Support REQUIRETLS

author: Jeremy Harris <jgh146exb@wizmail.org> 2018-07-27 17:56:39 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2018-07-27 17:56:39 +0100
commit: 8ac90765750f87c573300b9e953af3d8090cab8b (patch)
tree: 47278e6cdac764dc65ebcf14bea7ec1781a1fb21 /test
parent: 8d3dc2397dd769bf4654b0678be8d2acf0956ddd (diff)
26 files changed, 769 insertions, 14 deletions
diff --git a/test/aux-var-src/tls_conf_prefix b/test/aux-var-src/tls_conf_prefix
index e357b996d..aa29a2c85 100644
--- a/test/aux-var-src/tls_conf_prefix
+++ b/test/aux-var-src/tls_conf_prefix
@@ -13,3 +13,7 @@ gecos_pattern = ""
 gecos_name = CALLER_NAME
 dns_cname_loops = 9
 chunking_advertise_hosts =
+
+.ifdef _HAVE_REQTLS
+tls_advertise_requiretls =
+.endif
diff --git a/test/confs/0900 b/test/confs/0900
index 9a856899a..869084dd8 100644
--- a/test/confs/0900
+++ b/test/confs/0900
@@ -13,6 +13,9 @@ gecos_pattern = ""
 gecos_name = CALLER_NAME
 chunking_advertise_hosts = *
 tls_advertise_hosts = ${if eq {SRV}{tls} {*}}
+.ifdef _HAVE_REQTLS
+tls_advertise_requiretls = :
+.endif
 
 
 # ----- Main settings -----
@@ -64,7 +67,7 @@ begin routers
 to_server:
   driver = accept
   condition =	${if !eq {SERVER}{server}}
-  transport =	remote_smtp${if eq {OPT}{dkim} {_dkim}}
+  transport =	remote_smtp${if eq {SRV}{dkim} {_dkim}}
   errors_to =	""
 
 fail_remote_domains:
@@ -109,7 +112,7 @@ remote_smtp_dkim:
   command_timeout = 2s
   final_timeout = 2s
 
-.ifdef OPT
+.ifdef SRV
   dkim_domain =		test.ex
   dkim_selector =	sel
   dkim_private_key =	DIR/aux-fixed/dkim/dkim.private
diff --git a/test/confs/2108 b/test/confs/2108
index f09213be9..9b926bf6e 100644
--- a/test/confs/2108
+++ b/test/confs/2108
@@ -22,7 +22,6 @@ tls_advertise_hosts = *
 
 tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
 
-
 # ------ ACL ------
 
 begin acl
diff --git a/test/confs/5650 b/test/confs/5650
index ef73220fd..840b74ce0 100644
--- a/test/confs/5650
+++ b/test/confs/5650
@@ -23,7 +23,7 @@ tls_advertise_hosts = *
 tls_certificate = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem
 tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key
 tls_crl = CRL
-tls_ocsp_file = OPT
+tls_ocsp_file = OPTION
 
 #tls_verify_hosts = HOSTIPV4
 #tls_try_verify_hosts = *
diff --git a/test/confs/5910 b/test/confs/5910
new file mode 100644
index 000000000..2437758bf
--- /dev/null
+++ b/test/confs/5910
@@ -0,0 +1,133 @@
+# Exim test configuration 5910
+
+SERVER=
+
+# advertise REQUIRETLS unless commandline override
+SRV= *
+# set on commandline to add an extra rcpt-time acl condition
+ACL=
+
+exim_path = EXIM_PATH
+keep_environment =
+host_lookup_order = bydns
+spool_directory = DIR/spool
+
+.ifdef SERVER
+log_file_path = DIR/spool/log/SERVER%slog
+.else
+log_file_path = DIR/spool/log/%slog
+.endif
+
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+chunking_advertise_hosts =
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_mail = m
+acl_smtp_rcpt = r
+acl_not_smtp = n
+
+log_selector =  +tls_peerdn +received_recipients
+
+queue_only
+queue_run_in_order
+
+tls_advertise_hosts = *
+tls_advertise_requiretls = SRV
+
+# Set certificate only if server
+
+tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_privatekey = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+
+#tls_verify_hosts = *
+#tls_verify_certificates = ${if eq {SERVER}{server}{DIR/aux-fixed/cert2}fail}
+
+
+# ----- ACL -----
+
+begin acl
+
+m:
+  accept        senders = :
+  deny		condition = ${if eq {SERVER}{server}}
+		!sender_domains = test.ex : myhost.test.ex
+  accept
+ 
+r:
+  warn		condition = ${if eq {SERVER}{server}}
+		logwrite = requiretls: $requiretls
+
+# define this to upgrade messages to REQUIRETLS
+.ifdef OPT
+  warn
+		condition = ${if !bool{$requiretls}}
+		logwrite = upgrading
+		control = requiretls
+.endif
+  accept	ACL
+
+n:
+.ifdef OPT
+  accept
+		condition = ${if !bool{$requiretls}}
+		logwrite = upgrading
