diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-12-08 23:36:01 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-12-08 23:36:01 +0000 |
| commit | 1d717e1c110562fd6bf28478c79f180cafeba776 (patch) | |
| tree | cefecf48467c646663f9af1048239b65d727571a | |
| parent | a2ce7b0f5da40b6a7a3094f75b156eede00539c0 (diff) | |
| parent | 277b99794bf90e4a64b4adee88c08bed417bc5ee (diff) | |
Merge branch '4.next'
369 files changed, 2122 insertions, 837 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index abd15d452..2946d7013 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -4383,6 +4383,17 @@ written. When &%-oX%& is used with &%-bd%&, or when &%-q%& with a time is used without &%-bd%&, this is the only way of causing Exim to write a pid file, because in those cases, the normal pid file is not used. +.new +.vitem &%-oPX%& +.oindex "&%-oPX%&" +.cindex "pid (process id)" "of daemon" +.cindex "daemon" "process id (pid)" +This option is not intended for general use. +The daemon uses it when terminating due to a SIGTEM, possibly in +combination with &%-oP%&&~<&'path'&>. +It causes the pid file to be removed. +.wen + .vitem &%-or%&&~<&'time'&> .oindex "&%-or%&" .cindex "timeout" "for non-SMTP input" @@ -15111,15 +15122,22 @@ etc. are ignored. If IP literals are enabled, the &(ipliteral)& router declines to handle IPv6 literal addresses. -.option dkim_verify_hashes main "string list" "sha256 : sha512 : sha1" +.new +.option dkim_verify_hashes main "string list" "sha256 : sha512" .cindex DKIM "selecting signature algorithms" This option gives a list of hash types which are acceptable in signatures, +.wen and an order of processing. Signatures with algorithms not in the list will be ignored. -Note that the presence of sha1 violates RFC 8301. -Signatures using the rsa-sha1 are however (as of writing) still common. -The default inclusion of sha1 may be dropped in a future release. +Acceptable values include: +.code +sha1 +sha256 +sha512 +.endd + +Note that the acceptance of sha1 violates RFC 8301. .option dkim_verify_keytypes main "string list" "ed25519 : rsa" This option gives a list of key types which are acceptable in signatures, @@ -24870,6 +24888,9 @@ unauthenticated. See also &%hosts_require_auth%&, and chapter .cindex "RFC 3030" "CHUNKING" This option provides a list of servers to which, provided they announce CHUNKING support, Exim will attempt to use BDAT commands rather than DATA. +.new +Unless DKIM signing is being done, +.wen BDAT will not be used in conjunction with a transport filter. .option hosts_try_dane smtp "host list&!!" * @@ -27415,9 +27436,11 @@ This should have meant that certificate identity and verification becomes a non-issue, as a man-in-the-middle attack will cause the correct client and server to see different identifiers and authentication will fail. -This is currently only supported when using the GnuTLS library. This is +.new +This is only usable by mechanisms which support "channel binding"; at time of writing, that's the SCRAM family. +.wen This defaults off to ensure smooth upgrade across Exim releases, in case this option causes some clients to start failing. Some future release diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 1e8a2d216..9f8775f0f 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -3,6 +3,28 @@ affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.94 +----------------- + +JH/01 Avoid costly startup code when not strictly needed. This reduces time + for some exim process initialisations. It does mean that the logging + of TLS configuration problems is only done for the daemon startup. + +JH/02 Early-pipelining support code is now included unless disabled in Makefile. + +JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to + RFC 8301. They can still be enabled, using the dkim_verify_hashes main + option. + +JH/04 Support CHUNKING from an smtp transport using a transport_filter, when + DKIM signing is being done. Previously a transport_filter would always + disable CHUNKING, falling back to traditional DATA. + +JH/05 Regard command-line receipients as tainted. + +JH/06 Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM. + + Exim version 4.93 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index fc307a3ba..763a806a5 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -6,6 +6,16 @@ Before a formal release, there may be quite a lot of detail so that people can test from the snapshots or the Git before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.94 +------------ + + 1. EXPERIMENTAL_SRS_NATIVE optional build feature. See the experimental.spec + file. + + 2. Channel-binding for authenticators is now supported under OpenSSL. + Previously it was GnuTLS-only. + + Version 4.93 ------------ diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 5193f1729..2569ad3af 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -292,10 +292,11 @@ These four steps are explained in more details below. -SRS (Sender Rewriting Scheme) Support +SRS (Sender Rewriting Scheme) Support (using libsrs_alt) -------------------------------------------------------------- +See also below, for an alternative native support implementation. -Exiscan currently includes SRS support via Miles Wilton's +Exim currently includes SRS support via Miles Wilton's libsrs_alt library. The current version of the supported library is 0.5, there are reports of 1.0 working. @@ -343,6 +344,76 @@ For configuration information see https://github.com/Exim/exim/wiki/SRS . +SRS (Sender Rewriting Scheme) Support (native) +-------------------------------------------------------------- +This is less full-featured than the libsrs_alt version above. + +The Exim build needs to be done with this in Local/Makefile: +EXPERIMENTAL_SRS_NATIVE=yes + +The following are provided: +- an expansion item "srs_encode" + This takes three arguments: + - a site SRS secret + - the return_path + - the pre-forwarding domain + +- an expansion condition "inbound_srs" + This takes two arguments: the local_part to check, and a site SRS secret. + If the secret is zero-length, only the pattern of the local_part is checked. + The $srs_recipient variable is set as a side-effect. + +- an expansion variable $srs_recipient + This gets the original return_path encoded in the SRS'd local_part + +- predefined macros _HAVE_SRS and _HAVE_NATIVE_SRS + +Sample usage: + + #macro + SRS_SECRET = <pick something unique for your site for this> + + #routers + + outbound: + driver = dnslookup + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +my_domains + transport = ${if eq {$local_part@$domain} \ + {$original_local_part@$original_domain} \ + {remote_smtp} {remote_forwarded_smtp}} + + inbound_srs: + driver = redirect + senders = : + domains = +my_domains + # detect inbound bounces which are SRS'd, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + + inbound_srs_failure: + driver = redirect + senders = : + domains = +my_domains + # detect inbound bounces which look SRS'd but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + + #... further routers here + + + # transport; should look like the non-forward outbound + # one, plus the max_rcpt and return_path options + remote_forwarded_smtp: + driver = smtp + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + + + + DCC Support -------------------------------------------------------------- Distributed Checksum Clearinghouse; http://www.rhyolite.com/dcc/ diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base index 1f42e0ec3..36af8308d 100644 --- a/src/OS/Makefile-Base +++ b/src/OS/Makefile-Base @@ -82,6 +82,7 @@ Makefile: ../OS/Makefile-Base ../OS/Makefile-Default \ os.h: $(SCRIPTS)/Configure-os.h \ $(O)/os.h-Darwin \ $(O)/os.h-FreeBSD \ + $(O)/os.h-GNU \ $(O)/os.h-Linux \ $(O)/os.h-OpenBSD \ $(O)/os.h-SunOS5 @@ -92,6 +93,7 @@ os.h: $(SCRIPTS)/Configure-os.h \ os.c: ../src/os.c \ $(SCRIPTS)/Configure-os.c \ $(O)/os.c-FreeBSD \ + $(O)/os.c-GNU \ $(O)/os.c-Linux \ $(O)/os.c-SunOS5 $(SHELL) $(SCRIPTS)/Configure-os.c diff --git a/src/OS/unsupported/Makefile-GNU b/src/OS/Makefile-GNU index e46434187..e46434187 100644 --- a/src/OS/unsupported/Makefile-GNU +++ b/src/OS/Makefile-GNU diff --git a/src/OS/os.c-FreeBSD b/src/OS/os.c-FreeBSD index 4cc46c752..c0fd48df8 100644 --- a/src/OS/os.c-FreeBSD +++ b/src/OS/os.c-FreeBSD @@ -10,7 +10,7 @@ src/os.c file. */ /************* -* Sendfile * +Sendfile shim *************/ ssize_t @@ -23,4 +23,25 @@ if (sendfile(in, out, loff, cnt, NULL, &written, 0) < 0) return (ssize_t)-1; return (ssize_t)written; } +/************************************************* +TCP Fast Open: check that the ioctl is accepted +*************************************************/ + +#ifndef COMPILE_UTILITY +void +tfo_probe(void) +{ +# ifdef TCP_FASTOPEN +int sock; + +if ( (sock = socket(AF_INET, SOCK_STREAM, 0)) >= 0 + && setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &on, sizeof(on) >= 0) + ) + f.tcp_fastopen_ok = TRUE; +close(sock); +# endif +} +#endif + + /* End of os.c-Linux */ diff --git a/src/OS/unsupported/os.c-GNU b/src/OS/os.c-GNU index e5d6ff66c..e5d6ff66c 100644 --- a/src/OS/unsupported/os.c-GNU +++ b/src/OS/os.c-GNU diff --git a/src/OS/os.h-FreeBSD b/src/OS/os.h-FreeBSD index 4f1c616f0..a15d47508 100644 --- a/src/OS/os.h-FreeBSD +++ b/src/OS/os.h-FreeBSD @@ -57,15 +57,9 @@ extern ssize_t os_sendfile(int, int, off_t *, size_t); /*******************/ -/* TCP_FASTOPEN support. There does not seems to be a -MSG_FASTOPEN defined yet... */ #define EXIM_TFO_PROBE +#define EXIM_TFO_FREEBSD -#include <netinet/tcp.h> /* for TCP_FASTOPEN */ -#include <sys/socket.h> /* for MSG_FASTOPEN */ -#if defined(TCP_FASTOPEN) && !defined(MSG_FASTOPEN) -# define MSG_FASTOPEN 0x20000000 -#endif /* for TCP state-variable values, for TFO logging */ #include <netinet/tcp_fsm.h> diff --git a/src/OS/unsupported/os.h-GNU b/src/OS/os.h-GNU index 44993163d..44993163d 100644 --- a/src/OS/unsupported/os.h-GNU +++ b/src/OS/os.h-GNU diff --git a/src/src/EDITME b/src/src/EDITME index 83325abfd..9024b6f73 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -590,6 +590,10 @@ DISABLE_MAL_MKS=yes # CFLAGS += -I/usr/local/include # LDFLAGS += -lsrs_alt +# Uncomment the following lines to add SRS (Sender rewriting scheme) support +# using only native facilities. +# EXPERIMENTAL_SRS_NATIVE=yes + # Uncomment the following line to add DMARC checking capability, implemented # using libopendmarc libraries. You must have SPF and DKIM support enabled also. # SUPPORT_DMARC=yes diff --git a/src/src/auths/cyrus_sasl.c b/src/src/auths/cyrus_sasl.c index 480010bab..4b4f45b94 100644 --- a/src/src/auths/cyrus_sasl.c +++ b/src/src/auths/cyrus_sasl.c @@ -89,16 +89,13 @@ to be set up. */ /* Auxiliary function, passed in data to sasl_server_init(). */ static int -mysasl_config(void *context, - const char *plugin_name, - const char *option, - const char **result, - unsigned int *len) +mysasl_config(void *context, const char *plugin_name, const char *option, + const char **result, unsigned int *len) { if (context && !strcmp(option, "mech_list")) { *result = context; - if (len != NULL) *len = strlen(*result); + if (len) *len = strlen(*result); return SASL_OK; } return SASL_FAIL; @@ -124,41 +121,37 @@ sasl_callback_t cbs[] = { {SASL_CB_LIST_END, NULL, NULL}}; /* default the mechanism to our "public name" */ -if (ob->server_mech == NULL) - ob->server_mech = string_copy(ablock->public_name); -expanded_hostname = expand_string(ob->server_hostname); -if (expanded_hostname == NULL) +if (!ob->server_mech) ob->server_mech = string_copy(ablock->public_name); + +if (!(expanded_hostname = expand_string(ob->server_hostname))) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't expand server_hostname [%s]: %s", ablock->name, ob->server_hostname, expand_string_message); realm_expanded = NULL; -if (ob->server_realm != NULL) { - realm_expanded = CS expand_string(ob->server_realm); - if (realm_expanded == NULL) - log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " - "couldn't expand server_realm [%s]: %s", - ablock->name, ob->server_realm, expand_string_message); -} +if ( ob->server_realm + && !(realm_expanded = CS expand_string(ob->server_realm))) + log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " + "couldn't expand server_realm [%s]: %s", + ablock->name, ob->server_realm, expand_string_message); /* we're going to initialise the library to check that there is an - * authenticator of type whatever mechanism we're using - */ +authenticator of type whatever mechanism we're using */ cbs[0].proc = (int(*)(void)) &mysasl_config; cbs[0].context = ob->server_mech; -if ((rc = sasl_server_init(cbs, "exim")) != SASL_OK ) +if ((rc = sasl_server_init(cbs, "exim")) != SASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't initialise Cyrus SASL library.", ablock->name); if ((rc = sasl_server_new(CS ob->server_service, CS expanded_hostname, - realm_expanded, NULL, NULL, NULL, 0, &conn)) != SASL_OK ) + realm_expanded, NULL, NULL, NULL, 0, &conn)) != SASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't initialise Cyrus SASL server connection.", ablock->name); -if ((rc = sasl_listmech(conn, NULL, "", ":", "", (const char **)&list, &len, &i)) != SASL_OK ) +if ((rc = sasl_listmech(conn, NULL, "", ":", "", (const char **)&list, &len, &i)) != SASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't get Cyrus SASL mechanism list.", ablock->name); @@ -173,16 +166,16 @@ HDEBUG(D_auth) } /* the store_get / store_reset mechanism is hierarchical - * the hierarchy is stored for us behind our back. This point - * creates a hierarchy point for this function. - */ + the hierarchy is stored for us behind our back. This point + creates a hierarchy point for this function. */ + rs_point = store_mark(); /* loop until either we get to the end of the list, or we match the - * public name of this authenticator - */ -while ( ( buffer = string_nextinlist(&listptr, &i, NULL, 0) ) && - strcmpic(buffer,ob->server_mech) ); +public name of this authenticator */ + +while ( (buffer = string_nextinlist(&listptr, &i, NULL, 0)) + && strcmpic(buffer,ob->server_mech) ); if (!buffer) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " @@ -206,8 +199,7 @@ sasl_done(); /* For interface, see auths/README */ /* note, we don't care too much about memory allocation in this, because this is entirely - * within a shortlived child - */ +within a shortlived child */ int auth_cyrus_sasl_server(auth_instance *ablock, uschar *data) @@ -276,6 +268,9 @@ if (tls_in.cipher) } else HDEBUG(D_auth) debug_printf("Cyrus SASL set EXTERNAL SSF to %d\n", tls_in.bits); + + /*XXX Set channel-binding here with sasl_channel_binding_t / SASL_CHANNEL_BINDING + Unclear what the "name" element does though, ditto the "critical" flag. */ } else HDEBUG(D_auth) debug_printf("Cyrus SASL: no TLS, no EXTERNAL SSF set\n"); @@ -291,45 +286,34 @@ So the docs are too strict and we shouldn't worry about :: contractions. */ /* Set properties for remote and local host-ip;port */ for (int i = 0; i < 2; ++i) { - struct sockaddr_storage ss; - int (*query)(int, struct sockaddr *, socklen_t *); - int propnum, port; - const uschar *label; - uschar *address, *address_port; + int propnum; + const uschar * label; + uschar * address_port; const char *s_err; socklen_t sslen; if (i) { - query = &getpeername; propnum = SASL_IPREMOTEPORT; label = CUS"peer"; + address_port = string_sprintf("%s;%d", + sender_host_address, sender_host_port); } else { - query = &getsockname; propnum = SASL_IPLOCALPORT; label = CUS"local"; + address_port = string_sprintf("%s;%d", interface_address, interface_port); } - sslen = sizeof(ss); - if ((rc = query(fileno(smtp_in), (struct sockaddr *) &ss, &sslen)) < 0) - { - HDEBUG(D_auth) - debug_printf("Failed to get %s address information: %s\n", - label, strerror(errno)); - break; - } - - address = host_ntoa(-1, &ss, NULL, &port); - address_port = string_sprintf("%s;%d", address, port); - if ((rc = sasl_setprop(conn, propnum, address_port)) != SASL_OK) { - s_err = sasl_errdetail(conn); HDEBUG(D_auth) + { + s_err = sasl_errdetail(conn); debug_printf("Failed to set %s SASL property: [%d] %s\n", label, rc, s_err ? s_err : "<unknown reason>"); + } break; } HDEBUG(D_auth) debug_printf("Cyrus SASL set %s hostport to: %s\n", @@ -353,7 +337,7 @@ for (rc = SASL_CONTINUE; rc == SASL_CONTINUE; ) if ((rc = auth_get_data(&input, out2, outlen)) != OK) { /* we couldn't get the data, so free up the library before - * returning whatever error we get */ + returning whatever error we get */ sasl_dispose(&conn); sasl_done(); return rc; @@ -422,9 +406,9 @@ for (rc = SASL_CONTINUE; rc == SASL_CONTINUE; ) case SASL_NOMECH: /* this is a temporary failure, because the mechanism is not - * available for this user. If it wasn't available at all, we - * shouldn't have got here in the first place... - */ + available for this user. If it wasn't available at all, we + shouldn't have got here in the first place... */ + HDEBUG(D_auth) debug_printf("Cyrus SASL temporary failure %d (%s)\n", rc, sasl_errstring(rc, NULL, NULL)); auth_defer_msg = diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c index faf30bb8a..78a63cd0e 100644 --- a/src/src/auths/gsasl_exim.c +++ b/src/src/auths/gsasl_exim.c @@ -134,27 +134,29 @@ auth_gsasl_options_block *ob = the default for the mechanism name; we don't handle multiple mechanisms in one authenticator, but the same driver can be used multiple times. */ -if (ob->server_mech == NULL) +if (!ob->server_mech) ob->server_mech = string_copy(ablock->public_name); /* Can get multiple session contexts from one library context, so just initialise the once. */ -if (gsasl_ctx == NULL) { - rc = gsasl_init(&gsasl_ctx); - if (rc != GSASL_OK) { + +if (!gsasl_ctx) + { + if ((rc = gsasl_init(&gsasl_ctx)) != GSASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't initialise GNU SASL library: %s (%s)", ablock->name, gsasl_strerror_name(rc), gsasl_strerror(rc)); - } + gsasl_callback_set(gsasl_ctx, main_callback); -} + } /* We don't need this except to log it for debugging. */ -rc = gsasl_server_mechlist(gsasl_ctx, &p); -if (rc != GSASL_OK) + +if ((rc = gsasl_server_mechlist(gsasl_ctx, &p)) != GSASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "failed to retrieve list of mechanisms: %s (%s)", ablock->name, gsasl_strerror_name(rc), gsasl_strerror(rc)); + HDEBUG(D_auth) debug_printf("GNU SASL supports: %s\n", p); supported = gsasl_client_support_p(gsasl_ctx, CCS ob->server_mech); @@ -163,19 +165,21 @@ if (!supported) "GNU SASL does not support mechanism \"%s\"", ablock->name, ob->server_mech); -if ((ablock->server_condition == NULL) && - (streqic(ob->server_mech, US"EXTERNAL") || - streqic(ob->server_mech, US"ANONYMOUS") || - streqic(ob->server_mech, US"PLAIN") || - streqic(ob->server_mech, US"LOGIN"))) +if ( !ablock->server_condition + && ( streqic(ob->server_mech, US"EXTERNAL") + || streqic(ob->server_mech, US"ANONYMOUS") + || streqic(ob->server_mech, US"PLAIN") + || streqic(ob->server_mech, US"LOGIN") + ) ) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "Need server_condition for %s mechanism", ablock->name, ob->server_mech); /* This does *not* scale to new SASL mechanisms. Need a better way to ask which properties will be needed. */ -if ((ob->server_realm == NULL) && - streqic(ob->server_mech, US"DIGEST-MD5")) + +if ( !ob->server_realm + && streqic(ob->server_mech, US"DIGEST-MD5")) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "Need server_realm for %s mechanism", ablock->name, ob->server_mech); @@ -187,7 +191,8 @@ etc) it clearly is critical. So don't activate without server_condition, this might be relaxed in the future. */ -if (ablock->server_condition != NULL) ablock->server = TRUE; + +if (ablock->server_condition) ablock->server = TRUE; ablock->client = FALSE; } @@ -206,7 +211,7 @@ HDEBUG(D_auth) debug_printf("GNU SASL Callback entered, prop=%d (loop prop=%d)\n", prop, callback_loop); -if (cb_state == NULL) +if (!cb_state) { HDEBUG(D_auth) debug_printf(" not from our server/client processing.\n"); return GSASL_NO_CALLBACK; @@ -259,8 +264,7 @@ HDEBUG(D_auth) debug_printf("GNU SASL: initialising session for %s, mechanism %s.\n", ablock->name, ob->server_mech); -rc = gsasl_server_start(gsasl_ctx, CCS ob->server_mech, &sctx); -if (rc != GSASL_OK) +if ((rc = gsasl_server_start(gsasl_ctx, CCS ob->server_mech, &sctx)) != GSASL_OK) { auth_defer_msg = string_sprintf("GNU SASL: session start failure: %s (%s)", gsasl_strerror_name(rc), gsasl_strerror(rc)); @@ -286,8 +290,9 @@ if (ob->server_realm) } /* We don't support protection layers. */ gsasl_property_set(sctx, GSASL_QOPS, "qop-auth"); + #ifndef DISABLE_TLS -if (tls_channelbinding_b64) +if (tls_in.channelbinding) { /* Some auth mechanisms can ensure that both sides are talking withing the same security context; for TLS, this means that even if a bad certificate @@ -312,14 +317,12 @@ if (tls_channelbinding_b64) HDEBUG(D_auth) debug_printf("Auth %s: Enabling channel-binding\n", ablock->name); gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, - CCS tls_channelbinding_b64); + CCS tls_in.channelbinding); } else - { HDEBUG(D_auth) debug_printf("Auth %s: Not enabling channel-binding (data available)\n", ablock->name); - } } else HDEBUG(D_auth) @@ -334,9 +337,7 @@ to_send = NULL; exim_error = exim_error_override = OK; do { - rc = gsasl_step64(sctx, received, &to_send); - - switch (rc) + switch (rc = gsasl_step64(sctx, received, &to_send)) { case GSASL_OK: if (!to_send) @@ -373,10 +374,8 @@ do { goto STOP_INTERACTION; } - if ((rc == GSASL_NEEDS_MORE) || - (to_send && *to_send)) - exim_error = - auth_get_no64_data((uschar **)&received, US to_send); + if ((rc == GSASL_NEEDS_MORE) || (to_send && *to_send)) + exim_error = auth_get_no64_data((uschar **)&received, US to_send); if (to_send) { @@ -419,29 +418,25 @@ return checked_server_condition ? OK : auth_check_serv_cond(ablock); static int condition_check(auth_instance *ablock, uschar *label, uschar *condition_string) { -int exim_rc; - -exim_rc = auth_check_some_cond(ablock, label, condition_string, FAIL); - -if (exim_rc == OK) - return GSASL_OK; -else if (exim_rc == DEFER) +int exim_rc = auth_check_some_cond(ablock, label, condition_string, FAIL); +switch (exim_rc) { - sasl_error_should_defer = TRUE; - return GSASL_AUTHENTICATION_ERROR; + case OK: return GSASL_OK; + case DEFER: sasl_error_should_defer = TRUE; + return GSASL_AUTHENTICATION_ERROR; + case FAIL: return GSASL_AUTHENTICATION_ERROR; + default: log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " + "Unhandled return from checking %s: %d", + ablock->name, label, exim_rc); } -else if (exim_rc == FAIL) - return GSASL_AUTHENTICATION_ERROR; -log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " - "Unhandled return from checking %s: %d", - ablock->name, label, exim_rc); /* NOTREACHED */ return GSASL_AUTHENTICATION_ERROR; } static int -server_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop, auth_instance *ablock) +server_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop, + auth_instance *ablock) { char *tmps; uschar *propval; @@ -475,13 +470,14 @@ switch (prop) break; case GSASL_VALIDATE_EXTERNAL: - if (ablock->server_condition == NULL) + if (!ablock->server_condition) { HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate EXTERNAL.\n"); cbrc = GSASL_AUTHENTICATION_ERROR; break; } propval = US gsasl_property_fast(sctx, GSASL_AUTHZID); + /* We always set $auth1, even if only to empty string. */ auth_vars[0] = expand_nstring[1] = propval ? propval : US""; expand_nlength[1] = Ustrlen(expand_nstring[1]); @@ -493,14 +489,16 @@ switch (prop) break; case GSASL_VALIDATE_ANONYMOUS: - if (ablock->server_condition == NULL) + if (!ablock->server_condition) { HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate ANONYMOUS.\n"); cbrc = GSASL_AUTHENTICATION_ERROR; break; } propval = US gsasl_property_fast(sctx, GSASL_ANONYMOUS_TOKEN); + /* We always set $auth1, even if only to empty string. */ + auth_vars[0] = expand_nstring[1] = propval ? propval : US""; expand_nlength[1] = Ustrlen(expand_nstring[1]); expand_nmax = 1; @@ -516,10 +514,10 @@ switch (prop) by the SASL integration after authentication; protected against tampering (if the SASL mechanism supports that, which Kerberos does) but is unverified, same as normal for other mechanisms. - - First coding, we had these values swapped, but for consistency and prior + First coding, we had these values swapped, but for consistency and prior to the first release of Exim with this authenticator, they've been switched to match the ordering of GSASL_VALIDATE_SIMPLE. */ + propval = US gsasl_property_fast(sctx, GSASL_GSSAPI_DISPLAY_NAME); auth_vars[0] = expand_nstring[1] = propval ? propval : US""; propval = US gsasl_property_fast(sctx, GSASL_AUTHZID); @@ -530,6 +528,7 @@ switch (prop) /* In this one case, it perhaps makes sense to default back open? But for consistency, let's just mandate server_condition here too. */ + cbrc = condition_check(ablock, US"server_condition (GSSAPI family)", ablock->server_condition); checked_server_condition = TRUE; @@ -551,12 +550,14 @@ switch (prop) tmps = CS expand_string(ob->server_scram_salt); gsasl_property_set(sctx, GSASL_SCRAM_SALT, tmps); } + /* Asking for GSASL_AUTHZID calls back into us if we use gsasl_property_get(), thus the use of gsasl_property_fast(). Do we really want to hardcode limits per mechanism? What happens when a new mechanism is added to the library. It *shouldn't* result in us needing to add more glue, since avoiding that is a large part of the point of SASL. */ + propval = US gsasl_property_fast(sctx, GSASL_AUTHID); auth_vars[0] = expand_nstring[1] = propval ? propval : US""; propval = US gsasl_property_fast(sctx, GSASL_AUTHZID); @@ -567,8 +568,7 @@ switch (prop) for (int i = 1; i <= 3; ++i) expand_nlength[i] = Ustrlen(expand_nstring[i]); - tmps = CS expand_string(ob->server_password); - if (tmps == NULL) + if (!(tmps = CS expand_string(ob->server_password))) { sasl_error_should_defer = f.expand_string_forcedfail ? FALSE : TRUE; HDEBUG(D_auth) debug_printf("server_password expansion failed, so " @@ -576,9 +576,11 @@ switch (prop) return GSASL_AUTHENTICATION_ERROR; } gsasl_property_set(sctx, GSASL_PASSWORD, tmps); + /* This is inadequate; don't think Exim's store stacks are geared for memory wiping, so expanding strings will leave stuff laying around. But no need to compound the problem, so get rid of the one we can. */ + memset(tmps, '\0', strlen(tmps)); cbrc = GSASL_OK; break; diff --git a/src/src/base64.c b/src/src/base64.c index 6c8191462..aa46c2b32 100644 --- a/src/src/base64.c +++ b/src/src/base64.c @@ -242,9 +242,9 @@ static uschar *enc64table = US"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; uschar * -b64encode(const uschar * clear, int len) +b64encode_taint(const uschar * clear, int len, BOOL tainted) { -uschar *code = store_get(4*((len+2)/3) + 1, is_tainted(clear)); +uschar *code = store_get(4*((len+2)/3) + 1, tainted); uschar *p = code; while (len-- >0) @@ -283,6 +283,12 @@ while (len-- >0) return code; } +uschar * +b64encode(const uschar * clear, int len) +{ +return b64encode_taint(clear, len, is_tainted(clear)); +} + /* End of base64.c */ /* vi: sw ai sw=2 diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index b94b36866..223e2d645 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -50,6 +50,7 @@ Do not put spaces between # and the 'define'. #define DISABLE_DKIM #define DISABLE_EVENT #define DISABLE_OCSP +#define DISABLE_PIPE_CONNECT #define DISABLE_PRDR #define DISABLE_TLS #define DISABLE_D_OPTION @@ -151,7 +152,6 @@ Do not put spaces between # and the 'define'. #define SUPPORT_MAILSTORE #define SUPPORT_MBX #define SUPPORT_MOVE_FROZEN_MESSAGES -#define SUPPORT_PIPE_CONNECT #define SUPPORT_PAM #define SUPPORT_PROXY #define SUPPORT_SOCKS @@ -204,6 +204,7 @@ Do not put spaces between # and the 'define'. #define EXPERIMENTAL_LMDB #define EXPERIMENTAL_QUEUEFILE #define EXPERIMENTAL_SRS +#define EXPERIMENTAL_SRS_NATIVE #define EXPERIMENTAL_TLS_RESUME diff --git a/src/src/daemon.c b/src/src/daemon.c index 99fa909d2..61371f592 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -31,6 +31,7 @@ static smtp_slot empty_smtp_slot = { .pid = 0, .host_address = NULL }; static SIGNAL_BOOL sigchld_seen; static SIGNAL_BOOL sighup_seen; +static SIGNAL_BOOL sigterm_seen; static int accept_retry_count = 0; static int accept_retry_errno; @@ -87,6 +88,16 @@ sigchld_seen = TRUE; } +/* SIGTERM handler. Try to get the damon pif file removed +before exiting. */ + +static void +main_sigterm_handler(int sig) +{ +sigterm_seen = TRUE; +} + + /************************************************* @@ -430,6 +441,7 @@ if (pid == 0) #else signal(SIGCHLD, SIG_IGN); #endif + signal(SIGTERM, SIG_DFL); /* Attempt to get an id from the sending machine via the RFC 1413 protocol. We do this in the sub-process in order not to hold up the @@ -654,6 +666,7 @@ if (pid == 0) signal(SIGHUP, SIG_DFL); signal(SIGCHLD, SIG_DFL); + signal(SIGTERM, SIG_DFL); if (geteuid() != root_uid && !deliver_drop_privilege) { @@ -888,6 +901,77 @@ while ((pid = waitpid(-1, &status, WNOHANG)) > 0) +static void +set_pid_file_path(void) +{ +if (override_pid_file_path) + pid_file_path = override_pid_file_path; + +if (!