ffacf13 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.revoked.resp new file mode 100644 index 000000000..f8709f45d Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.p12 b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.p12 new file mode 100644 index 000000000..f7ef5e605 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.pem b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.pem new file mode 100644 index 000000000..13da50bbc --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: expired1.example.org + localKeyID: 0B 77 EA 83 E1 31 8B 71 88 DB 88 4E DE 08 91 19 A5 4A 4D A6 +subject=/CN=expired1.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZzANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwM1oXDTEyMTIwMTEyMzQwM1owHzEdMBsGA1UEAxMUZXhwaXJlZDEuZXhhbXBs +ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA4TTv655lwyf5lL4RkuLHqPdg +mXI36dkjEL/864WoszwLRYYfnlOj4hmKfjq9VoslfDRnOoZSm0NebJJ9Y/ea2wID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFGV4cGlyZWQxLmV4YW1w +bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EABG4yReI+VPyFc3kEejJr31rOi3BpgEfP +FsN+9WoTa0B+VW125F47/FySYat+M6KBSW8fe6HFexU6FXQF+mCNvQ== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.unlocked.key new file mode 100644 index 000000000..132d2da54 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired1.example.org/expired1.example.org.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOgIBAAJBAOE07+ueZcMn+ZS+EZLix6j3YJlyN+nZIxC//OuFqLM8C0WGH55T +o+IZin46vVaLJXw0ZzqGUptDXmySfWP3mtsCAwEAAQJAbjXB08TIeCDv+uKpJwDk +RMQK+gzzX/VrO5843umiDVPBs3FoDJJMMI1YIxiqmj61BNvh6YdTeYMbgsqdvUT/ +AQIhAP2hXPtUNCfSMbDZujRe7weCDynq2SdT9v5GwCABKNRLAiEA40+XExCBf3zV +Eibj6fEWBlJjQPjCEvFLkbeOi44UmbECIF8u9qkvkZ88J//ZxiKvWf80VSKDC1nS +DgihXqrkJIF/AiAhsUBhUQcA0I38fMs3d8ad9URE8xpBGIbs+FomkU64YQIhALds +zCAiNfSE9O4vQvnSlbPdKT5KSbux/uGuPIhK+RA0 +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/expired1.example.org/key3.db new file mode 100644 index 000000000..4122a84e9 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/pwdfile b/test/aux-fixed/exim-ca/example.org/expired1.example.org/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired1.example.org/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.org/expired1.example.org/secmod.db b/test/aux-fixed/exim-ca/example.org/expired1.example.org/secmod.db new file mode 100644 index 000000000..fb955213b Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired1.example.org/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/expired2.example.org/ca_chain.pem new file mode 100644 index 000000000..1ca5e2884 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.org/CN=clica Signing Cert +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.org/CN=clica CA +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O +x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl +LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: expired2.example.org + localKeyID: C5 6F 48 06 54 0E B3 BB 1A BF 6D F3 86 B8 E6 D7 37 A4 65 F3 +subject=/CN=expired2.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDNaFw0xMjEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK1KoNb3Cu3dTkQQssg1cXUb +0Oo/o0v/BCm5A9JjE8eL0K694hJrk2pSmI+nF1ujtC+0Ilylzd2JyXvyu6jZqRUC +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt +cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAATDk4AOeRU7z4FPpjK6J2BvKeStcuon +xoli6qipNnf95JXgo4ZOktbGD5eankcp4QRFEUMQ79DJuTCkOl/Zgs4= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/expired2.example.org/cert8.db new file mode 100644 index 000000000..24ee82e52 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.chain.pem new file mode 100644 index 000000000..3bbfb4cda --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: expired2.example.org + localKeyID: C5 6F 48 06 54 0E B3 BB 1A BF 6D F3 86 B8 E6 D7 37 A4 65 F3 +subject=/CN=expired2.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDNaFw0xMjEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK1KoNb3Cu3dTkQQssg1cXUb +0Oo/o0v/BCm5A9JjE8eL0K694hJrk2pSmI+nF1ujtC+0Ilylzd2JyXvyu6jZqRUC +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt +cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAATDk4AOeRU7z4FPpjK6J2BvKeStcuon +xoli6qipNnf95JXgo4ZOktbGD5eankcp4QRFEUMQ79DJuTCkOl/Zgs4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.key b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.key new file mode 100644 index 000000000..6bbf07ef7 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: expired2.example.org + localKeyID: C5 6F 48 06 54 0E B3 BB 1A BF 6D F3 86 B8 E6 D7 37 A4 65 F3 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIqYRYZdwd4cwCAggA +MBQGCCqGSIb3DQMHBAguS/XNjyFFMASCAWBxEYbvvuvMpVOunc6orT3lMpGxNbCV +kNeLvBHH2LkW1lQfLoo0zgqzyvjF7hTbeNm9NS8dL3ZzMG7Xb3hiR22ypuP7gdaA +NFxt7XfO7pCLsFScmOthYseIBvuxAGN8Qze2KDrXTVnOyrgPGk2q6XTIblUnGekt +MuxJAJIIGW0le9Ci23Z+156zv7BAPWiAR7qL4Lm6V3T4ppfSeGkpBhGVpCmdjnT1 +IhR4rcrLjvqE+QhqEY/gA4chFcnkZsmcLNjMAMgHXdsGgpkrv8WrbS4nTsNY71p5 +d+qA6Z6ORVyUOrxzr34NpAM9tpsvHniMEvlJAq5DMz64qnG/iZymTKH8tOhgvD9d +a7pENj+x1Eo+qb/2g6zut4+O5WnkWfXQXtuh+rnUOB09IteV33o8OYOlLR0eQxqJ +BOLi5FgNVfoSJuCZrR9oqufOb4ue7x7lmOw0r3EQYUp0weYLvDyh0ih+ +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.dated.resp new file mode 100644 index 000000000..44f9d0057 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.good.resp new file mode 100644 index 000000000..0760bb3fd Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.req new file mode 100644 index 000000000..96cb53d16 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.revoked.resp new file mode 100644 index 000000000..0760bb3fd Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.p12 b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.p12 new file mode 100644 index 000000000..5bd498bcc Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.pem b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.pem new file mode 100644 index 000000000..a2cdafe6d --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: expired2.example.org + localKeyID: C5 6F 48 06 54 0E B3 BB 1A BF 6D F3 86 B8 E6 D7 37 A4 65 F3 +subject=/CN=expired2.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMswDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDNaFw0xMjEyMDExMjM0MDNaMB8xHTAbBgNVBAMTFGV4cGlyZWQyLmV4YW1w +bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAK1KoNb3Cu3dTkQQssg1cXUb +0Oo/o0v/BCm5A9JjE8eL0K694hJrk2pSmI+nF1ujtC+0Ilylzd2JyXvyu6jZqRUC +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRleHBpcmVkMi5leGFt +cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAATDk4AOeRU7z4FPpjK6J2BvKeStcuon +xoli6qipNnf95JXgo4ZOktbGD5eankcp4QRFEUMQ79DJuTCkOl/Zgs4= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.unlocked.key new file mode 100644 index 000000000..873f59f33 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/expired2.example.org.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPAIBAAJBAK1KoNb3Cu3dTkQQssg1cXUb0Oo/o0v/BCm5A9JjE8eL0K694hJr +k2pSmI+nF1ujtC+0Ilylzd2JyXvyu6jZqRUCAwEAAQJBAIKMYjcPzW/89OVaHxWt +DVhIKE8Quhiaeaxk8Xgho9kDQXb9VUnY9uY+hQFL8jAlmr1xyqPL1ztA8Rx7b7DH +toECIQDifcfwxsjaF2XMdkDdEtmoYlEow5sRoGzgNz29EQtUiQIhAMPedhNwRb2J +0Vc6OgL4DCwu4oyjxcyGU3TywinwhCUtAiAnnYaGR87DzsngfGKWCIEHocK+VZBf +AedpRGBJHJ0VuQIhALHy6Ylthh7WGBfMcaoC22RE0FR/8hOHskjcyGQ7/IKdAiEA +lLVprJ0QmF5Z1+6RbIOcWwRWNOHEqAz4xY6HR65E2HE= +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/expired2.example.org/key3.db new file mode 100644 index 000000000..22278dd28 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/pwdfile b/test/aux-fixed/exim-ca/example.org/expired2.example.org/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/expired2.example.org/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.org/expired2.example.org/secmod.db b/test/aux-fixed/exim-ca/example.org/expired2.example.org/secmod.db new file mode 100644 index 000000000..7201c7262 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/expired2.example.org/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/ca_chain.pem new file mode 100644 index 000000000..6e4689902 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.org/CN=clica Signing Cert +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.org/CN=clica CA +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O +x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl +LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: revoked1.example.org + localKeyID: CB 4F CF EE 43 43 65 BB 23 74 E0 40 65 36 FE 99 31 DF AB A8 +subject=/CN=revoked1.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMloXDTM4MDEwMTEyMzQwMlowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtH5k2k62LbnSi/B5Bgxk+zMn +GiOYjeojLffbE73oSIws/sAwigOroZRxeDCK1Bvqlt3CsRlh1j7qGHTdf3JPEQID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w +bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EAh2MZRLrAaQlspQCSvzB8GauDjhyc1ZMz +/YeE550dEXzC3YtnTK6PKmDfm0xw/eVcSnwlsYUdLFzB5xBGbkxQbg== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/cert8.db new file mode 100644 index 000000000..276490b07 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/key3.db new file mode 100644 index 000000000..d0a1a89ea Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/pwdfile b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.chain.pem new file mode 100644 index 000000000..44a69f441 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: revoked1.example.org + localKeyID: CB 4F CF EE 43 43 65 BB 23 74 E0 40 65 36 FE 99 31 DF AB A8 +subject=/CN=revoked1.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMloXDTM4MDEwMTEyMzQwMlowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtH5k2k62LbnSi/B5Bgxk+zMn +GiOYjeojLffbE73oSIws/sAwigOroZRxeDCK1Bvqlt3CsRlh1j7qGHTdf3JPEQID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w +bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EAh2MZRLrAaQlspQCSvzB8GauDjhyc1ZMz +/YeE550dEXzC3YtnTK6PKmDfm0xw/eVcSnwlsYUdLFzB5xBGbkxQbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.key b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.key new file mode 100644 index 000000000..cd759c412 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: revoked1.example.org + localKeyID: CB 4F CF EE 43 43 65 BB 23 74 E0 40 65 36 FE 99 31 DF AB A8 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBnjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIYvHqW0ndOlQCAggA +MBQGCCqGSIb3DQMHBAgXAj3LlhSYaQSCAVhHtecAjwqd7AvQnGWaErxhdo/AMfio +SWCovkatfN0ExC0Q43QX2P7HKcP6ysQDg+oLHWiIP+2N6lOkQLBxF4KCAfEa9hcR +GJhbBDLiL5mNgfxdPzM+NUfxGainUfwiGFM5ZZg4vZgvP8hMoVeCRJ+sBP4rHzyw +0AdAMzAeJym8MVONUMadr/D7ReMGgxQdGGl/GrrmwOAeJNCh8KJVfI7hQZE0Ell7 +XWWZPl1VafuzErUz0Lm4NdbstlfpVE/ZWWuXCxGgJ5cPyMu5oloHPpPm+x0oR4Ik +NxPkXZ74OZtc58nTgh+SEVe/myWTujMdj9jCxfJknyAlMwZCv/wu/EwcRFopvo16 +zLCsb2x4+sW5Uhduv0mQYEIPBjl+9Eg5eHrX6z+E/AhikE3C7OmQ7MM/8PLPqoUo +xoXYK2O5seWWA5IjCbm7I9mMQpmZi847H9WpHLEaoh8gew== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.dated.resp new file mode 100644 index 000000000..5a1246638 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.good.resp new file mode 100644 index 000000000..30c30f669 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.req new file mode 100644 index 000000000..90263fdd8 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.revoked.resp new file mode 100644 index 000000000..6273c03e4 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.p12 b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.p12 new file mode 100644 index 000000000..c4392fc62 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.pem b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.pem new file mode 100644 index 000000000..70bea88ca --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: revoked1.example.org + localKeyID: CB 4F CF EE 43 43 65 BB 23 74 E0 40 65 36 FE 99 31 DF AB A8 +subject=/CN=revoked1.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBDCCAa6gAwIBAgIBZjANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMloXDTM4MDEwMTEyMzQwMlowHzEdMBsGA1UEAxMUcmV2b2tlZDEuZXhhbXBs +ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtH5k2k62LbnSi/B5Bgxk+zMn +GiOYjeojLffbE73oSIws/sAwigOroZRxeDCK1Bvqlt3CsRlh1j7qGHTdf3JPEQID +AQABo4HAMIG9MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5vcmcvMB8GA1UdEQQYMBaCFHJldm9rZWQxLmV4YW1w +bGUub3JnMA0GCSqGSIb3DQEBBQUAA0EAh2MZRLrAaQlspQCSvzB8GauDjhyc1ZMz +/YeE550dEXzC3YtnTK6PKmDfm0xw/eVcSnwlsYUdLFzB5xBGbkxQbg== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.unlocked.key new file mode 100644 index 000000000..47e917b54 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/revoked1.example.org.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOQIBAAJBALR+ZNpOti250ovweQYMZPszJxojmI3qIy332xO96EiMLP7AMIoD +q6GUcXgwitQb6pbdwrEZYdY+6hh03X9yTxECAwEAAQJADLoAyHfWVqEMnHtnPSrw +j9nKfwhVgGQq+NnKI7k3QK4rQX1Z+wfSw0rxpE5sFqDUVheeFY/IMolXD32zJwUM +pQIhAOEb6HbVqVqYr5lgN7CoRSVRXJEm1PvxmI6RKewtAPGTAiEAzUMl+oAfRboT +tywwc4N8MdvAAapLnP9u7NmhG7fP80sCIHkXgCdcrCs180/4ODzpZ7i5WagjUXLt +9XjLkdegJd/NAiAweI7bXK4F1S8arkCyxnXpgC8TNZetd1RGcg3tcbaViQIgIDmb +d9wZOnDeMg3BlC5X+zfOyiGk3+/Jnp7Msya+nfc= +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked1.example.org/secmod.db b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/secmod.db new file mode 100644 index 000000000..762183024 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked1.example.org/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/ca_chain.pem new file mode 100644 index 000000000..d36ac20bd --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.org/CN=clica Signing Cert +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.org/CN=clica CA +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O +x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl +LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: revoked2.example.org + localKeyID: B9 99 5C A3 65 F8 67 93 A4 96 45 B2 7C B6 64 28 CB 71 1D 6C +subject=/CN=revoked2.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDNaFw0zODAxMDExMjM0MDNaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLUlL/Fx0qhl0rhRZ3HTr+d +wbKi0cDyZa97S5EDr3Dq1qurHmEs92C6P27df1r6ltVT7O1xH1+s40hTL5yzQ3sC +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt +cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAC0aZSfdH/PlvY+jfQnVAkmmYyawPdSu +Osv4lwZYhBo2FSJdlufbwo3ElD4JK/BIHHTGiphM9++hpGLWaAcvT4k= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/cert8.db new file mode 100644 index 000000000..e1c3daeb5 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/key3.db new file mode 100644 index 000000000..52cfbc2ab Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/pwdfile b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.chain.pem new file mode 100644 index 000000000..7bc3981d3 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: revoked2.example.org + localKeyID: B9 99 5C A3 65 F8 67 93 A4 96 45 B2 7C B6 64 28 CB 71 1D 6C +subject=/CN=revoked2.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDNaFw0zODAxMDExMjM0MDNaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLUlL/Fx0qhl0rhRZ3HTr+d +wbKi0cDyZa97S5EDr3Dq1qurHmEs92C6P27df1r6ltVT7O1xH1+s40hTL5yzQ3sC +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt +cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAC0aZSfdH/PlvY+jfQnVAkmmYyawPdSu +Osv4lwZYhBo2FSJdlufbwo3ElD4JK/BIHHTGiphM9++hpGLWaAcvT4k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.key b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.key new file mode 100644 index 000000000..3c2d61283 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: revoked2.example.org + localKeyID: B9 99 5C A3 65 F8 67 93 A4 96 45 B2 7C B6 64 28 CB 71 1D 6C +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIatK6XJ1l+7MCAggA +MBQGCCqGSIb3DQMHBAjUZXz3pKENmgSCAWDbQs9Kd21OIstOoQdgYviX33loF2bH +wpn0IP4P/2dFUmK07M146AEwPgXTI/mCewMgJ/cRQqnFAyoE1hjbZnk3WRi2SRXs +dmIWAveseDuDsL7og72bHSvHIqsvcYs9SS8KBPCH6wY14a40QO1X26t7S8ZLTspu +4V/YSNNiug6n8Z3N1Y2tuWPC8CQ9bBtL2jcqZT0WBJ8BXtn69jmVSWNm1DBaByET +M4dqHGC//hFk1jnKBXaJ/VvBS5E6lOANwfUAr0gQT08NaJ7qJ6WUhpca7Rtky/KQ +/passZZKeu7/R8VyQLvfk+vH2wW+5EX8+WtutWQJycW57+pnoXORrvIz3lc6B/6+ +Q91EJzABv5n93nynoZgEEr4vKiCCmLGYYJEciqQTERzCDNw3P73R+sd9PiTrku9g +pKp12ieWWHZjeHcAMUZl8xWSytVT1fkeSPXcA43KoW93s78DegMh/HTr +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.dated.resp new file mode 100644 index 000000000..00a0d1c15 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.good.resp new file mode 100644 index 000000000..3e2585aa8 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.req new file mode 100644 index 000000000..0348f9836 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.revoked.resp new file mode 100644 index 000000000..3e2585aa8 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.p12 b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.p12 new file mode 100644 index 000000000..f71eda598 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.pem b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.pem new file mode 100644 index 000000000..9e24c7ce9 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: revoked2.example.org + localKeyID: B9 99 5C A3 65 F8 67 93 A4 96 45 B2 7C B6 64 28 CB 71 1D 6C +subject=/CN=revoked2.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICBTCCAa+gAwIBAgICAMowDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDNaFw0zODAxMDExMjM0MDNaMB8xHTAbBgNVBAMTFHJldm9rZWQyLmV4YW1w +bGUub3JnMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLUlL/Fx0qhl0rhRZ3HTr+d +wbKi0cDyZa97S5EDr3Dq1qurHmEs92C6P27df1r6ltVT7O1xH1+s40hTL5yzQ3sC +AwEAAaOBwDCBvTAOBgNVHQ8BAf8EBAMCBPAwIAYDVR0lAQH/BBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHA6Ly9jcmwuZXhhbXBs +ZS5vcmcvbGF0ZXN0LmNybDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 +dHA6Ly9vc2NwL2V4YW1wbGUub3JnLzAfBgNVHREEGDAWghRyZXZva2VkMi5leGFt +cGxlLm9yZzANBgkqhkiG9w0BAQUFAANBAC0aZSfdH/PlvY+jfQnVAkmmYyawPdSu +Osv4lwZYhBo2FSJdlufbwo3ElD4JK/BIHHTGiphM9++hpGLWaAcvT4k= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.unlocked.key new file mode 100644 index 000000000..c6895f73c --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/revoked2.example.org.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOwIBAAJBANLUlL/Fx0qhl0rhRZ3HTr+dwbKi0cDyZa97S5EDr3Dq1qurHmEs +92C6P27df1r6ltVT7O1xH1+s40hTL5yzQ3sCAwEAAQJBALGnYBCY3+4LbCk02iyx +nbHphSa5/HXRy82q32o66MMEGIfyMaluRfMoQHS9n3yieOn2i41s7+4w52ormZEx +hEECIQDpSgUGrakvx2mqhAxIkfYTJgS3bMUINlRveYpYNvL65QIhAOda2XxChB3H +TxTgJURPl1i4LOEm9ecMHlBNhzhadn7fAiEA0pp8BxdnkTaY8dLbs/fxCkBcKasM +BOnnN+ulNRYGLPECIDrXJFEyKZ/ZPQe2KkRBaeCqlt98pTXqIxuRXD684z5JAiBi +aAtGEXlUtwnseKyflSrEh0bAwnOsEEA7qEUCl/ExPw== +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/revoked2.example.org/secmod.db b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/secmod.db new file mode 100644 index 000000000..f7a91aa77 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/revoked2.example.org/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/server1.example.org/ca_chain.pem new file mode 100644 index 000000000..6cdbee1d5 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.org/CN=clica Signing Cert +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.org/CN=clica CA +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O +x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl +LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: server1.example.org + localKeyID: 5E 7F 83 85 31 F1 CA DC 88 07 2C 58 95 FA 36 16 65 F6 BB 8D +subject=/CN=server1.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMloXDTM4MDEwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm9yZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFIpfEcK4d3IEq3F7B6AIpepZk +mKln9pcCm0RbAxm77YlhHucDzyVu9rmW7XSW/c4Dv3clwzHLpaoF2KURKLZ7AgMB +AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu +b3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw +Oi8vb3NjcC9leGFtcGxlLm9yZy8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl +Lm9yZzANBgkqhkiG9w0BAQUFAANBACfk1MYCSbT2gbaT1Dv9FrMEybkFZtxUfz69 +Gnx/55Wfw936z2en+RImD3qF1qQxUwIMlWGm6SaitfmlQ5qVJ1A= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/server1.example.org/cert8.db new file mode 100644 index 000000000..c9c908afb Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server1.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/server1.example.org/key3.db new file mode 100644 index 000000000..db816ef71 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server1.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/pwdfile b/test/aux-fixed/exim-ca/example.org/server1.example.org/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/secmod.db b/test/aux-fixed/exim-ca/example.org/server1.example.org/secmod.db new file mode 100644 index 000000000..ac46b4820 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server1.example.org/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.chain.pem new file mode 100644 index 000000000..da4304077 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: server1.example.org + localKeyID: 5E 7F 83 85 31 F1 CA DC 88 07 2C 58 95 FA 36 16 65 F6 BB 8D +subject=/CN=server1.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMloXDTM4MDEwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm9yZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFIpfEcK4d3IEq3F7B6AIpepZk +mKln9pcCm0RbAxm77YlhHucDzyVu9rmW7XSW/c4Dv3clwzHLpaoF2KURKLZ7AgMB +AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu +b3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw +Oi8vb3NjcC9leGFtcGxlLm9yZy8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl +Lm9yZzANBgkqhkiG9w0BAQUFAANBACfk1MYCSbT2gbaT1Dv9FrMEybkFZtxUfz69 +Gnx/55Wfw936z2en+RImD3qF1qQxUwIMlWGm6SaitfmlQ5qVJ1A= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.key b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.key new file mode 100644 index 000000000..6e41e5008 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: server1.example.org + localKeyID: 5E 7F 83 85 31 F1 CA DC 88 07 2C 58 95 FA 36 16 65 F6 BB 8D +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIhfu7ElRn7TUCAggA +MBQGCCqGSIb3DQMHBAggde7b8jzc2ASCAWCNar4Td+ZM5Elbb16QeDTfzMoKoScb +jQo/GS7f5h4An9vh/aTaKBoWDQ8gLcvbTUlpGxRznGt9mmOk9AOWsd03rTJ3TUud ++Cm4GfyEslvF8zXSPgJOz4YMiMMNZF3sEGGxs+D6Dav7isMrAIE/Se4Uh3pBY3Fg +kio9fZfJSWorb3XO6LY9wyg33sz0ZxfhLfhenpeuveQfGuwc9l/DtYuhorqa4xXv ++T5W6HQ7g7nB/GMQF0rkm7BUSqawuLPK7ippBjpNg07iGOYNvQ5GKPahuBTbKyDc +7LYzGNjZ+mNyL8vDNkwcdnUUqIbYsdMqmEZX+cu2wugXF1GshI9krcDHBXGcZH4G +sogntcL8qR5KpPfBQCcp9An7TfLJkJtZOH6IYVZVy3/wb+OEou3UNckMe7PF8PWa +T6/N9/zs49U6RxiYn+Vz/x0hQmRbLvLEsbotT1WStJq8LkcI0Zu9cJab +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.dated.resp new file mode 100644 index 000000000..43bb173cc Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.good.resp new file mode 100644 index 000000000..752147977 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.req new file mode 100644 index 000000000..6ec207d4f Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.revoked.resp new file mode 100644 index 000000000..90cd6fad1 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.p12 b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.p12 new file mode 100644 index 000000000..585738ec8 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.pem b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.pem new file mode 100644 index 000000000..81679f826 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: server1.example.org + localKeyID: 5E 7F 83 85 31 F1 CA DC 88 07 2C 58 95 FA 36 16 65 F6 BB 8D +subject=/CN=server1.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAjCCAaygAwIBAgIBZTANBgkqhkiG9w0BAQUFADAzMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzEbMBkGA1UEAxMSY2xpY2EgU2lnbmluZyBDZXJ0MB4XDTEyMTEwMTEy +MzQwMloXDTM4MDEwMTEyMzQwMlowHjEcMBoGA1UEAxMTc2VydmVyMS5leGFtcGxl +Lm9yZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDFIpfEcK4d3IEq3F7B6AIpepZk +mKln9pcCm0RbAxm77YlhHucDzyVu9rmW7XSW/c4Dv3clwzHLpaoF2KURKLZ7AgMB +AAGjgb8wgbwwDgYDVR0PAQH/BAQDAgTwMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB +BggrBgEFBQcDAjAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLmV4YW1wbGUu +b3JnL2xhdGVzdC5jcmwwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRw +Oi8vb3NjcC9leGFtcGxlLm9yZy8wHgYDVR0RBBcwFYITc2VydmVyMS5leGFtcGxl +Lm9yZzANBgkqhkiG9w0BAQUFAANBACfk1MYCSbT2gbaT1Dv9FrMEybkFZtxUfz69 +Gnx/55Wfw936z2en+RImD3qF1qQxUwIMlWGm6SaitfmlQ5qVJ1A= +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.unlocked.key new file mode 100644 index 000000000..1b83abc63 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server1.example.org/server1.example.org.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBPQIBAAJBAMUil8Rwrh3cgSrcXsHoAil6lmSYqWf2lwKbRFsDGbvtiWEe5wPP +JW72uZbtdJb9zgO/dyXDMculqgXYpREotnsCAwEAAQJBAKDzsX4NkduHoV5hNmyT +BNDg6dGQYyAi0QCrzI+SZHxt8ZYksM//or03aXE7xUUAeFmlSQYc9KfhADAB+mL8 +3YECIQDi4Q5nPCDr99odHTguDlTDi9vEEIiY2N7g8jsGAZH6KwIhAN5wME90eCX/ +oIzlAVqCbq9JuO8Zt3lxvqbasOGT3pzxAiEAwXcifhvDAxUGNF9vQa7Mzzca/vUO +VjBQ1kcY18VNAqMCIQCxMe/aK67WnldYRcmZP1RLANB4cCUPcoPsyUOkvzXUEQIh +AJEKAaavDZzn70+xnPw/8QPzHExNxIRtYrxBnc0Kv74r +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem b/test/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem new file mode 100644 index 000000000..35a92fb61 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server2.example.org/ca_chain.pem @@ -0,0 +1,47 @@ +Bag Attributes + friendlyName: Signing Cert +subject=/O=example.org/CN=clica Signing Cert +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- +Bag Attributes + friendlyName: Certificate Authority +subject=/O=example.org/CN=clica CA +issuer=/O=example.org/CN=clica CA +-----BEGIN CERTIFICATE----- +MIIBaTCCAROgAwIBAgIBATANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjApMRQwEgYDVQQKEwtleGFtcGxlLm9yZzERMA8GA1UEAxMIY2xp +Y2EgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxY7JyBAI+e4vb4bz0HcjtE+O +x0nLBB19Kz04yNARj1z/ZvY2c+uvOR3muHROCgFUQxGobP3n2HaTS/cmv2SVPwID +AQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAANBAJLhs/m5Jx4oV++aylcAvIHa0vHSK4eh3zX1HqWwqK9I0/nl +LqwwPgtgHQOpe7nd2g2B9wPZ82i6LiqY76A+9hI= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: server2.example.org + localKeyID: 86 3E B2 BF BC 60 4F 3F C4 EA AA FE 97 44 A9 48 6B 4F C1 77 +subject=/CN=server2.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDNaFw0zODAxMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1bNd+LEj7UV8Riahrn/3TL1n +NwaIvqkqCFscP5ae3dB5rJ8vdfIc0hOzh782zpXxJxYa7S340zjxfgdUzMAeWQID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5vcmcvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5vcmcwDQYJKoZIhvcNAQEFBQADQQBCORy4CO4MMENsEtYwU7xE0Ck5i8VefJ6D +txODMnRUzsthdbfjgXm3BfVPrhOuT0/bIKfyJtoSdCtN1SRPTJxO +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/cert8.db b/test/aux-fixed/exim-ca/example.org/server2.example.org/cert8.db new file mode 100644 index 000000000..2f8358eea Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server2.example.org/cert8.db differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/key3.db b/test/aux-fixed/exim-ca/example.org/server2.example.org/key3.db new file mode 100644 index 000000000..df1625755 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server2.example.org/key3.db differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/pwdfile b/test/aux-fixed/exim-ca/example.org/server2.example.org/pwdfile new file mode 100644 index 000000000..f3097ab13 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server2.example.org/pwdfile @@ -0,0 +1 @@ +password diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/secmod.db b/test/aux-fixed/exim-ca/example.org/server2.example.org/secmod.db new file mode 100644 index 000000000..92af259c1 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server2.example.org/secmod.db differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.chain.pem b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.chain.pem new file mode 100644 index 000000000..5bcc299df --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.chain.pem @@ -0,0 +1,29 @@ +Bag Attributes + friendlyName: server2.example.org + localKeyID: 86 3E B2 BF BC 60 4F 3F C4 EA AA FE 97 44 A9 48 6B 4F C1 77 +subject=/CN=server2.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDNaFw0zODAxMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1bNd+LEj7UV8Riahrn/3TL1n +NwaIvqkqCFscP5ae3dB5rJ8vdfIc0hOzh782zpXxJxYa7S340zjxfgdUzMAeWQID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5vcmcvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5vcmcwDQYJKoZIhvcNAQEFBQADQQBCORy4CO4MMENsEtYwU7xE0Ck5i8VefJ6D +txODMnRUzsthdbfjgXm3BfVPrhOuT0/bIKfyJtoSdCtN1SRPTJxO +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpzCCAVGgAwIBAgIBAjANBgkqhkiG9w0BAQUFADApMRQwEgYDVQQKEwtleGFt +cGxlLm9yZzERMA8GA1UEAxMIY2xpY2EgQ0EwHhcNMTIxMTAxMTIzNDAyWhcNMzgw +MTAxMTIzNDAyWjAzMRQwEgYDVQQKEwtleGFtcGxlLm9yZzEbMBkGA1UEAxMSY2xp +Y2EgU2lnbmluZyBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ2Y6E5WBXQE +zFsWgxK4JXrpPWGEQZ+KNy3iXgmupAA6Yy0umCLu+eGCekkwZ0WfFhhd+Qy7P+qo +F0mre7VDDHECAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYB +Af8CAQAwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxlLm9yZy9s +YXRlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA0EATmemAFFWLNA8natXhFyhrDYmTv8X +PEJ3UVt0DmOMxmEBahIeDfplfTfj/NYvy/on7YCZO7F5PwVY2pNJqm8Tmw== +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.key b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.key new file mode 100644 index 000000000..6f62ee00e --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.key @@ -0,0 +1,15 @@ +Bag Attributes + friendlyName: server2.example.org + localKeyID: 86 3E B2 BF BC 60 4F 3F C4 EA AA FE 97 44 A9 48 6B 4F C1 77 +Key Attributes: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIBpjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIjfdds7UVEY0CAggA +MBQGCCqGSIb3DQMHBAiY22+2lkjkEASCAWDm5MmTuUgMOkSWscoH1Qn/GVM2sawP +TsknGm/HMV+bJlpGLCXwBrAKe6RDC+zlEmGVUSWJoxoPz1qQT9fcooyEFSCS8asN +omSw+8wrxXTSB57b1OqpHoV8VlTT60/sdVV8l9B1Ef/vsdjKB0NDwqUwDVg4Xw32 +wV3Tv8pFRLg3CBCEDeykcJ+FkodSope9UL6E95Ukhae335bTmWsxbrR4IZCUhI2t +/MOLyPnd6huPGlti2SH8PRRnei6TM/O8mH1uUzdSAqxoDA6wV+P6pIDI8GY1k61q +53oeq9ocSJOQ+q3kIyBQlGgApME47hog3sVZ/WsU3r071g9VKhzlFUFPOOkbUR9+ +gl7MDV/r/6IjOAHEaLFBQrnRVKbs93sTtf8pNhIHJLJtTWjDV/nBbiHxsNFIWqGU +ZlH0FU2DENHZqPiLxsfH1J9EmtTiHXgu/naD0m7RbmPm6ffIDPuYPVMw +-----END ENCRYPTED PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.dated.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.dated.resp new file mode 100644 index 000000000..b15606af3 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.dated.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.good.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.good.resp new file mode 100644 index 000000000..8fc3f99e1 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.good.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.req b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.req new file mode 100644 index 000000000..f8731d0c1 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.req differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.revoked.resp b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.revoked.resp new file mode 100644 index 000000000..8fc3f99e1 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.ocsp.revoked.resp differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.p12 b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.p12 new file mode 100644 index 000000000..f2f2fe8a9 Binary files /dev/null and b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.p12 differ diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem new file mode 100644 index 000000000..ed55c33bf --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.pem @@ -0,0 +1,18 @@ +Bag Attributes + friendlyName: server2.example.org + localKeyID: 86 3E B2 BF BC 60 4F 3F C4 EA AA FE 97 44 A9 48 6B 4F C1 77 +subject=/CN=server2.example.org +issuer=/O=example.org/CN=clica Signing Cert +-----BEGIN CERTIFICATE----- +MIICAzCCAa2gAwIBAgICAMkwDQYJKoZIhvcNAQEFBQAwMzEUMBIGA1UEChMLZXhh +bXBsZS5vcmcxGzAZBgNVBAMTEmNsaWNhIFNpZ25pbmcgQ2VydDAeFw0xMjExMDEx +MjM0MDNaFw0zODAxMDExMjM0MDNaMB4xHDAaBgNVBAMTE3NlcnZlcjIuZXhhbXBs +ZS5vcmcwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1bNd+LEj7UV8Riahrn/3TL1n +NwaIvqkqCFscP5ae3dB5rJ8vdfIc0hOzh782zpXxJxYa7S340zjxfgdUzMAeWQID +AQABo4G/MIG8MA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcD +AQYIKwYBBQUHAwIwMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5leGFtcGxl +Lm9yZy9sYXRlc3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +cDovL29zY3AvZXhhbXBsZS5vcmcvMB4GA1UdEQQXMBWCE3NlcnZlcjIuZXhhbXBs +ZS5vcmcwDQYJKoZIhvcNAQEFBQADQQBCORy4CO4MMENsEtYwU7xE0Ck5i8VefJ6D +txODMnRUzsthdbfjgXm3BfVPrhOuT0/bIKfyJtoSdCtN1SRPTJxO +-----END CERTIFICATE----- diff --git a/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key new file mode 100644 index 000000000..38b2718e0 --- /dev/null +++ b/test/aux-fixed/exim-ca/example.org/server2.example.org/server2.example.org.unlocked.key @@ -0,0 +1,9 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIBOwIBAAJBANWzXfixI+1FfEYmoa5/90y9ZzcGiL6pKghbHD+Wnt3QeayfL3Xy +HNITs4e/Ns6V8ScWGu0t+NM48X4HVMzAHlkCAwEAAQJATzDe2+/Y3m5ndR+PvriR +DhEKFKwJNI4/k0UgHLhWOt/+y02ZfO5zhZaLvYG1BQbGKyhypdAGS8QP19xRVjI9 +uQIhAPs7Ql00hIvZvfRMmgh90otggbrWIrkW8Oh10BMFBdkTAiEA2cG+l36A5NAs +PlA7sOlQyFs5F4XNXzEy76vPsGR/pGMCIBjo3UGkjWfYZQ8t8S/aWd/b58EArlyv +u58w3zqjitrlAiEAsJeqlPkGVolsF+zBO6s61AEGv8jG0Ff50twmxgn6abkCIQDJ +pUSYU/YF7bYj5QuHRyemhzDytTQcAB7A4IEWZsSL9A== +-----END RSA PRIVATE KEY----- diff --git a/test/aux-fixed/exim-ca/genall b/test/aux-fixed/exim-ca/genall new file mode 100755 index 000000000..63a3618ee --- /dev/null +++ b/test/aux-fixed/exim-ca/genall @@ -0,0 +1,101 @@ +#!/bin/bash +# + +echo Ensure time is set to 2012/11/01 12:34 +echo use - date -u 110112342012 +echo hit return when ready +read junk +for tld in com org net +do + clica -D example.$tld -p password -B 512 -I -N example.$tld -F -C http://crl.example.$tld/latest.crl -O http://oscp/example.$tld/ + clica -D example.$tld -p password -s 101 -S server1.example.$tld + clica -D example.$tld -p password -s 102 -S revoked1.example.$tld + clica -D example.$tld -p password -s 103 -S expired1.example.$tld -m 1 + clica -D example.$tld -p password -s 201 -S server2.example.$tld + clica -D example.$tld -p password -s 202 -S revoked2.example.$tld + clica -D example.$tld -p password -s 203 -S expired2.example.$tld -m 1 +done + +# and loop again +for tld in com org net +do + CADIR=example.$tld/CA + #give ourselves an OSCP key to work with + pk12util -o $CADIR/OCSP.p12 -n 'OCSP Signer' -d $CADIR -K password -W password + openssl pkcs12 -in $CADIR/OCSP.p12 -passin pass:password -passout pass:password -nodes -nocerts -out $CADIR/OCSP.key + + + # create some index files for the ocsp responder to work with + cat >$CADIR/index.valid.txt <$CADIR/index.revoked.txt <$SPFX.chain.pem + done +done + +echo Please to reset date to now. +echo service ntpdate start +echo +echo Then hit return +read junk + +# Create CRL files in .der and .pem +# empty versions, and ones with the revoked servers +for tld in com org net +do + CADIR=example.$tld/CA + CRLIN=$CADIR/crl.empty.in.txt + DATENOW=`date -u +%Y%m%d%H%M%SZ` + echo "update=$DATENOW " >$CRLIN + crlutil -G -d $CADIR -f $CADIR/pwdfile \ + -n 'Signing Cert' -c $CRLIN -o $CADIR/crl.empty + openssl crl -in $CADIR/crl.empty -inform der -out $CADIR/crl.empty.pem +done +sleep 2 +for tld in com org net +do + CADIR=example.$tld/CA + CRLIN=$CADIR/crl.v2.in.txt + DATENOW=`date -u +%Y%m%d%H%M%SZ` + echo "update=$DATENOW " >$CRLIN + echo "addcert 102 $DATENOW" >>$CRLIN + echo "addcert 202 $DATENOW" >>$CRLIN + crlutil -G -d $CADIR -f $CADIR/pwdfile \ + -n 'Signing Cert' -c $CRLIN -o $CADIR/crl.v2 + openssl crl -in $CADIR/crl.v2 -inform der -out $CADIR/crl.v2.pem +done + +echo "CA, Certificate, CRL and OSCP Response generation complete" diff --git a/test/aux-fixed/ocsp_file.der b/test/aux-fixed/ocsp_file.der new file mode 100644 index 000000000..f629d53e3 Binary files /dev/null and b/test/aux-fixed/ocsp_file.der differ diff --git a/test/confs/0002 b/test/confs/0002 index af680500c..409bd755f 100644 --- a/test/confs/0002 +++ b/test/confs/0002 @@ -15,6 +15,8 @@ gecos_name = CALLER_NAME # ----- Main settings ----- domainlist dlist = *.aa.bb : ^\Nxxx(.*) +domainlist elist = +dlist : ;; +domainlist flist = <; a ; b;;c ; +elist ; 2001:630:212:8:204::b664 ; hostlist hlist = V4NET.11.12.13 : iplsearch;DIR/aux-fixed/0002.iplsearch headers_charset = iso-8859-8 @@ -42,4 +44,20 @@ check_data: warn logwrite = Subject is: "$h_subject:" deny message = reply_address=<$reply_address> +a_ret: + accept message = ($acl_narg) [$acl_arg1] [$acl_arg2] + +a_none: + accept + +a_deny: + deny message = ($acl_narg) [$acl_arg1] [$acl_arg2] + +a_defer: + defer + +a_sub: + require acl = a_none foo bar baz barf + require acl = a_deny "new arg1" $acl_arg1 + # End diff --git a/test/confs/0027 b/test/confs/0027 index 75ccf4ae6..8fe398b47 100644 --- a/test/confs/0027 +++ b/test/confs/0027 @@ -42,6 +42,7 @@ data3: accept local_parts = a.b.c acl_rcpt: + warn set acl_m_1 = ${acl {data}} accept endpass acl = ${tr{$local_part}{:}{\n}} deny message = this message should not occur diff --git a/test/confs/0143 b/test/confs/0143 index c853c8072..ad18789c9 100644 --- a/test/confs/0143 +++ b/test/confs/0143 @@ -18,12 +18,13 @@ domainlist local_domains = test.ex : *.test.ex begin routers -all: +my_main_router: driver = manualroute domains = ! +local_domains route_list = * 127.0.0.1 self = send - transport = smtp + transport = my_smtp + debug_print = router_name <$router_name> no_more @@ -31,10 +32,11 @@ all: begin transports -smtp: +my_smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + debug_print = transport_name <$transport_name> # End diff --git a/test/confs/0227 b/test/confs/0227 index 17f49eb76..06fae3f56 100644 --- a/test/confs/0227 +++ b/test/confs/0227 @@ -28,10 +28,8 @@ check_recipient: deny hosts = V4NET.0.0.1 !verify = sender/callout=no_cache deny hosts = V4NET.0.0.3 - log_message = ($recipient_verify_failure) !verify = recipient/callout=no_cache deny hosts = V4NET.0.0.5 - log_message = ($sender_verify_failure) !verify = sender/callout=no_cache/check_postmaster require verify = sender accept domains = +local_domains diff --git a/test/confs/0325 b/test/confs/0325 index f56b01bd7..5310dcc8d 100644 --- a/test/confs/0325 +++ b/test/confs/0325 @@ -41,7 +41,7 @@ r1: local_parts = lsearch;DIR/aux-fixed/TESTNUM.data data = debug_print = r1: \$domain_data = $domain_data\n\ - r1: \$local_part_data = $local_part_data + $router_name: \$local_part_data = $local_part_data r2: driver = redirect @@ -49,7 +49,7 @@ r2: local_parts = lsearch;DIR/aux-fixed/TESTNUM.data data = debug_print = r2: \$domain_data = $domain_data\n\ - r2: \$local_part_data = $local_part_data + $router_name: \$local_part_data = $local_part_data r3: driver = redirect @@ -57,7 +57,7 @@ r3: local_parts = +test_local_parts data = debug_print = r3: \$domain_data = $domain_data\n\ - r3: \$local_part_data = $local_part_data + $router_name: \$local_part_data = $local_part_data r4: driver = accept @@ -65,7 +65,7 @@ r4: local_parts = +test_local_parts transport = t1 debug_print = r4: \$domain_data = $domain_data\n\ - r4: \$local_part_data = $local_part_data + $router_name: \$local_part_data = $local_part_data # ----- Transports ----- diff --git a/test/confs/0481 b/test/confs/0481 index be3f923dd..212af518d 100644 --- a/test/confs/0481 +++ b/test/confs/0481 @@ -23,6 +23,7 @@ r1: r2: driver = redirect + headers_remove = Remove-Me-Also: headers_remove = Remove-Me: data = $local_part@domain @@ -30,6 +31,7 @@ r3: driver = accept headers_remove = Remove-Me: headers_add = X-Was-Remove-Me: >$h_remove-me:< + headers_add = ${if def:h_remove-me-also {X-Was-Remove-Me-Also: >$h_remove-me-also:<}} transport = t1 diff --git a/test/confs/0496 b/test/confs/0496 index 4bc2fde19..9b03b850f 100644 --- a/test/confs/0496 +++ b/test/confs/0496 @@ -19,11 +19,14 @@ acl_smtp_rcpt = check_rcpt begin acl check_rcpt: - warn message = data1 data1\ndata2 data2 + warn message = data1 data1\ndata2 data2\n + warn message = \n\ndata3\n\ndata4\n\n warn message = :after_received:After-Received: some text\n\ :at_start:At-Start: some text\n\ :at_end: At-End: some text - accept + warn message = data4 + warn add_header = X-multiline: foo\n\tbar + accept logwrite = $headers_added # ----- Routers ----- diff --git a/test/confs/0537 b/test/confs/0537 index b8dec5a30..d273af997 100644 --- a/test/confs/0537 +++ b/test/confs/0537 @@ -10,6 +10,7 @@ spool_directory = DIR/spool log_file_path = DIR/spool/log/%slog gecos_pattern = "" gecos_name = CALLER_NAME +log_selector = +smtp_mailauth # ----- Main settings ----- diff --git a/test/confs/0538 b/test/confs/0538 index 7f89ccc6a..5865e3110 100644 --- a/test/confs/0538 +++ b/test/confs/0538 @@ -38,6 +38,13 @@ r1: route_list = * "<= 127.0.0.1:PORT_S" self = send verify_only + transport = t1 + + +begin transports + +t1: + driver = smtp # End diff --git a/test/confs/0566 b/test/confs/0566 new file mode 100644 index 000000000..83e97fb18 --- /dev/null +++ b/test/confs/0566 @@ -0,0 +1,66 @@ +# Exim test configuration 0566 + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +log_selector = +8bitmime +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +domainlist local_domains = test.ex + +acl_smtp_rcpt = acl_rcpt +acl_smtp_data = acl_data + + +# ------ ACLs ------ + +begin acl + +acl_rcpt: + accept endpass + message = SIZE value too big + condition = ${if > {$message_size}{10000}{no}{yes}} + +acl_data: + accept endpass + message = message too big - \$recipients=$recipients ($recipients_count) + condition = ${if > {$message_size}{10000}{no}{yes}} + + +# ------ Routers ------ + +begin routers + +r1: + driver = dnslookup + domains = ! +local_domains + transport = dev_null + no_more + +r2: + driver = accept + local_parts = userx : postmaster + transport = local_delivery + + +# ------ Transports ------ + +begin transports + +dev_null: + driver = appendfile + file = /dev/null + user = CALLER + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + user = CALLER + +# End diff --git a/test/confs/0567 b/test/confs/0567 new file mode 100644 index 000000000..7348b1fe5 --- /dev/null +++ b/test/confs/0567 @@ -0,0 +1,91 @@ +# Exim test configuration 0532 + +CONNECTCOND= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_smtp_connect = connect +acl_smtp_mail = mail +acl_smtp_rcpt = rcpt +acl_smtp_predata = predata +acl_smtp_data = data +acl_not_smtp = notsmtp + +qualify_domain = test.ex +trusted_users = CALLER + +hostlist internal_headers = x-mail-2 : x-mail-3 + + +# ----- ACL ----- + +begin acl + +connect: + accept CONNECTCOND + +mail: + accept remove_header = x-mail-1 + senders = mailok@test.ex + # Won't work because doesn't expand + remove_header = +internal_headers + accept + +rcpt: + accept local_parts = rcptok + remove_header = x-rcpt-4 : x-rcpt-2 + set acl_m_hdr = x-predata-1 + deny add_header = RCPT: denied $local_part + + +predata: + warn remove_header = x-predata-3 : $acl_m_hdr + # Won't work because doesn't use wildcards + accept remove_header = x-not-* + +data: + warn log_message = Verified previously removed header X-Rcpt-2 + condition = ${if eq{$h_x-rcpt-2:}{}} + warn remove_header = x-data-1 : x-data-4 + condition = ${if eq{$h_cond:}{accept}} + remove_header = x-data-3 + # Won't delete this header because condition fails before the modifier + warn condition = ${if eq{$h_cond:}{reject}} + remove_header = x-data-2 + warn log_message = Verified removed header X-Data-3 in this ACL still visible + condition = ${if !eq{$h_x-data-3:}{}} + accept + +notsmtp: + # Will remove a required header (Date) if told to + accept remove_header = x-notsmtp-1 : date + + +# ----- Routers ----- + +begin routers + +r1: + driver = accept + transport = t1 + + +# ----- Transports ----- + +begin transports + +t1: + driver = appendfile + file = DIR/test-mail/$local_part + user = CALLER + +# End diff --git a/test/confs/0568 b/test/confs/0568 new file mode 100644 index 000000000..dec5b0dbc --- /dev/null +++ b/test/confs/0568 @@ -0,0 +1,70 @@ +# Exim test configuration 0568 +# Recipient callout with AUTH + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_smtp_rcpt = check_rcpt + +queue_only + + +# ----- Authentication ----- + +begin authenticators + +plain: + driver = plaintext + public_name = PLAIN + client_send = ^userx^secret + server_advertise_condition = yes + server_prompts = : + server_condition = yes + server_set_id = $auth2 + + +# ----- ACLs ----- + +begin acl + +check_rcpt: + accept verify = recipient/callout + + +# ----- Routers ----- + +begin routers + +r1: + driver = accept + transport = ${if eq{force}{$domain} {t2}{t1}} + + +# ----- Transports ----- + +begin transports + +t1: + driver = smtp + hosts = 127.0.0.1 + port = PORT_S + allow_localhost + hosts_try_auth = * + +t2: + driver = smtp + hosts = 127.0.0.1 + port = PORT_S + allow_localhost + hosts_try_auth = * + authenticated_sender= brian + +# End diff --git a/test/confs/3401 b/test/confs/3401 index 6406e3178..60b1a4624 100644 --- a/test/confs/3401 +++ b/test/confs/3401 @@ -8,6 +8,7 @@ spool_directory = DIR/spool log_file_path = DIR/spool/log/%slog gecos_pattern = "" gecos_name = CALLER_NAME +log_selector = +smtp_mailauth # ----- Main settings ----- @@ -22,6 +23,7 @@ login: driver = plaintext public_name = LOGIN client_send = : userx : secret + client_set_id = userx plain: driver = plaintext @@ -32,6 +34,7 @@ xlogin: driver = plaintext public_name = XLOGIN client_send = : $auth1 : $auth1+$auth2 + client_set_id = $auth1 # ----- Routers ----- diff --git a/test/confs/3455 b/test/confs/3455 index 274de6316..ab26f43cc 100644 --- a/test/confs/3455 +++ b/test/confs/3455 @@ -36,7 +36,7 @@ plain: server_condition = "\ ${if and {{eq{$2}{userx}}{eq{$3}{secret1}}}{yes}{no}}" server_set_id = $2 - client_condition = ${if !eq {$tls_cipher}{}} + client_condition = ${if !eq {$tls_out_cipher}{}} client_send = ^userx^secret1 login: diff --git a/test/confs/3465 b/test/confs/3465 index adadeb059..161fff526 100644 --- a/test/confs/3465 +++ b/test/confs/3465 @@ -36,7 +36,7 @@ plain: server_condition = "\ ${if and {{eq{$2}{userx}}{eq{$3}{secret1}}}{yes}{no}}" server_set_id = $2 - client_condition = ${if !eq {$tls_cipher}{}} + client_condition = ${if !eq {$tls_out_cipher}{}} client_send = ^userx^secret1 login: diff --git a/test/confs/3600 b/test/confs/3600 index c70fa19d7..fca55ff51 100644 --- a/test/confs/3600 +++ b/test/confs/3600 @@ -39,6 +39,7 @@ spabad: client_password = ${if eq{1}{0}{xxx}fail} client_username = username server_password = ok@test.ex + server_set_id = $auth1 spa: driver = spa @@ -47,6 +48,7 @@ spa: client_username = username server_debug_print = +++SPA \$auth1="$auth1" server_password = ok@test.ex + server_set_id = $auth1 # ----- Routers ----- diff --git a/test/confs/5400 b/test/confs/5400 new file mode 100644 index 000000000..8f2e8b585 --- /dev/null +++ b/test/confs/5400 @@ -0,0 +1,50 @@ +# Exim test configuration 5400 + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +domainlist local_domains = test.ex : *.test.ex + +acl_smtp_rcpt = ar + + +# ----- ACLs ----- + +begin acl + +ar: + accept control = cutthrough_delivery + logwrite = rcpt for $local_part@$domain + +# ----- Routers ----- + +begin routers + +all: + driver = manualroute + domains = ! +local_domains + route_list = * 127.0.0.1 + self = send + transport = smtp + no_more + + +# ----- Transports ----- + +begin transports + +smtp: + driver = smtp + interface = HOSTIPV4 + port = PORT_S + + +# End diff --git a/test/confs/5401 b/test/confs/5401 new file mode 100644 index 000000000..db018a6d4 --- /dev/null +++ b/test/confs/5401 @@ -0,0 +1,50 @@ +# Exim test configuration 5401 + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +domainlist local_domains = test.ex : *.test.ex + +acl_smtp_rcpt = acl_rcpt + +# ----- ACLs ------- + +begin acl + +acl_rcpt: + accept control = cutthrough_delivery + verify = recipient + + +# ----- Routers ----- + +begin routers + +all: + driver = manualroute + domains = ! +local_domains + route_list = * 127.0.0.1 + self = send + transport = smtp + no_more + + +# ----- Transports ----- + +begin transports + +smtp: + driver = smtp + interface = HOSTIPV4 + port = PORT_S + + +# End diff --git a/test/confs/5410 b/test/confs/5410 new file mode 100644 index 000000000..576967cac --- /dev/null +++ b/test/confs/5410 @@ -0,0 +1,59 @@ +# Exim test configuration 5410 + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +log_selector = +smtp_confirmation +tls_advertise_hosts = * +tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} + +domainlist local_domains = test.ex : *.test.ex + +acl_smtp_rcpt = ${if eq {SERVER}{server}{queue}{cutthrough}} + +# ----- ACLs ------- + +begin acl + +cutthrough: + accept control = cutthrough_delivery + verify = recipient + +queue: + accept control = queue_only + +# ----- Routers ----- + +begin routers + +all: + driver = manualroute + domains = ! +local_domains + route_list = * 127.0.0.1 + self = send + address_data = $local_part + transport = smtp + no_more + + +# ----- Transports ----- + +begin transports + +smtp: + driver = smtp + interface = HOSTIPV4 + port = PORT_D + hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}} + hosts_verify_avoid_tls = ${if eq {$address_data}{userz}{*}{:}} + + +# End diff --git a/test/confs/5420 b/test/confs/5420 new file mode 100644 index 000000000..2a7ebda1b --- /dev/null +++ b/test/confs/5420 @@ -0,0 +1,59 @@ +# Exim test configuration 5420 + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +log_selector = +smtp_confirmation +tls_advertise_hosts = * +tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail} + +domainlist local_domains = test.ex : *.test.ex + +acl_smtp_rcpt = ${if eq {SERVER}{server}{queue}{cutthrough}} + +# ----- ACLs ------- + +begin acl + +cutthrough: + accept control = cutthrough_delivery + verify = recipient + +queue: + accept control = queue_only + +# ----- Routers ----- + +begin routers + +all: + driver = manualroute + domains = ! +local_domains + route_list = * 127.0.0.1 + self = send + address_data = $local_part + transport = smtp + no_more + + +# ----- Transports ----- + +begin transports + +smtp: + driver = smtp + interface = HOSTIPV4 + port = PORT_D + hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}} + hosts_verify_avoid_tls = ${if eq {$address_data}{userz}{*}{:}} + + +# End diff --git a/test/confs/5500 b/test/confs/5500 new file mode 100644 index 000000000..1bc830ef4 --- /dev/null +++ b/test/confs/5500 @@ -0,0 +1,66 @@ +# Exim test configuration 5500 +# Server PRDR + +LOG_SELECTOR= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +domainlist local_domains = test.ex : *.test.ex + +LOG_SELECTOR + +qualify_domain = test.ex +trusted_users = CALLER + +prdr_enable = true + +acl_smtp_rcpt = accept +acl_smtp_data_prdr = prdr_acl +acl_smtp_data = data_acl + +# ----- ACLs ----- + +begin acl + +prdr_acl: + defer local_parts = usery + deny local_parts = userz + accept + +data_acl: + deny condition = ${if match {$recipients}{userq}} + accept + +# ----- Transports ----- + +begin transports + +t1: + driver = appendfile + file = DIR/test-mail/$local_part + user = CALLER + +# ----- Routers ----- + +begin routers + +r0: + driver = accept + transport = t1 + +# ----- Retry ----- + +begin retry + +* * F,5d,5m + +# End diff --git a/test/confs/5510 b/test/confs/5510 new file mode 100644 index 000000000..48724213b --- /dev/null +++ b/test/confs/5510 @@ -0,0 +1,62 @@ +# Exim test configuration 5510 +# Client PRDR + +LOG_SELECTOR= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +domainlist local_domains = test.ex : *.test.ex + +LOG_SELECTOR + +qualify_domain = test.ex +trusted_users = CALLER + +prdr_enable = true + +acl_smtp_rcpt = accept +acl_smtp_data = data_acl + +# ----- ACLs ----- + +begin acl + +data_acl: + deny local_parts = usery + accept + +# ----- Transports ----- + +begin transports + +t1: + driver = smtp + hosts = 127.0.0.1 + port = PORT_S + allow_localhost + hosts_try_prdr = * + +# ----- Routers ----- + +begin routers + +r0: + driver = accept + transport = t1 + +# ----- Retry ----- + +begin retry + +* * F,5d,5m + +# End diff --git a/test/confs/5600 b/test/confs/5600 new file mode 100644 index 000000000..8b26ee7fa --- /dev/null +++ b/test/confs/5600 @@ -0,0 +1,66 @@ +# Exim test configuration 5600 +# OCSP stapling, server + +CRL= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = server1.example.com +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_smtp_rcpt = check_recipient + +log_selector = +tls_peerdn + +queue_only +queue_run_in_order + +tls_advertise_hosts = * + +tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem +tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key + +tls_verify_hosts = HOSTIPV4 +tls_try_verify_hosts = * +tls_verify_certificates = DIR/aux-fixed/cert2 +tls_crl = CRL +tls_ocsp_file = OCSP + + +# ------ ACL ------ + +begin acl + +check_recipient: + deny message = certificate not verified: peerdn=$tls_peerdn + ! verify = certificate + accept + + +# ----- Routers ----- + +begin routers + +abc: + driver = accept + retry_use_local_part + transport = local_delivery + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +# End diff --git a/test/confs/5601 b/test/confs/5601 new file mode 100644 index 000000000..5172ff279 --- /dev/null +++ b/test/confs/5601 @@ -0,0 +1,121 @@ +# Exim test configuration 5601 +# OCSP stapling, client + +SERVER = + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = server1.example.com +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/SERVER%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + + +# ----- Main settings ----- + +domainlist local_domains = test.ex : *.test.ex + +acl_smtp_rcpt = check_recipient +log_selector = +tls_peerdn +remote_max_parallel = 1 + +tls_advertise_hosts = * + +# Set certificate only if server + +tls_certificate = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.chain.pem}\ +fail\ +} + +#{DIR/aux-fixed/exim-ca/example.com/CA/CA.pem}\ + +tls_privatekey = ${if eq {SERVER}{server}\ +{DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key}\ +fail} + +tls_ocsp_file = OCSP + + +# ------ ACL ------ + +begin acl + +check_recipient: + accept domains = +local_domains + deny message = relay not permitted + + +# ----- Routers ----- + +begin routers + +client: + driver = accept + condition = ${if eq {SERVER}{server}{no}{yes}} + retry_use_local_part + transport = send_to_server${if eq{$local_part}{nostaple}{1} \ + {${if eq{$local_part}{smtps} {3}{2}}} \ + } + +server: + driver = redirect + data = :blackhole: + #retry_use_local_part + #transport = local_delivery + + +# ----- Transports ----- + +begin transports + +local_delivery: + driver = appendfile + file = DIR/test-mail/$local_part + headers_add = TLS: cipher=$tls_cipher peerdn=$tls_peerdn + user = CALLER + +send_to_server1: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + hosts_require_tls = * +# note no ocsp here + +send_to_server2: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + hosts_require_tls = * + hosts_require_ocsp = * + +send_to_server3: + driver = smtp + allow_localhost + hosts = 127.0.0.1 + port = PORT_D + helo_data = helo.data.changed + #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem + tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem + protocol = smtps + hosts_require_tls = * + hosts_require_ocsp = * + + +# ----- Retry ----- + + +begin retry + +* * F,5d,1s + + +# End diff --git a/test/log/0015 b/test/log/0015 index 7617d7730..9539c0372 100644 --- a/test/log/0015 +++ b/test/log/0015 @@ -24,12 +24,12 @@ 1999-03-02 09:44:33 10HmbD-0005vi-00 => userx R=localuser_b T=local_delivery_b 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbE-0005vi-00 => userx@test.ex R=localuser_s T=delivery_s H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbE-0005vi-00 => userx@test.ex R=localuser_s T=delivery_s H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbF-0005vi-00 => userx R=localuser_sb T=local_delivery_b 1999-03-02 09:44:33 10HmbF-0005vi-00 => userx R=localuser_sb T=local_delivery_b 1999-03-02 09:44:33 10HmbF-0005vi-00 Completed 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbG-0005vi-00 => userx@test.ex R=localuser_ss T=delivery_s H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbG-0005vi-00 => userx@test.ex R=localuser_ss T=delivery_s H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbG-0005vi-00 Completed diff --git a/test/log/0033 b/test/log/0033 index 97b5bc4cb..48618188c 100644 --- a/test/log/0033 +++ b/test/log/0033 @@ -1,12 +1,12 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaX-0005vi-00 => one@remote R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> two@remote R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => one@remote R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> two@remote R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qq -1999-03-02 09:44:33 10HmaY-0005vi-00 => one@remote R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaY-0005vi-00 -> two@remote R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => one@remote R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaY-0005vi-00 -> two@remote R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qq diff --git a/test/log/0036 b/test/log/0036 index fe8d265c3..270cc11b3 100644 --- a/test/log/0036 +++ b/test/log/0036 @@ -1,7 +1,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => abcd@eximtesthost.test.ex R=lookuphost T=send_to_server H=eximtesthost.test.ex [ip4.ip4.ip4.ip4] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx@alias-eximtesthost.test.ex R=lookuphost T=send_to_server H=eximtesthost.test.ex [ip4.ip4.ip4.ip4] +1999-03-02 09:44:33 10HmaX-0005vi-00 => abcd@eximtesthost.test.ex R=lookuphost T=send_to_server H=eximtesthost.test.ex [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx@alias-eximtesthost.test.ex R=lookuphost T=send_to_server H=eximtesthost.test.ex [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/0039 b/test/log/0039 index 4b1bc2878..407b113a3 100644 --- a/test/log/0039 +++ b/test/log/0039 @@ -1,8 +1,8 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 *> newr1@myhost.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] -1999-03-02 09:44:33 10HmaX-0005vi-00 *> newr2@local.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] +1999-03-02 09:44:33 10HmaX-0005vi-00 *> newr1@myhost.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaX-0005vi-00 *> newr2@local.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@qd.text.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 *> newr1@qd.text.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] -1999-03-02 09:44:33 10HmaY-0005vi-00 *> newr2@local.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] +1999-03-02 09:44:33 10HmaY-0005vi-00 *> newr1@qd.text.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaY-0005vi-00 *> newr2@local.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/0055 b/test/log/0055 index f22901b4b..a3f151d45 100644 --- a/test/log/0055 +++ b/test/log/0055 @@ -16,25 +16,25 @@ 1999-03-02 09:44:33 Start queue run: pid=pppp 1999-03-02 09:44:33 End queue run: pid=pppp 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbB-0005vi-00 *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] +1999-03-02 09:44:33 10HmbB-0005vi-00 *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbC-0005vi-00 == xxx@ten-2.test.ex R=lookuphost T=smtp defer (-1): domain matches queue_smtp_domains, or -odqs set 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmbC-0005vi-00 *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] +1999-03-02 09:44:33 10HmbC-0005vi-00 *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qq -1999-03-02 09:44:33 10HmbD-0005vi-00 *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] +1999-03-02 09:44:33 10HmbD-0005vi-00 *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed -1999-03-02 09:44:33 10HmbE-0005vi-00 *> yyy@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] +1999-03-02 09:44:33 10HmbE-0005vi-00 *> yyy@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qq 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbF-0005vi-00 == xxx@ten-2.test.ex R=lookuphost T=smtp defer (-1): domain matches queue_smtp_domains, or -odqs set -1999-03-02 09:44:33 10HmbF-0005vi-00 *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] +1999-03-02 09:44:33 10HmbF-0005vi-00 *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmbF-0005vi-00 Completed 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbG-0005vi-00 == xxx@local.test.ex routing defer (-55): domain is in queue_domains diff --git a/test/log/0100 b/test/log/0100 index 79275dc47..dd69a24c5 100644 --- a/test/log/0100 +++ b/test/log/0100 @@ -17,7 +17,7 @@ 1999-03-02 09:44:33 10HmbC-0005vi-00 => userw R=bsmtp_localuser_filtered T=bsmtp_local_delivery_filtered 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbD-0005vi-00 => userx@domain.com R=rest T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbD-0005vi-00 => userx@domain.com R=rest T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbE-0005vi-00 => userx R=localuser T=local_delivery @@ -45,5 +45,5 @@ 1999-03-02 09:44:33 10HmbL-0005vi-00 => userx R=localuser T=local_delivery 1999-03-02 09:44:33 10HmbL-0005vi-00 Completed 1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbM-0005vi-00 => userx@filtered.com R=filtered T=filtered_smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbM-0005vi-00 => userx@filtered.com R=filtered T=filtered_smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbM-0005vi-00 Completed diff --git a/test/log/0101 b/test/log/0101 index fbd80abc1..431313e7f 100644 --- a/test/log/0101 +++ b/test/log/0101 @@ -11,7 +11,7 @@ 1999-03-02 09:44:33 10HmbA-0005vi-00 => userz R=bsmtp_localuser T=bsmtp_local_delivery 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbB-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbB-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbC-0005vi-00 => userx R=localuser T=local_delivery diff --git a/test/log/0108 b/test/log/0108 index f1c33d299..f949ee3aa 100644 --- a/test/log/0108 +++ b/test/log/0108 @@ -1,12 +1,12 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaX-0005vi-00 *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] -1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] -1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] -1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaY-0005vi-00 *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/0143 b/test/log/0143 index eae5631df..1f177b3d3 100644 --- a/test/log/0143 +++ b/test/log/0143 @@ -1,3 +1,3 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=my_main_router T=my_smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/0177 b/test/log/0177 index 40c297057..bbe8a089e 100644 --- a/test/log/0177 +++ b/test/log/0177 @@ -51,6 +51,6 @@ 1999-03-02 09:44:33 10HmbG-0005vi-00 Frozen 1999-03-02 09:44:33 Start queue run: pid=pppp -qqff -R userz 1999-03-02 09:44:33 10HmbG-0005vi-00 Unfrozen by forced delivery -1999-03-02 09:44:33 10HmbG-0005vi-00 => userx@non.local.domain R=all_R T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbG-0005vi-00 => userx@non.local.domain R=all_R T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbG-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqff -R userz diff --git a/test/log/0179 b/test/log/0179 index c4d302a4a..87ad7dc65 100644 --- a/test/log/0179 +++ b/test/log/0179 @@ -1,8 +1,8 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]:1224 +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]:1224 C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]:1224* +1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1]:1224* C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/0185 b/test/log/0185 index 5419e3eb8..7a46b5277 100644 --- a/test/log/0185 +++ b/test/log/0185 @@ -3,6 +3,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 Frozen 1999-03-02 09:44:33 Start queue run: pid=pppp -qqff -R usery 1999-03-02 09:44:33 10HmaX-0005vi-00 Unfrozen by forced delivery -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@non.local.domain R=all_R T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@non.local.domain R=all_R T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqff -R usery diff --git a/test/log/0190 b/test/log/0190 index 0b6762503..744abb777 100644 --- a/test/log/0190 +++ b/test/log/0190 @@ -1,15 +1,15 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=domainx T=smtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain2 R=domainx T=smtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain3 R=domainx T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=domainx T=smtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain2 R=domainx T=smtp H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain3 R=domainx T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@adomain1 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaY-0005vi-00 -> userx@adomain2 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@adomain3 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@adomain1 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaY-0005vi-00 -> userx@adomain2 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@adomain3 R=r2 T=smtp3 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@bdomain1 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] -1999-03-02 09:44:33 10HmaZ-0005vi-00 -> userx@bdomain2 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] -1999-03-02 09:44:33 10HmaZ-0005vi-00 -> userx@bdomain3 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@bdomain1 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 -> userx@bdomain2 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 -> userx@bdomain3 R=r3 T=smtp2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed diff --git a/test/log/0191 b/test/log/0191 index e6b4200c4..b2b3160fd 100644 --- a/test/log/0191 +++ b/test/log/0191 @@ -1,3 +1,3 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/0203 b/test/log/0203 index 372fc758e..8c11047c4 100644 --- a/test/log/0203 +++ b/test/log/0203 @@ -1,7 +1,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 ** userx@domain1 R=others T=smtp: SMTP error from remote mail server after MAIL FROM:: host 127.0.0.1 [127.0.0.1]: 550 Don't like that sender 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> R=10HmaY-0005vi-00 U=EXIMUSER P=local S=sss diff --git a/test/log/0209 b/test/log/0209 index 696834136..7d3c22cc5 100644 --- a/test/log/0209 +++ b/test/log/0209 @@ -18,7 +18,7 @@ 1999-03-02 09:44:33 10HmbA-0005vi-00 == usery@domain1 R=others T=smtp defer (0): SMTP delivery explicitly queued 1999-03-02 09:44:33 Start queue run: pid=pppp 1999-03-02 09:44:33 10HmaZ-0005vi-00 == userx@domain1 R=others T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 450 Temporary error -1999-03-02 09:44:33 10HmaZ-0005vi-00 => usery@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => usery@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbA-0005vi-00 == userx@domain1 routing defer (-51): retry time not reached 1999-03-02 09:44:33 10HmbA-0005vi-00 == usery@domain1 R=others T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 450 Temporary error 1999-03-02 09:44:33 10HmbA-0005vi-00 == userx@domain1 routing defer (-51): retry time not reached diff --git a/test/log/0210 b/test/log/0210 index 0efd3a07c..a330ea5dc 100644 --- a/test/log/0210 +++ b/test/log/0210 @@ -1,5 +1,5 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= <> U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 => file R=file T=bsmtp_local_delivery 1999-03-02 09:44:33 10HmaX-0005vi-00 => pipe R=pipe T=bsmtp_pipe_delivery -1999-03-02 09:44:33 10HmaX-0005vi-00 => smtp@test.ex R=smtp T=bsmtp_smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => smtp@test.ex R=smtp T=bsmtp_smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/0215 b/test/log/0215 index 9dc3aaf90..317478108 100644 --- a/test/log/0215 +++ b/test/log/0215 @@ -1,11 +1,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 == userxx@myhost.test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 440 Temporary error 1999-03-02 09:44:33 10HmaY-0005vi-00 ** userxy@myhost.test.ex F= R=smartuser T=lmtp: LMTP error after DATA: 550 Bad user -1999-03-02 09:44:33 10HmaY-0005vi-00 -> userxz@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 -> userxz@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 == useryx@myhost.test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 440 Temporary error 1999-03-02 09:44:33 10HmaY-0005vi-00 ** useryy@myhost.test.ex F= R=smartuser T=lmtp: LMTP error after DATA: 550 Bad user 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> R=10HmaY-0005vi-00 U=EXIMUSER P=local S=sss @@ -14,10 +14,10 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 removed by CALLER 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbA-0005vi-00 == userxx@myhost.test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 440 Temporary error 1999-03-02 09:44:33 10HmbA-0005vi-00 ** userxy@myhost.test.ex F= R=smartuser T=lmtp: LMTP error after DATA: 550-I don't like this user\n550 Bad user -1999-03-02 09:44:33 10HmbA-0005vi-00 -> userxz@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbA-0005vi-00 -> userxz@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250-This one's OK\\n250 OK" 1999-03-02 09:44:33 10HmbA-0005vi-00 == useryx@myhost.test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 440-Here's a whole long message, in several lines,\n440-just for testing that nothing breaks when\n440-we do this\n440 Temporary error 1999-03-02 09:44:33 10HmbA-0005vi-00 ** useryy@myhost.test.ex F= R=smartuser T=lmtp: LMTP error after DATA: 550 Bad user 1999-03-02 09:44:33 10HmbB-0005vi-00 <= <> R=10HmbA-0005vi-00 U=EXIMUSER P=local S=sss @@ -30,20 +30,20 @@ 1999-03-02 09:44:33 10HmbC-0005vi-00 == userxx@myhost.test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 440 Temporary error 1999-03-02 09:44:33 10HmbC-0005vi-00 == userxy@myhost.test.ex R=smartuser T=lmtp defer (-44): SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 450 Receiver temporarily bad 1999-03-02 09:44:33 10HmbC-0005vi-00 ** userxz@myhost.test.ex F= R=smartuser T=lmtp: LMTP error after DATA: 550-I don't like this user\n550 Bad user -1999-03-02 09:44:33 10HmbC-0005vi-00 => useryx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbC-0005vi-00 => useryx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250-This one's OK\\n250 OK" 1999-03-02 09:44:33 10HmbC-0005vi-00 ** useryy@myhost.test.ex F= R=smartuser T=lmtp: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Receiver BAD 1999-03-02 09:44:33 10HmbD-0005vi-00 <= <> R=10HmbC-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmbD-0005vi-00 => :blackhole: R=bounces 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbE-0005vi-00 => userxx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmbE-0005vi-00 -> userxy@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmbE-0005vi-00 -> userxz@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbE-0005vi-00 => userxx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmbE-0005vi-00 -> userxy@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmbE-0005vi-00 -> userxz@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbE-0005vi-00 Completed 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbF-0005vi-00 => userxx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmbF-0005vi-00 -> userxy@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmbF-0005vi-00 -> userxz@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbF-0005vi-00 => userxx@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmbF-0005vi-00 -> userxy@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmbF-0005vi-00 -> userxz@myhost.test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbF-0005vi-00 Completed 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbG-0005vi-00 == userx@myhost.test.ex R=smartuser T=lmtp defer (-44): SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 450 LATER diff --git a/test/log/0216 b/test/log/0216 index 9a3ff4e79..edafdffc9 100644 --- a/test/log/0216 +++ b/test/log/0216 @@ -1,504 +1,504 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => a000@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a001@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a002@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a003@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a004@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a005@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a006@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a007@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a008@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a009@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a010@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a011@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a012@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a013@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a014@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a015@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a016@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a017@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a018@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a019@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a020@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a021@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a022@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a023@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a024@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a025@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a026@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a027@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a028@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a029@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a030@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a031@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a032@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a033@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a034@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a035@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a036@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a037@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a038@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a039@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a040@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a041@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a042@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a043@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a044@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a045@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a046@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a047@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a048@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a049@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a050@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a051@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a052@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a053@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a054@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a055@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a056@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a057@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a058@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a059@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a060@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a061@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a062@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a063@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a064@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a065@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a066@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a067@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a068@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a069@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a070@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a071@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a072@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a073@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a074@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a075@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a076@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a077@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a078@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a079@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a080@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a081@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a082@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a083@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a084@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a085@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a086@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a087@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a088@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a089@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a090@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a091@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a092@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a093@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a094@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a095@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a096@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a097@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a098@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a099@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a100@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a101@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a102@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a103@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a104@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a105@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a106@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a107@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a108@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a109@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a110@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a111@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a112@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a113@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a114@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a115@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a116@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a117@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a118@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a119@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a120@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a121@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a122@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a123@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a124@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a125@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a126@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a127@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a128@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a129@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a130@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a131@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a132@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a133@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a134@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a135@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a136@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a137@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a138@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a139@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a140@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a141@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a142@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a143@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a144@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a145@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a146@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a147@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a148@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a149@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a150@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a151@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a152@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a153@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a154@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a155@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a156@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a157@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a158@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a159@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a160@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a161@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a162@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a163@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a164@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a165@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a166@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a167@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a168@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a169@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a170@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a171@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a172@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a173@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a174@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a175@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a176@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a177@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a178@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a179@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a180@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a181@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a182@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a183@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a184@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a185@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a186@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a187@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a188@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a189@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a190@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a191@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a192@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a193@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a194@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a195@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a196@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a197@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a198@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a199@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a200@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a201@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a202@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a203@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a204@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a205@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a206@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a207@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a208@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a209@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a210@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a211@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a212@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a213@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a214@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a215@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a216@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a217@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a218@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a219@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a220@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a221@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a222@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a223@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a224@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a225@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a226@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a227@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a228@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a229@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a230@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a231@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a232@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a233@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a234@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a235@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a236@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a237@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a238@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a239@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a240@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a241@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a242@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a243@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a244@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a245@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a246@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a247@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a248@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a249@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a250@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a251@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a252@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a253@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a254@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a255@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a256@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a257@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a258@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a259@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a260@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a261@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a262@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a263@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a264@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a265@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a266@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a267@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a268@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a269@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a270@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a271@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a272@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a273@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a274@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a275@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a276@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a277@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a278@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a279@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a280@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a281@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a282@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a283@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a284@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a285@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a286@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a287@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a288@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a289@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a290@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a291@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a292@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a293@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a294@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a295@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a296@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a297@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a298@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a299@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a300@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a301@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a302@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a303@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a304@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a305@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a306@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a307@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a308@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a309@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a310@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a311@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a312@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a313@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a314@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a315@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a316@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a317@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a318@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a319@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a320@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a321@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a322@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a323@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a324@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a325@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a326@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a327@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a328@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a329@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a330@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a331@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a332@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a333@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a334@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a335@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a336@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a337@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a338@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a339@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a340@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a341@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a342@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a343@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a344@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a345@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a346@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a347@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a348@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a349@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a350@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a351@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a352@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a353@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a354@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a355@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a356@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a357@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a358@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a359@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a360@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a361@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a362@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a363@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a364@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a365@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a366@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a367@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a368@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a369@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a370@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a371@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a372@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a373@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a374@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a375@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a376@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a377@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a378@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a379@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a380@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a381@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a382@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a383@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a384@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a385@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a386@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a387@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a388@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a389@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a390@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a391@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a392@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a393@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a394@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a395@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a396@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