+		control = requiretls
+.endif
+  accept
+# ----- Routers -----
+
+begin routers
+
+bounces:
+  driver = redirect
+  condition = ${if !def:sender_address}
+  condition = ${if first_delivery}
+  data = :defer:
+  allow_defer
+
+final:
+  driver = accept
+  condition = ${if eq {$received_ip_address}{HOSTIPV4} {yes}{no}}
+  transport = file_a_bounce
+
+client:
+  driver = accept
+  transport = send_to_server
+
+
+# ----- Transports -----
+
+begin transports
+
+file_a_bounce:
+  driver = appendfile
+  delivery_date_add
+  envelope_to_add
+  file = DIR/test-mail/$local_part
+  return_path_add
+  user = CALLER
+
+send_to_server:
+  driver = smtp
+  allow_localhost
+  hosts = HOSTIPV4
+  port = PORT_D
+  tls_certificate = DIR/aux-fixed/cert2
+  tls_privatekey = DIR/aux-fixed/cert2
+  tls_verify_certificates = DIR/aux-fixed/cert2
+  tls_try_verify_hosts = :
+
+
+# ----- Retry -----
+
+
+begin retry
+
+* * F,5d,10s
+
+
+# End
diff --git a/test/confs/5911 b/test/confs/5911
new file mode 120000
index 000000000..0cfc51380
--- /dev/null
+++ b/test/confs/5911
@@ -0,0 +1 @@
+5910
+\ No newline at end of file
diff --git a/test/confs/5912 b/test/confs/5912
new file mode 120000
index 000000000..0cfc51380
--- /dev/null
+++ b/test/confs/5912
@@ -0,0 +1 @@
+5910
+\ No newline at end of file
diff --git a/test/log/5910 b/test/log/5910
new file mode 100644
index 000000000..3442b6e73
--- /dev/null
+++ b/test/log/5910
@@ -0,0 +1,23 @@
+1999-03-02 09:44:33 Start queue run: pid=pppp
+1999-03-02 09:44:33 10HmaX-0005vi-00 => dump@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS_proto_and_cipher CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp
+1999-03-02 09:44:33 Start queue run: pid=pppp
+1999-03-02 09:44:33 10HmaY-0005vi-00 => dump <dump@test.ex> R=final T=file_a_bounce
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp
+1999-03-02 09:44:33 upgrading
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-smtp S=sss for b@test.ex
+1999-03-02 09:44:33 Start queue run: pid=pppp
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS_proto_and_cipher CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 requiretls: yes
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= a@test.ex H=(test.ex) [127.0.0.1] P=esmtpS X=TLS_proto_and_cipher CV=no S=sss for dump@test.ex
+1999-03-02 09:44:33 requiretls: yes
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= a@test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtpS X=TLS_proto_and_cipher CV=no S=sss for dump@test.ex
+1999-03-02 09:44:33 requiretls: yes
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtpS X=TLS_proto_and_cipher CV=no S=sss id=E10HmaZ-0005vi-00@myhost.test.ex for b@test.ex
diff --git a/test/log/5911 b/test/log/5911
new file mode 100644
index 000000000..974888d9e
--- /dev/null
+++ b/test/log/5911
@@ -0,0 +1,72 @@
+1999-03-02 09:44:33 upgrading
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-smtp S=sss for a@test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 ** a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: a TLS session is required, but the server did not offer TLS support
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss for CALLER@myhost.test.ex
+1999-03-02 09:44:33 10HmaY-0005vi-00 == CALLER@myhost.test.ex R=bounces defer (-1): 
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmaY-0005vi-00 => CALLER@myhost.test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS_proto_and_cipher CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 upgrading
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local-smtp S=sss for b@test.ex
+1999-03-02 09:44:33 10HmbA-0005vi-00 ** b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS_proto_and_cipher CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock": REQUIRETLS support is required from the server but it was not offered
+1999-03-02 09:44:33 10HmbB-0005vi-00 <= <> R=10HmbA-0005vi-00 U=EXIMUSER P=local S=sss for CALLER@myhost.test.ex
