summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-04-15Enable weak/old stuff in OpenSSLPhil Pennock
Configure OpenSSL with: enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers Include explanation as to why.
2018-04-15Testsuite: syslog testcaseJeremy Harris
2018-04-15Merge branch '4.next'Jeremy Harris
2018-04-15Tidy logging codeJeremy Harris
2018-04-15Clear more globals between messagesJeremy Harris
2018-04-15Add client-ip info to iprev ${authres } lineJeremy Harris
2018-04-15ARC: add optional x= tag to signingJeremy Harris
2018-04-15ARC: add optional t= tags to signingJeremy Harris
2018-04-15Avoid doing logging in signal-handlers. Bug 1007Jeremy Harris
2018-04-15Docs: clean for next releaseJeremy Harris
2018-04-15Testsuite: tidyup after myslq testingexim-4_91Jeremy Harris
2018-04-14Logging: fix syslog logging for syslog_timestamp=no and log_selector +millisecJeremy Harris
also syslog_pid=no and log_selector +pid
2018-04-14Docs: typoJeremy Harris
2018-04-14Logging: fix syslog logging for syslog_timestamp=no and log_selector +millisecJeremy Harris
2018-04-13DKIM downgrade example again; this time debuggedPhil Pennock
As well as previous commit's `len_3` -> `length_3`, we were missing braces around the expansion operator, resulting in trying to dereference an unknown variable `$length_3`, and we were missing the outer braces from the `or` expansion condition. We really need a better way to test ACL expansion without a full harness. :( This bug-fixed version is now running on my system.
2018-04-13Fix length expansion operator in DKIM downgrade examplePhil Pennock
2018-04-13DKIM: add support for the SubjectPublicKeyInfo wrapped form of pubkeyJeremy Harris
2018-04-12Docs: add known broken-version info for OpenSSL behaviorJeremy Harris
2018-04-11Mention MTA-STS in DANE context; nit fixesPhil Pennock
Did an audit of text changed since commit 6aa6fc9c5 to look for issues which stood out, fixed those. Spelling mistakes, markup issues, minor grammatical infelicities. The public/private CA stuff in the DANE text might push people away from public CAs, but the existence of MTA-STS means that one of those is probably the best choice. Mention what exim.org does, to provide slightly firmer guidance without pressure. List the `dkim_hash` values, `sha512` appears to be new since that text was last touched.
2018-04-11Doc: website updates and so forthPhil Pennock
I've added <https://downloads.exim.org/> as a new vhost which doesn't reference FTP and loses the `/pub/exim` prefix. Fixed various other outdated claims and documented Jeremy's PGP key as the main key for releases, with mine (Phil's) and Heiko's as fallbacks. Mention the `.xz` files.
2018-04-09Add `receive_time` to list of log_selector valuesPhil Pennock
2018-04-09bugfix: heimdal interaction, check lengthPhil Pennock
clang noted that taking the address of a struct member will never be 0, so checking against 0 was wrong. It was a `.length` member. I've compiled RC4 with this change and deployed it to my box and I can still authenticate fine.
2018-04-09ARC: fix signing when DKIM-signing is also being doneJeremy Harris
The ordering of headers being signed was wrong when a message being forwarded arrived with a dkim signature
2018-04-09DMARC: fix history fileJeremy Harris
Too many variables were being cleared between connections Broken-by: c780096c29 4.91 RC2
2018-04-08Better(?!?) fallback for stat: PerlPhil Pennock
We use Perl extensively in other scripts. *sigh*
2018-04-08stat portabilityPhil Pennock
I forgot how much I loathe basic stuff like "get the size of a file, portably, in shell". Bleh.
2018-04-08Added util/renew-opendmarc-tlds.sh script to renew PSLPhil Pennock
2018-04-08OpenSSL: Revert the disabling of the session-cache. Bug 2255Jeremy Harris
Session cacheing is never useful, as we use a new context for every TLS startup. However, removing the support triggers odd behaviour from Outlook Express (only when there is an IMAP server on the same machine as Exim): an initial connect from the OE client fails, the immediate retry works.
2018-04-07ARC: fix verify to not evaluate the top AMS twiceexim-4_91_RC4Jeremy Harris
2018-04-07Clear more globals between messagesJeremy Harris
2018-04-06Logging: fix DKIM precis received log line element.Jeremy Harris
Broken-by: 2c47372fad
2018-04-04compiler quieteningHeiko Schlittermann (HS12-RIPE)
2018-04-04Add client-ip info to iprev ${authres } lineJeremy Harris
2018-04-04compiler quieteningJeremy Harris
2018-04-04Actually reap node2 process in redis cluster testGraeme Fowler
2018-04-04ARC: add optional x= tag to signingJeremy Harris
2018-04-04local_scan: add note on Makefile requirementJeremy Harris
2018-04-04ARC: add optional t= tags to signingJeremy Harris
2018-04-04ARC: log signing-spec errors in mainlog only, not paniclogJeremy Harris
2018-04-04ARC: enhance debug for signing; explicitly init signing contextJeremy Harris
2018-04-04Fix non-ARC buildJeremy Harris
2018-04-04ARC: add guard in verify against lack of the dkim-verify contextJeremy Harris
needed for body-hashing
2018-04-04ARC: cutthrough delivery may not be used with ARC signingJeremy Harris
2018-04-04Cutthrough: enforce non-use in combination with DKIM signing or transport filterJeremy Harris
Broken-by: 02b41d7106
2018-04-04Add ARC signing caveatsPhil Pennock
2018-04-04ARC: give more detail with "bad signing-spec" messageJeremy Harris
2018-04-04ARC: For signing, accept A-R header lacking ARC info as equivalent to "none"Jeremy Harris
2018-04-04ARC: add independent-source testcase. Fix signatures by not line-terminatingJeremy Harris
last header line being hashed.
2018-04-04ARC: AS header should have no c= tagJeremy Harris
2018-04-04ARC: on the smtp transport option take empty or forced-fail to disable signingJeremy Harris
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-17 00:12:38 +0000