a397@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a398@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a399@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a400@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a401@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a402@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a403@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a404@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a405@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a406@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a407@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a408@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a409@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a410@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a411@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a412@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a413@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a414@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a415@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a416@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a417@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a418@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a419@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a420@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a421@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a422@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a423@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a424@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a425@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a426@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a427@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a428@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a429@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a430@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a431@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a432@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a433@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a434@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a435@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a436@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a437@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a438@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a439@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a440@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a441@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a442@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a443@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a444@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a445@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a446@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a447@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a448@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a449@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a450@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a451@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a452@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a453@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a454@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a455@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a456@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a457@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a458@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a459@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a460@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a461@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a462@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a463@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a464@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a465@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a466@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a467@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a468@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a469@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a470@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a471@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a472@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a473@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a474@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a475@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a476@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a477@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a478@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a479@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a480@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a481@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a482@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a483@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a484@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a485@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a486@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a487@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a488@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a489@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a490@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a491@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a492@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a493@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a494@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a495@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a496@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a497@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a498@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a499@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => a000@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a001@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a002@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a003@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a004@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a005@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a006@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a007@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a008@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a009@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a010@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a011@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a012@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a013@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a014@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a015@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a016@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a017@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a018@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a019@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a020@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a021@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a022@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a023@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a024@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a025@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a026@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a027@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a028@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a029@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a030@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a031@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a032@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a033@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a034@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a035@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a036@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a037@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a038@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a039@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a040@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a041@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a042@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a043@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a044@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a045@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a046@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a047@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a048@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a049@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a050@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a051@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a052@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a053@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a054@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a055@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a056@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a057@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a058@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a059@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a060@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a061@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a062@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a063@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a064@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a065@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a066@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a067@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a068@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a069@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a070@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a071@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a072@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a073@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a074@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a075@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a076@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a077@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a078@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a079@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a080@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a081@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a082@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a083@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a084@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a085@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a086@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a087@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a088@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a089@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a090@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a091@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a092@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a093@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a094@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a095@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a096@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a097@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a098@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a099@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a100@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a101@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a102@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a103@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a104@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a105@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a106@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a107@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a108@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a109@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a110@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a111@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a112@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a113@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a114@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a115@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a116@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a117@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a118@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a119@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a120@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a121@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a122@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a123@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a124@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a125@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a126@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a127@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a128@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a129@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a130@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a131@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a132@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a133@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a134@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a135@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a136@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a137@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a138@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a139@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a140@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a141@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a142@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a143@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a144@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a145@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a146@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a147@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a148@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a149@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a150@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a151@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a152@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a153@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a154@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a155@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a156@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a157@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a158@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a159@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a160@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a161@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a162@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a163@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a164@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a165@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a166@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a167@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a168@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a169@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a170@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a171@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a172@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a173@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a174@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a175@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a176@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a177@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a178@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a179@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a180@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a181@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a182@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a183@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a184@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a185@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a186@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a187@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a188@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a189@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a190@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a191@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a192@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a193@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a194@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a195@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a196@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a197@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a198@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a199@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a200@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a201@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a202@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a203@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a204@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a205@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a206@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a207@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a208@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a209@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a210@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a211@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a212@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a213@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a214@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a215@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a216@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a217@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a218@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a219@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a220@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a221@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a222@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a223@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a224@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a225@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a226@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a227@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a228@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a229@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a230@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a231@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a232@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a233@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a234@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a235@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a236@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a237@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a238@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a239@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a240@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a241@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a242@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a243@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a244@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a245@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a246@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a247@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a248@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a249@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a250@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a251@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a252@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a253@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a254@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a255@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a256@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a257@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a258@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a259@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a260@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a261@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a262@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a263@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a264@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a265@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a266@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a267@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a268@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a269@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a270@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a271@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a272@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a273@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a274@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a275@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a276@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a277@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a278@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a279@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a280@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a281@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a282@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a283@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a284@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a285@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a286@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a287@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a288@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a289@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a290@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a291@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a292@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a293@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a294@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a295@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a296@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a297@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a298@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a299@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a300@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a301@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a302@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a303@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a304@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a305@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a306@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a307@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a308@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a309@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a310@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a311@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a312@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a313@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a314@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a315@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a316@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a317@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a318@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a319@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a320@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a321@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a322@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a323@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a324@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a325@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a326@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a327@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a328@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a329@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a330@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a331@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a332@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a333@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a334@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a335@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a336@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a337@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a338@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a339@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a340@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a341@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a342@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a343@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a344@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a345@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a346@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a347@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a348@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a349@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a350@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a351@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a352@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a353@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a354@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a355@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a356@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a357@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a358@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a359@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a360@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a361@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a362@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a363@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a364@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a365@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a366@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a367@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a368@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a369@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a370@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a371@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a372@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a373@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a374@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a375@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a376@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a377@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a378@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a379@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a380@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a381@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a382@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a383@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a384@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a385@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a386@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a387@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a388@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a389@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a390@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a391@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a392@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a393@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a394@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a395@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a396@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a397@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a398@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a399@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a400@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a401@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a402@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a403@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a404@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a405@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a406@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a407@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a408@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a409@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a410@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a411@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a412@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a413@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a414@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a415@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a416@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a417@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a418@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a419@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a420@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a421@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a422@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a423@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a424@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a425@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a426@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a427@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a428@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a429@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a430@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a431@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a432@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a433@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a434@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a435@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a436@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a437@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a438@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a439@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a440@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a441@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a442@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a443@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a444@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a445@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a446@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a447@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a448@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a449@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a450@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a451@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a452@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a453@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a454@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a455@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a456@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a457@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a458@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a459@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a460@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a461@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a462@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a463@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a464@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a465@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a466@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a467@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a468@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a469@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a470@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a471@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a472@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a473@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a474@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a475@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a476@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a477@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a478@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a479@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a480@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a481@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a482@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a483@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a484@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a485@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a486@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a487@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a488@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a489@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a490@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a491@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a492@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a493@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a494@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a495@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a496@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a497@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a498@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a499@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed ******** SERVER ******** diff --git a/test/log/0217 b/test/log/0217 index c4e582c90..34a826b3b 100644 --- a/test/log/0217 +++ b/test/log/0217 @@ -1,8 +1,8 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 == b@test.ex R=client T=send_to_server defer (-44): SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 451 Temp error 1999-03-02 09:44:33 10HmaX-0005vi-00 ** c@test.ex R=client T=send_to_server: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Perm error -1999-03-02 09:44:33 10HmaX-0005vi-00 -> d@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 -> d@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 ** CALLER@test.ex R=bounce: just discard 1999-03-02 09:44:33 10HmaY-0005vi-00 CALLER@test.ex: error ignored @@ -120,8 +120,8 @@ 1999-03-02 09:44:33 10HmbO-0005vi-00 CALLER@test.ex: error ignored 1999-03-02 09:44:33 10HmbO-0005vi-00 Completed 1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbP-0005vi-00 => w@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmbP-0005vi-00 -> x@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmbP-0005vi-00 -> y@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmbP-0005vi-00 -> z@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbP-0005vi-00 => w@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmbP-0005vi-00 -> x@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmbP-0005vi-00 -> y@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmbP-0005vi-00 -> z@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbP-0005vi-00 Completed diff --git a/test/log/0218 b/test/log/0218 index 15cea9f82..e246b2c84 100644 --- a/test/log/0218 +++ b/test/log/0218 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qq -1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => b@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* +1999-03-02 09:44:33 10HmaY-0005vi-00 => b@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qq 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss @@ -23,6 +23,6 @@ 1999-03-02 09:44:33 10HmbA-0005vi-00 ** b@test.ex F= R=client T=send_to_server: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Unknown 1999-03-02 09:44:33 10HmbD-0005vi-00 <= <> R=10HmbA-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmbC-0005vi-00 => c@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* +1999-03-02 09:44:33 10HmbC-0005vi-00 => c@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK" 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/0227 b/test/log/0227 index b976ec2c8..ca551b3c7 100644 --- a/test/log/0227 +++ b/test/log/0227 @@ -6,15 +6,15 @@ 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550-Multiline error for <>\n550 Here's the second line 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : (recipient): response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : (recipient): response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second 1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= temporarily rejected RCPT : Could not complete recipient verify callout 1999-03-02 09:44:33 10HmaX-0005vi-00 H=[V4NET.0.0.4] U=root F= rejected after DATA: there is no valid sender in any header line 1999-03-02 09:44:33 10HmaY-0005vi-00 H=[V4NET.0.0.4] U=root F= rejected after DATA: there is no valid sender in any header line 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= rejected RCPT : relay not permitted 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Don't like postmaster -1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= rejected RCPT : (postmaster): Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : (recipient): response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked +1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= rejected RCPT : Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : response to "initial connection" from 127.0.0.1 [127.0.0.1] was: connection dropped 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : could not connect to 127.0.0.1 [127.0.0.1]: Connection refused diff --git a/test/log/0231 b/test/log/0231 index 352b0767f..d3e0e6691 100644 --- a/test/log/0231 +++ b/test/log/0231 @@ -1,8 +1,8 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 => a R=rewrite2 T=local_delivery_rewrite 1999-03-02 09:44:33 10HmaX-0005vi-00 => b R=no_rewrite T=local_delivery -1999-03-02 09:44:33 10HmaX-0005vi-00 => a@domain1 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@domain1 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> a@domain3 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@domain3 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@domain1 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@domain1 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> a@domain3 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@domain3 R=rewrite1 T=smtp_rewrite H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/0242 b/test/log/0242 index a47e33ba2..d77376976 100644 --- a/test/log/0242 +++ b/test/log/0242 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => abc@x.y.z R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => abc@x.y.z R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => abc@x.y.z R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => abc@x.y.z R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/0253 b/test/log/0253 index 833b791f5..527cb1a83 100644 --- a/test/log/0253 +++ b/test/log/0253 @@ -5,8 +5,8 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 => userx P= R=r2 T=t2 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= pqr@x.y.z U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@myhost.test.ex P= R=r3 T=t3 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaZ-0005vi-00 => phil@myhost.test.ex P= R=r3 T=t3 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@myhost.test.ex P= R=r3 T=t3 H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => phil@myhost.test.ex P= R=r3 T=t3 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaZ-0005vi-00 ** fail@myhost.test.ex P= R=r3 T=t3: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK 1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> R=10HmaZ-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmbA-0005vi-00 => lmn P=<> R=r0 T=t0 diff --git a/test/log/0261 b/test/log/0261 index a2cd72715..c3b7875d2 100644 --- a/test/log/0261 +++ b/test/log/0261 @@ -2,7 +2,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return2@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == no.hosts@test.ex R=no_hosts T=no_hosts defer (-1): no_hosts transport called with no hosts set -1999-03-02 09:44:33 10HmaX-0005vi-00 *> userx@test.ex R=good T=remote_delivery H=V4NET.0.0.1 [V4NET.