+1999-03-02 09:44:33 10HmbB-0005vi-00 == CALLER@myhost.test.ex R=bounces defer (-1): 
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmaZ-0005vi-00 == CALLER@myhost.test.ex R=bounces defer (-1): 
+1999-03-02 09:44:33 10HmbB-0005vi-00 ** CALLER@myhost.test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS_proto_and_cipher CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock": REQUIRETLS support is required from the server but it was not offered
+1999-03-02 09:44:33 10HmbB-0005vi-00 Frozen (delivery error message)
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER <CALLER@myhost.test.ex> R=final T=file_a_bounce
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 Message is frozen
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbB-0005vi-00 Message is frozen
+1999-03-02 09:44:33 10HmbC-0005vi-00 ** d@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS_proto_and_cipher CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock": REQUIRETLS support is required from the server but it was not offered
+1999-03-02 09:44:33 10HmbD-0005vi-00 <= <> R=10HmbC-0005vi-00 U=EXIMUSER P=local S=sss for b@test.ex
+1999-03-02 09:44:33 10HmbC-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbB-0005vi-00 Message is frozen
+1999-03-02 09:44:33 10HmbD-0005vi-00 == b@test.ex R=bounces defer (-1): 
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbE-0005vi-00 upgrading
+1999-03-02 09:44:33 10HmbE-0005vi-00 <= a@serverrefusethis.ex U=root P=local S=sss for c@test.ex
+1999-03-02 09:44:33 10HmbE-0005vi-00 ** c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS_proto_and_cipher CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock": SMTP error from remote mail server after pipelined MAIL FROM:<a@serverrefusethis.ex> SIZE=ssss REQUIRETLS: 550 Administrative prohibition
+1999-03-02 09:44:33 10HmbF-0005vi-00 <= <> R=10HmbE-0005vi-00 U=EXIMUSER P=local S=sss for a@serverrefusethis.ex
+1999-03-02 09:44:33 10HmbF-0005vi-00 == a@serverrefusethis.ex R=bounces defer (-1): 
+1999-03-02 09:44:33 10HmbE-0005vi-00 Completed
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbB-0005vi-00 Message is frozen
+1999-03-02 09:44:33 10HmbD-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS_proto_and_cipher CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbG-0005vi-00"
+1999-03-02 09:44:33 10HmbD-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbB-0005vi-00 Message is frozen
+1999-03-02 09:44:33 10HmbF-0005vi-00 => a@serverrefusethis.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] X=TLS_proto_and_cipher CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbH-0005vi-00"
+1999-03-02 09:44:33 10HmbF-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+1999-03-02 09:44:33 Start queue run: pid=pppp -qf
+1999-03-02 09:44:33 10HmbB-0005vi-00 Message is frozen
+1999-03-02 09:44:33 10HmbG-0005vi-00 == b@test.ex R=bounces defer (-1): 
+1999-03-02 09:44:33 10HmbH-0005vi-00 == a@serverrefusethis.ex R=bounces defer (-1): 
+1999-03-02 09:44:33 End queue run: pid=pppp -qf
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 requiretls: yes
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtpS X=TLS_proto_and_cipher CV=no S=sss id=E10HmaY-0005vi-00@myhost.test.ex for CALLER@myhost.test.ex
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1224
+1999-03-02 09:44:33 requiretls: yes
+1999-03-02 09:44:33 10HmbC-0005vi-00 <= b@test.ex H=(test.ex) [127.0.0.1] P=esmtpS X=TLS_proto_and_cipher CV=no S=sss for d@test.ex
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] X=TLS_proto_and_cipher CV=no rejected MAIL <a@serverrefusethis.ex>
+1999-03-02 09:44:33 requiretls: yes
+1999-03-02 09:44:33 10HmbG-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtpS X=TLS_proto_and_cipher CV=no S=sss id=E10HmbD-0005vi-00@myhost.test.ex for b@test.ex
+1999-03-02 09:44:33 requiretls: yes
