Phil Pennock [Sun, 29 May 2016 06:31:18 +0000 (02:31 -0400)]
DH parameters update, new values & default
* Add three new Exim-specific DH parameter constants; state provenance,
but no way for others to verify; this is a signed commit, which is
about as much as we can do for the truly paranoid: provide an audit
trail.
* Add the RFC 7919 DH primes
+ No TLS feature negotiation, per 7919, but the DH primes can be used
if folks so choose
* Fixed broken format string in util/gen_pkcs3.c
* Tried to make gen_pkcs3.c support q values.
+ Turns out, q doesn't affect the PEM and that's not a mistake in my
initialisation; I've checked with a cryptographer, we're losing some
server-side optimizations but not any security properties for our
scenario.
Fixes: 1895
Jeremy Harris [Sat, 8 Oct 2016 18:21:41 +0000 (19:21 +0100)]
Fix callouts connection fallback from TLS to cleartext. Bug 1897
Jeremy Harris [Wed, 5 Oct 2016 12:03:01 +0000 (13:03 +0100)]
Docs: add another index entry for delay_warning
Jeremy Harris [Mon, 3 Oct 2016 23:11:32 +0000 (00:11 +0100)]
Testsuite: for CHUNKING set sender name explicitly
for consistent chunk size on different platforms
Jeremy Harris [Mon, 3 Oct 2016 16:00:05 +0000 (17:00 +0100)]
Testsuite: for CHUNKING rewrite sender name in headers to consistent value
for consistent chunk size on different test platforms
Jeremy Harris [Sun, 2 Oct 2016 18:58:19 +0000 (19:58 +0100)]
Close logfile after a while waiting for non-smtp input. Bug 1891
Jeremy Harris [Sun, 2 Oct 2016 16:39:18 +0000 (17:39 +0100)]
Avoid parsing cost for auto-macro creates
Jeremy Harris [Sun, 2 Oct 2016 13:03:09 +0000 (14:03 +0100)]
Logging: connection_reject log selector should apply also to the connect acl
Jeremy Harris [Fri, 30 Sep 2016 13:59:04 +0000 (14:59 +0100)]
Fix mime ACL filename decode
A latent bug (uninitialised memory referred to by $mime_decoded_filename)
uncovered by
40c90bca9f7e
Jeremy Harris [Thu, 29 Sep 2016 22:18:54 +0000 (23:18 +0100)]
Fix checking for -D option use
Broken-by: c0b9d3e87264
Jeremy Harris [Thu, 29 Sep 2016 21:56:02 +0000 (22:56 +0100)]
Feature macros should be uppercase
Jeremy Harris [Thu, 29 Sep 2016 21:44:14 +0000 (22:44 +0100)]
Debug: fix openssl tls_close() debug output
Jeremy Harris [Thu, 29 Sep 2016 20:25:47 +0000 (21:25 +0100)]
Testsuite: tidying
Jeremy Harris [Wed, 28 Sep 2016 21:24:00 +0000 (22:24 +0100)]
Refactor driver feature-macro generation to be driven by existing tables
Would like to do lookup drivers too but unsure about dyn-linked variants
Jeremy Harris [Wed, 28 Sep 2016 18:41:08 +0000 (19:41 +0100)]
Default to filesystem space/inode checking enabled
Jeremy Harris [Tue, 27 Sep 2016 22:23:52 +0000 (23:23 +0100)]
Drain socket to get clean TCP FINs
Jeremy Harris [Sun, 25 Sep 2016 21:59:36 +0000 (22:59 +0100)]
Add automatic macros for config-file options. Bug 1819
Jeremy Harris [Sat, 24 Sep 2016 16:59:51 +0000 (17:59 +0100)]
Docs: fix quotes
Jeremy Harris [Sat, 24 Sep 2016 16:11:19 +0000 (17:11 +0100)]
Delivery: fix memory leak
Jeremy Harris [Fri, 23 Sep 2016 08:24:16 +0000 (09:24 +0100)]
Doc: add clarification for DKIM example
Jeremy Harris [Thu, 22 Sep 2016 21:55:49 +0000 (22:55 +0100)]
Defend against symlink attack by another process running as exim
Reported-by:
http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/
Jeremy Harris [Thu, 22 Sep 2016 18:59:48 +0000 (19:59 +0100)]
Routing: avoid doing the one_time replacement operation when a redirect leaves the address unchanged
When done, in combination with a defer the retry would see the address as delivered, hence losing mail.
