diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2020-08-26 23:43:54 +0100 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2020-08-26 23:43:54 +0100 |
commit | b6054898ace169a0e5143117397a4f666a5e7283 (patch) | |
tree | d8d479cd235b4fb448ee84d3d19f6b3eb96422a5 | |
parent | 0ae2e68e24b938ac84bbea5740c53192d08bb7f1 (diff) |
DANE: Fix 2 messages from queue case
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 12 | ||||
-rw-r--r-- | src/src/deliver.c | 12 | ||||
-rw-r--r-- | src/src/exim.c | 14 | ||||
-rw-r--r-- | src/src/globals.c | 2 | ||||
-rw-r--r-- | src/src/globals.h | 2 | ||||
-rw-r--r-- | src/src/spool_in.c | 24 | ||||
-rw-r--r-- | src/src/tls-gnu.c | 6 | ||||
-rw-r--r-- | src/src/transport.c | 32 | ||||
-rw-r--r-- | src/src/transports/smtp.c | 100 | ||||
-rw-r--r-- | test/confs/5801 | 28 | ||||
-rw-r--r-- | test/dnszones-src/db.test.ex | 1 | ||||
-rw-r--r-- | test/log/5801 | 134 | ||||
-rw-r--r-- | test/scripts/5800-DANE/5801 | 68 | ||||
-rw-r--r-- | test/stderr/0143 | 3 | ||||
-rw-r--r-- | test/stderr/0476 | 1 | ||||
-rw-r--r-- | test/stderr/2013 | 4 | ||||
-rw-r--r-- | test/stderr/2035 | 1 | ||||
-rw-r--r-- | test/stderr/2113 | 4 | ||||
-rw-r--r-- | test/stderr/2135 | 1 | ||||
-rw-r--r-- | test/stderr/4052 | 3 |
20 files changed, 391 insertions, 61 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 9a4e0a1a9..4d40bcfea 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -3922,6 +3922,18 @@ This option is not intended for use by external callers. It is used internally by Exim in conjunction with the &%-MC%& option, and passes on the fact that the host to which Exim is connected supports TLS encryption. +.new +.vitem &%-MCr%&&~<&'SNI'&> &&& + &%-MCs%&&~<&'SNI'&> +.oindex "&%-MCs%&" +.oindex "&%-MCr%&" +These options are not intended for use by external callers. It is used internally +by Exim in conjunction with the &%-MCt%& option, and passes on the fact that +a TLS Server Name Indication was sent as part of the channel establishment. +The argument gives the SNI string. +The "r" variant indicates a DANE-verified connection. +.wen + .vitem &%-MCt%&&~<&'IP&~address'&>&~<&'port'&>&~<&'cipher'&> .oindex "&%-MCt%&" This option is not intended for use by external callers. It is used internally diff --git a/src/src/deliver.c b/src/src/deliver.c index a47440695..9c4c1a746 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -1195,7 +1195,7 @@ else if (addr->host_used) { g = d_hostlog(g, addr); - if (continue_sequence > 1) + if (continue_sequence > 1) /*XXX this is wrong for a dropped proxyconn. Would have to pass back from transport */ g = string_catn(g, US"*", 1); #ifndef DISABLE_EVENT @@ -4273,6 +4273,10 @@ for (int delivery_count = 0; addr_remote; delivery_count++) } } +/*XXX need to defeat this when DANE is used - but we don't know that yet. +So look out for the place it gets used. +*/ + /* Get the flag which specifies whether the transport can handle different domains that nevertheless resolve to the same set of hosts. If it needs expanding, get variables set: $address_data, $domain_data, $localpart_data, @@ -4351,6 +4355,11 @@ for (int delivery_count = 0; addr_remote; delivery_count++) /************************************************************************/ +/*XXX don't know yet if DANE will be used. So tpt will have to +check at the point if gets next addr from list, and skip/defer any +nonmatch domains +*/ + /* Pick off all addresses which have the same transport, errors address, destination, and extra headers. In some cases they point to the same host list, but we also need to check for identical host lists generated from @@ -4497,6 +4506,7 @@ for (int delivery_count = 0; addr_remote; delivery_count++) if (continue_transport) { BOOL ok = Ustrcmp(continue_transport, tp->name) == 0; +/*XXX do we need to check for a DANEd conn vs. a change of domain? */ /* If the transport is about to override the host list do not check it here but take the cost of running the transport process to discover diff --git a/src/src/exim.c b/src/src/exim.c index 25464f799..60a44bb09 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -2813,10 +2813,22 @@ on the second character (the one after '-'), to save some effort. */ case 'S': smtp_peer_options |= OPTION_SIZE; break; #ifndef DISABLE_TLS + /* -MCs: used with -MCt; SNI was sent */ + /* -MCr: ditto, DANE */ + + case 'r': + case 's': if (++i < argc) + { + continue_proxy_sni = string_copy_taint(argv[i], TRUE); + if (argrest[1] == 'r') continue_proxy_dane = TRUE; + } + else badarg = TRUE; + break; + /* -MCt: similar to -MCT below but the connection is still open via a proxy process which handles the TLS context and coding. Require three arguments for the proxied local address and port, - and the TLS cipher. */ + and the TLS cipher. */ case 't': if (++i < argc) sending_ip_address = string_copy_taint(argv[i], TRUE); diff --git a/src/src/globals.c b/src/src/globals.c index aa94a276f..fb0abb8fc 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -730,6 +730,8 @@ uid_t config_uid = 0; int connection_max_messages= -1; uschar *continue_proxy_cipher = NULL; +BOOL continue_proxy_dane = FALSE; +uschar *continue_proxy_sni = NULL; uschar *continue_hostname = NULL; uschar *continue_host_address = NULL; int continue_sequence = 1; diff --git a/src/src/globals.h b/src/src/globals.h index 47b4b5226..954a0a3dc 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -426,6 +426,8 @@ extern uschar *config_main_filename; /* File name actually used */ extern uschar *config_main_directory; /* Directory where the main config file was found */ extern uid_t config_uid; /* Additional owner */ extern uschar *continue_proxy_cipher; /* TLS cipher for proxied continued delivery */ +extern BOOL continue_proxy_dane; /* proxied conn is DANE */ +extern uschar *continue_proxy_sni; /* proxied conn SNI */ extern uschar *continue_hostname; /* Host for continued delivery */ extern uschar *continue_host_address; /* IP address for ditto */ extern int continue_sequence; /* Sequence num for continued delivery */ diff --git a/src/src/spool_in.c b/src/src/spool_in.c index a2d3b8914..7d95fccc1 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -55,7 +55,7 @@ for (int i = 0; i < 2; i++) set_subdir_str(message_subdir, id, i); fname = spool_fname(US"input", message_subdir, id, US"-D"); - DEBUG(D_deliver) debug_printf("Trying spool file %s\n", fname); + DEBUG(D_deliver) debug_printf_indent("Trying spool file %s\n", fname); /* We protect against symlink attacks both in not propagating the * file-descriptor to other processes as we exec, and also ensuring that we @@ -367,7 +367,7 @@ for (int n = 0; n < 2; n++) errno = 0; #ifndef COMPILE_UTILITY -DEBUG(D_deliver) debug_printf("reading spool file %s\n", name); +DEBUG(D_deliver) debug_printf_indent("reading spool file %s\n", name); #endif /* COMPILE_UTILITY */ /* The first line of a spool file contains the message id followed by -H (i.e. @@ -430,7 +430,7 @@ if (f.running_in_test_harness) #endif #ifndef COMPILE_UTILITY -DEBUG(D_deliver) debug_printf("user=%s uid=%ld gid=%ld sender=%s\n", +DEBUG(D_deliver) debug_printf_indent("user=%s uid=%ld gid=%ld sender=%s\n", originator_login, (long int)originator_uid, (long int)originator_gid, sender_address); #endif @@ -715,7 +715,7 @@ host_build_sender_fullhost(); #ifndef COMPILE_UTILITY DEBUG(D_deliver) - debug_printf("sender_local=%d ident=%s\n", f.sender_local, + debug_printf_indent("sender_local=%d ident=%s\n", f.sender_local, sender_ident ? sender_ident : US"unset"); #endif /* COMPILE_UTILITY */ @@ -739,7 +739,7 @@ if (sscanf(CS big_buffer, "%d", &rcount) != 1 || rcount > 16384) goto SPOOL_FORMAT_ERROR; #ifndef COMPILE_UTILITY -DEBUG(D_deliver) debug_printf("recipients_count=%d\n", rcount); +DEBUG(D_deliver) debug_printf_indent("recipients_count=%d\n", rcount); #endif /* COMPILE_UTILITY */ recipients_list_max = rcount; @@ -810,7 +810,7 @@ for (recipients_count = 0; recipients_count < rcount; recipients_count++) { int dummy; #if !defined (COMPILE_UTILITY) - DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim 3 spool file\n"); + DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - Exim 3 spool file\n"); #endif while (isdigit(*(--p)) || *p == ','); if (*p == ' ') @@ -825,7 +825,7 @@ for (recipients_count = 0; recipients_count < rcount; recipients_count++) else if (*p == ' ') { #if !defined (COMPILE_UTILITY) - DEBUG(D_deliver) debug_printf("**** SPOOL_IN - early Exim 4 spool file\n"); + DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - early Exim 4 spool file\n"); #endif *p++ = 0; (void)sscanf(CS p, "%d", &pno); @@ -838,7 +838,7 @@ for (recipients_count = 0; recipients_count < rcount; recipients_count++) int flags; #if !defined (COMPILE_UTILITY) - DEBUG(D_deliver) debug_printf("**** SPOOL_IN - Exim standard format spoolfile\n"); + DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - Exim standard format spoolfile\n"); #endif (void)sscanf(CS p+1, "%d", &flags); @@ -874,13 +874,13 @@ for (recipients_count = 0; recipients_count < rcount; recipients_count++) } #if !defined(COMPILE_UTILITY) else - { DEBUG(D_deliver) debug_printf("**** SPOOL_IN - No additional fields\n"); } + { DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - No additional fields\n"); } if (orcpt || dsn_flags) - DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: <%s> orcpt: <%s> dsn_flags: 0x%x\n", + DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - address: <%s> orcpt: <%s> dsn_flags: 0x%x\n", big_buffer, orcpt, dsn_flags); if (errors_to) - DEBUG(D_deliver) debug_printf("**** SPOOL_IN - address: <%s> errorsto: <%s>\n", + DEBUG(D_deliver) debug_printf_indent("**** SPOOL_IN - address: <%s> errorsto: <%s>\n", big_buffer, errors_to); #endif @@ -952,7 +952,7 @@ line count by adding the body linecount to the header linecount. Close the file and give a positive response. */ #ifndef COMPILE_UTILITY -DEBUG(D_deliver) debug_printf("body_linecount=%d message_linecount=%d\n", +DEBUG(D_deliver) debug_printf_indent("body_linecount=%d message_linecount=%d\n", body_linecount, message_linecount); #endif /* COMPILE_UTILITY */ diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index cf3804982..bfe40b205 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -550,7 +550,10 @@ else /* peercert is set in peer_status() */ tlsp->peerdn = state->peerdn; -tlsp->sni = state->received_sni; + +/* do not corrupt sni sent by client; record sni rxd by server */ +if (!state->host) + tlsp->sni = state->received_sni; /* record our certificate */ { @@ -2895,6 +2898,7 @@ if (!cipher_list) cipher_list, &state, tlsp, errstr) != OK) return FALSE; + #ifdef MEASURE_TIMING report_time_since(&t0, US"client tls_init (delta)"); #endif diff --git a/src/src/transport.c b/src/src/transport.c index a04663277..fd8da0f08 100644 --- a/src/src/transport.c +++ b/src/src/transport.c @@ -1657,6 +1657,7 @@ DEBUG(D_transport) debug_printf("transport_check_waiting entered\n"); debug_printf(" sequence=%d local_max=%d global_max=%d\n", continue_sequence, local_message_max, connection_max_messages); + acl_level++; } /* Do nothing if we have hit the maximum number that can be send down one @@ -1666,23 +1667,23 @@ if (connection_max_messages >= 0) local_message_max = connection_max_messages; if (local_message_max > 0 && continue_sequence >= local_message_max) { DEBUG(D_transport) - debug_printf("max messages for one connection reached: returning\n"); - return FALSE; + debug_printf_indent("max messages for one connection reached: returning\n"); + goto retfalse; } /* Open the waiting information database. */ if (!(dbm_file = dbfn_open(string_sprintf("wait-%.200s", transport_name), O_RDWR, &dbblock, TRUE, TRUE))) - return FALSE; + goto retfalse; /* See if there is a record for this host; if not, there's nothing to do. */ if (!(host_record = dbfn_read(dbm_file, hostname))) { dbfn_close(dbm_file); - DEBUG(D_transport) debug_printf("no messages waiting for %s\n", hostname); - return FALSE; + DEBUG(D_transport) debug_printf_indent("no messages waiting for %s\n", hostname); + goto retfalse; } /* If the data in the record looks corrupt, just log something and @@ -1693,7 +1694,7 @@ if (host_record->count > WAIT_NAME_MAX) dbfn_close(dbm_file); log_write(0, LOG_MAIN|LOG_PANIC, "smtp-wait database entry for %s has bad " "count=%d (max=%d)", hostname, host_record->count, WAIT_NAME_MAX); - return FALSE; + goto retfalse; } /* Scan the message ids in the record from the end towards the beginning, @@ -1831,8 +1832,8 @@ while (1) if (host_length <= 0) { dbfn_close(dbm_file); - DEBUG(D_transport) debug_printf("waiting messages already delivered\n"); - return FALSE; + DEBUG(D_transport) debug_printf_indent("waiting messages already delivered\n"); + goto retfalse; } /* we were not able to find an acceptable message, nor was there a @@ -1843,7 +1844,7 @@ while (1) { Ustrcpy(new_message_id, message_id); dbfn_close(dbm_file); - return FALSE; + goto retfalse; } } /* we need to process a continuation record */ @@ -1859,7 +1860,12 @@ if (host_length > 0) } dbfn_close(dbm_file); +DEBUG(D_transport) {acl_level--; debug_printf("transport_check_waiting: TRUE\n"); } return TRUE; + +retfalse: +DEBUG(D_transport) {acl_level--; debug_printf("transport_check_waiting: FALSE\n"); } +return FALSE; } /************************************************* @@ -1871,7 +1877,7 @@ void transport_do_pass_socket(const uschar *transport_name, const uschar *hostname, const uschar *hostaddress, uschar *id, int socket_fd) { -int i = 20; +int i = 22; const uschar **argv; /* Set up the calling arguments; use the standard function for the basics, @@ -1892,6 +1898,12 @@ if (smtp_peer_options & OPTION_TLS) argv[i++] = sending_ip_address; argv[i++] = string_sprintf("%d", sending_port); argv[i++] = tls_out.active.sock >= 0 ? tls_out.cipher : continue_proxy_cipher; + + if (tls_out.sni) + { + argv[i++] = tls_out.dane_verified ? US"-MCr" : US"-MCs"; + argv[i++] = tls_out.sni; + } } else argv[i++] = US"-MCT"; diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 16da67f1d..dfc1c767c 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -1618,8 +1618,8 @@ return FALSE; typedef struct smtp_compare_s { - uschar *current_sender_address; - struct transport_instance *tblock; + uschar * current_sender_address; + struct transport_instance * tblock; } smtp_compare_t; @@ -1989,6 +1989,75 @@ if (sx->smtps) } #endif +#ifdef SUPPORT_DANE +/*XXX new */ +/* If we have a proxied TLS