users/jgh/exim.git
6 years agoRefactor authenticators API to take an (opaque) smtp connection context
Jeremy Harris [Wed, 29 Aug 2018 18:10:41 +0000 (19:10 +0100)]
Refactor authenticators API to take an (opaque) smtp connection context

6 years agoDo not use arc4random_stir() directly (Bug 2304)
Xin Li [Mon, 27 Aug 2018 09:32:51 +0000 (11:32 +0200)]
Do not use arc4random_stir() directly (Bug 2304)

arc4random_stir should not be used directly (it's fully automated after
FreeBSD r227520, or approximately __FreeBSD_version 1000002), the
interface will be removed from FreeBSD soon (bugs.freebsd.org/230756).

Patch was from bugs.freebsd.org/230826.

6 years agoUse single-bit fields for file-global flags in smtp_in
Jeremy Harris [Thu, 23 Aug 2018 11:34:38 +0000 (12:34 +0100)]
Use single-bit fields for file-global flags in smtp_in

6 years agoDMARC: Fix forensic-report envelopes to permit non-null. Bug 1896
Jeremy Harris [Wed, 22 Aug 2018 23:05:28 +0000 (00:05 +0100)]
DMARC: Fix forensic-report envelopes to permit non-null.  Bug 1896

6 years agoFix no-SSL, with-SOCKS build
Jeremy Harris [Wed, 22 Aug 2018 22:01:53 +0000 (23:01 +0100)]
Fix no-SSL, with-SOCKS build

6 years agoTestsuite: fix CHUNKING tests for no-DKIM build
Jeremy Harris [Wed, 22 Aug 2018 22:01:30 +0000 (23:01 +0100)]
Testsuite: fix CHUNKING tests for no-DKIM build

6 years agoUse single-bit fields for global flags
Jeremy Harris [Wed, 22 Aug 2018 19:46:11 +0000 (20:46 +0100)]
Use single-bit fields for global flags

6 years agoLogging: server pipelining offer but no uptake
Jeremy Harris [Wed, 22 Aug 2018 12:20:54 +0000 (13:20 +0100)]
Logging: server pipelining offer but no uptake

6 years agotidying
Jeremy Harris [Tue, 21 Aug 2018 21:31:27 +0000 (22:31 +0100)]
tidying

6 years agoBuiltin macros for log_selector values
Jeremy Harris [Mon, 20 Aug 2018 11:46:16 +0000 (12:46 +0100)]
Builtin macros for log_selector values

6 years agoTidying: indentation
Jeremy Harris [Sun, 19 Aug 2018 18:29:30 +0000 (19:29 +0100)]
Tidying: indentation

6 years agoDebug: indent builtin-DB operations
Jeremy Harris [Sun, 19 Aug 2018 13:53:40 +0000 (14:53 +0100)]
Debug: indent builtin-DB operations

6 years agoLogging: pipelining log_selector
Jeremy Harris [Sat, 18 Aug 2018 18:45:36 +0000 (19:45 +0100)]
Logging: pipelining log_selector

6 years agounbreak test: s/log_write/logwrite/
Phil Pennock [Mon, 20 Aug 2018 18:09:14 +0000 (14:09 -0400)]
unbreak test: s/log_write/logwrite/

6 years agoUTF8/locale: document constraints on current expansions.
Phil Pennock [Sat, 18 Aug 2018 02:06:48 +0000 (22:06 -0400)]
UTF8/locale: document constraints on current expansions.

6 years agoFix utf8clean not replacing incomplete final character
Phil Pennock [Fri, 17 Aug 2018 01:17:32 +0000 (21:17 -0400)]
Fix utf8clean not replacing incomplete final character

Before, it was just dropped, but we document that it's replaced by ?.

