summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorPhilip Hazel <ph10@hermes.cam.ac.uk>2006-10-16 13:43:21 +0000
committerPhilip Hazel <ph10@hermes.cam.ac.uk>2006-10-16 13:43:21 +0000
commit7befa435e5664f43d90bf5a2703fcf4f2a26139e (patch)
treed7a68a4c1938902e3cf52ca953b332b211c44338 /doc
parentbb7277654ad306e5385a0ae779761504f8012e08 (diff)
Update Dovecot authenticator to (a) lock out tabs (b) add extra
parameters "secured" and "valid-client-cert" when relevant.
Diffstat (limited to 'doc')
-rw-r--r--doc/doc-txt/ChangeLog12
-rw-r--r--doc/doc-txt/NewStuff8
2 files changed, 17 insertions, 3 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2355e01fc..124101d78 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.408 2006/10/16 10:58:39 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.409 2006/10/16 13:43:21 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -65,7 +65,7 @@ PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_
addresses), $smtp_active_hostname is used.
PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various
- tweaks were necessary in order to get it to work:
+ tweaks were necessary in order to get it to work (see also 21 below):
(a) The code assumed that strncpy() returns a negative number on buffer
overflow, which isn't the case. Replaced with Exim's string_format()
function.
@@ -142,6 +142,14 @@ PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a
effect of slowing Exim down by computing (never used) parameters for the
RSA_EXPORT functionality.
+PH/21 On the advice of Timo Sirainen, added a check to the dovecot
+ authenticator to fail if there's a tab character in the incoming data
+ (there should never be unless someone is messing about, as it's supposed
+ to be base64-encoded). Also added, on Timo's advice, the "secured" option
+ if the connection is using TLS or if the remote IP is the same as the
+ local IP, and the "valid-client-cert option" if a client certificate has
+ been verified.
+
Exim version 4.63
-----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 4ee55fdcf..b66cfb593 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.115 2006/10/03 15:11:22 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.116 2006/10/16 13:43:21 ph10 Exp $
New Features in Exim
--------------------
@@ -72,6 +72,12 @@ Version 4.64
server_name = /var/run/dovecot/auth-client
server_setid = $auth1
+ If the SMTP connection is encrypted, or if $sender_host_address is equal to
+ $interface_address (that is, the connection is local), the "secured" option
+ is passed in the Dovecot authentication command. If, for a TLS connection, a
+ client certificate has been verified, the "valid-client-cert" option is
+ passed.
+
4. The variable $message_headers_raw provides a concatenation of all the
messages's headers without any decoding. This is in contrast to
$message_headers, which does RFC2047 decoding on the header contents.