users/jgh/exim.git
6 years agotests: propagate CPPFLAGS into build invocations
Phil Pennock [Sat, 15 Sep 2018 00:55:33 +0000 (20:55 -0400)]
tests: propagate CPPFLAGS into build invocations

With openssl installed by brew on macOS, OpenSSL headers are not in a
normal place.  I can fiddle with LDFLAGS/CPPFLAGS to get them available,
but then the `./configure` step succeeds and build fails.

Propagating the CPPFLAGS into the generated Makefile lets the build
succeed and we get a `client-ssl` binary output.

6 years agoRestore Darwin OS configuration
Phil Pennock [Fri, 14 Sep 2018 17:43:02 +0000 (13:43 -0400)]
Restore Darwin OS configuration

MacStadium are providing us with free Mac Mini hosting as part of their
FOSS support.  I'm about to set it up.  Let's have out-of-repo tuning in
place before I begin.

6 years agoCheck returncode from SSL_CTX_set_cipher_list()
Jeremy Harris [Thu, 13 Sep 2018 16:17:22 +0000 (17:17 +0100)]
Check returncode from SSL_CTX_set_cipher_list()

6 years agoUnbreak test 0600 (copy/paste error)
Phil Pennock [Tue, 11 Sep 2018 00:28:34 +0000 (20:28 -0400)]
Unbreak test 0600 (copy/paste error)

6 years agoDocs: document ancillary info for more event types. Bug 2313
Matthias Kurz [Mon, 10 Sep 2018 13:40:38 +0000 (14:40 +0100)]
Docs: document ancillary info for more event types.  Bug 2313

Patch from Matthias, with additional code indentation tweaks from JGH

6 years agodocs: unbreak spec build
Phil Pennock [Mon, 10 Sep 2018 02:24:39 +0000 (22:24 -0400)]
docs: unbreak spec build

I've created a homebrew tap with sdop and xfpt in it, so I can install
those more easily on macOS in the future, and now have bothered actually
building the docs.  `.url()` should have been `&url()` in two places.

The `make spec.pdf` pipeline yields a document where those are not
clickable links, but if i use `make spec.ps` and let macOS auto-convert
to PDF upon open, those are proper clickable hyperlinks.  So this switch
is definitely for the better.

6 years agoDANE - testcase for fail under GnuTLS with TA-mode to a selfsigned server cert
Jeremy Harris [Sat, 8 Sep 2018 18:31:49 +0000 (19:31 +0100)]
DANE - testcase for fail under GnuTLS with TA-mode to a selfsigned server cert

6 years agoDocs: more indexing of affix-related bits
Jeremy Harris [Thu, 6 Sep 2018 12:18:45 +0000 (13:18 +0100)]
Docs: more indexing of affix-related bits

6 years agoFix broken doc links and http→https where possible
Phil Pennock [Fri, 7 Sep 2018 17:56:27 +0000 (13:56 -0400)]
Fix broken doc links and http→https where possible

I got a cookie-cutter email from folks noting the modssl.org doc links
were broken and asking us to use their site instead, which was both
helpful and a rather heavy page with advertising on it, so not something
I want our docs to link to.

Fixed the modssl link to point to the correct current Apache docs, since
mod_ssl has not been a separate project for … a very long time.

Audited every `http:` link in the Spec, replacing with https if
available, updating URLs as needed, or trimming deadwood as appropriate.
This did edit one license text, but in a way which I believe is
reasonable and in the license holder's best interests.