*pid_file_path) + pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory); +} + + +/* Remove the daemon's pidfile. Note: runs with root privilege, +as a direct child of the daemon. Does not return. */ + +void +delete_pid_file(void) +{ +uschar * daemon_pid = string_sprintf("%d\n", (int)getppid()); +FILE * f; + +set_pid_file_path(); +if ((f = Ufopen(pid_file_path, "rb"))) + { + if ( fgets(CS big_buffer, big_buffer_size, f) + && Ustrcmp(daemon_pid, big_buffer) == 0 + ) + if (Uunlink(pid_file_path) == 0) + { + DEBUG(D_any) + debug_printf("%s unlink: %s\n", pid_file_path, strerror(errno)); + } + else + DEBUG(D_any) + debug_printf("unlinked %s\n", pid_file_path); + fclose(f); + } +else + DEBUG(D_any) + debug_printf("%s\n", string_open_failed(errno, "pid file %s", + pid_file_path)); +exim_exit(EXIT_SUCCESS, US"pid file remover"); +} + + +/* Called by the daemon; exec a child to get the pid file deleted +since we may require privs for the containing directory */ + +static void +daemon_die(void) +{ +int pid; + +if (f.running_in_test_harness || write_pid) + { + if ((pid = fork()) == 0) + { + if (override_pid_file_path) + (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 3, + "-oP", override_pid_file_path, "-oPX"); + else + (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 1, "-oPX"); + + /* Control never returns here. */ + } + if (pid > 0) + child_close(pid, 1); + } +exim_exit(EXIT_SUCCESS, US"daemon"); +} + + /************************************************* * Exim Daemon Mainline * *************************************************/ @@ -1068,19 +1152,14 @@ if (f.daemon_listen && !f.inetd_wait_mode) gstring * new_smtp_port = NULL; gstring * new_local_interfaces = NULL; - if (override_pid_file_path == NULL) write_pid = FALSE; + if (!override_pid_file_path) write_pid = FALSE; list = override_local_interfaces; sep = 0; while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) { uschar joinstr[4]; - gstring ** gp; - - if (Ustrpbrk(s, ".:") == NULL) - gp = &new_smtp_port; - else - gp = &new_local_interfaces; + gstring ** gp = Ustrpbrk(s, ".:") ? &new_local_interfaces : &new_smtp_port; if (!*gp) { @@ -1538,12 +1617,7 @@ if (f.running_in_test_harness || write_pid) { FILE *f; - if (override_pid_file_path) - pid_file_path = override_pid_file_path; - - if (pid_file_path[0] == 0) - pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory); - + set_pid_file_path(); if ((f = modefopen(pid_file_path, "wb", 0644))) { (void)fprintf(f, "%d\n", (int)getpid()); @@ -1586,11 +1660,15 @@ if (queue_interval > 0 && local_queue_run_max > 0) for (int i = 0; i < local_queue_run_max; i++) queue_pid_slots[i] = 0; } -/* Set up the handler for termination of child processes. */ +/* Set up the handler for termination of child processes, and the one +telling us to die. */ sigchld_seen = FALSE; os_non_restarting_signal(SIGCHLD, main_sigchld_handler); +sigterm_seen = FALSE; +os_non_restarting_signal(SIGTERM, main_sigterm_handler); + /* If we are to run the queue periodically, pretend the alarm has just gone off. This will cause the first queue-runner to get kicked off straight away. */ @@ -1740,6 +1818,20 @@ else (eg: compile regex) */ dns_pattern_init(); +smtp_deliver_init(); /* Used for callouts */ + +#ifndef DISABLE_DKIM + { +# ifdef MEASURE_TIMING + struct timeval t0; + gettimeofday(&t0, NULL); +# endif + dkim_exim_init(); +# ifdef MEASURE_TIMING + report_time_since(&t0, US"dkim_exim_init (delta)"); +# endif + } +#endif #ifdef WITH_CONTENT_SCAN malware_init(); @@ -1777,6 +1869,9 @@ for (;;) EXIM_SOCKLEN_T len; pid_t pid; + if (sigterm_seen) + daemon_die(); /* Does not return */ + /* This code is placed first in the loop, so that it gets obeyed at the start, before the first wait, for the queue-runner case, so that the first one can be started immediately. @@ -1854,6 +1949,7 @@ for (;;) signal(SIGHUP, SIG_DFL); signal(SIGCHLD, SIG_DFL); + signal(SIGTERM, SIG_DFL); /* Re-exec if privilege has been given up, unless deliver_drop_ privilege is set. Reset SIGALRM before exec(). */ diff --git a/src/src/dbstuff.h b/src/src/dbstuff.h index b7889bd8e..bf5fa3f6e 100644 --- a/src/src/dbstuff.h +++ b/src/src/dbstuff.h @@ -786,7 +786,7 @@ typedef struct { uschar bloom[40]; /* Bloom filter which may be larger than this */ } dbdata_ratelimit_unique; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* This structure records the EHLO responses, cleartext and crypted, for an IP, as bitmasks (cf. OPTION_TLS) */ diff --git a/src/src/deliver.c b/src/src/deliver.c index 94bc9a89c..28a1174af 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -1221,7 +1221,7 @@ else { if (testflag(addr, af_pipelining)) g = string_catn(g, US" L", 2); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (testflag(addr, af_early_pipe)) g = string_catn(g, US"*", 1); #endif @@ -3537,7 +3537,7 @@ while (!done) case 'L': switch (*subid) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case 2: setflag(addr, af_early_pipe); /*FALLTHROUGH*/ #endif case 1: setflag(addr, af_pipelining); break; @@ -4844,7 +4844,7 @@ all pipes, so I do not see a reason to use non-blocking IO here #endif if (testflag(addr, af_pipelining)) -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (testflag(addr, af_early_pipe)) rmt_dlv_checked_write(fd, 'L', '2', NULL, 0); else @@ -7172,7 +7172,7 @@ if (addr_remote) /* Precompile some regex that are used to recognize parameters in response to an EHLO command, if they aren't already compiled. */ - deliver_init(); + smtp_deliver_init(); /* Now sort the addresses if required, and do the deliveries. The yield of do_remote_deliveries is FALSE when mua_wrapper is set and all addresses @@ -8495,52 +8495,13 @@ return final_yield; void -deliver_init(void) +tcp_init(void) { #ifdef EXIM_TFO_PROBE tfo_probe(); #else f.tcp_fastopen_ok = TRUE; #endif - - -if (!regex_PIPELINING) regex_PIPELINING = - regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_SIZE) regex_SIZE = - regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_AUTH) regex_AUTH = - regex_must_compile(AUTHS_REGEX, FALSE, TRUE); - -#ifndef DISABLE_TLS -if (!regex_STARTTLS) regex_STARTTLS = - regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); -#endif - -if (!regex_CHUNKING) regex_CHUNKING = - regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)", FALSE, TRUE); - -#ifndef DISABLE_PRDR -if (!regex_PRDR) regex_PRDR = - regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); -#endif - -#ifdef SUPPORT_I18N -if (!regex_UTF8) regex_UTF8 = - regex_must_compile(US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE); -#endif - -if (!regex_DSN) regex_DSN = - regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA = - regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE); - -#ifdef SUPPORT_PIPE_CONNECT -if (!regex_EARLY_PIPE) regex_EARLY_PIPE = - regex_must_compile(US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)", FALSE, TRUE); -#endif } diff --git a/src/src/dkim.c b/src/src/dkim.c index 065170444..5c9d2279e 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -95,6 +95,8 @@ return NULL; /*XXX better error detail? logging? */ void dkim_exim_init(void) { +if (f.dkim_init_done) return; +f.dkim_init_done = TRUE; pdkim_init(); } @@ -103,6 +105,8 @@ pdkim_init(); void dkim_exim_verify_init(BOOL dot_stuffing) { +dkim_exim_init(); + /* There is a store-reset between header & body reception so cannot use the main pool. Any allocs done by Exim memory-handling must use the perm pool. */ @@ -569,6 +573,8 @@ void dkim_exim_sign_init(void) { int old_pool = store_pool; + +dkim_exim_init(); store_pool = POOL_MAIN; pdkim_init_context(&dkim_sign_ctx, FALSE, &dkim_exim_query_dns_txt); store_pool = old_pool; diff --git a/src/src/exim.c b/src/src/exim.c index 6a2e7a644..8c3c8e7ed 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -202,7 +202,7 @@ va_end(ap); static void term_handler(int sig) { - exit(1); +exit(1); } @@ -901,7 +901,7 @@ fprintf(fp, "Support for:"); #ifndef DISABLE_OCSP fprintf(fp, " OCSP"); #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fprintf(fp, " PIPE_CONNECT"); #endif #ifndef DISABLE_PRDR @@ -920,7 +920,7 @@ fprintf(fp, "Support for:"); fprintf(fp, " DMARC"); #endif #ifdef TCP_FASTOPEN - deliver_init(); + tcp_init(); if (f.tcp_fastopen_ok) fprintf(fp, " TCP_Fast_Open"); #endif #ifdef EXPERIMENTAL_LMDB @@ -929,7 +929,7 @@ fprintf(fp, "Support for:"); #ifdef EXPERIMENTAL_QUEUEFILE fprintf(fp, " Experimental_QUEUEFILE"); #endif -#ifdef EXPERIMENTAL_SRS +#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE) fprintf(fp, " Experimental_SRS"); #endif #ifdef EXPERIMENTAL_ARC @@ -3072,11 +3072,15 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "o") == 0) {} - /* -oP <name>: set pid file path for daemon */ + /* -oP <name>: set pid file path for daemon + -oPX: delete pid file of daemon */ else if (Ustrcmp(argrest, "P") == 0) override_pid_file_path = argv[++i]; + else if (Ustrcmp(argrest, "PX") == 0) + delete_pid_file(); + /* -or <n>: set timeout for non-SMTP acceptance -os <n>: set timeout for SMTP acceptance */ @@ -4488,31 +4492,9 @@ if (list_config) } -/* Initialise subsystems as required */ -#ifndef DISABLE_DKIM - { -# ifdef MEASURE_TIMING - struct timeval t0; - gettimeofday(&t0, NULL); -# endif - dkim_exim_init(); -# ifdef MEASURE_TIMING - report_time_since(&t0, US"dkim_exim_init (delta)"); -# endif - } -#endif - - { -#ifdef MEASURE_TIMING - struct timeval t0; - gettimeofday(&t0, NULL); -#endif - deliver_init(); -#ifdef MEASURE_TIMING - report_time_since(&t0, US"deliver_init (delta)"); -#endif - } +/* Initialise subsystems as required. */ +tcp_init(); /* Handle a request to deliver one or more messages that are already on the queue. Values of msg_action other than MSG_DELIVER and MSG_LOAD are dealt with @@ -4707,6 +4689,23 @@ if (f.daemon_listen || f.inetd_wait_mode || queue_interval > 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Daemon cannot be run when " "mua_wrapper is set"); } + +# ifndef DISABLE_TLS + /* This also checks that the library linkage is working and we can call + routines in it, so call even if tls_require_ciphers is unset */ + { +# ifdef MEASURE_TIMING + struct timeval t0, diff; + (void)gettimeofday(&t0, NULL); +# endif + if (!tls_dropprivs_validate_require_cipher(FALSE)) + exit(1); +# ifdef MEASURE_TIMING + report_time_since(&t0, US"validate_ciphers (delta)"); +# endif + } +#endif + daemon_go(); } @@ -4822,8 +4821,9 @@ if (verify_address_mode || f.address_test_mode) { while (recipients_arg < argc) { - uschar *s = argv[recipients_arg++]; - while (*s != 0) + /* Supplied addresses are tainted since they come from a user */ + uschar * s = string_copy_taint(argv[recipients_arg++], TRUE); + while (*s) { BOOL finished = FALSE; uschar *ss = parse_find_address_end(s, FALSE); @@ -4831,16 +4831,16 @@ if (verify_address_mode || f.address_test_mode) test_address(s, flags, &exit_value); s = ss; if (!finished) - while (*(++s) != 0 && (*s == ',' || isspace(*s))); + while (*++s == ',' || isspace(*s)) ; } } } else for (;;) { - uschar *s = get_stdinput(NULL, NULL); - if (s == NULL) break; - test_address(s, flags, &exit_value); + uschar * s = get_stdinput(NULL, NULL); + if (!s) break; + test_address(string_copy_taint(s, TRUE), flags, &exit_value); } route_tidyup(); @@ -5334,13 +5334,13 @@ while (more) raw_sender = string_copy(sender_address); - /* Loop for each argument */ + /* Loop for each argument (supplied by user hence tainted) */ for (int i = 0; i < count; i++) { int start, end, domain; - uschar *errmess; - uschar *s = list[i]; + uschar * errmess; + uschar * s = string_copy_taint(list[i], TRUE); /* Loop for each comma-separated address */ diff --git a/src/src/exim_dbutil.c b/src/src/exim_dbutil.c index 80f656530..7b13859cd 100644 --- a/src/src/exim_dbutil.c +++ b/src/src/exim_dbutil.c @@ -332,7 +332,7 @@ if (asprintf(CSS &filename, "%s/%s", dirname, name) < 0) return NULL; #else filename = string_sprintf("%s/%s", dirname, name); #endif -EXIM_DBOPEN(filename, dirname, flags, 0, &(dbblock->dbptr)); +EXIM_DBOPEN(filename, dirname, flags, 0, &dbblock->dbptr); if (!dbblock->dbptr) { diff --git a/src/src/expand.c b/src/src/expand.c index 21686e99c..366cd737a 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -129,6 +129,9 @@ static uschar *item_table[] = { US"run", US"sg", US"sort", +#ifdef EXPERIMENTAL_SRS_NATIVE + US"srs_encode", +#endif US"substr", US"tr" }; @@ -160,6 +163,9 @@ enum { EITEM_RUN, EITEM_SG, EITEM_SORT, +#ifdef EXPERIMENTAL_SRS_NATIVE + EITEM_SRS_ENCODE, +#endif EITEM_SUBSTR, EITEM_TR }; @@ -323,6 +329,9 @@ static uschar *cond_table[] = { US"gei", US"gt", US"gti", +#ifdef EXPERIMENTAL_SRS_NATIVE + US"inbound_srs", +#endif US"inlist", US"inlisti", US"isip", @@ -373,6 +382,9 @@ enum { ECOND_STR_GEI, ECOND_STR_GT, ECOND_STR_GTI, +#ifdef EXPERIMENTAL_SRS_NATIVE + ECOND_INBOUND_SRS, +#endif ECOND_INLIST, ECOND_INLISTI, ECOND_ISIP, @@ -736,7 +748,11 @@ static var_entry var_table[] = { { "srs_db_key", vtype_stringptr, &srs_db_key }, { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient }, { "srs_orig_sender", vtype_stringptr, &srs_orig_sender }, +#endif +#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE) { "srs_recipient", vtype_stringptr, &srs_recipient }, +#endif +#ifdef EXPERIMENTAL_SRS { "srs_status", vtype_stringptr, &srs_status }, #endif { "thisaddress", vtype_stringptr, &filter_thisaddress }, @@ -941,18 +957,16 @@ Returns: TRUE if condition is met, FALSE if not BOOL expand_check_condition(uschar *condition, uschar *m1, uschar *m2) { -int rc; -uschar *ss = expand_string(condition); -if (ss == NULL) +uschar * ss = expand_string(condition); +if (!ss) { if (!f.expand_string_forcedfail && !f.search_find_defer) log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" " "for %s %s: %s", condition, m1, m2, expand_string_message); return FALSE; } -rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 && +return *ss && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 && strcmpic(ss, US"false") != 0; -return rc; } @@ -1055,7 +1069,7 @@ static const uschar * read_name(uschar *name, int max, const uschar *s, uschar *extras) { int ptr = 0; -while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL)) +while (*s && (isalnum(*s) || Ustrchr(extras, *s) != NULL)) { if (ptr < max-1) name[ptr++] = *s; s++; @@ -2295,6 +2309,127 @@ return chop_match(name, cond_table, nelem(cond_table)); /************************************************* +* Handle MD5 or SHA-1 computation for HMAC * +*************************************************/ + +/* These are some wrapping functions that enable the HMAC code to be a bit +cleaner. A good compiler will spot the tail recursion. + +Arguments: + type HMAC_MD5 or HMAC_SHA1 + remaining are as for the cryptographic hash functions + +Returns: nothing +*/ + +static void +chash_start(int type, void * base) +{ +if (type == HMAC_MD5) + md5_start((md5 *)base); +else + sha1_start((hctx *)base); +} + +static void +chash_mid(int type, void * base, const uschar * string) +{ +if (type == HMAC_MD5) + md5_mid((md5 *)base, string); +else + sha1_mid((hctx *)base, string); +} + +static void +chash_end(int type, void * base, const uschar * string, int length, + uschar * digest) +{ +if (type == HMAC_MD5) + md5_end((md5 *)base, string, length, digest); +else + sha1_end((hctx *)base, string, length, digest); +} + + + + +/* Do an hmac_md5. The result is _not_ nul-terminated, and is sized as +the smaller of a full hmac_md5 result (16 bytes) or the supplied output buffer. + +Arguments: + key encoding key, nul-terminated + src data to be hashed, nul-terminated + buf output buffer + len size of output buffer +*/ + +static void +hmac_md5(const uschar * key, const uschar * src, uschar * buf, unsigned len) +{ +md5 md5_base; +const uschar * keyptr; +uschar * p; +unsigned int keylen; + +#define MD5_HASHLEN 16 +#define MD5_HASHBLOCKLEN 64 + +uschar keyhash[MD5_HASHLEN]; +uschar innerhash[MD5_HASHLEN]; +uschar finalhash[MD5_HASHLEN]; +uschar innerkey[MD5_HASHBLOCKLEN]; +uschar outerkey[MD5_HASHBLOCKLEN]; + +keyptr = key; +keylen = Ustrlen(keyptr); + +/* If the key is longer than the hash block length, then hash the key +first */ + +if (keylen > MD5_HASHBLOCKLEN) + { + chash_start(HMAC_MD5, &md5_base); + chash_end(HMAC_MD5, &md5_base, keyptr, keylen, keyhash); + keyptr = keyhash; + keylen = MD5_HASHLEN; + } + +/* Now make the inner and outer key values */ + +memset(innerkey, 0x36, MD5_HASHBLOCKLEN); +memset(outerkey, 0x5c, MD5_HASHBLOCKLEN); + +for (int i = 0; i < keylen; i++) + { + innerkey[i] ^= keyptr[i]; + outerkey[i] ^= keyptr[i]; + } + +/* Now do the hashes */ + +chash_start(HMAC_MD5, &md5_base); +chash_mid(HMAC_MD5, &md5_base, innerkey); +chash_end(HMAC_MD5, &md5_base, src, Ustrlen(src), innerhash); + +chash_start(HMAC_MD5, &md5_base); +chash_mid(HMAC_MD5, &md5_base, outerkey); +chash_end(HMAC_MD5, &md5_base, innerhash, MD5_HASHLEN, finalhash); + +/* Encode the final hash as a hex string, limited by output buffer size */ + +p = buf; +for (int i = 0, j = len; i < MD5_HASHLEN; i++) + { + if (j-- <= 0) break; + *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4]; + if (j-- <= 0) break; + *p++ = hex_digits[finalhash[i] & 0x0f]; + } +return; +} + + +/************************************************* * Read and evaluate a condition * *************************************************/ @@ -2394,14 +2529,14 @@ switch(cond_type = identify_operator(&s, &opname)) /* first_delivery tests for first delivery attempt */ case ECOND_FIRST_DELIVERY: - if (yield != NULL) *yield = f.deliver_firsttime == testfor; + if (yield) *yield = f.deliver_firsttime == testfor; return s; /* queue_running tests for any process started by a queue runner */ case ECOND_QUEUE_RUNNING: - if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor; + if (yield) *yield = (queue_run_pid != (pid_t)0) == testfor; return s; @@ -2428,11 +2563,11 @@ switch(cond_type = identify_operator(&s, &opname)) if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok); - if (sub[0] == NULL) return NULL; + if (!sub[0]) return NULL; /* {-for-text-editors */ if (*s++ != '}') goto COND_FAILED_CURLY_END; - if (yield == NULL) return s; /* No need to run the test if skipping */ + if (!yield) return s; /* No need to run the test if skipping */ switch(cond_type) { @@ -2534,7 +2669,7 @@ switch(cond_type = identify_operator(&s, &opname)) case 3: return NULL; } - if (yield != NULL) + if (yield) { int rc; *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */ @@ -2585,8 +2720,8 @@ switch(cond_type = identify_operator(&s, &opname)) case 2: case 3: return NULL; } - if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */ - if (yield != NULL) + if (!sub[2]) sub[3] = NULL; /* realm if no service */ + if (yield) { int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3], &expand_string_message); @@ -2673,7 +2808,7 @@ switch(cond_type = identify_operator(&s, &opname)) conditions that compare numbers do not start with a letter. This just saves checking for them individually. */ - if (!isalpha(opname[0]) && yield != NULL) + if (!isalpha(opname[0]) && yield) if (sub[i][0] == 0) { num[i] = 0; @@ -2683,13 +2818,13 @@ switch(cond_type = identify_operator(&s, &opname)) else { num[i] = expanded_string_integer(sub[i], FALSE); - if (expand_string_message != NULL) return NULL; + if (expand_string_message) return NULL; } } /* Result not required */ - if (yield == NULL) return s; + if (!yield) return s; /* Do an appropriate comparison */ @@ -2757,9 +2892,8 @@ switch(cond_type = identify_operator(&s, &opname)) break; case ECOND_MATCH: /* Regular expression match */ - re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset, - NULL); - if (re == NULL) + if (!(re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, + &roffset, NULL))) { expand_string_message = string_sprintf("regular expression error in " "\"%s\": %s at offset %d", sub[1], rerror, roffset); @@ -3013,7 +3147,7 @@ switch(cond_type = identify_operator(&s, &opname)) case ECOND_AND: case ECOND_OR: - subcondptr = (yield == NULL)? NULL : &tempcond; + subcondptr = (yield == NULL) ? NULL : &tempcond; combined_cond = (cond_type == ECOND_AND); while (isspace(*s)) s++; @@ -3048,8 +3182,7 @@ switch(cond_type = identify_operator(&s, &opname)) return NULL; } - if (yield != NULL) - { + if (yield) if (cond_type == ECOND_AND) { combined_cond &= tempcond; @@ -3060,10 +3193,9 @@ switch(cond_type = identify_operator(&s, &opname)) combined_cond |= tempcond; if (combined_cond) subcondptr = NULL; /* once true, don't */ } /* evaluate any more */ - } } - if (yield != NULL) *yield = (combined_cond == testfor); + if (yield) *yield = (combined_cond == testfor); return ++s; @@ -3086,8 +3218,8 @@ switch(cond_type = identify_operator(&s, &opname)) while (isspace(*s)) s++; if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ - sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok); - if (sub[0] == NULL) return NULL; + if (!(sub[0] = expand_string_internal(s, TRUE, &s, yield == NULL, TRUE, resetok))) + return NULL; /* {-for-text-editors */ if (*s++ != '}') goto COND_FAILED_CURLY_END; @@ -3227,10 +3359,104 @@ switch(cond_type = identify_operator(&s, &opname)) } DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname, boolvalue? "true":"false"); - if (yield != NULL) *yield = (boolvalue == testfor); + if (yield) *yield = (boolvalue == testfor); return s; } +#ifdef EXPERIMENTAL_SRS_NATIVE + case ECOND_INBOUND_SRS: + /* ${if inbound_srs {local_part}{secret} {yes}{no}} */ + { + uschar * sub[2]; + const pcre * re; + int ovec[3*(4+1)]; + int n; + uschar cksum[4]; + BOOL boolvalue = FALSE; + + switch(read_subs(sub, 2, 2, CUSS &s, yield == NULL, FALSE, US"inbound_srs", resetok)) + { + case 1: expand_string_message = US"too few arguments or bracketing " + "error for inbound_srs"; + case 2: + case 3: return NULL; + } + + /* Match the given local_part against the SRS-encoded pattern */ + + re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)$", + TRUE, FALSE); + if (pcre_exec(re, NULL, CS sub[0], Ustrlen(sub[0]), 0, PCRE_EOPT, + ovec, nelem(ovec)) < 0) + { + DEBUG(D_expand) debug_printf("no match for SRS'd local-part pattern\n"); + goto srs_result; + } + + /* Side-effect: record the decoded recipient */ + + srs_recipient = string_sprintf("%.*S@%.*S", /* lowercased */ + ovec[9]-ovec[8], sub[0] + ovec[8], /* substring 4 */ + ovec[7]-ovec[6], sub[0] + ovec[6]); /* substring 3 */ + + /* If a zero-length secret was given, we're done. Otherwise carry on + and validate the given SRS local_part againt our secret. */ + + if (!*sub[1]) + { + boolvalue = TRUE; + goto srs_result; + } + + /* check the timestamp */ + { + struct timeval now; + uschar * ss = sub[0] + ovec[4]; /* substring 2, the timestamp */ + long d; + + gettimeofday(&now, NULL); + now.tv_sec /= 86400; /* days since epoch */ + + /* Decode substring 2 from base32 to a number */ + + for (d = 0, n = ovec[5]-ovec[4]; n; n--) + { + uschar * t = Ustrchr(base32_chars, *ss++); + d = d * 32 + (t - base32_chars); + } + + if (((now.tv_sec - d) & 0x3ff) > 10) /* days since SRS generated */ + { + DEBUG(D_expand) debug_printf("SRS too old\n"); + goto srs_result; + } + } + + /* check length of substring 1, the offered checksum */ + + if (ovec[3]-ovec[2] != 4) + { + DEBUG(D_expand) debug_printf("SRS checksum wrong size\n"); + goto srs_result; + } + + /* Hash the address with our secret, and compare that computed checksum + with the one extracted from the arg */ + + hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum)); + if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0) + { + DEBUG(D_expand) debug_printf("SRS checksum mismatch\n"); + goto srs_result; + } + boolvalue = TRUE; + +srs_result: + if (yield) *yield = (boolvalue == testfor); + return s; + } +#endif /*EXPERIMENTAL_SRS_NATIVE*/ + /* Unknown condition */ default: @@ -3503,52 +3729,6 @@ FAILED: -/************************************************* -* Handle MD5 or SHA-1 computation for HMAC * -*************************************************/ - -/* These are some wrapping functions that enable the HMAC code to be a bit -cleaner. A good compiler will spot the tail recursion. - -Arguments: - type HMAC_MD5 or HMAC_SHA1 - remaining are as for the cryptographic hash functions - -Returns: nothing -*/ - -static void -chash_start(int type, void * base) -{ -if (type == HMAC_MD5) - md5_start((md5 *)base); -else - sha1_start((hctx *)base); -} - -static void -chash_mid(int type, void * base, const uschar * string) -{ -if (type == HMAC_MD5) - md5_mid((md5 *)base, string); -else - sha1_mid((hctx *)base, string); -} - -static void -chash_end(int type, void * base, const uschar * string, int length, - uschar * digest) -{ -if (type == HMAC_MD5) - md5_end((md5 *)base, string, length, digest); -else - sha1_end((hctx *)base, string, length, digest); -} - - - - - /******************************************************** * prvs: Get last three digits of days since Jan 1, 1970 * ********************************************************/ @@ -3608,7 +3788,7 @@ uschar innerkey[64]; uschar outerkey[64]; uschar *finalhash_hex; -if (key_num == NULL) +if (!key_num) key_num = US"0"; if (Ustrlen(key) > 64) @@ -3816,13 +3996,13 @@ eval_op_mult(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_unary(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '*' || *s == '/' || *s == '%') { int op = *s++; int_eximarith_t y = eval_op_unary(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where @@ -3903,7 +4083,7 @@ eval_op_shift(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_sum(&s, decimal, error); -if (*error == NULL) +if (!*error) { while ((*s == '<' || *s == '>') && s[1] == s[0]) { @@ -3911,7 +4091,7 @@ if (*error == NULL) int op = *s++; s++; y = eval_op_sum(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; if (op == '<') x <<= y; else x >>= y; } } @@ -3925,14 +4105,14 @@ eval_op_and(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_shift(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '&') { int_eximarith_t y; s++; y = eval_op_shift(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; x &= y; } } @@ -3946,14 +4126,14 @@ eval_op_xor(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_and(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '^') { int_eximarith_t y; s++; y = eval_op_and(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; x ^= y; } } @@ -3967,14 +4147,14 @@ eval_op_or(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_xor(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '|') { int_eximarith_t y; s++; y = eval_op_xor(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; x |= y; } } @@ -4235,7 +4415,7 @@ while (*s != 0) if (!value) { - if (Ustrchr(name, '}') != NULL) malformed_header = TRUE; + if (Ustrchr(name, '}')) malformed_header = TRUE; continue; } } @@ -4415,8 +4595,8 @@ while (*s != 0) save_expand_strings(save_expand_nstring, save_expand_nlength); while (isspace(*s)) s++; - next_s = eval_condition(s, &resetok, skipping ? NULL : &cond); - if (next_s == NULL) goto EXPAND_FAILED; /* message already set */ + if (!(next_s = eval_condition(s, &resetok, skipping ? NULL : &cond))) + goto EXPAND_FAILED; /* message already set */ DEBUG(D_expand) DEBUG(D_noutf8) @@ -4475,7 +4655,7 @@ while (*s != 0) case 3: goto EXPAND_FAILED; } - if (sub_arg[1] == NULL) /* One argument */ + if (!sub_arg[1]) /* One argument */ { sub_arg[1] = US"/"; /* default separator */ sub_arg[2] = NULL; @@ -4577,7 +4757,7 @@ while (*s != 0) if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery)) { - if (key == NULL) + if (!key) { expand_string_message = string_sprintf("missing {key} for single-" "key \"%s\" lookup", name); @@ -4586,7 +4766,7 @@ while (*s != 0) } else { - if (key != NULL) + if (key) { expand_string_message = string_sprintf("a single key was given for " "lookup type \"%s\", which is not a single-key lookup type", name); @@ -4604,8 +4784,8 @@ while (*s != 0) expand_string_message = US"missing '{' for lookup file-or-query arg"; goto EXPAND_FAILED_CURLY; } - filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); - if (filename == NULL) goto EXPAND_FAILED; + if (!(filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; if (*s++ != '}') { expand_string_message = US"missing '}' closing lookup file-or-query arg"; @@ -4656,7 +4836,7 @@ while (*s != 0) else { void *handle = search_open(filename, stype, 0, NULL, NULL); - if (handle == NULL) + if (!handle) { expand_string_message = search_error_message; goto EXPAND_FAILED; @@ -4738,15 +4918,14 @@ while (*s != 0) if (!opt_perl_started) { uschar *initerror; - if (opt_perl_startup == NULL) + if (!opt_perl_startup) { expand_string_message = US"A setting of perl_startup is needed when " "using the Perl interpreter"; goto EXPAND_FAILED; } DEBUG(D_any) debug_printf("Starting Perl interpreter\n"); - initerror = init_perl(opt_perl_startup); - if (initerror != NULL) + if ((initerror = init_perl(opt_perl_startup))) { expand_string_message = string_sprintf("error in perl_startup code: %s\n", initerror); @@ -4765,9 +4944,9 @@ while (*s != 0) NULL, the yield was undef, indicating a forced failure. Otherwise the message will indicate some kind of Perl error. */ - if (new_yield == NULL) + if (!new_yield) { - if (expand_string_message == NULL) + if (!expand_string_message) { expand_string_message = string_sprintf("Perl subroutine \"%s\" returned undef to force " @@ -5273,7 +5452,7 @@ while (*s != 0) if (*s == '{') { - if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok) == NULL) + if (!expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok)) goto EXPAND_FAILED; if (*s++ != '}') { @@ -5332,8 +5511,8 @@ while (*s != 0) expand_string_message = US"missing '{' for command arg of run"; goto EXPAND_FAILED_CURLY; } - arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); - if (arg == NULL) goto EXPAND_FAILED; + if (!(arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; while (isspace(*s)) s++; if (*s++ != '}') { @@ -5446,7 +5625,7 @@ while (*s != 0) if (o2m >= 0) for (; oldptr < yield->ptr; oldptr++) { uschar *m = Ustrrchr(sub[1], yield->s[oldptr]); - if (m != NULL) + if (m) { int o = m - sub[1]; yield->s[oldptr] = sub[2][(o < o2m)? o : o2m]; @@ -5485,7 +5664,7 @@ while (*s != 0) string to the last position and make ${length{n}{str}} equivalent to ${substr{0}{n}{str}}. See the defaults for val[] above. */ - if (sub[2] == NULL) + if (!sub[2]) { sub[2] = sub[1]; sub[1] = NULL; @@ -5508,13 +5687,13 @@ while (*s != 0) } ret = - (item_type == EITEM_HASH)? - compute_hash(sub[2], val[0], val[1], &len) : - (item_type == EITEM_NHASH)? - compute_nhash(sub[2], val[0], val[1], &len) : - extract_substr(sub[2], val[0], val[1], &len); - - if (ret == NULL) goto EXPAND_FAILED; + item_type == EITEM_HASH + ? compute_hash(sub[2], val[0], val[1], &len) + : item_type == EITEM_NHASH + ? compute_nhash(sub[2], val[0], val[1], &len) + : extract_substr(sub[2], val[0], val[1], &len); + if (!ret) + goto EXPAND_FAILED; yield = string_catn(yield, ret, len); continue; } @@ -5654,10 +5833,8 @@ while (*s != 0) /* Compile the regular expression */ - re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset, - NULL); - - if (re == NULL) + if (!