Jeremy Harris [Thu, 22 Sep 2016 18:29:49 +0000 (19:29 +0100)]
Routing: for efficiency, avoid complexifying the "condition" string until the second is read from config
Jeremy Harris [Sun, 18 Sep 2016 21:47:22 +0000 (22:47 +0100)]
ACL: merge the tables used for codition/modifier decode
Jeremy Harris [Sun, 18 Sep 2016 17:14:29 +0000 (18:14 +0100)]
ACL: bsearch for controls
Jeremy Harris [Thu, 15 Sep 2016 22:58:57 +0000 (23:58 +0100)]
tidying
Jeremy Harris [Thu, 15 Sep 2016 20:43:22 +0000 (21:43 +0100)]
Docs: mention Perl manpages for PCRE. Bug 1881
Jeremy Harris [Tue, 13 Sep 2016 22:49:09 +0000 (23:49 +0100)]
Logging: fix errno decodes
Jeremy Harris [Tue, 13 Sep 2016 22:41:55 +0000 (23:41 +0100)]
Auth: fix error check in CRAM-MD5
Jeremy Harris [Wed, 7 Sep 2016 20:58:04 +0000 (21:58 +0100)]
tidying
Jeremy Harris [Sat, 10 Sep 2016 20:37:56 +0000 (21:37 +0100)]
Log EHLO response on getting conn-close response for HELO. Bug 1832
Jeremy Harris [Sat, 10 Sep 2016 20:36:33 +0000 (21:36 +0100)]
Reduce space used by flags in smtp transport
Jeremy Harris [Sun, 11 Sep 2016 12:30:45 +0000 (13:30 +0100)]
Make BOOL unsigned; fix resulting latent bugs
Jeremy Harris [Sun, 4 Sep 2016 13:54:18 +0000 (14:54 +0100)]
Cutthrough: option to reflect 4xx errors from target to initiator
Jeremy Harris [Sun, 4 Sep 2016 13:46:42 +0000 (14:46 +0100)]
Testsuite: missing output file
Jeremy Harris [Sat, 3 Sep 2016 12:43:33 +0000 (13:43 +0100)]
Docs: prettify code examples. Bug 1284
Jeremy Harris [Sat, 3 Sep 2016 12:33:57 +0000 (13:33 +0100)]
Docs: add note on strict DKIM verification
Jeremy Harris [Thu, 1 Sep 2016 20:08:32 +0000 (21:08 +0100)]
Testsuite: fix GnuTLS OCSP testing
Jeremy Harris [Thu, 1 Sep 2016 18:20:11 +0000 (19:20 +0100)]
Support "G" multiplier on integer configuration values
Jeremy Harris [Thu, 1 Sep 2016 18:02:06 +0000 (19:02 +0100)]
Testsuite: fix spool-space testcase for larger disks
Jeremy Harris [Sat, 20 Aug 2016 16:52:15 +0000 (17:52 +0100)]
Tidying: coverity issues
Jeremy Harris [Thu, 1 Sep 2016 17:25:58 +0000 (18:25 +0100)]
CHUNKING: after rejecting a pipelined SMTP command, flush any followon BDAT data
Jeremy Harris [Sun, 21 Aug 2016 22:44:06 +0000 (23:44 +0100)]
Add automatic macros for compile-time feature options
Jeremy Harris [Mon, 22 Aug 2016 11:34:21 +0000 (12:34 +0100)]
Testsuite: fix macro conflict (X vs. HEADERS_MAXSIZE)
Jeremy Harris [Sun, 21 Aug 2016 12:05:55 +0000 (13:05 +0100)]
tidying
Jeremy Harris [Sun, 14 Aug 2016 20:00:46 +0000 (21:00 +0100)]
Expansions: more debug verbosity in expansion conditions
Jeremy Harris [Fri, 12 Aug 2016 13:50:00 +0000 (14:50 +0100)]
Tidying: coverity issues
Jeremy Harris [Fri, 19 Aug 2016 14:52:18 +0000 (15:52 +0100)]
Testsuite: rework timing of time-dependent testcase
Jeremy Harris [Thu, 18 Aug 2016 20:27:55 +0000 (21:27 +0100)]
Delivery: fix transmission down an already-open connection, when
one of the group of addresses is unsuitable for it. Bug 1874
Broken-by: 3070ceeeed05, fa41615da702.