* Use comments with a datestamp for any remaining http: URLs, showing
  when they were last audited
* Suggest migrating away from Berkeley DB.
* Drop mention of a patched `pam_unix` module which is no longer available.
* In revamping the CDB tools links, add my own tools.
* Redo the intro text for the mod_ssl stuff (first person voice of PH).
* Rescorla's book's online examples appear to be gone; drop mention of
  them and point to Ristić's more recent book too.
* Point to wikipedia list of DNSxL services as an overview, in part
  because I dropped the reference to the defunct rfc-ignorant.org and
  there was no good candidate as an exemplar for domain-based lists.
* Note that mksd is a candidate for removal from Exim since mks_vir
  is dead.
* Drop LogReport/lire reference (dead/gone and can't find it).
* Redo proxy protocol spec-linking text.
* Replace FAQ A1701 with text saying "don't do that" (self-signed certs)
  and just telling people to use a CA instead, pointing strongly to
  Let's Encrypt.  We did nobody any favors with that old text still
  being present today (it was entirely appropriate when written).

6 years agoDEBUG: db functions
Jeremy Harris [Fri, 31 Aug 2018 21:41:02 +0000 (22:41 +0100)]
DEBUG: db functions

6 years agoRefactor authenticators API to take an (opaque) smtp connection context
Jeremy Harris [Wed, 29 Aug 2018 18:10:41 +0000 (19:10 +0100)]
Refactor authenticators API to take an (opaque) smtp connection context

6 years agoDo not use arc4random_stir() directly (Bug 2304)
Xin Li [Mon, 27 Aug 2018 09:32:51 +0000 (11:32 +0200)]
Do not use arc4random_stir() directly (Bug 2304)

arc4random_stir should not be used directly (it's fully automated after
FreeBSD r227520, or approximately __FreeBSD_version 1000002), the
interface will be removed from FreeBSD soon (bugs.freebsd.org/230756).

Patch was from bugs.freebsd.org/230826.

6 years agoUse single-bit fields for file-global flags in smtp_in
Jeremy Harris [Thu, 23 Aug 2018 11:34:38 +0000 (12:34 +0100)]
Use single-bit fields for file-global flags in smtp_in

6 years agoDMARC: Fix forensic-report envelopes to permit non-null. Bug 1896
Jeremy Harris [Wed, 22 Aug 2018 23:05:28 +0000 (00:05 +0100)]
DMARC: Fix forensic-report envelopes to permit non-null.  Bug 1896

6 years agoFix no-SSL, with-SOCKS build
Jeremy Harris [Wed, 22 Aug 2018 22:01:53 +0000 (23:01 +0100)]
Fix no-SSL, with-SOCKS build

6 years agoTestsuite: fix CHUNKING tests for no-DKIM build
Jeremy Harris [Wed, 22 Aug 2018 22:01:30 +0000 (23:01 +0100)]
Testsuite: fix CHUNKING tests for no-DKIM build

6 years agoUse single-bit fields for global flags
Jeremy Harris [Wed, 22 Aug 2018 19:46:11 +0000 (20:46 +0100)]
Use single-bit fields for global flags

6 years agoLogging: server pipelining offer but no uptake
Jeremy Harris [Wed, 22 Aug 2018 12:20:54 +0000 (13:20 +0100)]
Logging: server pipelining offer but no uptake

6 years agotidying
Jeremy Harris [Tue, 21 Aug 2018 21:31:27 +0000 (22:31 +0100)]
tidying

6 years agoBuiltin macros for log_selector values
Jeremy Harris [Mon, 20 Aug 2018 11:46:16 +0000 (12:46 +0100)]
Builtin macros for log_selector values

6 years agoTidying: indentation
Jeremy Harris [Sun, 19 Aug 2018 18:29:30 +0000 (19:29 +0100)]
Tidying: indentation

6 years agoDebug: indent builtin-DB operations
Jeremy Harris [Sun, 19 Aug 2018 13:53:40 +0000 (14:53 +0100)]
Debug: indent builtin-DB operations

6 years agoLogging: pipelining log_selector
Jeremy Harris [Sat, 18 Aug 2018 18:45:36 +0000 (19:45 +0100)]
Logging: pipelining log_selector

6 years agounbreak test: s/log_write/logwrite/
Phil Pennock [Mon, 20 Aug 2018 18:09:14 +0000 (14:09 -0400)]
unbreak test: s/log_write/logwrite/

6 years agoUTF8/locale: document constraints on current expansions.
Phil Pennock [Sat, 18 Aug 2018 02:06:48 +0000 (22:06 -0400)]
UTF8/locale: document constraints on current expansions.