connection, check usability for this message */ + +if (continue_hostname && continue_proxy_cipher) + { + int rc; + const uschar * sni = US""; + + /* Check if the message will be DANE-verified; if so force its SNI */ + + smtp_port_for_connect(sx->conn_args.host, sx->port); + if ( sx->conn_args.host->dnssec == DS_YES + && ( sx->dane_required + || verify_check_given_host(CUSS &ob->hosts_try_dane, sx->conn_args.host) == OK + ) ) + switch (rc = tlsa_lookup(sx->conn_args.host, &sx->conn_args.tlsa_dnsa, sx->dane_required)) + { + case OK: sx->conn_args.dane = TRUE; + ob->tls_tempfail_tryclear = FALSE; /* force TLS */ + ob->tls_sni = sx->first_addr->domain; /* force SNI */ + break; + case FAIL_FORCED: break; + default: set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER, + string_sprintf("DANE error: tlsa lookup %s", + rc_to_string(rc)), + rc, FALSE, &sx->delivery_start); +# ifndef DISABLE_EVENT + (void) event_raise(sx->conn_args.tblock->event_action, + US"dane:fail", sx->dane_required + ? US"dane-required" : US"dnssec-invalid"); +# endif + return rc; + } + + /* If the SNI required for the new message differs from the existing conn + drop the connection to force a new one. */ + + if (ob->tls_sni && !(sni = expand_cstring(ob->tls_sni))) + log_write(0, LOG_MAIN|LOG_PANIC, + "<%s>: failed to expand transport's tls_sni value: %s", + sx->addrlist->address, expand_string_message); + + if ( (continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni) + && continue_proxy_dane == sx->conn_args.dane) + { + tls_out.sni = US sni; + if ((tls_out.dane_verified = continue_proxy_dane)) + sx->conn_args.host->dnssec = DS_YES; + } + else + { + DEBUG(D_transport) + debug_printf("Closing proxied-TLS connection due to SNI mismatch\n"); + + HDEBUG(D_transport|D_acl|D_v) debug_printf_indent(" SMTP>> QUIT\n"); + write(0, "QUIT\r\n", 6); + close(0); + tls_out.dane_verified = FALSE; + continue_hostname = continue_proxy_cipher = NULL; + f.continue_more = FALSE; + continue_sequence = 1; /* Unfortunately, this process cannot affect success log + which is done by delivery proc. Would have to pass this + back through reporting pipe. */ + } + } +#endif + + /* Make a connection to the host if this isn't a continued delivery, and handle the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled specially so they can be identified for retries. */ @@ -3442,7 +3511,7 @@ BOOL pass_message = FALSE; uschar *message = NULL; uschar new_message_id[MESSAGE_ID_LENGTH + 1]; smtp_context * sx = store_get(sizeof(*sx), TRUE); /* tainted, for the data buffers */ -#if !defined(DISABLE_TLS) && defined(SUPPORT_DANE) +#ifdef SUPPORT_DANE BOOL dane_held; #endif @@ -3460,7 +3529,7 @@ sx->conn_args.tblock = tblock; gettimeofday(&sx->delivery_start, NULL); sx->sync_addr = sx->first_addr = addrlist; -#if !defined(DISABLE_TLS) && defined(SUPPORT_DANE) +#ifdef SUPPORT_DANE DANE_DOMAINS: dane_held = FALSE; #endif @@ -3475,7 +3544,7 @@ if ((rc = smtp_setup_conn(sx, suppress_tls)) != OK) goto TIDYUP; } -#if !defined(DISABLE_TLS) && defined(SUPPORT_DANE) +#ifdef SUPPORT_DANE /* If the connection used DANE, ignore for now any addresses with incompatible domains. The SNI has to be the domain. Arrange a whole new TCP conn later, just in case only TLS isn't enough. */ @@ -4182,6 +4251,16 @@ connection to a new process. However, not all servers can handle this (Exim can), so we do not pass such a connection on if the host matches hosts_nopass_tls. */ +/*XXX do we have to veto all passing of DANE'd connections? +Can we be any more intelligent? + +I could see that unpleasantly impacting high-vol mailinglist. +Where many messages are queued for a single dest MX. + +But the wait-DB used by transport_check_waiting only records hosts, not domains. +So we cannot look for a domain mismatch. +*/ + DEBUG(D_transport) debug_printf("ok=%d send_quit=%d send_rset=%d continue_more=%d " "yield=%d first_address is %sNULL\n", sx->ok, sx->send_quit, @@ -4194,8 +4273,8 @@ if (sx->completed_addr && sx->ok && sx->send_quit) t_compare.tblock = tblock; t_compare.current_sender_address = sender_address; - if ( sx->first_addr != NULL - || f.continue_more + if ( sx->first_addr != NULL /* more addrs for this message */ + || f.continue_more /* more addrs for coninued-host */ || ( #ifndef DISABLE_TLS ( tls_out.active.sock < 0 && !continue_proxy_cipher @@ -4242,7 +4321,7 @@ if (sx->completed_addr && sx->ok && sx->send_quit) if (sx->first_addr != NULL) /* More addresses still to be sent */ - { /* on this connection */ + { /* for this message */ continue_sequence++; /* Causes * in logging */ pipelining_active = sx->pipelining_used; /* was cleared at DATA */ goto SEND_MESSAGE; @@ -4266,6 +4345,7 @@ if (sx->completed_addr && sx->ok && sx->send_quit) tls_close(sx->cctx.tls_ctx, TLS_SHUTDOWN_WAIT); sx->cctx.tls_ctx = NULL; + tls_out.active.sock = -1; smtp_peer_options = smtp_peer_options_wrap; sx->ok = !sx->smtps && smtp_write_command(sx, SCMD_FLUSH, "EHLO %s\r\n", sx->helo_data) @@ -4409,7 +4489,7 @@ if (sx->send_quit) (void) event_raise(tblock->event_action, US"tcp:close", NULL); #endif -#if !defined(DISABLE_TLS) && defined(SUPPORT_DANE) +#ifdef SUPPORT_DANE if (dane_held) { sx->first_addr = NULL; @@ -4435,7 +4515,7 @@ continue_hostname = NULL; return yield; TIDYUP: -#if !defined(DISABLE_TLS) && defined(SUPPORT_DANE) +#ifdef SUPPORT_DANE if (dane_held) for (address_item * a = sx->addrlist->next; a; a = a->next) if (a->transport_return == DANE) a->transport_return = PENDING_DEFER; diff --git a/test/confs/5801 b/test/confs/5801 index f0f21e20b..1f13ccbd6 100644 --- a/test/confs/5801 +++ b/test/confs/5801 @@ -2,7 +2,7 @@ # DANE common SERVER= -CONTROL= * +OPT= .include DIR/aux-var/tls_conf_prefix @@ -48,16 +48,16 @@ tls_privatekey = ${if eq {SERVER}{server} \ begin routers client: - driver = dnslookup - condition = ${if eq {SERVER}{}} + driver = dnslookup + condition = ${if eq {SERVER}{}} dnssec_request_domains = * - self = send - transport = send_to_server - errors_to = "" + self = send + transport = send_to_server + errors_to = "" server: - driver = redirect - data = :blackhole: + driver = redirect + data = :blackhole: # ----- Transports ----- @@ -65,16 +65,14 @@ server: begin transports send_to_server: - driver = smtp + driver = smtp allow_localhost - port = PORT_D + port = PORT_D hosts_try_fastopen = : - hosts_try_dane = CONTROL - hosts_require_dane = HOSTIPV4 - tls_verify_cert_hostnames = ${if eq {OPT}{no_certname} {}{*}} - tls_try_verify_hosts = thishost.test.ex - tls_verify_certificates = ${if eq {DETAILS}{ca} {CDIR2/ca_chain.pem} {}} + hosts_try_dane = * + tls_sni = OPT + tls_verify_certificates = diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex index f15bf7a7f..52972a907 100644 --- a/test/dnszones-src/db.test.ex +++ b/test/dnszones-src/db.test.ex @@ -442,6 +442,7 @@ AA a-aa A V4NET.0.0.100 ; DNSSEC mxdane512ee MX 1 dane512ee DNSSEC mxdane512ee1 MX 1 dane512ee +mxnondane512ee MX 1 dane512ee DNSSEC dane512ee A HOSTIPV4 DNSSEC _1225._tcp.dane512ee TLSA 3 1 2 c0c2fc12e9fe1abf0ae7b1f2ad2798a4689668db8cf7f7b771a43bf8a4f1d9741ef103bad470b1201157150fbd6182054b0170e90ce66b944a82a0a9c81281af diff --git a/test/log/5801 b/test/log/5801 index 3cf13694d..f2431420f 100644 --- a/test/log/5801 +++ b/test/log/5801 @@ -1,13 +1,131 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t00@mxdane512ee.test.ex t01@mxdane512ee1.test.ex -1999-03-02 09:44:33 10HmaX-0005vi-00 => t00@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmaY-0005vi-00" -1999-03-02 09:44:33 10HmaX-0005vi-00 => t01@mxdane512ee1.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmaZ-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => t@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t00@mxdane512ee.test.ex t01@mxdane512ee1.test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 => t00@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => t01@mxdane512ee1.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbB-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t10@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t11@mxdane512ee1.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbC-0005vi-00 => t10@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 => t11@mxdane512ee1.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbF-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t20@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbH-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t21@mxdane512ee1.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qq +1999-03-02 09:44:33 10HmbG-0005vi-00 => t20@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbI-0005vi-00" +1999-03-02 09:44:33 10HmbG-0005vi-00 Completed +1999-03-02 09:44:33 10HmbH-0005vi-00 => t21@mxdane512ee1.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbJ-0005vi-00" +1999-03-02 09:44:33 10HmbH-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qq +1999-03-02 09:44:33 10HmbK-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t30@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t31@mxnondane512ee.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbK-0005vi-00 => t30@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbM-0005vi-00" +1999-03-02 09:44:33 10HmbK-0005vi-00 Completed +1999-03-02 09:44:33 10HmbL-0005vi-00 => t31@mxnondane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbN-0005vi-00" +1999-03-02 09:44:33 10HmbL-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t40@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbP-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t41@mxnondane512ee.