users/jgh/exim.git
6 years agoDocs: SPF no longer Experimental
Jeremy Harris [Sat, 13 Jan 2018 18:07:10 +0000 (18:07 +0000)]
Docs: SPF no longer Experimental

6 years agoOpenSSL: fix OCSP stapling under DANE
Jeremy Harris [Sun, 7 Jan 2018 22:18:55 +0000 (22:18 +0000)]
OpenSSL: fix OCSP stapling under DANE

6 years agoOpenSSL: better debug info for OCSP
Jeremy Harris [Sun, 7 Jan 2018 20:24:46 +0000 (20:24 +0000)]
OpenSSL: better debug info for OCSP

6 years agoDKIM: permit dkim_private_key to override dkim_strict on signing. Bug 2220
Jeremy Harris [Sun, 7 Jan 2018 15:03:25 +0000 (15:03 +0000)]
DKIM: permit dkim_private_key to override dkim_strict on signing.  Bug 2220

6 years agoLogging: disable the verbose DKIM verification line by default; add a tag to <= lines.
Jeremy Harris [Sat, 6 Jan 2018 14:48:35 +0000 (14:48 +0000)]
Logging: disable the verbose DKIM verification line by default; add a tag to <= lines.
New log_selector controls "dkim" and "dkim_verbose".

6 years agoSPF: promote from Experimental to mainline status
Jeremy Harris [Fri, 5 Jan 2018 13:33:42 +0000 (13:33 +0000)]
SPF: promote from Experimental to mainline status

6 years agoDocs: remove extraneous options from variables index
Jeremy Harris [Fri, 5 Jan 2018 13:48:08 +0000 (13:48 +0000)]
Docs: remove extraneous options from variables index

6 years agotidying
Jeremy Harris [Tue, 2 Jan 2018 14:29:29 +0000 (14:29 +0000)]
tidying

6 years agoTestsuite: Better platform portability by searching for Postgres server binaries
Jeremy Harris [Wed, 3 Jan 2018 15:11:48 +0000 (15:11 +0000)]
Testsuite:  Better platform portability by searching for Postgres server binaries

6 years agoTestsuite: SPF testcases. Bug 1789
Jeremy Harris [Tue, 2 Jan 2018 19:57:15 +0000 (19:57 +0000)]
Testsuite: SPF testcases.  Bug 1789

6 years agocoding standards
Jeremy Harris [Tue, 2 Jan 2018 14:29:45 +0000 (14:29 +0000)]
coding standards

6 years agoDocs: remove mention of the ClamAV "STREAM" method
Jeremy Harris [Mon, 1 Jan 2018 18:08:15 +0000 (18:08 +0000)]
Docs: remove mention of the ClamAV "STREAM" method

6 years agoContent scan: Remove support for the 7-year deprecated ClamAV "STREAM" method
Jeremy Harris [Mon, 1 Jan 2018 17:41:56 +0000 (17:41 +0000)]
Content scan:  Remove support for the 7-year deprecated ClamAV "STREAM" method

6 years agoContent scan: Disable "aveserver", "kavdaemon" and "mksd" in the template makefile...
Jeremy Harris [Mon, 1 Jan 2018 17:28:46 +0000 (17:28 +0000)]
Content scan:  Disable "aveserver", "kavdaemon" and "mksd" in the template makefile.  Bugs 1143, 1594

6 years agoFeature macros, show-supported and build-time selection for malware interfaces
Jeremy Harris [Mon, 1 Jan 2018 13:14:41 +0000 (13:14 +0000)]
Feature macros, show-supported and build-time selection for malware interfaces

6 years agorefactor show-supported coding
Jeremy Harris [Mon, 1 Jan 2018 13:47:26 +0000 (13:47 +0000)]
refactor show-supported coding

6 years agotidying
Jeremy Harris [Sat, 30 Dec 2017 15:32:57 +0000 (15:32 +0000)]
tidying

6 years agoEnable header_syntax verify in the example config
Jeremy Harris [Sun, 31 Dec 2017 11:12:50 +0000 (11:12 +0000)]
Enable header_syntax verify in the example config

6 years agoMIME ACL: fix SMTP response for non-accept result of the ACL. Bug 2214.
Jeremy Harris [Sat, 30 Dec 2017 13:55:54 +0000 (13:55 +0000)]
MIME ACL: fix SMTP response for non-accept result of the ACL.  Bug 2214.