Tests updated, manual test-case for -be prompt is:

    ${utf8clean:${length_1:フィル}}

6 years agoFix logging all_parents for cutthrough delivery. Bug 2296
Jeremy Harris [Sat, 11 Aug 2018 13:45:42 +0000 (14:45 +0100)]
Fix logging all_parents for cutthrough delivery.  Bug 2296

6 years agoFix cutthrough delivery for more than one iteration of address redirection. Bug...
Jeremy Harris [Thu, 9 Aug 2018 19:37:42 +0000 (20:37 +0100)]
Fix cutthrough delivery for more than one iteration of address redirection.  Bug 2296

6 years agoDocs: add explicit warning on spoolfile formats
Jeremy Harris [Sun, 5 Aug 2018 12:58:40 +0000 (13:58 +0100)]
Docs: add explicit warning on spoolfile formats

6 years ago18N: fix docs for option name. Bug 2246
Gedalya [Sat, 4 Aug 2018 13:27:46 +0000 (14:27 +0100)]
18N: fix docs for option name.  Bug 2246

Incorrect at introduction in 71c158466d.

6 years agoREQUIRETLS: amplify docs discussion
Jeremy Harris [Sun, 29 Jul 2018 14:27:03 +0000 (15:27 +0100)]
REQUIRETLS: amplify docs discussion

6 years agoMake -n work with macros too
Phil Pennock [Tue, 31 Jul 2018 19:54:17 +0000 (15:54 -0400)]
Make -n work with macros too

Have `exim -n -bP macro FOO` just print the value of the macro `FOO`,
without the `name=` prefix.

This is the same handling as used for option values.

If the invoker asks for multiple macros in one invocation, with `-n`,
then that's their problem.

6 years agoI18N: add a utf8_downconvert option to the smtp transport. Bug 2248
Jeremy Harris [Sat, 28 Jul 2018 19:48:19 +0000 (20:48 +0100)]
I18N: add a utf8_downconvert option to the smtp transport.  Bug 2248

6 years agoSupport REQUIRETLS
Jeremy Harris [Fri, 27 Jul 2018 16:56:39 +0000 (17:56 +0100)]
Support REQUIRETLS

6 years agoFix non-EVENTS build
Jeremy Harris [Fri, 20 Jul 2018 15:19:34 +0000 (16:19 +0100)]
Fix non-EVENTS build

Broken-by: c4b57fddca
6 years agoTestsuite: restore rspamd testcase
Jeremy Harris [Wed, 18 Jul 2018 22:13:54 +0000 (23:13 +0100)]
Testsuite: restore rspamd testcase
Missed from 611b1961b8.

6 years agoI18N: reject SMTPUTF8 MAIL command when facility not advertised
Jeremy Harris [Wed, 18 Jul 2018 21:59:14 +0000 (22:59 +0100)]
I18N: reject SMTPUTF8 MAIL command when facility not advertised

6 years agoI18N: Fix protocol recorded for a multi-SMTPUTF8-message connection. Bug 2287
Jeremy Harris [Wed, 18 Jul 2018 21:16:38 +0000 (22:16 +0100)]
I18N: Fix protocol recorded for a multi-SMTPUTF8-message connection.  Bug 2287

6 years agoDocs: clarify rolled-up dkim status availability in data ACL
Jeremy Harris [Wed, 18 Jul 2018 20:44:56 +0000 (21:44 +0100)]
Docs: clarify rolled-up dkim status availability in data ACL

6 years agodoc: DANE: don't claim TA can be elided from chain
Phil Pennock [Fri, 13 Jul 2018 16:24:26 +0000 (12:24 -0400)]
doc: DANE: don't claim TA can be elided from chain

While technically an implementation can choose to use a public TA from
DNS or elsewhere to populate a missing TA from the chain, that creates
interoperability issues and the OpenSSL integration code, at least,
doesn't support that and after a bit of work drilling through layers of
abstraction, I've not figured out what GnuTLS does and I've decided I
don't care.

So I'm heeding Viktor's advice and changing the docs to just say to
publish the TA in the chain sent by the server.

6 years agonit typo
Phil Pennock [Wed, 11 Jul 2018 00:16:23 +0000 (20:16 -0400)]
nit typo

6 years agoDocument problems with SHA-1 in certs with DANE-TA
Phil Pennock [Tue, 10 Jul 2018 18:35:58 +0000 (14:35 -0400)]
Document problems with SHA-1 in certs with DANE-TA

Very few domains are using SHA-1 in EE certs issued from a CA used in
DANE-TA anchoring, but some are.  Meanwhile apparently GnuTLS now
defaults to disabling SHA-1 in chains.  Which is eminently reasonable.