Jeremy Harris [Tue, 16 Aug 2016 15:26:31 +0000 (16:26 +0100)]
Delivery: same-host checking for transport runs should include port from address give by routing
Jeremy Harris [Wed, 17 Aug 2016 18:42:49 +0000 (19:42 +0100)]
tidying
Jeremy Harris [Sun, 14 Aug 2016 21:19:59 +0000 (22:19 +0100)]
Testsuite: add progress detail to log of troublesome testcase
Tony Meyer [Sun, 14 Aug 2016 15:09:02 +0000 (16:09 +0100)]
DMARC: send forensic reports for reject & quarantine results, and "none" policy. Bug 1846
Jeremy Harris [Sun, 14 Aug 2016 14:11:04 +0000 (15:11 +0100)]
Expansions: new ${escape8bit:<string>} operator. Bug 1863
Andrew Colin Kissa [Sun, 14 Aug 2016 12:45:08 +0000 (13:45 +0100)]
LMDB: introduce as Experimental. Bug 1856
Jasen Betts [Thu, 11 Aug 2016 22:31:57 +0000 (23:31 +0100)]
ACL: Ensure that acl_smtp_notquit is called for a conndrop between data-go-ahead and data-ack.
Bug 1872
Jeremy Harris [Thu, 11 Aug 2016 19:22:37 +0000 (20:22 +0100)]
Defensive coding in ${run }
Bug 1870
Jeremy Harris [Thu, 11 Aug 2016 19:17:07 +0000 (20:17 +0100)]
tidying
Bug 1870
Jeremy Harris [Thu, 11 Aug 2016 11:48:50 +0000 (12:48 +0100)]
Testsuite: missing output files
Jeremy Harris [Tue, 9 Aug 2016 22:32:46 +0000 (23:32 +0100)]
Testsuite: nail down hostname for CHUNKING test cases
Jeremy Harris [Tue, 9 Aug 2016 16:46:41 +0000 (17:46 +0100)]
Docs: more index entries for header lines
Leonhard Knauff [Mon, 8 Aug 2016 20:48:20 +0000 (21:48 +0100)]
Radius: Fix authentication for Radius libraries that return REJECT_RC. Bug 1850
Jeremy Harris [Mon, 8 Aug 2016 20:07:55 +0000 (21:07 +0100)]
DKIM: reduce memory usage (2nd go)
Jeremy Harris [Mon, 8 Aug 2016 15:26:14 +0000 (16:26 +0100)]
Testsuite: accept debug & testscript output sizes varying with testhost name
Jeremy Harris [Mon, 8 Aug 2016 13:30:44 +0000 (14:30 +0100)]
Testsuite: account for change in debug
Broken-by: fb6833e0a559
Jeremy Harris [Sat, 6 Aug 2016 23:03:56 +0000 (00:03 +0100)]
CHUNKING/DKIM: fix handling of lines having a leading dot
Jeremy Harris [Sun, 7 Aug 2016 22:19:02 +0000 (23:19 +0100)]
Revert "DKIM: reduce memory usage"
This reverts commit
dea4897244b409bf91dc60a7e5e4b3d06f123dd6.
It appears to induce spurious behaviour, seen in the testsuite. Possibly
the sha_hash update calls think the memory they are passed will still
be around later (eg. at sha_finish time)? A pity, since currently
we are allocating for the entire message body - which could easily
be MB or (future) GB.
Jeremy Harris [Sun, 7 Aug 2016 14:14:59 +0000 (15:14 +0100)]
CHUNKING: fix transmit with long headers
When the buffer used for SMTP commands and message headers filled to flush
point, protocol sequencing was wrong.
Jeremy Harris [Sat, 6 Aug 2016 22:01:13 +0000 (23:01 +0100)]
DKIM: reduce memory usage
Jeremy Harris [Sat, 6 Aug 2016 17:28:18 +0000 (18:28 +0100)]
Routing: in a dnslookup, fix fail_defer_domains to defer on missing MX record. Bug 1867
Jeremy Harris [Sat, 6 Aug 2016 14:51:01 +0000 (15:51 +0100)]
Fix DISABLE_DKIM build & test. Fix build on systems lacking MAX in standard includes.