As far as I can see this was broken back in 2013, f4c1088 for 4.82

6 years agoFix issue with continued-connections when the DNS shifts unreliably
Jeremy Harris [Wed, 27 Dec 2017 23:32:02 +0000 (23:32 +0000)]
Fix issue with continued-connections when the DNS shifts unreliably

6 years agoFix crash associated with dnsdb lookup done from DKIM ACL. Bug 2215
Jeremy Harris [Thu, 28 Dec 2017 20:09:05 +0000 (20:09 +0000)]
Fix crash associated with dnsdb lookup done from DKIM ACL.  Bug 2215

Broken-by: cc55f4208e
6 years agoUse common routine for building tagstring for dns-fail cache
Jeremy Harris [Thu, 28 Dec 2017 21:28:01 +0000 (21:28 +0000)]
Use common routine for building tagstring for dns-fail cache

6 years agoDebug: enhance output from smtp transport entry
Jeremy Harris [Wed, 27 Dec 2017 17:22:26 +0000 (17:22 +0000)]
Debug: enhance output from smtp transport entry

6 years agoDKIM: tighter checking while parsing signature headers. Bug 2217
Jeremy Harris [Thu, 28 Dec 2017 20:51:28 +0000 (20:51 +0000)]
DKIM: tighter checking while parsing signature headers.  Bug 2217

6 years agoCheck ARGV before subscripting it
Geraint Edwards [Thu, 28 Dec 2017 15:53:51 +0000 (15:53 +0000)]
Check ARGV before subscripting it

6 years agoTesttsuite: output changes resulting
Jeremy Harris [Wed, 27 Dec 2017 14:10:44 +0000 (14:10 +0000)]
Testtsuite: output changes resulting

6 years agoTestsuite: better portability of postgresq test vs. postgresql versions
Jeremy Harris [Wed, 27 Dec 2017 11:11:17 +0000 (11:11 +0000)]
Testsuite: better portability of postgresq test vs. postgresql versions

6 years agoLookups: fix pgsql multiple-row, single-column return
Jeremy Harris [Sun, 24 Dec 2017 16:42:04 +0000 (16:42 +0000)]
Lookups: fix pgsql multiple-row, single-column return

Report & fix from James <list@xdrv.co.uk>; additional tidying and testcase by JGH

Broken-by: acec9514b1
6 years agoTestsuite: shift pgsql tests to the standard-run set
Jeremy Harris [Sun, 24 Dec 2017 20:46:56 +0000 (20:46 +0000)]
Testsuite: shift pgsql tests to the standard-run set

6 years agoTestsuite: convert posgreql testing to standalone
Jeremy Harris [Sun, 24 Dec 2017 20:35:24 +0000 (20:35 +0000)]
Testsuite: convert posgreql testing to standalone

6 years agoDelivery: remove restriction on dirname length on having to create directories. ...
Jeremy Harris [Sat, 23 Dec 2017 17:46:10 +0000 (17:46 +0000)]
Delivery: remove restriction on dirname length on having to create directories.  Bug 2213

6 years agoDANE/GnuTLS: split verification of mixed sets of TLSA records by usage
Jeremy Harris [Fri, 22 Dec 2017 17:19:37 +0000 (17:19 +0000)]
DANE/GnuTLS: split verification of mixed sets of TLSA records by usage

This is because we cannot do the required CA-anchor and names checks for TA-mode
and not for EE-mode, without knowing which usage TLSA was used.

6 years agoConstification
Jeremy Harris [Fri, 22 Dec 2017 11:34:20 +0000 (11:34 +0000)]
Constification

6 years agoFix const issue in nisplus lookup
Jeremy Harris [Fri, 22 Dec 2017 10:25:56 +0000 (10:25 +0000)]
Fix const issue in nisplus lookup

6 years agoFix build of nisplus lookup
Andreas Piesk [Fri, 22 Dec 2017 10:05:02 +0000 (10:05 +0000)]
Fix build of nisplus lookup

6 years agoexim: regularize exim -bI:help output
Josh Soref [Thu, 14 Dec 2017 04:25:04 +0000 (04:25 +0000)]
exim: regularize exim -bI:help output

6 years agoexiwhat: use RM_COMMAND
tv [Wed, 20 Dec 2017 22:59:50 +0000 (23:59 +0100)]
exiwhat: use RM_COMMAND

6 years agoDANE/GnuTLS: filter TLSA records for usability
Jeremy Harris [Wed, 20 Dec 2017 23:12:07 +0000 (23:12 +0000)]
DANE/GnuTLS: filter TLSA records for usability

6 years agoDANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode
Jeremy Harris [Wed, 20 Dec 2017 21:14:06 +0000 (21:14 +0000)]
DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode

Not quite right for a mixed TA+EE set of TLSA records, but better than always-enforcing

