summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2015-12-07 15:22:38 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2015-12-07 15:22:38 +0000
commit74f150bf80451e34b2fae10c14019e37d644420a (patch)
tree5a29e51aa433e9675206bbfca5ebd5e9e6bd5514
parent6ae08012cf21a8e168bc8e89f56e43c96604da2c (diff)
SOCKS: move from Experimental to mainline
-rw-r--r--doc/doc-docbook/spec.xfpt85
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--doc/doc-txt/experimental-spec.txt41
-rw-r--r--src/src/EDITME10
-rw-r--r--src/src/config.h.defaults4
-rw-r--r--src/src/exim.c16
-rw-r--r--src/src/smtp_out.c6
-rw-r--r--src/src/transports/smtp.c4
-rw-r--r--src/src/transports/smtp.h4
-rw-r--r--src/src/transports/smtp_socks.c2
-rw-r--r--test/scripts/4020-socks/REQUIRES2
-rw-r--r--test/scripts/4028-GnuTLS-socks/REQUIRES2
-rw-r--r--test/scripts/4029-OpenSSL-socks/REQUIRES2
13 files changed, 119 insertions, 62 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 8b2bb4dab..677b4ef50 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -23729,6 +23729,14 @@ Alternatively, if the value of &%size_addition%& is set negative, it disables
the use of the SIZE option altogether.
+.new
+.option socks_proxy smtp string&!! unset
+.cindex proxy SOCKS
+This option enables use of SOCKS proxies for connections made by the
+transport. For details see &<<SECTproxySOCKS>>&.
+.wen
+
+
.option tls_certificate smtp string&!! unset
.cindex "TLS" "client certificate, location of"
.cindex "certificate" "client, location of"
@@ -38008,6 +38016,83 @@ for more information of what they mean.
. ////////////////////////////////////////////////////////////////////////////
. ////////////////////////////////////////////////////////////////////////////
+.chapter "Proxies" "CHAPproxies" &&&
+ "Proxy support"
+.cindex "proxy support"
+.cindex "proxy" "access via"
+
+.new
+A proxy is an intermediate system through which communication is passed.
+Proxies may provide a security, availability or load-distribution function.
+
+.section "Outbound proxies" SECTproxySOCKS
+.cindex proxy outbound
+.cindex proxy "client side"
+.cindex proxy SOCKS
+.cindex SOCKS proxy
+Exim has support for sending outbound SMTP via a proxy
+using a protocol called SOCKS5 (defined by RFC1928).
+The support can be removed by defining DISABLE_SOCKS=yes in Local/Makefile.
+
+Use of a proxy is enabled by setting the &%socks_proxy%& on an smtp transport.
+The option value is expanded and should then be a list
+(colon-separated by default) of proxy specifiers.
+Each proxy specifier is a list
+(space-separated by default) where the initial element
+is an IP address and any subsequent elements are options.
+
+Options are a string <name>=<value>.
+The list of options is in the following table:
+.display
+&`auth `& authentication method
+&`name `& authentication username
+&`pass `& authentication password
+&`port `& tcp port
+&`tmo `& connection timeout
+&`pri `& priority
+&`weight `& selection bias
+.endd
+
+More details on each of these options follows:
+
+.ilist
+.cindex authentication "to proxy"
+.cindex proxy authentication
+&%auth%&: Either &"none"& (default) or &"name"&.
+Using &"name"& selects username/password authentication per RFC 1929
+for access to the proxy.
+Default is &"none"&.
+.next
+&%name%&: sets the username for the &"name"& authentication method.
+Default is empty.
+.next
+&%pass%&: sets the password for the &"name"& authentication method.
+Default is empty.
+.next
+&%port%&: the TCP port number to use for the connection to the proxy.
+Default is 1080.
+.next
+&%tmo%&: sets a connection timeout in seconds for this proxy.
+Default is 5.
+.next
+&%pri%&: specifies a priority for the proxy within the list,
+higher values being tried first.
+The default priority is 1.
+.next
+&%weight%&: specifies a selection bias.
+Within a priority set servers are queried in a random fashion,
+weighted by this value.
+The default value for selection bias is 1.
+.endlist
+
+Proxies from the list are tried according to their priority
+and weight settings until one responds. The timeout for the
+overall connection applies to the set of proxied attempts.
+.wen
+
+. ////////////////////////////////////////////////////////////////////////////
+. ////////////////////////////////////////////////////////////////////////////
+
.chapter "Adding new drivers or lookup types" "CHID13" &&&
"Adding drivers or lookups"
.cindex "adding drivers"
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 20623997f..e78f49cf4 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -112,6 +112,9 @@ JH/21 Bug 1720: Add support for priority groups and weighted-random proxy
JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalisation
for DKIM processing.
+JH/23 Move SOCKS5 support from Experimental to mainline. It can be left out
+ from a build by defining DISABLE_SOCKS.
+
Exim version 4.86
-----------------
diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt
index 18a5fd917..f0f1035ea 100644
--- a/doc/doc-txt/experimental-spec.txt
+++ b/doc/doc-txt/experimental-spec.txt
@@ -880,6 +880,9 @@ following will be forced:
No other use is made of the result string.