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 *> userx@test.ex R=good T=remote_delivery H=V4NET.0.0.1 [V4NET.0.0.1] C="delivery bypassed by -N option" 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return2@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found "" diff --git a/test/log/0285 b/test/log/0285 index 53d979009..b0c90f109 100644 --- a/test/log/0285 +++ b/test/log/0285 @@ -1,11 +1,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 ** c@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK 1999-03-02 09:44:33 10HmaX-0005vi-00 ** d@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK -1999-03-02 09:44:33 10HmaX-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=bounces 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed @@ -13,14 +13,14 @@ 1999-03-02 09:44:33 End queue run: pid=pppp 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaZ-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaZ-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaZ-0005vi-00 ** c@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK 1999-03-02 09:44:33 10HmaZ-0005vi-00 ** d@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK -1999-03-02 09:44:33 10HmaZ-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaZ-0005vi-00 -> f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaZ-0005vi-00 => g@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaZ-0005vi-00 -> h@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 -> f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => g@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 -> h@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> R=10HmaZ-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=bounces 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed diff --git a/test/log/0286 b/test/log/0286 index 955ebd9d5..52e28a4f8 100644 --- a/test/log/0286 +++ b/test/log/0286 @@ -1,11 +1,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> b@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 ** c@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK 1999-03-02 09:44:33 10HmaX-0005vi-00 ** d@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK -1999-03-02 09:44:33 10HmaX-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 => f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => e@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 => f@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp @@ -17,12 +17,12 @@ 1999-03-02 09:44:33 Start queue run: pid=pppp 1999-03-02 09:44:33 10HmaZ-0005vi-00 ** a@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK 1999-03-02 09:44:33 10HmaZ-0005vi-00 ** b@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK -1999-03-02 09:44:33 10HmaZ-0005vi-00 => c@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaZ-0005vi-00 -> d@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => c@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 -> d@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaZ-0005vi-00 ** e@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK 1999-03-02 09:44:33 10HmaZ-0005vi-00 ** f@test.ex R=all T=smtp: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 Recipient not OK -1999-03-02 09:44:33 10HmaZ-0005vi-00 => g@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaZ-0005vi-00 -> h@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => g@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 -> h@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> R=10HmaZ-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp diff --git a/test/log/0288 b/test/log/0288 index 172a19743..6e082602a 100644 --- a/test/log/0288 +++ b/test/log/0288 @@ -1,5 +1,5 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp 1999-03-02 09:44:33 10HmaX-0005vi-00 == b@test.ex R=all T=smtp defer (-53): connection limit reached for all hosts -1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 End queue run: pid=pppp diff --git a/test/log/0292 b/test/log/0292 index 287211b03..1bef1211f 100644 --- a/test/log/0292 +++ b/test/log/0292 @@ -1,4 +1,4 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 *> userx@t1 R=r1 T=t1 H=host.1:host.2 -1999-03-02 09:44:33 10HmaX-0005vi-00 *> userx@t2 R=r2 T=t2 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 *> userx@t2 R=r2 T=t2 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/0299 b/test/log/0299 index 1fbf199c4..4a154fbc6 100644 --- a/test/log/0299 +++ b/test/log/0299 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 => abc R=r1 T=t1 S=sss ST=t3 -1999-03-02 09:44:33 10HmaX-0005vi-00 => xyz1@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> xyz2@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 => xyz3@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => xyz1@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> xyz2@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 => xyz3@ex.test R=r2 T=t2 S=sss H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/0315 b/test/log/0315 index ce376e571..d6d0f507b 100644 --- a/test/log/0315 +++ b/test/log/0315 @@ -1,8 +1,8 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 *> x@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 *> y@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 *> x@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaX-0005vi-00 *> y@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 *> x@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] -1999-03-02 09:44:33 10HmaY-0005vi-00 *> y@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] +1999-03-02 09:44:33 10HmaY-0005vi-00 *> x@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaY-0005vi-00 *> y@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/0332 b/test/log/0332 index 7ed51c79b..d83deb12c 100644 --- a/test/log/0332 +++ b/test/log/0332 @@ -4,9 +4,9 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@test.again.dns R=r2 defer (-1): host lookup did not complete 1999-03-02 09:44:33 10HmaY-0005vi-00 == ok@no.delay R=r1 T=t1 defer (0): SMTP delivery explicitly queued 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@test.again.dns routing defer (-51): reusing SMTP connection skips previous routing defer -1999-03-02 09:44:33 10HmaY-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* +1999-03-02 09:44:33 10HmaY-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@test.again.dns routing defer (-51): retry time not reached 1999-03-02 09:44:33 End queue run: pid=pppp diff --git a/test/log/0333 b/test/log/0333 index 6f211be3f..af0411fad 100644 --- a/test/log/0333 +++ b/test/log/0333 @@ -3,7 +3,7 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@test.again.dns R=r2 defer (-1): host lookup did not complete 1999-03-02 09:44:33 10HmaY-0005vi-00 == ok@no.delay R=r1 T=t1 defer (0): SMTP delivery explicitly queued -1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@test.again.dns routing defer (-51): reusing SMTP connection skips previous routing defer -1999-03-02 09:44:33 10HmaY-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* +1999-03-02 09:44:33 10HmaY-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK" diff --git a/test/log/0341 b/test/log/0341 index b97095e1a..39e7ee8af 100644 --- a/test/log/0341 +++ b/test/log/0341 @@ -6,8 +6,8 @@ 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@xxx R=remote T=send_to_server H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaY-0005vi-00 -> usery@xxx R=remote T=send_to_server H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@xxx R=remote T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 -> usery@xxx R=remote T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/0360 b/test/log/0360 index c1c327ae4..263e97f5d 100644 --- a/test/log/0360 +++ b/test/log/0360 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 == defer@test.ex R=r2 defer (-1): Forcibly deferred -1999-03-02 09:44:33 10HmaX-0005vi-00 *> unknown@recurse.test.ex.test.ex R=r1 T=t1 H=recurse.test.ex.test.ex [V4NET.99.0.2] +1999-03-02 09:44:33 10HmaX-0005vi-00 *> unknown@recurse.test.ex.test.ex R=r1 T=t1 H=recurse.test.ex.test.ex [V4NET.99.0.2] C="delivery bypassed by -N option" 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 == defer@test.ex R=r2 defer (-1): Forcibly deferred 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/0363 b/test/log/0363 index 8587d59dc..a08dd8af9 100644 --- a/test/log/0363 +++ b/test/log/0363 @@ -1,3 +1,3 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => aa@bb R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => aa@bb R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/0367 b/test/log/0367 index e692532ee..f75a20173 100644 --- a/test/log/0367 +++ b/test/log/0367 @@ -3,12 +3,12 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]* +1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]* C="250 OK" 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]* +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]* C="250 OK" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]* +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain1 R=others T=smtp H=127.0.0.1 [127.0.0.1]* C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/0374 b/test/log/0374 index ee8934eb0..b3a840018 100644 --- a/test/log/0374 +++ b/test/log/0374 @@ -8,7 +8,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 => a1 R=u1 T=ut1 1999-03-02 09:44:33 10HmaX-0005vi-00 ** b1@myhost.test.ex R=ut2 T=ut2: Child process of ut2 transport returned 127 (could mean unable to exec or command does not exist) from command: /non/existent/file 1999-03-02 09:44:33 10HmaX-0005vi-00 == c1@myhost.test.ex R=ut3 T=ut3 defer (0): Child process of ut3 transport returned 127 (could mean unable to exec or command does not exist) from command: /non/existent/file -1999-03-02 09:44:33 10HmaX-0005vi-00 => d1@myhost.test.ex R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => d1@myhost.test.ex R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 == d2@myhost.test.ex R=ut4 T=ut4 defer (-44): SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 450 soft error 1999-03-02 09:44:33 10HmaX-0005vi-00 ** d3@myhost.test.ex R=ut4 T=ut4: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 hard error 1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss diff --git a/test/log/0431 b/test/log/0431 index a8a6ef2dc..74f80cb4a 100644 --- a/test/log/0431 +++ b/test/log/0431 @@ -1,10 +1,10 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => xxx@a.b R=r1 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> xxx@a.b R=r2 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => xxx@a.b R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> xxx@a.b R=r2 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => pre-xxx@a.b R=r1 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaY-0005vi-00 -> xxx+post@a.b R=r2 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => pre-xxx@a.b R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaY-0005vi-00 -> xxx+post@a.b R=r2 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaZ-0005vi-00 => xxx R=r3 T=t2 diff --git a/test/log/0440 b/test/log/0440 index 610565ace..1c9077873 100644 --- a/test/log/0440 +++ b/test/log/0440 @@ -5,10 +5,10 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaZ-0005vi-00 == x3@y3 R=r1 T=t1 defer (0): SMTP delivery explicitly queued 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaX-0005vi-00 => x1@y1 R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => x1@y1 R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 => x3@y3 R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* +1999-03-02 09:44:33 10HmaZ-0005vi-00 => x3@y3 R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => x2@y2 R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* +1999-03-02 09:44:33 10HmaY-0005vi-00 => x2@y2 R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp diff --git a/test/log/0461 b/test/log/0461 index 9d6f352ad..db36aa5ee 100644 --- a/test/log/0461 +++ b/test/log/0461 @@ -1,14 +1,14 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 V4NET.0.0.1 [V4NET.0.0.1] Network Error -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 V4NET.0.0.1 [V4NET.0.0.1] Network Error -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaZ-0005vi-00 V4NET.0.0.1 [V4NET.0.0.1] Network Error -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbA-0005vi-00 ** userx@test.ex R=r1 T=t1: retry time not reached for any host after a long failure period diff --git a/test/log/0467 b/test/log/0467 index c18e25278..acacb7525 100644 --- a/test/log/0467 +++ b/test/log/0467 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 *> x@srv01.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]:25 +1999-03-02 09:44:33 10HmaX-0005vi-00 *> x@srv01.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]:25 C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 *> x@srv03.test.ex R=r1 T=t1 H=ten-4.test.ex [V4NET.0.0.4]:88 +1999-03-02 09:44:33 10HmaY-0005vi-00 *> x@srv03.test.ex R=r1 T=t1 H=ten-4.test.ex [V4NET.0.0.4]:88 C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => x@srv27.test.ex R=r1 T=t1 H=localhost.test.ex [127.0.0.1]:1224 +1999-03-02 09:44:33 10HmaZ-0005vi-00 => x@srv27.test.ex R=r1 T=t1 H=localhost.test.ex [127.0.0.1]:1224 C="250 OK" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed diff --git a/test/log/0478 b/test/log/0478 index 3a3862008..591069f88 100644 --- a/test/log/0478 +++ b/test/log/0478 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => 127.0.0.1@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => 127.0.0.1@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed ******** SERVER ******** diff --git a/test/log/0481 b/test/log/0481 index 3c0b2ab01..b95b0950a 100644 --- a/test/log/0481 +++ b/test/log/0481 @@ -1,3 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx R=r3 T=t1 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx R=r3 T=t1 +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/0492 b/test/log/0492 index 81846946f..bb8cea4cf 100644 --- a/test/log/0492 +++ b/test/log/0492 @@ -1,11 +1,11 @@ **NOTE: The delivery lines in this file have been sorted. 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 *> a@test.ex P= R=r1 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 *> b@test.ex P= R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 *> a@test.ex P= R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaX-0005vi-00 *> b@test.ex P= R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 *> a@test.ex P= R=r1 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaY-0005vi-00 *> b@test.ex P= R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 *> a@test.ex P= R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option" +1999-03-02 09:44:33 10HmaY-0005vi-00 *> b@test.ex P= R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaZ-0005vi-00 => /dev/null R=bh T=**bypassed** diff --git a/test/log/0495 b/test/log/0495 index e1f07e9d3..20f15c678 100644 --- a/test/log/0495 +++ b/test/log/0495 @@ -4,8 +4,8 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 ** xyz@test.ex R=r9 T=t1: Connection refused 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => a@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaZ-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => a@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbA-0005vi-00 ** a@x.y R=r9 T=t1: SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 550 NOTOK @@ -20,8 +20,8 @@ 1999-03-02 09:44:33 10HmbC-0005vi-00 ** b@x.y R=r9 T=t1: SMTP error from remote mail server after MAIL FROM:: host 127.0.0.1 [127.0.0.1]: 450 TEMPORARY MAIL FAIL 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbD-0005vi-00 => pm@p.q R=r9 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmbD-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbD-0005vi-00 => pm@p.q R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmbD-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbE-0005vi-00 ** file@x.y routing yielded a local delivery @@ -41,8 +41,8 @@ 1999-03-02 09:44:33 10HmbI-0005vi-00 Completed 1999-03-02 09:44:33 Daemon cannot be run when mua_wrapper is set 1999-03-02 09:44:33 10HmbJ-0005vi-00 <= sen@der U=CALLER P=local-esmtp S=sss -1999-03-02 09:44:33 10HmbJ-0005vi-00 => a@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmbJ-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbJ-0005vi-00 => a@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmbJ-0005vi-00 -> b@x.y R=r9 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed 1999-03-02 09:44:33 10HmbK-0005vi-00 <= sen@der U=CALLER P=local-esmtp S=sss 1999-03-02 09:44:33 10HmbK-0005vi-00 127.0.0.1 [127.0.0.1] Connection refused diff --git a/test/log/0496 b/test/log/0496 index de056d46b..ed05c1221 100644 --- a/test/log/0496 +++ b/test/log/0496 @@ -1,3 +1,4 @@ +1999-03-02 09:44:33 X-ACL-Warn: data1 data1\nX-ACL-Warn: data2 data2\nX-ACL-Warn: data3\nX-ACL-Warn: \nX-ACL-Warn: data4\nAfter-Received: some text\nAt-Start: some text\nAt-End: some text\nX-multiline: foo\n\n bar 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-smtp S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 => someone R=r9 T=t1 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/0527 b/test/log/0527 index 3da4433a1..702dbb7cc 100644 --- a/test/log/0527 +++ b/test/log/0527 @@ -1,2 +1,2 @@ -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 unrouteable address -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete sender verify callout diff --git a/test/log/0531 b/test/log/0531 index 90293aae1..a960f3e7b 100644 --- a/test/log/0531 +++ b/test/log/0531 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=smartuser T=lmtp defer (0): LMTP error after DATA: 450 TEMPERROR -1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@test.ex F= R=smartuser T=lmtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 ** userx@test.ex: retry timeout exceeded 1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER F=<> R=bounces T=t1 diff --git a/test/log/0537 b/test/log/0537 index 28145e6e4..83de0fa10 100644 --- a/test/log/0537 +++ b/test/log/0537 @@ -36,4 +36,4 @@ 1999-03-02 09:44:33 received_protocol=protocol 1999-03-02 09:44:33 sender_host_name=hostname 1999-03-02 09:44:33 sender_ident=ident -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=hostname [5.6.7.8] U=ident P=protocol A=authname:authid S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=hostname [5.6.7.8] U=ident P=protocol A=authname:authid:authsender S=sss diff --git a/test/log/0543 b/test/log/0543 index 208bf2694..b5853272e 100644 --- a/test/log/0543 +++ b/test/log/0543 @@ -3,7 +3,7 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 SMTP error from remote mail server after RCPT TO:: host thisloop.test.ex [127.0.0.1]: 451 Later, please 1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@domain1 R=smarthost T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:: host thisloop.test.ex [127.0.0.1]: 451 Later, please 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=smarthost T=smtp H=thisloop.test.ex [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain1 R=smarthost T=smtp H=thisloop.test.ex [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@domain1 routing defer (-51): retry time not reached 1999-03-02 09:44:33 End queue run: pid=pppp diff --git a/test/log/0548 b/test/log/0548 index 2c2718c57..cc614394a 100644 --- a/test/log/0548 +++ b/test/log/0548 @@ -8,17 +8,19 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=smarthost T=smtp defer (0): SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred 1999-03-02 09:44:33 End queue run: pid=pppp 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex routing defer (-51): retry time not reached +1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after RCPT TO:: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred +1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=smarthost T=smtp defer (0): SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred 1999-03-02 09:44:33 End queue run: pid=pppp 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 SMTP error from remote mail server after RCPT TO:: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred -1999-03-02 09:44:33 10HmaY-0005vi-00 SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred -1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@test.ex R=smarthost T=smtp defer (0): SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred +1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@test.ex R=smarthost T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex routing defer (-51): retry time not reached +1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after RCPT TO:: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred +1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=smarthost T=smtp defer (0): SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred 1999-03-02 09:44:33 10HmaY-0005vi-00 SMTP error from remote mail server after RCPT TO:: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred -1999-03-02 09:44:33 10HmaY-0005vi-00 SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred -1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@test.ex R=smarthost T=smtp defer (0): SMTP error from remote mail server after initial connection: host thishost.test.ex [127.0.0.1]: 451 host deferred +1999-03-02 09:44:33 10HmaY-0005vi-00 == usery@test.ex R=smarthost T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:: host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]: 451 Recipient deferred 1999-03-02 09:44:33 End queue run: pid=pppp ******** SERVER ******** @@ -27,7 +29,9 @@ 1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred 1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred 1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred -1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred +1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred 1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred 1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred +1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred 1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred +1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred diff --git a/test/log/0552 b/test/log/0552 index de765949d..64d499709 100644 --- a/test/log/0552 +++ b/test/log/0552 @@ -6,9 +6,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 == userx3@test.ex R=r1 T=t1 defer (dd): Connection timed out: SMTP timeout while connected to 127.0.0.1 [127.0.0.1] after MAIL FROM: SIZE=ssss 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx1@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx2@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx3@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx1@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx2@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx3@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/0553 b/test/log/0553 index 7c4feaef1..54f94fde0 100644 --- a/test/log/0553 +++ b/test/log/0553 @@ -5,9 +5,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 == userx3@test.ex R=t1 T=smtp defer (dd): Connection timed out: SMTP timeout while connected to 127.0.0.1 [127.0.0.1] after RCPT TO: 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx1@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx2@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx3@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx1@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx2@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> userx3@test.ex R=t1 T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/0554 b/test/log/0554 index d601ff246..97784ca48 100644 --- a/test/log/0554 +++ b/test/log/0554 @@ -1,4 +1,4 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 == x@y R=r1 T=smtp defer (-44): SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 451 Temporary error -1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/0561 b/test/log/0561 index 6bb3490e3..6c79f5a87 100644 --- a/test/log/0561 +++ b/test/log/0561 @@ -6,22 +6,22 @@ 1999-03-02 09:44:33 Start queue run: pid=pppp -qq 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 no immediate delivery: load average 0.01 -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbA-0005vi-00 no immediate delivery: load average 0.01 -1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* +1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qq 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 Start queue run: pid=pppp -qq 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbB-0005vi-00 no immediate delivery: load average 0.01 -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaY-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmbC-0005vi-00 no immediate delivery: load average 0.02 -1999-03-02 09:44:33 10HmbA-0005vi-00 => usery@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* +1999-03-02 09:44:33 10HmbA-0005vi-00 => usery@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qq 1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-smtp S=sss diff --git a/test/log/0565 b/test/log/0565 index 1fef38b61..82a2dc343 100644 --- a/test/log/0565 +++ b/test/log/0565 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-smtp S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=dnslookup T=remote_smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=dnslookup T=remote_smtp H=127.0.0.1 [127.0.0.1] C="250 OK (wizzle)" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-smtp S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => x@test.ex R=hdronly_dnslookup T=remote_smtp_hdrs H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => x@test.ex R=hdronly_dnslookup T=remote_smtp_hdrs H=127.0.0.1 [127.0.0.1] C="250 OK (wizzle)" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/0566 b/test/log/0566 new file mode 100644 index 000000000..0922615b3 --- /dev/null +++ b/test/log/0566 @@ -0,0 +1,15 @@ +1999-03-02 09:44:33 ignoring AUTH=x@y from U=CALLER (client not authenticated) +1999-03-02 09:44:33 ignoring AUTH=x@y from U=CALLER (client not authenticated) +1999-03-02 09:44:33 ignoring AUTH=x@y from U=CALLER (client not authenticated) +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : SIZE value too big +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : SIZE value too big +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss M8S=0 +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx R=r2 T=local_delivery +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss M8S=7 +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx R=r2 T=local_delivery +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss M8S=8 +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx R=r2 T=local_delivery +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 SMTP call from CALLER dropped: too many syntax or protocol errors (last command was "foo") diff --git a/test/log/0567 b/test/log/0567 new file mode 100644 index 000000000..1bad60ee9 --- /dev/null +++ b/test/log/0567 @@ -0,0 +1,10 @@ +1999-03-02 09:44:33 U=CALLER F= rejected RCPT +1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER Warning: Verified previously removed header X-Rcpt-2 +1999-03-02 09:44:33 10HmaX-0005vi-00 U=CALLER Warning: Verified removed header X-Data-3 in this ACL still visible +1999-03-02 09:44:33 10HmaX-0005vi-00 <= mailok@test.ex U=CALLER P=local-smtp S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => rcptok R=r1 T=t1 +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 => rcptok R=r1 T=t1 +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 U=CALLER temporarily rejected connection in "connect" ACL: cannot use remove_header condition in connection ACL diff --git a/test/log/1003 b/test/log/1003 index 7f37cd584..e11b7508a 100644 --- a/test/log/1003 +++ b/test/log/1003 @@ -4,13 +4,13 @@ 1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1] C="250 OK id=10HmbD-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1] +1999-03-02 09:44:33 10HmbA-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1] C="250 OK id=10HmbE-0005vi-00" 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed -1999-03-02 09:44:33 10HmbB-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1] +1999-03-02 09:44:33 10HmbB-0005vi-00 => userx@test.ex R=client T=send_to_server H=::1 [::1] C="250 OK id=10HmbF-0005vi-00" 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed 1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=client T=send_to_server defer (-1): failed to expand "interface" option for send_to_server transport: internal expansion of "<; ${if" failed: condition name expected, but found "" 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2000 b/test/log/2000 index 0ff87d939..6c690bf9e 100644 --- a/test/log/2000 +++ b/test/log/2000 @@ -2,7 +2,7 @@ 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (certificate verification failed): invalid 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) -1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2002 b/test/log/2002 index 4b0512a14..774495514 100644 --- a/test/log/2002 +++ b/test/log/2002 @@ -1,10 +1,13 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (gnutls_handshake): The peer did not send any certificate. -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER R=abc T=local_delivery 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER R=abc T=local_delivery 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER R=abc T=local_delivery +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2008 b/test/log/2008 index 6224b8ff1..10f3958eb 100644 --- a/test/log/2008 +++ b/test/log/2008 @@ -1,11 +1,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" -1999-03-02 09:44:33 10HmaY-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" -1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2010 b/test/log/2010 index da55b96fa..a55771099 100644 --- a/test/log/2010 +++ b/test/log/2010 @@ -1,7 +1,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 a TLS session is required for 127.0.0.1 [127.0.0.1], but the server did not offer TLS support -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 Start queue run: pid=pppp -qf diff --git a/test/log/2012 b/test/log/2012 index 3c363c65a..b4bceb688 100644 --- a/test/log/2012 +++ b/test/log/2012 @@ -1,7 +1,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (certificate verification failed): invalid -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=yes DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2013 b/test/log/2013 index cb14479d4..946e8e67b 100644 --- a/test/log/2013 +++ b/test/log/2013 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/2014 b/test/log/2014 index 554100b77..feaf4be4c 100644 --- a/test/log/2014 +++ b/test/log/2014 @@ -4,6 +4,5 @@ 1999-03-02 09:44:33 TLS error on connection from (rhu5.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): invalid 1999-03-02 09:44:33 H=[127.0.0.1] F= rejected RCPT : certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (recv): A TLS packet with unexpected length was received. -1999-03-02 09:44:33 TLS error on connection from [ip4.ip4.ip4.ip4] (send): The specified session has been invalidated for some reason. +1999-03-02 09:44:33 TLS error on connection from (rhu7.barb) [ip4.ip4.ip4.ip4] (certificate verification failed): revoked 1999-03-02 09:44:33 H=[127.0.0.1] F= rejected RCPT : certificate not verified: peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock diff --git a/test/log/2017 b/test/log/2017 index 93ffdc3e0..cc3d9b5ed 100644 --- a/test/log/2017 +++ b/test/log/2017 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/2020 b/test/log/2020 index bcebac623..4b9c1fac1 100644 --- a/test/log/2020 +++ b/test/log/2020 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=abc T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=abc T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2021 b/test/log/2021 index d6f5460ae..bcb988f2d 100644 --- a/test/log/2021 +++ b/test/log/2021 @@ -2,7 +2,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after STARTTLS: host 127.0.0.1 [127.0.0.1]: 450 temp problem 1999-03-02 09:44:33 10HmaX-0005vi-00 == x@y R=client T=send_to_server defer (0): SMTP error from remote mail server after STARTTLS: host 127.0.0.1 [127.0.0.1]: 450 temp problem 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=client T=send_to_server H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss diff --git a/test/log/2026 b/test/log/2026 index 7fb2bbcd1..8c8ab7af0 100644 --- a/test/log/2026 +++ b/test/log/2026 @@ -3,11 +3,11 @@ 1999-03-02 09:44:33 H=localhost (myhost.test.ex) [127.0.0.1] F= temporarily rejected RCPT 1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 451 Temporary local problem - please try later 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaX-0005vi-00@myhost.test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 => userx R=r0 T=t2 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@myhost.test.ex R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@myhost.test.ex R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 => usery R=r0 T=t2 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed diff --git a/test/log/2027 b/test/log/2027 index 4db0788c1..547303822 100644 --- a/test/log/2027 +++ b/test/log/2027 @@ -1,11 +1,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (gnutls_handshake): A TLS packet with unexpected length was received. 1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls) -1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] +1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2100 b/test/log/2100 index 664ab8abe..f4ea5c49c 100644 --- a/test/log/2100 +++ b/test/log/2100 @@ -3,7 +3,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) -1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2102 b/test/log/2102 index a0d9fc205..da4ee49d7 100644 --- a/test/log/2102 +++ b/test/log/2102 @@ -1,11 +1,14 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex H=[127.0.0.1] P=smtps X=TLSv1:AES256-SHA:256 S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 <= "name with spaces"@test.ex H=[127.0.0.1] P=smtps X=TLSv1:AES256-SHA:256 S=sss 1999-03-02 09:44:33 TLS error on connection from (rhu.barb) [ip4.ip4.ip4.ip4] (SSL_accept): error: <> 1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) -1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER R=abc T=local_delivery 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER R=abc T=local_delivery 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER R=abc T=local_delivery +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2108 b/test/log/2108 index 112be7e43..12ab295f4 100644 --- a/test/log/2108 +++ b/test/log/2108 @@ -1,11 +1,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" -1999-03-02 09:44:33 10HmaY-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" -1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2110 b/test/log/2110 index b863b37f5..3727c6acd 100644 --- a/test/log/2110 +++ b/test/log/2110 @@ -1,7 +1,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 a TLS session is required for 127.0.0.1 [127.0.0.1], but the server did not offer TLS support -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 Start queue run: pid=pppp -qf diff --git a/test/log/2111 b/test/log/2111 index 63979f233..966858580 100644 --- a/test/log/2111 +++ b/test/log/2111 @@ -1,7 +1,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (SSL_connect): error: <> -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:DES-CBC3-SHA:168 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:DES-CBC3-SHA:168 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2112 b/test/log/2112 index 830e826e1..bee2f6fe3 100644 --- a/test/log/2112 +++ b/test/log/2112 @@ -2,7 +2,7 @@ 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (SSL_connect): error: <> -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2113 b/test/log/2113 index 838a61e9a..e3e433361 100644 --- a/test/log/2113 +++ b/test/log/2113 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/2117 b/test/log/2117 index c3ede67a3..a9d7bbc0a 100644 --- a/test/log/2117 +++ b/test/log/2117 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/2120 b/test/log/2120 index 14de3ab9c..534f5b82e 100644 --- a/test/log/2120 +++ b/test/log/2120 @@ -2,7 +2,7 @@ 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session failure: delivering unencrypted to 127.0.0.1 [127.0.0.1] (not in hosts_require_tls) -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=abc T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=abc T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2121 b/test/log/2121 index d6f5460ae..bcb988f2d 100644 --- a/test/log/2121 +++ b/test/log/2121 @@ -2,7 +2,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after STARTTLS: host 127.0.0.1 [127.0.0.1]: 450 temp problem 1999-03-02 09:44:33 10HmaX-0005vi-00 == x@y R=client T=send_to_server defer (0): SMTP error from remote mail server after STARTTLS: host 127.0.0.1 [127.0.0.1]: 450 temp problem 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=client T=send_to_server H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss diff --git a/test/log/2125 b/test/log/2125 index b72bb3b17..5851340f8 100644 --- a/test/log/2125 +++ b/test/log/2125 @@ -1,7 +1,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (SSL_connect): error: <> -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:DES-CBC3-SHA:168 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:DES-CBC3-SHA:168 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2126 b/test/log/2126 index 7462a96b0..9ee15e481 100644 --- a/test/log/2126 +++ b/test/log/2126 @@ -1,7 +1,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 451 Temporary local problem - please try later -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] -1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@myhost.test.ex R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@myhost.test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@myhost.test.ex R=r1 T=t1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed ******** SERVER ******** diff --git a/test/log/2127 b/test/log/2127 index 5665b2e60..91f972adb 100644 --- a/test/log/2127 +++ b/test/log/2127 @@ -1,11 +1,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 TLS error on connection to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaY-0005vi-00 TLS session failure: delivering unencrypted to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] (not in hosts_require_tls) -1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] +1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/2149 b/test/log/2149 index d0c7ac0df..b76039c4b 100644 --- a/test/log/2149 +++ b/test/log/2149 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/3401 b/test/log/3401 index 30e4b45bc..8532e4ba2 100644 --- a/test/log/3401 +++ b/test/log/3401 @@ -1,12 +1,12 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=login:userx:CALLER@myhost.test.ex C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=plain C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaZ-0005vi-00 plain authenticator failed H=127.0.0.1 [127.0.0.1] 535 Sorry, authentication failed -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] C="250 OK" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbA-0005vi-00 Remote host 127.0.0.1 [127.0.0.1] closed connection in response to AUTH LOGIN @@ -27,7 +27,7 @@ 1999-03-02 09:44:33 10HmbE-0005vi-00 Frozen (delivery error message) 1999-03-02 09:44:33 10HmbD-0005vi-00 Completed 1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbF-0005vi-00 => forcesender@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbF-0005vi-00 => forcesender@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=login:userx:force@x.y.z C="250 OK" 1999-03-02 09:44:33 10HmbF-0005vi-00 Completed 1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmbG-0005vi-00 login authenticator cancelled authentication H=127.0.0.1 [127.0.0.1] Invalid base64 string in server response "334 User?" @@ -37,5 +37,5 @@ 1999-03-02 09:44:33 10HmbH-0005vi-00 Frozen (delivery error message) 1999-03-02 09:44:33 10HmbG-0005vi-00 Completed 1999-03-02 09:44:33 10HmbI-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbI-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmbI-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=xlogin:challenge-1:CALLER@myhost.test.ex C="250 OK" 1999-03-02 09:44:33 10HmbI-0005vi-00 Completed diff --git a/test/log/3404 b/test/log/3404 index 840b3ceca..67e8f1713 100644 --- a/test/log/3404 +++ b/test/log/3404 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=login C="250 OK" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed diff --git a/test/log/3405 b/test/log/3405 index a876b0d2b..21c9f5e77 100644 --- a/test/log/3405 +++ b/test/log/3405 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed diff --git a/test/log/3412 b/test/log/3412 index 6895fe347..6df6f0ba3 100644 --- a/test/log/3412 +++ b/test/log/3412 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 ** x@test.ex R=local: no deliveries made locally 1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@myhost.test.ex R=remote T=smtp H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@myhost.test.ex R=remote T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/3451 b/test/log/3451 index 36a93a5e2..19f8ba0a2 100644 --- a/test/log/3451 +++ b/test/log/3451 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" A=plain C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/3452 b/test/log/3452 index 36a93a5e2..19f8ba0a2 100644 --- a/test/log/3452 +++ b/test/log/3452 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" A=plain C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/3455 b/test/log/3455 index 864b258c5..a1672e8ee 100644 --- a/test/log/3455 +++ b/test/log/3455 @@ -2,11 +2,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 A=plain:userx S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmaX-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 +1999-03-02 09:44:33 10HmaX-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 A=plain C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=login:usery S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmaY-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] A=login C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/3461 b/test/log/3461 index d164b737a..9be2ec4b3 100644 --- a/test/log/3461 +++ b/test/log/3461 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/3462 b/test/log/3462 index d164b737a..9be2ec4b3 100644 --- a/test/log/3462 +++ b/test/log/3462 @@ -1,9 +1,9 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" A=plain C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/3465 b/test/log/3465 index 231636829..1f5f3f04a 100644 --- a/test/log/3465 +++ b/test/log/3465 @@ -2,11 +2,11 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLSv1:AES256-SHA:256 A=plain:userx S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmaX-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 +1999-03-02 09:44:33 10HmaX-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 A=plain C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=login:usery S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmaY-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaY-0005vi-00 => userz@test.ex R=r1 T=t1 H=127.0.0.1 [127.0.0.1] A=login C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/3501 b/test/log/3501 index 48dee026d..48d201c29 100644 --- a/test/log/3501 +++ b/test/log/3501 @@ -1,3 +1,3 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@domain.com R=try T=smtp_try H=127.0.0.1 [127.0.0.1] A=cram_md5 C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/3600 b/test/log/3600 index dc0acf610..16c59f368 100644 --- a/test/log/3600 +++ b/test/log/3600 @@ -1,6 +1,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=t1 H=127.0.0.1 [127.0.0.1] A=spa C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp 1999-03-02 09:44:33 10HmaY-0005vi-00 sender address changed to by CALLER @@ -11,7 +11,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 -1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=spa S=sss id=E10HmaX-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data +1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpa A=spa:username S=sss id=E10HmaX-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data (set_id=username) 1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data 1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data diff --git a/test/log/5400 b/test/log/5400 new file mode 100644 index 000000000..59f948c5f --- /dev/null +++ b/test/log/5400 @@ -0,0 +1,14 @@ +1999-03-02 09:44:33 rcpt for userx@domain.com +1999-03-02 09:44:33 10HmaX-0005vi-00 >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 rcpt for userz@domain.com +1999-03-02 09:44:33 10HmaY-0005vi-00 >> userz@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 rcpt for usery@domain.com +1999-03-02 09:44:33 rcpt for userx@domain.com +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 -> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed diff --git a/test/log/5401 b/test/log/5401 new file mode 100644 index 000000000..37ad46794 --- /dev/null +++ b/test/log/5401 @@ -0,0 +1,3 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/5410 b/test/log/5410 new file mode 100644 index 000000000..efcee1b4f --- /dev/null +++ b/test/log/5410 @@ -0,0 +1,16 @@ +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaY-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 no immediate delivery: queued by ACL +1999-03-02 09:44:33 10HmaY-0005vi-00 >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaX-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 no immediate delivery: queued by ACL +1999-03-02 09:44:33 10HmbA-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbC-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 no immediate delivery: queued by ACL +1999-03-02 09:44:33 10HmbC-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00" +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed diff --git a/test/log/5420 b/test/log/5420 new file mode 100644 index 000000000..5dcefb30f --- /dev/null +++ b/test/log/5420 @@ -0,0 +1,16 @@ +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 S=sss id=E10HmaY-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 no immediate delivery: queued by ACL +1999-03-02 09:44:33 10HmaY-0005vi-00 >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C="250 OK id=10HmaX-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbA-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 no immediate delivery: queued by ACL +1999-03-02 09:44:33 10HmbA-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbC-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 no immediate delivery: queued by ACL +1999-03-02 09:44:33 10HmbC-0005vi-00 >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00" +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed diff --git a/test/log/5500 b/test/log/5500 new file mode 100644 index 000000000..ef5372cd1 --- /dev/null +++ b/test/log/5500 @@ -0,0 +1,17 @@ +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaY-0005vi-00 PRDR R= acceptance +1999-03-02 09:44:33 10HmaY-0005vi-00 PRDR R= temporary refusal +1999-03-02 09:44:33 10HmaY-0005vi-00 PRDR R= refusal +1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=(rhu.barb) [127.0.0.1] P=esmtp PRDR S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx R=r0 T=t1 +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmaX-0005vi-00 PRDR R= acceptance +1999-03-02 09:44:33 10HmaX-0005vi-00 PRDR R= acceptance +1999-03-02 09:44:33 10HmaX-0005vi-00 H=(rhu.barb) [127.0.0.1] F=<> rejected after DATA +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=(rhu.barb) [127.0.0.1] P=esmtp S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => user1 R=r0 T=t1 +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R= temporary refusal +1999-03-02 09:44:33 10HmbA-0005vi-00 PRDR R= temporary refusal +1999-03-02 09:44:33 10HmbB-0005vi-00 PRDR R= refusal +1999-03-02 09:44:33 10HmbB-0005vi-00 PRDR R= refusal diff --git a/test/log/5510 b/test/log/5510 new file mode 100644 index 000000000..86a9babfe --- /dev/null +++ b/test/log/5510 @@ -0,0 +1,31 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= userx@test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => usery@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] PRDR C="250 first rcpt was good" +1999-03-02 09:44:33 10HmaX-0005vi-00 -> userz@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] PRDR C="250 second rcpt was good" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaY-0005vi-00 <= userx@test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaY-0005vi-00 => user2.1@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK got that" +1999-03-02 09:44:33 10HmaY-0005vi-00 -> user2.2@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK got that" +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= userx@test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => usery@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] PRDR C="250 first rcpt was good" +1999-03-02 09:44:33 10HmaZ-0005vi-00 == userz@test.ex R=r0 T=t1 defer (0): PRDR error after DATA: 450 cannot handle second rcpt right now +1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbA-0005vi-00 => userp@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] PRDR C="250 first rcpt was good" +1999-03-02 09:44:33 10HmbA-0005vi-00 ** userq@test.ex R=r0 T=t1: PRDR error after DATA: 550 second rcpt does not like content +1999-03-02 09:44:33 10HmbA-0005vi-00 Frozen (delivery error message) +1999-03-02 09:44:33 10HmaZ-0005vi-00 == userz@test.ex routing defer (-51): retry time not reached +1999-03-02 09:44:33 10HmbB-0005vi-00 <= <> U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 ** user5.1@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 550 oops, overall rejection +1999-03-02 09:44:33 10HmbB-0005vi-00 ** user5.2@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1]: SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 550 oops, overall rejection +1999-03-02 09:44:33 10HmbB-0005vi-00 Frozen (delivery error message) +1999-03-02 09:44:33 10HmbC-0005vi-00 <= <> U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbC-0005vi-00 ** user6.1@test.ex R=r0 T=t1: SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 550 naah mate +1999-03-02 09:44:33 10HmbC-0005vi-00 ** user6.2@test.ex R=r0 T=t1: SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 550 naah mate +1999-03-02 09:44:33 10HmbC-0005vi-00 Frozen (delivery error message) +1999-03-02 09:44:33 10HmbD-0005vi-00 <= <> U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbD-0005vi-00 == user7.1@test.ex R=r0 T=t1 defer (-46): SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 450 oops, try again later please +1999-03-02 09:44:33 10HmbD-0005vi-00 == user7.2@test.ex R=r0 T=t1 defer (-46): SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 450 oops, try again later please +1999-03-02 09:44:33 10HmbD-0005vi-00 == user7.3@test.ex R=r0 T=t1 defer (-46): SMTP error from remote mail server after end of data: host 127.0.0.1 [127.0.0.1]: 450 oops, try again later please +1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbE-0005vi-00 => user8.1@test.ex R=r0 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK, got that" +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed diff --git a/test/log/5600 b/test/log/5600 new file mode 100644 index 000000000..869883f06 --- /dev/null +++ b/test/log/5600 @@ -0,0 +1,6 @@ +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; responding +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; not responding +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [ip4.ip4.ip4.ip4] Recieved OCSP stapling req; not responding diff --git a/test/log/5601 b/test/log/5601 new file mode 100644 index 000000000..40caa0f88 --- /dev/null +++ b/test/log/5601 @@ -0,0 +1,41 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaX-0005vi-00 => nostaple@test.ex R=client T=send_to_server1 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER@test.ex R=client T=send_to_server2 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 Received TLS status response, null content +1999-03-02 09:44:33 10HmbB-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbB-0005vi-00 == CALLER@test.ex R=client T=send_to_server2 defer (-37): failure while setting up TLS session +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbC-0005vi-00 Server certificate revoked; reason: superseded +1999-03-02 09:44:33 10HmbC-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbC-0005vi-00 == CALLER@test.ex R=client T=send_to_server2 defer (-37): failure while setting up TLS session +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@server1.example.com U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbD-0005vi-00 Server OSCP dates invalid +1999-03-02 09:44:33 10HmbD-0005vi-00 TLS error on connection to 127.0.0.1 [127.0.0.1] (SSL_connect): error: <> +1999-03-02 09:44:33 10HmbD-0005vi-00 == CALLER@test.ex R=client T=send_to_server2 defer (-37): failure while setting up TLS session + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@server1.example.com H=the.local.host.name (server1.example.com) [ip4.ip4.ip4.ip4] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaX-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@server1.example.com H=(helo.data.changed) [127.0.0.1] P=esmtps X=TLSv1:AES256-SHA:256 S=sss id=E10HmaZ-0005vi-00@server1.example.com +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; not responding +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 [127.0.0.1] Recieved OCSP stapling req; responding +1999-03-02 09:44:33 TLS error on connection from (helo.data.changed) [127.0.0.1] (SSL_accept): error: <> +1999-03-02 09:44:33 TLS client disconnected cleanly (rejected our certificate?) diff --git a/test/log/9900 b/test/log/9900 index 8ee23ed64..3771613bd 100644 --- a/test/log/9900 +++ b/test/log/9900 @@ -1,10 +1,10 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 46c.test.ex [V6NET:ffff:836f:a00:a:800:200a:c033] Network Error -1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@mx46cd.test.ex R=lookuphost T=smtp H=46d.test.ex [ip4.ip4.ip4.ip4] +1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@mx46cd.test.ex R=lookuphost T=smtp H=46d.test.ex [ip4.ip4.ip4.ip4] C="250 OK" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaY-0005vi-00 46c.test.ex [V6NET:ffff:836f:a00:a:800:200a:c033] Network Error -1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@mx46cd.test.ex R=lookuphost T=smtp H=46d.test.ex [ip4.ip4.ip4.ip4] +1999-03-02 09:44:33 10HmaY-0005vi-00 => userx@mx46cd.test.ex R=lookuphost T=smtp H=46d.test.ex [ip4.ip4.ip4.ip4] C="250 OK" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaZ-0005vi-00 46d.test.ex [ip4.ip4.ip4.ip4] Connection refused diff --git a/test/log/9901 b/test/log/9901 index eb4f30296..7948cbb4f 100644 --- a/test/log/9901 +++ b/test/log/9901 @@ -4,7 +4,7 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 == ok@no.delay R=r1 T=t1 defer (0): SMTP delivery explicitly queued 1999-03-02 09:44:33 10HmaY-0005vi-00 recipient added by root 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] +1999-03-02 09:44:33 10HmaX-0005vi-00 => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 == delay@2.test.again.dns R=r2 defer (-1): host lookup did not complete 1999-03-02 09:44:33 10HmaY-0005vi-00 == ok@no.delay R=r1 T=t1 defer (-45): SMTP error from remote mail server after MAIL FROM: SIZE=1325: host 127.0.0.1 [127.0.0.1]: 421 myhost.test.ex: SMTP command timeout - closing connection diff --git a/test/mail/0481.userx b/test/mail/0481.userx index a9f142c35..07700dd92 100644 --- a/test/mail/0481.userx +++ b/test/mail/0481.userx @@ -10,3 +10,16 @@ Date: Tue, 2 Mar 1999 09:44:33 +0000 X-Was-Remove-Me: >this header is to be removed< +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaY-0005vi-00 + for userx@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Another: This is another header +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 +X-Was-Remove-Me: >this header is to be removed< +X-Was-Remove-Me-Also: >me too!