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qq +1999-03-02 09:44:33 10HmbO-0005vi-00 => t40@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbQ-0005vi-00" +1999-03-02 09:44:33 10HmbO-0005vi-00 Completed +1999-03-02 09:44:33 10HmbP-0005vi-00 => t41@mxnondane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbR-0005vi-00" +1999-03-02 09:44:33 10HmbP-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qq +1999-03-02 09:44:33 10HmbS-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t50@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbT-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t51@mxnondane512ee.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmbS-0005vi-00 => t50@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbU-0005vi-00" +1999-03-02 09:44:33 10HmbS-0005vi-00 Completed +1999-03-02 09:44:33 10HmbT-0005vi-00 => t51@mxnondane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbV-0005vi-00" +1999-03-02 09:44:33 10HmbT-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 10HmbW-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t60@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t61@mxnondane512ee.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qq +1999-03-02 09:44:33 10HmbW-0005vi-00 => t60@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmbY-0005vi-00" +1999-03-02 09:44:33 10HmbW-0005vi-00 Completed +1999-03-02 09:44:33 10HmbX-0005vi-00 => t61@mxnondane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmbZ-0005vi-00" +1999-03-02 09:44:33 10HmbX-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qq +1999-03-02 09:44:33 10HmcA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t70@mxnondane512ee.test.ex +1999-03-02 09:44:33 10HmcB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t71@mxdane512ee.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qq +1999-03-02 09:44:33 10HmcA-0005vi-00 => t70@mxnondane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmcC-0005vi-00" +1999-03-02 09:44:33 10HmcA-0005vi-00 Completed +1999-03-02 09:44:33 10HmcB-0005vi-00 => t71@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmcD-0005vi-00" +1999-03-02 09:44:33 10HmcB-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qq +1999-03-02 09:44:33 10HmcE-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t80@mxnondane512ee.test.ex +1999-03-02 09:44:33 10HmcF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for t91@mxdane512ee.test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp -qq +1999-03-02 09:44:33 10HmcE-0005vi-00 => t80@mxnondane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no C="250 OK id=10HmcG-0005vi-00" +1999-03-02 09:44:33 10HmcE-0005vi-00 Completed +1999-03-02 09:44:33 10HmcF-0005vi-00 => t91@mxdane512ee.test.ex R=client T=send_to_server H=dane512ee.test.ex [ip4.ip4.ip4.ip4]* X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=dane C="250 OK id=10HmcH-0005vi-00" +1999-03-02 09:44:33 10HmcF-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp -qq ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmaX-0005vi-00@myhost.test.ex for t00@mxdane512ee.test.ex -1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <t00@mxdane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmaX-0005vi-00@myhost.test.ex for t@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: <t@mxdane512ee.test.ex> R=server 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee1.test.ex S=sss id=E10HmaX-0005vi-00@myhost.test.ex for t01@mxdane512ee1.test.ex -1999-03-02 09:44:33 10HmaZ-0005vi-00 => :blackhole: <t01@mxdane512ee1.test.ex> R=server -1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for t00@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: <t00@mxdane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee1.test.ex S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for t01@mxdane512ee1.test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 => :blackhole: <t01@mxdane512ee1.test.ex> R=server +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbE-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbC-0005vi-00@myhost.test.ex for t10@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 => :blackhole: <t10@mxdane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 10HmbF-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee1.test.ex S=sss id=E10HmbD-0005vi-00@myhost.test.ex for t11@mxdane512ee1.test.ex +1999-03-02 09:44:33 10HmbF-0005vi-00 => :blackhole: <t11@mxdane512ee1.test.ex> R=server +1999-03-02 09:44:33 10HmbF-0005vi-00 Completed +1999-03-02 09:44:33 10HmbI-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbG-0005vi-00@myhost.test.ex for t20@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbI-0005vi-00 => :blackhole: <t20@mxdane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbI-0005vi-00 Completed +1999-03-02 09:44:33 10HmbJ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee1.test.ex