6 years agoFix utf8clean not replacing incomplete final character
Phil Pennock [Fri, 17 Aug 2018 01:17:32 +0000 (21:17 -0400)]
Fix utf8clean not replacing incomplete final character

Before, it was just dropped, but we document that it's replaced by ?.

Tests updated, manual test-case for -be prompt is:

    ${utf8clean:${length_1:フィル}}

6 years agoFix logging all_parents for cutthrough delivery. Bug 2296
Jeremy Harris [Sat, 11 Aug 2018 13:45:42 +0000 (14:45 +0100)]
Fix logging all_parents for cutthrough delivery.  Bug 2296

6 years agoFix cutthrough delivery for more than one iteration of address redirection. Bug...
Jeremy Harris [Thu, 9 Aug 2018 19:37:42 +0000 (20:37 +0100)]
Fix cutthrough delivery for more than one iteration of address redirection.  Bug 2296

6 years agoDocs: add explicit warning on spoolfile formats
Jeremy Harris [Sun, 5 Aug 2018 12:58:40 +0000 (13:58 +0100)]
Docs: add explicit warning on spoolfile formats

6 years ago18N: fix docs for option name. Bug 2246
Gedalya [Sat, 4 Aug 2018 13:27:46 +0000 (14:27 +0100)]
18N: fix docs for option name.  Bug 2246

Incorrect at introduction in 71c158466d.

6 years agoREQUIRETLS: amplify docs discussion
Jeremy Harris [Sun, 29 Jul 2018 14:27:03 +0000 (15:27 +0100)]
REQUIRETLS: amplify docs discussion

6 years agoMake -n work with macros too
Phil Pennock [Tue, 31 Jul 2018 19:54:17 +0000 (15:54 -0400)]
Make -n work with macros too

Have `exim -n -bP macro FOO` just print the value of the macro `FOO`,
without the `name=` prefix.

This is the same handling as used for option values.

If the invoker asks for multiple macros in one invocation, with `-n`,
then that's their problem.

6 years agoI18N: add a utf8_downconvert option to the smtp transport. Bug 2248
Jeremy Harris [Sat, 28 Jul 2018 19:48:19 +0000 (20:48 +0100)]
I18N: add a utf8_downconvert option to the smtp transport.  Bug 2248

6 years agoSupport REQUIRETLS
Jeremy Harris [Fri, 27 Jul 2018 16:56:39 +0000 (17:56 +0100)]
Support REQUIRETLS

6 years agoFix non-EVENTS build
Jeremy Harris [Fri, 20 Jul 2018 15:19:34 +0000 (16:19 +0100)]
Fix non-EVENTS build

Broken-by: c4b57fddca
6 years agoTestsuite: restore rspamd testcase
Jeremy Harris [Wed, 18 Jul 2018 22:13:54 +0000 (23:13 +0100)]
Testsuite: restore rspamd testcase
Missed from 611b1961b8.

6 years agoI18N: reject SMTPUTF8 MAIL command when facility not advertised
Jeremy Harris [Wed, 18 Jul 2018 21:59:14 +0000 (22:59 +0100)]
I18N: reject SMTPUTF8 MAIL command when facility not advertised

6 years agoI18N: Fix protocol recorded for a multi-SMTPUTF8-message connection. Bug 2287
Jeremy Harris [Wed, 18 Jul 2018 21:16:38 +0000 (22:16 +0100)]
I18N: Fix protocol recorded for a multi-SMTPUTF8-message connection.  Bug 2287