+1999-03-02 09:44:33 10HmbH-0005vi-00 <= <> H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtpS X=TLS_proto_and_cipher CV=no S=sss id=E10HmbF-0005vi-00@myhost.test.ex for a@serverrefusethis.ex
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
diff --git a/test/log/5912 b/test/log/5912
new file mode 100644
index 000000000..72e9c45e4
--- /dev/null
+++ b/test/log/5912
@@ -0,0 +1,10 @@
+1999-03-02 09:44:33 upgrading
+1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <a@test.ex>: ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] : a TLS session is required, but the server did not offer TLS support
+1999-03-02 09:44:33 upgrading
+1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <b@test.ex>: ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] : REQUIRETLS support is required from the server but it was not offered
+1999-03-02 09:44:33 upgrading
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 requiretls: yes
diff --git a/test/mail/3700.smtps b/test/mail/3700.smtps
index eea14193f..e00ff4dc2 100644
--- a/test/mail/3700.smtps
+++ b/test/mail/3700.smtps
@@ -3,7 +3,7 @@ Authentication-Results: myhost.test.ex;
 	iprev=pass (localhost) smtp.client-ip=127.0.0.1;
 	auth=pass (tls) x509.auth="Phil Pennock"
 Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
-	by myhost.test.ex with esmtpsa (TLSv1:ke-RSA-AES256-SHA:xxx)
+	by myhost.test.ex with esmtpsa (TLS_proto_and_cipher)
 	(Exim x.yz)
 	(envelope-from <ok@test.ex>)
 	id 10HmbA-0005vi-00
diff --git a/test/mail/3700.x b/test/mail/3700.x
index 9413a73e1..138bcfb45 100644
--- a/test/mail/3700.x
+++ b/test/mail/3700.x
@@ -3,7 +3,7 @@ Authentication-Results: myhost.test.ex;
 	iprev=pass (localhost) smtp.client-ip=127.0.0.1;
 	auth=pass (tls) x509.auth="Phil Pennock"
 Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
-	by myhost.test.ex with esmtpsa (TLSv1:ke-RSA-AES256-SHA:xxx)
+	by myhost.test.ex with esmtpsa (TLS_proto_and_cipher)
 	(Exim x.yz)
 	(envelope-from <ok@test.ex>)
 	id 10HmaZ-0005vi-00
diff --git a/test/mail/5910.dump b/test/mail/5910.dump
new file mode 100644
index 000000000..08957f32f
--- /dev/null
+++ b/test/mail/5910.dump
@@ -0,0 +1,20 @@
+From a@test.ex Tue Mar 02 09:44:33 1999
+Return-path: <a@test.ex>
+Envelope-to: dump@test.ex
+Delivery-date: Tue, 2 Mar 1999 09:44:33 +0000
+Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex)
+	by myhost.test.ex with esmtpS (TLS_proto_and_cipher)
+	(Exim x.yz)
+	(envelope-from <a@test.ex>)
+	id 10HmaY-0005vi-00
+	for dump@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Received: from [127.0.0.1] (helo=test.ex)
+	by myhost.test.ex with esmtpS (TLS_proto_and_cipher)
+	(Exim x.yz)
+	(envelope-from <a@test.ex>)
+	id 10HmaX-0005vi-00
+	for dump@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Subject: foo
+
+content
+
diff --git a/test/mail/5911.CALLER b/test/mail/5911.CALLER
new file mode 100644
index 000000000..5410100a3
--- /dev/null
+++ b/test/mail/5911.CALLER
@@ -0,0 +1,62 @@
+From MAILER-DAEMON Tue Mar 02 09:44:33 1999
+Return-path: <>
+Envelope-to: CALLER@myhost.test.ex
+Delivery-date: Tue, 2 Mar 1999 09:44:33 +0000
+Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex)
+	by myhost.test.ex with esmtpS (TLS_proto_and_cipher)
+	(Exim x.yz)
+	id 10HmaZ-0005vi-00
+	for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Received: from EXIMUSER by myhost.test.ex with local (Exim x.yz)
+	id 10HmaY-0005vi-00
+	for CALLER@myhost.test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+X-Failed-Recipients: a@test.ex
+Auto-Submitted: auto-replied
+From: Mail Delivery System <Mailer-Daemon@myhost.test.ex>
+To: CALLER@myhost.test.ex
+Content-Type: multipart/report; report-type=delivery-status; boundary=NNNNNNNNNN-eximdsn-MMMMMMMMMM
+MIME-Version: 1.0
+Subject: Mail delivery failed: returning message to sender
+Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+--NNNNNNNNNN-eximdsn-MMMMMMMMMM
+Content-type: text/plain; charset=us-ascii
+
+This message was created automatically by mail delivery software.
