summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-06-19Quiet signedness compiler warnings.Todd Lyons
2013-06-16Support safari_ecdhe_ecdsa_bug for openssl_optionsPhil Pennock
2013-06-10Guard LDAP TLS usage against Solaris LDAP variant.Phil Pennock
PP/22 Report from Prashanth Katuri. This variant ensures that if TLS won't be activated because of compile-time guards, but was requested, then we at least debug-log _why_ we're not doing anything.
2013-06-04Fix eximon continuous updating with timestamped log-files.Phil Pennock
Report and fix from Heiko Schlichting. Fixes 1363.
2013-05-25Add doc comment on use of forany.Jeremy Harris
2013-05-24readconf: clarify a retry rule parsing error messageTony Finch
Submitted by: Paul Osborne <paul.osborne@canterbury.ac.uk>
2013-05-23Documentation for udpsend and ${hexquote:Tony Finch
2013-05-23The udpsend ACL modifier.Tony Finch
This is for reporting mailer activity without going via the log files.
2013-05-23${hexquote: expansion operatorTony Finch
This converts octets outside the range 0x21-0x7E (the ASCII graphic characters) to \xNN hex escapes.
2013-05-22Merge branch 'callout_auth'Jeremy Harris
2013-05-22Log AUTH info on cutthrough deliveries.Jeremy Harris
2013-05-21Typo in doc source.Jeremy Harris
2013-05-20Support AUTH for verify-callout and cutthrough-delivery.Jeremy Harris
Refactored smtp transport to pull out AUTH-related routines so they could be also called from the verify code. Bugs 321, 823.
2013-05-12Add compile-time checks for various tables being in alphabetical order.Jeremy Harris
This is gross hackery and somewhat fragile. A better method would actuallyt compile the 'C' involved and check programmatically.
2013-05-08Fix dns_retry definition.Todd Lyons
Was placed in non-alphabetical order.
2013-05-05Security considerations: running local commandsPhil Pennock
Call out the dangers of use_shell in the security considerations chapter. Call out a number of related dangers too.
2013-04-21Use enum for cutthrough receive processing state.Jeremy Harris
2013-04-21Document PRDR, OCSP & DMARC options in OptionLists file.Jeremy Harris
2013-04-19Add entry to Changelog.Todd Lyons
2013-04-16Remove static from local variable declaration.Todd Lyons
2013-04-10Fix history file logging to use correct variablesTodd Lyons
Remove SPF domain synthesis, just use HELO.
2013-04-09Withhold TLD load error if not defined in confTodd Lyons
2013-04-09Move DKIM endif.Todd Lyons
Fix a few cosmetic differences.
2013-04-09DMARC documentation and licenseTodd Lyons
2013-04-09DMARC support by opendmarc libsTodd Lyons
2013-04-08Fix runtest -CONTINUE to work everywhereTodd Lyons
Changes the $more variable to just cat the changes to STDOUT and not pipe it through less or more.
2013-04-07Drop mistakenly-added test configJeremy Harris
2013-04-07Merge branch 'ocsp_staple_rollup'Jeremy Harris
* ocsp_staple_rollup: tidying OCSP-stapling enhancement and testing.
2013-04-07Update testsuite case 0390 for force_command addition to pipe transportroot
2013-04-03Fix -p doc mention of Perl -pd conflict.Phil Pennock
Reported by Heiko Schlichting. fixes 1345
2013-04-02Ensure OpenSSL entropy state reset across forks.Phil Pennock
Note that this function is never going to be called pre-fork unless the admin is doing something highly unusual with ${randint:..} in a context evaluated in the listening daemon. Other forks should result in a re-exec(), thus resetting state. Nonetheless, be more cautious, explicitly reset state. Fix per PostgreSQL. PS: why does OpenSSL not document RAND_cleanup() on the same page as all the other entropy pool maintenance functions?
2013-04-01Clean & integrate force_command.Phil Pennock
Work by J. Nick Koston, for cPanel, Inc.
2013-04-01tidyingJeremy Harris
2013-04-01Add the force_command option to the pipe transportJ. Nick Koston
Normally when a router redirects an address directly to a pipe command the command option on the transport is ignored. If force_command is set, the command option will expanded and used. This is especially useful for forcing a wrapper or additional argument to be added to the command.
2013-03-25OCSP-stapling enhancement and testing.Jeremy Harris
Server: Honor environment variable as well as running_in_test_harness in permitting bogus staplings Update server tests Add "-ocsp" option to client-ssl. Server side: add verification of stapled status. First cut server-mode ocsp testing. Fix some uninitialized ocsp-related data. Client (new): Verify stapling using only the chain that verified the server cert, not any acceptable chain. Add check for multiple responses in a stapling, which is not handled Refuse verification on expired and revoking staplings. Handle OCSP client refusal on lack of stapling from server. More fixing in client OCSP: use the server cert signing chain to verify the OCSP info. Add transport hosts_require_ocsp option. Log stapling responses. Start on tests for client-side. Testing support: Add CRL generation code and documentation update Initial CA & certificate set for testing. BUGFIX: Once a single OCSP response has been extracted the validation routine return code is no longer about the structure, but the actual returned OCSP status.
2013-03-23Rename dns_use_dnssec to dns_dnssec_ok.Phil Pennock
This per Tony's suggestion; this makes it clearer that we are merely setting resolver flags, not performing validation ourselves. Well, clearer to those who understand DNSSEC. For everyone else, they'll still be dependent upon a forthcoming new chapter to the Specification.
2013-03-13OpenSSL fix empty tls_verify_certificates.Phil Pennock
New behaviour matches GnuTLS handling, and is documented. Previously, a tls_verify_certificates expansion forced failure was the only portable way to avoid setting this option. Now, an empty string is equivalent.
2013-03-11Guard smtp_user_msg() with EXPERIMENTAL_PRDR check.Phil Pennock
Resolves: gcc receive.c receive.c:520: warning: 'smtp_user_msg' defined but not used
2013-03-11configure.default handle IPv6 localhost better.Phil Pennock
Base patch by Alain Williams. Tweaked, to avoid putting an IPv6-dependency into the default uncommented form, and some rewording. Bugzilla 880. GitHub PR #1.
2013-03-11Document the last change in ChangeLogPhil Pennock
2013-03-05Handle recursion better, caused by ACLs.Phil Pennock
Issue debugged by Todd Lyons, this fix from me.
2013-02-19Bug 1339: DCC update (Wolfgang Breyha)Jeremy Harris
2013-02-15Add a few temp doc items to ignoreTodd Lyons
2013-02-03tls_out.sni fix for ancient-OpenSSL #ifdef branchPhil Pennock
2013-01-26PRDR support, if compiled with EXPERIMENTAL_PRDRJeremy Harris
2013-01-14Update eximstats to watch out for senders sending 'HELO [IpAddr]'Steve Campbell
2013-01-14Fix GNU Hurd interface IPv6 address detection.Phil Pennock
Define SIOCGIFCONF_GIVES_ADDR in OS/os.h-GNU Fixes 1331.
2013-01-07Typo & nit fixes.Phil Pennock
JH has made more changes than he realised. New second JH/11 to JH/13.
2013-01-06Restrict lifetime of $router_name and $transport_name. Bug 308.Jeremy Harris
The router name is explicitly nulled after the router exits; the transport name is set only in the subprocess it runs in.
2012-12-25Add $router_name and $transport_name variables. Bug 308.Jeremy Harris