I do not believe that Exim should re-enable use of SHA-1 here.  Let it
die.  Document with warnings that folks using a private CA for certs to
be publicly trusted via DANE-TA should follow decent operational
issuance practices.

Also update my Channel Binding docs for GSASL to warn that Channel
Binding is Broken™.

6 years agoCallouts: enhance debug message
Jeremy Harris [Thu, 28 Jun 2018 21:07:28 +0000 (22:07 +0100)]
Callouts: enhance debug message

6 years agoTestsuite: tweak instructions for running the suite
Jeremy Harris [Thu, 28 Jun 2018 11:28:09 +0000 (12:28 +0100)]
Testsuite: tweak instructions for running the suite

6 years agoRestore rsmapd support
Jeremy Harris [Wed, 27 Jun 2018 19:28:02 +0000 (20:28 +0100)]
Restore rsmapd support

Following discussions on the exim-user mailinglist it seems that the conclusion
that the interface was nonfunctioning was unwarranted.

6 years agotidying
Jeremy Harris [Tue, 26 Jun 2018 13:52:39 +0000 (14:52 +0100)]
tidying

6 years agoMerge branch 'rspamd-removal'
Jeremy Harris [Tue, 26 Jun 2018 11:02:56 +0000 (12:02 +0100)]
Merge branch 'rspamd-removal'

6 years agoRevert "Support Rspamd. Patch from Andrew Lewis, lightly editorialised"
Jeremy Harris [Sat, 16 Jun 2018 17:08:09 +0000 (18:08 +0100)]
Revert "Support Rspamd.  Patch from Andrew Lewis, lightly editorialised"

This reverts commit c5f280e20a8e3ecd5f016b8fb34a436588915ed2.

6 years agoRevert "Rspamd: add $authenticated_id as User to scan command"
Jeremy Harris [Sat, 16 Jun 2018 17:22:47 +0000 (18:22 +0100)]
Revert "Rspamd: add $authenticated_id as User to scan command"

This reverts commit 6c54be6459b83b955fbd2fd6d6a844f80c98427a.

6 years agoRevert "Spamd: add missing initialiser. Rspamd mode was incorrectly sometimes seen."
Jeremy Harris [Sat, 16 Jun 2018 13:45:44 +0000 (14:45 +0100)]
Revert "Spamd: add missing initialiser.  Rspamd mode was incorrectly sometimes seen."

This reverts commit e718bd6285cb0fb45b74b6fc00b7737590dcaa60.

6 years agoRevert "Do not use shutdown() when talking to rspamd. Fixes 1802"
Jeremy Harris [Sat, 16 Jun 2018 13:45:40 +0000 (14:45 +0100)]
Revert "Do not use shutdown() when talking to rspamd. Fixes 1802"

This reverts commit 416a0be6df0697848ca551dd3243b652e763792d.

6 years agoRevert "Testsuite: limited support for Content-length:"
Jeremy Harris [Sat, 16 Jun 2018 13:45:32 +0000 (14:45 +0100)]
Revert "Testsuite: limited support for Content-length:"

This reverts commit f6f239461fd62b3a4f3142b6b2a85f8f65eee486.

6 years agoRevert "Avoid repeated string-copy building command-string for rspamd"
Jeremy Harris [Sat, 16 Jun 2018 13:41:14 +0000 (14:41 +0100)]
Revert "Avoid repeated string-copy building command-string for rspamd"

This reverts commit 5df838645bcdb135355205a115bf918c85987caf.

6 years agoUnbreak non-DANE build
Jeremy Harris [Tue, 26 Jun 2018 11:01:15 +0000 (12:01 +0100)]
Unbreak non-DANE build

Broken-by: afdb5e9cf0
6 years agoExpansions: A tls option on ${readsocket }. Bug 2282
Jeremy Harris [Wed, 20 Jun 2018 23:04:25 +0000 (00:04 +0100)]
Expansions: A tls option on ${readsocket }.  Bug 2282

6 years agoARC: Fix verification to do AS checks in reverse order
Jeremy Harris [Mon, 25 Jun 2018 11:08:37 +0000 (12:08 +0100)]
ARC: Fix verification to do AS checks in reverse order