+
+A message that you sent could not be delivered to one or more of its
+recipients. This is a permanent error. The following address(es) failed:
+
+  a@test.ex
+  host ipv4.ipv4.ipv4.ipv4 [ipv4.ipv4.ipv4.ipv4]
+
+--NNNNNNNNNN-eximdsn-MMMMMMMMMM
+Content-type: message/delivery-status
+
+Reporting-MTA: dns; myhost.test.ex
+
+Action: failed
+Final-Recipient: rfc822;a@test.ex
+Status: 5.0.0
+Remote-MTA: dns; ip4.ip4.ip4.ip4
+Remote-MTA: X-ip; [ip4.ip4.ip4.ip4]:1111
+X-Remote-MTA-smtp-greeting: X-str; 220 Hi there
+X-Remote-MTA-helo-response: X-str; 250 wotcher
+X-Exim-Diagnostic: X-str; a TLS session is required, but the server did not offer TLS support
+
+--NNNNNNNNNN-eximdsn-MMMMMMMMMM
+Content-type: message/rfc822
+
+Return-path: <CALLER@myhost.test.ex>
+Received: from CALLER by myhost.test.ex with local-smtp (Exim x.yz)
+	(envelope-from <CALLER@myhost.test.ex>)
+	id 10HmaX-0005vi-00
+	for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+From: CALLER_NAME <CALLER@myhost.test.ex>
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+
+--NNNNNNNNNN-eximdsn-MMMMMMMMMM--
+
diff --git a/test/rejectlog/5911 b/test/rejectlog/5911
new file mode 100644
index 000000000..68f7409ea
--- /dev/null
+++ b/test/rejectlog/5911
@@ -0,0 +1,3 @@
+
+******** SERVER ********
+1999-03-02 09:44:33 H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] X=TLS_proto_and_cipher CV=no rejected MAIL <a@serverrefusethis.ex>
diff --git a/test/rejectlog/5912 b/test/rejectlog/5912
new file mode 100644
index 000000000..dcd150564
--- /dev/null
+++ b/test/rejectlog/5912
@@ -0,0 +1,2 @@
+1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <a@test.ex>: ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] : a TLS session is required, but the server did not offer TLS support
+1999-03-02 09:44:33 U=CALLER F=<CALLER@myhost.test.ex> rejected RCPT <b@test.ex>: ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] : REQUIRETLS support is required from the server but it was not offered
diff --git a/test/runtest b/test/runtest
index 102ec9ffc..9f556660d 100755
--- a/test/runtest
+++ b/test/runtest
@@ -1101,6 +1101,9 @@ RESET_AFTER_EXTRA_LINE_READ:
     # Experimental_International
     next if / in smtputf8_advertise_hosts\? no \(option unset\)/;
 
+    # Experimental_REQUIRETLS
+    next if / in tls_advertise_requiretls?\? no \(end of list\)/;
+
     # Environment cleaning
     next if /\w+ in keep_environment\? (yes|no)/;
 
@@ -1584,7 +1587,15 @@ $munges =
     { 'stderr' => 's/(1[5-9]|23\d)\d\d msec/ssss msec/' },
 
     'tls_anycipher' =>
-    { 'mainlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /' },
+    { 'mainlog'   => 's! X=TLS\S+ ! X=TLS_proto_and_cipher !;
+		      s! DN="C=! DN="/C=!;
+		      s! DN="[^,"]*\K,!/!;
+		      s! DN="[^,"]*\K,!/!;
+		      s! DN="[^,"]*\K,!/!;
+		     ',
+      'rejectlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /',
+      'mail'      => 's/ \(TLS[^)]*\)/ (TLS_proto_and_cipher)/',
+    },
 
     'debug_pid' =>
     { 'stderr' => 's/(^\s{0,4}|(?<=Process )|(?<=child ))\d{1,5}/ppppp/g' },
diff --git a/test/scripts/4500-DKIM/4521 b/test/scripts/4500-DKIM/4521
index 7b341521f..3a78b020d 100644
--- a/test/scripts/4500-DKIM/4521
+++ b/test/scripts/4500-DKIM/4521
@@ -1,10 +1,10 @@
-# DKIM signing, with CHUNKING, stdin
+# DKIM signing, with CHUNKING
 #
 exim -bd -DSERVER=server -oX PORT_S
 ****
 #
 # single header signed, short message
-exim -DOPT=dkim -DLIST=From -odf -oMt sender -f sender a@test.ex
+exim -DSRV=dkim -DLIST=From -odf -oMt sender -f sender a@test.ex
 From: nobody@example.com
 From: second@example.com
 
@@ -12,7 +12,7 @@ content
 ****
 #
 # single header signed, long message
-exim -DOPT=dkim -DLIST=From -odf -oMt sender -f sender b@test.ex
+exim -DSRV=dkim -DLIST=From -odf -oMt sender -f sender b@test.ex
 From: nobody@example.com
 From: second@example.com
 
diff --git a/test/scripts/5650-OCSP-GnuTLS/5650 b/test/scripts/5650-OCSP-GnuTLS/5650
index f67111424..78c0afd61 100644
--- a/test/scripts/5650-OCSP-GnuTLS/5650
+++ b/test/scripts/5650-OCSP-GnuTLS/5650
@@ -6,7 +6,7 @@ exim -z '1: Server sends good staple on request'
 ****
 #
 exim -bd -oX PORT_D -DSERVER=server \
- -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+ -DOPTION=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
 ****
 client-gnutls \
  -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
@@ -36,7 +36,7 @@ exim -z '2: Server does not staple an outdated response'