6 years agoDocs: clarify rolled-up dkim status availability in data ACL
Jeremy Harris [Wed, 18 Jul 2018 20:44:56 +0000 (21:44 +0100)]
Docs: clarify rolled-up dkim status availability in data ACL

6 years agodoc: DANE: don't claim TA can be elided from chain
Phil Pennock [Fri, 13 Jul 2018 16:24:26 +0000 (12:24 -0400)]
doc: DANE: don't claim TA can be elided from chain

While technically an implementation can choose to use a public TA from
DNS or elsewhere to populate a missing TA from the chain, that creates
interoperability issues and the OpenSSL integration code, at least,
doesn't support that and after a bit of work drilling through layers of
abstraction, I've not figured out what GnuTLS does and I've decided I
don't care.

So I'm heeding Viktor's advice and changing the docs to just say to
publish the TA in the chain sent by the server.

6 years agonit typo
Phil Pennock [Wed, 11 Jul 2018 00:16:23 +0000 (20:16 -0400)]
nit typo

6 years agoDocument problems with SHA-1 in certs with DANE-TA
Phil Pennock [Tue, 10 Jul 2018 18:35:58 +0000 (14:35 -0400)]
Document problems with SHA-1 in certs with DANE-TA

Very few domains are using SHA-1 in EE certs issued from a CA used in
DANE-TA anchoring, but some are.  Meanwhile apparently GnuTLS now
defaults to disabling SHA-1 in chains.  Which is eminently reasonable.

I do not believe that Exim should re-enable use of SHA-1 here.  Let it
die.  Document with warnings that folks using a private CA for certs to
be publicly trusted via DANE-TA should follow decent operational
issuance practices.

Also update my Channel Binding docs for GSASL to warn that Channel
Binding is Broken™.

6 years agoCallouts: enhance debug message
Jeremy Harris [Thu, 28 Jun 2018 21:07:28 +0000 (22:07 +0100)]
Callouts: enhance debug message

6 years agoTestsuite: tweak instructions for running the suite
Jeremy Harris [Thu, 28 Jun 2018 11:28:09 +0000 (12:28 +0100)]
Testsuite: tweak instructions for running the suite

6 years agoRestore rsmapd support
Jeremy Harris [Wed, 27 Jun 2018 19:28:02 +0000 (20:28 +0100)]
Restore rsmapd support

Following discussions on the exim-user mailinglist it seems that the conclusion
that the interface was nonfunctioning was unwarranted.

6 years agotidying
Jeremy Harris [Tue, 26 Jun 2018 13:52:39 +0000 (14:52 +0100)]
tidying

6 years agoMerge branch 'rspamd-removal'
Jeremy Harris [Tue, 26 Jun 2018 11:02:56 +0000 (12:02 +0100)]
Merge branch 'rspamd-removal'

6 years agoRevert "Support Rspamd. Patch from Andrew Lewis, lightly editorialised"
Jeremy Harris [Sat, 16 Jun 2018 17:08:09 +0000 (18:08 +0100)]
Revert "Support Rspamd.  Patch from Andrew Lewis, lightly editorialised"

This reverts commit c5f280e20a8e3ecd5f016b8fb34a436588915ed2.

6 years agoRevert "Rspamd: add $authenticated_id as User to scan command"
Jeremy Harris [Sat, 16 Jun 2018 17:22:47 +0000 (18:22 +0100)]
Revert "Rspamd: add $authenticated_id as User to scan command"

This reverts commit 6c54be6459b83b955fbd2fd6d6a844f80c98427a.

6 years agoRevert "Spamd: add missing initialiser. Rspamd mode was incorrectly sometimes seen."
Jeremy Harris [Sat, 16 Jun 2018 13:45:44 +0000 (14:45 +0100)]
Revert "Spamd: add missing initialiser.  Rspamd mode was incorrectly sometimes seen."

This reverts commit e718bd6285cb0fb45b74b6fc00b7737590dcaa60.