6 years agoACL: Disallow '/' characters in queue names specified for "queue="
Jeremy Harris [Wed, 20 Dec 2017 11:34:47 +0000 (11:34 +0000)]
ACL: Disallow '/' characters in queue names specified for "queue="

6 years agoMerge branch '4.next'
Jeremy Harris [Tue, 19 Dec 2017 22:14:18 +0000 (22:14 +0000)]
Merge branch '4.next'

6 years agoDocs: clean for next release
Jeremy Harris [Tue, 19 Dec 2017 21:54:37 +0000 (21:54 +0000)]
Docs: clean for next release

6 years agoFix nossl build
Jeremy Harris [Tue, 19 Dec 2017 16:27:44 +0000 (16:27 +0000)]
Fix nossl build

6 years agoDANE: support under GnuTLS. Bug 1523
Jeremy Harris [Tue, 19 Dec 2017 15:06:49 +0000 (15:06 +0000)]
DANE: support under GnuTLS.  Bug 1523

GnuTLS version 3.0.0 onwards; still Experimental

6 years agoTestsuite: move CRL testcases away from using SHA1-signed certs
Jeremy Harris [Mon, 18 Dec 2017 15:38:54 +0000 (15:38 +0000)]
Testsuite: move CRL testcases away from using SHA1-signed certs

6 years agoTestsuite: output changes arising
Jeremy Harris [Sat, 16 Dec 2017 20:52:54 +0000 (20:52 +0000)]
Testsuite: output changes arising

6 years agoTestsuite: regenerate certs tree
Jeremy Harris [Sat, 16 Dec 2017 20:49:28 +0000 (20:49 +0000)]
Testsuite: regenerate certs tree

6 years agoTestsuite: restore generation of OCSP status for EC certs
Jeremy Harris [Sat, 16 Dec 2017 20:45:18 +0000 (20:45 +0000)]
Testsuite: restore generation of OCSP status for EC certs

Broken-by: 854586e149
6 years agoTestsuite: do not bother with cert hostnames when testing OCSP
Jeremy Harris [Sat, 16 Dec 2017 20:41:27 +0000 (20:41 +0000)]
Testsuite: do not bother with cert hostnames when testing OCSP

6 years agoTestsuite: restore lost dns config for DKIM extra-txt-records testcase
Jeremy Harris [Sat, 16 Dec 2017 19:45:30 +0000 (19:45 +0000)]
Testsuite: restore lost dns config for DKIM extra-txt-records testcase

Broken-by: 854586e149
6 years agoTestsuite output changes arising
Jeremy Harris [Sat, 16 Dec 2017 14:17:13 +0000 (14:17 +0000)]
Testsuite output changes arising

Broken-by: 854586e149
6 years agoDANE: fix type-2xx TLSA under older OpenSSL versions Bug 2198
Viktor Dukhovni [Fri, 1 Dec 2017 22:13:19 +0000 (22:13 +0000)]
DANE: fix type-2xx TLSA under older OpenSSL versions  Bug 2198
OpenSSL 1.0.1t is known bad.  1.0.2 and 1.1.0 are apparently ok.

6 years agoTestsuite: testcase for Bug 2198
Jeremy Harris [Sat, 16 Dec 2017 02:05:13 +0000 (02:05 +0000)]
Testsuite: testcase for Bug 2198

6 years agoCHUNKING: flush input stream after message-fatal error detection. Bug 2201
Jeremy Harris [Tue, 12 Dec 2017 21:52:33 +0000 (21:52 +0000)]
CHUNKING: flush input stream after message-fatal error detection.  Bug 2201

6 years agoTestsuite: regen TLSA records, to match cert tree
Jeremy Harris [Sat, 9 Dec 2017 15:05:14 +0000 (15:05 +0000)]
Testsuite: regen TLSA records, to match cert tree

6 years agoTestsuite: regen TLSA records, to match cert tree
Jeremy Harris [Sat, 9 Dec 2017 14:57:38 +0000 (14:57 +0000)]
Testsuite: regen TLSA records, to match cert tree

6 years agoopenssl guidance: install shared libraries too
Phil Pennock [Fri, 8 Dec 2017 19:21:45 +0000 (14:21 -0500)]
openssl guidance: install shared libraries too

6 years agotidying
Jeremy Harris [Tue, 5 Dec 2017 20:55:19 +0000 (20:55 +0000)]
tidying

6 years agoAdd compile-time guard against BDB library version 6
Jeremy Harris [Fri, 8 Dec 2017 12:55:25 +0000 (12:55 +0000)]
Add compile-time guard against BDB library version 6