(re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, + &roffset, NULL))) { expand_string_message = string_sprintf("regular expression error in " "\"%s\": %s at offset %d", sub[1], rerror, roffset); @@ -5713,8 +5890,8 @@ while (*s != 0) /* Copy the characters before the match, plus the expanded insertion. */ yield = string_catn(yield, subject + moffset, ovector[0] - moffset); - insert = expand_string(sub[2]); - if (insert == NULL) goto EXPAND_FAILED; + if (!(insert = expand_string(sub[2]))) + goto EXPAND_FAILED; yield = string_cat(yield, insert); moffset = ovector[1]; @@ -5808,8 +5985,8 @@ while (*s != 0) while (isspace(*s)) s++; if (*s == '{') /*'}'*/ { - sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); - if (sub[i] == NULL) goto EXPAND_FAILED; /*'{'*/ + if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; /*'{'*/ if (*s++ != '}') { expand_string_message = string_sprintf( @@ -6184,8 +6361,8 @@ while (*s != 0) goto EXPAND_FAILED_CURLY; } - list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok); - if (list == NULL) goto EXPAND_FAILED; + if (!(list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; if (*s++ != '}') { expand_string_message = @@ -6230,13 +6407,13 @@ while (*s != 0) if (item_type == EITEM_FILTER) { - temp = eval_condition(expr, &resetok, NULL); - if (temp != NULL) s = temp; + if ((temp = eval_condition(expr, &resetok, NULL))) + s = temp; } else temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok); - if (temp == NULL) + if (!temp) { expand_string_message = string_sprintf("%s inside \"%s\" item", expand_string_message, name); @@ -6274,7 +6451,7 @@ while (*s != 0) if (item_type == EITEM_FILTER) { BOOL condresult; - if (eval_condition(expr, &resetok, &condresult) == NULL) + if (!eval_condition(expr, &resetok, &condresult)) { iterate_item = save_iterate_item; lookup_value = save_lookup_value; @@ -6296,7 +6473,7 @@ while (*s != 0) { uschar * t = expand_string_internal(expr, TRUE, NULL, skipping, TRUE, &resetok); temp = t; - if (temp == NULL) + if (!temp) { iterate_item = save_iterate_item; expand_string_message = string_sprintf("%s inside \"%s\" item", @@ -6584,7 +6761,7 @@ while (*s != 0) if (!(t = tree_search(dlobj_anchor, argv[0]))) { void *handle = dlopen(CS argv[0], RTLD_LAZY); - if (handle == NULL) + if (!handle) { expand_string_message = string_sprintf("dlopen \"%s\" failed: %s", argv[0], dlerror()); @@ -6600,8 +6777,7 @@ while (*s != 0) /* Having obtained the dynamically loaded object handle, look up the function pointer. */ - func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]); - if (func == NULL) + if (!(func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]))) { expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: " "%s", argv[1], argv[0], dlerror()); @@ -6618,20 +6794,21 @@ while (*s != 0) resetok = FALSE; result = NULL; - for (argc = 0; argv[argc] != NULL; argc++); + for (argc = 0; argv[argc]; argc++); status = func(&result, argc - 2, &argv[2]); if(status == OK) { - if (result == NULL) result = US""; + if (!result) result = US""; yield = string_cat(yield, result); continue; } else { - expand_string_message = result == NULL ? US"(no message)" : result; - if(status == FAIL_FORCED) f.expand_string_forcedfail = TRUE; - else if(status != FAIL) - log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s", + expand_string_message = result ? result : US"(no message)"; + if (status == FAIL_FORCED) + f.expand_string_forcedfail = TRUE; + else if (status != FAIL) + log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s", argv[0], argv[1], status, expand_string_message); goto EXPAND_FAILED; } @@ -6671,6 +6848,62 @@ while (*s != 0) } continue; } + +#ifdef EXPERIMENTAL_SRS_NATIVE + case EITEM_SRS_ENCODE: + /* ${srs_encode {secret} {return_path} {orig_domain}} */ + { + uschar * sub[3]; + uschar cksum[4]; + + switch (read_subs(sub, 3, 3, CUSS &s, skipping, TRUE, name, &resetok)) + { + case 1: goto EXPAND_FAILED_CURLY; + case 2: + case 3: goto EXPAND_FAILED; + } + + yield = string_catn(yield, US"SRS0=", 5); + + /* ${l_4:${hmac{md5}{SRS_SECRET}{${lc:$return_path}}}}= */ + hmac_md5(sub[0], string_copylc(sub[1]), cksum, sizeof(cksum)); + yield = string_catn(yield, cksum, sizeof(cksum)); + yield = string_catn(yield, US"=", 1); + + /* ${base32:${eval:$tod_epoch/86400&0x3ff}}= */ + { + struct timeval now; + unsigned long i; + gstring * g = NULL; + + gettimeofday(&now, NULL); + for (unsigned long i = (now.tv_sec / 86400) & 0x3ff; i; i >>= 5) + g = string_catn(g, &base32_chars[i & 0x1f], 1); + if (g) while (g->ptr > 0) + yield = string_catn(yield, &g->s[--g->ptr], 1); + } + yield = string_catn(yield, US"=", 1); + + /* ${domain:$return_path}=${local_part:$return_path} */ + { + int start, end, domain; + uschar * t = parse_extract_address(sub[1], &expand_string_message, + &start, &end, &domain, FALSE); + if (!t) + goto EXPAND_FAILED; + + if (domain > 0) yield = string_cat(yield, t + domain); + yield = string_catn(yield, US"=", 1); + yield = domain > 0 + ? string_catn(yield, t, domain - 1) : string_cat(yield, t); + } + + /* @$original_domain */ + yield = string_catn(yield, US"@", 1); + yield = string_cat(yield, sub[2]); + continue; + } +#endif /*EXPERIMENTAL_SRS_NATIVE*/ } /* EITEM_* switch */ /* Control reaches here if the name is not recognized as one of the more @@ -6695,11 +6928,11 @@ while (*s != 0) if ((c = chop_match(name, op_table_underscore, nelem(op_table_underscore))) < 0) { - arg = Ustrchr(name, '_'); - if (arg != NULL) *arg = 0; - c = chop_match(name, op_table_main, nelem(op_table_main)); - if (c >= 0) c += nelem(op_table_underscore); - if (arg != NULL) *arg++ = '_'; /* Put back for error messages */ + if ((arg = Ustrchr(name, '_'))) + *arg = 0; + if ((c = chop_match(name, op_table_main, nelem(op_table_main))) >= 0) + c += nelem(op_table_underscore); + if (arg) *arg++ = '_'; /* Put back for error messages */ } /* Deal specially with operators that might take a certificate variable @@ -6774,11 +7007,10 @@ while (*s != 0) { uschar *tt = sub; unsigned long int n = 0; - uschar * s; while (*tt) { uschar * t = Ustrchr(base32_chars, *tt++); - if (t == NULL) + if (!t) { expand_string_message = string_sprintf("argument for base32d " "operator is \"%s\", which is not a base 32 number", sub); @@ -6786,8 +7018,7 @@ while (*s != 0) } n = n * 32 + (t - base32_chars); } - s = string_sprintf("%ld", n); - yield = string_cat(yield, s); + yield = string_fmt_append(yield, "%ld", n); continue; } @@ -6801,8 +7032,7 @@ while (*s != 0) "operator is \"%s\", which is not a decimal number", sub); goto EXPAND_FAILED; } - t = string_base62(n); - yield = string_cat(yield, t); + yield = string_cat(yield, string_base62(n)); continue; } @@ -6815,7 +7045,7 @@ while (*s != 0) while (*tt != 0) { uschar *t = Ustrchr(base62_chars, *tt++); - if (t == NULL) + if (!t) { expand_string_message = string_sprintf("argument for base62d " "operator is \"%s\", which is not a base %d number", sub, @@ -6831,7 +7061,7 @@ while (*s != 0) case EOP_EXPAND: { uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok); - if (expanded == NULL) + if (!expanded) { expand_string_message = string_sprintf("internal expansion of \"%s\" failed: %s", sub, @@ -7030,7 +7260,7 @@ while (*s != 0) int sep = 0; uschar buffer[256]; - while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++; + while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer))) cnt++; yield = string_fmt_append(yield, "%d", cnt); continue; } @@ -7049,7 +7279,7 @@ while (*s != 0) uschar buffer[256]; if (*sub == '+') sub++; - if (arg == NULL) /* no-argument version */ + if (!arg) /* no-argument version */ { if (!(t = tree_search(addresslist_anchor, sub)) && !(t = tree_search(domainlist_anchor, sub)) && @@ -7299,7 +7529,7 @@ while (*s != 0) case EOP_QUOTE: case EOP_QUOTE_LOCAL_PART: - if (arg == NULL) + if (!arg) { BOOL needs_quote = (*sub == 0); /* TRUE for empty string */ uschar *t = sub - 1; @@ -7347,20 +7577,20 @@ while (*s != 0) int n; uschar *opt = Ustrchr(arg, '_'); - if (opt != NULL) *opt++ = 0; + if (opt) *opt++ = 0; - n = search_findtype(arg, Ustrlen(arg)); - if (n < 0) + if ((n = search_findtype(arg, Ustrlen(arg))) < 0) { expand_string_message = search_error_message; goto EXPAND_FAILED; } - if (lookup_list[n]->quote != NULL) + if (lookup_list[n]->quote) sub = (lookup_list[n]->quote)(sub, opt); - else if (opt != NULL) sub = NULL; + else if (opt) + sub = NULL; - if (sub == NULL) + if (!sub) { expand_string_message = string_sprintf( "\"%s\" unrecognized after \"${quote_%s\"", @@ -7407,7 +7637,7 @@ while (*s != 0) uschar *error; uschar *decoded = rfc2047_decode(sub, check_rfc2047_length, headers_charset, '?', &len, &error); - if (error != NULL) + if (error) { expand_string_message = error; goto EXPAND_FAILED; @@ -7769,14 +7999,13 @@ while (*s != 0) /* Perform the required operation */ - ret = - (c == EOP_HASH || c == EOP_H)? - compute_hash(sub, value1, value2, &len) : - (c == EOP_NHASH || c == EOP_NH)? - compute_nhash(sub, value1, value2, &len) : - extract_substr(sub, value1, value2, &len); + ret = c == EOP_HASH || c == EOP_H + ? compute_hash(sub, value1, value2, &len) + : c == EOP_NHASH || c == EOP_NH + ? compute_nhash(sub, value1, value2, &len) + : extract_substr(sub, value1, value2, &len); + if (!ret) goto EXPAND_FAILED; - if (ret == NULL) goto EXPAND_FAILED; yield = string_catn(yield, ret, len); continue; } @@ -8138,7 +8367,7 @@ uschar *endptr; /* If expansion failed, expand_string_message will be set. */ -if (s == NULL) return -1; +if (!s) return -1; /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno to ERANGE. When there isn't an overflow, errno is not changed, at least on some @@ -8233,10 +8462,9 @@ exp_bool(address_item *addr, uschar *svalue, BOOL *rvalue) { uschar *expanded; -if (svalue == NULL) { *rvalue = bvalue; return OK; } +if (!svalue) { *rvalue = bvalue; return OK; } -expanded = expand_string(svalue); -if (expanded == NULL) +if (!(expanded = expand_string(svalue))) { if (f.expand_string_forcedfail) { diff --git a/src/src/functions.h b/src/src/functions.h index f4fcd1e19..ea3cf257c 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -55,6 +55,7 @@ extern BOOL tls_client_start(client_conn_ctx *, smtp_connect_args *, extern void tls_close(void *, int); extern BOOL tls_could_read(void); extern void tls_daemon_init(void); +extern BOOL tls_dropprivs_validate_require_cipher(BOOL); extern BOOL tls_export_cert(uschar *, size_t, void *); extern int tls_feof(void); extern int tls_ferror(void); @@ -136,6 +137,7 @@ extern gstring *authres_spf(gstring *); #endif extern uschar *b64encode(const uschar *, int); +extern uschar *b64encode_taint(const uschar *, int, BOOL); extern int b64decode(const uschar *, uschar **); extern int bdat_getc(unsigned); extern uschar *bdat_getbuf(unsigned *); @@ -175,8 +177,8 @@ extern void debug_print_tree(tree_node *); extern void debug_vprintf(int, const char *, va_list); extern void decode_bits(unsigned int *, size_t, int *, uschar *, bit_table *, int, uschar *, int); +extern void delete_pid_file(void); extern address_item *deliver_make_addr(uschar *, BOOL); -extern void deliver_init(void); extern void delivery_log(int, address_item *, int, uschar *); extern int deliver_message(uschar *, BOOL, BOOL); extern void deliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2); @@ -446,6 +448,7 @@ extern void smtp_command_timeout_exit(void) NORETURN; extern void smtp_command_sigterm_exit(void) NORETURN; extern void smtp_data_timeout_exit(void) NORETURN; extern void smtp_data_sigint_exit(void) NORETURN; +extern void smtp_deliver_init(void); extern uschar *smtp_cmd_hist(void); extern int smtp_connect(smtp_connect_args *, const blob *); extern int smtp_sock_connect(host_item *, int, int, uschar *, @@ -540,6 +543,7 @@ extern int strncmpic(const uschar *, const uschar *, int); extern uschar *strstric(uschar *, uschar *, BOOL); extern int test_harness_fudged_queue_time(int); +extern void tcp_init(void); #ifdef EXIM_TFO_PROBE extern void tfo_probe(void); #endif diff --git a/src/src/globals.c b/src/src/globals.c index 358c380a8..de1149b6c 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -238,6 +238,7 @@ struct global_flags f = .disable_logging = FALSE, #ifndef DISABLE_DKIM .dkim_disable_verify = FALSE, + .dkim_init_done = FALSE, #endif #ifdef SUPPORT_DMARC .dmarc_has_been_checked = FALSE, @@ -297,7 +298,7 @@ struct global_flags f = .sender_name_forced = FALSE, .sender_set_untrusted = FALSE, .smtp_authenticated = FALSE, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT .smtp_in_early_pipe_advertised = FALSE, .smtp_in_early_pipe_no_auth = FALSE, .smtp_in_early_pipe_used = FALSE, @@ -830,7 +831,7 @@ void *dkim_signatures = NULL; uschar *dkim_signers = NULL; uschar *dkim_signing_domain = NULL; uschar *dkim_signing_selector = NULL; -uschar *dkim_verify_hashes = US"sha256:sha512:sha1"; +uschar *dkim_verify_hashes = US"sha256:sha512"; uschar *dkim_verify_keytypes = US"ed25519:rsa"; BOOL dkim_verify_minimal = FALSE; uschar *dkim_verify_overall = NULL; @@ -1167,7 +1168,7 @@ uschar *override_pid_file_path = NULL; uschar *percent_hack_domains = NULL; uschar *pid_file_path = US PID_FILE_PATH "\0<--------------Space to patch pid_file_path->"; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT uschar *pipe_connect_advertise_hosts = US"*"; #endif uschar *pipelining_advertise_hosts = US"*"; @@ -1259,7 +1260,7 @@ const pcre *regex_From = NULL; const pcre *regex_IGNOREQUOTA = NULL; const pcre *regex_PIPELINING = NULL; const pcre *regex_SIZE = NULL; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT const pcre *regex_EARLY_PIPE = NULL; #endif const pcre *regex_ismsgid = NULL; @@ -1499,6 +1500,9 @@ uschar *srs_recipient = NULL; uschar *srs_secrets = NULL; uschar *srs_status = NULL; #endif +#ifdef EXPERIMENTAL_SRS_NATIVE +uschar *srs_recipient = NULL; +#endif int string_datestamp_offset= -1; int string_datestamp_length= 0; int string_datestamp_type = -1; diff --git a/src/src/globals.h b/src/src/globals.h index ca342acc2..03a56f0f2 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -97,6 +97,7 @@ typedef struct { void *peercert; /* Certificate of peer, binary */ uschar *peerdn; /* DN from peer */ uschar *sni; /* Server Name Indication */ + uschar *channelbinding; /* b64'd data identifying channel, for authenticators */ enum { OCSP_NOT_REQ=0, /* not requested */ OCSP_NOT_RESP, /* no response to request */ @@ -120,7 +121,6 @@ extern BOOL gnutls_allow_auto_pkcs11; /* Let GnuTLS autoload PKCS11 modules * extern uschar *openssl_options; /* OpenSSL compatibility options */ extern const pcre *regex_STARTTLS; /* For recognizing STARTTLS settings */ extern uschar *tls_certificate; /* Certificate file */ -extern uschar *tls_channelbinding_b64; /* string of base64 channel binding */ extern uschar *tls_crl; /* CRL File */ extern int tls_dh_max_bits; /* don't accept higher lib suggestions */ extern uschar *tls_dhparam; /* DH param file */ @@ -199,6 +199,7 @@ extern struct global_flags { BOOL disable_logging :1; /* Disables log writing when TRUE */ #ifndef DISABLE_DKIM BOOL dkim_disable_verify :1; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */ + BOOL dkim_init_done :1; /* lazy-init status */ #endif #ifdef SUPPORT_DMARC BOOL dmarc_has_been_checked :1; /* Global variable to check if test has been called yet */ @@ -258,7 +259,7 @@ extern struct global_flags { BOOL sender_name_forced :1; /* Set by -F */ BOOL sender_set_untrusted :1; /* Sender set by untrusted caller */ BOOL smtp_authenticated :1; /* Sending client has authenticated */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL smtp_in_early_pipe_advertised :1; /* server advertised PIPE_CONNECT */ BOOL smtp_in_early_pipe_no_auth :1; /* too many authenticator names */ BOOL smtp_in_early_pipe_used :1; /* client did send early data */ @@ -750,7 +751,7 @@ extern uschar *override_pid_file_path; /* Value of -oP argument */ extern uschar *percent_hack_domains; /* Local domains for which '% operates */ extern uschar *pid_file_path; /* For writing daemon pids */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT extern uschar *pipe_connect_advertise_hosts; /* for banner/EHLO pipelining */ #endif extern uschar *pipelining_advertise_hosts; /* As it says */ @@ -834,7 +835,7 @@ extern const pcre *regex_CHUNKING; /* For recognizing CHUNKING (RFC 3030) */ extern const pcre *regex_IGNOREQUOTA; /* For recognizing IGNOREQUOTA (LMTP) */ extern const pcre *regex_PIPELINING; /* For recognizing PIPELINING */ extern const pcre *regex_SIZE; /* For recognizing SIZE settings */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT extern const pcre *regex_EARLY_PIPE; /* For recognizing PIPE_CONNCT */ #endif extern const pcre *regex_ismsgid; /* Compiled r.e. for message it */ @@ -987,6 +988,9 @@ extern uschar *srs_status; /* SRS staus */ extern BOOL srs_usehash; /* SRS use hash flag */ extern BOOL srs_usetimestamp; /* SRS use timestamp flag */ #endif +#ifdef EXPERIMENTAL_SRS_NATIVE +extern uschar *srs_recipient; /* SRS recipient */ +#endif extern BOOL strict_acl_vars; /* ACL variables have to be set before being used */ extern int string_datestamp_offset;/* After insertion by string_format */ extern int string_datestamp_length;/* After insertion by string_format */ diff --git a/src/src/ip.c b/src/src/ip.c index 19be51a03..108c21d92 100644 --- a/src/src/ip.c +++ b/src/src/ip.c @@ -14,6 +14,12 @@ different places in the code where sockets are used. */ #include "exim.h" +#if defined(TCP_FASTOPEN) +# if defined(MSG_FASTOPEN) || defined(EXIM_TFO_CONNECTX) || defined(EXIM_TFO_FREEBSD) +# define EXIM_SUPPORT_TFO +# endif +#endif + /************************************************* * Create a socket * *************************************************/ @@ -161,26 +167,6 @@ return bind(sock, (struct sockaddr *)&sin, s_len); /************************************************* -*************************************************/ - -#ifdef EXIM_TFO_PROBE -void -tfo_probe(void) -{ -# ifdef TCP_FASTOPEN -int sock, backlog = 5; - -if ( (sock = socket(SOCK_STREAM, AF_INET, 0)) < 0 - && setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &backlog, sizeof(backlog)) - ) - f.tcp_fastopen_ok = TRUE; -close(sock); -# endif -} -#endif - - -/************************************************* * Connect socket to remote host * *************************************************/ @@ -245,7 +231,7 @@ callout_address = string_sprintf("[%s]:%d", address, port); sigalrm_seen = FALSE; if (timeout > 0) ALARM(timeout); -#ifdef TCP_FASTOPEN +#ifdef EXIM_SUPPORT_TFO /* TCP Fast Open, if the system has a cookie from a previous call to this peer, can send data in the SYN packet. The peer can send data before it gets our ACK of its SYN,ACK - the latter is useful for @@ -255,8 +241,7 @@ possibly use the data-on-syn, so support that too. */ if (fastopen_blob && f.tcp_fastopen_ok) { # ifdef MSG_FASTOPEN - /* This is a Linux implementation. It might be useable on FreeBSD; I have - not checked. */ + /* This is a Linux implementation. */ if ((rc = sendto(sock, fastopen_blob->data, fastopen_blob->len, MSG_FASTOPEN | MSG_DONTWAIT, s_ptr, s_len)) >= 0) @@ -292,8 +277,26 @@ if (fastopen_blob && f.tcp_fastopen_ok) debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); goto legacy_connect; } -# endif -# ifdef EXIM_TFO_CONNECTX + +# elif defined(EXIM_TFO_FREEBSD) + /* Re: https://people.freebsd.org/~pkelsey/tfo-tools/tfo-client.c */ + + if (setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &on, sizeof(on)) < 0) + { + DEBUG(D_transport) + debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); + goto legacy_connect; + } + if ((rc = sendto(sock, fastopen_blob->data, fastopen_blob->len, 0, + s_ptr, s_len)) >= 0) + { + DEBUG(D_transport|D_v) + debug_printf(" TFO mode connection attempt to %s, %lu data\n", + address, (unsigned long)fastopen_blob->len); + tcp_out_fastopen = fastopen_blob->len > 0 ? TFO_ATTEMPTED_DATA : TFO_ATTEMPTED_NODATA; + } + +# elif defined(EXIM_TFO_CONNECTX) /* MacOS */ sa_endpoints_t ends = { .sae_srcif = 0, .sae_srcaddr = NULL, .sae_srcaddrlen = 0, @@ -329,9 +332,9 @@ if (fastopen_blob && f.tcp_fastopen_ok) # endif } else -#endif /*TCP_FASTOPEN*/ +#endif /*EXIM_SUPPORT_TFO*/ { -#if defined(TCP_FASTOPEN) && defined(MSG_FASTOPEN) +#if defined(EXIM_SUPPORT_TFO) && !defined(EXIM_TFO_CONNECTX) legacy_connect: #endif diff --git a/src/src/macro_predef.c b/src/src/macro_predef.c index e96fef938..383b0b38c 100644 --- a/src/src/macro_predef.c +++ b/src/src/macro_predef.c @@ -161,7 +161,7 @@ due to conflicts with other common macros. */ #ifndef DISABLE_OCSP builtin_macro_create(US"_HAVE_OCSP"); #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT builtin_macro_create(US"_HAVE_PIPE_CONNECT"); #endif #ifndef DISABLE_PRDR @@ -182,9 +182,12 @@ due to conflicts with other common macros. */ #ifdef SUPPORT_SPF builtin_macro_create(US"_HAVE_SPF"); #endif -#ifdef EXPERIMENTAL_SRS +#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE) builtin_macro_create(US"_HAVE_SRS"); #endif +#if defined(EXPERIMENTAL_SRS_NATIVE) + builtin_macro_create(US"_HAVE_NATIVE_SRS"); /* beware clash with _HAVE_SRS */ +#endif #ifdef EXPERIMENTAL_ARC builtin_macro_create(US"_HAVE_ARC"); #endif diff --git a/src/src/macros.h b/src/src/macros.h index 76913d64e..cc96c8516 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -550,11 +550,8 @@ table exim_errstrings[] in log.c */ #define ERRNO_DATA4XX (-46) /* DATA gave 4xx error */ #define ERRNO_PROXYFAIL (-47) /* Negotiation failed for proxy configured host */ #define ERRNO_AUTHPROB (-48) /* Authenticator "other" failure */ - -#ifdef SUPPORT_I18N -# define ERRNO_UTF8_FWD (-49) /* target not supporting SMTPUTF8 */ -#endif - /* -50 free for re-use */ +#define ERRNO_UTF8_FWD (-49) /* target not supporting SMTPUTF8 */ +#define ERRNO_HOST_IS_LOCAL (-50) /* Transport refuses to talk to localhost */ /* These must be last, so all retry deferments can easily be identified */ diff --git a/src/src/readconf.c b/src/src/readconf.c index 0233019cf..08014c9af 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -244,7 +244,7 @@ static optionlist optionlist_config[] = { #endif { "pid_file_path", opt_stringptr, &pid_file_path }, { "pipelining_advertise_hosts", opt_stringptr, &pipelining_advertise_hosts }, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT { "pipelining_connect_advertise_hosts", opt_stringptr, &pipe_connect_advertise_hosts }, #endif @@ -3075,80 +3075,6 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malformed ratelimit data: %s", s); /************************************************* -* Drop privs for checking TLS config * -*************************************************/ - -/* We want to validate TLS options during readconf, but do not want to be -root when we call into the TLS library, in case of library linkage errors -which cause segfaults; before this check, those were always done as the Exim -runtime user and it makes sense to continue with that. - -Assumes: tls_require_ciphers has been set, if it will be - exim_user has been set, if it will be - exim_group has been set, if it will be - -Returns: bool for "okay"; false will cause caller to immediately exit. -*/ - -#ifndef DISABLE_TLS -static BOOL -tls_dropprivs_validate_require_cipher(BOOL nowarn) -{ -const uschar *errmsg; -pid_t pid; -int rc, status; -void (*oldsignal)(int); - -/* If TLS will never be used, no point checking ciphers */ - -if ( !tls_advertise_hosts - || !*tls_advertise_hosts - || Ustrcmp(tls_advertise_hosts, ":") == 0 - ) - return TRUE; -else if (!nowarn && !tls_certificate) - log_write(0, LOG_MAIN, - "Warning: No server certificate defined; will use a selfsigned one.\n" - " Suggested action: either install a certificate or change tls_advertise_hosts option"); - -oldsignal = signal(SIGCHLD, SIG_DFL); - -fflush(NULL); -if ((pid = fork()) < 0) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for TLS check"); - -if (pid == 0) - { - /* in some modes, will have dropped privilege already */ - if (!geteuid()) - exim_setugid(exim_uid, exim_gid, FALSE, - US"calling tls_validate_require_cipher"); - - if ((errmsg = tls_validate_require_cipher())) - log_write(0, LOG_PANIC_DIE|LOG_CONFIG, - "tls_require_ciphers invalid: %s", errmsg); - fflush(NULL); - exim_underbar_exit(0); - } - -do { - rc = waitpid(pid, &status, 0); -} while (rc < 0 && errno == EINTR); - -DEBUG(D_tls) - debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n", - (int)pid, status); - -signal(SIGCHLD, oldsignal); - -return status == 0; -} -#endif /*DISABLE_TLS*/ - - - - -/************************************************* * Read main configuration options * *************************************************/ @@ -3645,11 +3571,6 @@ if ((tls_verify_hosts || tls_try_verify_hosts) && !tls_verify_certificates) "tls_%sverify_hosts is set, but tls_verify_certificates is not set", tls_verify_hosts ? "" : "try_"); -/* This also checks that the library linkage is working and we can call -routines in it, so call even if tls_require_ciphers is unset */ -if (!tls_dropprivs_validate_require_cipher(nowarn)) - exit(1); - /* Magic number: at time of writing, 1024 has been the long-standing value used by so many clients, and what Exim used to use always, that it makes sense to just min-clamp this max-clamp at that. */ @@ -4222,7 +4143,7 @@ Returns: nothing static void auths_init(void) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT int nauths = 0; #endif @@ -4248,11 +4169,11 @@ for (auth_instance * au = auths; au; au = au->next) "(%s and %s) have the same public name (%s)", au->client ? US"client" : US"server", au->name, bu->name, au->public_name); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT nauths++; #endif } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT f.smtp_in_early_pipe_no_auth = nauths > 16; #endif } diff --git a/src/src/receive.c b/src/src/receive.c index 31e3f7cbb..83613092f 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -1343,7 +1343,7 @@ if (received_protocol) if (LOGGING(pipelining) && f.smtp_in_pipelining_advertised) { g = string_catn(g, US" L", 2); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (f.smtp_in_early_pipe_used) g = string_catn(g, US"*", 1); else if (f.smtp_in_early_pipe_advertised) diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index f37b2f6e0..9e2b39c4e 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -142,7 +142,7 @@ static struct { BOOL helo_verify :1; BOOL helo_seen :1; BOOL helo_accept_junk :1; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL pipe_connect_acceptable :1; #endif BOOL rcpt_smtp_response_same :1; @@ -397,7 +397,7 @@ return TRUE; } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT static BOOL pipeline_connect_sends(void) { @@ -952,16 +952,13 @@ if (fl.rcpt_in_progress) /* Now write the string */ +if ( #ifndef DISABLE_TLS -if (tls_in.active.sock >= 0) - { - if (tls_write(NULL, gs.s, gs.ptr, more) < 0) - smtp_write_error = -1; - } -else + tls_in.active.sock >= 0 ? (tls_write(NULL, gs.s, gs.ptr, more) < 0) : #endif - -if (fprintf(smtp_out, "%s", gs.s) < 0) smtp_write_error = -1; + (fwrite(gs.s, gs.ptr, 1, smtp_out) == 0) + ) + smtp_write_error = -1; } @@ -972,8 +969,7 @@ if (fprintf(smtp_out, "%s", gs.s) < 0) smtp_write_error = -1; /* This function isn't currently used within Exim (it detects errors when it tries to read the next SMTP input), but is available for use in local_scan(). -For non-TLS connections, it flushes the output and checks for errors. For -TLS-connections, it checks for a previously-detected TLS write error. +It flushes the output and checks for errors. Arguments: none Returns: 0 for no error; -1 after an error @@ -983,6 +979,15 @@ int smtp_fflush(void) { if (tls_in.active.sock < 0 && fflush(smtp_out) != 0) smtp_write_error = -1; + +if ( +#ifndef DISABLE_TLS + tls_in.active.sock >= 0 ? (tls_write(NULL, NULL, 0, FALSE) < 0) : +#endif + (fflush(smtp_out) != 0) + ) + smtp_write_error = -1; + return smtp_write_error; } @@ -2400,24 +2405,47 @@ return FALSE; static void tfo_in_check(void) { -# ifdef TCP_INFO +# ifdef __FreeBSD__ +int is_fastopen; +socklen_t len = sizeof(is_fastopen); + +/* The tinfo TCPOPT_FAST_OPEN bit seems unreliable, and we don't see state +TCP_SYN_RCV (as of 12.1) so no idea about data-use. */ + +if (getsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_FASTOPEN, &is_fastopen, &len) == 0) + { + if (is_fastopen) + { + DEBUG(D_receive) + debug_printf("TFO mode connection (TCP_FASTOPEN getsockopt)\n"); + f.tcp_in_fastopen = TRUE; + } + } +else DEBUG(D_receive) + debug_printf("TCP_INFO getsockopt: %s\n", strerror(errno)); + +# elif defined(TCP_INFO) struct tcp_info tinfo; socklen_t len = sizeof(tinfo); if (getsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0) -#ifdef TCPI_OPT_SYN_DATA /* FreeBSD 11 does not seem to have this yet */ +# ifdef TCPI_OPT_SYN_DATA /* FreeBSD 11,12 do not seem to have this yet */ if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA) { - DEBUG(D_receive) debug_printf("TCP_FASTOPEN mode connection (ACKd data-on-SYN)\n"); + DEBUG(D_receive) + debug_printf("TFO mode connection (ACKd data-on-SYN)\n"); f.tcp_in_fastopen_data = f.tcp_in_fastopen = TRUE; } else -#endif - if (tinfo.tcpi_state == TCP_SYN_RECV) +# endif + if (tinfo.tcpi_state == TCP_SYN_RECV) /* Not seen on FreeBSD 12.1 */ { - DEBUG(D_receive) debug_printf("TCP_FASTOPEN mode connection (state TCP_SYN_RECV)\n"); + DEBUG(D_receive) + debug_printf("TFO mode connection (state TCP_SYN_RECV)\n"); f.tcp_in_fastopen = TRUE; } +else DEBUG(D_receive) + debug_printf("TCP_INFO getsockopt: %s\n", strerror(errno)); # endif } #endif @@ -2997,7 +3025,7 @@ while (*p); /* Before we write the banner, check that there is no input pending, unless this synchronisation check is disabled. */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable = sender_host_address && verify_check_host(&pipe_connect_advertise_hosts) == OK; @@ -3024,7 +3052,7 @@ if (!check_sync()) /*XXX the ehlo-resp code does its own tls/nontls bit. Maybe subroutine that? */ smtp_printf("%s", -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable && pipeline_connect_sends(), #else FALSE, @@ -3035,7 +3063,7 @@ smtp_printf("%s", handshake arrived. If so we must have managed a TFO. */ #ifdef TCP_FASTOPEN -tfo_in_check(); +if (sender_host_address && !f.sender_host_notsocket) tfo_in_check(); #endif return