Broken from the original introduction (617d39327e)

6 years agoFix mutiple message send under TLS
Jeremy Harris [Sun, 24 Jun 2018 19:30:23 +0000 (20:30 +0100)]
Fix mutiple message send under TLS

Broken-by: 74f1a42304
6 years agoTLS: rework client-side use with an explicit context rather than a global
Jeremy Harris [Thu, 21 Jun 2018 18:16:29 +0000 (19:16 +0100)]
TLS: rework client-side use with an explicit context rather than a global

6 years agoTestsuite: workaround older-perl bug
Jeremy Harris [Mon, 18 Jun 2018 11:30:54 +0000 (12:30 +0100)]
Testsuite: workaround older-perl bug

6 years agoTestsuite: missing output files
Jeremy Harris [Thu, 21 Jun 2018 17:22:56 +0000 (18:22 +0100)]
Testsuite: missing output files

6 years agoDKIM: Fix signing for body lines starting with a pair of dots. Bug 2284
Jeremy Harris [Thu, 21 Jun 2018 16:03:38 +0000 (17:03 +0100)]
DKIM: Fix signing for body lines starting with a pair of dots.  Bug 2284

Broken-by: 42055a3385
6 years agoDocs: spelling
Kirill Miazine [Thu, 21 Jun 2018 16:08:18 +0000 (17:08 +0100)]
Docs: spelling

6 years agoOpenSSL: TLSv1.3 notes
Jeremy Harris [Wed, 20 Jun 2018 19:28:54 +0000 (20:28 +0100)]
OpenSSL: TLSv1.3 notes

6 years agoOpenSSL: enable use of TLS 1.3 (with OpenSSL 1.1.0 and later)
Jeremy Harris [Thu, 14 Jun 2018 20:28:19 +0000 (21:28 +0100)]
OpenSSL: enable use of TLS 1.3  (with OpenSSL 1.1.0 and later)

6 years agoAdd client-ip info to non-pass iprev ${authres } lines
Jeremy Harris [Thu, 14 Jun 2018 10:04:22 +0000 (11:04 +0100)]
Add client-ip info to non-pass iprev ${authres } lines

6 years agoClarify the socket address family (UNIX) for server_socket (dovecot)
Heiko Schlittermann (HS12-RIPE) [Tue, 12 Jun 2018 13:09:18 +0000 (15:09 +0200)]
Clarify the socket address family (UNIX) for server_socket (dovecot)

Wishlist item (#2280) is created for INET connections.
See https://bugs.exim.org/show_bug.cgi?id=2280

6 years agoDKIM: support timestamp and expiry tags in signing. Bug 2260
Jeremy Harris [Sat, 9 Jun 2018 20:39:44 +0000 (21:39 +0100)]
DKIM: support timestamp and expiry tags in signing.  Bug 2260

6 years agoFollow CNAME chains only one step. Bug 2264
Jeremy Harris [Thu, 7 Jun 2018 17:08:22 +0000 (18:08 +0100)]
Follow CNAME chains only one step.  Bug 2264

6 years agoARC: Fix signing for case when DKIM signing failed
Jeremy Harris [Thu, 7 Jun 2018 15:24:31 +0000 (16:24 +0100)]
ARC: Fix signing for case when DKIM signing failed

6 years agoChange-log
Jeremy Harris [Wed, 6 Jun 2018 10:15:21 +0000 (11:15 +0100)]
Change-log

6 years agoFix logging of cmdline args when starting in an unlinked cwd. Bug 2274
Jeremy Harris [Wed, 6 Jun 2018 09:41:51 +0000 (10:41 +0100)]
Fix logging of cmdline args when starting in an unlinked cwd.  Bug 2274

6 years agoUse serial number 1 for self-generated selfsigned certificate
Jeremy Harris [Thu, 24 May 2018 15:28:20 +0000 (16:28 +0100)]
Use serial number 1 for self-generated selfsigned certificate

Broken-by: 23bb69826c
6 years agoARC: better diagnostics for keyfile issues
Jeremy Harris [Thu, 17 May 2018 08:27:49 +0000 (09:27 +0100)]
ARC: better diagnostics for keyfile issues