< + + diff --git a/test/mail/0496.someone b/test/mail/0496.someone index 49cda3694..32240fd54 100644 --- a/test/mail/0496.someone +++ b/test/mail/0496.someone @@ -12,7 +12,12 @@ Sender: CALLER_NAME Date: Tue, 2 Mar 1999 09:44:33 +0000 X-ACL-Warn: data1 data1 X-ACL-Warn: data2 data2 +X-ACL-Warn: data3 +X-ACL-Warn: +X-ACL-Warn: data4 At-End: some text +X-multiline: foo + bar Testing message diff --git a/test/mail/0566.userx b/test/mail/0566.userx new file mode 100644 index 000000000..e5f0975da --- /dev/null +++ b/test/mail/0566.userx @@ -0,0 +1,39 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from CALLER (helo=Testing) + by myhost.test.ex with local-esmtp (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00 + for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Subject: test +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +foo + +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from CALLER (helo=Testing) + by myhost.test.ex with local-esmtp (Exim x.yz) + (envelope-from ) + id 10HmaY-0005vi-00 + for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Subject: test +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +foo + +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from CALLER (helo=Testing) + by myhost.test.ex with local-esmtp (Exim x.yz) + (envelope-from ) + id 10HmaZ-0005vi-00 + for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Subject: test +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +foo + diff --git a/test/mail/0567.rcptok b/test/mail/0567.rcptok new file mode 100644 index 000000000..deffea8fc --- /dev/null +++ b/test/mail/0567.rcptok @@ -0,0 +1,45 @@ +From mailok@test.ex Tue Mar 02 09:44:33 1999 +Received: from CALLER by myhost.test.ex with local-smtp (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00 + for rcptok@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +cond: accept +X-Data-2: Line two +X-Data-5: Line five +X-Not-1: Testing wildcard one +X-Not-2: Testing wildcard two +X-Rcpt-1: Line six +X-Rcpt-3: Line eight +X-Rcpt-5: Line ten +X-Mail-2: Line twelve +X-Mail-3: Line thirteen +X-Mail-4: Line fourteen is also really long, but it won't get + removed by these ACL's. +X-Mail-5: Line fifteen +X-Predata-5: Line sixteen +X-Predata-4: Line seventeen +X-Predata-2: Line nineteen +X-NotSMTP-1: Line twenty-one +X-NotSMTP-2: Line twenty-two +X-NotSMTP-3: Line twenty-three +Message-Id: +From: mailok@test.ex +Date: Tue, 2 Mar 1999 09:44:33 +0000 +RCPT: denied notok + +Test message + +From CALLER@test.ex Tue Mar 02 09:44:33 1999 +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaY-0005vi-00 + for rcptok@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: CALLER_NAME + +Test non-SMTP message. Make sure it doesn't blow up when a header +it wants to remove is not present. This one also overrides the +fixup of adding a Date header because we specified to remove it! +Allow the admin to shoot himself in the foot if he really and +truly wants to. + diff --git a/test/mail/2002.CALLER b/test/mail/2002.CALLER index cc606bb0e..a4e0dd526 100644 --- a/test/mail/2002.CALLER +++ b/test/mail/2002.CALLER @@ -10,12 +10,24 @@ TLS: cipher=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 peerdn= This is a test encrypted message. +From "name with spaces"@test.ex Tue Mar 02 09:44:33 1999 +Received: from [127.0.0.1] + by myhost.test.ex with smtps (TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256) + (Exim x.yz) + (envelope-from <"name with spaces"@test.ex>) + id 10HmaY-0005vi-00 + for CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +tls-certificate-verified: 0 +TLS: cipher=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 peerdn= + +This is a test encrypted message. + From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] by myhost.test.ex with smtps (TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256) (Exim x.yz) (envelope-from ) - id 10HmaY-0005vi-00 + id 10HmaZ-0005vi-00 for CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 tls-certificate-verified: 1 TLS: cipher=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 peerdn=C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock diff --git a/test/mail/2102.CALLER b/test/mail/2102.CALLER index 0a2adcf1c..e4be6a342 100644 --- a/test/mail/2102.CALLER +++ b/test/mail/2102.CALLER @@ -10,12 +10,24 @@ TLS: cipher=TLSv1:AES256-SHA:256 peerdn= This is a test encrypted message. +From "name with spaces"@test.ex Tue Mar 02 09:44:33 1999 +Received: from [127.0.0.1] + by myhost.test.ex with smtps (TLSv1:AES256-SHA:256) + (Exim x.yz) + (envelope-from <"name with spaces"@test.ex>) + id 10HmaY-0005vi-00 + for CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +tls-certificate-verified: 0 +TLS: cipher=TLSv1:AES256-SHA:256 peerdn= + +This is a test encrypted message. + From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] by myhost.test.ex with smtps (TLSv1:AES256-SHA:256) (Exim x.yz) (envelope-from ) - id 10HmaY-0005vi-00 + id 10HmaZ-0005vi-00 for CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 tls-certificate-verified: 1 TLS: cipher=TLSv1:AES256-SHA:256 peerdn=/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock diff --git a/test/mail/5500.user1 b/test/mail/5500.user1 new file mode 100644 index 000000000..a485c7c91 --- /dev/null +++ b/test/mail/5500.user1 @@ -0,0 +1,8 @@ +From MAILER-DAEMON Tue Mar 02 09:44:33 1999 +Received: from [127.0.0.1] (helo=rhu.barb) + by myhost.test.ex with esmtp (Exim x.yz) + id 10HmaZ-0005vi-00 + for user1@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Sender: sender@some.where + + diff --git a/test/mail/5500.userx b/test/mail/5500.userx new file mode 100644 index 000000000..c46897f8d --- /dev/null +++ b/test/mail/5500.userx @@ -0,0 +1,7 @@ +From MAILER-DAEMON Tue Mar 02 09:44:33 1999 +Received: from [127.0.0.1] (helo=rhu.barb) + by myhost.test.ex with esmtp (Exim x.yz) + id 10HmaY-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 +Sender: sender@some.where + + diff --git a/test/msglog/2145.10HmaX-0005vi-00 b/test/msglog/2145.10HmaX-0005vi-00 new file mode 100644 index 000000000..33692c6c0 --- /dev/null +++ b/test/msglog/2145.10HmaX-0005vi-00 @@ -0,0 +1 @@ +1999-03-02 09:44:33 Received from CALLER@myhost.test.ex U=CALLER P=local S=sss diff --git a/test/rejectlog/0227 b/test/rejectlog/0227 index bc1480be7..8b2a2a148 100644 --- a/test/rejectlog/0227 +++ b/test/rejectlog/0227 @@ -6,8 +6,8 @@ 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : response to "MAIL FROM:<>" from 127.0.0.1 [127.0.0.1] was: 550-Multiline error for <>\n550 Here's the second line 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : (recipient): response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : (recipient): response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second 1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= temporarily rejected RCPT : Could not complete recipient verify callout 1999-03-02 09:44:33 10HmaX-0005vi-00 H=[V4NET.0.0.4] U=root F= rejected after DATA: there is no valid sender in any header line Envelope-from: @@ -29,8 +29,8 @@ P Received: from [V4NET.0.0.4] (ident=root) F From: abcd@x.y.z 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= rejected RCPT : relay not permitted 1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Don't like postmaster -1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= rejected RCPT : (postmaster): Sender verify failed -1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : (recipient): response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked +1999-03-02 09:44:33 H=[V4NET.0.0.5] U=root F= rejected RCPT : Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : response to "initial connection" from 127.0.0.1 [127.0.0.1] was: connection dropped 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= temporarily rejected RCPT : Could not complete sender verify callout 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify defer for : could not connect to 127.0.0.1 [127.0.0.1]: Connection refused diff --git a/test/rejectlog/0527 b/test/rejectlog/0527 index 3da4433a1..702dbb7cc 100644 --- a/test/rejectlog/0527 +++ b/test/rejectlog/0527 @@ -1,2 +1,2 @@ -1999-03-02 09:44:33 U=CALLER sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 unrouteable address -1999-03-02 09:44:33 U=CALLER F= rejected RCPT : Sender verify failed +1999-03-02 09:44:33 U=CALLER sender verify defer for : Could not complete sender verify callout +1999-03-02 09:44:33 U=CALLER F= temporarily rejected RCPT : Could not complete sender verify callout diff --git a/test/rejectlog/0548 b/test/rejectlog/0548 index 7bf11268a..0e99d3f7a 100644 --- a/test/rejectlog/0548 +++ b/test/rejectlog/0548 @@ -4,7 +4,9 @@ 1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred 1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred 1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred -1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred +1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred 1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred 1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred +1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred 1999-03-02 09:44:33 H=[127.0.0.1] temporarily rejected connection in "connect" ACL: host deferred +1999-03-02 09:44:33 H=the.local.host.name [ip4.ip4.ip4.ip4] F= temporarily rejected RCPT : Recipient deferred diff --git a/test/rejectlog/0566 b/test/rejectlog/0566 new file mode 100644 index 000000000..7a420d042 --- /dev/null +++ b/test/rejectlog/0566 @@ -0,0 +1,3 @@ +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : SIZE value too big +1999-03-02 09:44:33 U=CALLER F= rejected RCPT : SIZE value too big +1999-03-02 09:44:33 SMTP call from CALLER dropped: too many syntax or protocol errors (last command was "foo") diff --git a/test/rejectlog/0567 b/test/rejectlog/0567 new file mode 100644 index 000000000..980e2e851 --- /dev/null +++ b/test/rejectlog/0567 @@ -0,0 +1,2 @@ +1999-03-02 09:44:33 U=CALLER F= rejected RCPT +1999-03-02 09:44:33 U=CALLER temporarily rejected connection in "connect" ACL: cannot use remove_header condition in connection ACL diff --git a/test/rejectlog/3600 b/test/rejectlog/3600 index 629d314e2..4398a403a 100644 --- a/test/rejectlog/3600 +++ b/test/rejectlog/3600 @@ -1,5 +1,5 @@ ******** SERVER ******** -1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data +1999-03-02 09:44:33 spa authenticator failed for localhost (myhost.test.ex) [127.0.0.1]: 535 Incorrect authentication data (set_id=username) 1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data 1999-03-02 09:44:33 spa authenticator failed for (xxxx) [127.0.0.1]: 535 Incorrect authentication data diff --git a/test/rejectlog/5500 b/test/rejectlog/5500 new file mode 100644 index 000000000..89372dcfd --- /dev/null +++ b/test/rejectlog/5500 @@ -0,0 +1,8 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 H=(rhu.barb) [127.0.0.1] F=<> rejected after DATA +Envelope-from: <> +Envelope-to: + +P Received: from [127.0.0.1] (helo=rhu.barb) + by myhost.test.ex with esmtp (Exim x.yz) + id 10HmaX-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 +S Sender: sender@some.where diff --git a/test/runtest b/test/runtest index aa242d589..6623d3b4b 100755 --- a/test/runtest +++ b/test/runtest @@ -36,7 +36,9 @@ $gnutls_dh_bits_normal = 2236; $cf = "bin/cf -exact"; $cr = "\r"; $debug = 0; +$force_continue = 0; $force_update = 0; +$log_failed_filename = "failed-summary.log"; $more = "less -XF"; $optargs = ""; $save_output = 0; @@ -313,6 +315,7 @@ return @yield; sub munge { my($file) = $_[0]; +my($extra) = $_[1]; my($yield) = 0; my(@saved) = (); @@ -338,6 +341,13 @@ $spid = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; while() { RESET_AFTER_EXTRA_LINE_READ: + # Custom munges + if ($extra) + { + next if $extra =~ m%^/% && eval $extra; + eval $extra if $extra =~ m/^s/; + } + # Check for "*** truncated ***" $yield = 1 if /\*\*\* truncated \*\*\*/; @@ -998,16 +1008,43 @@ return $yield; # Arguments: [0] the prompt string # [1] if there is a U in the prompt and $force_update is true +# [2] if there is a C in the prompt and $force_continue is true # Returns: nothing (it sets $_) sub interact{ print $_[0]; if ($_[1]) { $_ = "u"; print "... update forced\n"; } + elsif ($_[2]) { $_ = "c"; print "... continue forced\n"; } else { $_ = ; } } +################################################## +# Subroutine to log in force_continue mode # +################################################## + +# In force_continue mode, we just want a terse output to a statically +# named logfile. If multiple files in same batch (stdout, stderr, etc) +# all have mismatches, it will log multiple times. +# +# Arguments: [0] the logfile to append to +# [1] the testno that failed +# Returns: nothing + + + +sub log_failure { + my $logfile = shift(); + my $testno = shift(); + my $detail = shift() || ''; + if ( open(my $fh, ">>", $logfile) ) { + print $fh "Test $testno $detail failed\n"; + close $fh; + } +} + + ################################################## # Subroutine to compare one output file # @@ -1022,6 +1059,7 @@ if ($_[1]) { $_ = "u"; print "... update forced\n"; } # [2] where to put the munged copy # [3] the name of the saved file # [4] TRUE if this is a log file whose deliveries must be sorted +# [5] optionally, a custom munge command # # Returns: 0 comparison succeeded or differences to be ignored # 1 comparison failed; files may have been updated (=> re-compare) @@ -1029,7 +1067,7 @@ if ($_[1]) { $_ = "u"; print "... update forced\n"; } # Does not return if the user replies "Q" to a prompt. sub check_file{ -my($rf,$rsf,$mf,$sf,$sortfile) = @_; +my($rf,$rsf,$mf,$sf,$sortfile,$extra) = @_; # If there is no saved file, the raw files must either not exist, or be # empty. The test ! -s is TRUE if the file does not exist or is empty. @@ -1047,6 +1085,7 @@ if (! -e $sf) print "Continue, Show, or Quit? [Q] "; $_ = ; tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, $rf) if (/^c$/i && $force_continue); return 0 if /^c$/i; last if (/^s$/); } @@ -1065,8 +1104,9 @@ if (! -e $sf) print "\n"; for (;;) { - interact("Continue, Update & retry, Quit? [Q] ", $force_update); + interact("Continue, Update & retry, Quit? [Q] ", $force_update, $force_continue); tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, $rsf) if (/^c$/i && $force_continue); return 0 if /^c$/i; last if (/^u$/i); } @@ -1077,11 +1117,11 @@ if (! -e $sf) # data that does exist. open(MUNGED, ">$mf") || tests_exit(-1, "Failed to open $mf: $!"); -my($truncated) = munge($rf) if -e $rf; +my($truncated) = munge($rf, $extra) if -e $rf; if (defined $rsf && -e $rsf) { print MUNGED "\n******** SERVER ********\n"; - $truncated |= munge($rsf); + $truncated |= munge($rsf, $extra); } close(MUNGED); @@ -1182,8 +1222,9 @@ if (-e $sf) print "\n"; for (;;) { - interact("Continue, Retry, Update & retry, Quit? [Q] ", $force_update); + interact("Continue, Retry, Update & retry, Quit? [Q] ", $force_update, $force_continue); tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, $sf) if (/^c$/i && $force_continue); return 0 if /^c$/i; return 1 if /^r$/i; last if (/^u$/i); @@ -1202,47 +1243,76 @@ return 1; +################################################## +# Custom munges +# keyed by name of munge; value is a ref to a hash +# which is keyed by file, value a string to look for. +# Usable files are: +# paniclog, rejectlog, mainlog, stdout, stderr, msglog, mail +# Search strings starting with 's' do substitutions; +# with '/' do line-skips. +################################################## +$munges = + { 'dnssec' => + { 'stderr' => '/^Reverse DNS security status: unverified\n/', }, + + 'gnutls_unexpected' => + { 'mainlog' => '/\(recv\): A TLS packet with unexpected length was received./', }, + + 'gnutls_handshake' => + { 'mainlog' => 's/\(gnutls_handshake\): Error in the push function/\(gnutls_handshake\): A TLS packet with unexpected length was received/', }, + + }; + + ################################################## # Subroutine to check the output of a test # ################################################## # This function is called when the series of subtests is complete. It makes -# use of check() file, whose arguments are: +# use of check_file(), whose arguments are: # # [0] the name of the main raw output file # [1] the name of the server raw output file or undef # [2] where to put the munged copy # [3] the name of the saved file # [4] TRUE if this is a log file whose deliveries must be sorted +# [5] an optional custom munge command # -# Arguments: none +# Arguments: Optionally, name of a custom munge to run. # Returns: 0 if the output compared equal # 1 if re-run needed (files may have been updated) sub check_output{ +my($mungename) = $_[0]; my($yield) = 0; +my($munge) = $munges->{$mungename} if defined $mungename; $yield = 1 if check_file("spool/log/paniclog", "spool/log/serverpaniclog", "test-paniclog-munged", - "paniclog/$testno", 0); + "paniclog/$testno", 0, + $munge->{'paniclog'}); $yield = 1 if check_file("spool/log/rejectlog", "spool/log/serverrejectlog", "test-rejectlog-munged", - "rejectlog/$testno", 0); + "rejectlog/$testno", 0, + $munge->{'rejectlog'}); $yield = 1 if check_file("spool/log/mainlog", "spool/log/servermainlog", "test-mainlog-munged", - "log/$testno", $sortlog); + "log/$testno", $sortlog, + $munge->{'mainlog'}); if (!$stdout_skip) { $yield = 1 if check_file("test-stdout", "test-stdout-server", "test-stdout-munged", - "stdout/$testno", 0); + "stdout/$testno", 0, + $munge->{'stdout'}); } if (!$stderr_skip) @@ -1250,7 +1320,8 @@ if (!$stderr_skip) $yield = 1 if check_file("test-stderr", "test-stderr-server", "test-stderr-munged", - "stderr/$testno", 0); + "stderr/$testno", 0, + $munge->{'stderr'}); } # Compare any delivered messages, unless this test is skipped. @@ -1289,7 +1360,8 @@ if (! $message_skip) print ">> COMPARE $mail mail/$testno.$saved_mail\n" if $debug; $yield = 1 if check_file($mail, undef, "test-mail-munged", - "mail/$testno.$saved_mail", 0); + "mail/$testno.$saved_mail", 0, + $munge->{'mail'}); delete $expected_mails{"mail/$testno.$saved_mail"}; } @@ -1302,8 +1374,9 @@ if (! $message_skip) for (;;) { - interact("Continue, Update & retry, or Quit? [Q] ", $force_update); + interact("Continue, Update & retry, or Quit? [Q] ", $force_update, $force_continue); tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, "missing email") if (/^c$/i && $force_continue); last if /^c$/i; # For update, we not only have to unlink the file, but we must also @@ -1359,7 +1432,8 @@ if (! $msglog_skip) s/((?:[^\W_]{6}-){2}[^\W_]{2}) /new_value($1, "10Hm%s-0005vi-00", \$next_msgid)/egx; $yield = 1 if check_file("spool/msglog/$msglog", undef, - "test-msglog-munged", "msglog/$testno.$munged_msglog", 0); + "test-msglog-munged", "msglog/$testno.$munged_msglog", 0, + $munge->{'msglog'}); delete $expected_msglogs{"$testno.$munged_msglog"}; } } @@ -1384,8 +1458,9 @@ if (! $msglog_skip) for (;;) { - interact("Continue, Update, or Quit? [Q] ", $force_update); + interact("Continue, Update, or Quit? [Q] ", $force_update, $force_continue); tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, "missing msglog") if (/^c$/i && $force_continue); last if /^c$/i; if (/^u$/i) { @@ -1453,6 +1528,7 @@ system("$cmd"); # 4 EOF was encountered after an initial return code line # Optionally alse a second parameter, a hash-ref, with auxilliary information: # exim_pid: pid of a run process +# munge: name of a post-script results munger sub run_command{ my($testno) = $_[0]; @@ -1665,6 +1741,18 @@ elsif (/^millisleep\s+(.*)$/) } +# The "munge" command selects one of a hardwired set of test-result modifications +# to be made before result compares are run agains the golden set. This lets +# us account for test-system dependent things which only affect a few, but known, +# test-cases. +# Currently only the last munge takes effect. + +if (/^munge\s+(.*)$/) + { + return (0, { munge => $1 }); + } + + # The "sleep" command does just that. For sleeps longer than 1 second we # tell the user what's going on. @@ -2077,6 +2165,9 @@ while (@ARGV > 0 && $ARGV[0] =~ /^-/) { if ($arg eq "-DEBUG") { $debug = 1; $cr = "\n"; next; } if ($arg eq "-DIFF") { $cf = "diff -u"; next; } + if ($arg eq "-CONTINUE"){$force_continue = 1; + $more = "cat"; + next; } if ($arg eq "-UPDATE") { $force_update = 1; next; } if ($arg eq "-NOIPV4") { $have_ipv4 = 0; next; } if ($arg eq "-NOIPV6") { $have_ipv6 = 0; next; } @@ -3104,6 +3195,8 @@ if ($have_ipv6 && $parm_ipv6 ne "::1") $exp_v6 = $1 . ':0' x (8-length($exp_v6)) . ':' . $2; } elsif ( $parm_ipv6 =~ /^::(.+[^:])$/ ) { $exp_v6 = '0:' x (9-length($exp_v6)) . $1; + } else { + $exp_v6 = $parm_ipv6; } my(@components) = split /:/, $exp_v6; my(@nibbles) = reverse (split /\s*/, shift @components); @@ -3370,8 +3463,10 @@ foreach $test (@test_list) for (;;) { print "\nshow stdErr, show stdOut, Retry, Continue (without file comparison), or Quit? [Q] "; - $_ = ; + $_ = $force_continue ? "c" : ; tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, "exit code unexpected") if (/^c$/i && $force_continue); + print "... continue forced\n" if $force_continue; last if /^[rc]$/i; if (/^e$/i) { @@ -3407,8 +3502,10 @@ foreach $test (@test_list) for (;;) { print "\nShow server stdout, Retry, Continue, or Quit? [Q] "; - $_ = ; + $_ = $force_continue ? "c" : ; tests_exit(1) if /^q?$/i; + log_failure($log_failed_filename, $testno, "exit code unexpected") if (/^c$/i && $force_continue); + print "... continue forced\n" if $force_continue; last if /^[rc]$/i; if (/^s$/i) @@ -3439,7 +3536,7 @@ foreach $test (@test_list) if ($docheck) { - if (check_output() != 0) + if (check_output($TEST_STATE->{munge}) != 0) { print (("#" x 79) . "\n"); redo; diff --git a/test/scripts/0000-Basic/0002 b/test/scripts/0000-Basic/0002 index f87251e1e..e35e4a082 100644 --- a/test/scripts/0000-Basic/0002 +++ b/test/scripts/0000-Basic/0002 @@ -4,6 +4,7 @@ # be present in the basic Exim binary which we require in order to run these # tests at all. Specialized expansion tests also exist for optional features # in other test scripts. +munge dnssec exim -be @@ -59,6 +60,21 @@ reduce: ${reduce{a:b:c}{+}{$value$item}} reduce: ${reduce {<, 1,2,3}{0}{${eval:$value+$item}}} reduce: ${reduce {3:0:9:4:6}{0}{${if >{$item}{$value}{$item}{$value}}}} +listnamed: ${listnamed:dlist} +listnamed: ${listnamed:+dlist} +listnamed: ${listnamed:hlist} +listnamed: ${listnamed:elist} +listnamed: ${listnamed:flist} +listnamed: ${listnamed:nolist} +listnamed: ${listnamed_d:dlist} +listnamed: ${listnamed_d:hlist} +listnamed: ${listnamed_z:dlist} + +listcount: ${listcount:a:b:c} +listcount: ${listcount:} +listcount: ${listcount:<;a;b;c} +listcount: ${listcount:${listnamed:dlist}} + # Tests with iscntrl() and illegal separators map: ${map{<\n a\n\nb\nc}{'$item'}} @@ -70,6 +86,21 @@ reduce: ${reduce {<\x7f 1\x7f2\177 3}{0}{${eval:$value+$item}}} # Operators +acl: ${acl +acl: ${acl} +acl: ${acl {a_nosuch}} +acl: ${acl {a_ret}} +acl: ${acl {a_ret}{person@dom.ain}} +acl: ${acl {a_ret}{firstarg}{secondarg}} +acl: ${acl {a_ret}{arg with spaces}} +acl: ${acl {a_none}} +acl: ${acl {a_none}{person@dom.ain}} +acl: ${acl {a_deny}} +acl: ${acl {a_deny}{person@dom.ain}} +acl: ${acl {a_defer}} +acl: ${acl {a_sub}{top_arg_1}{top_arg_2}{top_arg_3}} +acl: ${reduce {1:2:3:4} {} {$value ${acl {a_ret}{$item}}}} + addrss: ${address:local-part@dom.ain} addrss: ${address:Exim Person (that's me)} domain: ${domain:local-part@dom.ain} @@ -238,6 +269,12 @@ hash: ${if eq {1}{2}{${hash_3:invalid}}{NO}} md5: ${if eq {1}{2}{${md5:invalid}}{NO}} mask: ${if eq {1}{2}{${mask:invalid}}{NO}} +# Number suffixes in conditions +1k: ${if >{1}{1k}{n}{y}} +1K: ${if >{1}{1K}{n}{y}} +1M: ${if >{1}{1M}{n}{y}} +1G: ${if >{1}{1G}{n}{y}} + # Numeric overflow # >32b should work, >64b not @@ -386,6 +423,12 @@ first_delivery: ${if first_delivery{y}{n}} queue_running after or: ${if or{{eq {0}{0}}{queue_running}}{y}{n}} first_delivery after or: ${if or{{eq {0}{0}}{first_delivery}}{y}{n}} +# acl expansion condition +acl if: ${if acl {{a_ret}} {Y:$value}{N:$value}} +acl if: ${if acl {{a_ret}{argY}} {Y:$value}{N:$value}} +acl if: ${if acl {{a_deny}{argN}{arg2}} {Y:$value}{N:$value}} +acl if: ${if acl {{a_defer}{argN}{arg2}} {Y:$value}{N:$value}} + # Default values for both if strings \${if eq{1}{1}} >${if eq{1}{1}}< @@ -883,3 +926,8 @@ exim -d -be match_ip: 15 ${if match_ip{1.2.3.4}{1.2.3}} match_ip: 16 ${if match_ip{1.2.3.4}{1.2.3.4/abc}} **** +# Operation of inlist and negated inlist +exim -be +${if inlist{aa}{aa} {in list}{not in list}} +${if !inlist{aa}{aa} {not in list}{in list}} +**** diff --git a/test/scripts/0000-Basic/0094 b/test/scripts/0000-Basic/0094 index 9a915e06f..87fb5309f 100644 --- a/test/scripts/0000-Basic/0094 +++ b/test/scripts/0000-Basic/0094 @@ -1,4 +1,5 @@ # Reverse lookup failures +munge dnssec exim -bh V4NET.11.12.13 mail from: rcpt to: diff --git a/test/scripts/0000-Basic/0121 b/test/scripts/0000-Basic/0121 index 4bcb99b47..9ff68fa13 100644 --- a/test/scripts/0000-Basic/0121 +++ b/test/scripts/0000-Basic/0121 @@ -6,6 +6,9 @@ rset mail from: rcpt to: rset +mail from:<"unknown with spaces"@test.ex> +rcpt to: +rset mail from: rcpt to: data diff --git a/test/scripts/0000-Basic/0143 b/test/scripts/0000-Basic/0143 index 41596d6b5..7ab54f154 100644 --- a/test/scripts/0000-Basic/0143 +++ b/test/scripts/0000-Basic/0143 @@ -1,4 +1,4 @@ -# smtp client "interface" option +# smtp client "interface" option, $transport_name and $router_name need_ipv4 # server PORT_S diff --git a/test/scripts/0000-Basic/0227 b/test/scripts/0000-Basic/0227 index 62832e012..59adba788 100644 --- a/test/scripts/0000-Basic/0227 +++ b/test/scripts/0000-Basic/0227 @@ -1,9 +1,9 @@ -# callout verification (no caching) +# callout verification (no caching) and $router_name need_ipv4 # server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -24,7 +24,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -40,7 +40,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -56,7 +56,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 550 Error for <> @@ -70,7 +70,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 550-Multiline error for <> @@ -85,7 +85,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -101,7 +101,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -123,7 +123,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -142,7 +142,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -161,7 +161,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -183,7 +183,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK diff --git a/test/scripts/0000-Basic/0325 b/test/scripts/0000-Basic/0325 index b2109f096..a81abd6bc 100644 --- a/test/scripts/0000-Basic/0325 +++ b/test/scripts/0000-Basic/0325 @@ -1,4 +1,4 @@ -# $domain_data and $local_part_data +# $domain_data, $local_part_data and $router_name exim -v -bt xxx@a.b.c **** exim -bh V4NET.0.0.0 diff --git a/test/scripts/0000-Basic/0376 b/test/scripts/0000-Basic/0376 index 7430a6bce..6a819a6ae 100644 --- a/test/scripts/0000-Basic/0376 +++ b/test/scripts/0000-Basic/0376 @@ -3,7 +3,7 @@ need_ipv4 # server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -33,7 +33,7 @@ QUIT # Test unsuccessful caching server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -55,7 +55,7 @@ QUIT # Test caching of rejection of MAIL FROM:<> server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 550 REJECT MAIL FROM @@ -75,7 +75,7 @@ QUIT # Test caching of rejection of postmaster server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -103,7 +103,7 @@ QUIT # Test caching of accepting of postmaster server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -131,7 +131,7 @@ QUIT # Test caching of accepting a random address server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -153,7 +153,7 @@ QUIT # Test caching of accepting a random address and postmaster server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -175,7 +175,7 @@ QUIT # Test caching of rejecting a random address and postmaster server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -210,7 +210,7 @@ QUIT # address has to be tested server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -232,7 +232,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -249,7 +249,7 @@ QUIT # Test caching of rejecting a random address server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -271,7 +271,7 @@ QUIT **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -289,7 +289,7 @@ QUIT sleep 2 server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -312,7 +312,7 @@ QUIT # Timeout on the RCPT for random server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -327,7 +327,7 @@ QUIT # Postmaster_sender set non-empty server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -350,7 +350,7 @@ QUIT # Header_sender sender set non-empty server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -370,7 +370,7 @@ QUIT # Timeout on RCPT for header_sender (defer_ok test) server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -388,7 +388,7 @@ QUIT # Test full postmaster check server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -413,7 +413,7 @@ QUIT # Test postmaster_mailfrom with random server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK diff --git a/test/scripts/0000-Basic/0381 b/test/scripts/0000-Basic/0381 index c5f7d8441..738b0661d 100644 --- a/test/scripts/0000-Basic/0381 +++ b/test/scripts/0000-Basic/0381 @@ -1,4 +1,5 @@ # negatives with wildcard hosts when host has multiple names +munge dnssec exim -d -bs -oMa V4NET.99.99.97 mail from: rcpt to: diff --git a/test/scripts/0000-Basic/0398 b/test/scripts/0000-Basic/0398 index c98016a69..3465e26d6 100644 --- a/test/scripts/0000-Basic/0398 +++ b/test/scripts/0000-Basic/0398 @@ -3,7 +3,7 @@ need_ipv4 # server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -22,7 +22,7 @@ quit **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -38,7 +38,7 @@ quit **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK diff --git a/test/scripts/0000-Basic/0410 b/test/scripts/0000-Basic/0410 index 512484574..8d9c240ee 100644 --- a/test/scripts/0000-Basic/0410 +++ b/test/scripts/0000-Basic/0410 @@ -1,4 +1,4 @@ -# address_data in ACLs after verification +# address_data and router_name in ACLs after verification exim -bs MAIL FROM: rcpt to: diff --git a/test/scripts/0000-Basic/0413 b/test/scripts/0000-Basic/0413 index 583ea2ca5..eb805808e 100644 --- a/test/scripts/0000-Basic/0413 +++ b/test/scripts/0000-Basic/0413 @@ -3,7 +3,7 @@ need_ipv4 # server PORT_S 3 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -13,7 +13,7 @@ QUIT 250 OK *eof 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -23,7 +23,7 @@ QUIT 250 OK *eof 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK diff --git a/test/scripts/0000-Basic/0432 b/test/scripts/0000-Basic/0432 index 4d9935317..e83626ca3 100644 --- a/test/scripts/0000-Basic/0432 +++ b/test/scripts/0000-Basic/0432 @@ -7,7 +7,7 @@ quit **** server PORT_S 220 server ready -HELO +EHLO 250 OK MAIL 250 OK @@ -30,7 +30,7 @@ quit **** server PORT_S 220 server ready -HELO +EHLO 250 OK MAIL 250 OK @@ -46,7 +46,7 @@ quit # Timeout stuff server PORT_S 220 server ready -HELO +EHLO *sleep 2 *eof **** diff --git a/test/scripts/0000-Basic/0462 b/test/scripts/0000-Basic/0462 index d12ced725..da7b714bf 100644 --- a/test/scripts/0000-Basic/0462 +++ b/test/scripts/0000-Basic/0462 @@ -3,7 +3,7 @@ need_ipv4 # server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -27,7 +27,7 @@ QUIT # This one fails the actual address server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -44,7 +44,7 @@ QUIT # Same again, but with sender_verify_fail logging turned off server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK diff --git a/test/scripts/0000-Basic/0473 b/test/scripts/0000-Basic/0473 index 4624f5f01..3d17e5ed0 100644 --- a/test/scripts/0000-Basic/0473 +++ b/test/scripts/0000-Basic/0473 @@ -3,7 +3,7 @@ need_ipv4 # server PORT_S 3 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -13,7 +13,7 @@ QUIT 250 OK *eof 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -23,7 +23,7 @@ QUIT 250 OK *eof 220 Server ready -HELO +EHLO 250 OK MAIL FROM 550 NOTOK @@ -51,7 +51,7 @@ quit **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -68,7 +68,7 @@ quit **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -85,7 +85,7 @@ quit **** server PORT_S 220 server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -109,7 +109,7 @@ quit **** server PORT_S 220 server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -134,7 +134,7 @@ quit **** server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK @@ -152,7 +152,7 @@ quit dump callout server PORT_S 220 Server ready -HELO +EHLO 250 OK MAIL FROM 250 OK diff --git a/test/scripts/0000-Basic/0481 b/test/scripts/0000-Basic/0481 index 3f308f992..d1a9a4a70 100644 --- a/test/scripts/0000-Basic/0481 +++ b/test/scripts/0000-Basic/0481 @@ -1,5 +1,10 @@ -# remove_headers and trailing colons +# multiple remove_headers and trailing colons exim -odi userx Remove-Me: this header is to be removed Another: This is another header **** +exim -odi userx +Remove-Me: this header is to be removed +Another: This is another header +Remove-Me-Also: me too! +**** diff --git a/test/scripts/0000-Basic/0518 b/test/scripts/0000-Basic/0518 index 1a6da0129..6b092173c 100644 --- a/test/scripts/0000-Basic/0518 +++ b/test/scripts/0000-Basic/0518 @@ -3,7 +3,7 @@ need_ipv4 # server PORT_S 8 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK @@ -13,7 +13,7 @@ QUIT 250 OK *eof 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK @@ -23,7 +23,7 @@ QUIT 250 OK *eof 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK @@ -33,7 +33,7 @@ QUIT 250 OK *eof 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK @@ -43,7 +43,7 @@ QUIT 250 OK *eof 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK @@ -53,7 +53,7 @@ QUIT 250 OK *eof 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK @@ -63,7 +63,7 @@ QUIT 250 OK *eof 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK @@ -73,7 +73,7 @@ QUIT 250 OK *eof 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK diff --git a/test/scripts/0000-Basic/0527 b/test/scripts/0000-Basic/0527 index e65032b4d..9c880d644 100644 --- a/test/scripts/0000-Basic/0527 +++ b/test/scripts/0000-Basic/0527 @@ -1,17 +1,6 @@ # callout with no transport need_ipv4 # -server PORT_S -220 Welcome -HELO -250 Hi -MAIL FROM -250 OK -RCPT TO -550 unrouteable address -QUIT -221 Bye -**** exim -bs mail from: rcpt to: diff --git a/test/scripts/0000-Basic/0538 b/test/scripts/0000-Basic/0538 index c464f3bf1..ccabcfbee 100644 --- a/test/scripts/0000-Basic/0538 +++ b/test/scripts/0000-Basic/0538 @@ -4,7 +4,7 @@ need_ipv4 # Do a sender address verify that rejects MAIL FROM:<> server PORT_S 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 550 I'm misconfigured @@ -18,7 +18,7 @@ quit # Now do a recipient verify for the same domain, with use_sender server PORT_S 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK diff --git a/test/scripts/0000-Basic/0540 b/test/scripts/0000-Basic/0540 index 62bb4fbce..0866eefb9 100644 --- a/test/scripts/0000-Basic/0540 +++ b/test/scripts/0000-Basic/0540 @@ -3,7 +3,7 @@ need_ipv4 # server PORT_S 4 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK @@ -13,7 +13,7 @@ QUIT 250 OK *eof 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK @@ -23,7 +23,7 @@ QUIT 250 OK *eof 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK @@ -33,7 +33,7 @@ QUIT 250 OK *eof 220 Welcome -HELO +EHLO 250 Hi MAIL FROM 250 OK diff --git a/test/scripts/0000-Basic/0566 b/test/scripts/0000-Basic/0566 new file mode 100644 index 000000000..b2c5f75b4 --- /dev/null +++ b/test/scripts/0000-Basic/0566 @@ -0,0 +1,126 @@ +# Optional MAIL FROM args processing +# +# SIZE alone +exim -bs +ehlo Testing +mail from: SIZE=1000 +rcpt to: +quit +**** +# BODY alone +exim -bs +ehlo Testing +mail from: BODY=7BIT +rcpt to: +quit +**** +# SIZE then BODY +exim -bs +ehlo Testing +mail from: SIZE=1000 BODY=7BIT +rcpt to: +quit +**** +# BODY then SIZE +exim -bs +ehlo Testing +mail from: BODY=7BIT SIZE=1000 +rcpt to: +quit +**** +# AUTH then BODY then SIZE +exim -bs +ehlo Testing +mail from: AUTH=x@y BODY=7BIT SIZE=1000 +rcpt to: +quit +**** +# BODY then AUTH then SIZE +exim -bs +ehlo Testing +mail from: BODY=7BIT AUTH=x@y SIZE=1000 +rcpt to: +quit +**** +# SIZE then BODY then AUTH +exim -bs +ehlo Testing +mail from: SIZE=1000 BODY=7BIT AUTH=x@y +rcpt to: +quit +**** +# SIZE then BODY then SIZE +exim -bs +ehlo Testing +mail from: SIZE=1000 BODY=7BIT SIZE=1200 +rcpt to: +quit +**** +# (over)SIZE then BODY +exim -bs +ehlo Testing +mail from: SIZE=40004 BODY=8BITMIME +rcpt to: +quit +**** +# BODY then (over)SIZE +exim -bs +ehlo Testing +mail from: BODY=8BITMIME SIZE=40004 +rcpt to: +quit +**** +# no BODY, data +exim -bs +ehlo Testing +mail from: +rcpt to: +data +Subject: test + +foo +. +quit +**** +sleep 1 +# 7bit BODY, data +exim -bs +ehlo Testing +mail from: BODY=7BIT +rcpt to: +data +Subject: test + +foo +. +quit +**** +sleep 1 +# 8bit BODY, data +exim -bs +ehlo Testing +mail from: BODY=8BITMIME +rcpt to: +data +Subject: test + +foo +. +quit +**** +sleep 1 +# bad BODY, data +# should fail +1 +exim -bs +ehlo Testing +mail from: BODY=wrong +rcpt to: +data +Subject: test + +foo +. +quit +**** +no_msglog_check diff --git a/test/scripts/0000-Basic/0567 b/test/scripts/0000-Basic/0567 new file mode 100644 index 000000000..5abd06fd6 --- /dev/null +++ b/test/scripts/0000-Basic/0567 @@ -0,0 +1,49 @@ +# remove_header modifier in ACLs +exim -bs -odi +mail from: +rcpt to: +rcpt to: +data +cond: accept +X-Data-1: Line one +X-Data-2: Line two +X-Data-3: Line three +X-Data-4: Line four +X-Data-5: Line five +X-Not-1: Testing wildcard one +X-Not-2: Testing wildcard two +X-Rcpt-1: Line six +X-Rcpt-2: Line seven +X-Rcpt-3: Line eight +X-Rcpt-4: Line nine is really long, so long in fact that it wraps + around to the next line. +X-Rcpt-5: Line ten +X-Mail-1: Line eleven +X-Mail-2: Line twelve +X-Mail-3: Line thirteen +X-Mail-4: Line fourteen is also really long, but it won't get + removed by these ACL's. +X-Mail-5: Line fifteen +X-Predata-5: Line sixteen +X-Predata-4: Line seventeen +X-Predata-3: Line eighteen +X-Predata-2: Line nineteen +X-Predata-1: Line twenty +X-NotSMTP-1: Line twenty-one +X-NotSMTP-2: Line twenty-two +X-NotSMTP-3: Line twenty-three + +Test message +. +quit +**** +exim -odi rcptok@test.ex +Test non-SMTP message. Make sure it doesn't blow up when a header +it wants to remove is not present. This one also overrides the +fixup of adding a Date header because we specified to remove it! +Allow the admin to shoot himself in the foot if he really and +truly wants to. +**** +exim -bs -odi -DCONNECTCOND="remove_header=CONNECT: won't do this" +**** +no_msglog_check diff --git a/test/scripts/0000-Basic/0568 b/test/scripts/0000-Basic/0568 new file mode 100644 index 000000000..2aa86f45d --- /dev/null +++ b/test/scripts/0000-Basic/0568 @@ -0,0 +1,76 @@ +# Recipient callout with AUTH +need_ipv4 +# +# Variant 1: using authenticated_sender on the transport. +server PORT_S 1 +220 Welcome +EHLO +250-wotcher mate +250-AUTH PLAIN +250 Hi +AUTH +250 Oh alright then +MAIL FROM +250 OK +RCPT TO +250 OK +QUIT +250 OK +**** +exim -odq -bs +EHLO the.client +mail from:<> +RCPT TO: +quit +**** +# +# +# Variant 2: Passing through an authenticated_sender from the MAIL FROM: +server PORT_S 1 +220 Welcome +EHLO +250-wotcher mate +250-AUTH PLAIN +250 Hi +AUTH +250 Oh alright then +MAIL FROM +250 OK +RCPT TO +250 OK +QUIT +250 OK +**** +exim -odq -bs +EHLO the.client +AUTH PLAIN AHVzZXJ4AHNlY3JldA== +mail from:<> AUTH=freddy +RCPT TO: +quit +**** +# +# +# Variant 3: An authenticated_sender option on the transport should override +# a value set by the MAIL FROM: +server PORT_S 1 +220 Welcome +EHLO +250-wotcher mate +250-AUTH PLAIN +250 Hi +AUTH +250 Oh alright then +MAIL FROM +250 OK +RCPT TO +250 OK +QUIT +250 OK +**** +exim -odq -bs +EHLO the.client +AUTH PLAIN AHVzZXJ4AHNlY3JldA== +mail from:<> AUTH=freddy +RCPT TO: +quit +**** diff --git a/test/scripts/2000-GnuTLS/2002 b/test/scripts/2000-GnuTLS/2002 index 06e1a8257..06a7b31d0 100644 --- a/test/scripts/2000-GnuTLS/2002 +++ b/test/scripts/2000-GnuTLS/2002 @@ -25,6 +25,29 @@ This is a test encrypted message. quit ??? 221 **** +client-gnutls 127.0.0.1 PORT_D +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +starttls +??? 220 +mail from:<"name with spaces"@test.ex> +??? 250 +rcpt to: +??? 250 +DATA +??? 3 +This is a test encrypted message. +. +??? 250 +quit +??? 221 +**** client-gnutls HOSTIPV4 PORT_D ??? 220 ehlo rhu.barb diff --git a/test/scripts/2000-GnuTLS/2014 b/test/scripts/2000-GnuTLS/2014 index dfddfa54c..c5a01494a 100644 --- a/test/scripts/2000-GnuTLS/2014 +++ b/test/scripts/2000-GnuTLS/2014 @@ -1,5 +1,6 @@ # TLS server: mandatory, optional, and revoked certificates gnutls +munge gnutls_unexpected exim -DSERVER=server -bd -oX PORT_D **** # No certificate, certificate required diff --git a/test/scripts/2000-GnuTLS/2027 b/test/scripts/2000-GnuTLS/2027 index 5d713121d..bf0b06fd9 100644 --- a/test/scripts/2000-GnuTLS/2027 +++ b/test/scripts/2000-GnuTLS/2027 @@ -1,5 +1,6 @@ # TLS server & client: no certificate in client gnutls +munge gnutls_handshake exim -DSERVER=server -bd -oX PORT_D **** exim userx@test.ex diff --git a/test/scripts/2100-OpenSSL/2102 b/test/scripts/2100-OpenSSL/2102 index 7f9279acd..2e7dca0a6 100644 --- a/test/scripts/2100-OpenSSL/2102 +++ b/test/scripts/2100-OpenSSL/2102 @@ -24,6 +24,29 @@ This is a test encrypted message. quit ??? 221 **** +client-ssl 127.0.0.1 PORT_D +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +starttls +??? 220 +mail from:<"name with spaces"@test.ex> +??? 250 +rcpt to: +??? 250 +DATA +??? 3 +This is a test encrypted message. +. +??? 250 +quit +??? 221 +**** client-ssl HOSTIPV4 PORT_D ??? 220 ehlo rhu.barb diff --git a/test/scripts/2200-dnsdb/2202 b/test/scripts/2200-dnsdb/2202 index 0f0651d6f..e55fbc38b 100644 --- a/test/scripts/2200-dnsdb/2202 +++ b/test/scripts/2200-dnsdb/2202 @@ -1,4 +1,5 @@ # dns_again_means_nonexist +munge dnssec exim -d -bh HOSTIPV4 mail from: rcpt to: diff --git a/test/scripts/2250-dnsdb-ipv6/2250 b/test/scripts/2250-dnsdb-ipv6/2250 index 08cd326ad..fe5a41bef 100644 --- a/test/scripts/2250-dnsdb-ipv6/2250 +++ b/test/scripts/2250-dnsdb-ipv6/2250 @@ -3,4 +3,8 @@ exim -be ptr=V6NET:0:12:1:a00:20ff:fe86:a062 ${lookup dnsdb {ptr=<;V6NET:0:12:1:a00:20ff:fe86:a062}{$value}{fail}} ptr=V6NET:0:12:1:a00:20ff:fe86:a062 ${lookup dnsdb {ptr=V6NET:0:12:1:a00:20ff:fe86:a062}{$value}{fail}} + +a=46.test.ex ${lookup dnsdb{>; a=46.test.ex}{$value}fail} +aaaa=46.test.ex ${lookup dnsdb{>; aaaa=46.test.ex}{$value}fail} +a+=46.test.ex ${lookup dnsdb{>; a+=46.test.ex}{$value}fail} **** diff --git a/test/scripts/5400-cutthrough/5400 b/test/scripts/5400-cutthrough/5400 new file mode 100644 index 000000000..56d6fec77 --- /dev/null +++ b/test/scripts/5400-cutthrough/5400 @@ -0,0 +1,94 @@ +# cutthrough_delivery basic operation +need_ipv4 +# +server PORT_S +220 ESMTP +EHLO +250 OK +MAIL FROM: +250 Sender OK +RCPT TO: +250 Recipient OK +DATA +354 Send data +. +250 OK +QUIT +250 OK +**** +exim -d-all+acl+transport -bs +EHLO myhost.test.ex +MAIL FROM: +RCPT TO: +DATA + +. +QUIT +**** +# cutthrough_delivery into HELO-only server +need_ipv4 +# +server PORT_S +220 SMTP only spoken here +EHLO +550 Not here, mate +HELO +250 OK +MAIL FROM: +250 Sender OK +RCPT TO: +250 Recipient OK +DATA +354 Send data +. +250 OK +QUIT +250 OK +**** +exim -d-all+acl+transport -bs +EHLO myhost.test.ex +MAIL FROM: +RCPT TO: +DATA + +. +QUIT +**** +# cutthrough cancelled by multiple recipients +server PORT_S 2 +220 ESMTP +EHLO +250 OK +MAIL FROM: +250 Sender OK +RCPT TO: +250 Recipient OK +QUIT +*eof +220 ESMTP +EHLO +250 OK +MAIL FROM: +250 Sender OK +RCPT TO: +250 Recipient OK +RCPT TO: +250 Recipient OK +DATA +354 Send data +. +250 OK +QUIT +250 OK +**** +exim -d-all+acl+transport -bs +EHLO myhost.test.ex +MAIL FROM: +RCPT TO: +RCPT TO: +DATA + +. +QUIT +**** +sleep 1 diff --git a/test/scripts/5400-cutthrough/5401 b/test/scripts/5400-cutthrough/5401 new file mode 100644 index 000000000..d92110ce5 --- /dev/null +++ b/test/scripts/5400-cutthrough/5401 @@ -0,0 +1,27 @@ +# cutthrough_delivery triggered by recipient-verify +need_ipv4 +# +server PORT_S +220 ESMTP +EHLO +250 OK +MAIL FROM: +250 Sender OK +RCPT TO: +250 Recipient OK +DATA +354 Send data +. +250 OK +QUIT +250 OK +**** +exim -d-all+acl+transport -bs +EHLO myhost.test.ex +MAIL FROM: +RCPT TO: +DATA + +. +QUIT +**** diff --git a/test/scripts/5410-cutthrough-OpenSSL/5410 b/test/scripts/5410-cutthrough-OpenSSL/5410 new file mode 100644 index 000000000..9f5ff7196 --- /dev/null +++ b/test/scripts/5410-cutthrough-OpenSSL/5410 @@ -0,0 +1,37 @@ +# cutthrough_delivery to target oferring TLS +exim -DSERVER=server -bd -oX PORT_D +**** +# this one should succeed +exim -d-all+acl+transport+expand+lists -bs +EHLO myhost.test.ex +MAIL FROM: +RCPT TO: +DATA + +. +QUIT +**** +# via a transport setting hosts_avoid_tls +# so this one should not use TLS +exim -d-all+acl+transport+expand+lists -bs +EHLO myhost.test.ex +MAIL FROM: +RCPT TO: +DATA + +. +QUIT +**** +# via a transport setting hosts_verify_avoid_tls +# so this one should not use TLS +exim -d-all+acl+transport+expand+lists -bs +EHLO myhost.test.ex +MAIL FROM: +RCPT TO: +DATA + +. +QUIT +**** +killdaemon +no_msglog_check diff --git a/test/scripts/5410-cutthrough-OpenSSL/REQUIRES b/test/scripts/5410-cutthrough-OpenSSL/REQUIRES new file mode 100644 index 000000000..9e2124e10 --- /dev/null +++ b/test/scripts/5410-cutthrough-OpenSSL/REQUIRES @@ -0,0 +1,2 @@ +support OpenSSL +running IPv4 diff --git a/test/scripts/5420-cutthrough-GnuTLS/5420 b/test/scripts/5420-cutthrough-GnuTLS/5420 new file mode 100644 index 000000000..446bcc667 --- /dev/null +++ b/test/scripts/5420-cutthrough-GnuTLS/5420 @@ -0,0 +1,34 @@ +# cutthrough_delivery to target offering TLS +exim -DSERVER=server -bd -oX PORT_D +**** +exim -d-all+acl+transport+expand+lists -bs +EHLO myhost.test.ex +MAIL FROM: +RCPT TO: +DATA + +. +QUIT +**** +# via a transport setting hosts_avoid_tls +exim -d-all+acl+transport+expand+lists -bs +EHLO myhost.test.ex +MAIL FROM: +RCPT TO: +DATA + +. +QUIT +**** +# via a transport setting hosts_verify_avoid_tls +exim -d-all+acl+transport+expand+lists -bs +EHLO myhost.test.ex +MAIL FROM: +RCPT TO: +DATA + +. +QUIT +**** +killdaemon +no_msglog_check diff --git a/test/scripts/5420-cutthrough-GnuTLS/REQUIRES b/test/scripts/5420-cutthrough-GnuTLS/REQUIRES new file mode 100644 index 000000000..d21ee471d --- /dev/null +++ b/test/scripts/5420-cutthrough-GnuTLS/REQUIRES @@ -0,0 +1,2 @@ +support GnuTLS +running IPv4 diff --git a/test/scripts/5500-PRDR/5500 b/test/scripts/5500-PRDR/5500 new file mode 100644 index 000000000..567b00085 --- /dev/null +++ b/test/scripts/5500-PRDR/5500 @@ -0,0 +1,155 @@ +# PRDR (Per-Recipient Data Responses) server +need_ipv4 +no_msglog_check +# +# 1: userx should be accepted, y should be tmp-rejected, +# z rejected, all after data per PRDR spec +exim -DSERVER=server -bd -oX PORT_D +**** +client 127.0.0.1 PORT_D +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250-PRDR +??? 