6 years agoRevert "Do not use shutdown() when talking to rspamd. Fixes 1802"
Jeremy Harris [Sat, 16 Jun 2018 13:45:40 +0000 (14:45 +0100)]
Revert "Do not use shutdown() when talking to rspamd. Fixes 1802"

This reverts commit 416a0be6df0697848ca551dd3243b652e763792d.

6 years agoRevert "Testsuite: limited support for Content-length:"
Jeremy Harris [Sat, 16 Jun 2018 13:45:32 +0000 (14:45 +0100)]
Revert "Testsuite: limited support for Content-length:"

This reverts commit f6f239461fd62b3a4f3142b6b2a85f8f65eee486.

6 years agoRevert "Avoid repeated string-copy building command-string for rspamd"
Jeremy Harris [Sat, 16 Jun 2018 13:41:14 +0000 (14:41 +0100)]
Revert "Avoid repeated string-copy building command-string for rspamd"

This reverts commit 5df838645bcdb135355205a115bf918c85987caf.

6 years agoUnbreak non-DANE build
Jeremy Harris [Tue, 26 Jun 2018 11:01:15 +0000 (12:01 +0100)]
Unbreak non-DANE build

Broken-by: afdb5e9cf0
6 years agoExpansions: A tls option on ${readsocket }. Bug 2282
Jeremy Harris [Wed, 20 Jun 2018 23:04:25 +0000 (00:04 +0100)]
Expansions: A tls option on ${readsocket }.  Bug 2282

6 years agoARC: Fix verification to do AS checks in reverse order
Jeremy Harris [Mon, 25 Jun 2018 11:08:37 +0000 (12:08 +0100)]
ARC: Fix verification to do AS checks in reverse order

Broken from the original introduction (617d39327e)

6 years agoFix mutiple message send under TLS
Jeremy Harris [Sun, 24 Jun 2018 19:30:23 +0000 (20:30 +0100)]
Fix mutiple message send under TLS

Broken-by: 74f1a42304
6 years agoTLS: rework client-side use with an explicit context rather than a global
Jeremy Harris [Thu, 21 Jun 2018 18:16:29 +0000 (19:16 +0100)]
TLS: rework client-side use with an explicit context rather than a global

6 years agoTestsuite: workaround older-perl bug
Jeremy Harris [Mon, 18 Jun 2018 11:30:54 +0000 (12:30 +0100)]
Testsuite: workaround older-perl bug

6 years agoTestsuite: missing output files
Jeremy Harris [Thu, 21 Jun 2018 17:22:56 +0000 (18:22 +0100)]
Testsuite: missing output files

6 years agoDKIM: Fix signing for body lines starting with a pair of dots. Bug 2284
Jeremy Harris [Thu, 21 Jun 2018 16:03:38 +0000 (17:03 +0100)]
DKIM: Fix signing for body lines starting with a pair of dots.  Bug 2284

Broken-by: 42055a3385
6 years agoDocs: spelling
Kirill Miazine [Thu, 21 Jun 2018 16:08:18 +0000 (17:08 +0100)]
Docs: spelling

6 years agoOpenSSL: TLSv1.3 notes
Jeremy Harris [Wed, 20 Jun 2018 19:28:54 +0000 (20:28 +0100)]
OpenSSL: TLSv1.3 notes

6 years agoOpenSSL: enable use of TLS 1.3 (with OpenSSL 1.1.0 and later)
Jeremy Harris [Thu, 14 Jun 2018 20:28:19 +0000 (21:28 +0100)]
OpenSSL: enable use of TLS 1.3  (with OpenSSL 1.1.0 and later)

6 years agoAdd client-ip info to non-pass iprev ${authres } lines
Jeremy Harris [Thu, 14 Jun 2018 10:04:22 +0000 (11:04 +0100)]
Add client-ip info to non-pass iprev ${authres } lines