+If transport proxying is used, the remote IP/port during a
+tcp:connect event will be that of the proxy.
+
Known issues:
- the tls:cert event is only called for the cert chain elements
@@ -1115,44 +1118,6 @@ QUIT
-SOCKS
-------------------------------------------------------------
-Support for proxying outbound SMTP via a Socks 5 proxy
-(RFC 1928) is included if Exim is compiled with
-EXPERIMENTAL_SOCKS defined.
-
-If an smtp transport has a nonempty socks_proxy option
-defined, this is active. The option is expanded and
-should be a list (colon-separated by default) of
-proxy specifiers. Each proxy specifier is a list
-(space-separated by default) where the initial element
-is an IP address and any subsequent elements are options.
-
-Options are a string <name>=<value>.
-These options are currently defined:
-- "auth", with possible values "none" and "name".
- Using "name" selects username/password authentication
- per RFC 1929. Default is "none".
-- "name" sets the authentication username. Default is empty.
-- "pass" sets the authentication password. Default is empty.
-- "port" sets the tcp port number for the proxy. Default is 1080.
-- "tmo" sets a connection timeout in seconds for this proxy. Default is 5.
-- "pri" specifies a priority for the server within the list, higher
- values being tried first. The default priority is 1.
-- "weight" specifies a selection bias. Within a priority set servers
- are queried in a random fashion, weighted by this value. The default
- value for selection bias is 1.
-
-Proxies from the list are tried according to their priority
-and weight settings until one responds. The timeout for the
-overall connection applies to the set of proxied attempts.
-
-If events are used, the remote IP/port during a
-tcp:connect event will be that of the proxy.
-
-
-
-
DANE
------------------------------------------------------------
DNS-based Authentication of Named Entities, as applied
diff --git a/src/src/EDITME b/src/src/EDITME
index c2d95ff40..5b17e53d8 100644
--- a/src/src/EDITME
+++ b/src/src/EDITME
@@ -432,6 +432,13 @@ EXIM_MONITOR=eximon.bin
#------------------------------------------------------------------------------
+# By default Exim has support for connecting outbound via a SOCK5 proxy.
+# To remove this support uncomment the following line.
+
+# DISABLE_SOCKS=yes
+
+
+#------------------------------------------------------------------------------
# Compiling Exim with experimental features. These are documented in
# experimental-spec.txt. "Experimental" means that the way these features are
# implemented may still change. Backward compatibility is not guaranteed.
@@ -497,9 +504,6 @@ EXIM_MONITOR=eximon.bin
# Note: Enabling this unconditionally overrides DISABLE_DNSSEC
# EXPERIMENTAL_DANE=yes
-# Uncomment the following line to add SOCKS support
-# EXPERIMENTAL_SOCKS=yes
-
# Uncomment the following to add Internationalisation features. You need to
# have the IDN library installed.
# EXPERIMENTAL_INTERNATIONAL=yes
diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults
index 6af3b4d43..9ebb4f8de 100644
--- a/src/src/config.h.defaults
+++ b/src/src/config.h.defaults
@@ -41,10 +41,11 @@ it's a default value. */
#define DEFAULT_CRYPT crypt
#define DELIVER_IN_BUFFER_SIZE 8192
#define DELIVER_OUT_BUFFER_SIZE 8192
+#define DISABLE_DNSSEC
#define DISABLE_DKIM
#define DISABLE_PRDR
#define DISABLE_OCSP
-#define DISABLE_DNSSEC
+#define DISABLE_SOCKS
#define DISABLE_D_OPTION
#define ENABLE_DISABLE_FSYNC
@@ -178,7 +179,6 @@ it's a default value. */
#define EXPERIMENTAL_INTERNATIONAL
#define EXPERIMENTAL_PROXY
#define EXPERIMENTAL_REDIS
-#define EXPERIMENTAL_SOCKS
#define EXPERIMENTAL_SPF
#define EXPERIMENTAL_SRS
diff --git a/src/src/exim.c b/src/src/exim.c
index 27b73b764..a0477faa1 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -814,20 +814,23 @@ fprintf(f, "Support for:");
#ifdef WITH_CONTENT_SCAN
fprintf(f, " Content_Scanning");
#endif
-#ifndef DISABLE_DKIM
- fprintf(f, " DKIM");
-#endif
#ifdef WITH_OLD_DEMIME
fprintf(f, " Old_Demime");
#endif
+#ifndef DISABLE_DKIM
+ fprintf(f, " DKIM");
+#endif
#ifndef DISABLE_DNSSEC
fprintf(f, " DNSSEC");
#endif
+#ifndef DISABLE_OCSP
+ fprintf(f, " OCSP");
+#endif
#ifndef DISABLE_PRDR