250 +mail from:<> PRDR +??? 250 +rcpt to: +??? 250 +rcpt to: +??? 250 +rcpt to: +??? 250 +data +??? 354 +Sender: sender@some.where +. +??? 353 +??? 250 +??? 450 +??? 550 +??? 250 +quit +??? 221 +**** +sleep 1 +# +# +# 2: traditional data acl should be called, resulting in an overall reject +client 127.0.0.1 PORT_D +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250-PRDR +??? 250 +mail from:<> PRDR +??? 250 +rcpt to: +??? 250 +rcpt to: +??? 250 +data +??? 354 +Sender: sender@some.where +. +??? 353 +??? 250 +??? 250 +??? 550 +quit +??? 221 +**** +sleep 1 +# +# +# 3: PRDR should be avoided for a single-recipient message +# even though the client showed support. +client 127.0.0.1 PORT_D +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250-PRDR +??? 250 +mail from:<> PRDR +??? 250 +rcpt to: +??? 250 +data +??? 354 +Sender: sender@some.where +. +??? 250 +quit +??? 221 +**** +sleep 1 +# +# 4: double temp-reject +client 127.0.0.1 PORT_D +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250-PRDR +??? 250 +mail from:<> PRDR +??? 250 +rcpt to: +??? 250 +rcpt to: +??? 250 +data +??? 354 +Sender: sender@some.where +. +??? 353 +??? 450 +??? 450 +??? 250 +quit +??? 221 +**** +sleep 1 +# +# 5: double reject +client 127.0.0.1 PORT_D +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250-PRDR +??? 250 +mail from:<> PRDR +??? 250 +rcpt to: +??? 250 +rcpt to: +??? 250 +data +??? 354 +Sender: sender@some.where +. +??? 353 +??? 550 +??? 550 +??? 550 +quit +??? 221 +**** +sleep 1 +# +killdaemon +# diff --git a/test/scripts/5500-PRDR/5510 b/test/scripts/5500-PRDR/5510 new file mode 100644 index 000000000..e5063a47a --- /dev/null +++ b/test/scripts/5500-PRDR/5510 @@ -0,0 +1,228 @@ +# PRDR client +need_ipv4 +no_msglog_check +# +# 1: Two recipients, accepted by full PRDR response sequence +server PORT_S +220 Server ready +EHLO +250- +250-PRDR +250 OK +MAIL FROM: PRDR +250 OK +RCPT TO +250 OK +RCPT TO +250 OK +DATA +300 gimme yer body +. +353 prdr responses coming up +250 first rcpt was good +250 second rcpt was good +250 OK, overall +QUIT +250 OK +**** +exim -odi -f userx usery userz +Some message text. +**** +# +# +# 2: Two recipients, accepted by traditional response +# though client offered full PRDR capability +server PORT_S +220 Server ready +EHLO +250- +250-PRDR +250 OK +MAIL FROM: PRDR +250 OK +RCPT TO +250 OK +RCPT TO +250 OK +DATA +300 gimme that body +. +250 OK got that +QUIT +250 OK, bye +**** +exim -odi -f userx user2.1 user2.2 +Some message text. +**** +# +# +# 3: Two recipients, one accepted one tmp-rejected +server PORT_S +220 Server ready +EHLO +250- +250-PRDR +250 OK +MAIL FROM: PRDR +250 OK +RCPT TO +250 OK +RCPT TO +250 OK +DATA +300 gimme yer body +. +353 prdr responses coming up +250 first rcpt was good +450 cannot handle second rcpt right now +250 OK, overall +QUIT +250 OK +**** +exim -odi -f userx usery userz +Some message text. +**** +# +# +# 4: Two recipients, one accepted one rejected +# Avoid tester issues dealing with the bounce by sending +# with a null from. +# +server PORT_S +220 Server ready +EHLO +250- +250-PRDR +250 OK +MAIL FROM:<> PRDR +250 OK +RCPT TO +250 OK +RCPT TO +250 OK +DATA +300 gimme yer body +. +353 prdr responses coming up +250 first rcpt was good +550 second rcpt does not like content +250 OK, overall +QUIT +250 OK +**** +exim -odi -f "" userp userq +Some message text. +**** +# +# +# 5: Two recipients, rejected by final after PRDR accepts. +# +server PORT_S +220 Server ready +EHLO +250- +250-PRDR +250 OK +MAIL FROM:<> PRDR +250 OK +RCPT TO +250 OK +RCPT TO +250 OK +DATA +300 yeah baby +. +353 prdr responses coming up +250 first rcpt was good +250 second rcpt was good +550 oops, overall rejection +QUIT +250 OK +**** +exim -odi -f "" user5.1 user5.2 +text +**** +# +# +# 6: Two recipients, rejected traditionally though PRDR negociated. +# +server PORT_S +220 Server ready +EHLO +250- +250-PRDR +250 OK +MAIL FROM:<> PRDR +250 OK +RCPT TO +250 OK +RCPT TO +250 OK +DATA +300 yeah baby +. +550 naah mate +QUIT +250 OK +**** +exim -odi -f "" user6.1 user6.2 +text +**** +# +# +# 7: Temp-reject at final +server PORT_S +220 Server ready +EHLO +250- +250-PRDR +250 OK +MAIL FROM:<> PRDR +250 OK +RCPT TO +250 OK +RCPT TO +250 OK +RCPT TO +250 OK +DATA +300 go ahead +. +353 prdr responses coming up +250 first rcpt does not like you +250 second rcpt has a temporary problem +250 third rcpt is ok +450 oops, try again later please +QUIT +250 OK +**** +exim -odi -f "" user7.1 user7.2 user7.3 +text +**** +# +# +# +# 8: Client should avoid requesting PRDR for a single-recipient mail +# even though the server offers +server PORT_S +220 Server ready +EHLO +250- +250-PRDR +250 OK +MAIL FROM:<> +250 OK +RCPT TO +250 OK +DATA +300 go ahead +. +250 OK, got that +QUIT +250 OK, bye +**** +exim -odi -f "" user8.1 +text +**** +# +# diff --git a/test/scripts/5500-PRDR/REQUIRES b/test/scripts/5500-PRDR/REQUIRES new file mode 100644 index 000000000..b3c99396a --- /dev/null +++ b/test/scripts/5500-PRDR/REQUIRES @@ -0,0 +1 @@ +support Experimental_PRDR diff --git a/test/scripts/5600-OCSP-OpenSSL/5600 b/test/scripts/5600-OCSP-OpenSSL/5600 new file mode 100644 index 000000000..464da693c --- /dev/null +++ b/test/scripts/5600-OCSP-OpenSSL/5600 @@ -0,0 +1,80 @@ +# TLS server: OCSP stapling +# +# +# +# 1: Server sends good staple on request +exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +**** +client-ssl \ + -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \ + HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +starttls +??? 220 +mail from: +??? 250 +rcpt to: +??? 250 +quit +??? 221 +**** +killdaemon +# +# +# +# 2: Server does not staple an outdated response +exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp +**** +# XXX test sequence might not be quite right; this is for a server refusal +# and we're expecting a client refusal. +client-ssl -ocsp aux-fixed/exim-ca/expired1.example.com/CA.pem HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +starttls +??? 220 +**** +killdaemon +# +# +# +# +# +# 3: Server does not staple a response for a revoked cert +exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp +**** +client-ssl \ + -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \ + HOSTIPV4 PORT_D aux-fixed/cert2 aux-fixed/cert2 +??? 220 +ehlo rhu.barb +??? 250- +??? 250- +??? 250- +??? 250- +??? 250- +??? 250 +starttls +??? 220 +**** +killdaemon +# +# +# +# +# diff --git a/test/scripts/5600-OCSP-OpenSSL/5601 b/test/scripts/5600-OCSP-OpenSSL/5601 new file mode 100644 index 000000000..b2983eb0d --- /dev/null +++ b/test/scripts/5600-OCSP-OpenSSL/5601 @@ -0,0 +1,65 @@ +# OCSP stapling, client +# +# +# Client works when we don't demand OCSP stapling +exim -bd -oX PORT_D -DSERVER=server -DOCSP=/dev/null +**** +exim nostaple@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +# Client accepts good stapled info +exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp +**** +exim CALLER@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# Client fails on lack of requested stapled info +exim -bd -oX PORT_D -DSERVER=server -DOCSP=/dev/null +**** +exim CALLER@test.ex +test message. +**** +sleep 1 +killdaemon +no_msglog_check +# +# +# +# Client fails on revoked stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp +**** +exim CALLER@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# +# Client fails on expired stapled info +EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK=y exim -bd -oX PORT_D -DSERVER=server \ + -DOCSP=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp +**** +exim CALLER@test.ex +test message. +**** +sleep 1 +killdaemon +# +# +# +# diff --git a/test/scripts/5600-OCSP-OpenSSL/REQUIRES b/test/scripts/5600-OCSP-OpenSSL/REQUIRES new file mode 100644 index 000000000..3d15ede9e --- /dev/null +++ b/test/scripts/5600-OCSP-OpenSSL/REQUIRES @@ -0,0 +1,3 @@ +support OpenSSL +support Experimental_OCSP +running IPv4 diff --git a/test/src/client.c b/test/src/client.c index 58ab56d4c..3b782f3fd 100644 --- a/test/src/client.c +++ b/test/src/client.c @@ -1,7 +1,8 @@ /* A little hacked up program that makes a TCP/IP call and reads a script to drive it, for testing Exim server code running as a daemon. It's got a bit messy with the addition of support for either OpenSSL or GnuTLS. The code for -those was hacked out of Exim itself. */ +those was hacked out of Exim itself, then code for OCSP stapling was ripped +from the openssl ocsp and s_client utilities. */ /* ANSI C standard includes */ @@ -66,6 +67,9 @@ latter needs a whole pile of tables. */ #include #include #include +#include + +char * ocsp_stapling = NULL; #endif @@ -145,6 +149,91 @@ sigalrm_seen = 1; /****************************************************************************/ #ifdef HAVE_OPENSSL + +X509_STORE * +setup_verify(BIO *bp, char *CAfile, char *CApath) +{ + X509_STORE *store; + X509_LOOKUP *lookup; + if(!(store = X509_STORE_new())) goto end; + lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); + if (lookup == NULL) goto end; + if (CAfile) { + if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) { + BIO_printf(bp, "Error loading file %s\n", CAfile); + goto end; + } + } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); + + lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); + if (lookup == NULL) goto end; + if (CApath) { + if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) { + BIO_printf(bp, "Error loading directory %s\n", CApath); + goto end; + } + } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); + + ERR_clear_error(); + return store; + end: + X509_STORE_free(store); + return NULL; +} + + +static int +tls_client_stapling_cb(SSL *s, void *arg) +{ +const unsigned char *p; +int len; +OCSP_RESPONSE *rsp; +OCSP_BASICRESP *bs; +char *CAfile = NULL; +X509_STORE *store = NULL; +int ret = 1; + +len = SSL_get_tlsext_status_ocsp_resp(s, &p); +/*BIO_printf(arg, "OCSP response: ");*/ +if (!p) + { + BIO_printf(arg, "no response received\n"); + return 1; + } +if(!(rsp = d2i_OCSP_RESPONSE(NULL, &p, len))) + { + BIO_printf(arg, "response parse error\n"); + BIO_dump_indent(arg, (char *)p, len, 4); + return 0; + } +if(!(bs = OCSP_response_get1_basic(rsp))) + { + BIO_printf(arg, "error parsing response\n"); + return 0; + } + +CAfile = ocsp_stapling; +if(!(store = setup_verify(arg, CAfile, NULL))) + { + BIO_printf(arg, "error in cert setup\n"); + return 0; + } + +/* No file of alternate certs, no options */ +if(OCSP_basic_verify(bs, NULL, store, 0) <= 0) + { + BIO_printf(arg, "Response Verify Failure\n"); + ERR_print_errors(arg); + ret = 0; + } +else + BIO_printf(arg, "Response verify OK\n"); + +X509_STORE_free(store); +return ret; +} + + /************************************************* * Start an OpenSSL TLS session * *************************************************/ @@ -161,6 +250,13 @@ SSL_set_session_id_context(*ssl, sid_ctx, strlen(sid_ctx)); SSL_set_fd (*ssl, sock); SSL_set_connect_state(*ssl); +if (ocsp_stapling) + { + SSL_CTX_set_tlsext_status_cb(ctx, tls_client_stapling_cb); + SSL_CTX_set_tlsext_status_arg(ctx, BIO_new_fp(stdout, BIO_NOCLOSE)); + SSL_set_tlsext_status_type(*ssl, TLSEXT_STATUSTYPE_ocsp); + } + signal(SIGALRM, sigalrm_handler_flag); sigalrm_seen = 0; alarm(5); @@ -418,6 +514,17 @@ while (argc >= argi + 1 && argv[argi][0] == '-') tls_on_connect = 1; argi++; } +#ifdef HAVE_OPENSSL + else if (strcmp(argv[argi], "-ocsp") == 0) + { + if (argc < ++argi + 1) + { + fprintf(stderr, "Missing required certificate file for ocsp option\n"); + exit(1); + } + ocsp_stapling = argv[argi++]; + } +#endif else if (argv[argi][1] == 't' && isdigit(argv[argi][2])) { tmplong = strtol(argv[argi]+2, &end, 10); diff --git a/test/stderr/0021 b/test/stderr/0021 index 28be74ecf..4f43e05c9 100644 --- a/test/stderr/0021 +++ b/test/stderr/0021 @@ -30,13 +30,13 @@ accept: condition test succeeded in ACL "connect" using ACL "mail" processing "warn" check senders = ok@test3 -address match: subject=bad@test1 pattern=ok@test3 +address match test: subject=bad@test1 pattern=ok@test3 bad@test1 in "ok@test3"? no (end of list) warn: condition test failed in ACL "mail" processing "accept" check senders = ok@test1 : ok@test3 -address match: subject=bad@test1 pattern=ok@test1 -address match: subject=bad@test1 pattern=ok@test3 +address match test: subject=bad@test1 pattern=ok@test1 +address match test: subject=bad@test1 pattern=ok@test3 bad@test1 in "ok@test1 : ok@test3"? no (end of list) accept: condition test failed in ACL "mail" end of ACL "mail": implicit DENY @@ -45,13 +45,13 @@ LOG: MAIN REJECT using ACL "mail" processing "warn" check senders = ok@test3 -address match: subject=ok@test1 pattern=ok@test3 +address match test: subject=ok@test1 pattern=ok@test3 test1 in "test3"? no (end of list) ok@test1 in "ok@test3"? no (end of list) warn: condition test failed in ACL "mail" processing "accept" check senders = ok@test1 : ok@test3 -address match: subject=ok@test1 pattern=ok@test1 +address match test: subject=ok@test1 pattern=ok@test1 test1 in "test1"? yes (matched "test1") ok@test1 in "ok@test1 : ok@test3"? yes (matched "ok@test1") check verify = sender @@ -66,9 +66,9 @@ accept: condition test succeeded in ACL "mail" using ACL "rcpt" processing "accept" check senders = +ok_senders -address match: subject=ok@test1 pattern=ok@somewhere +address match test: subject=ok@test1 pattern=ok@somewhere test1 in "somewhere"? no (end of list) -address match: subject=ok@test1 pattern=ok@test1 +address match test: subject=ok@test1 pattern=ok@test1 test1 in "test1"? yes (matched "test1") ok@test1 in "ok@somewhere : ok@test1 : ok@test3"? yes (matched "ok@test1") ok@test1 in "+ok_senders"? yes (matched "+ok_senders") @@ -128,15 +128,15 @@ accept: condition test succeeded in ACL "connect" using ACL "mail" processing "warn" check senders = ok@test3 -address match: subject=ok@test3 pattern=ok@test3 +address match test: subject=ok@test3 pattern=ok@test3 test3 in "test3"? yes (matched "test3") ok@test3 in "ok@test3"? yes (matched "ok@test3") warn: condition test succeeded in ACL "mail" processing "accept" check senders = ok@test1 : ok@test3 -address match: subject=ok@test3 pattern=ok@test1 +address match test: subject=ok@test3 pattern=ok@test1 test3 in "test1"? no (end of list) -address match: subject=ok@test3 pattern=ok@test3 +address match test: subject=ok@test3 pattern=ok@test3 test3 in "test3"? yes (matched "test3") ok@test3 in "ok@test1 : ok@test3"? yes (matched "ok@test3") check verify = sender @@ -151,11 +151,11 @@ accept: condition test succeeded in ACL "mail" using ACL "rcpt" processing "accept" check senders = +ok_senders -address match: subject=ok@test3 pattern=ok@somewhere +address match test: subject=ok@test3 pattern=ok@somewhere test3 in "somewhere"? no (end of list) -address match: subject=ok@test3 pattern=ok@test1 +address match test: subject=ok@test3 pattern=ok@test1 test3 in "test1"? no (end of list) -address match: subject=ok@test3 pattern=ok@test3 +address match test: subject=ok@test3 pattern=ok@test3 test3 in "test3"? yes (matched "test3") ok@test3 in "ok@somewhere : ok@test1 : ok@test3"? yes (matched "ok@test3") ok@test3 in "+ok_senders"? yes (matched "+ok_senders") diff --git a/test/stderr/0039 b/test/stderr/0039 index 3dcf023c0..7d8121912 100644 --- a/test/stderr/0039 +++ b/test/stderr/0039 @@ -2,17 +2,17 @@ LOG: MAIN <= CALLER@myhost.test.ex U=CALLER P=local S=sss delivering 10HmaX-0005vi-00 LOG: MAIN - *> newr1@myhost.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] + *> newr1@myhost.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option" LOG: MAIN - *> newr2@local.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] + *> newr2@local.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option" LOG: MAIN Completed LOG: MAIN <= CALLER@qd.text.ex U=CALLER P=local S=sss delivering 10HmaY-0005vi-00 LOG: MAIN - *> newr1@qd.text.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] + *> newr1@qd.text.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option" LOG: MAIN - *> newr2@local.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] + *> newr2@local.test.ex R=ok T=t1 H=V4NET.0.0.0 [V4NET.0.0.0] C="delivery bypassed by -N option" LOG: MAIN Completed diff --git a/test/stderr/0055 b/test/stderr/0055 index 49dc73658..c9729ad2e 100644 --- a/test/stderr/0055 +++ b/test/stderr/0055 @@ -21,7 +21,7 @@ LOG: MAIN <= CALLER@myhost.ex U=CALLER P=local S=sss delivering 10HmbB-0005vi-00 LOG: MAIN - *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] + *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN Completed LOG: MAIN @@ -33,7 +33,7 @@ LOG: queue_run MAIN Start queue run: pid=pppp delivering 10HmbC-0005vi-00 (queue run pid ppppp) LOG: MAIN - *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] + *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option" LOG: MAIN Completed LOG: queue_run MAIN @@ -44,12 +44,12 @@ delivering 10HmbD-0005vi-00 (queue run pid ppppp) delivering 10HmbE-0005vi-00 (queue run pid ppppp) delivering 10HmbD-0005vi-00 (queue run pid ppppp) LOG: MAIN - *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] + *> xxx@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN Completed delivering 10HmbE-0005vi-00 (queue run pid ppppp) LOG: MAIN - *> yyy@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] + *> yyy@ten-1.test.ex R=lookuphost T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN Completed LOG: queue_run MAIN @@ -61,7 +61,7 @@ LOG: MAIN == xxx@ten-2.test.ex R=lookuphost T=smtp defer (-1): domain matches queue_smtp_domains, or -odqs set delivering 10HmbF-0005vi-00 LOG: MAIN - *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] + *> xxx@ten-2.test.ex R=lookuphost T=smtp H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option" LOG: MAIN Completed LOG: MAIN diff --git a/test/stderr/0085 b/test/stderr/0085 index e39e5684f..92a8b7069 100644 --- a/test/stderr/0085 +++ b/test/stderr/0085 @@ -69,11 +69,11 @@ internal_search_find: file="TESTSUITE/aux-fixed/0085.data" cached data used for lookup of smart.domain in TESTSUITE/aux-fixed/0085.data lookup yielded: x : y : abc@d.e.f -address match: subject=abc@d.e.f pattern=x +address match test: subject=abc@d.e.f pattern=x d.e.f in "x"? no (end of list) -address match: subject=abc@d.e.f pattern=y +address match test: subject=abc@d.e.f pattern=y d.e.f in "y"? no (end of list) -address match: subject=abc@d.e.f pattern=abc@d.e.f +address match test: subject=abc@d.e.f pattern=abc@d.e.f d.e.f in "d.e.f"? yes (matched "d.e.f") abc@d.e.f in "x : y : abc@d.e.f"? yes (matched "abc@d.e.f") calling smart1 router @@ -138,11 +138,11 @@ internal_search_find: file="TESTSUITE/aux-fixed/0085.data" cached data used for lookup of test.ex in TESTSUITE/aux-fixed/0085.data lookup yielded: x : y : abc@d.e.f -address match: subject=abc@d.e.f pattern=x +address match test: subject=abc@d.e.f pattern=x d.e.f in "x"? no (end of list) -address match: subject=abc@d.e.f pattern=y +address match test: subject=abc@d.e.f pattern=y d.e.f in "y"? no (end of list) -address match: subject=abc@d.e.f pattern=abc@d.e.f +address match test: subject=abc@d.e.f pattern=abc@d.e.f d.e.f in "d.e.f"? yes (matched "d.e.f") abc@d.e.f in "x : y : abc@d.e.f"? yes (matched "abc@d.e.f") checking require_files @@ -268,11 +268,11 @@ internal_search_find: file="TESTSUITE/aux-fixed/0085.data" cached data used for lookup of smart.domain in TESTSUITE/aux-fixed/0085.data lookup yielded: x : y : abc@d.e.f -address match: subject=CALLER@myhost.test.ex pattern=x +address match test: subject=CALLER@myhost.test.ex pattern=x myhost.test.ex in "x"? no (end of list) -address match: subject=CALLER@myhost.test.ex pattern=y +address match test: subject=CALLER@myhost.test.ex pattern=y myhost.test.ex in "y"? no (end of list) -address match: subject=CALLER@myhost.test.ex pattern=abc@d.e.f +address match test: subject=CALLER@myhost.test.ex pattern=abc@d.e.f CALLER@myhost.test.ex in "x : y : abc@d.e.f"? no (end of list) smart1 router skipped: senders mismatch --------> fail_remote_domains router <-------- @@ -335,11 +335,11 @@ internal_search_find: file="TESTSUITE/aux-fixed/0085.data" cached data used for lookup of test.ex in TESTSUITE/aux-fixed/0085.data lookup yielded: x : y : abc@d.e.f -address match: subject=CALLER@myhost.test.ex pattern=x +address match test: subject=CALLER@myhost.test.ex pattern=x myhost.test.ex in "x"? no (end of list) -address match: subject=CALLER@myhost.test.ex pattern=y +address match test: subject=CALLER@myhost.test.ex pattern=y myhost.test.ex in "y"? no (end of list) -address match: subject=CALLER@myhost.test.ex pattern=abc@d.e.f +address match test: subject=CALLER@myhost.test.ex pattern=abc@d.e.f CALLER@myhost.test.ex in "x : y : abc@d.e.f"? no (end of list) smart2 router skipped: senders mismatch no more routers diff --git a/test/stderr/0108 b/test/stderr/0108 index 9693fbfb0..489565dec 100644 --- a/test/stderr/0108 +++ b/test/stderr/0108 @@ -2,25 +2,25 @@ LOG: MAIN <= CALLER@test.ex U=CALLER P=local S=sss delivering 10HmaX-0005vi-00 LOG: MAIN - *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] + *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN - *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] + *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN - *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] + *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN - *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] + *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN Completed LOG: MAIN <= CALLER@test.ex U=CALLER P=local S=sss delivering 10HmaY-0005vi-00 LOG: MAIN - *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] + *> xx@black.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN - *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] + *> xx@myhost.com R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN - *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] + *> xx@other.edu R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN - *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] + *> xx@ten-1.net R=remote T=smtp H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN Completed diff --git a/test/stderr/0121 b/test/stderr/0121 index c7fcec401..39cdfba9b 100644 --- a/test/stderr/0121 +++ b/test/stderr/0121 @@ -38,6 +38,20 @@ LOG: H=[127.0.0.1] F= rejected RCPT : Send >>> processing "require" >>> check verify = sender >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> +>>> routing "unknown with spaces"@test.ex +>>> test.ex in "test.ex"? yes (matched "test.ex") +>>> test.ex in "! +local_domains"? no (matched "! +local_domains") +>>> unknown with spaces in "defer"? no (end of list) +>>> unknown with spaces in "userx"? no (end of list) +>>> no more routers +>>> ----------- end verify ------------ +>>> require: condition test failed in ACL "check_recipient" +LOG: H=[127.0.0.1] sender verify fail for <"unknown with spaces"@test.ex>: Unrouteable address +LOG: H=[127.0.0.1] F=<"unknown with spaces"@test.ex> rejected RCPT : Sender verify failed +>>> using ACL "check_recipient" +>>> processing "require" +>>> check verify = sender +>>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing userx@test.ex >>> test.ex in "test.ex"? yes (matched "test.ex") >>> test.ex in "! +local_domains"? no (matched "! +local_domains") diff --git a/test/stderr/0143 b/test/stderr/0143 index 06ddcd7cf..80d1ed320 100644 --- a/test/stderr/0143 +++ b/test/stderr/0143 @@ -8,9 +8,11 @@ Exim version x.yz .... configuration file is TESTSUITE/test-config trusted user admin user +router_name >>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>> --------> userx@domain.com <-------- -smtp transport entered +transport_name +my_smtp transport entered userx@domain.com checking status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111 status = usable @@ -36,9 +38,9 @@ transport_check_waiting entered sequence=1 local_max=500 global_max=-1 no messages waiting for 127.0.0.1 SMTP>> QUIT -Leaving smtp transport +Leaving my_smtp transport LOG: MAIN - => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] + => userx@domain.com R=my_main_router T=my_smtp H=127.0.0.1 [127.0.0.1] C="250 OK" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/0217 b/test/stderr/0217 index 32b046de1..4567dd3d7 100644 --- a/test/stderr/0217 +++ b/test/stderr/0217 @@ -252,12 +252,12 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 250 OK SMTP>> QUIT LOG: MAIN - => w@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] + => w@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" LOG: MAIN - -> x@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] + -> x@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" LOG: MAIN - -> y@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] + -> y@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" LOG: MAIN - -> z@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] + -> z@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" LOG: MAIN Completed diff --git a/test/stderr/0218 b/test/stderr/0218 index cbec285ef..67ae81ee6 100644 --- a/test/stderr/0218 +++ b/test/stderr/0218 @@ -23,7 +23,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP>> writing message and terminating "." SMTP<< 250 OK LOG: MAIN - => a@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1] + => a@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK" LOG: MAIN Completed Exim version x.yz .... @@ -41,7 +41,7 @@ delivering 10HmaY-0005vi-00 (queue run pid ppppp) SMTP<< 250 OK SMTP>> QUIT LOG: MAIN - => b@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* + => b@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> @@ -145,7 +145,7 @@ delivering 10HmbC-0005vi-00 (queue run pid ppppp) SMTP<< 250 OK SMTP>> QUIT LOG: MAIN - => c@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* + => c@test.ex F= R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/0227 b/test/stderr/0227 index 8a34bd454..7a75ec015 100644 --- a/test/stderr/0227 +++ b/test/stderr/0227 @@ -2,7 +2,7 @@ LOG: smtp_connection MAIN SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -19,7 +19,7 @@ LOG: smtp_connection MAIN SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -36,7 +36,7 @@ LOG: smtp_connection MAIN SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -53,7 +53,7 @@ LOG: smtp_connection MAIN SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 550 Error for <> @@ -68,7 +68,7 @@ LOG: smtp_connection MAIN SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 550-Multiline error for <> @@ -84,7 +84,7 @@ LOG: smtp_connection MAIN SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -92,14 +92,14 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 550 Recipient not liked SMTP>> QUIT LOG: MAIN REJECT - H=[V4NET.0.0.3] U=root F= rejected RCPT : (recipient): response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked + H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked LOG: smtp_connection MAIN SMTP connection from root closed by QUIT LOG: smtp_connection MAIN SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -108,7 +108,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected 550 Here's the second SMTP>> QUIT LOG: MAIN REJECT - H=[V4NET.0.0.3] U=root F= rejected RCPT : (recipient): response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second + H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550-Recipient not liked on two lines\n550 Here's the second LOG: smtp_connection MAIN SMTP connection from root closed by QUIT LOG: smtp_connection MAIN @@ -123,7 +123,7 @@ LOG: smtp_connection MAIN SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -138,7 +138,7 @@ LOG: smtp_connection MAIN SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -153,12 +153,13 @@ LOG: smtp_connection MAIN SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK SMTP>> RCPT TO: SMTP<< 250 OK +Cutthrough cancelled by presence of postmaster verify SMTP>> RSET SMTP<< 250 OK SMTP>> MAIL FROM:<> @@ -174,12 +175,13 @@ LOG: smtp_connection MAIN SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK SMTP>> RCPT TO: SMTP<< 250 OK +Cutthrough cancelled by presence of postmaster verify SMTP>> RSET SMTP<< 250 OK SMTP>> MAIL FROM:<> @@ -190,7 +192,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected LOG: MAIN REJECT H=[V4NET.0.0.5] U=root sender verify fail for : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Don't like postmaster LOG: MAIN REJECT - H=[V4NET.0.0.5] U=root F= rejected RCPT : (postmaster): Sender verify failed + H=[V4NET.0.0.5] U=root F= rejected RCPT : Sender verify failed LOG: smtp_connection MAIN SMTP connection from root closed by QUIT LOG: smtp_connection MAIN @@ -205,7 +207,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 550 Recipient not liked SMTP>> QUIT LOG: MAIN REJECT - H=[V4NET.0.0.3] U=root F= rejected RCPT : (recipient): response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked + H=[V4NET.0.0.3] U=root F= rejected RCPT : response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Recipient not liked LOG: smtp_connection MAIN SMTP connection from root closed by QUIT LOG: smtp_connection MAIN diff --git a/test/stderr/0261 b/test/stderr/0261 index 04219b0b5..a8bff050c 100644 --- a/test/stderr/0261 +++ b/test/stderr/0261 @@ -8,7 +8,7 @@ LOG: MAIN PANIC LOG: MAIN PANIC == no.hosts@test.ex R=no_hosts T=no_hosts defer (-1): no_hosts transport called with no hosts set LOG: MAIN - *> userx@test.ex R=good T=remote_delivery H=V4NET.0.0.1 [V4NET.0.0.1] + *> userx@test.ex R=good T=remote_delivery H=V4NET.0.0.1 [V4NET.0.0.1] C="delivery bypassed by -N option" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return2@test.ex R=bad_return T=bad_return defer (-1): Failed to expand return path "${if": condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == no.hosts@test.ex R=no_hosts T=no_hosts defer (-1): no_hosts transport called with no hosts set diff --git a/test/stderr/0279 b/test/stderr/0279 index 5a3b7a099..a56ebe9be 100644 --- a/test/stderr/0279 +++ b/test/stderr/0279 @@ -20,17 +20,17 @@ routing CALLER@test.ex --------> rr1 router <-------- local_part=CALLER domain=test.ex checking senders -address match: subject=CALLER@test.ex pattern=user1@+funny_domains +address match test: subject=CALLER@test.ex pattern=user1@+funny_domains CALLER@test.ex in "user1@+funny_domains"? no (end of list) rr1 router skipped: senders mismatch --------> r1 router <-------- local_part=CALLER domain=test.ex checking senders -address match: subject=CALLER@test.ex pattern=never@test.ex +address match test: subject=CALLER@test.ex pattern=never@test.ex CALLER@test.ex in "never@test.ex"? no (end of list) -address match: subject=CALLER@test.ex pattern=never1@test.ex +address match test: subject=CALLER@test.ex pattern=never1@test.ex CALLER@test.ex in "never1@test.ex"? no (end of list) -address match: subject=CALLER@test.ex pattern=CALLER@test.ex +address match test: subject=CALLER@test.ex pattern=CALLER@test.ex test.ex in "test.ex"? yes (matched "test.ex") CALLER@test.ex in "CALLER@test.ex"? yes (matched "CALLER@test.ex") CALLER@test.ex in "+never_addresses : +n1_addresses : ! +local_addresses"? no (matched "! +local_addresses") @@ -40,7 +40,7 @@ local_part=CALLER domain=test.ex checking senders cached no match for +never_addresses cached lookup data = NULL -address match: subject=CALLER@test.ex pattern=never2@test.ex +address match test: subject=CALLER@test.ex pattern=never2@test.ex cached no match for +n1_addresses cached lookup data = NULL CALLER@test.ex in "<; never2@test.ex ; +n1_addresses"? no (end of list) @@ -92,7 +92,7 @@ routing CALLER@test.ex --------> rr1 router <-------- local_part=CALLER domain=test.ex checking senders -address match: subject=user1@fun.1 pattern=user1@+funny_domains +address match test: subject=user1@fun.1 pattern=user1@+funny_domains fun.1 in "fun.1 : fun.2"? yes (matched "fun.1") fun.1 in "+funny_domains"? yes (matched "+funny_domains") user1@fun.1 in "user1@+funny_domains"? yes (matched "user1@+funny_domains") diff --git a/test/stderr/0292 b/test/stderr/0292 index 70b4574e4..f88c6b03c 100644 --- a/test/stderr/0292 +++ b/test/stderr/0292 @@ -6,6 +6,6 @@ LOG: MAIN *> userx@t1 R=r1 T=t1 H=host.1:host.2 $host=127.0.0.1 $host_address=127.0.0.1 LOG: MAIN - *> userx@t2 R=r2 T=t2 H=127.0.0.1 [127.0.0.1] + *> userx@t2 R=r2 T=t2 H=127.0.0.1 [127.0.0.1] C="delivery bypassed by -N option" LOG: MAIN Completed diff --git a/test/stderr/0315 b/test/stderr/0315 index 01922fbe5..80a16f562 100644 --- a/test/stderr/0315 +++ b/test/stderr/0315 @@ -49,9 +49,9 @@ After routing: Deferred addresses: locking TESTSUITE/spool/db/retry.lockfile LOG: MAIN - *> x@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] + *> x@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN - *> y@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] + *> y@ten-1.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1] C="delivery bypassed by -N option" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> @@ -125,9 +125,9 @@ After routing: Deferred addresses: locking TESTSUITE/spool/db/retry.lockfile LOG: MAIN - *> x@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] + *> x@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option" LOG: MAIN - *> y@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] + *> y@ten-2.test.ex R=r2 T=t1 H=ten-2.test.ex [V4NET.0.0.2] C="delivery bypassed by -N option" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/0332 b/test/stderr/0332 index 70e7dc6e6..d77834753 100644 --- a/test/stderr/0332 +++ b/test/stderr/0332 @@ -34,7 +34,7 @@ After routing: locking TESTSUITE/spool/db/retry.lockfile locking TESTSUITE/spool/db/wait-t1.lockfile LOG: MAIN - => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] + => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" LOG: MAIN Completed Exim version x.yz .... @@ -78,7 +78,7 @@ After routing: locking TESTSUITE/spool/db/retry.lockfile locking TESTSUITE/spool/db/wait-t1.lockfile LOG: MAIN - => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* + => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK" >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> locking TESTSUITE/spool/db/retry.lockfile >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> diff --git a/test/stderr/0333 b/test/stderr/0333 index 6cf0421cd..b7c11d62c 100644 --- a/test/stderr/0333 +++ b/test/stderr/0333 @@ -32,7 +32,7 @@ After routing: locking TESTSUITE/spool/db/retry.lockfile locking TESTSUITE/spool/db/wait-t1.lockfile LOG: MAIN - => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] + => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> @@ -77,5 +77,5 @@ After routing: locking TESTSUITE/spool/db/retry.lockfile locking TESTSUITE/spool/db/wait-t1.lockfile LOG: MAIN - => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* + => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1]* C="250 OK" >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/0357 b/test/stderr/0357 index 0bd08647e..4b7798c53 100644 --- a/test/stderr/0357 +++ b/test/stderr/0357 @@ -160,6 +160,9 @@ locking TESTSUITE/spool/db/retry.lockfile >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Considering: userx@test.ex no domain retry record +retry time not reached: checking ultimate address timeout + now=tttt first_failed=tttt next_try=tttt expired=0 + received_time=tttt diff=tttt timeout=3600 LOG: retry_defer MAIN == userx@test.ex routing defer (-51): retry time not reached >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> diff --git a/test/stderr/0360 b/test/stderr/0360 index 76b521668..70b77eb2b 100644 --- a/test/stderr/0360 +++ b/test/stderr/0360 @@ -143,7 +143,7 @@ After routing: defer@test.ex locking TESTSUITE/spool/db/retry.lockfile LOG: MAIN - *> unknown@recurse.test.ex.test.ex R=r1 T=t1 H=recurse.test.ex.test.ex [V4NET.99.0.2] + *> unknown@recurse.test.ex.test.ex R=r1 T=t1 H=recurse.test.ex.test.ex [V4NET.99.0.2] C="delivery bypassed by -N option" >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> Exim version x.yz .... diff --git a/test/stderr/0362 b/test/stderr/0362 index fac62e587..14065094f 100644 --- a/test/stderr/0362 +++ b/test/stderr/0362 @@ -40,7 +40,7 @@ a.b.c in "+relay_domains"? yes (matched "+relay_domains") check verify = recipient >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Verifying x@a.b.c -address match: subject=x@a.b.c pattern=x@a.b.c +address match test: subject=x@a.b.c pattern=x@a.b.c a.b.c in "a.b.c"? yes (matched "a.b.c") x@a.b.c in "x@a.b.c"? yes (matched "x@a.b.c") LOG: address_rewrite MAIN diff --git a/test/stderr/0374 b/test/stderr/0374 index 2fafefb7e..cf1104120 100644 --- a/test/stderr/0374 +++ b/test/stderr/0374 @@ -367,7 +367,7 @@ LOG: MAIN locking TESTSUITE/spool/db/retry.lockfile locking TESTSUITE/spool/db/wait-ut4.lockfile LOG: MAIN - => d1@myhost.test.ex R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1] + => d1@myhost.test.ex R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1] C="250 OK" locking TESTSUITE/spool/db/retry.lockfile LOG: MAIN == d2@myhost.test.ex R=ut4 T=ut4 defer (-44): SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 450 soft error diff --git a/test/stderr/0375 b/test/stderr/0375 index 628b5dfcb..37ed2d839 100644 --- a/test/stderr/0375 +++ b/test/stderr/0375 @@ -802,7 +802,7 @@ log writing disabled locking TESTSUITE/spool/db/retry.lockfile locking TESTSUITE/spool/db/wait-ut4.lockfile LOG: MAIN - => d1@myhost.test.ex P=<> R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1] + => d1@myhost.test.ex P=<> R=ut4 T=ut4 H=127.0.0.1 [127.0.0.1] C="250 OK" log writing disabled locking TESTSUITE/spool/db/retry.lockfile LOG: MAIN @@ -821,7 +821,7 @@ log writing disabled locking TESTSUITE/spool/db/retry.lockfile locking TESTSUITE/spool/db/wait-ut6.lockfile LOG: MAIN - => f1@myhost.test.ex P= R=ut6 T=ut6 H=127.0.0.1 [127.0.0.1] + => f1@myhost.test.ex P= R=ut6 T=ut6 H=127.0.0.1 [127.0.0.1] C="250 OK" log writing disabled locking TESTSUITE/spool/db/retry.lockfile LOG: MAIN diff --git a/test/stderr/0376 b/test/stderr/0376 index 3a6367578..857295978 100644 --- a/test/stderr/0376 +++ b/test/stderr/0376 @@ -14,7 +14,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -83,7 +83,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -137,7 +137,7 @@ callout cache: address record expired interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 550 REJECT MAIL FROM @@ -187,12 +187,13 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK SMTP>> RCPT TO: SMTP<< 250 OK +Cutthrough cancelled by presence of postmaster verify SMTP>> RSET SMTP<< 250 OK SMTP>> MAIL FROM:<> @@ -246,12 +247,13 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK SMTP>> RCPT TO: SMTP<< 250 OK +Cutthrough cancelled by presence of postmaster verify SMTP>> RSET SMTP<< 250 OK SMTP>> MAIL FROM:<> @@ -299,7 +301,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -343,7 +345,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -387,7 +389,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -399,6 +401,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 250 OK SMTP>> RCPT TO: SMTP<< 250 OK +Cutthrough cancelled by presence of postmaster verify SMTP>> RSET SMTP<< 250 OK SMTP>> MAIL FROM:<> @@ -447,12 +450,13 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK SMTP>> RCPT TO: SMTP<< 250 OK +Cutthrough cancelled by presence of postmaster verify SMTP>> RSET SMTP<< 250 OK SMTP>> MAIL FROM:<> @@ -483,7 +487,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -512,7 +516,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -548,7 +552,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -577,7 +581,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -612,7 +616,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -643,12 +647,13 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK SMTP>> RCPT TO: SMTP<< 250 OK +Cutthrough cancelled by presence of postmaster verify SMTP>> RSET SMTP<< 250 OK SMTP>> MAIL FROM: @@ -679,7 +684,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM: SMTP<< 250 OK @@ -711,7 +716,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -740,12 +745,13 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK SMTP>> RCPT TO: SMTP<< 250 OK +Cutthrough cancelled by presence of postmaster verify SMTP>> RSET SMTP<< 250 OK SMTP>> MAIL FROM:<> @@ -777,7 +783,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM: SMTP<< 250 OK @@ -789,6 +795,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 250 OK SMTP>> RCPT TO: SMTP<< 250 OK +Cutthrough cancelled by presence of postmaster verify SMTP>> RSET SMTP<< 250 OK SMTP>> MAIL FROM: diff --git a/test/stderr/0388 b/test/stderr/0388 index f7855826f..98df1fdb3 100644 --- a/test/stderr/0388 +++ b/test/stderr/0388 @@ -95,7 +95,7 @@ LOG: MAIN added retry item for R:x@y: errno=-44 more_errno=dd,A flags=0 SMTP>> QUIT set_process_info: pppp delivering 10HmaX-0005vi-00: just tried 127.0.0.1 [127.0.0.1] for x@y: result OK -address match: subject=*@127.0.0.1 pattern=* +address match test: subject=*@127.0.0.1 pattern=* 127.0.0.1 in "*"? yes (matched "*") *@127.0.0.1 in "*"? yes (matched "*") checking status of V4NET.0.0.0 @@ -134,7 +134,7 @@ locked TESTSUITE/spool/db/retry.lockfile EXIM_DBOPEN(TESTSUITE/spool/db/retry) returned from EXIM_DBOPEN opened hints database TESTSUITE/spool/db/retry: flags=O_RDWR -address match: subject=x@y pattern=* +address match test: subject=x@y pattern=* y in "*"? yes (matched "*") x@y in "*"? yes (matched "*") retry for R:x@y = * 0 0 @@ -144,7 +144,7 @@ Writing retry data for R:x@y first failed=dddd last try=dddd next try=+1 expired=1 errno=-44 more_errno=dd,A SMTP error from remote mail server after RCPT TO:: host 127.0.0.1 [127.0.0.1]: 451 Temporary error dbfn_write: key=R:x@y -address match: subject=*@V4NET.0.0.0 pattern=* +address match test: subject=*@V4NET.0.0.0 pattern=* V4NET.0.0.0 in "*"? yes (matched "*") *@V4NET.0.0.0 in "*"? yes (matched "*") retry for T:V4NET.0.0.0:V4NET.0.0.0:1224 (y) = * 0 0 @@ -236,7 +236,7 @@ local_part=CALLER domain=myhost.test.ex checking local_parts CALLER in "CALLER"? yes (matched "CALLER") checking senders -address match: subject= pattern= +address match test: subject= pattern= in ":"? yes (matched "") calling r0 router rda_interpret (string): :blackhole: diff --git a/test/stderr/0391 b/test/stderr/0391 index 41f7035cb..e6fac476b 100644 --- a/test/stderr/0391 +++ b/test/stderr/0391 @@ -30,7 +30,7 @@ processing "accept" check verify = sender >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Verifying U@W.x.y -address match: subject=U@w.x.y pattern=*@*.x.y +address match test: subject=U@w.x.y pattern=*@*.x.y w.x.y in "*.x.y"? yes (matched "*.x.y") U@W.x.y in "*@*.x.y"? yes (matched "*@*.x.y") LOG: address_rewrite MAIN diff --git a/test/stderr/0398 b/test/stderr/0398 index f02458c39..0ad911345 100644 --- a/test/stderr/0398 +++ b/test/stderr/0398 @@ -21,7 +21,7 @@ SMTP<< rcpt to: using ACL "rcpt" processing "deny" check senders = qq@remote -address match: subject=qq@remote pattern=qq@remote +address match test: subject=qq@remote pattern=qq@remote remote in "remote"? yes (matched "remote") qq@remote in "qq@remote"? yes (matched "qq@remote") check !verify = sender @@ -70,7 +70,7 @@ sender qq@remote verified ok deny: condition test failed in ACL "rcpt" processing "warn" check senders = qq@remote -address match: subject=qq@remote pattern=qq@remote +address match test: subject=qq@remote pattern=qq@remote remote in "remote"? yes (matched "remote") qq@remote in "qq@remote"? yes (matched "qq@remote") check !verify = sender/callout @@ -126,8 +126,10 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO mail.test.ex +127.0.0.1 in hosts_avoid_esmtp? no (option unset) + SMTP>> EHLO mail.test.ex SMTP<< 250 OK +127.0.0.1 in hosts_require_auth? no (option unset) SMTP>> MAIL FROM:<> SMTP<< 250 OK SMTP>> RCPT TO: @@ -149,7 +151,7 @@ LOG: MAIN U=CALLER Warning: Sender verify failed: response to "RCPT TO:" from 127.0.0.1 [127.0.0.1] was: 550 Unknown processing "accept" check senders = qq@remote -address match: subject=qq@remote pattern=qq@remote +address match test: subject=qq@remote pattern=qq@remote remote in "remote"? yes (matched "remote") qq@remote in "qq@remote"? yes (matched "qq@remote") accept: condition test succeeded in ACL "rcpt" @@ -158,7 +160,7 @@ SMTP<< rcpt to: using ACL "rcpt" processing "deny" check senders = qq@remote -address match: subject=qq@remote pattern=qq@remote +address match test: subject=qq@remote pattern=qq@remote remote in "remote"? yes (matched "remote") qq@remote in "qq@remote"? yes (matched "qq@remote") check !verify = sender @@ -166,7 +168,7 @@ using cached sender verify result deny: condition test failed in ACL "rcpt" processing "warn" check senders = qq@remote -address match: subject=qq@remote pattern=qq@remote +address match test: subject=qq@remote pattern=qq@remote remote in "remote"? yes (matched "remote") qq@remote in "qq@remote"? yes (matched "qq@remote") check !verify = sender/callout @@ -226,7 +228,7 @@ LOG: MAIN U=CALLER Warning: Sender verify failed processing "accept" check senders = qq@remote -address match: subject=qq@remote pattern=qq@remote +address match test: subject=qq@remote pattern=qq@remote remote in "remote"? yes (matched "remote") qq@remote in "qq@remote"? yes (matched "qq@remote") accept: condition test succeeded in ACL "rcpt" diff --git a/test/stderr/0432 b/test/stderr/0432 index a35449b40..759c9a819 100644 --- a/test/stderr/0432 +++ b/test/stderr/0432 @@ -89,8 +89,10 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 server ready - SMTP>> HELO myhost.test.ex +127.0.0.1 in hosts_avoid_esmtp? no (option unset) + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK +127.0.0.1 in hosts_require_auth? no (option unset) SMTP>> MAIL FROM:<> SMTP<< 250 OK SMTP>> RCPT TO: @@ -242,8 +244,10 @@ MUNGED: ::1 will be omitted in what follows >>> interface=NULL port=1224 >>> Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected >>> SMTP<< 220 server ready ->>> SMTP>> HELO myhost.test.ex +>>> 127.0.0.1 in hosts_avoid_esmtp? no (option unset) +>>> SMTP>> EHLO myhost.test.ex >>> SMTP<< 250 OK +>>> 127.0.0.1 in hosts_require_auth? no (option unset) >>> SMTP>> MAIL FROM:<> >>> SMTP<< 250 OK >>> SMTP>> RCPT TO: @@ -280,7 +284,8 @@ MUNGED: ::1 will be omitted in what follows >>> interface=NULL port=1224 >>> Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected >>> SMTP<< 220 server ready ->>> SMTP>> HELO myhost.test.ex +>>> 127.0.0.1 in hosts_avoid_esmtp? no (option unset) +>>> SMTP>> EHLO myhost.test.ex >>> SMTP timeout >>> ----------- end verify ------------ >>> accept: condition test deferred in ACL "mail" diff --git a/test/stderr/0443 b/test/stderr/0443 index 6cf1dcf04..99dc1c6f6 100644 --- a/test/stderr/0443 +++ b/test/stderr/0443 @@ -16,9 +16,8 @@ >>> Attempting full verification using callout >>> callout cache: no domain record found >>> callout cache: no address record found ->>> interface=NULL port=25 ->>> Connecting to ten-1.test.ex [V4NET.0.0.1]:25 ... failed: Network Error +>>> cannot callout via null transport >>> ----------- end verify ------------ >>> accept: condition test deferred in ACL "rcpt" -LOG: H=[V4NET.0.0.1] sender verify defer for : could not connect to ten-1.test.ex [V4NET.0.0.1]: Network Error +LOG: H=[V4NET.0.0.1] sender verify defer for : Could not complete sender verify callout LOG: H=[V4NET.0.0.1] F= temporarily rejected RCPT x@y: Could not complete sender verify callout diff --git a/test/stderr/0462 b/test/stderr/0462 index 238959945..f9133d602 100644 --- a/test/stderr/0462 +++ b/test/stderr/0462 @@ -14,12 +14,13 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK SMTP>> RCPT TO: SMTP<< 250 OK +Cutthrough cancelled by presence of postmaster verify SMTP>> RSET SMTP<< 250 OK SMTP>> MAIL FROM:<> @@ -62,7 +63,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK @@ -95,7 +96,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO myhost.test.ex + SMTP>> EHLO myhost.test.ex SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK diff --git a/test/stderr/0467 b/test/stderr/0467 index 60aed5cd3..ec84ba9c0 100644 --- a/test/stderr/0467 +++ b/test/stderr/0467 @@ -2,14 +2,14 @@ LOG: MAIN <= CALLER@myhost.test.ex U=CALLER P=local S=sss delivering 10HmaX-0005vi-00 LOG: MAIN - *> x@srv01.