6 years agoClarify the socket address family (UNIX) for server_socket (dovecot)
Heiko Schlittermann (HS12-RIPE) [Tue, 12 Jun 2018 13:09:18 +0000 (15:09 +0200)]
Clarify the socket address family (UNIX) for server_socket (dovecot)

Wishlist item (#2280) is created for INET connections.
See https://bugs.exim.org/show_bug.cgi?id=2280

6 years agoDKIM: support timestamp and expiry tags in signing. Bug 2260
Jeremy Harris [Sat, 9 Jun 2018 20:39:44 +0000 (21:39 +0100)]
DKIM: support timestamp and expiry tags in signing.  Bug 2260

6 years agoFollow CNAME chains only one step. Bug 2264
Jeremy Harris [Thu, 7 Jun 2018 17:08:22 +0000 (18:08 +0100)]
Follow CNAME chains only one step.  Bug 2264

6 years agoARC: Fix signing for case when DKIM signing failed
Jeremy Harris [Thu, 7 Jun 2018 15:24:31 +0000 (16:24 +0100)]
ARC: Fix signing for case when DKIM signing failed

6 years agoChange-log
Jeremy Harris [Wed, 6 Jun 2018 10:15:21 +0000 (11:15 +0100)]
Change-log

6 years agoFix logging of cmdline args when starting in an unlinked cwd. Bug 2274
Jeremy Harris [Wed, 6 Jun 2018 09:41:51 +0000 (10:41 +0100)]
Fix logging of cmdline args when starting in an unlinked cwd.  Bug 2274

6 years agoUse serial number 1 for self-generated selfsigned certificate
Jeremy Harris [Thu, 24 May 2018 15:28:20 +0000 (16:28 +0100)]
Use serial number 1 for self-generated selfsigned certificate

Broken-by: 23bb69826c
6 years agoARC: better diagnostics for keyfile issues
Jeremy Harris [Thu, 17 May 2018 08:27:49 +0000 (09:27 +0100)]
ARC: better diagnostics for keyfile issues

6 years agoDMARC: do not wipe values set by config options, between message receptions
Jeremy Harris [Sun, 20 May 2018 17:26:00 +0000 (18:26 +0100)]
DMARC: do not wipe values set by config options, between message receptions

Broken-by: b4757e3611
6 years agoDocs: add note on DKIM signing-limit security
Jeremy Harris [Thu, 17 May 2018 10:18:04 +0000 (11:18 +0100)]
Docs: add note on DKIM signing-limit security

6 years agoSafer handling of argument-logging memory of cwd
Phil Pennock [Sat, 19 May 2018 16:09:55 +0000 (12:09 -0400)]
Safer handling of argument-logging memory of cwd

6 years agoTestsuite: output changes arising
Jeremy Harris [Wed, 16 May 2018 21:15:55 +0000 (22:15 +0100)]
Testsuite: output changes arising

6 years agoCallouts: record succeeding random local-part tests. Bug 177
Jeremy Harris [Sun, 13 May 2018 21:02:59 +0000 (22:02 +0100)]
Callouts: record succeeding random local-part tests.  Bug 177

6 years agoContent scanning: Fix locking on message spool files. Bug 2275
Jeremy Harris [Fri, 11 May 2018 17:02:29 +0000 (18:02 +0100)]
Content scanning: Fix locking on message spool files.  Bug 2275

6 years agoDon't open spool data-files which are symlinks
Phil Pennock [Tue, 15 May 2018 23:04:34 +0000 (19:04 -0400)]
Don't open spool data-files which are symlinks

6 years agoARC: fix crash on signing with missing key file
Jeremy Harris [Fri, 11 May 2018 15:26:17 +0000 (16:26 +0100)]
ARC: fix crash on signing with missing key file

6 years ago-bV: include the CONFIGURE_FILE path if it contains a ':'
Heiko Schlittermann (HS12-RIPE) [Wed, 9 May 2018 13:46:47 +0000 (15:46 +0200)]
-bV: include the CONFIGURE_FILE path if it contains a ':'