TRUE; @@ -3719,60 +3747,60 @@ if (rc != OK) switch(rc) { case OK: - if (!au->set_id || set_id) /* Complete success */ - { - if (set_id) authenticated_id = string_copy_perm(set_id, TRUE); - sender_host_authenticated = au->name; - sender_host_auth_pubname = au->public_name; - authentication_failed = FALSE; - authenticated_fail_id = NULL; /* Impossible to already be set? */ - - received_protocol = - (sender_host_address ? protocols : protocols_local) - [pextend + pauthed + (tls_in.active.sock >= 0 ? pcrpted:0)]; - *s = *ss = US"235 Authentication succeeded"; - authenticated_by = au; - break; - } + if (!au->set_id || set_id) /* Complete success */ + { + if (set_id) authenticated_id = string_copy_perm(set_id, TRUE); + sender_host_authenticated = au->name; + sender_host_auth_pubname = au->public_name; + authentication_failed = FALSE; + authenticated_fail_id = NULL; /* Impossible to already be set? */ - /* Authentication succeeded, but we failed to expand the set_id string. - Treat this as a temporary error. */ + received_protocol = + (sender_host_address ? protocols : protocols_local) + [pextend + pauthed + (tls_in.active.sock >= 0 ? pcrpted:0)]; + *s = *ss = US"235 Authentication succeeded"; + authenticated_by = au; + break; + } + + /* Authentication succeeded, but we failed to expand the set_id string. + Treat this as a temporary error. */ - auth_defer_msg = expand_string_message; - /* Fall through */ + auth_defer_msg = expand_string_message; + /* Fall through */ case DEFER: - if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); - *s = string_sprintf("435 Unable to authenticate at present%s", - auth_defer_user_msg); - *ss = string_sprintf("435 Unable to authenticate at present%s: %s", - set_id, auth_defer_msg); - break; + if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); + *s = string_sprintf("435 Unable to authenticate at present%s", + auth_defer_user_msg); + *ss = string_sprintf("435 Unable to authenticate at present%s: %s", + set_id, auth_defer_msg); + break; case BAD64: - *s = *ss = US"501 Invalid base64 data"; - break; + *s = *ss = US"501 Invalid base64 data"; + break; case CANCELLED: - *s = *ss = US"501 Authentication cancelled"; - break; + *s = *ss = US"501 Authentication cancelled"; + break; case UNEXPECTED: - *s = *ss = US"553 Initial data not expected"; - break; + *s = *ss = US"553 Initial data not expected"; + break; case FAIL: - if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); - *s = US"535 Incorrect authentication data"; - *ss = string_sprintf("535 Incorrect authentication data%s", set_id); - break; + if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); + *s = US"535 Incorrect authentication data"; + *ss = string_sprintf("535 Incorrect authentication data%s", set_id); + break; default: - if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); - *s = US"435 Internal error"; - *ss = string_sprintf("435 Internal error%s: return %d from authentication " - "check", set_id, rc); - break; + if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); + *s = US"435 Internal error"; + *ss = string_sprintf("435 Internal error%s: return %d from authentication " + "check", set_id, rc); + break; } return rc; @@ -3975,7 +4003,7 @@ while (done <= 0) #endif switch(smtp_read_command( -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT !fl.pipe_connect_acceptable, #else TRUE, @@ -4211,7 +4239,7 @@ while (done <= 0) host_build_sender_fullhost(); /* Rebuild */ break; } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT else if (!fl.pipe_connect_acceptable && !check_sync()) #else else if (!check_sync()) @@ -4344,7 +4372,7 @@ while (done <= 0) sync_cmd_limit = NON_SYNC_CMD_PIPELINING; f.smtp_in_pipelining_advertised = TRUE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (fl.pipe_connect_acceptable) { f.smtp_in_early_pipe_advertised = TRUE; @@ -4462,7 +4490,7 @@ while (done <= 0) #ifndef DISABLE_TLS if (tls_in.active.sock >= 0) (void)tls_write(NULL, g->s, g->ptr, -# ifdef SUPPORT_PIPE_CONNECT +# ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable && pipeline_connect_sends()); # else FALSE); @@ -5240,7 +5268,7 @@ while (done <= 0) f.dot_ends = TRUE; DATA_BDAT: /* Common code for DATA and BDAT */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable = FALSE; #endif if (!discarded && recipients_count <= 0) diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c index ece79de10..96ee15282 100644 --- a/src/src/smtp_out.c +++ b/src/src/smtp_out.c @@ -155,7 +155,28 @@ return TRUE; static void tfo_out_check(int sock) { -# if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED) +# ifdef __FreeBSD__ +struct tcp_info tinfo; +int val; +socklen_t len = sizeof(val); + +/* The observability as of 12.1 is not useful as a client, only telling us that +a TFO option was used on SYN. It could have been a TFO-R, or ignored by the +server. */ + +/* +if (tcp_out_fastopen == TFO_ATTEMPTED_NODATA || tcp_out_fastopen == TFO_ATTEMPTED_DATA) + if (getsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &val, &len) == 0 && val != 0) {} +*/ +switch (tcp_out_fastopen) + { + case TFO_ATTEMPTED_NODATA: tcp_out_fastopen = TFO_USED_NODATA; break; + case TFO_ATTEMPTED_DATA: tcp_out_fastopen = TFO_USED_DATA; break; + default: break; /* compiler quietening */ + } + +# else /* Linux & Apple */ +# if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED) struct tcp_info tinfo; socklen_t len = sizeof(tinfo); @@ -205,7 +226,8 @@ switch (tcp_out_fastopen) default: break; /* compiler quietening */ } -# endif +# endif +# endif /* Linux & Apple */ } #endif @@ -717,7 +739,7 @@ time_t timelimit = time(NULL) + timeout; errno = 0; /* Ensure errno starts out zero */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->pending_BANNER || sx->pending_EHLO) { int rc; diff --git a/src/src/structs.h b/src/src/structs.h index 3b5818df0..9927bc527 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -626,7 +626,7 @@ typedef struct address_item { BOOL af_tcp_fastopen:1; /* delivery usefully used TCP Fast Open */ BOOL af_tcp_fastopen_data:1; /* delivery sent SMTP commands on TCP Fast Open */ BOOL af_pipelining:1; /* delivery used (traditional) pipelining */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL af_early_pipe:1; /* delivery used connect-time pipelining */ #endif #ifndef DISABLE_PRDR @@ -648,11 +648,11 @@ typedef struct address_item { unsigned int domain_cache[(MAX_NAMED_LIST * 2)/32]; unsigned int localpart_cache[(MAX_NAMED_LIST * 2)/32]; int mode; /* mode for local transporting to a file */ + int basic_errno; /* status after failure */ int more_errno; /* additional error information */ /* (may need to hold a timestamp) */ unsigned int delivery_usec; /* subsecond part of delivery time */ - short int basic_errno; /* status after failure */ unsigned short child_count; /* number of child addresses */ short int return_file; /* fileno of return data file */ short int special_action; /* ( used when when deferred or failed */ diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index fc426a251..837b991df 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -167,7 +167,7 @@ Some of these correspond to variables in globals.c; those variables will be set to point to content in one of these instances, as appropriate for the stage of the process lifetime. -Not handled here: global tls_channelbinding_b64. +Not handled here: global tlsp->tls_channelbinding. */ typedef struct exim_gnutls_state { @@ -479,7 +479,7 @@ Sets: tls_active fd tls_bits strength indicator tls_certificate_verified bool indicator - tls_channelbinding_b64 for some SASL mechanisms + tls_channelbinding for some SASL mechanisms tls_ver a string tls_cipher a string tls_peercert pointer to library internal @@ -511,10 +511,10 @@ tlsp->certificate_verified = state->peer_cert_verified; tlsp->dane_verified = state->peer_dane_verified; #endif -/* note that tls_channelbinding_b64 is not saved to the spool file, since it's +/* note that tls_channelbinding is not saved to the spool file, since it's only available for use for authenticators while this TLS session is running. */ -tls_channelbinding_b64 = NULL; +tlsp->channelbinding = NULL; #ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING channel.data = NULL; channel.size = 0; @@ -522,11 +522,15 @@ if ((rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, & { DEBUG(D_tls) debug_printf("Channel binding error: %s\n", gnutls_strerror(rc)); } else { + /* Declare the taintedness of the binding info. On server, untainted; on + client, tainted - being the Finish msg from the server. */ + old_pool = store_pool; store_pool = POOL_PERM; - tls_channelbinding_b64 = b64encode(CUS channel.data, (int)channel.size); + tlsp->channelbinding = b64encode_taint(CUS channel.data, (int)channel.size, + !!state->host); store_pool = old_pool; - DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage.\n"); + DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n"); } #endif @@ -2407,9 +2411,20 @@ and sent an SMTP response. */ DEBUG(D_tls) debug_printf("initialising GnuTLS as a server\n"); -if ((rc = tls_init(NULL, tls_certificate, tls_privatekey, - NULL, tls_verify_certificates, tls_crl, - require_ciphers, &state, &tls_in, errstr)) != OK) return rc; + { +#ifdef MEASURE_TIMING + struct timeval t0; + gettimeofday(&t0, NULL); +#endif + + if ((rc = tls_init(NULL, tls_certificate, tls_privatekey, + NULL, tls_verify_certificates, tls_crl, + require_ciphers, &state, &tls_in, errstr)) != OK) return rc; + +#ifdef MEASURE_TIMING + report_time_since(&t0, US"server tls_init (delta)"); +#endif + } #ifdef EXPERIMENTAL_TLS_RESUME tls_server_resume_prehandshake(state); @@ -2843,10 +2858,21 @@ if (conn_args->dane && ob->dane_require_tls_ciphers) if (!cipher_list) cipher_list = ob->tls_require_ciphers; -if (tls_init(host, ob->tls_certificate, ob->tls_privatekey, - ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl, - cipher_list, &state, tlsp, errstr) != OK) - return FALSE; + { +#ifdef MEASURE_TIMING + struct timeval t0; + gettimeofday(&t0, NULL); +#endif + + if (tls_init(host, ob->tls_certificate, ob->tls_privatekey, + ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl, + cipher_list, &state, tlsp, errstr) != OK) + return FALSE; + +#ifdef MEASURE_TIMING + report_time_since(&t0, US"client tls_init (delta)"); +#endif + } { int dh_min_bits = ob->tls_dh_min_bits; @@ -3084,7 +3110,7 @@ gnutls_certificate_free_credentials(state->x509_cred); tlsp->active.sock = -1; tlsp->active.tls_ctx = NULL; /* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */ -tls_channelbinding_b64 = NULL; +tlsp->channelbinding = NULL; if (state->xfer_buffer) store_free(state->xfer_buffer); @@ -3298,6 +3324,9 @@ Arguments: len number of bytes more more data expected soon +Calling with len zero and more unset will flush buffered writes. The buff +argument can be null for that case. + Returns: the number of bytes after a successful write, -1 after a failed write */ diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 063c23df7..a236bc0c6 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -2820,6 +2820,20 @@ DEBUG(D_tls) tls_in.ourcert = crt ? X509_dup(crt) : NULL; } +/* Channel-binding info for authenticators +See description in https://paquier.xyz/postgresql-2/channel-binding-openssl/ */ + { + uschar c, * s; + size_t len = SSL_get_peer_finished(server_ssl, &c, 0); + int old_pool = store_pool; + + SSL_get_peer_finished(server_ssl, s = store_get((int)len, FALSE), len); + store_pool = POOL_PERM; + tls_in.channelbinding = b64encode_taint(CUS s, (int)len, FALSE); + store_pool = old_pool; + DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n"); + } + /* Only used by the server-side tls (tls_in), including tls_getc. Client-side (tls_out) reads (seem to?) go via smtp_read_response()/ip_recv(). @@ -3382,6 +3396,20 @@ tlsp->cipher_stdname = cipher_stdname_ssl(exim_client_ctx->ssl); tlsp->ourcert = crt ? X509_dup(crt) : NULL; } +/*XXX will this work with continued-TLS? */ +/* Channel-binding info for authenticators */ + { + uschar c, * s; + size_t len = SSL_get_finished(exim_client_ctx->ssl, &c, 0); + int old_pool = store_pool; + + SSL_get_finished(exim_client_ctx->ssl, s = store_get((int)len, TRUE), len); + store_pool = POOL_PERM; + tlsp->channelbinding = b64encode_taint(CUS s, (int)len, TRUE); + store_pool = old_pool; + DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n"); + } + tlsp->active.sock = cctx->sock; tlsp->active.tls_ctx = exim_client_ctx; cctx->tls_ctx = exim_client_ctx; @@ -3582,11 +3610,12 @@ Arguments: Returns: the number of bytes after a successful write, -1 after a failed write -Used by both server-side and client-side TLS. +Used by both server-side and client-side TLS. Calling with len zero and more unset +will flush buffered writes; buff can be null for this case. */ int -tls_write(void * ct_ctx, const uschar *buff, size_t len, BOOL more) +tls_write(void * ct_ctx, const uschar * buff, size_t len, BOOL more) { size_t olen = len; int outbytes, error; @@ -3612,14 +3641,16 @@ a store reset there, so use POOL_PERM. */ if ((more || corked)) { -#ifdef SUPPORT_PIPE_CONNECT + if (!len) buff = US &error; /* dummy just so that string_catn is ok */ + +#ifndef DISABLE_PIPE_CONNECT int save_pool = store_pool; store_pool = POOL_PERM; #endif corked = string_catn(corked, buff, len); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT store_pool = save_pool; #endif @@ -3641,16 +3672,16 @@ for (int left = len; left > 0;) DEBUG(D_tls) debug_printf("outbytes=%d error=%d\n", outbytes, error); switch (error) { + case SSL_ERROR_NONE: /* the usual case */ + left -= outbytes; + buff += outbytes; + break; + case SSL_ERROR_SSL: ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring)); log_write(0, LOG_MAIN, "TLS error (SSL_write): %s", ssl_errstring); return -1; - case SSL_ERROR_NONE: - left -= outbytes; - buff += outbytes; - break; - case SSL_ERROR_ZERO_RETURN: log_write(0, LOG_MAIN, "SSL channel closed on write"); return -1; diff --git a/src/src/tls.c b/src/src/tls.c index a541a3c7a..f95091218 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -61,8 +61,6 @@ static int ssl_xfer_eof = FALSE; static BOOL ssl_xfer_error = FALSE; #endif -uschar *tls_channelbinding_b64 = NULL; - /************************************************* * Expand string; give error on failure * @@ -403,6 +401,79 @@ if (path) unsetenv("SSLKEYLOGFILE"); } } + +/************************************************* +* Drop privs for checking TLS config * +*************************************************/ + +/* We want to validate TLS options during readconf, but do not want to be +root when we call into the TLS library, in case of library linkage errors +which cause segfaults; before this check, those were always done as the Exim +runtime user and it makes sense to continue with that. + +Assumes: tls_require_ciphers has been set, if it will be + exim_user has been set, if it will be + exim_group has been set, if it will be + +Returns: bool for "okay"; false will cause caller to immediately exit. +*/ + +BOOL +tls_dropprivs_validate_require_cipher(BOOL nowarn) +{ +const uschar *errmsg; +pid_t pid; +int rc, status; +void (*oldsignal)(int); + +/* If TLS will never be used, no point checking ciphers */ + +if ( !tls_advertise_hosts + || !*tls_advertise_hosts + || Ustrcmp(tls_advertise_hosts, ":") == 0 + ) + return TRUE; +else if (!nowarn && !tls_certificate) + log_write(0, LOG_MAIN, + "Warning: No server certificate defined; will use a selfsigned one.\n" + " Suggested action: either install a certificate or change tls_advertise_hosts option"); + +oldsignal = signal(SIGCHLD, SIG_DFL); + +fflush(NULL); +if ((pid = fork()) < 0) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for TLS check"); + +if (pid == 0) + { + /* in some modes, will have dropped privilege already */ + if (!geteuid()) + exim_setugid(exim_uid, exim_gid, FALSE, + US"calling tls_validate_require_cipher"); + + if ((errmsg = tls_validate_require_cipher())) + log_write(0, LOG_PANIC_DIE|LOG_CONFIG, + "tls_require_ciphers invalid: %s", errmsg); + fflush(NULL); + exim_underbar_exit(0); + } + +do { + rc = waitpid(pid, &status, 0); +} while (rc < 0 && errno == EINTR); + +DEBUG(D_tls) + debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n", + (int)pid, status); + +signal(SIGCHLD, oldsignal); + +return status == 0; +} + + + + #endif /*!DISABLE_TLS*/ #endif /*!MACRO_PREDEF*/ diff --git a/src/src/transport.c b/src/src/transport.c index df7fd1628..14bd91cdb 100644 --- a/src/src/transport.c +++ b/src/src/transport.c @@ -172,6 +172,20 @@ for (transport_instance * t = transports; t; t = t->next) * Write block of data * *************************************************/ +static int +tpt_write(int fd, uschar * block, int len, BOOL more, int options) +{ +return +#ifndef DISABLE_TLS + tls_out.active.sock == fd + ? tls_write(tls_out.active.tls_ctx, block, len, more) : +#endif +#ifdef MSG_MORE + more && !(options & topt_not_socket) ? send(fd, block, len, MSG_MORE) : +#endif + write(fd, block, len); +} + /* Subroutine called by write_chunk() and at the end of the message actually to write a data block. Also called directly by some transports to write additional data to the file descriptor (e.g. prefix, suffix). @@ -215,10 +229,11 @@ Returns: TRUE on success, FALSE on failure (with errno preserved); */ static BOOL -transport_write_block_fd(transport_ctx * tctx, uschar *block, int len, BOOL more) +transport_write_block_fd(transport_ctx * tctx, uschar * block, int len, BOOL more) { int rc, save_errno; int local_timeout = transport_write_timeout; +int connretry = 1; int fd = tctx->u.fd; /* This loop is for handling incomplete writes and other retries. In most @@ -230,48 +245,42 @@ for (int i = 0; i < 100; i++) debug_printf("writing data block fd=%d size=%d timeout=%d%s\n", fd, len, local_timeout, more ? " (more expected)" : ""); - /* This code makes use of alarm() in order to implement the timeout. This - isn't a very tidy way of doing things. Using non-blocking I/O with select() - provides a neater approach. However, I don't know how to do this when TLS is - in use. */ - - if (transport_write_timeout <= 0) /* No timeout wanted */ - { - rc = -#ifndef DISABLE_TLS - tls_out.active.sock == fd ? tls_write(tls_out.active.tls_ctx, block, len, more) : -#endif -#ifdef MSG_MORE - more && !(tctx->options & topt_not_socket) - ? send(fd, block, len, MSG_MORE) : -#endif - write(fd, block, len); - save_errno = errno; - } + /* When doing TCP Fast Open we may get this far before the 3-way handshake + is complete, and write returns ENOTCONN. Detect that, wait for the socket + to become writable, and retry once only. */ - /* Timeout wanted. */ - - else + for(;;) { - ALARM(local_timeout); + fd_set fds; + /* This code makes use of alarm() in order to implement the timeout. This + isn't a very tidy way of doing things. Using non-blocking I/O with select() + provides a neater approach. However, I don't know how to do this when TLS is + in use. */ - rc = -#ifndef DISABLE_TLS - tls_out.active.sock == fd ? tls_write(tls_out.active.tls_ctx, block, len, more) : -#endif -#ifdef MSG_MORE - more && !(tctx->options & topt_not_socket) - ? send(fd, block, len, MSG_MORE) : -#endif - write(fd, block, len); - - save_errno = errno; - local_timeout = ALARM_CLR(0); - if (sigalrm_seen) + if (transport_write_timeout <= 0) /* No timeout wanted */ { - errno = ETIMEDOUT; - return FALSE; + rc = tpt_write(fd, block, len, more, tctx->options); + save_errno = errno; } + else /* Timeout wanted. */ + { + ALARM(local_timeout); + rc = tpt_write(fd, block, len, more, tctx->options); + save_errno = errno; + local_timeout = ALARM_CLR(0); + if (sigalrm_seen) + { + errno = ETIMEDOUT; + return FALSE; + } + } + + if (rc >= 0 || errno != ENOTCONN || connretry <= 0) + break; + + FD_ZERO(&fds); FD_SET(fd, &fds); + select(fd+1, NULL, &fds, NULL, NULL); /* could set timout? */ + connretry--; } /* Hopefully, the most common case is success, so test that first. */ diff --git a/src/src/transports/autoreply.c b/src/src/transports/autoreply.c index 1aef02aaf..68f8d1f58 100644 --- a/src/src/transports/autoreply.c +++ b/src/src/transports/autoreply.c @@ -433,10 +433,10 @@ if (oncelog && *oncelog != 0 && to) if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0) { addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to %s \"once\" file %s when " "sending message from %s transport: %s", - (cache_fd < 0)? "open" : "stat", oncelog, tblock->name, - strerror(errno)); + cache_fd < 0 ? "open" : "stat", oncelog, tblock->name, strerror(errno)); goto END_OFF; } @@ -489,6 +489,7 @@ if (oncelog && *oncelog != 0 && to) if (!dbm_file) { addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to open %s file %s when sending " "message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name, strerror(errno)); @@ -544,16 +545,13 @@ if (oncelog && *oncelog != 0 && to) /* We are going to send a message. Ensure any requested file is available. */ -if (file) +if (file && !(ff = Ufopen(file, "rb")) && !ob->file_optional) { - ff = Ufopen(file, "rb"); - if (!ff && !ob->file_optional) - { - addr->transport_return = DEFER; - addr->message = string_sprintf("Failed to open file %s when sending " - "message from %s transport: %s", file, tblock->name, strerror(errno)); - return FALSE; - } + addr->transport_return = DEFER; + addr->basic_errno = errno; + addr->message = string_sprintf("Failed to open file %s when sending " + "message from %s transport: %s", file, tblock->name, strerror(errno)); + return FALSE; } /* Make a subprocess to send the message */ @@ -565,6 +563,7 @@ pid = child_open_exim(&fd); if (pid < 0) { addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to create child process to send " "message from %s transport: %s", tblock->name, strerror(errno)); DEBUG(D_transport) debug_printf("%s\n", addr->message); diff --git a/src/src/transports/pipe.c b/src/src/transports/pipe.c index 4386a9ae6..a16a197a4 100644 --- a/src/src/transports/pipe.c +++ b/src/src/transports/pipe.c @@ -686,8 +686,7 @@ else if (timezone_string != NULL && timezone_string[0] != 0) if (envlist) { - envlist = expand_cstring(envlist); - if (envlist == NULL) + if (!(envlist = expand_cstring(envlist))) { addr->transport_return = DEFER; addr->message = string_sprintf("failed to expand string \"%s\" " @@ -702,6 +701,7 @@ while ((ss = string_nextinlist(&envlist, &envsep, big_buffer, big_buffer_size))) if (envcount > nelem(envp) - 2) { addr->transport_return = DEFER; + addr->basic_errno = E2BIG; addr->message = string_sprintf("too many environment settings for " "%s transport", tblock->name); return FALSE; diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 3fd94a19c..a91770225 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -110,7 +110,7 @@ optionlist smtp_transport_options[] = { #endif { "hosts_override", opt_bool, (void *)offsetof(smtp_transport_options_block, hosts_override) }, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT { "hosts_pipe_connect", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_pipe_connect) }, #endif @@ -260,7 +260,7 @@ smtp_transport_options_block smtp_transport_option_defaults = { .hosts_avoid_tls = NULL, .hosts_verify_avoid_tls = NULL, .hosts_avoid_pipelining = NULL, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT .hosts_pipe_connect = NULL, #endif .hosts_avoid_esmtp = NULL, @@ -357,6 +357,51 @@ static BOOL pipelining_active; /* current transaction is in pipe mode */ static unsigned ehlo_response(uschar * buf, unsigned checks); +/******************************************************************************/ + +void +smtp_deliver_init(void) +{ +if (!regex_PIPELINING) regex_PIPELINING = + regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_SIZE) regex_SIZE = + regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_AUTH) regex_AUTH = + regex_must_compile(AUTHS_REGEX, FALSE, TRUE); + +#ifndef DISABLE_TLS +if (!regex_STARTTLS) regex_STARTTLS = + regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); +#endif + +if (!regex_CHUNKING) regex_CHUNKING = + regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)", FALSE, TRUE); + +#ifndef DISABLE_PRDR +if (!regex_PRDR) regex_PRDR = + regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); +#endif + +#ifdef SUPPORT_I18N +if (!regex_UTF8) regex_UTF8 = + regex_must_compile(US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE); +#endif + +if (!regex_DSN) regex_DSN = + regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA = + regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE); + +#ifndef DISABLE_PIPE_CONNECT +if (!regex_EARLY_PIPE) regex_EARLY_PIPE = + regex_must_compile(US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)", FALSE, TRUE); +#endif +} + + /************************************************* * Setup entry point * *************************************************/ @@ -823,7 +868,7 @@ return TRUE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT static uschar * ehlo_cache_key(const smtp_context * sx) { @@ -1089,7 +1134,7 @@ address_item * addr = sx->sync_addr; smtp_transport_options_block * ob = sx->conn_args.ob; int yield = 0; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT int rc; if ((rc = smtp_reap_early_pipe(sx, &count)) != OK) return rc == FAIL ? -4 : -5; @@ -1411,7 +1456,7 @@ smtp_auth(smtp_context * sx) host_item * host = sx->conn_args.host; /* host to deliver to */ smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */ int require_auth = verify_check_given_host(CUSS &ob->hosts_require_auth, host); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT unsigned short authbits = tls_out.active.sock >= 0 ? sx->ehlo_resp.crypted_auths : sx->ehlo_resp.cleartext_auths; #endif @@ -1427,7 +1472,7 @@ if (!regex_AUTH) if ( sx->esmtp && -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active ? authbits : #endif @@ -1437,7 +1482,7 @@ if ( sx->esmtp uschar * names = NULL; expand_nmax = -1; /* reset */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif names = string_copyn(expand_nstring[1], expand_nlength[1]); @@ -1451,7 +1496,7 @@ if ( sx->esmtp DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n"); fail_reason = US"no common mechanisms were found"; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { /* Scan our authenticators (which support use by a client and were offered @@ -1737,7 +1782,7 @@ if ( checks & OPTION_SIZE && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) checks &= ~OPTION_SIZE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if ( checks & OPTION_EARLY_PIPE && pcre_exec(regex_EARLY_PIPE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) @@ -1784,7 +1829,7 @@ there may be more writes (like, the chunk data) done soon. */ if (chunk_size > 0) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL new_conn = !!(sx->outblock.conn_args); #endif if((cmd_count = smtp_write_command(sx, @@ -1793,7 +1838,7 @@ if (chunk_size > 0) ) < 0) return ERROR; if (flags & tc_chunk_last) data_command = string_copy(big_buffer); /* Save for later error message */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* That command write could have been the one that made the connection. Copy the fd from the client conn ctx (smtp transport specific) to the generic transport ctx. */ @@ -1826,7 +1871,7 @@ if (flags & tc_reap_prev && prev_cmd_count > 0) case -5: errno = ERRNO_TLSFAILURE; return DEFER; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -4: /* non-2xx for pipelined banner or EHLO */ #endif case -1: /* Timeout on RCPT */ @@ -1919,7 +1964,7 @@ sx->conn_args.dane = FALSE; sx->dane_required = verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK; #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active = sx->early_pipe_ok = FALSE; sx->ehlo_resp.cleartext_features = sx->ehlo_resp.crypted_features = 0; sx->pending_BANNER = sx->pending_EHLO = FALSE; @@ -2049,7 +2094,7 @@ if (!continue_hostname) sx->inblock.cctx = sx->outblock.cctx = &sx->cctx; sx->avoid_option = sx->peer_offered = smtp_peer_options = 0; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if ( verify_check_given_host(CUSS &ob->hosts_pipe_connect, sx->conn_args.host) == OK) @@ -2124,7 +2169,7 @@ will be? Somehow I doubt it. */ if (!sx->smtps) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { sx->pending_BANNER = TRUE; /* sync_responses() must eventually handle */ @@ -2225,7 +2270,7 @@ goto SEND_QUIT; if (sx->esmtp) { if (smtp_write_command(sx, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active ? SCMD_BUFFER : #endif SCMD_FLUSH, @@ -2233,7 +2278,7 @@ goto SEND_QUIT; goto SEND_FAILED; sx->esmtp_sent = TRUE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { sx->pending_EHLO = TRUE; @@ -2266,7 +2311,7 @@ goto SEND_QUIT; DEBUG(D_transport) debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n"); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif if (!sx->esmtp) @@ -2301,13 +2346,13 @@ goto SEND_QUIT; if (sx->esmtp || sx->lmtp) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif { sx->peer_offered = ehlo_response(sx->buffer, OPTION_TLS /* others checked later */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT | (sx->early_pipe_ok ? OPTION_IGNQ | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE @@ -2319,7 +2364,7 @@ goto SEND_QUIT; ) #endif ); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_ok) { sx->ehlo_resp.cleartext_features = sx->peer_offered; @@ -2412,7 +2457,7 @@ if ( smtp_peer_options & OPTION_TLS if (smtp_write_command(sx, SCMD_FLUSH, "STARTTLS\r\n") < 0) goto SEND_FAILED; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* If doing early-pipelining reap the banner and EHLO-response but leave the response for the STARTTLS we just sent alone. */ @@ -2517,7 +2562,7 @@ if (tls_out.active.sock >= 0) goto SEND_QUIT; } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* For SMTPS there is no cleartext early-pipe; use the crypted permission bit. We're unlikely to get the group sent and delivered before the server sends its banner, but it's still worth sending as a group. @@ -2535,7 +2580,7 @@ if (tls_out.active.sock >= 0) /* For SMTPS we need to wait for the initial OK response. */ if (sx->smtps) -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { sx->pending_BANNER = TRUE; @@ -2558,14 +2603,14 @@ if (tls_out.active.sock >= 0) } if (smtp_write_command(sx, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active ? SCMD_BUFFER : #endif SCMD_FLUSH, "%s %s\r\n", greeting_cmd, sx->helo_data) < 0) goto SEND_FAILED; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) sx->pending_EHLO = TRUE; else @@ -2630,13 +2675,13 @@ if (continue_hostname == NULL { if (sx->esmtp || sx->lmtp) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif { sx->peer_offered = ehlo_response(sx->buffer, 0 /* no TLS */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0) | OPTION_DSN | OPTION_PIPE | OPTION_SIZE | OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8 @@ -2657,7 +2702,7 @@ if (continue_hostname == NULL | (ob->size_addition >= 0 ? OPTION_SIZE : 0) #endif ); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (tls_out.active.sock >= 0) sx->ehlo_resp.crypted_features = sx->peer_offered; #endif @@ -2705,7 +2750,7 @@ if (continue_hostname == NULL DEBUG(D_transport) debug_printf("%susing DSN\n", sx->peer_offered & OPTION_DSN ? "" : "not "); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if ( sx->early_pipe_ok && !sx->early_pipe_active && tls_out.active.sock >= 0 @@ -3221,7 +3266,7 @@ for (addr = sx->first_addr, address_count = 0; case -2: return -2; /* non-MAIL read i/o error */ default: return -1; /* any MAIL error */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -4: return -1; /* non-2xx for pipelined banner or EHLO */ case -5: return -1; /* TLS first-read error */ #endif @@ -3457,6 +3502,11 @@ if (tblock->filter_command) && *transport_filter_argv && **transport_filter_argv && sx.peer_offered & OPTION_CHUNKING +#ifndef DISABLE_DKIM + /* When dkim signing, chunking is handled even with a transport-filter */ + && !