6 years agoFix non-OCSP OpenSSL build
Jeremy Harris [Mon, 4 Dec 2017 14:32:44 +0000 (14:32 +0000)]
Fix non-OCSP OpenSSL build

Issue found by: Frank Elsner

6 years agoDocs: amend warning on on lack of multiple-OCSP-proof support
Jeremy Harris [Sun, 3 Dec 2017 23:57:11 +0000 (23:57 +0000)]
Docs: amend warning on on lack of multiple-OCSP-proof support

6 years agoGnuTLS: multiple server certs, OCSP stapling. Bug 2092
Jeremy Harris [Sun, 3 Dec 2017 22:40:43 +0000 (22:40 +0000)]
GnuTLS: multiple server certs, OCSP stapling.  Bug 2092

6 years agoTestsuite: regen certs trees, now with OCSP response for one EC cert
Jeremy Harris [Sun, 3 Dec 2017 23:54:13 +0000 (23:54 +0000)]
Testsuite: regen certs trees, now with OCSP response for one EC cert

6 years agoDocs: clarify smtp transport tls_verify_certificates option
Jeremy Harris [Sun, 3 Dec 2017 20:36:12 +0000 (20:36 +0000)]
Docs: clarify smtp transport tls_verify_certificates option

6 years agoDKIM: Ignore non-DKIM TXT records in DNS response. Bug 2207
Heiko Schlittermann (HS12-RIPE) [Sun, 3 Dec 2017 17:17:43 +0000 (18:17 +0100)]
DKIM: Ignore non-DKIM TXT records in DNS response. Bug 2207

6 years agoFix initialiser in smtp transport
Jeremy Harris [Sat, 2 Dec 2017 21:11:46 +0000 (21:11 +0000)]
Fix initialiser in smtp transport

Broken-by: 838d897c8e
6 years agoDocs: add notes on lack of multiple-OCSP-proof support
Jeremy Harris [Sat, 2 Dec 2017 20:10:18 +0000 (20:10 +0000)]
Docs: add notes on lack of multiple-OCSP-proof support

This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation

6 years agoChange log update
Jeremy Harris [Tue, 28 Nov 2017 20:44:14 +0000 (20:44 +0000)]
Change log update

6 years agoChunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201
Heiko Schlittermann (HS12-RIPE) [Mon, 27 Nov 2017 21:42:33 +0000 (22:42 +0100)]
Chunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201

6 years agoLogging: fix log line for local_scan() rejection
Jeremy Harris [Sun, 26 Nov 2017 15:28:26 +0000 (15:28 +0000)]
Logging: fix log line for local_scan() rejection

6 years agoDKIM: fix tolerating spaces round tag values
Jeremy Harris [Sun, 26 Nov 2017 15:26:42 +0000 (15:26 +0000)]
DKIM: fix tolerating spaces round tag values

6 years agoFix filename length check in mime-handling
Jeremy Harris [Sun, 26 Nov 2017 15:22:38 +0000 (15:22 +0000)]
Fix filename length check in mime-handling

6 years agotidying
Jeremy Harris [Sun, 26 Nov 2017 15:20:04 +0000 (15:20 +0000)]
tidying

6 years agoFix initialiser in smtp transport
Jeremy Harris [Sat, 2 Dec 2017 21:11:46 +0000 (21:11 +0000)]
Fix initialiser in smtp transport

Broken-by: 838d897c8e
6 years agoDocs: add notes on lack of multiple-OCSP-proof support
Jeremy Harris [Sat, 2 Dec 2017 20:10:18 +0000 (20:10 +0000)]
Docs: add notes on lack of multiple-OCSP-proof support

This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation

6 years agoDebug: fix coding in dnssec reporting. Bug 2205
Jeremy Harris [Fri, 1 Dec 2017 22:43:19 +0000 (22:43 +0000)]
Debug: fix coding in dnssec reporting.  Bug 2205

6 years agoTLS: avoid calling smtp_auth_acl on client cert when no tls authenticator is configured
Jeremy Harris [Wed, 29 Nov 2017 23:22:34 +0000 (23:22 +0000)]
TLS: avoid calling smtp_auth_acl on client cert when no tls authenticator is configured

6 years agoTLS: Fix excessive calling of smtp_auth_acl under AUTH_TLS. Bug 2203
Jeremy Harris [Wed, 29 Nov 2017 22:18:18 +0000 (22:18 +0000)]
TLS: Fix excessive calling of smtp_auth_acl under AUTH_TLS.  Bug 2203

6 years agoChange log update
Jeremy Harris [Tue, 28 Nov 2017 20:44:14 +0000 (20:44 +0000)]
Change log update