6 years agotidying
Jeremy Harris [Mon, 7 May 2018 13:42:35 +0000 (14:42 +0100)]
tidying

6 years agoCutthrough: fix race resulting in duplicate-delivery. Bug 2273
Jeremy Harris [Sat, 5 May 2018 20:29:44 +0000 (21:29 +0100)]
Cutthrough: fix race resulting in duplicate-delivery.  Bug 2273

6 years agotidying
Jeremy Harris [Tue, 1 May 2018 21:50:47 +0000 (22:50 +0100)]
tidying

6 years agoFix typo in readconf.c
Heiko Schlittermann (HS12-RIPE) [Thu, 3 May 2018 07:22:53 +0000 (09:22 +0200)]
Fix typo in readconf.c

6 years agoExpansions: new ${lheader:<name>}. Bug 2272
Jeremy Harris [Tue, 1 May 2018 16:45:21 +0000 (17:45 +0100)]
Expansions: new ${lheader:<name>}.  Bug 2272

6 years agotidying
Jeremy Harris [Sun, 29 Apr 2018 14:10:27 +0000 (15:10 +0100)]
tidying

6 years agoDocs: minor fixes
Jeremy Harris [Sat, 28 Apr 2018 12:09:04 +0000 (13:09 +0100)]
Docs: minor fixes

6 years agoARC: add $arc_oldest_pass variable, for verify
Jeremy Harris [Wed, 25 Apr 2018 21:30:31 +0000 (22:30 +0100)]
ARC: add $arc_oldest_pass variable, for verify

6 years agoARC: support $arc_domains also for verify fails
Jeremy Harris [Wed, 25 Apr 2018 20:02:39 +0000 (21:02 +0100)]
ARC: support $arc_domains also for verify fails

6 years agoARC: add $arc_domains variable, for verify pass
Jeremy Harris [Tue, 24 Apr 2018 21:46:11 +0000 (22:46 +0100)]
ARC: add $arc_domains variable, for verify pass

6 years agoARC: limit verify chain to 50-deep
Jeremy Harris [Tue, 24 Apr 2018 12:07:53 +0000 (13:07 +0100)]
ARC: limit verify chain to 50-deep

6 years agoTestsuite: syslog testcase
Jeremy Harris [Mon, 23 Apr 2018 12:25:47 +0000 (13:25 +0100)]
Testsuite: syslog testcase

6 years agoDKIM: enforce limit of 20 on received DKIM-Signature: headers. Bug 2269
Jeremy Harris [Mon, 23 Apr 2018 10:26:52 +0000 (11:26 +0100)]
DKIM: enforce limit of 20 on received DKIM-Signature: headers.  Bug 2269

6 years agoImprove OpenSSL/GnuTLS; enable DNSSEC for non-smarthost
Phil Pennock [Sun, 22 Apr 2018 00:20:40 +0000 (20:20 -0400)]
Improve OpenSSL/GnuTLS; enable DNSSEC for non-smarthost

6 years agoDocs: clarify DKIM verification
Jeremy Harris [Sat, 21 Apr 2018 22:59:46 +0000 (23:59 +0100)]
Docs: clarify DKIM verification

6 years agoTLS by default for example smarthost SMTP Transport
Phil Pennock [Sat, 21 Apr 2018 00:05:53 +0000 (20:05 -0400)]
TLS by default for example smarthost SMTP Transport

And _decent_ TLS at that, with verification.

6 years agoTestsuite: output changes arising.
Jeremy Harris [Wed, 18 Apr 2018 22:43:30 +0000 (23:43 +0100)]
Testsuite: output changes arising.

Broken-by: 0e8aed8aab
6 years agoACL: reword error message for ratelimit. Bug 2267
Jeremy Harris [Wed, 18 Apr 2018 22:28:26 +0000 (23:28 +0100)]
ACL: reword error message for ratelimit.  Bug 2267