S=sss id=E10HmbH-0005vi-00@myhost.test.ex for t21@mxdane512ee1.test.ex +1999-03-02 09:44:33 10HmbJ-0005vi-00 => :blackhole: <t21@mxdane512ee1.test.ex> R=server +1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbM-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbK-0005vi-00@myhost.test.ex for t30@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbM-0005vi-00 => :blackhole: <t30@mxdane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbM-0005vi-00 Completed +1999-03-02 09:44:33 10HmbN-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbL-0005vi-00@myhost.test.ex for t31@mxnondane512ee.test.ex +1999-03-02 09:44:33 10HmbN-0005vi-00 => :blackhole: <t31@mxnondane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbN-0005vi-00 Completed +1999-03-02 09:44:33 10HmbQ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbO-0005vi-00@myhost.test.ex for t40@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbQ-0005vi-00 => :blackhole: <t40@mxdane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbQ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbR-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmbP-0005vi-00@myhost.test.ex for t41@mxnondane512ee.test.ex +1999-03-02 09:44:33 10HmbR-0005vi-00 => :blackhole: <t41@mxnondane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbR-0005vi-00 Completed +1999-03-02 09:44:33 10HmbU-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbS-0005vi-00@myhost.test.ex for t50@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbU-0005vi-00 => :blackhole: <t50@mxdane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbU-0005vi-00 Completed +1999-03-02 09:44:33 10HmbV-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=MY-SNI S=sss id=E10HmbT-0005vi-00@myhost.test.ex for t51@mxnondane512ee.test.ex +1999-03-02 09:44:33 10HmbV-0005vi-00 => :blackhole: <t51@mxnondane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbV-0005vi-00 Completed +1999-03-02 09:44:33 10HmbY-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmbW-0005vi-00@myhost.test.ex for t60@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmbY-0005vi-00 => :blackhole: <t60@mxdane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbY-0005vi-00 Completed +1999-03-02 09:44:33 10HmbZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=MY-SNI S=sss id=E10HmbX-0005vi-00@myhost.test.ex for t61@mxnondane512ee.test.ex +1999-03-02 09:44:33 10HmbZ-0005vi-00 => :blackhole: <t61@mxnondane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmbZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmcC-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no S=sss id=E10HmcA-0005vi-00@myhost.test.ex for t70@mxnondane512ee.test.ex +1999-03-02 09:44:33 10HmcC-0005vi-00 => :blackhole: <t70@mxnondane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmcC-0005vi-00 Completed +1999-03-02 09:44:33 10HmcD-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmcB-0005vi-00@myhost.test.ex for t71@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmcD-0005vi-00 => :blackhole: <t71@mxdane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmcD-0005vi-00 Completed +1999-03-02 09:44:33 10HmcG-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=SNISNISNISNI S=sss id=E10HmcE-0005vi-00@myhost.test.ex for t80@mxnondane512ee.test.ex +1999-03-02 09:44:33 10HmcG-0005vi-00 => :blackhole: <t80@mxnondane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmcG-0005vi-00 Completed +1999-03-02 09:44:33 10HmcH-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no SNI=mxdane512ee.test.ex S=sss id=E10HmcF-0005vi-00@myhost.test.ex for t91@mxdane512ee.test.ex +1999-03-02 09:44:33 10HmcH-0005vi-00 => :blackhole: <t91@mxdane512ee.test.ex> R=server +1999-03-02 09:44:33 10HmcH-0005vi-00 Completed diff --git a/test/scripts/5800-DANE/5801 b/test/scripts/5800-DANE/5801 index 98fa6b18b..c486dfa3f 100644 --- a/test/scripts/5800-DANE/5801 +++ b/test/scripts/5800-DANE/5801 @@ -3,10 +3,76 @@ exim -DSERVER=server -DDETAILS=ee -bd -oX PORT_D **** # +# Baseline: simple message +exim -odf t@mxdane512ee.test.ex +**** # -# A single message with 2 receipients, different domains though same MX host +# A single message with 2 recipients, different domains though same DANE MX host exim -odf t00@mxdane512ee.test.ex t01@mxdane512ee1.test.ex **** # +# Two DANE messages from queue, one-pass queue-run +exim -odq t10@mxdane512ee.test.ex +**** +exim -odq t11@mxdane512ee1.test.ex +**** +exim -q +**** +# +# Two DANE messages from queue, two-pass queue-run +exim -odq t20@mxdane512ee.test.ex +**** +exim -odq t21@mxdane512ee1.test.ex +**** +exim -qq +**** +# +# DANE followed by non-DANE, 1-Pqr +exim -odq t30@mxdane512ee.test.ex +**** +exim -odq t31@mxnondane512ee.test.ex +**** +exim -q +**** +# DANE followed by non-DANE, 2-Pqr +exim -odq t40@mxdane512ee.test.ex +**** +exim -odq t41@mxnondane512ee.test.ex +**** +exim -qq +**** +# +# DANE followed by non-DANE, SNI set, 1-Pqr +exim -odq t50@mxdane512ee.test.ex +**** +exim -odq t51@mxnondane512ee.test.ex +**** +exim -DOPT=MY-SNI -q +**** +# DANE followed by non-DANE, SNI set, 2-Pqr +exim -odq t60@mxdane512ee.test.ex +**** +exim -odq t61@mxnondane512ee.test.ex +**** +exim -DOPT=MY-SNI -qq +**** +# +# non-DANE followed by DANE, 2-pqr +exim -odq t70@mxnondane512ee.test.ex +**** +exim -odq t71@mxdane512ee.test.ex +**** +exim -qq +**** +# non-DANE (SNI set) followed by DANE, 2-pqr +exim -odq t80@mxnondane512ee.test.ex +**** +exim -odq t91@mxdane512ee.test.ex +**** +exim -DOPT=SNISNISNISNI -qq +**** +# +# +# killdaemon no_msglog_check diff --git a/test/stderr/0143 b/test/stderr/0143 index c1b6deb26..e91e97a52 100644 --- a/test/stderr/0143 +++ b/test/stderr/0143 @@ -47,7 +47,8 @@ writing data block fd=dddd size=sss timeout=300 ok=1 send_quit=1 send_rset=0 continue_more=0 yield=0 first_address is NULL transport_check_waiting entered sequence=1 local_max=500 global_max=-1 -no messages waiting for 127.0.0.1 + no messages waiting for 127.0.0.1 +transport_check_waiting: FALSE SMTP>> QUIT cmd buf flush ddd bytes SMTP(close)>> diff --git a/test/stderr/0476 b/test/stderr/0476 index 69ab06b88..d5c571d9b 100644 --- a/test/stderr/0476 +++ b/test/stderr/0476 @@ -42,6 +42,7 @@ error for DATA ignored: pipelining is in use and there were no good recipients ok=1 send_quit=1 send_rset=1 continue_more=0 yield=0 first_address is NULL transport_check_waiting entered sequence=1 local_max=500 global_max=-1 +transport_check_waiting: TRUE SMTP>> RSET cmd buf flush ddd bytes SMTP(closed)<< diff --git a/test/stderr/2013 b/test/stderr/2013 index f3c5421e3..682b53efc 100644 --- a/test/stderr/2013 +++ b/test/stderr/2013 @@ -45,6 +45,7 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid +Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss SMTP>> RCPT TO:<userz@test.ex> SMTP>> DATA @@ -64,6 +65,7 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid +Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss SMTP>> RCPT TO:<usery@test.ex> SMTP>> DATA @@ -131,6 +133,7 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid +Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss SMTP>> RCPT TO:<userc@test.ex> SMTP>> DATA @@ -150,6 +153,7 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid +Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss SMTP>> RCPT TO:<userb@test.ex> SMTP>> DATA diff --git a/test/stderr/2035 b/test/stderr/2035 index 70759060f..7187d0d3e 100644 --- a/test/stderr/2035 +++ b/test/stderr/2035 @@ -54,6 +54,7 @@ checking status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userb@test.ex) Transport port=25 replaced by host-specific port=1225 +Transport port=25 replaced by host-specific port=1225 continued connection, proxied TLS SMTP>> DATA cmd buf flush ddd bytes diff --git a/test/stderr/2113 b/test/stderr/2113 index 9541b65a2..6ccdea8c7 100644 --- a/test/stderr/2113 +++ b/test/stderr/2113 @@ -45,6 +45,7 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid +Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss SMTP>> RCPT TO:<userz@test.ex> SMTP>> DATA @@ -64,6 +65,7 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid +Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss SMTP>> RCPT TO:<usery@test.ex> SMTP>> DATA @@ -131,6 +133,7 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid +Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss SMTP>> RCPT TO:<userc@test.ex> SMTP>> DATA @@ -150,6 +153,7 @@ configuration file is TESTSUITE/test-config trusted user admin user dropping to exim gid; retaining priv uid +Transport port=1225 replaced by host-specific port=1225 SMTP>> MAIL FROM:<CALLER@myhost.test.ex> SIZE=ssss SMTP>> RCPT TO:<userb@test.ex> SMTP>> DATA diff --git a/test/stderr/2135 b/test/stderr/2135 index 70759060f..7187d0d3e 100644 --- a/test/stderr/2135 +++ b/test/stderr/2135 @@ -54,6 +54,7 @@ checking status of 127.0.0.1 127.0.0.1 [127.0.0.1]:1111 retry-status = usable delivering 10HmaX-0005vi-00 to 127.0.0.1 [127.0.0.1] (userb@test.ex) Transport port=25 replaced by host-specific port=1225 +Transport port=25 replaced by host-specific port=1225 continued connection, proxied TLS SMTP>> DATA cmd buf flush ddd bytes diff --git a/test/stderr/4052 b/test/stderr/4052 index cf06d963f..53b9e0ae0 100644 --- a/test/stderr/4052 +++ b/test/stderr/4052 @@ -54,7 +54,8 @@ writing data block fd=dddd size=sss timeout=300 ok=1 send_quit=1 send_rset=0 continue_more=0 yield=0 first_address is NULL transport_check_waiting entered sequence=1 local_max=500 global_max=-1 -no messages waiting for 127.0.0.1 + no messages waiting for 127.0.0.1 +transport_check_waiting: FALSE SMTP>> QUIT cmd buf flush ddd bytes SMTP(close)>> |