(ob->dkim.dkim_private_key && ob->dkim.dkim_domain && ob->dkim.dkim_selector) + && !ob->dkim.force_bodyhash +#endif ) { sx.peer_offered &= ~OPTION_CHUNKING; @@ -3555,7 +3605,7 @@ if ( !(sx.peer_offered & OPTION_CHUNKING) case -1: goto END_OFF; /* Timeout on RCPT */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -5: /* TLS first-read error */ case -4: HDEBUG(D_transport) debug_printf("failed reaping pipelined cmd responses\n"); @@ -3711,7 +3761,7 @@ else case -1: goto END_OFF; /* Timeout on RCPT */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -5: /* TLS first-read error */ case -4: HDEBUG(D_transport) debug_printf("failed reaping pipelined cmd responses\n"); @@ -3863,7 +3913,7 @@ else if (tcp_out_fastopen >= TFO_USED_DATA) setflag(addr, af_tcp_fastopen_data); } if (sx.pipelining_used) setflag(addr, af_pipelining); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx.early_pipe_active) setflag(addr, af_early_pipe); #endif #ifndef DISABLE_PRDR @@ -4065,7 +4115,7 @@ if (!sx.ok) else { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* If we were early-pipelinng and the actual EHLO response did not match the cached value we assumed, we could have detected it and passed a custom errno through to here. It would be nice to RSET and retry right @@ -4805,7 +4855,7 @@ retry_non_continued: { for (address_item * addr = addrlist; addr; addr = addr->next) { - addr->basic_errno = 0; + addr->basic_errno = ERRNO_HOST_IS_LOCAL; addr->message = string_sprintf("%s transport found host %s to be " "local", tblock->name, host->name); } diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h index ac5620971..8ea844b38 100644 --- a/src/src/transports/smtp.h +++ b/src/src/transports/smtp.h @@ -46,7 +46,7 @@ typedef struct { uschar *hosts_avoid_tls; uschar *hosts_verify_avoid_tls; uschar *hosts_avoid_pipelining; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT uschar *hosts_pipe_connect; #endif uschar *hosts_avoid_esmtp; @@ -121,7 +121,7 @@ typedef struct { BOOL smtps:1; BOOL ok:1; BOOL setting_up:1; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL early_pipe_ok:1; BOOL early_pipe_active:1; #endif @@ -138,7 +138,7 @@ typedef struct { #if !defined(DISABLE_TLS) && defined(SUPPORT_DANE) BOOL dane_required:1; #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL pending_BANNER:1; BOOL pending_EHLO:1; #endif @@ -160,7 +160,7 @@ typedef struct { uschar * smtp_greeting; uschar * helo_response; #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT ehlo_resp_precis ehlo_resp; #endif diff --git a/src/src/verify.c b/src/src/verify.c index fc8cd84ea..b68d60442 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -586,6 +586,10 @@ else log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " "callout_random_local_part: %s", expand_string_message); + /* Compile regex' used by client-side smtp */ + + smtp_deliver_init(); + /* Default the connect and overall callout timeouts if not set, and record the time we are starting so that we can enforce it. */ diff --git a/test/confs/0015 b/test/confs/0015 index c6fccd316..dbbdfd059 100644 --- a/test/confs/0015 +++ b/test/confs/0015 @@ -100,6 +100,7 @@ delivery_s: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost address_reply: diff --git a/test/confs/0032 b/test/confs/0032 index 961cefadd..caf5edb28 100644 --- a/test/confs/0032 +++ b/test/confs/0032 @@ -38,6 +38,7 @@ local_delivery: smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0033 b/test/confs/0033 index ca06da772..c6bf4d32e 100644 --- a/test/confs/0033 +++ b/test/confs/0033 @@ -38,5 +38,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0036 b/test/confs/0036 index 48479c787..ded64879f 100644 --- a/test/confs/0036 +++ b/test/confs/0036 @@ -43,5 +43,6 @@ local_delivery: send_to_server: driver = smtp port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/0039 b/test/confs/0039 index 8ca8b1eec..f718997e9 100644 --- a/test/confs/0039 +++ b/test/confs/0039 @@ -37,5 +37,6 @@ begin transports t1: driver = smtp hosts = V4NET.0.0.0 + hosts_try_fastopen = : # End diff --git a/test/confs/0045 b/test/confs/0045 index a59c8e2c1..2a9efb565 100644 --- a/test/confs/0045 +++ b/test/confs/0045 @@ -21,6 +21,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0047 b/test/confs/0047 index 187f855ef..f9d77bdc2 100644 --- a/test/confs/0047 +++ b/test/confs/0047 @@ -25,5 +25,6 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0054 b/test/confs/0054 index 3ad875157..1af7c0d51 100644 --- a/test/confs/0054 +++ b/test/confs/0054 @@ -25,6 +25,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0055 b/test/confs/0055 index 72a2be740..6cc9b7c18 100644 --- a/test/confs/0055 +++ b/test/confs/0055 @@ -52,6 +52,7 @@ local_delivery: smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0078 b/test/confs/0078 index aa1e445f3..fe325bc39 100644 --- a/test/confs/0078 +++ b/test/confs/0078 @@ -44,6 +44,7 @@ begin transports remote_smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0089 b/test/confs/0089 index b8bd142db..4a2a65828 100644 --- a/test/confs/0089 +++ b/test/confs/0089 @@ -68,6 +68,7 @@ begin transports dummy: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0098 b/test/confs/0098 index 719971c9c..cce115f12 100644 --- a/test/confs/0098 +++ b/test/confs/0098 @@ -92,10 +92,12 @@ smtp: driver = smtp connect_timeout = 1s port = PORT_D + hosts_try_fastopen = : smtp_connect_refused: driver = smtp port = PORT_N + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0099 b/test/confs/0099 index 63a918a0f..6a59d5994 100644 --- a/test/confs/0099 +++ b/test/confs/0099 @@ -41,6 +41,7 @@ begin transports smtp: driver = smtp port = PORT_N + hosts_try_fastopen = : RETRY diff --git a/test/confs/0100 b/test/confs/0100 index c404d5a73..143ff4cfe 100644 --- a/test/confs/0100 +++ b/test/confs/0100 @@ -72,10 +72,12 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : filtered_smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : transport_filter = /bin/sh -c "echo 'X-Filtered: just checking'; cat" local_delivery: diff --git a/test/confs/0101 b/test/confs/0101 index 377eae705..cf89fa83a 100644 --- a/test/confs/0101 +++ b/test/confs/0101 @@ -50,6 +50,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : local_delivery: driver = pipe diff --git a/test/confs/0106 b/test/confs/0106 index ef91e8b10..84294a676 100644 --- a/test/confs/0106 +++ b/test/confs/0106 @@ -29,6 +29,7 @@ smtp: command_timeout = 1s final_timeout = 1s port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0108 b/test/confs/0108 index a4ee442e2..bc694ff3e 100644 --- a/test/confs/0108 +++ b/test/confs/0108 @@ -32,6 +32,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0109 b/test/confs/0109 index 59957b96b..ce49c0e08 100644 --- a/test/confs/0109 +++ b/test/confs/0109 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp port = PORT_N + hosts_try_fastopen = : allow_localhost diff --git a/test/confs/0130 b/test/confs/0130 index 02a095358..fbfd2ec78 100644 --- a/test/confs/0130 +++ b/test/confs/0130 @@ -43,6 +43,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0135 b/test/confs/0135 index 636294461..7fd5bdaa5 100644 --- a/test/confs/0135 +++ b/test/confs/0135 @@ -44,6 +44,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : connect_timeout = 1s local_delivery: diff --git a/test/confs/0143 b/test/confs/0143 index 5a6ee34a9..8f0300aa0 100644 --- a/test/confs/0143 +++ b/test/confs/0143 @@ -31,6 +31,7 @@ my_smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : debug_print = transport_name <$transport_name> diff --git a/test/confs/0144 b/test/confs/0144 index 34b38230f..0b950b854 100644 --- a/test/confs/0144 +++ b/test/confs/0144 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0145 b/test/confs/0145 index 16b02a858..c7d8c8612 100644 --- a/test/confs/0145 +++ b/test/confs/0145 @@ -35,6 +35,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0146 b/test/confs/0146 index d8b6067e7..8039ebdfa 100644 --- a/test/confs/0146 +++ b/test/confs/0146 @@ -27,6 +27,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0147 b/test/confs/0147 index 996d064be..fae99a94a 100644 --- a/test/confs/0147 +++ b/test/confs/0147 @@ -60,6 +60,7 @@ begin transports T1: driver = smtp + hosts_try_fastopen = : #----- ACL ----- diff --git a/test/confs/0160 b/test/confs/0160 index f64883729..ea2003a92 100644 --- a/test/confs/0160 +++ b/test/confs/0160 @@ -31,6 +31,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0161 b/test/confs/0161 index 8b91ea053..88845f325 100644 --- a/test/confs/0161 +++ b/test/confs/0161 @@ -62,6 +62,7 @@ begin transports remote_smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0163 b/test/confs/0163 index 7b19d9f16..806c4b9e2 100644 --- a/test/confs/0163 +++ b/test/confs/0163 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0175 b/test/confs/0175 index b20e4fe1a..461c265ba 100644 --- a/test/confs/0175 +++ b/test/confs/0175 @@ -58,6 +58,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : appendfile: driver = appendfile diff --git a/test/confs/0177 b/test/confs/0177 index 7921a8b55..0b78d4e0c 100644 --- a/test/confs/0177 +++ b/test/confs/0177 @@ -75,6 +75,7 @@ autoreply: smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0179 b/test/confs/0179 index 381b41caf..f18ab32e5 100644 --- a/test/confs/0179 +++ b/test/confs/0179 @@ -30,6 +30,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0183 b/test/confs/0183 index 8cd4c82d4..d55e5799f 100644 --- a/test/confs/0183 +++ b/test/confs/0183 @@ -57,6 +57,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0185 b/test/confs/0185 index d6e9fe020..d9d20fc93 100644 --- a/test/confs/0185 +++ b/test/confs/0185 @@ -72,6 +72,7 @@ autoreply: smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0186 b/test/confs/0186 index 21b31060c..5dffb3dd7 100644 --- a/test/confs/0186 +++ b/test/confs/0186 @@ -34,6 +34,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0187 b/test/confs/0187 index bca41b5f7..e2cd27ed5 100644 --- a/test/confs/0187 +++ b/test/confs/0187 @@ -45,6 +45,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0190 b/test/confs/0190 index 03ded9ce2..cdddae5f8 100644 --- a/test/confs/0190 +++ b/test/confs/0190 @@ -85,10 +85,12 @@ smtp: max_rcpt = 1 connection_max_messages = 1 port = PORT_S + hosts_try_fastopen = : smtp2: driver = smtp port = PORT_S + hosts_try_fastopen = : smtp3: driver = smtp @@ -96,6 +98,7 @@ smtp3: max_rcpt = 2 connection_max_messages = 1 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0191 b/test/confs/0191 index 9dba8c35d..13d98bff9 100644 --- a/test/confs/0191 +++ b/test/confs/0191 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : transport_filter = \ /bin/sh -c \ "cat >/dev/null; printf Line-without-end || /bin/echo -n Line-without-end" diff --git a/test/confs/0197 b/test/confs/0197 index b3f25c4c0..c2e4a10e8 100644 --- a/test/confs/0197 +++ b/test/confs/0197 @@ -95,6 +95,7 @@ makecopy: pass_on: driver = smtp + hosts_try_fastopen = : connect_timeout = 1s diff --git a/test/confs/0198 b/test/confs/0198 index f754a3187..5de770163 100644 --- a/test/confs/0198 +++ b/test/confs/0198 @@ -55,6 +55,7 @@ begin transports pass_on: driver = smtp + hosts_try_fastopen = : connect_timeout = 1s gethostbyname hosts = NEXTHOST diff --git a/test/confs/0200 b/test/confs/0200 index ab50f36df..03e628828 100644 --- a/test/confs/0200 +++ b/test/confs/0200 @@ -35,6 +35,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0201 b/test/confs/0201 index 5385baa9a..b4ad0d8d8 100644 --- a/test/confs/0201 +++ b/test/confs/0201 @@ -26,6 +26,7 @@ t1: hosts = 127.0.0.1 allow_localhost port = PORT_S + hosts_try_fastopen = : transport_filter = /bin/sh -c 'cat; exit 99' diff --git a/test/confs/0203 b/test/confs/0203 index 38e879010..1c197e720 100644 --- a/test/confs/0203 +++ b/test/confs/0203 @@ -29,6 +29,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0208 b/test/confs/0208 index 5a0b9f153..f1e9fea5d 100644 --- a/test/confs/0208 +++ b/test/confs/0208 @@ -59,6 +59,7 @@ fail: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0209 b/test/confs/0209 index 82046c7bc..b9d23b058 100644 --- a/test/confs/0209 +++ b/test/confs/0209 @@ -39,6 +39,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0210 b/test/confs/0210 index b1db52218..298ad7279 100644 --- a/test/confs/0210 +++ b/test/confs/0210 @@ -62,6 +62,7 @@ bsmtp_smtp: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0211 b/test/confs/0211 index 7856481df..b1dae707c 100644 --- a/test/confs/0211 +++ b/test/confs/0211 @@ -52,6 +52,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : command_timeout = 1s local_delivery: diff --git a/test/confs/0213 b/test/confs/0213 index ba0b9e403..388f693cc 100644 --- a/test/confs/0213 +++ b/test/confs/0213 @@ -29,6 +29,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0215 b/test/confs/0215 index ad40d6338..2758b07c9 100644 --- a/test/confs/0215 +++ b/test/confs/0215 @@ -40,6 +40,7 @@ lmtp: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : protocol = LMTP lmtp_ignore_quota = IGNORE_QUOTA AUTHS diff --git a/test/confs/0216 b/test/confs/0216 index 69af54347..962a64c28 100644 --- a/test/confs/0216 +++ b/test/confs/0216 @@ -36,6 +36,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : max_rcpt = 0 HAP diff --git a/test/confs/0217 b/test/confs/0217 index fa797265a..a225df5fe 100644 --- a/test/confs/0217 +++ b/test/confs/0217 @@ -41,6 +41,7 @@ send_to_server: command_timeout = 1s hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : HAP max_rcpt = 1000 diff --git a/test/confs/0218 b/test/confs/0218 index fa97f9c67..250bc92e6 100644 --- a/test/confs/0218 +++ b/test/confs/0218 @@ -52,6 +52,7 @@ send_to_server: command_timeout = 1s hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : debug_print = T: $transport_name (${acl {expand_check}}) diff --git a/test/confs/0225 b/test/confs/0225 index 3139eea5b..0ed97b4ef 100644 --- a/test/confs/0225 +++ b/test/confs/0225 @@ -40,6 +40,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : local_delivery: driver = appendfile diff --git a/test/confs/0227 b/test/confs/0227 index fea66e16f..36050fa7d 100644 --- a/test/confs/0227 +++ b/test/confs/0227 @@ -81,6 +81,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : lmtp: driver = smtp diff --git a/test/confs/0228 b/test/confs/0228 index 19f6cb7cd..d8fb762af 100644 --- a/test/confs/0228 +++ b/test/confs/0228 @@ -31,6 +31,7 @@ smtp: driver = smtp fallback_hosts = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0229 b/test/confs/0229 index 5389f97bc..c8c048dbc 100644 --- a/test/confs/0229 +++ b/test/confs/0229 @@ -32,6 +32,7 @@ smtp: 127.0.0.1 : 127.0.0.1 : HOSTIPV4 : \ 127.0.0.1 : 127.0.0.1 : HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0230 b/test/confs/0230 index c26b45758..f77f52f69 100644 --- a/test/confs/0230 +++ b/test/confs/0230 @@ -64,6 +64,7 @@ local_delivery: remote: driver = smtp port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0231 b/test/confs/0231 index d0adf3907..1eabae91a 100644 --- a/test/confs/0231 +++ b/test/confs/0231 @@ -65,6 +65,7 @@ smtp_rewrite: headers_rewrite = *@domain1 $1-rewrite@domain2 f :\ *@domain1 $1-other@domain2 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0238 b/test/confs/0238 index 15aa22052..4d92cdde7 100644 --- a/test/confs/0238 +++ b/test/confs/0238 @@ -33,6 +33,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0239 b/test/confs/0239 index f4b1a68ba..e7e26517a 100644 --- a/test/confs/0239 +++ b/test/confs/0239 @@ -39,6 +39,7 @@ local: smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0242 b/test/confs/0242 index fc2dd70ba..63265a6dc 100644 --- a/test/confs/0242 +++ b/test/confs/0242 @@ -30,6 +30,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0253 b/test/confs/0253 index cd2c777de..40ede04ea 100644 --- a/test/confs/0253 +++ b/test/confs/0253 @@ -64,6 +64,7 @@ t3: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : max_rcpt = 1 allow_localhost return_path = pqr=$local_part+$domain@verp.domain diff --git a/test/confs/0257 b/test/confs/0257 index f61689380..056b54f04 100644 --- a/test/confs/0257 +++ b/test/confs/0257 @@ -30,6 +30,7 @@ smtp: connect_timeout = 1s fallback_hosts = ten-2.test.ex port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0259 b/test/confs/0259 index 6b9bc29ab..f6ae742d4 100644 --- a/test/confs/0259 +++ b/test/confs/0259 @@ -26,6 +26,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : begin retry diff --git a/test/confs/0261 b/test/confs/0261 index 30ec087fd..7b2b7a1a6 100644 --- a/test/confs/0261 +++ b/test/confs/0261 @@ -16,10 +16,12 @@ begin transports remote_delivery: driver = smtp hosts = V4NET.0.0.1 + hosts_try_fastopen = : bad_return: driver = smtp hosts = V4NET.0.0.0 + hosts_try_fastopen = : return_path = ${if no_hosts: diff --git a/test/confs/0263 b/test/confs/0263 index 53b0064e7..f215cdb32 100644 --- a/test/confs/0263 +++ b/test/confs/0263 @@ -14,6 +14,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Routers ----- diff --git a/test/confs/0273 b/test/confs/0273 index 0a12a6762..4acc0a935 100644 --- a/test/confs/0273 +++ b/test/confs/0273 @@ -16,6 +16,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Routers ----- diff --git a/test/confs/0276 b/test/confs/0276 index 257cf4593..94e7a130f 100644 --- a/test/confs/0276 +++ b/test/confs/0276 @@ -16,6 +16,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost # ----- Routers ----- diff --git a/test/confs/0285 b/test/confs/0285 index f0871a565..8b0ada1f1 100644 --- a/test/confs/0285 +++ b/test/confs/0285 @@ -33,6 +33,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : max_rcpt = 2 connection_max_messages = 3 diff --git a/test/confs/0286 b/test/confs/0286 index 8ec70bfbb..c6f5daab3 100644 --- a/test/confs/0286 +++ b/test/confs/0286 @@ -34,6 +34,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : max_rcpt = 2 connection_max_messages = 3 diff --git a/test/confs/0288 b/test/confs/0288 index 12c308baf..ac7369b63 100644 --- a/test/confs/0288 +++ b/test/confs/0288 @@ -30,6 +30,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : max_rcpt = 1 connection_max_messages = 1 serialize_hosts = 127.0.0.1 diff --git a/test/confs/0292 b/test/confs/0292 index 6e70a7925..d3ea4f342 100644 --- a/test/confs/0292 +++ b/test/confs/0292 @@ -38,6 +38,7 @@ t1: t2: driver = smtp + hosts_try_fastopen = : debug_print = \$host=$host \$host_address=$host_address # End diff --git a/test/confs/0299 b/test/confs/0299 index 5d648b85d..d7dc87314 100644 --- a/test/confs/0299 +++ b/test/confs/0299 @@ -38,6 +38,7 @@ t2: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost max_rcpt = 2 diff --git a/test/confs/0315 b/test/confs/0315 index fed3ceca1..ae86fdc2a 100644 --- a/test/confs/0315 +++ b/test/confs/0315 @@ -28,5 +28,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0322 b/test/confs/0322 index 396b0c653..f78739673 100644 --- a/test/confs/0322 +++ b/test/confs/0322 @@ -29,6 +29,7 @@ smtp: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0332 b/test/confs/0332 index 4fe3b3fd4..a309e8e62 100644 --- a/test/confs/0332 +++ b/test/confs/0332 @@ -34,6 +34,7 @@ t1: hosts = 127.0.0.1 hosts_override port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0333 b/test/confs/0333 index 419229285..c14c07165 100644 --- a/test/confs/0333 +++ b/test/confs/0333 @@ -33,6 +33,7 @@ t1: hosts = 127.0.0.1 hosts_override port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0334 b/test/confs/0334 index 553763b0a..dc4e8a07b 100644 --- a/test/confs/0334 +++ b/test/confs/0334 @@ -25,6 +25,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0341 b/test/confs/0341 index 726793390..dcc4dec3a 100644 --- a/test/confs/0341 +++ b/test/confs/0341 @@ -47,6 +47,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/0342 b/test/confs/0342 index dba9020f4..b6bc47eda 100644 --- a/test/confs/0342 +++ b/test/confs/0342 @@ -35,6 +35,7 @@ begin transports remote_smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0343 b/test/confs/0343 index c613da449..a5741eade 100644 --- a/test/confs/0343 +++ b/test/confs/0343 @@ -25,6 +25,7 @@ remote_smtp: hosts = 127.0.0.1 allow_localhost port = PORT_N + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0344 b/test/confs/0344 index 0b29b0629..794e85eb3 100644 --- a/test/confs/0344 +++ b/test/confs/0344 @@ -32,15 +32,19 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = smtp + hosts_try_fastopen = : t3: driver = smtp + hosts_try_fastopen = : t4: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0350 b/test/confs/0350 index 09bd635db..927bdb7f7 100644 --- a/test/confs/0350 +++ b/test/confs/0350 @@ -25,5 +25,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0357 b/test/confs/0357 index 3f11016f5..f6f210235 100644 --- a/test/confs/0357 +++ b/test/confs/0357 @@ -26,6 +26,7 @@ t1: hosts = 127.0.0.1 allow_localhost port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0358 b/test/confs/0358 index 311687026..e451c84b5 100644 --- a/test/confs/0358 +++ b/test/confs/0358 @@ -26,6 +26,7 @@ t1: hosts = 127.0.0.1 allow_localhost port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0360 b/test/confs/0360 index d226449a8..f2f87c26f 100644 --- a/test/confs/0360 +++ b/test/confs/0360 @@ -36,6 +36,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0361 b/test/confs/0361 index f9007ec0c..909d7f397 100644 --- a/test/confs/0361 +++ b/test/confs/0361 @@ -39,6 +39,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = appendfile diff --git a/test/confs/0362 b/test/confs/0362 index 6588f609f..cdfe7d532 100644 --- a/test/confs/0362 +++ b/test/confs/0362 @@ -48,6 +48,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = appendfile diff --git a/test/confs/0363 b/test/confs/0363 index c43040876..872024893 100644 --- a/test/confs/0363 +++ b/test/confs/0363 @@ -26,6 +26,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost diff --git a/test/confs/0364 b/test/confs/0364 index e15bc9127..0ae251b36 100644 --- a/test/confs/0364 +++ b/test/confs/0364 @@ -49,6 +49,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = appendfile diff --git a/test/confs/0365 b/test/confs/0365 index 0bd6cc161..c5d8a0b53 100644 --- a/test/confs/0365 +++ b/test/confs/0365 @@ -81,5 +81,6 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0366 b/test/confs/0366 index 97d2e62a1..12e47cd5b 100644 --- a/test/confs/0366 +++ b/test/confs/0366 @@ -29,6 +29,7 @@ smtp: connect_timeout = 1s hosts_max_try = HOSTS_MAX_TRY port = PORT_N + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0367 b/test/confs/0367 index 2d69a07ab..911c3dd1c 100644 --- a/test/confs/0367 +++ b/test/confs/0367 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0368 b/test/confs/0368 index fee202781..41756dff9 100644 --- a/test/confs/0368 +++ b/test/confs/0368 @@ -30,6 +30,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0374 b/test/confs/0374 index 652a5062b..284344276 100644 --- a/test/confs/0374 +++ b/test/confs/0374 @@ -75,6 +75,7 @@ ut3: ut4: driver = smtp hosts = 127.0.0.1 + hosts_try_fastopen = : port = PORT_S allow_localhost max_rcpt = 1 diff --git a/test/confs/0375 b/test/confs/0375 index 06b16f383..164f32788 100644 --- a/test/confs/0375 +++ b/test/confs/0375 @@ -114,6 +114,7 @@ ut4: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost max_rcpt = 1 disable_logging @@ -124,6 +125,7 @@ ut5: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost max_rcpt = 1 disable_logging @@ -135,6 +137,7 @@ ut6: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost max_rcpt = 1 disable_logging diff --git a/test/confs/0376 b/test/confs/0376 index e3a158f7e..7679a649f 100644 --- a/test/confs/0376 +++ b/test/confs/0376 @@ -70,6 +70,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0388 b/test/confs/0388 index 9a7be305d..03a8bd853 100644 --- a/test/confs/0388 +++ b/test/confs/0388 @@ -31,6 +31,7 @@ smtp: driver = smtp hosts_max_try = 1 port = PORT_S + hosts_try_fastopen = : connect_timeout = 2s address_retry_include_sender = false diff --git a/test/confs/0392 b/test/confs/0392 index e76c86772..95feb39bd 100644 --- a/test/confs/0392 +++ b/test/confs/0392 @@ -28,9 +28,11 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0398 b/test/confs/0398 index 9fbe1b8da..e71a01c2d 100644 --- a/test/confs/0398 +++ b/test/confs/0398 @@ -60,6 +60,7 @@ t1: t2: driver = smtp port = PORT_S + hosts_try_fastopen = : allow_localhost diff --git a/test/confs/0405 b/test/confs/0405 index edf720c48..7d8a3cea9 100644 --- a/test/confs/0405 +++ b/test/confs/0405 @@ -29,6 +29,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0413 b/test/confs/0413 index 118dbcfe9..44b0da01f 100644 --- a/test/confs/0413 +++ b/test/confs/0413 @@ -51,6 +51,7 @@ t1: hosts = 127.0.0.1 allow_localhost port = PORT_S + hosts_try_fastopen = : t2: driver = smtp @@ -58,6 +59,7 @@ t2: hosts_override allow_localhost port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0417 b/test/confs/0417 index 41c5ed975..2f3ed5df4 100644 --- a/test/confs/0417 +++ b/test/confs/0417 @@ -37,5 +37,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0419 b/test/confs/0419 index 39f634c63..a00621430 100644 --- a/test/confs/0419 +++ b/test/confs/0419 @@ -27,6 +27,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0425 b/test/confs/0425 index 6c9383a41..1ade85072 100644 --- a/test/confs/0425 +++ b/test/confs/0425 @@ -38,6 +38,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0426 b/test/confs/0426 index fbac9ecfd..c5b773fae 100644 --- a/test/confs/0426 +++ b/test/confs/0426 @@ -29,6 +29,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0429 b/test/confs/0429 index 49df93001..c70a9386b 100644 --- a/test/confs/0429 +++ b/test/confs/0429 @@ -24,6 +24,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost hosts_avoid_esmtp = 127.0.0.1 diff --git a/test/confs/0430 b/test/confs/0430 index 552b0d010..cca101c48 100644 --- a/test/confs/0430 +++ b/test/confs/0430 @@ -37,5 +37,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0431 b/test/confs/0431 index 7590fa9d4..4af033ca9 100644 --- a/test/confs/0431 +++ b/test/confs/0431 @@ -42,6 +42,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost AFFIX diff --git a/test/confs/0432 b/test/confs/0432 index e8e6e3552..aab1de468 100644 --- a/test/confs/0432 +++ b/test/confs/0432 @@ -37,6 +37,7 @@ t1: driver = smtp hosts = <; 127.0.0.1 ; port = PORT_S + hosts_try_fastopen = : allow_localhost # End diff --git a/test/confs/0434 b/test/confs/0434 index 0d77fa095..7b6ec65ad 100644 --- a/test/confs/0434 +++ b/test/confs/0434 @@ -27,6 +27,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : diff --git a/test/confs/0440 b/test/confs/0440 index 2bef8c961..fe2cef997 100644 --- a/test/confs/0440 +++ b/test/confs/0440 @@ -28,6 +28,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : transport_filter = /bin/cat diff --git a/test/confs/0447 b/test/confs/0447 index 57b992d1b..86618fbd3 100644 --- a/test/confs/0447 +++ b/test/confs/0447 @@ -36,6 +36,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost connect_timeout = 999999s diff --git a/test/confs/0450 b/test/confs/0450 index 2dff861a1..7324af64f 100644 --- a/test/confs/0450 +++ b/test/confs/0450 @@ -28,6 +28,7 @@ begin transports t1: driver = smtp hosts = 127.0.0.1 + hosts_try_fastopen = : allow_localhost port = ${if queue_running{PORT_D2}{PORT_D}}EXTRA diff --git a/test/confs/0455 b/test/confs/0455 index 390c28a95..becac26f7 100644 --- a/test/confs/0455 +++ b/test/confs/0455 @@ -39,6 +39,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : connect_timeout = 1s hosts_max_try = HOSTS_MAX_TRY diff --git a/test/confs/0461 b/test/confs/0461 index 30abd50a9..4aca116e5 100644 --- a/test/confs/0461 +++ b/test/confs/0461 @@ -37,6 +37,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : connect_timeout = 1s allow_localhost diff --git a/test/confs/0462 b/test/confs/0462 index 36d18412d..951420f11 100644 --- a/test/confs/0462 +++ b/test/confs/0462 @@ -44,6 +44,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0463 b/test/confs/0463 index 8be1d95c1..686e180e3 100644 --- a/test/confs/0463 +++ b/test/confs/0463 @@ -27,5 +27,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0464 b/test/confs/0464 index 21e41cb08..eb538e7ed 100644 --- a/test/confs/0464 +++ b/test/confs/0464 @@ -46,5 +46,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0466 b/test/confs/0466 index 880a41e33..58057269e 100644 --- a/test/confs/0466 +++ b/test/confs/0466 @@ -50,5 +50,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0467 b/test/confs/0467 index 147aca64e..0104face2 100644 --- a/test/confs/0467 +++ b/test/confs/0467 @@ -27,5 +27,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0469 b/test/confs/0469 index a008dde00..378254b5c 100644 --- a/test/confs/0469 +++ b/test/confs/0469 @@ -25,5 +25,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0473 b/test/confs/0473 index 6dd6b8898..8e7985302 100644 --- a/test/confs/0473 +++ b/test/confs/0473 @@ -42,5 +42,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0474 b/test/confs/0474 index 35b4805e5..bc07dc66c 100644 --- a/test/confs/0474 +++ b/test/confs/0474 @@ -24,6 +24,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0476 b/test/confs/0476 index fd6106b16..1db78e796 100644 --- a/test/confs/0476 +++ b/test/confs/0476 @@ -26,6 +26,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0477 b/test/confs/0477 index 04d836591..6dc192ecc 100644 --- a/test/confs/0477 +++ b/test/confs/0477 @@ -27,6 +27,7 @@ t1: driver = smtp port = PORT_S interface = 99.99.99.99 + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0478 b/test/confs/0478 index cfb9a17b1..786f6c547 100644 --- a/test/confs/0478 +++ b/test/confs/0478 @@ -27,6 +27,7 @@ begin transports t1: driver = smtp port = PORT_D + hosts_try_fastopen = : hosts = ${if !eq {$sender_host_address}{} {V4NET.0.0.2} \ {${if eq {127.0.0.1}{$local_part} {127.0.0.1} \ {${if eq {V4NET.0.0.1}{$local_part} {V4NET.0.0.1}}}}}} diff --git a/test/confs/0479 b/test/confs/0479 index bfb9b8613..d8ea0465b 100644 --- a/test/confs/0479 +++ b/test/confs/0479 @@ -35,6 +35,7 @@ t1: driver = smtp port = PORT_S hosts = 127.0.0.1 + hosts_try_fastopen = : allow_localhost connect_timeout = 1s diff --git a/test/confs/0492 b/test/confs/0492 index a939fe125..855ea31de 100644 --- a/test/confs/0492 +++ b/test/confs/0492 @@ -32,6 +32,7 @@ begin transports t1: driver = smtp hosts = 127.0.0.1 + hosts_try_fastopen = : allow_localhost t2: diff --git a/test/confs/0495 b/test/confs/0495 index 5bfec709f..dc1a394b0 100644 --- a/test/confs/0495 +++ b/test/confs/0495 @@ -64,6 +64,7 @@ t1: driver = smtp hosts = 127.0.0.1 : HOSTIPV4 port = PORT_S + hosts_try_fastopen = : allow_localhost command_timeout = 1s @@ -71,6 +72,7 @@ t2: driver = smtp hosts = V4NET.9.8.7 port = PORT_S + hosts_try_fastopen = : t3: driver = appendfile @@ -81,5 +83,6 @@ t4: driver = smtp hosts = V4NET.10.10.10 port = nonexistent + hosts_try_fastopen = : # End diff --git a/test/confs/0497 b/test/confs/0497 index 2154c3c2c..c1c866e27 100644 --- a/test/confs/0497 +++ b/test/confs/0497 @@ -30,6 +30,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost diff --git a/test/confs/0498 b/test/confs/0498 index c26f43a8a..8b84a4d05 100644 --- a/test/confs/0498 +++ b/test/confs/0498 @@ -30,6 +30,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost final_timeout = 1s diff --git a/test/confs/0499 b/test/confs/0499 index b7a0b7980..32975f45f 100644 --- a/test/confs/0499 +++ b/test/confs/0499 @@ -27,6 +27,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0504 b/test/confs/0504 index c7b0131c0..981ed16c3 100644 --- a/test/confs/0504 +++ b/test/confs/0504 @@ -35,6 +35,7 @@ t3: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost transport_filter = /non/existent/file diff --git a/test/confs/0511 b/test/confs/0511 index 1ecc19998..230971cd5 100644 --- a/test/confs/0511 +++ b/test/confs/0511 @@ -24,6 +24,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost # End diff --git a/test/confs/0512 b/test/confs/0512 index 15e424a51..7f31b9765 100644 --- a/test/confs/0512 +++ b/test/confs/0512 @@ -31,6 +31,7 @@ t1: driver = smtp hosts = 127.0.0.1 : 127.0.0.1 : 127.0.0.1 : 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost hosts_max_try = 1 HARDLIMIT diff --git a/test/confs/0518 b/test/confs/0518 index c413faa95..1e6dd2277 100644 --- a/test/confs/0518 +++ b/test/confs/0518 @@ -40,6 +40,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost rcpt_include_affixes @@ -47,6 +48,7 @@ t2: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost # End diff --git a/test/confs/0519 b/test/confs/0519 index e6dbb0090..98d55a2b3 100644 --- a/test/confs/0519 +++ b/test/confs/0519 @@ -25,6 +25,7 @@ t1: driver = smtp hosts = 127.0.0.1 : non-exist.test.ex port = PORT_S + hosts_try_fastopen = : allow_localhost # End diff --git a/test/confs/0525 b/test/confs/0525 index a6e429172..f4c35adc5 100644 --- a/test/confs/0525 +++ b/test/confs/0525 @@ -32,6 +32,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost data_timeout = 1s diff --git a/test/confs/0528 b/test/confs/0528 index e7313a5ca..1e9bafa27 100644 --- a/test/confs/0528 +++ b/test/confs/0528 @@ -32,6 +32,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : hosts_max_try = 20 allow_localhost diff --git a/test/confs/0531 b/test/confs/0531 index 2f72810cf..0af86b968 100644 --- a/test/confs/0531 +++ b/test/confs/0531 @@ -39,6 +39,7 @@ lmtp: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : protocol = LMTP diff --git a/test/confs/0538 b/test/confs/0538 index 9081aa572..d6342bf4a 100644 --- a/test/confs/0538 +++ b/test/confs/0538 @@ -40,6 +40,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0540 b/test/confs/0540 index 7ebbdd2b4..05329af89 100644 --- a/test/confs/0540 +++ b/test/confs/0540 @@ -36,6 +36,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost helo_data = ${if eq{$domain}{yes1}{localhost}{aname}} diff --git a/test/confs/0543 b/test/confs/0543 index 88e74e58f..108119c6e 100644 --- a/test/confs/0543 +++ b/test/confs/0543 @@ -28,6 +28,7 @@ smtp: hosts_max_try = 1 allow_localhost port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0544 b/test/confs/0544 index 09949a3fa..bccfad9db 100644 --- a/test/confs/0544 +++ b/test/confs/0544 @@ -52,6 +52,7 @@ smtp: hosts = 127.0.0.1 allow_localhost port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0545 b/test/confs/0545 index a78236a4a..a78361bc4 100644 --- a/test/confs/0545 +++ b/test/confs/0545 @@ -23,6 +23,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0548 b/test/confs/0548 index a450f45c3..112952e9a 100644 --- a/test/confs/0548 +++ b/test/confs/0548 @@ -44,6 +44,7 @@ smtp: hosts = HOSTIPV4 : thishost.test.ex allow_localhost port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0550 b/test/confs/0550 index caf3ceda7..16699b3ac 100644 --- a/test/confs/0550 +++ b/test/confs/0550 @@ -24,6 +24,7 @@ t1: driver = smtp hosts = 127.0.0.1 : HOSTIPV4 port = PORT_S + hosts_try_fastopen = : allow_localhost helo_data = \ ${if eq{$sending_ip_address}{127.0.0.1}{Tweedledum}{Tweedledee}} \ diff --git a/test/confs/0552 b/test/confs/0552 index c4c2f5e98..153185561 100644 --- a/test/confs/0552 +++ b/test/confs/0552 @@ -46,6 +46,7 @@ begin transports t1: driver = smtp port = PORT_D + hosts_try_fastopen = : hosts = 127.0.0.1 allow_localhost command_timeout = 2s diff --git a/test/confs/0553 b/test/confs/0553 index c9ceaa59e..92fcc0a6f 100644 --- a/test/confs/0553 +++ b/test/confs/0553 @@ -45,6 +45,7 @@ begin transports smtp: driver = smtp port = PORT_D + hosts_try_fastopen = : command_timeout = 2s diff --git a/test/confs/0554 b/test/confs/0554 index c4f240c39..e519d076d 100644 --- a/test/confs/0554 +++ b/test/confs/0554 @@ -25,6 +25,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0557 b/test/confs/0557 index 9b7dec2e6..41a614f10 100644 --- a/test/confs/0557 +++ b/test/confs/0557 @@ -36,6 +36,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = appendfile diff --git a/test/confs/0561 b/test/confs/0561 index 5ccf4dcc3..7095eb2e6 100644 --- a/test/confs/0561 +++ b/test/confs/0561 @@ -33,5 +33,6 @@ begin transports t1: driver = smtp port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/0565 b/test/confs/0565 index 0d053a080..f7accd8d0 100644 --- a/test/confs/0565 +++ b/test/confs/0565 @@ -34,11 +34,13 @@ begin transports remote_smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : allow_localhost remote_smtp_hdrs: driver = smtp port = PORT_S + hosts_try_fastopen = : allow_localhost headers_only diff --git a/test/confs/0570 b/test/confs/0570 index 962e76bb0..efaf3bccb 100644 --- a/test/confs/0570 +++ b/test/confs/0570 @@ -35,6 +35,7 @@ begin transports smtp: driver = smtp port = PORT_D + hosts_try_fastopen = : OPTION max_parallel = 1 diff --git a/test/confs/0572 b/test/confs/0572 index 23da35a09..ce621bb31 100644 --- a/test/confs/0572 +++ b/test/confs/0572 @@ -35,6 +35,7 @@ my_smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : debug_print = transport_name <$transport_name> diff --git a/test/confs/0580 b/test/confs/0580 index 54ef7ae70..6dbc06d64 100644 --- a/test/confs/0580 +++ b/test/confs/0580 @@ -37,6 +37,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0603 b/test/confs/0603 index baa3ea08c..eaf6a6b90 100644 --- a/test/confs/0603 +++ b/test/confs/0603 @@ -43,6 +43,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : # assumes that HOSTIPV4 can send to 127.0.0.1 interface = ${if eq {$sender_address_domain}{dustybelt.tld} {127.0.0.1}{HOSTIPV4}} diff --git a/test/confs/0604 b/test/confs/0604 index ec5195511..46fc8cf9c 100644 --- a/test/confs/0604 +++ b/test/confs/0604 @@ -42,6 +42,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : # assumes that HOSTIPV4 can sent to 127.0.0.1 interface = ${if eq {$sender_address_domain}{dustybelt.tld} {127.0.0.1}{HOSTIPV4}} diff --git a/test/confs/0607 b/test/confs/0607 index 03c052316..c074ce4e8 100644 --- a/test/confs/0607 +++ b/test/confs/0607 @@ -31,6 +31,7 @@ begin transports out: driver = smtp port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/0610 b/test/confs/0610 index 49778352f..5ce2723ae 100644 --- a/test/confs/0610 +++ b/test/confs/0610 @@ -48,6 +48,7 @@ t1: hosts = 127.0.0.1 port = PORT_D interface = 127.0.0.1 + hosts_try_fastopen = : t2: driver = smtp @@ -55,6 +56,7 @@ t2: hosts = 127.0.0.1 port = PORT_D interface = HOSTIPV4 + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0611 b/test/confs/0611 index d3e0a47b2..84be24f05 100644 --- a/test/confs/0611 +++ b/test/confs/0611 @@ -55,6 +55,7 @@ begin transports smtp: driver = smtp port = PORT_D + hosts_try_fastopen = : max_rcpt = 1 connection_max_messages = 1 max_parallel = 2 diff --git a/test/confs/0613 b/test/confs/0613 index 5094759eb..617c65663 100644 --- a/test/confs/0613 +++ b/test/confs/0613 @@ -27,5 +27,6 @@ begin transports remote_smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0616 b/test/confs/0616 index e710a4bc5..6fb08b395 100644 --- a/test/confs/0616 +++ b/test/confs/0616 @@ -36,5 +36,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0617 b/test/confs/0617 index cf5251774..625c7e372 100644 --- a/test/confs/0617 +++ b/test/confs/0617 @@ -36,5 +36,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0618 b/test/confs/0618 index a461065e5..b92353397 100644 --- a/test/confs/0618 +++ b/test/confs/0618 @@ -75,6 +75,7 @@ begin transports smtp: driver = smtp event_action = ${acl {ev_log}} + hosts_try_fastopen = : bad_tpt: driver = smtp diff --git a/test/confs/0900 b/test/confs/0900 index ce6f2c379..4c824c4b4 100644 --- a/test/confs/0900 +++ b/test/confs/0900 @@ -106,6 +106,7 @@ remote_smtp: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost command_timeout = 2s final_timeout = 2s @@ -114,6 +115,7 @@ remote_smtp_dkim: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost command_timeout = 2s final_timeout = 2s diff --git a/test/confs/0901 b/test/confs/0901 index 67b73cd19..2e299c7dd 100644 --- a/test/confs/0901 +++ b/test/confs/0901 @@ -97,6 +97,7 @@ remote_smtp: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost command_timeout = 2s final_timeout = 2s @@ -105,6 +106,7 @@ remote_smtp_dkim: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost command_timeout = 2s final_timeout = 2s diff --git a/test/confs/0906 b/test/confs/0906 index 6df517e53..c320b2569 100644 --- a/test/confs/0906 +++ b/test/confs/0906 @@ -85,12 +85,14 @@ remote_smtp: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : allow_localhost remote_smtp_dkim: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : allow_localhost .ifdef OPT diff --git a/test/confs/1003 b/test/confs/1003 index d15a892fb..df1e48891 100644 --- a/test/confs/1003 +++ b/test/confs/1003 @@ -46,6 +46,7 @@ send_to_server1: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = <; ::1 ; HOSTIPV4 send_to_server2: @@ -53,6 +54,7 @@ send_to_server2: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = <; HOSTIPV6 ; HOSTIPV4 send_to_server3: @@ -60,6 +62,7 @@ send_to_server3: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = <; ${if eq{0}{1}{HOSTIPV6}fail} send_to_server4: @@ -67,6 +70,7 @@ send_to_server4: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = <; ${if eq{0}{1}{HOSTIPV6}{ }} send_to_server5: @@ -74,6 +78,7 @@ send_to_server5: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = <; ${if send_to_server: @@ -81,6 +86,7 @@ send_to_server: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = ${expand:$h_interface:} diff --git a/test/confs/1005 b/test/confs/1005 index 35767932d..1b01dc468 100644 --- a/test/confs/1005 +++ b/test/confs/1005 @@ -25,6 +25,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/1006 b/test/confs/1006 index f46fba932..5f5dfd5f3 100644 --- a/test/confs/1006 +++ b/test/confs/1006 @@ -37,6 +37,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/1008 b/test/confs/1008 index e3307044f..44c7153ff 100644 --- a/test/confs/1008 +++ b/test/confs/1008 @@ -26,6 +26,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/1009 b/test/confs/1009 index fbfa7f0c1..c8184a64e 100644 --- a/test/confs/1009 +++ b/test/confs/1009 @@ -38,6 +38,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2000 b/test/confs/2000 index 9ca325f2a..11104b09d 100644 --- a/test/confs/2000 +++ b/test/confs/2000 @@ -48,6 +48,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_certificate = DIR/aux-fixed/cert2 tls_privatekey = DIR/aux-fixed/cert2 tls_verify_certificates = DIR/aux-fixed/cert2 diff --git a/test/confs/2001 b/test/confs/2001 index 715da4bf6..d6525cae5 100644 --- a/test/confs/2001 +++ b/test/confs/2001 @@ -49,6 +49,7 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 + hosts_try_fastopen = : OPTION port = PORT_D tls_certificate = DIR/aux-fixed/cert2 diff --git a/test/confs/2007 b/test/confs/2007 index a16b9a57e..d666f6ac2 100644 --- a/test/confs/2007 +++ b/test/confs/2007 @@ -55,11 +55,13 @@ send_to_server1: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : send_to_server2: driver = smtp allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/2008 b/test/confs/2008 index 83b30502a..1f12493c5 100644 --- a/test/confs/2008 +++ b/test/confs/2008 @@ -64,6 +64,7 @@ send_to_server1: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed send_to_server2: @@ -71,6 +72,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2009 b/test/confs/2009 index 59139f27e..21f9f2673 100644 --- a/test/confs/2009 +++ b/test/confs/2009 @@ -54,7 +54,8 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_avoid_tls = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : + hosts_avoid_tls = 127.0.0.1 # End diff --git a/test/confs/2010 b/test/confs/2010 index 2cedb89cf..dae45a08c 100644 --- a/test/confs/2010 +++ b/test/confs/2010 @@ -44,8 +44,9 @@ send_to_server: driver = smtp allow_localhost hosts = HOSTS - hosts_require_tls = * port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = * # ----- Retry ----- diff --git a/test/confs/2012 b/test/confs/2012 index 8fbc55595..f59b91a0c 100644 --- a/test/confs/2012 +++ b/test/confs/2012 @@ -93,8 +93,9 @@ send_to_server_failcert: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -107,8 +108,9 @@ send_to_server_retry: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -122,8 +124,9 @@ send_to_server_crypt: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -137,6 +140,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -150,6 +154,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -163,6 +168,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 diff --git a/test/confs/2013 b/test/confs/2013 index 4c9fcd3e8..1a23887b3 100644 --- a/test/confs/2013 +++ b/test/confs/2013 @@ -66,8 +66,9 @@ send_to_server: allow_localhost hosts_override hosts = 127.0.0.1 - hosts_noproxy_tls = PEX port = PORT_D + hosts_try_fastopen = : + hosts_noproxy_tls = PEX tls_try_verify_hosts = : # End diff --git a/test/confs/2016 b/test/confs/2016 index b14e1f300..ead3a903b 100644 --- a/test/confs/2016 +++ b/test/confs/2016 @@ -29,6 +29,7 @@ smtp: command_timeout = 1s hosts_require_tls = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2017 b/test/confs/2017 index a699f2d78..98fdc07ca 100644 --- a/test/confs/2017 +++ b/test/confs/2017 @@ -53,8 +53,9 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_nopass_tls = * port = PORT_D + hosts_try_fastopen = : + hosts_nopass_tls = * # ----- Retry ----- diff --git a/test/confs/2021 b/test/confs/2021 index ccd201719..a7e89f8da 100644 --- a/test/confs/2021 +++ b/test/confs/2021 @@ -28,6 +28,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : REQUIRE TRYCLEAR diff --git a/test/confs/2025 b/test/confs/2025 index fdf1e0405..8c08abebe 100644 --- a/test/confs/2025 +++ b/test/confs/2025 @@ -45,6 +45,7 @@ send_to_server: allow_localhost hosts = HOSTIPV4 : 127.0.0.1 port = PORT_D + hosts_try_fastopen = : hosts_require_tls = HOSTIPV4 tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-MAC-ALL:+SHA\ ${if eq{$host}{HOSTIPV4} {384} {256} } diff --git a/test/confs/2026 b/test/confs/2026 index c678219db..270a0682c 100644 --- a/test/confs/2026 +++ b/test/confs/2026 @@ -63,6 +63,7 @@ t1: driver = smtp hosts = 127.0.0.1 : HOSTIPV4 port = PORT_D + hosts_try_fastopen = : allow_localhost t2: diff --git a/test/confs/2030 b/test/confs/2030 index e2ee0e223..490b35f60 100644 --- a/test/confs/2030 +++ b/test/confs/2030 @@ -53,6 +53,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = fred send_to_server2: @@ -60,6 +61,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2031 b/test/confs/2031 index 0d9bba640..af27b2ffd 100644 --- a/test/confs/2031 +++ b/test/confs/2031 @@ -65,6 +65,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = fred send_to_server2: @@ -72,6 +73,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = bill diff --git a/test/confs/2033 b/test/confs/2033 index 73dcde61e..15e632a57 100644 --- a/test/confs/2033 +++ b/test/confs/2033 @@ -100,8 +100,9 @@ send_to_server_failcert: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -112,8 +113,9 @@ send_to_server_retry: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -125,8 +127,9 @@ send_to_server_crypt: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -140,6 +143,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -153,6 +157,7 @@ send_to_server_req_failname: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -167,6 +172,7 @@ send_to_server_req_passname: allow_localhost hosts = server1.example.com port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -181,6 +187,7 @@ send_to_server_req_failcarryon: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 diff --git a/test/confs/2100 b/test/confs/2100 index bce339b19..827d93811 100644 --- a/test/confs/2100 +++ b/test/confs/2100 @@ -49,6 +49,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_certificate = DIR/aux-fixed/cert2 tls_privatekey = DIR/aux-fixed/cert2 tls_verify_certificates = DIR/aux-fixed/cert2 diff --git a/test/confs/2101 b/test/confs/2101 index a0e1fe46f..32c309677 100644 --- a/test/confs/2101 +++ b/test/confs/2101 @@ -46,6 +46,7 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 + hosts_try_fastopen = : OPTION port = PORT_D tls_certificate = DIR/aux-fixed/cert2 diff --git a/test/confs/2107 b/test/confs/2107 index 9487445cc..5cf1dc373 100644 --- a/test/confs/2107 +++ b/test/confs/2107 @@ -54,11 +54,13 @@ send_to_server1: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : send_to_server2: driver = smtp allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/2108 b/test/confs/2108 index 9b926bf6e..5db771d13 100644 --- a/test/confs/2108 +++ b/test/confs/2108 @@ -62,6 +62,7 @@ send_to_server1: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed send_to_server2: @@ -69,6 +70,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2109 b/test/confs/2109 index 8703d1967..3f1465fa2 100644 --- a/test/confs/2109 +++ b/test/confs/2109 @@ -54,7 +54,8 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_avoid_tls = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : + hosts_avoid_tls = 127.0.0.1 # End diff --git a/test/confs/2110 b/test/confs/2110 index 72754a6d9..cc4a7f032 100644 --- a/test/confs/2110 +++ b/test/confs/2110 @@ -43,8 +43,9 @@ send_to_server: driver = smtp allow_localhost hosts = HOSTS - hosts_require_tls = * port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = * # ----- Retry ----- diff --git a/test/confs/2111 b/test/confs/2111 index b54c9490d..42458efba 100644 --- a/test/confs/2111 +++ b/test/confs/2111 @@ -46,8 +46,9 @@ send_to_server: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = DIR/aux-fixed/cert2 tls_privatekey = DIR/aux-fixed/cert2 tls_require_ciphers = IDEA-CBC-MD5:\ diff --git a/test/confs/2112 b/test/confs/2112 index 005925e11..2b3f33ed3 100644 --- a/test/confs/2112 +++ b/test/confs/2112 @@ -93,8 +93,9 @@ send_to_server_failcert: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -107,8 +108,9 @@ send_to_server_retry: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -122,8 +124,9 @@ send_to_server_crypt: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -137,6 +140,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -150,6 +154,7 @@ send_to_server_req_failname: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -163,6 +168,7 @@ send_to_server_req_passname: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 diff --git a/test/confs/2113 b/test/confs/2113 index f48e618d3..eb9d2b487 100644 --- a/test/confs/2113 +++ b/test/confs/2113 @@ -66,8 +66,9 @@ send_to_server: allow_localhost hosts_override hosts = 127.0.0.1 - hosts_noproxy_tls = PEX port = PORT_D + hosts_try_fastopen = : + hosts_noproxy_tls = PEX tls_try_verify_hosts = : # End diff --git a/test/confs/2116 b/test/confs/2116 index d57d3a112..77a671261 100644 --- a/test/confs/2116 +++ b/test/confs/2116 @@ -27,8 +27,9 @@ begin transports smtp: driver = smtp command_timeout = 1s - hosts_require_tls = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : + hosts_require_tls = 127.0.0.1 # ----- Retry ----- diff --git a/test/confs/2117 b/test/confs/2117 index b6a557667..cdec8306b 100644 --- a/test/confs/2117 +++ b/test/confs/2117 @@ -53,9 +53,10 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_nopass_tls = * port = PORT_D + hosts_try_fastopen = : tls_try_verify_hosts = : + hosts_nopass_tls = * # ----- Retry ----- diff --git a/test/confs/2120 b/test/confs/2120 index 1288d7f12..9469cb738 100644 --- a/test/confs/2120 +++ b/test/confs/2120 @@ -36,6 +36,7 @@ t1: hosts = thishost.test.ex allow_localhost port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2121 b/test/confs/2121 index 573ea379a..6dcaa0577 100644 --- a/test/confs/2121 +++ b/test/confs/2121 @@ -28,6 +28,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : REQUIRE TRYCLEAR diff --git a/test/confs/2125 b/test/confs/2125 index 589879133..3591c8653 100644 --- a/test/confs/2125 +++ b/test/confs/2125 @@ -48,9 +48,10 @@ send_to_server: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 + port = PORT_D hosts_require_tls = HOSTIPV4 tls_require_ciphers = AES128-SHA - port = PORT_D + hosts_try_fastopen = : tls_try_verify_hosts = : diff --git a/test/confs/2126 b/test/confs/2126 index 9f0af7cf6..cb448134f 100644 --- a/test/confs/2126 +++ b/test/confs/2126 @@ -51,6 +51,7 @@ t1: driver = smtp hosts = 127.0.0.1 : HOSTIPV4 port = PORT_D + hosts_try_fastopen = : allow_localhost tls_try_verify_hosts = : diff --git a/test/confs/2127 b/test/confs/2127 index 9807ccf11..65e1901f6 100644 --- a/test/confs/2127 +++ b/test/confs/2127 @@ -55,6 +55,7 @@ send_to_server: allow_localhost hosts = ${if eq{$local_part}{userx}{127.0.0.1}{HOSTIPV4}} port = PORT_D + hosts_try_fastopen = : tls_try_verify_hosts = : # End diff --git a/test/confs/2130 b/test/confs/2130 index 379d2c98a..4afded1cf 100644 --- a/test/confs/2130 +++ b/test/confs/2130 @@ -53,6 +53,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = fred tls_try_verify_hosts = : @@ -61,6 +62,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_try_verify_hosts = : diff --git a/test/confs/2131 b/test/confs/2131 index 43db2ac1c..243fc092c 100644 --- a/test/confs/2131 +++ b/test/confs/2131 @@ -65,6 +65,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = fred hosts_require_tls = * tls_try_verify_hosts = : @@ -74,6 +75,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = bill hosts_require_tls = * tls_try_verify_hosts = : diff --git a/test/confs/2133 b/test/confs/2133 index e58a0c65c..463e614ca 100644 --- a/test/confs/2133 +++ b/test/confs/2133 @@ -101,8 +101,9 @@ send_to_server_failcert: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -113,8 +114,9 @@ send_to_server_retry: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -126,8 +128,9 @@ send_to_server_crypt: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -141,6 +144,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -154,6 +158,7 @@ send_to_server_req_failname: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -168,6 +173,7 @@ send_to_server_req_passname: allow_localhost hosts = server1.example.com port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -180,6 +186,7 @@ send_to_server_req_failcarryon: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 diff --git a/test/confs/2135 b/test/confs/2135 index f7f225746..4625f759d 100644 --- a/test/confs/2135 +++ b/test/confs/2135 @@ -67,6 +67,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = : diff --git a/test/confs/2138 b/test/confs/2138 index 7fec82541..d5dba1b3f 100644 --- a/test/confs/2138 +++ b/test/confs/2138 @@ -57,8 +57,9 @@ local_delivery: send_to_server: driver = smtp allow_localhost - hosts_noproxy_tls = : port = PORT_D + hosts_try_fastopen = : + hosts_noproxy_tls = : tls_try_verify_hosts = : max_rcpt = 1 diff --git a/test/confs/2149 b/test/confs/2149 index 072e8e438..ee48a51b3 100644 --- a/test/confs/2149 +++ b/test/confs/2149 @@ -50,6 +50,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_try_verify_hosts = : # End diff --git a/test/confs/2151 b/test/confs/2151 index f64cdd50e..1e40a83ae 100644 --- a/test/confs/2151 +++ b/test/confs/2151 @@ -39,5 +39,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/2152 b/test/confs/2152 index f783192bd..a5acff047 100644 --- a/test/confs/2152 +++ b/test/confs/2152 @@ -53,6 +53,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/cert1 tls_verify_cert_hostnames = : @@ -61,6 +62,7 @@ send_to_server_v: allow_localhost hosts = 127.0.0.1 port = PORT_D2 + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/cert1 tls_verify_cert_hostnames = : diff --git a/test/confs/2201 b/test/confs/2201 index dce78ed7a..4ce79253d 100644 --- a/test/confs/2201 +++ b/test/confs/2201 @@ -75,6 +75,7 @@ remote_delivery: hosts = 127.0.0.1 allow_localhost port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/3207 b/test/confs/3207 index 6880dcf90..bf8d1d4c5 100644 --- a/test/confs/3207 +++ b/test/confs/3207 @@ -82,6 +82,7 @@ local_delivery: smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/3209 b/test/confs/3209 index d5a442ddb..fff1f374f 100644 --- a/test/confs/3209 +++ b/test/confs/3209 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : connect_timeout = 1s diff --git a/test/confs/3401 b/test/confs/3401 index afcd48251..401d5cfa5 100644 --- a/test/confs/3401 +++ b/test/confs/3401 @@ -55,14 +55,16 @@ begin transports smtp_try: driver = smtp - hosts_try_auth = * port = PORT_S + hosts_try_fastopen = : + hosts_try_auth = * authenticated_sender = ${if eq{$local_part}{forcesender}{force@x.y.z}fail} smtp_force: driver = smtp - hosts_require_auth = * port = PORT_S + hosts_try_fastopen = : + hosts_require_auth = * # ----- Retry ----- diff --git a/test/confs/3404 b/test/confs/3404 index a76581de2..73cb524b0 100644 --- a/test/confs/3404 +++ b/test/confs/3404 @@ -43,8 +43,9 @@ begin transports smtp: driver = smtp - hosts_try_auth = * port = PORT_S + hosts_try_fastopen = : + hosts_try_auth = * # ----- Retry ----- diff --git a/test/confs/3405 b/test/confs/3405 index e9c7b7ea3..9f37f016b 100644 --- a/test/confs/3405 +++ b/test/confs/3405 @@ -37,8 +37,9 @@ begin transports smtp: driver = smtp + port = PORT_S + hosts_try_fastopen = : headers_add = X-TAID: >$authenticated_id< hosts_try_auth = * - port = PORT_S # End diff --git a/test/confs/3412 b/test/confs/3412 index c0a1c5509..528494356 100644 --- a/test/confs/3412 +++ b/test/confs/3412 @@ -44,6 +44,7 @@ smtp: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : hosts_try_auth = * # End diff --git a/test/confs/3416 b/test/confs/3416 index 930a2240f..eebb132f3 100644 --- a/test/confs/3416 +++ b/test/confs/3416 @@ -51,6 +51,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost hosts_try_auth = * @@ -58,6 +59,7 @@ t2: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost hosts_try_auth = * authenticated_sender= brian diff --git a/test/confs/3451 b/test/confs/3451 index c3f07b948..160f9e086 100644 --- a/test/confs/3451 +++ b/test/confs/3451 @@ -69,8 +69,9 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 + port = PORT_D + hosts_try_fastopen = : hosts_try_auth = * hosts_noproxy_tls = PEX - port = PORT_D # End diff --git a/test/confs/3452 b/test/confs/3452 index 5971c0804..108d93edc 100644 --- a/test/confs/3452 +++ b/test/confs/3452 @@ -67,8 +67,9 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_try_auth = * port = PORT_D + hosts_try_fastopen = : + hosts_try_auth = * # ----- Retry ----- diff --git a/test/confs/3455 b/test/confs/3455 index bfa30b445..591d5de37 100644 --- a/test/confs/3455 +++ b/test/confs/3455 @@ -61,6 +61,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : hosts_avoid_tls = HOSTS_AVOID_TLS hosts_require_auth = * allow_localhost diff --git a/test/confs/3461 b/test/confs/3461 index a01a8b20e..35c2a17b2 100644 --- a/test/confs/3461 +++ b/test/confs/3461 @@ -69,9 +69,10 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 + port = PORT_D + hosts_try_fastopen = : hosts_try_auth = * hosts_noproxy_tls = PEX - port = PORT_D tls_try_verify_hosts = : # End diff --git a/test/confs/3462 b/test/confs/3462 index 33fabbc04..3f8c401de 100644 --- a/test/confs/3462 +++ b/test/confs/3462 @@ -67,8 +67,9 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_try_auth = * port = PORT_D + hosts_try_fastopen = : + hosts_try_auth = * tls_try_verify_hosts = : diff --git a/test/confs/3465 b/test/confs/3465 index dfe6b9921..0d97a3a7f 100644 --- a/test/confs/3465 +++ b/test/confs/3465 @@ -61,6 +61,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : hosts_avoid_tls = HOSTS_AVOID_TLS tls_try_verify_hosts = : hosts_require_auth = * diff --git a/test/confs/3501 b/test/confs/3501 index c63e76739..b283a2d0d 100644 --- a/test/confs/3501 +++ b/test/confs/3501 @@ -43,14 +43,16 @@ begin transports smtp_try: driver = smtp - hosts_try_auth = * port = PORT_S + hosts_try_fastopen = : + hosts_try_auth = * authenticated_sender = ${if eq{$local_part}{forcesender}{force@x.y.z}fail} smtp_force: driver = smtp - hosts_require_auth = * port = PORT_S + hosts_try_fastopen = : + hosts_require_auth = * # ----- Retry ----- diff --git a/test/confs/3600 b/test/confs/3600 index f6d4f8605..e95567637 100644 --- a/test/confs/3600 +++ b/test/confs/3600 @@ -63,6 +63,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : allow_localhost hosts_require_auth = * diff --git a/test/confs/3700 b/test/confs/3700 index 6578ecb2d..39e3bcece 100644 --- a/test/confs/3700 +++ b/test/confs/3700 @@ -76,6 +76,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : allow_localhost tls_certificate = DIR/aux-fixed/cert2 tls_verify_certificates = DIR/aux-fixed/cert1 @@ -85,6 +86,7 @@ t2: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : protocol = smtps allow_localhost tls_certificate = DIR/aux-fixed/cert2 diff --git a/test/confs/3720 b/test/confs/3720 index 6d8c46730..53a68d31e 100644 --- a/test/confs/3720 +++ b/test/confs/3720 @@ -79,6 +79,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : allow_localhost tls_certificate = DIR/aux-fixed/cert2 tls_verify_certificates = DIR/aux-fixed/cert1 diff --git a/test/confs/4028 b/test/confs/4028 index 4a1f682a9..16f464cd5 100644 --- a/test/confs/4028 +++ b/test/confs/4028 @@ -48,6 +48,7 @@ begin transports my_smtp: driver = smtp port = PORT_D + hosts_try_fastopen = : socks_proxy = 127.0.0.1 port=1080 OPT tls_certificate = DIR/aux-fixed/cert2 tls_privatekey = DIR/aux-fixed/cert2 diff --git a/test/confs/4029 b/test/confs/4029 index 467d74d8d..119f8ce55 100644 --- a/test/confs/4029 +++ b/test/confs/4029 @@ -48,6 +48,7 @@ begin transports my_smtp: driver = smtp port = PORT_D + hosts_try_fastopen = : socks_proxy = 127.0.0.1 port=1080 OPT tls_certificate = DIR/aux-fixed/cert2 tls_privatekey = DIR/aux-fixed/cert2 diff --git a/test/confs/4201 b/test/confs/4201 index 17afe9f78..8ded6c27c 100644 --- a/test/confs/4201 +++ b/test/confs/4201 @@ -124,6 +124,7 @@ local_delivery: rmt_smtp: driver = smtp + hosts_try_fastopen = : .ifdef STRICT utf8_downconvert = STRICT .endif diff --git a/test/confs/4211 b/test/confs/4211 index bcd5a4fd1..e68111eb7 100644 --- a/test/confs/4211 +++ b/test/confs/4211 @@ -115,6 +115,7 @@ local_delivery: rmt_smtp: driver = smtp + hosts_try_fastopen = : hosts_require_tls = * tls_try_verify_hosts = : diff --git a/test/confs/4221 b/test/confs/4221 index bcd5a4fd1..e68111eb7 100644 --- a/test/confs/4221 +++ b/test/confs/4221 @@ -115,6 +115,7 @@ local_delivery: rmt_smtp: driver = smtp + hosts_try_fastopen = : hosts_require_tls = * tls_try_verify_hosts = : diff --git a/test/confs/4500 b/test/confs/4500 index 502de4a19..c7335327e 100644 --- a/test/confs/4500 +++ b/test/confs/4500 @@ -13,6 +13,7 @@ acl_smtp_dkim = check_dkim acl_smtp_data = check_data log_selector = +dkim_verbose +dkim_verify_hashes = sha256 : sha512 : sha1 queue_only queue_run_in_order diff --git a/test/confs/4520 b/test/confs/4520 index 1f3162342..3f49ca996 100644 --- a/test/confs/4520 +++ b/test/confs/4520 @@ -45,6 +45,7 @@ send_to_server: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : dkim_domain = test.ex .ifdef SELECTOR diff --git a/test/confs/4525 b/test/confs/4525 index f6a0258a7..e11456cd2 100644 --- a/test/confs/4525 +++ b/test/confs/4525 @@ -68,6 +68,7 @@ send_to_server: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : .ifdef FILTER transport_filter = /bin/cat - DIR/aux-fixed/TESTNUM.mlistfooter diff --git a/test/confs/4550 b/test/confs/4550 index 15178f363..4b596f300 100644 --- a/test/confs/4550 +++ b/test/confs/4550 @@ -49,6 +49,7 @@ send_to_server: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : dkim_domain = ${if def:sender_address_local_part {test.ex}} dkim_selector = sel diff --git a/test/confs/4620 b/test/confs/4620 new file mode 100644 index 000000000..5b1175a53 --- /dev/null +++ b/test/confs/4620 @@ -0,0 +1,87 @@ +# Exim test configuration 4620 + +.include DIR/aux-var/std_conf_prefix + +SRS_SECRET = mysecret + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +domainlist local_domains = test.ex +domainlist remotesite_domains = remote.ex + +log_selector = +all_parents +received_recipients +queue_only + +# ----- Routers ----- + +begin routers + +remote_bouncer: + driver = redirect + condition = ${if eq {$sender_host_address}{127.0.0.1}} + data = :fail: account disabled + allow_fail + +external: + driver = manualroute + domains = !+local_domains + route_list = remote.ex 127.0.0.1::PORT_S + self = send + transport = ${if eq {$local_part@$domain} {$original_local_part@$original_domain} \ + {to_external} {forwarded_external}} + +inbound_srs: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which are SRS'd, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + +inbound_srs_failure: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which look SRS'd but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + + +local_redirect: + driver = redirect + local_parts = redirect + data = remote_user@remote.ex + +local: + driver = accept + transport = appendfile + + +# ----- Transports ----- + +begin transports + +to_external: + driver = smtp + +forwarded_external: + driver = smtp + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + + +appendfile: + driver = appendfile + file = DIR/test-mail/$local_part + user = CALLER + +# ----- Retry ----- + +begin retry + +* * F,5d,1d + +# End diff --git a/test/confs/4700 b/test/confs/4700 index 96f3beac1..86d8b6d8d 100644 --- a/test/confs/4700 +++ b/test/confs/4700 @@ -48,6 +48,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : local_delivery: driver = appendfile diff --git a/test/confs/4800 b/test/confs/4800 index 876e81d94..f342f2822 100644 --- a/test/confs/4800 +++ b/test/confs/4800 @@ -12,3 +12,4 @@ begin routers begin transports smtp: driver = smtp + hosts_try_fastopen = : diff --git a/test/confs/4801 b/test/confs/4801 index 9a09b0289..5241ad3fa 100644 --- a/test/confs/4801 +++ b/test/confs/4801 @@ -12,3 +12,4 @@ begin routers begin transports smtp: driver = smtp + hosts_try_fastopen = : diff --git a/test/confs/4802 b/test/confs/4802 index b37eba738..47e2e6e5e 100644 --- a/test/confs/4802 +++ b/test/confs/4802 @@ -12,3 +12,4 @@ begin routers begin transports smtp: driver = smtp + hosts_try_fastopen = : diff --git a/test/confs/4803 b/test/confs/4803 index bb2afffad..41381a47f 100644 --- a/test/confs/4803 +++ b/test/confs/4803 @@ -13,3 +13,4 @@ begin routers begin transports smtp: driver = smtp + hosts_try_fastopen = : diff --git a/test/confs/4804 b/test/confs/4804 index a891d14dc..1513d4688 100644 --- a/test/confs/4804 +++ b/test/confs/4804 @@ -40,5 +40,6 @@ begin transports send_to_server: driver = smtp port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/4950 b/test/confs/4950 index 6ddee035e..c4395b514 100644 --- a/test/confs/4950 +++ b/test/confs/4950 @@ -32,6 +32,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/5204 b/test/confs/5204 index 5f379b8f1..e81c58e98 100644 --- a/test/confs/5204 +++ b/test/confs/5204 @@ -51,9 +51,11 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : other_smtp: driver = smtp + hosts_try_fastopen = : null: driver = appendfile diff --git a/test/confs/5205 b/test/confs/5205 index efa2de121..4eeee7000 100644 --- a/test/confs/5205 +++ b/test/confs/5205 @@ -27,5 +27,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/5206 b/test/confs/5206 index 37e89e65f..27aff6eba 100644 --- a/test/confs/5206 +++ b/test/confs/5206 @@ -29,6 +29,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/5208 b/test/confs/5208 index e32dcfc94..988183b36 100644 --- a/test/confs/5208 +++ b/test/confs/5208 @@ -28,5 +28,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/5300 b/test/confs/5300 index 1ba89388b..165e0ea08 100644 --- a/test/confs/5300 +++ b/test/confs/5300 @@ -19,6 +19,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Routers ----- diff --git a/test/confs/5301 b/test/confs/5301 index f727ebca0..7bc161d61 100644 --- a/test/confs/5301 +++ b/test/confs/5301 @@ -20,6 +20,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Routers ----- diff --git a/test/confs/5400 b/test/confs/5400 index 980e02a48..9693818b1 100644 --- a/test/confs/5400 +++ b/test/confs/5400 @@ -65,12 +65,14 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : headers_add = ${if def:h_X-hdr-rtr {X-hdr-tpt-new: new} {}} smtp2: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/5401 b/test/confs/5401 index 0d93fe5bc..2b1a4c43e 100644 --- a/test/confs/5401 +++ b/test/confs/5401 @@ -40,6 +40,7 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/5402 b/test/confs/5402 index 0984e0cc9..92c563230 100644 --- a/test/confs/5402 +++ b/test/confs/5402 @@ -42,6 +42,7 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/5403 b/test/confs/5403 index a4576a5aa..a95334bc5 100644 --- a/test/confs/5403 +++ b/test/confs/5403 @@ -53,12 +53,14 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : headers_add = ${if def:h_X-hdr-rtr {X-hdr-tpt-new: new} {}} smtp2: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/5410 b/test/confs/5410 index 96ec87496..e00234363 100644 --- a/test/confs/5410 +++ b/test/confs/5410 @@ -47,6 +47,7 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}} hosts_verify_avoid_tls = ${if eq {$address_data}{userz}{*}{:}} tls_try_verify_hosts = : diff --git a/test/confs/5420 b/test/confs/5420 index 44a1fdee4..488000e7a 100644 --- a/test/confs/5420 +++ b/test/confs/5420 @@ -47,6 +47,7 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}} hosts_verify_avoid_tls = ${if eq {$address_data}{userz}{*}{:}} diff --git a/test/confs/5510 b/test/confs/5510 index ab42b242e..9c01e63a7 100644 --- a/test/confs/5510 +++ b/test/confs/5510 @@ -37,6 +37,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost hosts_try_prdr = * diff --git a/test/confs/5601 b/test/confs/5601 index 9b33101b3..fdd3d80df 100644 --- a/test/confs/5601 +++ b/test/confs/5601 @@ -94,6 +94,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -107,6 +108,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -120,6 +122,7 @@ send_to_server3: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = @@ -134,6 +137,7 @@ send_to_server4: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = diff --git a/test/confs/5611 b/test/confs/5611 index 0b2be46a1..9ba6350cc 100644 --- a/test/confs/5611 +++ b/test/confs/5611 @@ -94,6 +94,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -107,6 +108,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -120,6 +122,7 @@ send_to_server3: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = @@ -134,6 +137,7 @@ send_to_server4: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = diff --git a/test/confs/5651 b/test/confs/5651 index 01fa45524..1e3ed5a1e 100644 --- a/test/confs/5651 +++ b/test/confs/5651 @@ -92,6 +92,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -105,6 +106,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -118,6 +120,7 @@ send_to_server3: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem @@ -134,6 +137,7 @@ send_to_server4: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem diff --git a/test/confs/5665 b/test/confs/5665 index da6e5197a..673ec6656 100644 --- a/test/confs/5665 +++ b/test/confs/5665 @@ -74,6 +74,7 @@ begin transports remote_delivery: driver = smtp port = PORT_D + hosts_try_fastopen = : hosts_require_tls = * .ifdef _HAVE_GNUTLS tls_require_ciphers = NONE:\ diff --git a/test/confs/5700 b/test/confs/5700 index 774e76605..758d7d16a 100644 --- a/test/confs/5700 +++ b/test/confs/5700 @@ -43,6 +43,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : command_timeout = 1s final_timeout = 1s event_action = ${acl {logger}} diff --git a/test/confs/5702 b/test/confs/5702 index dfc063fa7..e796406c8 100644 --- a/test/confs/5702 +++ b/test/confs/5702 @@ -38,6 +38,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : event_action = ${acl {logger}} # End diff --git a/test/confs/5703 b/test/confs/5703 index 267f5fc8d..becd0050c 100644 --- a/test/confs/5703 +++ b/test/confs/5703 @@ -38,6 +38,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : event_action = ${acl {logger}} # End diff --git a/test/confs/5710 b/test/confs/5710 index 85293a566..f6b97945f 100644 --- a/test/confs/5710 +++ b/test/confs/5710 @@ -95,6 +95,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key diff --git a/test/confs/5720 b/test/confs/5720 index 906266290..2c0e327ce 100644 --- a/test/confs/5720 +++ b/test/confs/5720 @@ -95,6 +95,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key diff --git a/test/confs/5730 b/test/confs/5730 index 2b32008d4..c7d07bf3c 100644 --- a/test/confs/5730 +++ b/test/confs/5730 @@ -100,6 +100,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -114,6 +115,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -128,6 +130,7 @@ send_to_server3: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem @@ -145,6 +148,7 @@ send_to_server4: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem diff --git a/test/confs/5740 b/test/confs/5740 index 53302c507..60c175b53 100644 --- a/test/confs/5740 +++ b/test/confs/5740 @@ -102,6 +102,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -115,6 +116,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -128,6 +130,7 @@ send_to_server3: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = @@ -142,6 +145,7 @@ send_to_server4: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = diff --git a/test/confs/5820 b/test/confs/5820 index b038558de..76dc75efe 100644 --- a/test/confs/5820 +++ b/test/confs/5820 @@ -66,6 +66,7 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : hosts_try_dane = CONTROL hosts_require_dane = HOSTIPV4 diff --git a/test/confs/5840 b/test/confs/5840 index bda328a97..5852ef2c0 100644 --- a/test/confs/5840 +++ b/test/confs/5840 @@ -71,6 +71,7 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : hosts_try_dane = CONTROL hosts_require_dane = HOSTIPV4 diff --git a/test/confs/5860 b/test/confs/5860 index df9115129..bef70dd18 100644 --- a/test/confs/5860 +++ b/test/confs/5860 @@ -61,6 +61,7 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : # hosts_try_dane = * hosts_require_dane = * diff --git a/test/confs/5861 b/test/confs/5861 index 93e2bb715..68c790ef6 100644 --- a/test/confs/5861 +++ b/test/confs/5861 @@ -75,6 +75,7 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : hosts_try_dane = * hosts_require_dane = HOSTIPV4 diff --git a/test/confs/5880 b/test/confs/5880 index 4becdd423..ef7c59445 100644 --- a/test/confs/5880 +++ b/test/confs/5880 @@ -61,6 +61,7 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : # hosts_try_dane = * hosts_require_dane = * diff --git a/test/confs/5890 b/test/confs/5890 index f1aa9a2ae..5b154e5db 100644 --- a/test/confs/5890 +++ b/test/confs/5890 @@ -100,6 +100,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = CDIR/CA/CA.pem tls_verify_cert_hostnames = : event_action = ${acl {log_resumption}} diff --git a/test/confs/5891 b/test/confs/5891 index 190ce2537..e0f824357 100644 --- a/test/confs/5891 +++ b/test/confs/5891 @@ -100,6 +100,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = CDIR/CA/CA.pem tls_verify_cert_hostnames = : event_action = ${acl {log_resumption}} diff --git a/test/confs/9900 b/test/confs/9900 index c042cd39a..0f25f2918 100644 --- a/test/confs/9900 +++ b/test/confs/9900 @@ -26,6 +26,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/9901 b/test/confs/9901 index 23ea43fef..a33223b05 100644 --- a/test/confs/9901 +++ b/test/confs/9901 @@ -47,6 +47,7 @@ t1: hosts = 127.0.0.1 hosts_override port = PORT_D + hosts_try_fastopen = : t2: driver = appendfile diff --git a/test/confs/9903 b/test/confs/9903 index 7ef2c620a..6f79e360e 100644 --- a/test/confs/9903 +++ b/test/confs/9903 @@ -26,6 +26,7 @@ smtp: port = PORT_S hosts = 127.0.0.1 allow_localhost + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/log/0076 b/test/log/0076 index 309897cc4..7167206fc 100644 --- a/test/log/0076 +++ b/test/log/0076 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=localuser T=local_delivery defer (2): No such file or directory: creating lock file hitching post TESTSUITE/test-mail/subdir/userx.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=localuser T=local_delivery defer (EEE): No such file or directory: creating lock file hitching post TESTSUITE/test-mail/subdir/userx.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) diff --git a/test/log/0107 b/test/log/0107 index 6ff8b61e4..8e9b58607 100644 --- a/test/log/0107 +++ b/test/log/0107 @@ -3,5 +3,5 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 == usery@test.ex R=mboxuser T=appendfile defer (-34): mailbox TESTSUITE/test-mail/../test-empty/usery does not exist, but creation outside the home directory is not permitted 1999-03-02 09:44:33 10HmaX-0005vi-00 => userz <userz@test.ex> R=mboxuser T=appendfile 1999-03-02 09:44:33 10HmaX-0005vi-00 => sub1 <sub1@test.ex> R=mboxuser T=appendfile -1999-03-02 09:44:33 10HmaX-0005vi-00 == sub2@test.ex R=mboxuser T=appendfile defer (2): No such file or directory: creating lock file hitching post TESTSUITE/test-empty/s/sub2.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) +1999-03-02 09:44:33 10HmaX-0005vi-00 == sub2@test.ex R=mboxuser T=appendfile defer (EEE): No such file or directory: creating lock file hitching post TESTSUITE/test-empty/s/sub2.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) 1999-03-02 09:44:33 10HmaX-0005vi-00 == sub3@test.ex R=mboxuser T=appendfile defer (-34): mailbox TESTSUITE/test-mail/link/sub3 does not exist, but creation outside the home directory is not permitted diff --git a/test/log/0128 b/test/log/0128 index f4abae8f1..cd115ce45 100644 --- a/test/log/0128 +++ b/test/log/0128 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=reply T=reply defer (0): Failed to open DBM file TESTSUITE/spool when sending message from reply transport: Is a directory +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=reply T=reply defer (EEE): Is a directory: Failed to open DBM file TESTSUITE/spool when sending message from reply transport: Is a directory diff --git a/test/log/0132 b/test/log/0132 index 1b6a61bca..751fdbc52 100644 --- a/test/log/0132 +++ b/test/log/0132 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=local T=appendfile defer (6): Error: while opening named pipe TESTSUITE/test-fifo (could mean no process is reading it) +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=local T=appendfile defer (EEE): Error: while opening named pipe TESTSUITE/test-fifo (could mean no process is reading it) diff --git a/test/log/0158 b/test/log/0158 index def23697d..33cf16a9e 100644 --- a/test/log/0158 +++ b/test/log/0158 @@ -5,6 +5,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=caller T=local_delivery defer (-1) 1999-03-02 09:44:33 10HmaX-0005vi-00 Frozen 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 == EXIMUSER@test.ex R=caller T=local_delivery defer (13): Permission denied: creating lock file hitching post TESTSUITE/test-mail/EXIMUSER.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) +1999-03-02 09:44:33 10HmaY-0005vi-00 == EXIMUSER@test.ex R=caller T=local_delivery defer (EEE): Permission denied: creating lock file hitching post TESTSUITE/test-mail/EXIMUSER.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 == EXIMUSER@test.ex R=caller T=local_delivery defer (13): Permission denied: creating lock file hitching post TESTSUITE/test-mail/EXIMUSER.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) +1999-03-02 09:44:33 10HmaZ-0005vi-00 == EXIMUSER@test.ex R=caller T=local_delivery defer (EEE): Permission denied: creating lock file hitching post TESTSUITE/test-mail/EXIMUSER.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) diff --git a/test/log/0224 b/test/log/0224 index 515a1f9d5..a03b4cd9b 100644 --- a/test/log/0224 +++ b/test/log/0224 @@ -8,11 +8,11 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaZ-0005vi-00 == hdefer@test.ex <useryy@test.ex> R=halias defer (-1): not just yet 1999-03-02 09:44:33 10HmaZ-0005vi-00 == defer@test.ex <userxy@test.ex> R=alias defer (-1): not just yet -1999-03-02 09:44:33 10HmaZ-0005vi-00 == /no/such/file <file@test.ex> R=alias T=address_file defer (13): Permission denied: failed to create directories for /no/such: Permission denied +1999-03-02 09:44:33 10HmaZ-0005vi-00 == /no/such/file <file@test.ex> R=alias T=address_file defer (EEE): Permission denied: failed to create directories for /no/such: Permission denied 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaZ-0005vi-00 == hdefer@test.ex <useryy@test.ex> R=halias defer (-1): not just yet 1999-03-02 09:44:33 10HmaZ-0005vi-00 == defer@test.ex <userxy@test.ex> R=alias defer (-1): not just yet -1999-03-02 09:44:33 10HmaZ-0005vi-00 == /no/such/file <file@test.ex> R=alias T=address_file defer (13): Permission denied: failed to create directories for /no/such: Permission denied +1999-03-02 09:44:33 10HmaZ-0005vi-00 == /no/such/file <file@test.ex> R=alias T=address_file defer (EEE): Permission denied: failed to create directories for /no/such: Permission denied 1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> R=10HmaZ-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmbA-0005vi-00 => CALLER <CALLER@test.ex> R=localuser T=local_delivery 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed diff --git a/test/log/0228 b/test/log/0228 index 646034c58..7ae197dd5 100644 --- a/test/log/0228 +++ b/test/log/0228 @@ -1,3 +1,3 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] Connection refused -1999-03-02 09:44:33 10HmaX-0005vi-00 == abcd@x.y.z R=all T=smtp defer (0): smtp transport found host ip4.ip4.ip4.ip4 to be local +1999-03-02 09:44:33 10HmaX-0005vi-00 == abcd@x.y.z R=all T=smtp defer (-50): smtp transport found host ip4.ip4.ip4.ip4 to be local diff --git a/test/log/0260 b/test/log/0260 index 108b9e2ac..bbde3046d 100644 --- a/test/log/0260 +++ b/test/log/0260 @@ -2,7 +2,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return@test.ex R=bad_return T=bad_return defer (-27): Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return2@test.ex R=bad_return T=bad_return defer (-27): Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" -1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.uid@test.ex R=bad_uid T=bad_uid defer (13): Permission denied: creating lock file hitching post TESTSUITE/test-mail/bad_uid.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) +1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.uid@test.ex R=bad_uid T=bad_uid defer (EEE): Permission denied: creating lock file hitching post TESTSUITE/test-mail/bad_uid.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) 1999-03-02 09:44:33 10HmaX-0005vi-00 home directory "${if rhubarb" failed to expand for exp_fail transport: unknown condition "rhubarb" 1999-03-02 09:44:33 10HmaX-0005vi-00 == exp.fail@test.ex R=exp_fail T=exp_fail defer (-27): home directory "${if rhubarb" failed to expand for exp_fail transport: unknown condition "rhubarb" 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx <userx@test.ex> R=good T=local_delivery @@ -10,7 +10,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return@test.ex R=bad_return T=bad_return defer (-27): Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return2@test.ex R=bad_return T=bad_return defer (-27): Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" -1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.uid@test.ex R=bad_uid T=bad_uid defer (13): Permission denied: creating lock file hitching post TESTSUITE/test-mail/bad_uid.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) +1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.uid@test.ex R=bad_uid T=bad_uid defer (EEE): Permission denied: creating lock file hitching post TESTSUITE/test-mail/bad_uid.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) 1999-03-02 09:44:33 10HmaX-0005vi-00 home directory "${if rhubarb" failed to expand for exp_fail transport: unknown condition "rhubarb" 1999-03-02 09:44:33 10HmaX-0005vi-00 == exp.fail@test.ex R=exp_fail T=exp_fail defer (-27): home directory "${if rhubarb" failed to expand for exp_fail transport: unknown condition "rhubarb" 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/0262 b/test/log/0262 index f918f5b8b..00f4f1894 100644 --- a/test/log/0262 +++ b/test/log/0262 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=good T=pipe defer (0): too many environment settings for pipe transport +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=good T=pipe defer (EEE): Argument list too long: too many environment settings for pipe transport diff --git a/test/log/0318 b/test/log/0318 index e85b9c343..df62c6c9f 100644 --- a/test/log/0318 +++ b/test/log/0318 @@ -2,4 +2,4 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx <userx@test.ex> R=all T=local_delivery 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 == userx@test.ex R=all T=local_delivery defer (17): File exists: while renaming TESTSUITE/test-mail/temp.pppp.the.local.host.name as TESTSUITE/test-mail/userx +1999-03-02 09:44:33 10HmaY-0005vi-00 == userx@test.ex R=all T=local_delivery defer (EEE): File exists: while renaming TESTSUITE/test-mail/temp.pppp.the.local.host.name as TESTSUITE/test-mail/userx diff --git a/test/log/0438 b/test/log/0438 index 574cf9bef..78796810d 100644 --- a/test/log/0438 +++ b/test/log/0438 @@ -2,3 +2,4 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D diff --git a/test/log/2020 b/test/log/2020 index b10c2af18..fbf9039a2 100644 --- a/test/log/2020 +++ b/test/log/2020 @@ -1,8 +1,4 @@ -1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one. - Suggested action: either install a certificate or change tls_advertise_hosts option 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@thishost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one. - Suggested action: either install a certificate or change tls_advertise_hosts option 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@thishost.test.ex R=abc T=t1 H=thishost.test.ex [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="C=UK,O=Exim Developers,CN=thishost.test.ex" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/2102 b/test/log/2102 index dfcfc1b67..91761cd68 100644 --- a/test/log/2102 +++ b/test/log/2102 @@ -41,7 +41,11 @@ 1999-03-02 09:44:33 der_b64 MIIDuDCCAqCgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwNzEUMBIGA1UEChMLZXhhbXBsZS5jb20xHzAdBgNVBAMTFmNsaWNhIFNpZ25pbmcgQ2VydCByc2EwHhcNMTIxMTAxMTI0MDA0WhcNMzcxMjAxMTI0MDA0WjAeMRwwGgYDVQQDExNzZXJ2ZXIyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52Rfiv2Igy0NiaKN5gc0VPLbEoHngkdJWv3wEORp+iFl6skQRbsCylT8djJ2pvHstFpnzSodF3Wwjj2/EDuj3iKBzN9HeXJOvJz8j9Si1xkgCxJeUjPGgYcvKdxybaZAOpi9l3xwPCCEXN4JBq/WaQQ9+eP1PczeMNfvFtXma+VcHXG743ttPOv7eSMr0JxQl3zjQvYGOhFP/KAw6jh/N6YPqii9kV0cC/ubeVzpqJ5/+hndx5YrmAu39N5qzwWujhDPkFNSgCJUhfkEiMaQiPxFxDTbUzWnQ5jpAQ5El4WJVkGWkqxose1bOjSSNzFPJt59YtxxJC3IWN3UtGODTwIDAQABo4HmMIHjMA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTgYDVR0jBEcwRYANQUFidHdDeGNYZ2IwUaExpC8wLTEUMBIGA1UEChMLZXhhbXBsZS5jb20xFTATBgNVBAMTDGNsaWNhIENBIHJzYYIBQjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vc2NwLmV4YW1wbGUuY29tLzApBgNVHREEIjAgghNzZXJ2ZXIyLmV4YW1wbGUuY29tggkqLnRlc3QuZXgwDQYJKoZIhvcNAQELBQADggEBALHOkZkvHLpNm0QSof09vmmdNFE6/+0TCIoPExeqqSOsy4NsF+Ha46WttjJRSVtbhRxF8jxEU7btPiFgQUaOcJZTwQPDhmQSOPNO8GS46oJ57aQ7U7O+X3M1sVS5Pa2IzE6vrJSh349/CNbTA8WPQdWLlxVJhJXAcZNtaEu6lCsZuDSMTpAsW5I4+snyrm3yvP5t0eD28K5LgCKePX962drkAOP6XGQ51VnbMQ7b1TSdQedtYKIpR3VKUvG5Ky/+0c+Rmwfi2aQ8oXXwekzJyS5jvovdVVsdhO68It+Rz/zursN5Pn+Gj1YuQNUs2nDrGHN+VIIFpgWUjLZO4bcJctY= 1999-03-02 09:44:33 cipher: TLS1.x:ke-RSA-AES256-SHAnnn:xxx 1999-03-02 09:44:33 cipher_ TLS1.x:ke_RSA_WITH_ci_mac +<<<<<<< HEAD 1999-03-02 09:44:33 ver: TLS1.x +======= +1999-03-02 09:44:33 ver: TLSv1.x +>>>>>>> 4.next 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server2.example.com" S=sss 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 Our cert SN: <CN=server1.example_ec.com> diff --git a/test/log/2120 b/test/log/2120 index 6c4b0cac8..8057655d7 100644 --- a/test/log/2120 +++ b/test/log/2120 @@ -1,8 +1,4 @@ -1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one. - Suggested action: either install a certificate or change tls_advertise_hosts option 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@thishost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one. - Suggested action: either install a certificate or change tls_advertise_hosts option 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=thishost.test.ex 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@thishost.test.ex R=abc T=t1 H=thishost.test.ex [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=Exim Developers/CN=thishost.test.ex" C="250 OK id=10HmaY-0005vi-00" diff --git a/test/log/4520 b/test/log/4520 index ecb7432c7..610738e21 100644 --- a/test/log/4520 +++ b/test/log/4520 @@ -23,7 +23,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 failed to expand dkim_timestamps: unknown variable in "${bogus}" 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: message could not be signed, and dkim_strict is set. Deferring message delivery. 