6 years agoChunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201
Heiko Schlittermann (HS12-RIPE) [Mon, 27 Nov 2017 21:42:33 +0000 (22:42 +0100)]
Chunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201

6 years agoLogging: fix log line for local_scan() rejection
Jeremy Harris [Sun, 26 Nov 2017 15:28:26 +0000 (15:28 +0000)]
Logging: fix log line for local_scan() rejection

6 years agoDKIM: fix tolerating spaces round tag values
Jeremy Harris [Sun, 26 Nov 2017 15:26:42 +0000 (15:26 +0000)]
DKIM: fix tolerating spaces round tag values

6 years agoFix filename length check in mime-handling
Jeremy Harris [Sun, 26 Nov 2017 15:22:38 +0000 (15:22 +0000)]
Fix filename length check in mime-handling

6 years agotidying
Jeremy Harris [Sun, 26 Nov 2017 15:20:04 +0000 (15:20 +0000)]
tidying

6 years agotidying
Jeremy Harris [Sat, 25 Nov 2017 21:05:53 +0000 (21:05 +0000)]
tidying

6 years agoReplace the store_release() internal interface, which was excessively unsafe.
Jeremy Harris [Sat, 25 Nov 2017 20:24:00 +0000 (20:24 +0000)]
Replace the store_release() internal interface, which was excessively unsafe.
The new store_newblock() includes the required safety checck, plus the alocate
and data-copy operations.

6 years agoMerge branch 'master' into 4.next
Jeremy Harris [Sat, 25 Nov 2017 19:39:32 +0000 (19:39 +0000)]
Merge branch 'master' into 4.next

6 years agoChange note for 445d03d4ea
Jeremy Harris [Sat, 25 Nov 2017 16:21:14 +0000 (16:21 +0000)]
Change note for 445d03d4ea

6 years agoAvoid release of store if there have been later allocations. Bug 2199
Jeremy Harris [Fri, 24 Nov 2017 20:22:33 +0000 (20:22 +0000)]
Avoid release of store if there have been later allocations.  Bug 2199

6 years agoAdd comment on GnuTLS library debugging facility
Jeremy Harris [Fri, 24 Nov 2017 20:24:40 +0000 (20:24 +0000)]
Add comment on GnuTLS library debugging facility

7 years agoTestsuite: more pre-run configuration checks
Jeremy Harris [Sat, 18 Nov 2017 15:22:48 +0000 (15:22 +0000)]
Testsuite: more pre-run configuration checks

7 years agotidying
Jeremy Harris [Thu, 16 Nov 2017 20:46:10 +0000 (20:46 +0000)]
tidying

7 years agoTestsuite: delays for debug output ordering (again)
Jeremy Harris [Thu, 16 Nov 2017 18:31:23 +0000 (18:31 +0000)]
Testsuite: delays for debug output ordering (again)

7 years agoOpenSSL: avoid using now-deprecated routines on newer versions
Jeremy Harris [Thu, 16 Nov 2017 12:12:48 +0000 (12:12 +0000)]
OpenSSL: avoid using now-deprecated routines on newer versions

7 years agoTestsuite: OpenSSL/LibreSSL version output variances
Jeremy Harris [Wed, 15 Nov 2017 23:24:23 +0000 (23:24 +0000)]
Testsuite: OpenSSL/LibreSSL version output variances

7 years agoTestsuite: OpenSSL/LibreSSL version output variances
Jeremy Harris [Wed, 15 Nov 2017 22:09:10 +0000 (22:09 +0000)]
Testsuite: OpenSSL/LibreSSL version output variances

7 years agoTestsuite: OpenSSL/LibreSSL version output variances
Jeremy Harris [Wed, 15 Nov 2017 20:38:19 +0000 (20:38 +0000)]
Testsuite: OpenSSL/LibreSSL version output variances

7 years agoTestsuite: better debug output from "server" script-runner
Jeremy Harris [Wed, 15 Nov 2017 19:06:00 +0000 (19:06 +0000)]
Testsuite: better debug output from "server" script-runner

7 years agoTestsuite: delays for debug output ordering
Jeremy Harris [Wed, 15 Nov 2017 18:56:21 +0000 (18:56 +0000)]
Testsuite: delays for debug output ordering

OpenBSD seems to prioritize the child of a fork; Linux & FreeBSD the parent

7 years agoTestsuite: force RSA auth for testcase loading dual certs
Jeremy Harris [Wed, 15 Nov 2017 18:38:44 +0000 (18:38 +0000)]
Testsuite: force RSA auth for testcase loading dual certs

More recent OpenSSL versions (1.1.0) reasonably prefer ECDSA when available,
where older (1.0.2) preferred RSA