Broken-by: 44bc8f0c2f35
Jeremy Harris [Sat, 6 Aug 2016 13:04:45 +0000 (14:04 +0100)]
Merge branch 'CHUNKING'
Jeremy Harris [Thu, 4 Aug 2016 23:26:23 +0000 (00:26 +0100)]
tidying
Jeremy Harris [Thu, 4 Aug 2016 19:31:20 +0000 (20:31 +0100)]
Docs: add warning on non-ASCII results from SpamAssassin. Bug 1863
Jeremy Harris [Thu, 4 Aug 2016 14:26:05 +0000 (15:26 +0100)]
Merge branch 'fakereject'
Jeremy Harris [Tue, 19 Jul 2016 22:53:35 +0000 (23:53 +0100)]
Logging: visibility of fakereject
Jeremy Harris [Thu, 4 Aug 2016 12:26:27 +0000 (13:26 +0100)]
DKIM: log error on overlong input line
Jeremy Harris [Wed, 20 Jul 2016 11:40:28 +0000 (12:40 +0100)]
Named queues: Add queue name to "queued by ACL" log line
Jeremy Harris [Wed, 3 Aug 2016 10:32:32 +0000 (11:32 +0100)]
DANE: treat a TLSA response having only non-TLSA records the same as a no-match response
Jeremy Harris [Tue, 2 Aug 2016 11:10:41 +0000 (12:10 +0100)]
pass advertised facility to continued-transport process
Jeremy Harris [Tue, 2 Aug 2016 09:53:06 +0000 (10:53 +0100)]
transmit logging
Jeremy Harris [Mon, 1 Aug 2016 23:24:00 +0000 (00:24 +0100)]
testcases for PRDR
Jeremy Harris [Mon, 1 Aug 2016 21:39:20 +0000 (22:39 +0100)]
testcases for TLS
Jeremy Harris [Mon, 1 Aug 2016 20:56:00 +0000 (21:56 +0100)]
receive docs
Jeremy Harris [Mon, 1 Aug 2016 17:38:22 +0000 (18:38 +0100)]
receive with DKIM
Jeremy Harris [Mon, 1 Aug 2016 14:01:15 +0000 (15:01 +0100)]
transmit with DKIM
Jeremy Harris [Sat, 30 Jul 2016 15:29:22 +0000 (16:29 +0100)]
basic & pipelined transmit testcases
Jeremy Harris [Thu, 28 Jul 2016 21:41:17 +0000 (22:41 +0100)]
Callback into smtp transport for BDAT commands
Jeremy Harris [Tue, 26 Jul 2016 18:44:08 +0000 (19:44 +0100)]
tidying
Jeremy Harris [Sun, 24 Jul 2016 13:18:57 +0000 (14:18 +0100)]
feed need for BDAT down to write_chunk()
Jeremy Harris [Thu, 21 Jul 2016 13:38:48 +0000 (14:38 +0100)]
tidying: dkim output buffer
Jeremy Harris [Wed, 20 Jul 2016 16:56:40 +0000 (17:56 +0100)]
tidying: dkim output function args
Jeremy Harris [Wed, 20 Jul 2016 15:49:24 +0000 (16:49 +0100)]
transmit peer capability recognition
Jeremy Harris [Wed, 13 Jul 2016 20:28:18 +0000 (21:28 +0100)]
receive flow processing
Jeremy Harris [Sun, 31 Jul 2016 14:46:51 +0000 (15:46 +0100)]
Fix $body_linecount for empty lines
Jeremy Harris [Sun, 31 Jul 2016 14:14:51 +0000 (15:14 +0100)]
Logging: Fix logging of errors under PIPELINING
Jeremy Harris [Sat, 30 Jul 2016 14:46:26 +0000 (15:46 +0100)]
Expansions: shortcut hmac expansion during syntax-check phase
Jeremy Harris [Mon, 15 Feb 2016 15:42:21 +0000 (15:42 +0000)]
Expansions: add operators base32, base32d
Jeremy Harris [Wed, 27 Jul 2016 16:14:05 +0000 (17:14 +0100)]
Docs: minor clarifications
Jeremy Harris [Wed, 27 Jul 2016 16:12:23 +0000 (17:12 +0100)]
Unbreak transport-filters & bounce-generation.
Broken-by: 6b46ecc6a8f5