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]:25 + *> x@srv01.test.ex R=r1 T=t1 H=ten-1.test.ex [V4NET.0.0.1]:25 C="delivery bypassed by -N option" LOG: MAIN Completed LOG: MAIN <= CALLER@myhost.test.ex U=CALLER P=local S=sss delivering 10HmaY-0005vi-00 LOG: MAIN - *> x@srv03.test.ex R=r1 T=t1 H=ten-4.test.ex [V4NET.0.0.4]:88 + *> x@srv03.test.ex R=r1 T=t1 H=ten-4.test.ex [V4NET.0.0.4]:88 C="delivery bypassed by -N option" LOG: MAIN Completed LOG: MAIN @@ -31,6 +31,6 @@ Connecting to localhost.test.ex [127.0.0.1]:1224 ... connected SMTP<< 250 OK SMTP>> QUIT LOG: MAIN - => x@srv27.test.ex R=r1 T=t1 H=localhost.test.ex [127.0.0.1]:1224 + => x@srv27.test.ex R=r1 T=t1 H=localhost.test.ex [127.0.0.1]:1224 C="250 OK" LOG: MAIN Completed diff --git a/test/stderr/0471 b/test/stderr/0471 index f81cb2a1d..273100d4b 100644 --- a/test/stderr/0471 +++ b/test/stderr/0471 @@ -96,7 +96,7 @@ To: random@test.example, **** debug string too long - truncated **** -address match: subject=r1@test.ex pattern=*@* +address match test: subject=r1@test.ex pattern=*@* test.ex in "*"? yes (matched "*") r1@test.ex in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -116,7 +116,7 @@ internal_search_find: file="TESTSUITE/aux-fixed/0471.rw" file lookup required for *.test.ex in TESTSUITE/aux-fixed/0471.rw lookup failed -address match: subject=CALLER@myhost.test.ex pattern=*@* +address match test: subject=CALLER@myhost.test.ex pattern=*@* myhost.test.ex in "*"? yes (matched "*") CALLER@myhost.test.ex in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -225,7 +225,7 @@ rewrite_one_header: type=T: random@test.example, random@test.examp **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -404,7 +404,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -583,7 +583,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -762,7 +762,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -941,7 +941,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -1120,7 +1120,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -1299,7 +1299,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -1478,7 +1478,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -1657,7 +1657,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -1836,7 +1836,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -2014,7 +2014,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -2192,7 +2192,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -2370,7 +2370,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -2548,7 +2548,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -2726,7 +2726,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -2904,7 +2904,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -3082,7 +3082,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -3260,7 +3260,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -3438,7 +3438,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -3616,7 +3616,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -3794,7 +3794,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -3972,7 +3972,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -4150,7 +4150,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -4327,7 +4327,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -4504,7 +4504,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -4681,7 +4681,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -4858,7 +4858,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -5035,7 +5035,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -5212,7 +5212,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -5389,7 +5389,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -5566,7 +5566,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -5743,7 +5743,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -5920,7 +5920,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -6097,7 +6097,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -6274,7 +6274,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -6450,7 +6450,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -6626,7 +6626,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -6802,7 +6802,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -6978,7 +6978,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -7154,7 +7154,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -7330,7 +7330,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -7506,7 +7506,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -7682,7 +7682,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -7858,7 +7858,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -8034,7 +8034,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -8210,7 +8210,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -8386,7 +8386,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -8562,7 +8562,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -8737,7 +8737,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -8912,7 +8912,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -9087,7 +9087,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -9262,7 +9262,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -9437,7 +9437,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -9612,7 +9612,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -9787,7 +9787,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -9962,7 +9962,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -10137,7 +10137,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -10312,7 +10312,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -10487,7 +10487,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -10662,7 +10662,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -10836,7 +10836,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -11010,7 +11010,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -11184,7 +11184,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -11358,7 +11358,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -11532,7 +11532,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -11706,7 +11706,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -11880,7 +11880,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -12054,7 +12054,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -12228,7 +12228,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -12402,7 +12402,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -12576,7 +12576,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -12750,7 +12750,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -12924,7 +12924,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -13097,7 +13097,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -13270,7 +13270,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -13443,7 +13443,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -13616,7 +13616,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -13789,7 +13789,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -13962,7 +13962,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -14135,7 +14135,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -14308,7 +14308,7 @@ remainder: random@test.example, random@test.example, random@test.exa **** debug string too long - truncated **** -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -14481,7 +14481,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -14653,7 +14653,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -14824,7 +14824,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -14994,7 +14994,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -15163,7 +15163,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -15331,7 +15331,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -15498,7 +15498,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -15664,7 +15664,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -15829,7 +15829,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -15993,7 +15993,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -16156,7 +16156,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -16318,7 +16318,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -16479,7 +16479,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -16639,7 +16639,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -16798,7 +16798,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -16956,7 +16956,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -17113,7 +17113,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -17269,7 +17269,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -17424,7 +17424,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -17578,7 +17578,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -17731,7 +17731,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -17883,7 +17883,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -18034,7 +18034,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -18184,7 +18184,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -18333,7 +18333,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -18481,7 +18481,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -18628,7 +18628,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -18774,7 +18774,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -18919,7 +18919,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -19063,7 +19063,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -19206,7 +19206,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -19348,7 +19348,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -19489,7 +19489,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -19629,7 +19629,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -19768,7 +19768,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -19906,7 +19906,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -20043,7 +20043,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -20179,7 +20179,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -20314,7 +20314,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -20448,7 +20448,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -20581,7 +20581,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -20713,7 +20713,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -20844,7 +20844,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -20974,7 +20974,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -21103,7 +21103,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -21231,7 +21231,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -21358,7 +21358,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -21484,7 +21484,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -21609,7 +21609,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -21733,7 +21733,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -21856,7 +21856,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -21978,7 +21978,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -22099,7 +22099,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -22219,7 +22219,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -22338,7 +22338,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -22456,7 +22456,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -22573,7 +22573,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -22689,7 +22689,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -22804,7 +22804,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -22918,7 +22918,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -23031,7 +23031,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -23143,7 +23143,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -23254,7 +23254,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -23364,7 +23364,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -23473,7 +23473,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -23581,7 +23581,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -23688,7 +23688,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -23794,7 +23794,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -23899,7 +23899,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -24003,7 +24003,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -24106,7 +24106,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -24208,7 +24208,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -24309,7 +24309,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -24409,7 +24409,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -24508,7 +24508,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -24606,7 +24606,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -24703,7 +24703,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -24799,7 +24799,7 @@ remainder: random@test.example, random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -24894,7 +24894,7 @@ To: random@rwtest.example, remainder: random@test.example, random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -24988,7 +24988,7 @@ To: random@rwtest.example, **** debug string too long - truncated **** remainder: random@test.example, random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -25081,7 +25081,7 @@ To: random@rwtest.example, random@rwtest.example, **** debug string too long - truncated **** remainder: random@test.example -address match: subject=random@test.example pattern=*@* +address match test: subject=random@test.example pattern=*@* test.example in "*"? yes (matched "*") random@test.example in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" @@ -25176,7 +25176,7 @@ To: random@rwtest.example, remainder: rewrite_one_header: type=F: From: CALLER_NAME -address match: subject=CALLER@myhost.test.ex pattern=*@* +address match test: subject=CALLER@myhost.test.ex pattern=*@* myhost.test.ex in "*"? yes (matched "*") CALLER@myhost.test.ex in "*@*"? yes (matched "*@*") search_open: lsearch "TESTSUITE/aux-fixed/0471.rw" diff --git a/test/stderr/0473 b/test/stderr/0473 index a29575e16..090335d97 100644 --- a/test/stderr/0473 +++ b/test/stderr/0473 @@ -14,7 +14,7 @@ callout cache: no address record found interface=NULL port=1224 Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready - SMTP>> HELO the.local.host.name + SMTP>> EHLO the.local.host.name SMTP<< 250 OK SMTP>> MAIL FROM:<> SMTP<< 250 OK diff --git a/test/stderr/0476 b/test/stderr/0476 index a0e57bd4a..b6e954eb0 100644 --- a/test/stderr/0476 +++ b/test/stderr/0476 @@ -97,9 +97,6 @@ t1 transport entered usery@test.ex checking status of 127.0.0.1 no message retry record -host retry time not reached: checking ultimate address timeout - now=tttt first_failed=tttt next_try=tttt expired=0 - received_time=tttt diff=tttt timeout=86400 127.0.0.1 [127.0.0.1]:1111 status = unusable all IP addresses skipped or deferred at least one address updating wait-t1 database diff --git a/test/stderr/0479 b/test/stderr/0479 index c890a1f90..92880ddb7 100644 --- a/test/stderr/0479 +++ b/test/stderr/0479 @@ -40,7 +40,7 @@ LOG: MAIN check verify = sender >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Verifying a@b -address match: subject=a@b pattern=a@b +address match test: subject=a@b pattern=a@b b in "b"? yes (matched "b") a@b in "a@b"? yes (matched "a@b") LOG: address_rewrite MAIN diff --git a/test/stderr/0529 b/test/stderr/0529 index 872b37402..49ca6dcaf 100644 --- a/test/stderr/0529 +++ b/test/stderr/0529 @@ -69,7 +69,7 @@ After routing: locking TESTSUITE/spool/db/retry.lockfile retry record exists: age=ttt (max 1w) time to retry = tttt expired = 0 -retry time not reached for TESTSUITE/test-mail/rmbox: checking ultimate address timeout +retry time not reached: checking ultimate address timeout now=tttt first_failed=tttt next_try=tttt expired=0 received_time=tttt diff=tttt timeout=259200 LOG: retry_defer MAIN diff --git a/test/stderr/0543 b/test/stderr/0543 index 655762d0a..3aa07da74 100644 --- a/test/stderr/0543 +++ b/test/stderr/0543 @@ -33,7 +33,7 @@ After routing: locking TESTSUITE/spool/db/retry.lockfile locking TESTSUITE/spool/db/wait-smtp.lockfile LOG: MAIN - => userx@domain1 R=smarthost T=smtp H=thisloop.test.ex [127.0.0.1] + => userx@domain1 R=smarthost T=smtp H=thisloop.test.ex [127.0.0.1] C="250 OK" LOG: MAIN Completed locking TESTSUITE/spool/db/retry.lockfile diff --git a/test/stderr/0554 b/test/stderr/0554 index edd4036c9..17e8f4da4 100644 --- a/test/stderr/0554 +++ b/test/stderr/0554 @@ -75,7 +75,7 @@ reading retry information for R:x@y: from subprocess existing delete item dropped added delete item LOG: MAIN - => x@y R=r1 T=smtp H=127.0.0.1 [127.0.0.1] + => x@y R=r1 T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" Processing retry items Succeeded addresses: x@y diff --git a/test/stderr/2008 b/test/stderr/2008 index b7686e26f..64d0bdc11 100644 --- a/test/stderr/2008 +++ b/test/stderr/2008 @@ -28,7 +28,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1225 ... connected SMTP<< 250 OK id=10HmaZ-0005vi-00 SMTP>> QUIT LOG: MAIN - => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" + => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" LOG: MAIN Completed delivering 10HmaY-0005vi-00 (queue run pid ppppp) @@ -61,9 +61,9 @@ Connecting to 127.0.0.1 [127.0.0.1]:1225 ... connected SMTP<< 250 OK id=10HmbA-0005vi-00 SMTP>> QUIT LOG: MAIN - => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" + => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" LOG: MAIN - -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" + -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" Connecting to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:1225 ... connected SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 SMTP>> EHLO myhost.test.ex @@ -91,7 +91,7 @@ Connecting to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:1225 ... connected SMTP<< 250 OK id=10HmbB-0005vi-00 SMTP>> QUIT LOG: MAIN - => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" + => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00" LOG: MAIN Completed LOG: queue_run MAIN diff --git a/test/stderr/2013 b/test/stderr/2013 index d3cc39f7e..172d98a26 100644 --- a/test/stderr/2013 +++ b/test/stderr/2013 @@ -35,7 +35,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1225 ... connected 250-STARTTLS 250 HELP LOG: MAIN - => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" + => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" LOG: MAIN Completed Exim version x.yz .... @@ -59,7 +59,7 @@ admin user SMTP<< 250 OK id=10HmbA-0005vi-00 SMTP>> QUIT LOG: MAIN - => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" + => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/2108 b/test/stderr/2108 index 74d6a2115..743f7ba71 100644 --- a/test/stderr/2108 +++ b/test/stderr/2108 @@ -28,7 +28,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1225 ... connected SMTP<< 250 OK id=10HmaZ-0005vi-00 SMTP>> QUIT LOG: MAIN - => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" + => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" LOG: MAIN Completed delivering 10HmaY-0005vi-00 (queue run pid ppppp) @@ -61,9 +61,9 @@ Connecting to 127.0.0.1 [127.0.0.1]:1225 ... connected SMTP<< 250 OK id=10HmbA-0005vi-00 SMTP>> QUIT LOG: MAIN - => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" + => CALLER@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" LOG: MAIN - -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" + -> xyz@test.ex R=client T=send_to_server1 H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" Connecting to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:1225 ... connected SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 SMTP>> EHLO myhost.test.ex @@ -91,7 +91,7 @@ Connecting to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:1225 ... connected SMTP<< 250 OK id=10HmbB-0005vi-00 SMTP>> QUIT LOG: MAIN - => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" + => abcd@test.ex R=client T=send_to_server2 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbB-0005vi-00" LOG: MAIN Completed LOG: queue_run MAIN diff --git a/test/stderr/2113 b/test/stderr/2113 index 97afb2870..10c7e8022 100644 --- a/test/stderr/2113 +++ b/test/stderr/2113 @@ -35,7 +35,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1225 ... connected 250-STARTTLS 250 HELP LOG: MAIN - => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" + => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00" LOG: MAIN Completed Exim version x.yz .... @@ -59,7 +59,7 @@ admin user SMTP<< 250 OK id=10HmbA-0005vi-00 SMTP>> QUIT LOG: MAIN - => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" + => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=TLSv1:AES256-SHA:256 DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/2201 b/test/stderr/2201 index ca89d960c..9d70d2a67 100644 --- a/test/stderr/2201 +++ b/test/stderr/2201 @@ -103,7 +103,7 @@ cached data used for lookup of test.ex lookup yielded: A TXT record for test.ex. test.ex in "dnsdb;test.ex"? yes (matched "dnsdb;test.ex") checking senders -address match: subject=CALLER@myhost.test.ex pattern=dnsdb;A=myhost.test.ex +address match test: subject=CALLER@myhost.test.ex pattern=dnsdb;A=myhost.test.ex search_open: dnsdb "NULL" cached open search_find: file="NULL" diff --git a/test/stderr/3404 b/test/stderr/3404 index fa3e33298..8d35b6730 100644 --- a/test/stderr/3404 +++ b/test/stderr/3404 @@ -19,7 +19,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 250 OK SMTP>> QUIT LOG: MAIN - => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] + => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK" LOG: MAIN Completed LOG: MAIN @@ -43,7 +43,7 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 250 OK SMTP>> QUIT LOG: MAIN - => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] + => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=plain C="250 OK" LOG: MAIN Completed LOG: MAIN @@ -71,6 +71,6 @@ Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 250 OK SMTP>> QUIT LOG: MAIN - => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] + => userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] A=login C="250 OK" LOG: MAIN Completed diff --git a/test/stderr/5005 b/test/stderr/5005 index e27fbfaac..e61cc77b9 100644 --- a/test/stderr/5005 +++ b/test/stderr/5005 @@ -493,7 +493,7 @@ locked TESTSUITE/spool/db/retry.lockfile EXIM_DBOPEN(TESTSUITE/spool/db/retry) returned from EXIM_DBOPEN opened hints database TESTSUITE/spool/db/retry: flags=O_RDWR -address match: subject=userx@test.ex pattern=* +address match test: subject=userx@test.ex pattern=* test.ex in "*"? yes (matched "*") userx@test.ex in "*"? yes (matched "*") retry for T:userx@test.ex = * 0 0 @@ -665,7 +665,7 @@ locked TESTSUITE/spool/db/retry.lockfile EXIM_DBOPEN(TESTSUITE/spool/db/retry) returned from EXIM_DBOPEN opened hints database TESTSUITE/spool/db/retry: flags=O_RDWR -address match: subject=userx@test.ex pattern=* +address match test: subject=userx@test.ex pattern=* test.ex in "*"? yes (matched "*") userx@test.ex in "*"? yes (matched "*") retry for T:userx@test.ex = * 0 0 diff --git a/test/stderr/5400 b/test/stderr/5400 new file mode 100644 index 000000000..bc3dba5dd --- /dev/null +++ b/test/stderr/5400 @@ -0,0 +1,165 @@ +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user +LOG: smtp_connection MAIN + SMTP connection from CALLER +using ACL "ar" +processing "accept" +check control = cutthrough_delivery +check logwrite = rcpt for $local_part@$domain + = rcpt for userx@domain.com +LOG: MAIN + rcpt for userx@domain.com +created log directory TESTSUITE/spool/log +accept: condition test succeeded in ACL "ar" +----------- start cutthrough setup ------------ +Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected + SMTP<< 220 ESMTP + SMTP>> EHLO myhost.test.ex + SMTP<< 250 OK + SMTP>> MAIL FROM: + SMTP<< 250 Sender OK + SMTP>> RCPT TO: + SMTP<< 250 Recipient OK +----------- end cutthrough setup ------------ +processing "accept" +accept: condition test succeeded in inline ACL + SMTP>> DATA + SMTP<< 354 Send data + SMTP>>(nl) + SMTP>> . + SMTP<< 250 OK +LOG: MAIN + >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" + SMTP>> QUIT +----------- cutthrough shutdown (delivered) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: MAIN + Completed +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user +LOG: smtp_connection MAIN + SMTP connection from CALLER +using ACL "ar" +processing "accept" +check control = cutthrough_delivery +check logwrite = rcpt for $local_part@$domain + = rcpt for userz@domain.com +LOG: MAIN + rcpt for userz@domain.com +accept: condition test succeeded in ACL "ar" +----------- start cutthrough setup ------------ +Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected + SMTP<< 220 SMTP only spoken here + SMTP>> EHLO myhost.test.ex + SMTP<< 550 Not here, mate + SMTP>> HELO myhost.test.ex + SMTP<< 250 OK + SMTP>> MAIL FROM: + SMTP<< 250 Sender OK + SMTP>> RCPT TO: + SMTP<< 250 Recipient OK +----------- end cutthrough setup ------------ +processing "accept" +accept: condition test succeeded in inline ACL + SMTP>> DATA + SMTP<< 354 Send data + SMTP>>(nl) + SMTP>> . + SMTP<< 250 OK +LOG: MAIN + >> userz@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" + SMTP>> QUIT +----------- cutthrough shutdown (delivered) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: MAIN + Completed +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user +LOG: smtp_connection MAIN + SMTP connection from CALLER +using ACL "ar" +processing "accept" +check control = cutthrough_delivery +check logwrite = rcpt for $local_part@$domain + = rcpt for usery@domain.com +LOG: MAIN + rcpt for usery@domain.com +accept: condition test succeeded in ACL "ar" +----------- start cutthrough setup ------------ +Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected + SMTP<< 220 ESMTP + SMTP>> EHLO myhost.test.ex + SMTP<< 250 OK + SMTP>> MAIL FROM: + SMTP<< 250 Sender OK + SMTP>> RCPT TO: + SMTP<< 250 Recipient OK +----------- end cutthrough setup ------------ +using ACL "ar" +processing "accept" +check control = cutthrough_delivery +check logwrite = rcpt for $local_part@$domain + = rcpt for userx@domain.com +LOG: MAIN + rcpt for userx@domain.com +accept: condition test succeeded in ACL "ar" + SMTP>> QUIT +----------- cutthrough shutdown (more than one recipient) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> +Exim version x.yz .... +configuration file is TESTSUITE/test-config +trusted user +admin user +skipping ACL configuration - not needed +>>>>>>>>>>>>>>>> Remote deliveries >>>>>>>>>>>>>>>> +--------> usery@domain.com <-------- +smtp transport entered + usery@domain.com + userx@domain.com +checking status of 127.0.0.1 +127.0.0.1 [127.0.0.1]:1111 status = usable +delivering 10HmaZ-0005vi-00 to 127.0.0.1 [127.0.0.1] (usery@domain.com, ...) +Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected + SMTP<< 220 ESMTP + SMTP>> EHLO myhost.test.ex + SMTP<< 250 OK +not using PIPELINING + SMTP>> MAIL FROM: + SMTP<< 250 Sender OK + SMTP>> RCPT TO: + SMTP<< 250 Recipient OK + SMTP>> RCPT TO: + SMTP<< 250 Recipient OK + SMTP>> DATA + SMTP<< 354 Send data + SMTP>> writing message and terminating "." +writing data block fd=dddd size=sss timeout=300 + SMTP<< 250 OK +ok=1 send_quit=1 send_rset=0 continue_more=0 yield=0 first_address is NULL +transport_check_waiting entered + sequence=1 local_max=500 global_max=-1 +no messages waiting for 127.0.0.1 + SMTP>> QUIT +Leaving smtp transport +LOG: MAIN + => usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +LOG: MAIN + -> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +LOG: MAIN + Completed +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/5401 b/test/stderr/5401 new file mode 100644 index 000000000..135c11ace --- /dev/null +++ b/test/stderr/5401 @@ -0,0 +1,40 @@ +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user +LOG: smtp_connection MAIN + SMTP connection from CALLER +using ACL "acl_rcpt" +processing "accept" +check control = cutthrough_delivery +check verify = recipient +----------- end verify ------------ +accept: condition test succeeded in ACL "acl_rcpt" +----------- start cutthrough setup ------------ +Connecting to 127.0.0.1 [127.0.0.1]:1224 from ip4.ip4.ip4.ip4 ... connected + SMTP<< 220 ESMTP + SMTP>> EHLO myhost.test.ex + SMTP<< 250 OK + SMTP>> MAIL FROM: + SMTP<< 250 Sender OK + SMTP>> RCPT TO: + SMTP<< 250 Recipient OK +----------- end cutthrough setup ------------ +processing "accept" +accept: condition test succeeded in inline ACL + SMTP>> DATA + SMTP<< 354 Send data + SMTP>>(nl) + SMTP>> . + SMTP<< 250 OK +LOG: MAIN + >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK" +created log directory TESTSUITE/spool/log + SMTP>> QUIT +----------- cutthrough shutdown (delivered) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: MAIN + Completed +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/5402 b/test/stderr/5402 new file mode 100644 index 000000000..7babe3546 --- /dev/null +++ b/test/stderr/5402 @@ -0,0 +1,274 @@ +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user + in hosts_connection_nolog? no (option unset) +LOG: smtp_connection MAIN + SMTP connection from CALLER +expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full + result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 + in pipelining_advertise_hosts? yes (matched "*") + in tls_advertise_hosts? yes (matched "*") +expanding: SERVER + result: SERVER +expanding: server + result: server +condition: eq {SERVER}{server} + result: false +expanding: queue + result: queue +skipping: result is not used +expanding: cutthrough + result: cutthrough +expanding: ${if eq {SERVER}{server}{queue}{cutthrough}} + result: cutthrough +using ACL "cutthrough" +processing "accept" +check control = cutthrough_delivery +check verify = recipient +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: userx +domain.com in "*"? yes (matched "*") +----------- end verify ------------ +accept: condition test succeeded in ACL "cutthrough" +----------- start cutthrough setup ------------ +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: userx +domain.com in "*"? yes (matched "*") +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +expanding: $primary_hostname + result: myhost.test.ex + SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +127.0.0.1 in hosts_avoid_esmtp? no (option unset) + SMTP>> EHLO myhost.test.ex + SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4] + 250-SIZE 52428800 + 250-8BITMIME + 250-PIPELINING + 250-STARTTLS + 250 HELP +expanding: $address_data + result: userx +expanding: usery + result: usery +condition: eq {$address_data}{usery} + result: false +expanding: * + result: * +skipping: result is not used +expanding: : + result: : +expanding: ${if eq {$address_data}{usery}{*}{:}} + result: : +127.0.0.1 in hosts_avoid_tls? no (end of list) + SMTP>> STARTTLS + SMTP<< 220 TLS go ahead + SMTP>> EHLO myhost.test.ex + SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4] + 250-SIZE 52428800 + 250-8BITMIME + 250-PIPELINING + 250 HELP + SMTP>> MAIL FROM: + SMTP<< 250 OK + SMTP>> RCPT TO: + SMTP<< 250 Accepted +----------- end cutthrough setup ------------ +processing "accept" +accept: condition test succeeded in inline ACL + SMTP>> DATA + SMTP<< 354 Enter message, ending with "." on a line by itself +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 +condition: def:sender_rcvhost + result: false +expanding: from $sender_rcvhost + + result: from + +skipping: result is not used +condition: def:sender_ident + result: true +expanding: $sender_ident + result: CALLER +expanding: from ${quote_local_part:$sender_ident} + result: from CALLER +condition: def:sender_helo_name + result: true +expanding: (helo=$sender_helo_name) + + result: (helo=myhost.test.ex) + +expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) + }} + result: from CALLER (helo=myhost.test.ex) + +condition: def:received_protocol + result: true +expanding: with $received_protocol + result: with local-esmtp +condition: def:sender_address + result: true +expanding: (envelope-from <$sender_address>) + + result: (envelope-from ) + +condition: def:received_for + result: true +expanding: + for $received_for + result: + for userx@domain.com +PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 + SMTP>> . + SMTP<< 250 OK id=10HmaX-0005vi-00 +LOG: MAIN + >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaX-0005vi-00" + SMTP>> QUIT +----------- cutthrough shutdown (delivered) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: MAIN + Completed +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user + in hosts_connection_nolog? no (option unset) +LOG: smtp_connection MAIN + SMTP connection from CALLER +expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full + result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 + in pipelining_advertise_hosts? yes (matched "*") + in tls_advertise_hosts? yes (matched "*") +expanding: SERVER + result: SERVER +expanding: server + result: server +condition: eq {SERVER}{server} + result: false +expanding: queue + result: queue +skipping: result is not used +expanding: cutthrough + result: cutthrough +expanding: ${if eq {SERVER}{server}{queue}{cutthrough}} + result: cutthrough +using ACL "cutthrough" +processing "accept" +check control = cutthrough_delivery +check verify = recipient +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: usery +domain.com in "*"? yes (matched "*") +----------- end verify ------------ +accept: condition test succeeded in ACL "cutthrough" +----------- start cutthrough setup ------------ +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: usery +domain.com in "*"? yes (matched "*") +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +expanding: $primary_hostname + result: myhost.test.ex + SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +127.0.0.1 in hosts_avoid_esmtp? no (option unset) + SMTP>> EHLO myhost.test.ex + SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4] + 250-SIZE 52428800 + 250-8BITMIME + 250-PIPELINING + 250-STARTTLS + 250 HELP +expanding: $address_data + result: usery +expanding: usery + result: usery +condition: eq {$address_data}{usery} + result: true +expanding: * + result: * +expanding: : + result: : +skipping: result is not used +expanding: ${if eq {$address_data}{usery}{*}{:}} + result: * +127.0.0.1 in hosts_avoid_tls? yes (matched "*") + SMTP>> MAIL FROM: + SMTP<< 250 OK + SMTP>> RCPT TO: + SMTP<< 250 Accepted +----------- end cutthrough setup ------------ +processing "accept" +accept: condition test succeeded in inline ACL + SMTP>> DATA + SMTP<< 354 Enter message, ending with "." on a line by itself +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 +condition: def:sender_rcvhost + result: false +expanding: from $sender_rcvhost + + result: from + +skipping: result is not used +condition: def:sender_ident + result: true +expanding: $sender_ident + result: CALLER +expanding: from ${quote_local_part:$sender_ident} + result: from CALLER +condition: def:sender_helo_name + result: true +expanding: (helo=$sender_helo_name) + + result: (helo=myhost.test.ex) + +expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) + }} + result: from CALLER (helo=myhost.test.ex) + +condition: def:received_protocol + result: true +expanding: with $received_protocol + result: with local-esmtp +condition: def:sender_address + result: true +expanding: (envelope-from <$sender_address>) + + result: (envelope-from ) + +condition: def:received_for + result: true +expanding: + for $received_for + result: + for usery@domain.com +PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 + SMTP>> . + SMTP<< 250 OK id=10HmaZ-0005vi-00 +LOG: MAIN + >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" + SMTP>> QUIT +----------- cutthrough shutdown (delivered) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: MAIN + Completed +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> + +******** SERVER ******** diff --git a/test/stderr/5410 b/test/stderr/5410 new file mode 100644 index 000000000..40ef77c4a --- /dev/null +++ b/test/stderr/5410 @@ -0,0 +1,423 @@ +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user + in hosts_connection_nolog? no (option unset) +LOG: smtp_connection MAIN + SMTP connection from CALLER +expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full + result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 + in pipelining_advertise_hosts? yes (matched "*") + in tls_advertise_hosts? yes (matched "*") +expanding: SERVER + result: SERVER +expanding: server + result: server +condition: eq {SERVER}{server} + result: false +expanding: queue + result: queue +skipping: result is not used +expanding: cutthrough + result: cutthrough +expanding: ${if eq {SERVER}{server}{queue}{cutthrough}} + result: cutthrough +using ACL "cutthrough" +processing "accept" +check control = cutthrough_delivery +check verify = recipient +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: userx +domain.com in "*"? yes (matched "*") +----------- end verify ------------ +accept: condition test succeeded in ACL "cutthrough" +----------- start cutthrough setup ------------ +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: userx +domain.com in "*"? yes (matched "*") +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +expanding: $primary_hostname + result: myhost.test.ex + SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +127.0.0.1 in hosts_avoid_esmtp? no (option unset) + SMTP>> EHLO myhost.test.ex + SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4] + 250-SIZE 52428800 + 250-8BITMIME + 250-PIPELINING + 250-STARTTLS + 250 HELP +expanding: $address_data + result: userx +expanding: usery + result: usery +condition: eq {$address_data}{usery} + result: false +expanding: * + result: * +skipping: result is not used +expanding: : + result: : +expanding: ${if eq {$address_data}{usery}{*}{:}} + result: : +127.0.0.1 in hosts_avoid_tls? no (end of list) +expanding: $address_data + result: userx +expanding: userz + result: userz +condition: eq {$address_data}{userz} + result: false +expanding: * + result: * +skipping: result is not used +expanding: : + result: : +expanding: ${if eq {$address_data}{userz}{*}{:}} + result: : +127.0.0.1 in hosts_verify_avoid_tls? no (end of list) + SMTP>> STARTTLS + SMTP<< 220 TLS go ahead + SMTP>> EHLO myhost.test.ex + SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4] + 250-SIZE 52428800 + 250-8BITMIME + 250-PIPELINING + 250 HELP +127.0.0.1 in hosts_require_auth? no (option unset) + SMTP>> MAIL FROM: + SMTP<< 250 OK + SMTP>> RCPT TO: + SMTP<< 250 Accepted +----------- end cutthrough setup ------------ +processing "accept" +accept: condition test succeeded in inline ACL + SMTP>> DATA + SMTP<< 354 Enter message, ending with "." on a line by itself +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 +condition: def:sender_rcvhost + result: false +expanding: from $sender_rcvhost + + result: from + +skipping: result is not used +condition: def:sender_ident + result: true +expanding: $sender_ident + result: CALLER +expanding: from ${quote_local_part:$sender_ident} + result: from CALLER +condition: def:sender_helo_name + result: true +expanding: (helo=$sender_helo_name) + + result: (helo=myhost.test.ex) + +expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) + }} + result: from CALLER (helo=myhost.test.ex) + +condition: def:received_protocol + result: true +expanding: with $received_protocol + result: with local-esmtp +condition: def:sender_address + result: true +expanding: (envelope-from <$sender_address>) + + result: (envelope-from ) + +condition: def:received_for + result: true +expanding: + for $received_for + result: + for userx@domain.com +PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 + SMTP>> . + SMTP<< 250 OK id=10HmaX-0005vi-00 +LOG: MAIN + >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 C="250 OK id=10HmaX-0005vi-00" + SMTP>> QUIT +----------- cutthrough shutdown (delivered) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: MAIN + Completed +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user + in hosts_connection_nolog? no (option unset) +LOG: smtp_connection MAIN + SMTP connection from CALLER +expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full + result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 + in pipelining_advertise_hosts? yes (matched "*") + in tls_advertise_hosts? yes (matched "*") +expanding: SERVER + result: SERVER +expanding: server + result: server +condition: eq {SERVER}{server} + result: false +expanding: queue + result: queue +skipping: result is not used +expanding: cutthrough + result: cutthrough +expanding: ${if eq {SERVER}{server}{queue}{cutthrough}} + result: cutthrough +using ACL "cutthrough" +processing "accept" +check control = cutthrough_delivery +check verify = recipient +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: usery +domain.com in "*"? yes (matched "*") +----------- end verify ------------ +accept: condition test succeeded in ACL "cutthrough" +----------- start cutthrough setup ------------ +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: usery +domain.com in "*"? yes (matched "*") +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +expanding: $primary_hostname + result: myhost.test.ex + SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +127.0.0.1 in hosts_avoid_esmtp? no (option unset) + SMTP>> EHLO myhost.test.ex + SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4] + 250-SIZE 52428800 + 250-8BITMIME + 250-PIPELINING + 250-STARTTLS + 250 HELP +expanding: $address_data + result: usery +expanding: usery + result: usery +condition: eq {$address_data}{usery} + result: true +expanding: * + result: * +expanding: : + result: : +skipping: result is not used +expanding: ${if eq {$address_data}{usery}{*}{:}} + result: * +127.0.0.1 in hosts_avoid_tls? yes (matched "*") +127.0.0.1 in hosts_require_auth? no (option unset) + SMTP>> MAIL FROM: + SMTP<< 250 OK + SMTP>> RCPT TO: + SMTP<< 250 Accepted +----------- end cutthrough setup ------------ +processing "accept" +accept: condition test succeeded in inline ACL + SMTP>> DATA + SMTP<< 354 Enter message, ending with "." on a line by itself +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 +condition: def:sender_rcvhost + result: false +expanding: from $sender_rcvhost + + result: from + +skipping: result is not used +condition: def:sender_ident + result: true +expanding: $sender_ident + result: CALLER +expanding: from ${quote_local_part:$sender_ident} + result: from CALLER +condition: def:sender_helo_name + result: true +expanding: (helo=$sender_helo_name) + + result: (helo=myhost.test.ex) + +expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) + }} + result: from CALLER (helo=myhost.test.ex) + +condition: def:received_protocol + result: true +expanding: with $received_protocol + result: with local-esmtp +condition: def:sender_address + result: true +expanding: (envelope-from <$sender_address>) + + result: (envelope-from ) + +condition: def:received_for + result: true +expanding: + for $received_for + result: + for usery@domain.com +PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 + SMTP>> . + SMTP<< 250 OK id=10HmaZ-0005vi-00 +LOG: MAIN + >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" + SMTP>> QUIT +----------- cutthrough shutdown (delivered) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: MAIN + Completed +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user + in hosts_connection_nolog? no (option unset) +LOG: smtp_connection MAIN + SMTP connection from CALLER +expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full + result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 + in pipelining_advertise_hosts? yes (matched "*") + in tls_advertise_hosts? yes (matched "*") +expanding: SERVER + result: SERVER +expanding: server + result: server +condition: eq {SERVER}{server} + result: false +expanding: queue + result: queue +skipping: result is not used +expanding: cutthrough + result: cutthrough +expanding: ${if eq {SERVER}{server}{queue}{cutthrough}} + result: cutthrough +using ACL "cutthrough" +processing "accept" +check control = cutthrough_delivery +check verify = recipient +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: usery +domain.com in "*"? yes (matched "*") +----------- end verify ------------ +accept: condition test succeeded in ACL "cutthrough" +----------- start cutthrough setup ------------ +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: usery +domain.com in "*"? yes (matched "*") +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +expanding: $primary_hostname + result: myhost.test.ex + SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +127.0.0.1 in hosts_avoid_esmtp? no (option unset) + SMTP>> EHLO myhost.test.ex + SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4] + 250-SIZE 52428800 + 250-8BITMIME + 250-PIPELINING + 250-STARTTLS + 250 HELP +expanding: $address_data + result: usery +expanding: usery + result: usery +condition: eq {$address_data}{usery} + result: true +expanding: * + result: * +expanding: : + result: : +skipping: result is not used +expanding: ${if eq {$address_data}{usery}{*}{:}} + result: * +127.0.0.1 in hosts_avoid_tls? yes (matched "*") +127.0.0.1 in hosts_require_auth? no (option unset) + SMTP>> MAIL FROM: + SMTP<< 250 OK + SMTP>> RCPT TO: + SMTP<< 250 Accepted +----------- end cutthrough setup ------------ +processing "accept" +accept: condition test succeeded in inline ACL + SMTP>> DATA + SMTP<< 354 Enter message, ending with "." on a line by itself +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 +condition: def:sender_rcvhost + result: false +expanding: from $sender_rcvhost + + result: from + +skipping: result is not used +condition: def:sender_ident + result: true +expanding: $sender_ident + result: CALLER +expanding: from ${quote_local_part:$sender_ident} + result: from CALLER +condition: def:sender_helo_name + result: true +expanding: (helo=$sender_helo_name) + + result: (helo=myhost.test.ex) + +expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) + }} + result: from CALLER (helo=myhost.test.ex) + +condition: def:received_protocol + result: true +expanding: with $received_protocol + result: with local-esmtp +condition: def:sender_address + result: true +expanding: (envelope-from <$sender_address>) + + result: (envelope-from ) + +condition: def:received_for + result: true +expanding: + for $received_for + result: + for usery@domain.com +PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 + SMTP>> . + SMTP<< 250 OK id=10HmbB-0005vi-00 +LOG: MAIN + >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00" + SMTP>> QUIT +----------- cutthrough shutdown (delivered) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: MAIN + Completed +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> + +******** SERVER ******** diff --git a/test/stderr/5420 b/test/stderr/5420 new file mode 100644 index 000000000..1e4de9688 --- /dev/null +++ b/test/stderr/5420 @@ -0,0 +1,423 @@ +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user + in hosts_connection_nolog? no (option unset) +LOG: smtp_connection MAIN + SMTP connection from CALLER +expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full + result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 + in pipelining_advertise_hosts? yes (matched "*") + in tls_advertise_hosts? yes (matched "*") +expanding: SERVER + result: SERVER +expanding: server + result: server +condition: eq {SERVER}{server} + result: false +expanding: queue + result: queue +skipping: result is not used +expanding: cutthrough + result: cutthrough +expanding: ${if eq {SERVER}{server}{queue}{cutthrough}} + result: cutthrough +using ACL "cutthrough" +processing "accept" +check control = cutthrough_delivery +check verify = recipient +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: userx +domain.com in "*"? yes (matched "*") +----------- end verify ------------ +accept: condition test succeeded in ACL "cutthrough" +----------- start cutthrough setup ------------ +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: userx +domain.com in "*"? yes (matched "*") +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +expanding: $primary_hostname + result: myhost.test.ex + SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +127.0.0.1 in hosts_avoid_esmtp? no (option unset) + SMTP>> EHLO myhost.test.ex + SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4] + 250-SIZE 52428800 + 250-8BITMIME + 250-PIPELINING + 250-STARTTLS + 250 HELP +expanding: $address_data + result: userx +expanding: usery + result: usery +condition: eq {$address_data}{usery} + result: false +expanding: * + result: * +skipping: result is not used +expanding: : + result: : +expanding: ${if eq {$address_data}{usery}{*}{:}} + result: : +127.0.0.1 in hosts_avoid_tls? no (end of list) +expanding: $address_data + result: userx +expanding: userz + result: userz +condition: eq {$address_data}{userz} + result: false +expanding: * + result: * +skipping: result is not used +expanding: : + result: : +expanding: ${if eq {$address_data}{userz}{*}{:}} + result: : +127.0.0.1 in hosts_verify_avoid_tls? no (end of list) + SMTP>> STARTTLS + SMTP<< 220 TLS go ahead + SMTP>> EHLO myhost.test.ex + SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4] + 250-SIZE 52428800 + 250-8BITMIME + 250-PIPELINING + 250 HELP +127.0.0.1 in hosts_require_auth? no (option unset) + SMTP>> MAIL FROM: + SMTP<< 250 OK + SMTP>> RCPT TO: + SMTP<< 250 Accepted +----------- end cutthrough setup ------------ +processing "accept" +accept: condition test succeeded in inline ACL + SMTP>> DATA + SMTP<< 354 Enter message, ending with "." on a line by itself +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 +condition: def:sender_rcvhost + result: false +expanding: from $sender_rcvhost + + result: from + +skipping: result is not used +condition: def:sender_ident + result: true +expanding: $sender_ident + result: CALLER +expanding: from ${quote_local_part:$sender_ident} + result: from CALLER +condition: def:sender_helo_name + result: true +expanding: (helo=$sender_helo_name) + + result: (helo=myhost.test.ex) + +expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) + }} + result: from CALLER (helo=myhost.test.ex) + +condition: def:received_protocol + result: true +expanding: with $received_protocol + result: with local-esmtp +condition: def:sender_address + result: true +expanding: (envelope-from <$sender_address>) + + result: (envelope-from ) + +condition: def:received_for + result: true +expanding: + for $received_for + result: + for userx@domain.com +PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 + SMTP>> . + SMTP<< 250 OK id=10HmaX-0005vi-00 +LOG: MAIN + >> userx@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 C="250 OK id=10HmaX-0005vi-00" + SMTP>> QUIT +----------- cutthrough shutdown (delivered) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: MAIN + Completed +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user + in hosts_connection_nolog? no (option unset) +LOG: smtp_connection MAIN + SMTP connection from CALLER +expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full + result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 + in pipelining_advertise_hosts? yes (matched "*") + in tls_advertise_hosts? yes (matched "*") +expanding: SERVER + result: SERVER +expanding: server + result: server +condition: eq {SERVER}{server} + result: false +expanding: queue + result: queue +skipping: result is not used +expanding: cutthrough + result: cutthrough +expanding: ${if eq {SERVER}{server}{queue}{cutthrough}} + result: cutthrough +using ACL "cutthrough" +processing "accept" +check control = cutthrough_delivery +check verify = recipient +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: usery +domain.com in "*"? yes (matched "*") +----------- end verify ------------ +accept: condition test succeeded in ACL "cutthrough" +----------- start cutthrough setup ------------ +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: usery +domain.com in "*"? yes (matched "*") +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +expanding: $primary_hostname + result: myhost.test.ex + SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +127.0.0.1 in hosts_avoid_esmtp? no (option unset) + SMTP>> EHLO myhost.test.ex + SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4] + 250-SIZE 52428800 + 250-8BITMIME + 250-PIPELINING + 250-STARTTLS + 250 HELP +expanding: $address_data + result: usery +expanding: usery + result: usery +condition: eq {$address_data}{usery} + result: true +expanding: * + result: * +expanding: : + result: : +skipping: result is not used +expanding: ${if eq {$address_data}{usery}{*}{:}} + result: * +127.0.0.1 in hosts_avoid_tls? yes (matched "*") +127.0.0.1 in hosts_require_auth? no (option unset) + SMTP>> MAIL FROM: + SMTP<< 250 OK + SMTP>> RCPT TO: + SMTP<< 250 Accepted +----------- end cutthrough setup ------------ +processing "accept" +accept: condition test succeeded in inline ACL + SMTP>> DATA + SMTP<< 354 Enter message, ending with "." on a line by itself +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 +condition: def:sender_rcvhost + result: false +expanding: from $sender_rcvhost + + result: from + +skipping: result is not used +condition: def:sender_ident + result: true +expanding: $sender_ident + result: CALLER +expanding: from ${quote_local_part:$sender_ident} + result: from CALLER +condition: def:sender_helo_name + result: true +expanding: (helo=$sender_helo_name) + + result: (helo=myhost.test.ex) + +expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) + }} + result: from CALLER (helo=myhost.test.ex) + +condition: def:received_protocol + result: true +expanding: with $received_protocol + result: with local-esmtp +condition: def:sender_address + result: true +expanding: (envelope-from <$sender_address>) + + result: (envelope-from ) + +condition: def:received_for + result: true +expanding: + for $received_for + result: + for usery@domain.com +PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 + SMTP>> . + SMTP<< 250 OK id=10HmaZ-0005vi-00 +LOG: MAIN + >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" + SMTP>> QUIT +----------- cutthrough shutdown (delivered) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: MAIN + Completed +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> +Exim version x.yz .... +configuration file is TESTSUITE/test-config +admin user + in hosts_connection_nolog? no (option unset) +LOG: smtp_connection MAIN + SMTP connection from CALLER +expanding: $smtp_active_hostname ESMTP Exim $version_number $tod_full + result: myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 + in pipelining_advertise_hosts? yes (matched "*") + in tls_advertise_hosts? yes (matched "*") +expanding: SERVER + result: SERVER +expanding: server + result: server +condition: eq {SERVER}{server} + result: false +expanding: queue + result: queue +skipping: result is not used +expanding: cutthrough + result: cutthrough +expanding: ${if eq {SERVER}{server}{queue}{cutthrough}} + result: cutthrough +using ACL "cutthrough" +processing "accept" +check control = cutthrough_delivery +check verify = recipient +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: usery +domain.com in "*"? yes (matched "*") +----------- end verify ------------ +accept: condition test succeeded in ACL "cutthrough" +----------- start cutthrough setup ------------ +domain.com in "test.ex : *.test.ex"? no (end of list) +domain.com in "! +local_domains"? yes (end of list) +expanding: $local_part + result: usery +domain.com in "*"? yes (matched "*") +Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ... connected +expanding: $primary_hostname + result: myhost.test.ex + SMTP<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +127.0.0.1 in hosts_avoid_esmtp? no (option unset) + SMTP>> EHLO myhost.test.ex + SMTP<< 250-myhost.test.ex Hello the.local.host.name [ip4.ip4.ip4.ip4] + 250-SIZE 52428800 + 250-8BITMIME + 250-PIPELINING + 250-STARTTLS + 250 HELP +expanding: $address_data + result: usery +expanding: usery + result: usery +condition: eq {$address_data}{usery} + result: true +expanding: * + result: * +expanding: : + result: : +skipping: result is not used +expanding: ${if eq {$address_data}{usery}{*}{:}} + result: * +127.0.0.1 in hosts_avoid_tls? yes (matched "*") +127.0.0.1 in hosts_require_auth? no (option unset) + SMTP>> MAIL FROM: + SMTP<< 250 OK + SMTP>> RCPT TO: + SMTP<< 250 Accepted +----------- end cutthrough setup ------------ +processing "accept" +accept: condition test succeeded in inline ACL + SMTP>> DATA + SMTP<< 354 Enter message, ending with "." on a line by itself +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 +condition: def:sender_rcvhost + result: false +expanding: from $sender_rcvhost + + result: from + +skipping: result is not used +condition: def:sender_ident + result: true +expanding: $sender_ident + result: CALLER +expanding: from ${quote_local_part:$sender_ident} + result: from CALLER +condition: def:sender_helo_name + result: true +expanding: (helo=$sender_helo_name) + + result: (helo=myhost.test.ex) + +expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) + }} + result: from CALLER (helo=myhost.test.ex) + +condition: def:received_protocol + result: true +expanding: with $received_protocol + result: with local-esmtp +condition: def:sender_address + result: true +expanding: (envelope-from <$sender_address>) + + result: (envelope-from ) + +condition: def:received_for + result: true +expanding: + for $received_for + result: + for usery@domain.com +PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< +expanding: ${tod_full} + result: Tue, 2 Mar 1999 09:44:33 +0000 + SMTP>> . + SMTP<< 250 OK id=10HmbB-0005vi-00 +LOG: MAIN + >> usery@domain.com R=all T=smtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmbB-0005vi-00" + SMTP>> QUIT +----------- cutthrough shutdown (delivered) ------------ +LOG: MAIN + <= CALLER@myhost.test.ex U=CALLER P=local-esmtp S=sss +LOG: MAIN + Completed +LOG: smtp_connection MAIN + SMTP connection from CALLER closed by QUIT +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> + +******** SERVER ******** diff --git a/test/stderr/5500 b/test/stderr/5500 new file mode 100644 index 000000000..045fadc9b --- /dev/null +++ b/test/stderr/5500 @@ -0,0 +1,2 @@ + +******** SERVER ******** diff --git a/test/stderr/5600 b/test/stderr/5600 new file mode 100644 index 000000000..045fadc9b --- /dev/null +++ b/test/stderr/5600 @@ -0,0 +1,2 @@ + +******** SERVER ******** diff --git a/test/stderr/5601 b/test/stderr/5601 new file mode 100644 index 000000000..045fadc9b --- /dev/null +++ b/test/stderr/5601 @@ -0,0 +1,2 @@ + +******** SERVER ******** diff --git a/test/stderr/9901 b/test/stderr/9901 index 53fe15d6a..329666f04 100644 --- a/test/stderr/9901 +++ b/test/stderr/9901 @@ -35,7 +35,7 @@ After routing: locking TESTSUITE/spool/db/retry.lockfile locking TESTSUITE/spool/db/wait-t1.lockfile LOG: MAIN - => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] + => ok@no.delay R=r1 T=t1 H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" LOG: MAIN Completed Exim version x.yz .... diff --git a/test/stdout/0002 b/test/stdout/0002 index c009fbd12..61144f157 100644 --- a/test/stdout/0002 +++ b/test/stdout/0002 @@ -49,6 +49,21 @@ > reduce: 6 > reduce: 9 > +> listnamed: *.aa.bb : ^\Nxxx(.*) +> listnamed: *.aa.bb : ^\Nxxx(.*) +> listnamed: V4NET.11.12.13 : iplsearch;TESTSUITE/aux-fixed/0002.iplsearch +> listnamed: *.aa.bb : ^\Nxxx(.*) : ;; +> listnamed: a : b;c : *.aa.bb : ^\Nxxx(.*) : ;; : 2001::630::212::8::204::::b664 +> Failed: "nolist" is not a named list +> listnamed: *.aa.bb : ^\Nxxx(.*) +> Failed: "hlist" is not a domain named list +> Failed: bad suffix on "list" operator +> +> listcount: 3 +> listcount: 0 +> listcount: 3 +> listcount: 2 +> > # Tests with iscntrl() and illegal separators > > map: 'a' @@ -63,6 +78,21 @@ > > # Operators > +> Failed: missing or misplaced { or } +> Failed: missing or misplaced { or } +> Failed: error from acl "a_nosuch" +> acl: (0) [] [] +> acl: (1) [person@dom.ain] [] +> acl: (2) [firstarg] [secondarg] +> acl: (1) [arg with spaces] [] +> acl: +> acl: +> acl: (0) [] [] +> acl: (1) [person@dom.ain] [] +> Failed: error from acl "a_defer" +> acl: (2) [new arg1] [top_arg_1] +> acl: (1) [1] [] (1) [2] [] (1) [3] [] (1) [4] [] +> > addrss: local-part@dom.ain > addrss: local-part@dom.ain > domain: dom.ain @@ -220,6 +250,12 @@ > md5: NO > mask: NO > +> # Number suffixes in conditions +> 1k: y +> 1K: y +> 1M: y +> 1G: y +> > # Numeric overflow > # >32b should work, >64b not > @@ -356,6 +392,12 @@ > queue_running after or: y > first_delivery after or: y > +> # acl expansion condition +> acl if: Y:(0) [] [] +> acl if: Y:(1) [argY] [] +> acl if: N:(2) [argN] [arg2] +> Failed: error from acl "a_defer" +> > # Default values for both if strings > > ${if eq{1}{1}} >true< @@ -830,3 +872,6 @@ xyz > match_ip: 15 > match_ip: 16 > +> in list +> in list +> diff --git a/test/stdout/0121 b/test/stdout/0121 index 7ef5e4024..5e3968243 100644 --- a/test/stdout/0121 +++ b/test/stdout/0121 @@ -15,6 +15,11 @@ 550 Sender verify failed 250 Reset OK 250 OK +550-Verification failed for <"unknown with spaces"@test.ex> +550-Unrouteable address +550 Sender verify failed +250 Reset OK +250 OK 250 Accepted 354 Enter message, ending with "." on a line by itself 550 Administrative prohibition diff --git a/test/stdout/0227 b/test/stdout/0227 index 3682f296c..46057c824 100644 --- a/test/stdout/0227 +++ b/test/stdout/0227 @@ -96,7 +96,7 @@ Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -108,7 +108,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -120,7 +120,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -132,7 +132,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 550 Error for <> @@ -142,7 +142,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 550-Multiline error for <> @@ -153,7 +153,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -165,7 +165,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -178,7 +178,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -190,7 +190,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -202,7 +202,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -220,7 +220,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK diff --git a/test/stdout/0376 b/test/stdout/0376 index 342a94ed4..a0af2cb92 100644 --- a/test/stdout/0376 +++ b/test/stdout/0376 @@ -153,7 +153,7 @@ Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -165,7 +165,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -177,7 +177,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 550 REJECT MAIL FROM @@ -187,7 +187,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -205,7 +205,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -223,7 +223,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -235,7 +235,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -247,7 +247,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -271,7 +271,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -289,7 +289,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -301,7 +301,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -319,7 +319,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -331,7 +331,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -349,7 +349,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -359,7 +359,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -377,7 +377,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM: 250 OK @@ -389,7 +389,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -399,7 +399,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -419,7 +419,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM: 250 OK diff --git a/test/stdout/0390 b/test/stdout/0390 index d573699ef..a80e34c38 100644 --- a/test/stdout/0390 +++ b/test/stdout/0390 @@ -69,6 +69,7 @@ check_string = command = /x/y environment = escape_string = +no_force_command no_freeze_exec_fail no_freeze_signal no_ignore_status @@ -122,6 +123,7 @@ check_string = command = /x/y environment = escape_string = +no_force_command no_freeze_exec_fail no_freeze_signal no_ignore_status diff --git a/test/stdout/0398 b/test/stdout/0398 index f65d493b4..882015d49 100644 --- a/test/stdout/0398 +++ b/test/stdout/0398 @@ -27,7 +27,7 @@ Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO mail.test.ex +EHLO mail.test.ex 250 OK MAIL FROM:<> 250 OK @@ -39,7 +39,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO mail.test.ex +EHLO mail.test.ex 250 OK MAIL FROM:<> 250 OK @@ -51,7 +51,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO mail.test.ex +EHLO mail.test.ex 250 OK MAIL FROM:<> 250 OK diff --git a/test/stdout/0413 b/test/stdout/0413 index 18da4529a..5c320fc94 100644 --- a/test/stdout/0413 +++ b/test/stdout/0413 @@ -10,7 +10,7 @@ Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO mail.test.ex +EHLO mail.test.ex 250 OK MAIL FROM:<> 250 OK @@ -22,7 +22,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [ip4.ip4.ip4.ip4] 220 Server ready -HELO mail.test.ex +EHLO mail.test.ex 250 OK MAIL FROM:<> 250 OK @@ -34,7 +34,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO mail.test.ex +EHLO mail.test.ex 250 OK MAIL FROM:<> 250 OK diff --git a/test/stdout/0432 b/test/stdout/0432 index d6ac41709..e36d048a3 100644 --- a/test/stdout/0432 +++ b/test/stdout/0432 @@ -51,7 +51,7 @@ Listening on port 1224 ... Connection request from [127.0.0.1] 220 server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -63,7 +63,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -75,7 +75,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 server ready -HELO myhost.test.ex +EHLO myhost.test.ex *sleep 2 Expected EOF read from client End of script diff --git a/test/stdout/0462 b/test/stdout/0462 index 004a788af..585e2e08f 100644 --- a/test/stdout/0462 +++ b/test/stdout/0462 @@ -31,7 +31,7 @@ Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -49,7 +49,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK @@ -61,7 +61,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO myhost.test.ex +EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK diff --git a/test/stdout/0473 b/test/stdout/0473 index 00112d38d..9fff9a601 100644 --- a/test/stdout/0473 +++ b/test/stdout/0473 @@ -123,7 +123,7 @@ Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO the.local.host.name +EHLO the.local.host.name 250 OK MAIL FROM: 250 OK @@ -135,7 +135,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO the.local.host.name +EHLO the.local.host.name 250 OK MAIL FROM: 250 OK @@ -147,7 +147,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO the.local.host.name +EHLO the.local.host.name 250 OK MAIL FROM: 550 NOTOK @@ -157,7 +157,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO the.local.host.name +EHLO the.local.host.name 250 OK MAIL FROM:<> 250 OK @@ -169,7 +169,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO the.local.host.name +EHLO the.local.host.name 250 OK MAIL FROM: 250 OK @@ -181,7 +181,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 server ready -HELO the.local.host.name +EHLO the.local.host.name 250 OK MAIL FROM: 250 OK @@ -193,7 +193,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 server ready -HELO the.local.host.name +EHLO the.local.host.name 250 OK MAIL FROM:<> 250 OK @@ -205,7 +205,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO the.local.host.name +EHLO the.local.host.name 250 OK MAIL FROM: 250 OK @@ -217,7 +217,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Server ready -HELO the.local.host.name +EHLO the.local.host.name 250 OK MAIL FROM:<> 250 OK diff --git a/test/stdout/0518 b/test/stdout/0518 index e94f8aa09..478b304b4 100644 --- a/test/stdout/0518 +++ b/test/stdout/0518 @@ -14,7 +14,7 @@ Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM:<> 250 OK @@ -26,7 +26,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM:<> 250 OK @@ -38,7 +38,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM:<> 250 OK @@ -50,7 +50,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM:<> 250 OK @@ -62,7 +62,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM:<> 250 OK @@ -74,7 +74,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM:<> 250 OK @@ -86,7 +86,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM:<> 250 OK @@ -98,7 +98,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM:<> 250 OK diff --git a/test/stdout/0527 b/test/stdout/0527 index 180c02a10..98cca1761 100644 --- a/test/stdout/0527 +++ b/test/stdout/0527 @@ -1,22 +1,4 @@ 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 250 OK -550-Verification failed for -550-Called: 127.0.0.1 -550-Sent: RCPT TO: -550-Response: 550 unrouteable address -550 Sender verify failed +451 Could not complete sender verify callout 221 myhost.test.ex closing connection - -******** SERVER ******** -Listening on port 1224 ... -Connection request from [127.0.0.1] -220 Welcome -HELO myhost.test.ex -250 Hi -MAIL FROM:<> -250 OK -RCPT TO: -550 unrouteable address -QUIT -221 Bye -End of script diff --git a/test/stdout/0538 b/test/stdout/0538 index c7bd59226..7a1905817 100644 --- a/test/stdout/0538 +++ b/test/stdout/0538 @@ -29,7 +29,7 @@ Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM:<> 550 I'm misconfigured @@ -39,7 +39,7 @@ End of script Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM: 250 OK diff --git a/test/stdout/0540 b/test/stdout/0540 index 935f990f1..4d788a5e9 100644 --- a/test/stdout/0540 +++ b/test/stdout/0540 @@ -10,7 +10,7 @@ Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO localhost +EHLO localhost 250 Hi MAIL FROM:<> 250 OK @@ -22,7 +22,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO aname +EHLO aname 250 Hi MAIL FROM:<> 250 OK @@ -34,7 +34,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM:<> 250 OK @@ -46,7 +46,7 @@ Expected EOF read from client Listening on port 1224 ... Connection request from [127.0.0.1] 220 Welcome -HELO myhost.test.ex +EHLO myhost.test.ex 250 Hi MAIL FROM:<> 250 OK diff --git a/test/stdout/0566 b/test/stdout/0566 new file mode 100644 index 000000000..d3465d49e --- /dev/null +++ b/test/stdout/0566 @@ -0,0 +1,138 @@ +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +550 SIZE value too big +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +550 SIZE value too big +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaX-0005vi-00 +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaY-0005vi-00 +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaZ-0005vi-00 +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at Testing +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +501 invalid data for BODY +503 sender not yet given +503-All RCPT commands were rejected with this error: +503-503 sender not yet given +503 Valid RCPT command must precede DATA +500 unrecognized command +500 unrecognized command +500-unrecognized command +500 Too many syntax or protocol errors diff --git a/test/stdout/0567 b/test/stdout/0567 new file mode 100644 index 000000000..7d79c1ec7 --- /dev/null +++ b/test/stdout/0567 @@ -0,0 +1,8 @@ +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 OK +250 Accepted +550 Administrative prohibition +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaX-0005vi-00 +221 myhost.test.ex closing connection +451 Temporary local problem - please try later diff --git a/test/stdout/0568 b/test/stdout/0568 new file mode 100644 index 000000000..671998a86 --- /dev/null +++ b/test/stdout/0568 @@ -0,0 +1,82 @@ +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at the.client +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250-AUTH PLAIN +250 HELP +250 OK +250 Accepted +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at the.client +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250-AUTH PLAIN +250 HELP +235 Authentication succeeded +250 OK +250 Accepted +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at the.client +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250-AUTH PLAIN +250 HELP +235 Authentication succeeded +250 OK +250 Accepted +221 myhost.test.ex closing connection + +******** SERVER ******** +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Welcome +EHLO myhost.test.ex +250-wotcher mate +250-AUTH PLAIN +250 Hi +AUTH PLAIN AHVzZXJ4AHNlY3JldA== +250 Oh alright then +MAIL FROM:<> AUTH=brian +250 OK +RCPT TO: +250 OK +QUIT +250 OK +End of script +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Welcome +EHLO myhost.test.ex +250-wotcher mate +250-AUTH PLAIN +250 Hi +AUTH PLAIN AHVzZXJ4AHNlY3JldA== +250 Oh alright then +MAIL FROM:<> AUTH=freddy +250 OK +RCPT TO: +250 OK +QUIT +250 OK +End of script +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Welcome +EHLO myhost.test.ex +250-wotcher mate +250-AUTH PLAIN +250 Hi +AUTH PLAIN AHVzZXJ4AHNlY3JldA== +250 Oh alright then +MAIL FROM:<> AUTH=brian +250 OK +RCPT TO: +250 OK +QUIT +250 OK +End of script diff --git a/test/stdout/2002 b/test/stdout/2002 index 7b2a47fca..a248be7c0 100644 --- a/test/stdout/2002 +++ b/test/stdout/2002 @@ -36,6 +36,44 @@ Succeeded in starting TLS ??? 221 <<< 221 myhost.test.ex closing connection End of script +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +Succeeded in starting TLS +>>> mail from:<"name with spaces"@test.ex> +??? 250 +<<< 250 OK +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> DATA +??? 3 +<<< 354 Enter message, ending with "." on a line by itself +>>> This is a test encrypted message. +>>> . +??? 250 +<<< 250 OK id=10HmaY-0005vi-00 +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 @@ -93,7 +131,7 @@ Succeeded in starting TLS >>> This is a test encrypted message from a verified host. >>> . ??? 250 -<<< 250 OK id=10HmaY-0005vi-00 +<<< 250 OK id=10HmaZ-0005vi-00 >>> quit ??? 221 <<< 221 myhost.test.ex closing connection diff --git a/test/stdout/2102 b/test/stdout/2102 index d3c18a8bf..23c39cdf4 100644 --- a/test/stdout/2102 +++ b/test/stdout/2102 @@ -52,6 +52,60 @@ Succeeded in starting TLS ??? 221 <<< 221 myhost.test.ex closing connection End of script +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL info: before/connect initialization +SSL info: before/connect initialization +SSL info: SSLv2/v3 write client hello A +SSL info: SSLv3 read server hello A +SSL info: SSLv3 read server certificate A +SSL info: SSLv3 read server key exchange A +SSL info: SSLv3 read server done A +SSL info: SSLv3 write client key exchange A +SSL info: SSLv3 write change cipher spec A +SSL info: SSLv3 write finished A +SSL info: SSLv3 flush data +SSL info: SSLv3 read server session ticket A +SSL info: SSLv3 read finished A +SSL info: SSL negotiation finished successfully +SSL info: SSL negotiation finished successfully +SSL connection using AES256-SHA +Succeeded in starting TLS +>>> mail from:<"name with spaces"@test.ex> +??? 250 +<<< 250 OK +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> DATA +??? 3 +<<< 354 Enter message, ending with "." on a line by itself +>>> This is a test encrypted message. +>>> . +??? 250 +<<< 250 OK id=10HmaY-0005vi-00 +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected ??? 220 <<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 @@ -144,7 +198,7 @@ Succeeded in starting TLS >>> This is a test encrypted message from a verified host. >>> . ??? 250 -<<< 250 OK id=10HmaY-0005vi-00 +<<< 250 OK id=10HmaZ-0005vi-00 >>> quit ??? 221 <<< 221 myhost.test.ex closing connection diff --git a/test/stdout/2250 b/test/stdout/2250 index 3b9e93a4a..8a3cf33d1 100644 --- a/test/stdout/2250 +++ b/test/stdout/2250 @@ -1,3 +1,7 @@ > ptr=V6NET:0:12:1:a00:20ff:fe86:a062 testptr-arpa.ipv6.test.ex > ptr=V6NET:0:12:1:a00:20ff:fe86:a062 testptr-arpa.ipv6.test.ex > +> a=46.test.ex V4NET.0.0.4 +> aaaa=46.test.ex V6NET:ffff:836f:a00:a:800:200a:c031 +> a+=46.test.ex V6NET:ffff:836f:a00:a:800:200a:c031;V4NET.0.0.4 +> diff --git a/test/stdout/3407 b/test/stdout/3407 index 73fe5449e..25fb598db 100644 --- a/test/stdout/3407 +++ b/test/stdout/3407 @@ -1,6 +1,7 @@ a1 authenticator: client_condition = +client_set_id = driver = plaintext public_name = PLAIN server_advertise_condition = @@ -14,6 +15,7 @@ server_prompts = a2 authenticator: client_condition = +client_set_id = driver = plaintext public_name = PLAIN server_advertise_condition = @@ -27,6 +29,7 @@ server_prompts = a3 authenticator: client_condition = +client_set_id = driver = plaintext public_name = LOGIN server_advertise_condition = @@ -40,6 +43,7 @@ server_prompts = a4 authenticator: client_condition = +client_set_id = driver = plaintext public_name = LOGIN server_advertise_condition = diff --git a/test/stdout/3450 b/test/stdout/3450 index 3c2ee8a31..1bd2e21d2 100644 --- a/test/stdout/3450 +++ b/test/stdout/3450 @@ -62,7 +62,7 @@ SSL info: SSLv3 flush data SSL info: SSLv3 read finished A SSL info: SSL negotiation finished successfully SSL info: SSL negotiation finished successfully -SSL connection using DHE-RSA-AES256-SHA +SSL connection using AES256-SHA Succeeded in starting TLS >>> ehlo foobar ??? 250- diff --git a/test/stdout/3454 b/test/stdout/3454 index 1deec37c5..ae2eab337 100644 --- a/test/stdout/3454 +++ b/test/stdout/3454 @@ -34,7 +34,7 @@ SSL info: SSLv3 flush data SSL info: SSLv3 read finished A SSL info: SSL negotiation finished successfully SSL info: SSL negotiation finished successfully -SSL connection using DHE-RSA-AES256-SHA +SSL connection using AES256-SHA Succeeded in starting TLS >>> auth plain AHVzZXJ4AHNlY3JldA== ??? 503 @@ -76,7 +76,7 @@ SSL info: SSLv3 flush data SSL info: SSLv3 read finished A SSL info: SSL negotiation finished successfully SSL info: SSL negotiation finished successfully -SSL connection using DHE-RSA-AES256-SHA +SSL connection using AES256-SHA Succeeded in starting TLS >>> ehlo foobar ??? 250-myhost diff --git a/test/stdout/5400 b/test/stdout/5400 new file mode 100644 index 000000000..74c2d2358 --- /dev/null +++ b/test/stdout/5400 @@ -0,0 +1,125 @@ +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaX-0005vi-00 +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaY-0005vi-00 +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaZ-0005vi-00 +221 myhost.test.ex closing connection + +******** SERVER ******** +Listening on port 1224 ... +Connection request from [ip4.ip4.ip4.ip4] +220 ESMTP +EHLO myhost.test.ex +250 OK +MAIL FROM: +250 Sender OK +RCPT TO: +250 Recipient OK +DATA +354 Send data +Received: from CALLER (helo=myhost.test.ex) + by myhost.test.ex with local-esmtp (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00 + for userx@domain.com; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +. +250 OK +QUIT +250 OK +End of script +Listening on port 1224 ... +Connection request from [ip4.ip4.ip4.ip4] +220 SMTP only spoken here +EHLO myhost.test.ex +550 Not here, mate +HELO myhost.test.ex +250 OK +MAIL FROM: +250 Sender OK +RCPT TO: +250 Recipient OK +DATA +354 Send data +Received: from CALLER (helo=myhost.test.ex) + by myhost.test.ex with local-esmtp (Exim x.yz) + (envelope-from ) + id 10HmaY-0005vi-00 + for userz@domain.com; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +. +250 OK +QUIT +250 OK +End of script +Listening on port 1224 ... +Connection request from [ip4.ip4.ip4.ip4] +220 ESMTP +EHLO myhost.test.ex +250 OK +MAIL FROM: +250 Sender OK +RCPT TO: +250 Recipient OK +QUIT +Expected EOF read from client +Listening on port 1224 ... +Connection request from [ip4.ip4.ip4.ip4] +220 ESMTP +EHLO myhost.test.ex +250 OK +MAIL FROM: +250 Sender OK +RCPT TO: +250 Recipient OK +RCPT TO: +250 Recipient OK +DATA +354 Send data +Received: from CALLER (helo=myhost.test.ex) + by myhost.test.ex with local-esmtp (Exim x.yz) + (envelope-from ) + id 10HmaZ-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +. +250 OK +QUIT +250 OK +End of script diff --git a/test/stdout/5401 b/test/stdout/5401 new file mode 100644 index 000000000..1ceb0bffb --- /dev/null +++ b/test/stdout/5401 @@ -0,0 +1,38 @@ +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaX-0005vi-00 +221 myhost.test.ex closing connection + +******** SERVER ******** +Listening on port 1224 ... +Connection request from [ip4.ip4.ip4.ip4] +220 ESMTP +EHLO myhost.test.ex +250 OK +MAIL FROM: +250 Sender OK +RCPT TO: +250 Recipient OK +DATA +354 Send data +Received: from CALLER (helo=myhost.test.ex) + by myhost.test.ex with local-esmtp (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00 + for userx@domain.com; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +. +250 OK +QUIT +250 OK +End of script diff --git a/test/stdout/5402 b/test/stdout/5402 new file mode 100644 index 000000000..252c82917 --- /dev/null +++ b/test/stdout/5402 @@ -0,0 +1,24 @@ +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250-STARTTLS +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaY-0005vi-00 +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250-STARTTLS +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmbA-0005vi-00 +221 myhost.test.ex closing connection diff --git a/test/stdout/5410 b/test/stdout/5410 new file mode 100644 index 000000000..edf01f8ba --- /dev/null +++ b/test/stdout/5410 @@ -0,0 +1,36 @@ +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250-STARTTLS +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaY-0005vi-00 +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250-STARTTLS +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmbA-0005vi-00 +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250-STARTTLS +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmbC-0005vi-00 +221 myhost.test.ex closing connection diff --git a/test/stdout/5420 b/test/stdout/5420 new file mode 100644 index 000000000..edf01f8ba --- /dev/null +++ b/test/stdout/5420 @@ -0,0 +1,36 @@ +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250-STARTTLS +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmaY-0005vi-00 +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250-STARTTLS +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmbA-0005vi-00 +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello CALLER at myhost.test.ex +250-SIZE 52428800 +250-8BITMIME +250-PIPELINING +250-STARTTLS +250 HELP +250 OK +250 Accepted +354 Enter message, ending with "." on a line by itself +250 OK id=10HmbC-0005vi-00 +221 myhost.test.ex closing connection diff --git a/test/stdout/5500 b/test/stdout/5500 new file mode 100644 index 000000000..d5efef741 --- /dev/null +++ b/test/stdout/5500 @@ -0,0 +1,206 @@ +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250-PRDR +<<< 250-PRDR +??? 250 +<<< 250 HELP +>>> mail from:<> PRDR +??? 250 +<<< 250 OK, PRDR Requested +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> data +??? 354 +<<< 354 Enter message, ending with "." on a line by itself +>>> Sender: sender@some.where +>>> . +??? 353 +<<< 353 PRDR content analysis beginning +??? 250 +<<< 250 PRDR R= acceptance +??? 450 +<<< 450 PRDR R= temporary refusal +??? 550 +<<< 550 PRDR R= refusal +??? 250 +<<< 250 id=10HmaY-0005vi-00 message accepted for some recipients +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250-PRDR +<<< 250-PRDR +??? 250 +<<< 250 HELP +>>> mail from:<> PRDR +??? 250 +<<< 250 OK, PRDR Requested +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> data +??? 354 +<<< 354 Enter message, ending with "." on a line by itself +>>> Sender: sender@some.where +>>> . +??? 353 +<<< 353 PRDR content analysis beginning +??? 250 +<<< 250 PRDR R= acceptance +??? 250 +<<< 250 PRDR R= acceptance +??? 550 +<<< 550 Administrative prohibition +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250-PRDR +<<< 250-PRDR +??? 250 +<<< 250 HELP +>>> mail from:<> PRDR +??? 250 +<<< 250 OK, PRDR Requested +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> data +??? 354 +<<< 354 Enter message, ending with "." on a line by itself +>>> Sender: sender@some.where +>>> . +??? 250 +<<< 250 OK id=10HmaZ-0005vi-00 +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250-PRDR +<<< 250-PRDR +??? 250 +<<< 250 HELP +>>> mail from:<> PRDR +??? 250 +<<< 250 OK, PRDR Requested +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> data +??? 354 +<<< 354 Enter message, ending with "." on a line by itself +>>> Sender: sender@some.where +>>> . +??? 353 +<<< 353 PRDR content analysis beginning +??? 450 +<<< 450 PRDR R= temporary refusal +??? 450 +<<< 450 PRDR R= temporary refusal +??? 250 +<<< 250 id=10HmbA-0005vi-00 message accepted for some recipients +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script +Connecting to 127.0.0.1 port 1225 ... connected +??? 220 +<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-myhost.test.ex Hello rhu.barb [127.0.0.1] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250-PRDR +<<< 250-PRDR +??? 250 +<<< 250 HELP +>>> mail from:<> PRDR +??? 250 +<<< 250 OK, PRDR Requested +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> data +??? 354 +<<< 354 Enter message, ending with "." on a line by itself +>>> Sender: sender@some.where +>>> . +??? 353 +<<< 353 PRDR content analysis beginning +??? 550 +<<< 550 PRDR R= refusal +??? 550 +<<< 550 PRDR R= refusal +??? 550 +<<< 550 id=10HmbB-0005vi-00 message rejected for all recipients +>>> quit +??? 221 +<<< 221 myhost.test.ex closing connection +End of script diff --git a/test/stdout/5510 b/test/stdout/5510 new file mode 100644 index 000000000..b9eb9dbd8 --- /dev/null +++ b/test/stdout/5510 @@ -0,0 +1,231 @@ + +******** SERVER ******** +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Server ready +EHLO myhost.test.ex +250- +250-PRDR +250 OK +MAIL FROM: PRDR +250 OK +RCPT TO: +250 OK +RCPT TO: +250 OK +DATA +300 gimme yer body +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: userx@test.ex +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +Some message text. +. +353 prdr responses coming up +250 first rcpt was good +250 second rcpt was good +250 OK, overall +QUIT +250 OK +End of script +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Server ready +EHLO myhost.test.ex +250- +250-PRDR +250 OK +MAIL FROM: PRDR +250 OK +RCPT TO: +250 OK +RCPT TO: +250 OK +DATA +300 gimme that body +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaY-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: userx@test.ex +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +Some message text. +. +250 OK got that +QUIT +250 OK, bye +End of script +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Server ready +EHLO myhost.test.ex +250- +250-PRDR +250 OK +MAIL FROM: PRDR +250 OK +RCPT TO: +250 OK +RCPT TO: +250 OK +DATA +300 gimme yer body +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaZ-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: userx@test.ex +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +Some message text. +. +353 prdr responses coming up +250 first rcpt was good +450 cannot handle second rcpt right now +250 OK, overall +QUIT +250 OK +End of script +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Server ready +EHLO myhost.test.ex +250- +250-PRDR +250 OK +MAIL FROM:<> PRDR +250 OK +RCPT TO: +250 OK +RCPT TO: +250 OK +DATA +300 gimme yer body +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + id 10HmbA-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +Some message text. +. +353 prdr responses coming up +250 first rcpt was good +550 second rcpt does not like content +250 OK, overall +Unexpected EOF read from client +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Server ready +EHLO myhost.test.ex +250- +250-PRDR +250 OK +MAIL FROM:<> PRDR +250 OK +RCPT TO: +250 OK +RCPT TO: +250 OK +DATA +300 yeah baby +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + id 10HmbB-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +text +. +353 prdr responses coming up +250 first rcpt was good +250 second rcpt was good +550 oops, overall rejection +QUIT +250 OK +End of script +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Server ready +EHLO myhost.test.ex +250- +250-PRDR +250 OK +MAIL FROM:<> PRDR +250 OK +RCPT TO: +250 OK +RCPT TO: +250 OK +DATA +300 yeah baby +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + id 10HmbC-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +text +. +550 naah mate +QUIT +250 OK +End of script +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Server ready +EHLO myhost.test.ex +250- +250-PRDR +250 OK +MAIL FROM:<> PRDR +250 OK +RCPT TO: +250 OK +RCPT TO: +250 OK +RCPT TO: +250 OK +DATA +300 go ahead +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + id 10HmbD-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +text +. +353 prdr responses coming up +250 first rcpt does not like you +250 second rcpt has a temporary problem +250 third rcpt is ok +450 oops, try again later please +QUIT +250 OK +End of script +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Server ready +EHLO myhost.test.ex +250- +250-PRDR +250 OK +MAIL FROM:<> +250 OK +RCPT TO: +250 OK +DATA +300 go ahead +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + id 10HmbE-0005vi-00 + for user8.1@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +text +. +250 OK, got that +QUIT +250 OK, bye +End of script diff --git a/test/stdout/5600 b/test/stdout/5600 new file mode 100644 index 000000000..9020be17e --- /dev/null +++ b/test/stdout/5600 @@ -0,0 +1,142 @@ +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/cert2 +Key file = aux-fixed/cert2 +??? 220 +<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL info: before/connect initialization +SSL info: before/connect initialization +SSL info: SSLv2/v3 write client hello A +SSL info: SSLv3 read server hello A +SSL info: SSLv3 read server certificate A +Response verify OK +SSL info: unknown state +SSL info: SSLv3 read server key exchange A +SSL info: SSLv3 read server certificate request A +SSL info: SSLv3 read server done A +SSL info: SSLv3 write client certificate A +SSL info: SSLv3 write client key exchange A +SSL info: SSLv3 write certificate verify A +SSL info: SSLv3 write change cipher spec A +SSL info: SSLv3 write finished A +SSL info: SSLv3 flush data +SSL info: SSLv3 read server session ticket A +SSL info: SSLv3 read finished A +SSL info: SSL negotiation finished successfully +SSL info: SSL negotiation finished successfully +SSL connection using AES256-SHA +Succeeded in starting TLS +>>> mail from: +??? 250 +<<< 250 OK +>>> rcpt to: +??? 250 +<<< 250 Accepted +>>> quit +??? 221 +<<< 221 server1.example.com closing connection +End of script +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/cert2 +Key file = aux-fixed/cert2 +??? 220 +<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL info: before/connect initialization +SSL info: before/connect initialization +SSL info: SSLv2/v3 write client hello A +no response received +SSL info: SSLv3 read server hello A +SSL info: SSLv3 read server certificate A +SSL info: SSLv3 read server key exchange A +SSL info: SSLv3 read server certificate request A +SSL info: SSLv3 read server done A +SSL info: SSLv3 write client certificate A +SSL info: SSLv3 write client key exchange A +SSL info: SSLv3 write certificate verify A +SSL info: SSLv3 write change cipher spec A +SSL info: SSLv3 write finished A +SSL info: SSLv3 flush data +SSL info: SSLv3 read server session ticket A +SSL info: SSLv3 read finished A +SSL info: SSL negotiation finished successfully +SSL info: SSL negotiation finished successfully +SSL connection using AES256-SHA +Succeeded in starting TLS +End of script +Connecting to ip4.ip4.ip4.ip4 port 1225 ... connected +Certificate file = aux-fixed/cert2 +Key file = aux-fixed/cert2 +??? 220 +<<< 220 server1.example.com ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +>>> ehlo rhu.barb +??? 250- +<<< 250-server1.example.com Hello rhu.barb [ip4.ip4.ip4.ip4] +??? 250- +<<< 250-SIZE 52428800 +??? 250- +<<< 250-8BITMIME +??? 250- +<<< 250-PIPELINING +??? 250- +<<< 250-STARTTLS +??? 250 +<<< 250 HELP +>>> starttls +??? 220 +<<< 220 TLS go ahead +Attempting to start TLS +SSL info: before/connect initialization +SSL info: before/connect initialization +SSL info: SSLv2/v3 write client hello A +no response received +SSL info: SSLv3 read server hello A +SSL info: SSLv3 read server certificate A +SSL info: SSLv3 read server key exchange A +SSL info: SSLv3 read server certificate request A +SSL info: SSLv3 read server done A +SSL info: SSLv3 write client certificate A +SSL info: SSLv3 write client key exchange A +SSL info: SSLv3 write certificate verify A +SSL info: SSLv3 write change cipher spec A +SSL info: SSLv3 write finished A +SSL info: SSLv3 flush data +SSL info: SSLv3 read server session ticket A +SSL info: SSLv3 read finished A +SSL info: SSL negotiation finished successfully +SSL info: SSL negotiation finished successfully +SSL connection using AES256-SHA +Succeeded in starting TLS +End of script