 ****
 #
 exim -bd -oX PORT_D -DSERVER=server \
- -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
+ -DOPTION=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.dated.resp
 ****
 # XXX test sequence might not be quite right; this is for a server refusal
 # and we're expecting a client refusal.
@@ -62,7 +62,7 @@ exim -z '3: Server does not staple a response for a revoked cert'
 ****
 #
 exim -bd -oX PORT_D -DSERVER=server \
- -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
+ -DOPTION=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.revoked.resp
 ****
 client-gnutls \
  -ocsp aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem \
@@ -88,7 +88,7 @@ exim -z '4: Connection functions when server is prepared to staple but client do
 ****
 #
 exim -bd -oX PORT_D -DSERVER=server \
- -DOPT=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
+ -DOPTION=DIR/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.ocsp.good.resp
 ****
 #
 client-gnutls \
diff --git a/test/scripts/5910-REQUIRETLS/5910 b/test/scripts/5910-REQUIRETLS/5910
new file mode 100644
index 000000000..d1bbb61cb
--- /dev/null
+++ b/test/scripts/5910-REQUIRETLS/5910
@@ -0,0 +1,64 @@
+# REQUIRETLS basics
+#
+munge tls_anycipher
+#
+# Server advertises feature, onward transmission, observability
+exim -DSERVER=server -bd -oX PORT_D
+****
+#
+client-ssl 127.0.0.1 PORT_D
+??? 220
+EHLO test.ex
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-PIPELINING
+??? 250-STARTTLS
+??? 250 HELP
+STARTTLS
+??? 220
+EHLO test.ex
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-PIPELINING
+??? 250-REQUIRETLS
+??? 250 HELP
+MAIL FROM:<a@test.ex> REQUIRETLS
+??? 250
+RCPT TO:<dump@test.ex>
+??? 250
+DATA
+??? 354
+Subject: foo
+
+content
+.
+??? 250
+QUIT
+??? 221
+****
+#
+exim -q
+****
+exim -q
+****
+#
+#
+# upgrade in-MTA
+exim -DOPT=y -bs
+MAIL FROM:<a@test.ex>
+RCPT TO:<b@test.ex>
+DATA
+Subject: foo
+
+content 
+.
+QUIT
+****
+#
+exim -q
+****
+#
+killdaemon
+no_msglog_check
diff --git a/test/scripts/5910-REQUIRETLS/5911 b/test/scripts/5910-REQUIRETLS/5911
new file mode 100644
index 000000000..c744d8ab5
--- /dev/null
+++ b/test/scripts/5910-REQUIRETLS/5911
@@ -0,0 +1,125 @@
+# REQUIRETLS bounce cases
+#
+munge tls_anycipher
+#
+# Server does not offer STARTTLS
+server PORT_D
+220 Hi there
+EHLO
+250 wotcher
+QUIT
+*eof
+****
+exim -DOPT=requiretls -odf -bs
+MAIL FROM:<a@test.ex>
+RCPT TO:<a@test.ex>
+DATA
+
+.
+QUIT
+****
+# ... the resulting bounce must be delivered with REQUIRETLS
+exim -DSERVER=server -bd -oX PORT_D
+****
+exim -qf
+****
+killdaemon
+#
+#
+# Server does not offer REQUIRETLS
+# Client message upgraded in-MTA for "require"
+exim -DSERVER=server -DSRV='' -bd -oX PORT_D
+****
+exim -DOPT=requiretls -odf -bs
+MAIL FROM:<b@test.ex>
+RCPT TO:<b@test.ex>
+DATA
+
+.
+QUIT
+****
+exim -qf
+****
+exim -qf
+****
+killdaemon
+#
+#
+# Server does not offer REQUIRETLS
+# Client message received with REQUIRETLS
+exim -DSERVER=server -bd -oX PORT_S
+****
+client-ssl 127.0.0.1 PORT_S
+??? 220
+EHLO test.ex
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-PIPELINING
+??? 250-STARTTLS
+??? 250 HELP
+STARTTLS
+??? 220
+EHLO test.ex
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-PIPELINING
+??? 250-REQUIRETLS
+??? 250 HELP
+MAIL FROM:<b@test.ex> REQUIRETLS
+??? 250
+RCPT TO:<d@test.ex>
+??? 250
+DATA
+??? 354
+Subject: foo
+
+content
+.