6 years agoDMARC: do not wipe values set by config options, between message receptions
Jeremy Harris [Sun, 20 May 2018 17:26:00 +0000 (18:26 +0100)]
DMARC: do not wipe values set by config options, between message receptions

Broken-by: b4757e3611
6 years agoDocs: add note on DKIM signing-limit security
Jeremy Harris [Thu, 17 May 2018 10:18:04 +0000 (11:18 +0100)]
Docs: add note on DKIM signing-limit security

6 years agoSafer handling of argument-logging memory of cwd
Phil Pennock [Sat, 19 May 2018 16:09:55 +0000 (12:09 -0400)]
Safer handling of argument-logging memory of cwd

6 years agoTestsuite: output changes arising
Jeremy Harris [Wed, 16 May 2018 21:15:55 +0000 (22:15 +0100)]
Testsuite: output changes arising

6 years agoCallouts: record succeeding random local-part tests. Bug 177
Jeremy Harris [Sun, 13 May 2018 21:02:59 +0000 (22:02 +0100)]
Callouts: record succeeding random local-part tests.  Bug 177

6 years agoContent scanning: Fix locking on message spool files. Bug 2275
Jeremy Harris [Fri, 11 May 2018 17:02:29 +0000 (18:02 +0100)]
Content scanning: Fix locking on message spool files.  Bug 2275

6 years agoDon't open spool data-files which are symlinks
Phil Pennock [Tue, 15 May 2018 23:04:34 +0000 (19:04 -0400)]
Don't open spool data-files which are symlinks

6 years agoARC: fix crash on signing with missing key file
Jeremy Harris [Fri, 11 May 2018 15:26:17 +0000 (16:26 +0100)]
ARC: fix crash on signing with missing key file

6 years ago-bV: include the CONFIGURE_FILE path if it contains a ':'
Heiko Schlittermann (HS12-RIPE) [Wed, 9 May 2018 13:46:47 +0000 (15:46 +0200)]
-bV: include the CONFIGURE_FILE path if it contains a ':'

6 years agotidying
Jeremy Harris [Mon, 7 May 2018 13:42:35 +0000 (14:42 +0100)]
tidying

6 years agoCutthrough: fix race resulting in duplicate-delivery. Bug 2273
Jeremy Harris [Sat, 5 May 2018 20:29:44 +0000 (21:29 +0100)]
Cutthrough: fix race resulting in duplicate-delivery.  Bug 2273

6 years agotidying
Jeremy Harris [Tue, 1 May 2018 21:50:47 +0000 (22:50 +0100)]
tidying

6 years agoFix typo in readconf.c
Heiko Schlittermann (HS12-RIPE) [Thu, 3 May 2018 07:22:53 +0000 (09:22 +0200)]
Fix typo in readconf.c

6 years agoExpansions: new ${lheader:<name>}. Bug 2272
Jeremy Harris [Tue, 1 May 2018 16:45:21 +0000 (17:45 +0100)]
Expansions: new ${lheader:<name>}.  Bug 2272

6 years agotidying
Jeremy Harris [Sun, 29 Apr 2018 14:10:27 +0000 (15:10 +0100)]
tidying

6 years agoDocs: minor fixes
Jeremy Harris [Sat, 28 Apr 2018 12:09:04 +0000 (13:09 +0100)]
Docs: minor fixes

6 years agoARC: add $arc_oldest_pass variable, for verify
Jeremy Harris [Wed, 25 Apr 2018 21:30:31 +0000 (22:30 +0100)]
ARC: add $arc_oldest_pass variable, for verify

6 years agoARC: support $arc_domains also for verify fails
Jeremy Harris [Wed, 25 Apr 2018 20:02:39 +0000 (21:02 +0100)]
ARC: support $arc_domains also for verify fails

6 years agoARC: add $arc_domains variable, for verify pass
Jeremy Harris [Tue, 24 Apr 2018 21:46:11 +0000 (22:46 +0100)]
ARC: add $arc_domains variable, for verify pass

6 years agoARC: limit verify chain to 50-deep
Jeremy Harris [Tue, 24 Apr 2018 12:07:53 +0000 (13:07 +0100)]
ARC: limit verify chain to 50-deep