1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: send() to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] failed: failed to expand dkim_timestamps: unknown variable in "${bogus}": No such file or directory -1999-03-02 09:44:33 10HmaX-0005vi-00 == e0@test.ex R=client T=send_to_server defer (2): No such file or directory H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: send() to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] failed: failed to expand dkim_timestamps: unknown variable in "${bogus}" +1999-03-02 09:44:33 10HmaX-0005vi-00 == e0@test.ex R=client T=send_to_server defer (EEE): No such file or directory H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: send() to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] failed: failed to expand dkim_timestamps: unknown variable in "${bogus}" 1999-03-02 09:44:33 10HmaX-0005vi-00 ** e0@test.ex: retry timeout exceeded 1999-03-02 09:44:33 10HmaX-0005vi-00 e0@test.ex: error ignored 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/4525 b/test/log/4525 index 9e770e9bf..f4b7496d5 100644 --- a/test/log/4525 +++ b/test/log/4525 @@ -4,9 +4,15 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for b@test.ex 1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for b@test.ex -1999-03-02 09:44:33 10HmbB-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for c@test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 => c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] K C="250- 7nn byte chunk, total 7nn\\n250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for b@test.ex +1999-03-02 09:44:33 10HmbD-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for c@test.ex +1999-03-02 09:44:33 10HmbF-0005vi-00 => c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] K C="250- 7nn byte chunk, total 7nn\\n250 OK id=10HmbG-0005vi-00" +1999-03-02 09:44:33 10HmbF-0005vi-00 Completed ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D @@ -25,6 +31,18 @@ 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbC-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From 1999-03-02 09:44:33 10HmbC-0005vi-00 data acl: dkim status pass -1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss DKIM=test.ex id=E10HmbB-0005vi-00@myhost.test.ex for b@test.ex -1999-03-02 09:44:33 10HmbC-0005vi-00 => b <b@test.ex> R=server_store T=file +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp K S=sss DKIM=test.ex id=E10HmbB-0005vi-00@myhost.test.ex for c@test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 => c <c@test.ex> R=server_store T=file 1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbE-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbE-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss DKIM=test.ex id=E10HmbD-0005vi-00@myhost.test.ex for b@test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 => b <b@test.ex> R=server_store T=file +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbG-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbG-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp K S=sss DKIM=test.ex id=E10HmbF-0005vi-00@myhost.test.ex for c@test.ex +1999-03-02 09:44:33 10HmbG-0005vi-00 => c <c@test.ex> R=server_store T=file +1999-03-02 09:44:33 10HmbG-0005vi-00 Completed diff --git a/test/log/4620 b/test/log/4620 new file mode 100644 index 000000000..5e4413a3e --- /dev/null +++ b/test/log/4620 @@ -0,0 +1,16 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss for redirect@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => remote_user@remote.ex <redirect@test.ex> R=external T=forwarded_external H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmaY-0005vi-00 ** remote_user@remote.ex R=remote_bouncer: account disabled +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> R=10HmaY-0005vi-00 U=EXIMUSER P=local S=sss for SRS0=ZZZZ=YY=the.local.host.name=CALLER@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER <SRS0=ZZZZ=YY=the.local.host.name=CALLER@test.ex> R=local T=appendfile +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:PORT_S +1999-03-02 09:44:33 10HmaY-0005vi-00 <= SRS0=ZZZZ=YY=the.local.host.name=CALLER@test.ex H=localhost (the.local.host.name) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@the.local.host.name for remote_user@remote.ex diff --git a/test/log/5900 b/test/log/5900 index 8b273b8a9..cb074258c 100644 --- a/test/log/5900 +++ b/test/log/5900 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=scan T=scan defer (2): No such file or directory: scan transport accessing directory: TESTSUITE/test-mail/subdir failed with error: No such file or directory +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=scan T=scan defer (EEE): No such file or directory: scan transport accessing directory: TESTSUITE/test-mail/subdir failed with error: No such file or directory diff --git a/test/mail/4525.b b/test/mail/4525.b index a1e2a87d8..6cd2538e0 100644 --- a/test/mail/4525.b +++ b/test/mail/4525.b @@ -28,7 +28,7 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) by myhost.test.ex with esmtp (Exim x.yz) (envelope-from <CALLER@myhost.test.ex>) - id 10HmbC-0005vi-00 + id 10HmbE-0005vi-00 for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL @@ -37,10 +37,10 @@ DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; ygZGjs=; Received: from CALLER by myhost.test.ex with local (Exim x.yz) (envelope-from <CALLER@myhost.test.ex>) - id 10HmbB-0005vi-00 + id 10HmbD-0005vi-00 for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 From: nobody@example.com -Message-Id: <E10HmbB-0005vi-00@myhost.test.ex> +Message-Id: <E10HmbD-0005vi-00@myhost.test.ex> Sender: CALLER_NAME <CALLER@myhost.test.ex> Date: Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/mail/4525.c b/test/mail/4525.c new file mode 100644 index 000000000..1032c0d83 --- /dev/null +++ b/test/mail/4525.c @@ -0,0 +1,52 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@myhost.test.ex>) + id 10HmbC-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL + wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM + ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL + ygZGjs=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from <CALLER@myhost.test.ex>) + id 10HmbB-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: <E10HmbB-0005vi-00@myhost.test.ex> +Sender: CALLER_NAME <CALLER@myhost.test.ex> +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- + +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from <CALLER@myhost.test.ex>) + id 10HmbG-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL + wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM + ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL + ygZGjs=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from <CALLER@myhost.test.ex>) + id 10HmbF-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: <E10HmbF-0005vi-00@myhost.test.ex> +Sender: CALLER_NAME <CALLER@myhost.test.ex> +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- + diff --git a/test/mail/4620.CALLER b/test/mail/4620.CALLER new file mode 100644 index 000000000..8daaeed5f --- /dev/null +++ b/test/mail/4620.CALLER @@ -0,0 +1,56 @@ +From MAILER-DAEMON Tue Mar 02 09:44:33 1999 +Received: from EXIMUSER by the.local.host.name with local (Exim x.yz) + id 10HmaZ-0005vi-00 + for SRS0=ZZZZ=YY=the.local.host.name=CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +X-Failed-Recipients: remote_user@remote.ex +Auto-Submitted: auto-replied +From: Mail Delivery System <Mailer-Daemon@the.local.host.name> +To: SRS0=ZZZZ=YY=the.local.host.name=CALLER@test.ex +References: <E10HmaX-0005vi-00@the.local.host.name> +Content-Type: multipart/report; report-type=delivery-status; boundary=NNNNNNNNNN-eximdsn-MMMMMMMMMM +MIME-Version: 1.0 +Subject: Mail delivery failed: returning message to sender +Message-Id: <E10HmaZ-0005vi-00@the.local.host.name> +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM +Content-type: text/plain; charset=us-ascii + +This message was created automatically by mail delivery software. + +A message that you sent could not be delivered to one or more of its +recipients. This is a permanent error. The following address(es) failed: + + remote_user@remote.ex + account disabled + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM +Content-type: message/delivery-status + +Reporting-MTA: dns; the.local.host.name + +Action: failed +Final-Recipient: rfc822;remote_user@remote.ex +Status: 5.0.0 + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM +Content-type: message/rfc822 + +Return-path: <SRS0=ZZZZ=YY=the.local.host.name=CALLER@test.ex> +Received: from localhost ([127.0.0.1] helo=the.local.host.name) + by the.local.host.name with esmtp (Exim x.yz) + (envelope-from <SRS0=ZZZZ=YY=the.local.host.name=CALLER@test.ex>) + id 10HmaY-0005vi-00 + for remote_user@remote.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Received: from CALLER by the.local.host.name with local (Exim x.yz) + (envelope-from <CALLER@the.local.host.name>) + id 10HmaX-0005vi-00 + for redirect@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: <E10HmaX-0005vi-00@the.local.host.name> +From: CALLER_NAME <CALLER@the.local.host.name> +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +Message body + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM-- + diff --git a/test/msglog/0076.10HmaX-0005vi-00 b/test/msglog/0076.10HmaX-0005vi-00 index 74759feaf..bb191544e 100644 --- a/test/msglog/0076.10HmaX-0005vi-00 +++ b/test/msglog/0076.10HmaX-0005vi-00 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 Received from CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 userx@test.ex R=localuser T=local_delivery defer (2): No such file or directory: creating lock file hitching post TESTSUITE/test-mail/subdir/userx.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) +1999-03-02 09:44:33 userx@test.ex R=localuser T=local_delivery defer (EEE): No such file or directory: creating lock file hitching post TESTSUITE/test-mail/subdir/userx.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) diff --git a/test/msglog/0107.10HmaX-0005vi-00 b/test/msglog/0107.10HmaX-0005vi-00 index 70d900d58..b9feb505a 100644 --- a/test/msglog/0107.10HmaX-0005vi-00 +++ b/test/msglog/0107.10HmaX-0005vi-00 @@ -3,5 +3,5 @@ 1999-03-02 09:44:33 usery@test.ex R=mboxuser T=appendfile defer (-34): mailbox TESTSUITE/test-mail/../test-empty/usery does not exist, but creation outside the home directory is not permitted 1999-03-02 09:44:33 userz@test.ex: appendfile transport succeeded 1999-03-02 09:44:33 sub1@test.ex: appendfile transport succeeded -1999-03-02 09:44:33 sub2@test.ex R=mboxuser T=appendfile defer (2): No such file or directory: creating lock file hitching post TESTSUITE/test-empty/s/sub2.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) +1999-03-02 09:44:33 sub2@test.ex R=mboxuser T=appendfile defer (EEE): No such file or directory: creating lock file hitching post TESTSUITE/test-empty/s/sub2.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) 1999-03-02 09:44:33 sub3@test.ex R=mboxuser T=appendfile defer (-34): mailbox TESTSUITE/test-mail/link/sub3 does not exist, but creation outside the home directory is not permitted diff --git a/test/msglog/0128.10HmaX-0005vi-00 b/test/msglog/0128.10HmaX-0005vi-00 index 8493cf790..930261ebb 100644 --- a/test/msglog/0128.10HmaX-0005vi-00 +++ b/test/msglog/0128.10HmaX-0005vi-00 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 Received from CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 userx@test.ex R=reply T=reply defer (0): Failed to open DBM file TESTSUITE/spool when sending message from reply transport: Is a directory +1999-03-02 09:44:33 userx@test.ex R=reply T=reply defer (EEE): Is a directory: Failed to open DBM file TESTSUITE/spool when sending message from reply transport: Is a directory diff --git a/test/msglog/0132.10HmaX-0005vi-00 b/test/msglog/0132.10HmaX-0005vi-00 index bd92670e0..da30e099b 100644 --- a/test/msglog/0132.10HmaX-0005vi-00 +++ b/test/msglog/0132.10HmaX-0005vi-00 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 Received from CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 userx@test.ex R=local T=appendfile defer (6): Error: while opening named pipe TESTSUITE/test-fifo (could mean no process is reading it) +1999-03-02 09:44:33 userx@test.ex R=local T=appendfile defer (EEE): Error: while opening named pipe TESTSUITE/test-fifo (could mean no process is reading it) diff --git a/test/paniclog/5900 b/test/paniclog/5900 index 70058d78e..80190a952 100644 --- a/test/paniclog/5900 +++ b/test/paniclog/5900 @@ -1 +1 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=scan T=scan defer (2): No such file or directory: scan transport accessing directory: TESTSUITE/test-mail/subdir failed with error: No such file or directory +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=scan T=scan defer (EEE): No such file or directory: scan transport accessing directory: TESTSUITE/test-mail/subdir failed with error: No such file or directory diff --git a/test/runtest b/test/runtest index 87c78070e..f53b9d72b 100755 --- a/test/runtest +++ b/test/runtest @@ -933,6 +933,11 @@ RESET_AFTER_EXTRA_LINE_READ: last if !defined $_; + # SRS timestamps and signatures vary by hostname and from run to run + + s/SRS0=....=..=[^=]+=[^@]+\@test.ex/SRS0=ZZZZ=YY=the.local.host.name=CALLER\@test.ex/; + + # ======== Output from the "fd" program about open descriptors ======== # The statuses seem to be different on different operating systems, but # at least we'll still be checking the number of open fd's. @@ -1040,6 +1045,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/(?<=^>>>>>>>>>>>>>>>> Exim pid=)\d+(?= terminating)/pppp/; s/^(proxy-proc \w{5}-pid) \d+$/$1 pppp/; + s/^(?:\s*\d+ )(exec .* -oPX)$/pppp $1/; # IP address lookups use gethostbyname() when IPv6 is not supported, # and gethostbyname2() or getipnodebyname() when it is. @@ -1057,6 +1063,9 @@ RESET_AFTER_EXTRA_LINE_READ: next if /OpenSSL compile-time version: OpenSSL \d+[\.\da-z]+/; next if /OpenSSL runtime version: OpenSSL \d+[\.\da-z]+/; + # this is timing-dependent + next if /^OpenSSL: creating STEK$/; + # drop lookups next if /^Lookups \(built-in\):/; next if /^Loading lookup modules from/; @@ -1254,7 +1263,7 @@ RESET_AFTER_EXTRA_LINE_READ: next if /^DKIM \[[^[]+\] (Header hash|b) computed:/; # Not all platforms support TCP Fast Open, and the compile omits the check - if (s/\S+ in hosts_try_fastopen\? (no \(option unset\)|yes \(matched "\*"\))\n$//) + if (s/\S+ in hosts_try_fastopen\? (no \(option unset\)|no \(end of list\)|yes \(matched "\*"\))\n$//) { chomp; $_ .= <IN>; @@ -1311,6 +1320,10 @@ RESET_AFTER_EXTRA_LINE_READ: # Platform differences in errno strings s/ SMTP\(Operation timed out\)<</ SMTP(Connection timed out)<</; + # Platform differences for errno values (eg. Hurd) + s/^errno = \d+$/errno = EEE/; + s/^writing error \d+: /writing error EEE: /; + # When Exim is checking the size of directories for maildir, it uses # the check_dir_size() function to scan directories. Of course, the order # of the files that are obtained using readdir() varies from system to @@ -1405,6 +1418,8 @@ RESET_AFTER_EXTRA_LINE_READ: s/(?:\[[^\]]*\]:|port )\K$parm_port_n/PORT_N/; s/I=\[[^\]]*\]:\K\d+/ppppp/; + # Platform differences for errno values (eg. Hurd). Leave 0 and negative numbers alone. + s/R=\w+ T=\w+ defer\K \([1-9]\d*\): / (EEE): /; } # ======== mail ======== @@ -1546,7 +1561,7 @@ if (! -e $sf_current) log_failure($log_failed_filename, $testno, $rf); log_test($log_summary_filename, $testno, 'F') if ($force_continue); } - return 1 if /^c$/i && $rf !~ /paniclog/ && $rsf !~ /paniclog/; + return 1 if /^c$/i && $rf !~ /paniclog/ && (!defined $rsf || $rsf !~ /paniclog/); last if (/^[sc]$/); } @@ -3450,7 +3465,7 @@ while (not ($parm_ipv4 and $parm_ipv6) and defined($_ = <IFCONFIG>)) { if (/^(?:[0-9]+: )?([a-z0-9]+): /) { $ifname = $1; } - if (not $parm_ipv4 and /^\s*inet(?:\saddr)?:?\s?(\d+\.\d+\.\d+\.\d+)(?:\/\d+)?\s/i) + if (not $parm_ipv4 and /^\s*inet(?:\saddr(?:ess))?:?\s*(\d+\.\d+\.\d+\.\d+)(?:\/\d+)?\s/i) { # It would be nice to be able to vary the /16 used for manyhome; we could take # an option to runtest used here - but we'd also have to pass it on to fakens. @@ -3460,7 +3475,7 @@ while (not ($parm_ipv4 and $parm_ipv6) and defined($_ = <IFCONFIG>)) } if ( (not $parm_ipv6 or $parm_ipv6 =~ /%/) - and /^\s*inet6(?:\saddr)?:?\s?([abcdef\d:]+)(?:%[^ \/]+)?(?:\/\d+)?/i) + and /^\s*inet6(?:\saddr(?:ess))?:?\s*([abcdef\d:]+)(?:%[^ \/]+)?(?:\/\d+)?/i) { next if $1 eq '::' or $1 eq '::1' or $1 =~ /^ff00/i or $1 =~ /^fe80::1/i; $parm_ipv6 = $1; diff --git a/test/scripts/0000-Basic/0438 b/test/scripts/0000-Basic/0438 index 099efba0d..a8287cf9f 100644 --- a/test/scripts/0000-Basic/0438 +++ b/test/scripts/0000-Basic/0438 @@ -8,3 +8,16 @@ killdaemon exim -d -DSERVER=server -bd -oX PORT_D -oP DIR/spool/exim-daemon.anotherpid **** killdaemon +# +# Check for a SIGTERM daemon kill removing the pid file +exim -d -DSERVER=server -bd -oX PORT_D -oP DIR/spool/mypidfile +**** +sleep 1 +ls DIR/spool +sudo perl +open(IN, "<", "DIR/spool/mypidfile"); +while (<IN>) { kill "TERM", $_; } +**** +sleep 1 +ls DIR/spool +# diff --git a/test/scripts/1990-TCP-Fast-Open/1990 b/test/scripts/1990-TCP-Fast-Open/1990 index 1fc4682aa..80059e685 100644 --- a/test/scripts/1990-TCP-Fast-Open/1990 +++ b/test/scripts/1990-TCP-Fast-Open/1990 @@ -22,6 +22,11 @@ # which might do the job. But how to manipulate it? # # +# FreeBSD: it looks like you have to compile a custom kernel, with +# 'options TCP_RFC7413' in the config. Also set +# 'net.inet.tcp.fastopen.server_enable=1' in /etc/sysctl.conf +# Seems to always claim TFO used by transport, if tried. +# sudo perl system ("tc qdisc add dev lo root netem delay 50ms"); **** @@ -50,11 +55,6 @@ system ("ip tcp_metrics delete 127.0.0.1"); # # # -# FreeBSD: it looks like you have to compile a custom kernel, with -# 'options TCP_RFC7413' in the config. Also set -# 'net.inet.tcp.fastopen.enabled=1' in /etc/sysctl.conf -# Untested. -# exim -DSERVER=server -bd -oX PORT_D **** # diff --git a/test/scripts/3300-crypteq/3300 b/test/scripts/3300-crypteq/3300 index 2ca0fdd12..fb3a617ab 100644 --- a/test/scripts/3300-crypteq/3300 +++ b/test/scripts/3300-crypteq/3300 @@ -2,6 +2,11 @@ exim -be badCrypt: ${if crypteq{MySecret}{}{yes}{no}} + +# Defined-routine, and default, crypt mehods. These fail on FreeBSD because +# the crypt() call does something different to that on Linux. The output +# is therefore different, and the compare fails. + mySecret: ${if crypteq{MySecret}{azrazPWCQJhyg}{yes}{no}} mySecret: ${if crypteq{MySecret}{aarazPWCQJhyg}{yes}{no}} mySecret: ${if crypteq{MySecret}{\{crypt\}azrazPWCQJhyg}{yes}{no}} @@ -12,19 +17,23 @@ crypt16: ${if crypteq{MySecretRhubarb}{\{crypt\}azrazPWCQJhyg}{yes}{no}} crypt16: ${if crypteq{MySecretRhubarb}{\{crypt16\}azrazPWCQJhyg}{yes}{no}} crypt16: ${if crypteq{MySecretRhubarb}{\{CRYPT16\}azrazPWCQJhygdJWzb77lQMA}{yes}{no}} -test: ${if crypteq{test}{\{md5\}CY9rzUYh03PK3k6DJie09g==}{yes}{no}} -test: ${if crypteq{test}{\{MD5\}CY9rzUYh03PK3k6DJie09g==}{yes}{no}} -test: ${if crypteq{test}{\{md5\}AY9rzUYh03PK3k6DJie09g==}{yes}{no}} -test: ${if crypteq{test}{\{md5\}098f6bcd4621d373cade4e832627b4f6}{yes}{no}} -test: ${if crypteq{test}{\{md5\}198f6bcd4621d373cade4e832627b4f6}{yes}{no}} -test: ${if crypteq{test}{\{md5\}098f6bcd4621d373cade4e832627b4f}{yes}{no}} -abc: ${if crypteq{abc}{\{sha1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} -abc: ${if crypteq{abc}{\{SHA1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} -abc: ${if crypteq{abc}{\{sha1\}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=}{yes}{no}} -abd: ${if crypteq{abd}{\{sha1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} +# Defined-algo methods. + +md5: ${if crypteq{test}{\{md5\}CY9rzUYh03PK3k6DJie09g==}{yes}{no}} +md5: ${if crypteq{test}{\{MD5\}CY9rzUYh03PK3k6DJie09g==}{yes}{no}} +md5: ${if crypteq{test}{\{md5\}AY9rzUYh03PK3k6DJie09g==}{yes}{no}} +md5: ${if crypteq{test}{\{md5\}098f6bcd4621d373cade4e832627b4f6}{yes}{no}} +md5: ${if crypteq{test}{\{md5\}198f6bcd4621d373cade4e832627b4f6}{yes}{no}} +md5: ${if crypteq{test}{\{md5\}098f6bcd4621d373cade4e832627b4f}{yes}{no}} + +sha1: ${if crypteq{abc}{\{sha1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} +sha1: ${if crypteq{abc}{\{SHA1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} +sha1: ${if crypteq{abc}{\{sha1\}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=}{yes}{no}} +sha1: ${if crypteq{abd}{\{sha1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} + -# Combinations +# Combinations. These fail on FreeBSD as above. y: ${if and {{crypteq{MySecret}{azrazPWCQJhyg}}{exists{/etc/passwd}}}{Y}{N}} y: ${if or {{crypteq{MySecret}{azrazQWCQJhyg}}{exists{/etc/passwd}}}{Y}{N}} diff --git a/test/scripts/4500-DKIM/4525 b/test/scripts/4500-DKIM/4525 index ead35d647..dced4ae46 100644 --- a/test/scripts/4500-DKIM/4525 +++ b/test/scripts/4500-DKIM/4525 @@ -19,13 +19,13 @@ From: nobody@example.com content **** millisleep 500 -## with transport_filter and CHUNKING -#exim -DOPT=From -DFILTER=y -DALLOW=y -odf c@test.ex -#From: nobody@example.com -# -#content -#**** -#millisleep 500 +# with transport_filter and CHUNKING +exim -DOPT=From -DFILTER=y -DALLOW=y -odf c@test.ex +From: nobody@example.com + +content +**** +millisleep 500 # # for comparison, mails that should get identical sigs, though not using a transport_filter exim -DOPT=From -odf b@test.ex @@ -38,16 +38,16 @@ This is a generic mailinglist footer, using a traditional .sig-separator line ---- **** millisleep 500 -#exim -DOPT=From -DALLOW=y -odf c@test.ex -#From: nobody@example.com -# -#content -# -#-- -#This is a generic mailinglist footer, using a traditional .sig-separator line -#---- -#**** -#millisleep 500 +exim -DOPT=From -DALLOW=y -odf c@test.ex +From: nobody@example.com + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- +**** +millisleep 500 # # killdaemon diff --git a/test/scripts/4620-SRS/4620 b/test/scripts/4620-SRS/4620 new file mode 100644 index 000000000..4a126b8b9 --- /dev/null +++ b/test/scripts/4620-SRS/4620 @@ -0,0 +1,16 @@ +# SRS native implementation +# +exim -bd -DSERVER=server -oX 127.0.0.1:PORT_S +**** +# Inject a message; will be passed on to remote and queued there +exim -odi redirect@test.ex +Message body +**** +# Run the queue for the remote, will generate bounce which is queued +exim -q +**** +# Run the queue for the remote, will send bounce to origin +exim -q +**** +# +killdaemon diff --git a/test/scripts/4620-SRS/REQUIRES b/test/scripts/4620-SRS/REQUIRES new file mode 100644 index 000000000..7286713d6 --- /dev/null +++ b/test/scripts/4620-SRS/REQUIRES @@ -0,0 +1,2 @@ +support Experimental_SRS +feature _HAVE_NATIVE_SRS diff --git a/test/stderr/0084 b/test/stderr/0084 index 45c7bd0f4..2b2f39621 100644 --- a/test/stderr/0084 +++ b/test/stderr/0084 @@ -53,7 +53,7 @@ checking require_files file check: ! TESTSUITE/aux-fixed/0084.$local_part expanded file: TESTSUITE/aux-fixed/0084.no stat() yielded -1 -errno = 2 +errno = EEE calling smart router smart router called for no@myhost.test.ex domain = myhost.test.ex diff --git a/test/stderr/0370 b/test/stderr/0370 index b2483cf21..ff8ccb065 100644 --- a/test/stderr/0370 +++ b/test/stderr/0370 @@ -24,7 +24,7 @@ direct command: argv[0] = 'TESTSUITE/bin/iefbr14' Writing message to pipe writing data block fd=dddd size=sss timeout=3600 -writing error 32: Broken pipe +writing error EEE: Broken pipe transport error EPIPE ignored t1 transport yielded 0 t1 transport returned OK for |TESTSUITE/bin/iefbr14 diff --git a/test/stderr/0438 b/test/stderr/0438 index f44d7bb76..bac5bc1a6 100644 --- a/test/stderr/0438 +++ b/test/stderr/0438 @@ -36,3 +36,24 @@ LOG: MAIN set_process_info: pppp daemon(x.yz): no queue runs, listening for SMTP on port 1225 daemon running with uid=EXIM_UID gid=EXIM_GID euid=EXIM_UID egid=EXIM_GID Listening... +Exim version x.yz .... +changed uid/gid: forcing real = effective + uid=uuuu gid=CALLER_GID pid=pppp +configuration file is TESTSUITE/test-config +admin user +dropping to exim gid; retaining priv uid +originator: uid=CALLER_UID gid=CALLER_GID login=CALLER name=CALLER_NAME +daemon_smtp_port overridden by -oX: + <: 1225 +listening on all interfaces (IPv4) port 1225 +pid written to TESTSUITE/spool/mypidfile +changed uid/gid: running as a daemon + uid=EXIM_UID gid=EXIM_GID pid=pppp +LOG: MAIN + exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +set_process_info: pppp daemon(x.yz): no queue runs, listening for SMTP on port 1225 +daemon running with uid=EXIM_UID gid=EXIM_GID euid=EXIM_UID egid=EXIM_GID +Listening... +pppp exec TESTSUITE/eximdir/exim -DEXIM_PATH=TESTSUITE/eximdir/exim -DSERVER=server -C TESTSUITE/test-config -d=0xf7795cfd -oP TESTSUITE/spool/mypidfile -oPX +search_tidyup called +>>>>>>>>>>>>>>>> Exim pid=pppp (daemon) terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/4507 b/test/stderr/4507 index 48d4d9fa9..1c45d0955 100644 --- a/test/stderr/4507 +++ b/test/stderr/4507 @@ -9,22 +9,22 @@ >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) >>> xxx in helo_lookup_domains? no (end of list) ->>> processing "accept" (TESTSUITE/test-config 43) +>>> processing "accept" (TESTSUITE/test-config 44) >>> accept: condition test succeeded in inline ACL >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_dkim" ->>> processing "warn" (TESTSUITE/test-config 34) +>>> processing "warn" (TESTSUITE/test-config 35) >>> check logwrite = signer: $dkim_cur_signer bits: $dkim_key_length >>> = signer: test.ex bits: 1024 LOG: 10HmaX-0005vi-00 signer: test.ex bits: 1024 >>> warn: condition test succeeded in ACL "check_dkim" ->>> processing "accept" (TESTSUITE/test-config 37) +>>> processing "accept" (TESTSUITE/test-config 38) >>> accept: condition test succeeded in ACL "check_dkim" >>> end of ACL "check_dkim": ACCEPT LOG: 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] >>> using ACL "check_data" ->>> processing "accept" (TESTSUITE/test-config 41) +>>> processing "accept" (TESTSUITE/test-config 42) >>> check logwrite = ${authresults {$primary_hostname}} >>> = Authentication-Results: myhost.test.ex; >>> dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 diff --git a/test/stderr/5204 b/test/stderr/5204 index 1f927a485..f84acadd8 100644 --- a/test/stderr/5204 +++ b/test/stderr/5204 @@ -242,7 +242,7 @@ some.name in helo_lookup_domains? no (end of list) host in dsn_advertise_hosts? no (option unset) host in pipelining_advertise_hosts? yes (matched "*") host in chunking_advertise_hosts? no (end of list) -processing "accept" (TESTSUITE/test-config 76) +processing "accept" (TESTSUITE/test-config 78) check verify = recipient >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> routing "FAIL cannot route this one (FAIL)"@some.host diff --git a/test/stderr/5410 b/test/stderr/5410 index 0461d84ed..b29fee2e7 100644 --- a/test/stderr/5410 +++ b/test/stderr/5410 @@ -131,7 +131,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 55) +processing "accept" (TESTSUITE/test-config 56) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA @@ -373,7 +373,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 55) +processing "accept" (TESTSUITE/test-config 56) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA @@ -615,7 +615,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 55) +processing "accept" (TESTSUITE/test-config 56) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA diff --git a/test/stderr/5420 b/test/stderr/5420 index b0f1f0a09..b06eb8d33 100644 --- a/test/stderr/5420 +++ b/test/stderr/5420 @@ -132,7 +132,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 54) +processing "accept" (TESTSUITE/test-config 55) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA @@ -374,7 +374,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 54) +processing "accept" (TESTSUITE/test-config 55) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA @@ -616,7 +616,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 54) +processing "accept" (TESTSUITE/test-config 55) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA diff --git a/test/stderr/5820 b/test/stderr/5820 index 21d5127ff..032f2b9f3 100644 --- a/test/stderr/5820 +++ b/test/stderr/5820 @@ -9,7 +9,7 @@ >>> host in helo_verify_hosts? no (option unset) >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) ->>> processing "accept" (TESTSUITE/test-config 86) +>>> processing "accept" (TESTSUITE/test-config 87) >>> check verify = recipient/callout >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing rcptuser@dane256ee.test.ex diff --git a/test/stderr/5840 b/test/stderr/5840 index bc9b18c84..dbd4d235c 100644 --- a/test/stderr/5840 +++ b/test/stderr/5840 @@ -9,7 +9,7 @@ >>> host in helo_verify_hosts? no (option unset) >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) ->>> processing "accept" (TESTSUITE/test-config 91) +>>> processing "accept" (TESTSUITE/test-config 92) >>> check verify = recipient/callout >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing rcptuser@dane256ee.test.ex diff --git a/test/stdout/0438 b/test/stdout/0438 new file mode 100644 index 000000000..431c133d8 --- /dev/null +++ b/test/stdout/0438 @@ -0,0 +1,3 @@ +log +mypidfile +log diff --git a/test/stdout/0572 b/test/stdout/0572 index 40c8b3529..4d428078f 100644 --- a/test/stdout/0572 +++ b/test/stdout/0572 @@ -58,7 +58,7 @@ no_hosts_randomize hosts_require_auth = hosts_try_auth = hosts_try_chunking = * -hosts_try_fastopen = * +hosts_try_fastopen = : hosts_try_prdr = * interface = ip4.ip4.ip4.ip4 keepalive @@ -111,6 +111,7 @@ begin transports driver = smtp interface = ip4.ip4.ip4.ip4 port = 1224 + hosts_try_fastopen = : debug_print = transport_name <$transport_name> # Exim Configuration (X) # 1 "TESTSUITE/test-config" @@ -148,4 +149,5 @@ my_smtp: driver = smtp interface = ip4.ip4.ip4.ip4 port = 1224 +hosts_try_fastopen = : debug_print = transport_name <$transport_name> diff --git a/test/stdout/3300 b/test/stdout/3300 index e12e7c319..f05d8cbfb 100644 --- a/test/stdout/3300 +++ b/test/stdout/3300 @@ -1,4 +1,9 @@ > badCrypt: no +> +> # Defined-routine, and default, crypt mehods. These fail on FreeBSD because +> # the crypt() call does something different to that on Linux. The output +> # is therefore different, and the compare fails. +> > mySecret: yes > mySecret: no > mySecret: yes @@ -9,19 +14,23 @@ > crypt16: no > crypt16: yes > -> test: yes -> test: yes -> test: no -> test: yes -> test: no -> test: no > -> abc: yes -> abc: yes -> abc: yes -> abd: no +> # Defined-algo methods. +> +> md5: yes +> md5: yes +> md5: no +> md5: yes +> md5: no +> md5: no +> +> sha1: yes +> sha1: yes +> sha1: yes +> sha1: no +> > -> # Combinations +> # Combinations. These fail on FreeBSD as above. > > y: Y > y: Y |