+??? 250
+QUIT
+??? 221
+****
+killdaemon
+exim -DSERVER=server -DSRV='' -bd -oX PORT_D
+****
+exim -qf
+****
+exim -qf
+****
+killdaemon
+#
+#
+# Server refuses MAIL
+exim -DSERVER=server -bd -oX PORT_D
+****
+sudo exim -DOPT=requiretls -odf -f a@serverrefusethis.ex c@test.ex
+
+****
+exim -qf
+****
+exim -qf
+****
+killdaemon
+#
+# Server does not advertise REQUIRETLS, client tries to use it anyway
+exim -DSERVER=server -bd -oX PORT_D
+****
+client-ssl 127.0.0.1 PORT_D
+??? 220
+EHLO test.ex
+??? 250-
+??? 250-SIZE
+??? 250-8BITMIME
+??? 250-PIPELINING
+??? 250-STARTTLS
+??? 250 HELP
+MAIL FROM:<d@test.ex> REQUIRETLS
+??? 555
+QUIT
+??? 221
+???*eof
+****
+killdaemon
+no_msglog_check
diff --git a/test/scripts/5910-REQUIRETLS/5912 b/test/scripts/5910-REQUIRETLS/5912
new file mode 100644
index 000000000..87fe85e5b
--- /dev/null
+++ b/test/scripts/5910-REQUIRETLS/5912
@@ -0,0 +1,37 @@
+# REQUIRETLS smtp-time fails
+# Test these by having the MTA do a receipient-verify callout
+#
+# Server does not offer STARTTLS
+server PORT_D
+220 Hi there
+EHLO
+250 wotcher
+QUIT
+*eof
+****
+exim -DOPT=requiretls -DACL=verify=recipient/callout -odf -bs
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<a@test.ex>
+QUIT
+****
+#
+# Sever does not offer REQUIRETLS
+exim -DSERVER=server -DSRV='' -bd -oX PORT_D
+****
+exim -DOPT=requiretls -DACL=verify=recipient/callout -odf -bs
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<b@test.ex>
+QUIT
+****
+killdaemon
+#
+# Accepted callout
+exim -DSERVER=server -bd -oX PORT_D
+****
+exim -DOPT=requiretls -DACL=verify=recipient/callout -odf -bs
+MAIL FROM:<CALLER@myhost.test.ex>
+RCPT TO:<c@test.ex>
+QUIT
+****
+killdaemon
+#
diff --git a/test/scripts/5910-REQUIRETLS/REQUIRES b/test/scripts/5910-REQUIRETLS/REQUIRES
new file mode 100644
index 000000000..963233532
--- /dev/null
+++ b/test/scripts/5910-REQUIRETLS/REQUIRES
@@ -0,0 +1,2 @@
+support Experimental_REQUIRETLS
+running IPv4
diff --git a/test/stdout/5910 b/test/stdout/5910
new file mode 100644
index 000000000..692038d4f
--- /dev/null
+++ b/test/stdout/5910
@@ -0,0 +1,60 @@
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> EHLO test.ex
+??? 250-
+<<< 250-myhost.test.ex Hello test.ex [127.0.0.1]
+??? 250-SIZE
+<<< 250-SIZE 52428800
+??? 250-8BITMIME
+<<< 250-8BITMIME
+??? 250-PIPELINING
+<<< 250-PIPELINING
+??? 250-STARTTLS
+<<< 250-STARTTLS
+??? 250 HELP
+<<< 250 HELP
+>>> STARTTLS
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> EHLO test.ex
+??? 250-
+<<< 250-myhost.test.ex Hello test.ex [127.0.0.1]
+??? 250-SIZE
+<<< 250-SIZE 52428800
+??? 250-8BITMIME
+<<< 250-8BITMIME
+??? 250-PIPELINING
+<<< 250-PIPELINING
+??? 250-REQUIRETLS
+<<< 250-REQUIRETLS
+??? 250 HELP
+<<< 250 HELP
+>>> MAIL FROM:<a@test.ex> REQUIRETLS
+??? 250
+<<< 250 OK
+>>> RCPT TO:<dump@test.ex>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> Subject: foo
+>>> 
+>>> content
+>>> .