fprintf(f, " PRDR");
#endif
-#ifndef DISABLE_OCSP
- fprintf(f, " OCSP");
+#ifndef DISABLE_SOCKS
+ fprintf(f, " SOCKS");
#endif
#ifdef EXPERIMENTAL_SPF
fprintf(f, " Experimental_SPF");
@@ -862,9 +865,6 @@ fprintf(f, "Support for:");
#ifdef EXPERIMENTAL_REDIS
fprintf(f, " Experimental_Redis");
#endif
-#ifdef EXPERIMENTAL_SOCKS
- fprintf(f, " Experimental_SOCKS");
-#endif
fprintf(f, "\n");
fprintf(f, "Lookups (built-in):");
diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c
index d32ef89b5..abc5b80fe 100644
--- a/src/src/smtp_out.c
+++ b/src/src/smtp_out.c
@@ -267,7 +267,7 @@ int
smtp_connect(host_item *host, int host_af, int port, uschar *interface,
int timeout, transport_instance * tb)
{
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
smtp_transport_options_block * ob =
(smtp_transport_options_block *)tb->options_block;
#endif
@@ -287,7 +287,7 @@ HDEBUG(D_transport|D_acl|D_v)
{
uschar * s = US" ";
if (interface) s = string_sprintf(" from %s ", interface);
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
if (ob->socks_proxy) s = string_sprintf("%svia proxy ", s);
#endif
debug_printf("Connecting to %s %s%s... ", host->name, callout_address, s);
@@ -295,7 +295,7 @@ HDEBUG(D_transport|D_acl|D_v)
/* Create and connect the socket */
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
if (ob->socks_proxy)
return socks_sock_connect(host, host_af, port, interface, tb, timeout);
#endif
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 66d632fad..fc1439e93 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -159,7 +159,7 @@ optionlist smtp_transport_options[] = {
(void *)offsetof(smtp_transport_options_block, serialize_hosts) },
{ "size_addition", opt_int,
(void *)offsetof(smtp_transport_options_block, size_addition) }
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
,{ "socks_proxy", opt_stringptr,
(void *)offsetof(smtp_transport_options_block, socks_proxy) }
#endif
@@ -249,7 +249,7 @@ smtp_transport_options_block smtp_transport_option_defaults = {
FALSE, /* lmtp_ignore_quota */
NULL, /* expand_retry_include_ip_address */
TRUE /* retry_include_ip_address */
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
,NULL /* socks_proxy */
#endif
#ifdef SUPPORT_TLS
diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h
index 2aeab9add..c77c2c5d9 100644
--- a/src/src/transports/smtp.h
+++ b/src/src/transports/smtp.h
@@ -59,7 +59,7 @@ typedef struct {
BOOL lmtp_ignore_quota;
uschar *expand_retry_include_ip_address;
BOOL retry_include_ip_address;
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
uschar *socks_proxy;
#endif
#ifdef SUPPORT_TLS
@@ -111,7 +111,7 @@ extern int smtp_auth(uschar *, unsigned, address_item *, host_item *,
extern BOOL smtp_mail_auth_str(uschar *, unsigned,
address_item *, smtp_transport_options_block *);
-#ifdef EXPERIMENTAL_SOCKS
+#ifndef DISABLE_SOCKS
extern int socks_sock_connect(host_item *, int, int, uschar *,
transport_instance *, int);
#endif
diff --git a/src/src/transports/smtp_socks.c b/src/src/transports/smtp_socks.c
index 6d4e072eb..a7d4e106f 100644
--- a/src/src/transports/smtp_socks.c
+++ b/src/src/transports/smtp_socks.c
@@ -10,7 +10,7 @@
#include "../exim.h"
#include "smtp.h"
-#ifdef EXPERIMENTAL_SOCKS /* entire file */
+#ifndef DISABLE_SOCKS /* entire file */
#ifndef nelem
# define nelem(arr) (sizeof(arr)/sizeof(*arr))
diff --git a/test/scripts/4020-socks/REQUIRES b/test/scripts/4020-socks/REQUIRES
index 135603c74..5c6dbbad6 100644
--- a/test/scripts/4020-socks/REQUIRES
+++ b/test/scripts/4020-socks/REQUIRES
@@ -1 +1 @@
-support Experimental_SOCKS
+support SOCKS
diff --git a/test/scripts/4028-GnuTLS-socks/REQUIRES b/test/scripts/4028-GnuTLS-socks/REQUIRES
index 0b41941ac..5accf7bf3 100644
--- a/test/scripts/4028-GnuTLS-socks/REQUIRES
+++ b/test/scripts/4028-GnuTLS-socks/REQUIRES
@@ -1,4 +1,4 @@
-support Experimental_SOCKS
+support SOCKS
support GnuTLS
running IPv4
running socks
diff --git a/test/scripts/4029-OpenSSL-socks/REQUIRES b/test/scripts/4029-OpenSSL-socks/REQUIRES
index b24bbd9a0..d42ca4cee 100644
--- a/test/scripts/4029-OpenSSL-socks/REQUIRES
+++ b/test/scripts/4029-OpenSSL-socks/REQUIRES
@@ -1,4 +1,4 @@
-support Experimental_SOCKS
+support SOCKS
support OpenSSL
running IPv4
running socks