6 years agoTestsuite: syslog testcase
Jeremy Harris [Mon, 23 Apr 2018 12:25:47 +0000 (13:25 +0100)]
Testsuite: syslog testcase

6 years agoDKIM: enforce limit of 20 on received DKIM-Signature: headers. Bug 2269
Jeremy Harris [Mon, 23 Apr 2018 10:26:52 +0000 (11:26 +0100)]
DKIM: enforce limit of 20 on received DKIM-Signature: headers.  Bug 2269

6 years agoImprove OpenSSL/GnuTLS; enable DNSSEC for non-smarthost
Phil Pennock [Sun, 22 Apr 2018 00:20:40 +0000 (20:20 -0400)]
Improve OpenSSL/GnuTLS; enable DNSSEC for non-smarthost

6 years agoDocs: clarify DKIM verification
Jeremy Harris [Sat, 21 Apr 2018 22:59:46 +0000 (23:59 +0100)]
Docs: clarify DKIM verification

6 years agoTLS by default for example smarthost SMTP Transport
Phil Pennock [Sat, 21 Apr 2018 00:05:53 +0000 (20:05 -0400)]
TLS by default for example smarthost SMTP Transport

And _decent_ TLS at that, with verification.

6 years agoTestsuite: output changes arising.
Jeremy Harris [Wed, 18 Apr 2018 22:43:30 +0000 (23:43 +0100)]
Testsuite: output changes arising.

Broken-by: 0e8aed8aab
6 years agoACL: reword error message for ratelimit. Bug 2267
Jeremy Harris [Wed, 18 Apr 2018 22:28:26 +0000 (23:28 +0100)]
ACL: reword error message for ratelimit.  Bug 2267

6 years agoDocs: rewrite description of 'leaky' ratelimit. Bug 1298
Jeremy Harris [Wed, 18 Apr 2018 22:27:15 +0000 (23:27 +0100)]
Docs: rewrite description of 'leaky' ratelimit.  Bug 1298

6 years agoFix spec
Heiko Schlittermann (HS12-RIPE) [Wed, 18 Apr 2018 15:20:58 +0000 (17:20 +0200)]
Fix spec

Thanks to Mike Brudenell

6 years agoCompile warning defaults for OpenBSD, at request of the port maintainer
Jeremy Harris [Tue, 17 Apr 2018 19:30:22 +0000 (20:30 +0100)]
Compile warning defaults for OpenBSD, at request of the port maintainer

6 years agotidying
Jeremy Harris [Mon, 16 Apr 2018 18:20:21 +0000 (19:20 +0100)]
tidying

6 years agoBelated README.UPDATING notes for Exim 4.91
Phil Pennock [Mon, 16 Apr 2018 19:24:34 +0000 (15:24 -0400)]
Belated README.UPDATING notes for Exim 4.91

People skip versions and move past them later, so while it's too late
for 4.91, this will still help people moving to 4.92 from pre-4.91 in
future.

Note that none of these strictly needed to be documented here:
experimental features, features marked as deprecated for many many
years, etc.  But let's err on the side of caution and include "things
which will break if you try to upgrade without changing Local/Makefile".

6 years agoFix OpenSSL non-OCSP build
Jeremy Harris [Mon, 16 Apr 2018 17:45:04 +0000 (18:45 +0100)]
Fix OpenSSL non-OCSP build

6 years agoFix merge artifacts
Jeremy Harris [Mon, 16 Apr 2018 13:23:30 +0000 (14:23 +0100)]
Fix merge artifacts

6 years agoTestsuite: output changes arising
Jeremy Harris [Mon, 16 Apr 2018 10:21:33 +0000 (11:21 +0100)]
Testsuite: output changes arising

Broken-by: 777e3beace
6 years agoFix typo in arc. Bug 2262
Jeremy Harris [Mon, 16 Apr 2018 08:15:17 +0000 (09:15 +0100)]
Fix typo in arc.  Bug 2262

6 years agoEnable weak/old stuff in OpenSSL
Phil Pennock [Sun, 15 Apr 2018 21:45:48 +0000 (17:45 -0400)]
Enable weak/old stuff in OpenSSL

Configure OpenSSL with:

    enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers

Include explanation as to why.