+??? 250
+<<< 250 OK id=10HmaX-0005vi-00
+>>> QUIT
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+250 Accepted
+354 Enter message, ending with "." on a line by itself
+250 OK id=10HmaZ-0005vi-00
+221 myhost.test.ex closing connection
diff --git a/test/stdout/5911 b/test/stdout/5911
new file mode 100644
index 000000000..fb126b38d
--- /dev/null
+++ b/test/stdout/5911
@@ -0,0 +1,101 @@
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+250 Accepted
+354 Enter message, ending with "." on a line by itself
+250 OK id=10HmaX-0005vi-00
+221 myhost.test.ex closing connection
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+250 Accepted
+354 Enter message, ending with "." on a line by itself
+250 OK id=10HmbA-0005vi-00
+221 myhost.test.ex closing connection
+Connecting to 127.0.0.1 port 1224 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> EHLO test.ex
+??? 250-
+<<< 250-myhost.test.ex Hello test.ex [127.0.0.1]
+??? 250-SIZE
+<<< 250-SIZE 52428800
+??? 250-8BITMIME
+<<< 250-8BITMIME
+??? 250-PIPELINING
+<<< 250-PIPELINING
+??? 250-STARTTLS
+<<< 250-STARTTLS
+??? 250 HELP
+<<< 250 HELP
+>>> STARTTLS
+??? 220
+<<< 220 TLS go ahead
+Attempting to start TLS
+SSL connection using ke-RSA-AES256-SHA
+Succeeded in starting TLS
+>>> EHLO test.ex
+??? 250-
+<<< 250-myhost.test.ex Hello test.ex [127.0.0.1]
+??? 250-SIZE
+<<< 250-SIZE 52428800
+??? 250-8BITMIME
+<<< 250-8BITMIME
+??? 250-PIPELINING
+<<< 250-PIPELINING
+??? 250-REQUIRETLS
+<<< 250-REQUIRETLS
+??? 250 HELP
+<<< 250 HELP
+>>> MAIL FROM:<b@test.ex> REQUIRETLS
+??? 250
+<<< 250 OK
+>>> RCPT TO:<d@test.ex>
+??? 250
+<<< 250 Accepted
+>>> DATA
+??? 354
+<<< 354 Enter message, ending with "." on a line by itself
+>>> Subject: foo
+>>> 
+>>> content
+>>> .
+??? 250
+<<< 250 OK id=10HmbC-0005vi-00
+>>> QUIT
+??? 221
+<<< 221 myhost.test.ex closing connection
+End of script
+Connecting to 127.0.0.1 port 1225 ... connected
+??? 220
+<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+>>> EHLO test.ex
+??? 250-
+<<< 250-myhost.test.ex Hello test.ex [127.0.0.1]
+??? 250-SIZE
+<<< 250-SIZE 52428800
+??? 250-8BITMIME
+<<< 250-8BITMIME
+??? 250-PIPELINING
+<<< 250-PIPELINING
+??? 250-STARTTLS
+<<< 250-STARTTLS
+??? 250 HELP
+<<< 250 HELP
+>>> MAIL FROM:<d@test.ex> REQUIRETLS
+??? 555
+<<< 555 unadvertised MAIL option: REQUIRETLS
+>>> QUIT
+??? 221
+<<< 221 myhost.test.ex closing connection
+???*eof
+Expected EOF read
+End of script
+
+******** SERVER ********
+Listening on port 1225 ... 
+Connection request from [ip4.ip4.ip4.ip4]
+220 Hi there
+EHLO myhost.test.ex
+250 wotcher
+QUIT
+Expected EOF read from client
+End of script
diff --git a/test/stdout/5912 b/test/stdout/5912
new file mode 100644
index 000000000..5dddcc040
--- /dev/null
+++ b/test/stdout/5912
@@ -0,0 +1,22 @@
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+530 5.7.4 REQUIRETLS support required
+221 myhost.test.ex closing connection
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+530 5.7.4 REQUIRETLS support required
+221 myhost.test.ex closing connection
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+250 OK
+250 Accepted
+221 myhost.test.ex closing connection
+
+******** SERVER ********
+Listening on port 1225 ... 
+Connection request from [ip4.ip4.ip4.ip4]
+220 Hi there
+EHLO myhost.test.ex
+250 wotcher
+QUIT
+Expected EOF read from client
+End of script
author	Jeremy Harris <jgh146exb@wizmail.org>	2018-07-27 17:56:39 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2018-07-27 17:56:39 +0100
commit	8ac90765750f87c573300b9e953af3d8090cab8b (patch)
tree	47278e6cdac764dc65ebcf14bea7ec1781a1fb21 /test
parent	8d3dc2397dd769bf4654b0678be8d2acf0956ddd (diff)