Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-05-04 | I18N: new ${imapfolder_<sep>:<string>} expansion item. Bug 420 | Jeremy Harris | |
2015-04-22 | UTF8: Cert namechecks always use a-label | Jeremy Harris | |
2015-04-22 | UTF8: docs update. Bug 1516 | Jeremy Harris | |
2015-04-21 | UTF8: MSA downconversions | Jeremy Harris | |
2015-04-13 | non-smtp input | Jeremy Harris | |
2015-04-12 | client helo | Jeremy Harris | |
2015-04-12 | DNS lookups never use UTF-8 | Jeremy Harris | |
2015-04-12 | received_protocol | Jeremy Harris | |
2015-04-12 | smtp input | Jeremy Harris | |
2015-04-12 | A-label expansion operators | Jeremy Harris | |
2015-04-12 | A-label transform functions | Jeremy Harris | |
2015-04-03 | Feature switch | Jeremy Harris | |
2015-03-15 | SOCKS: as a client, talk SMTP via a socks5 proxy. Bug 1590 | Jeremy Harris | |
2015-03-02 | Correct typos. | Alexandru Chirila | |
Minor typo fixes in DMARC experimental documentation. | |||
2015-01-12 | Move DSN support to mainline | Jeremy Harris | |
Affects bug 893 | |||
2015-01-12 | Move certificate name checking to mainline, default enabled | Jeremy Harris | |
This is an exim client checking a server certificate. | |||
2014-12-24 | Docs thinko | Jeremy Harris | |
2014-12-04 | Docs: clarify interaction of DANE and CA-based certificate verification options | Jeremy Harris | |
2014-11-08 | Fix smtp transport certificate-verification option matching to use correct host | Jeremy Harris | |
Fix certificate name verification done with tls_try_verify_hosts Affected tls_verify_hosts, tls_try_verify_hosts, tls_verify_cert_hostnames. | |||
2014-11-06 | EXPERIMENTAL_CERTNAMES: Hostlist for cert name checks should match host | Jeremy Harris | |
connected-to, not be list of acceptable names. The name checked is the host name. | |||
2014-11-05 | Do not permit multi-component wildcards on certificate names (OpenSSL, ↵ | Jeremy Harris | |
EXPERIMENTAL_CERTNAMES) | |||
2014-11-05 | Do not permit multi-component wildcards on certificate names (OpenSSL) | Jeremy Harris | |
2014-10-25 | Add event for inbound cert visibility | Jeremy Harris | |
2014-10-25 | Make transport name available in verify-callouts. Add verify_mode variable | Jeremy Harris | |
2014-10-25 | Rename facility to Event Actions, ifdeffed on EXPERIMENTAL_EVENT | Jeremy Harris | |
2014-09-04 | Enforce TLS under DANE when host has TLSA records | Jeremy Harris | |
2014-09-02 | Introduce EXPERIMENTAL_DANE feature | Jeremy Harris | |
2014-09-01 | Warn on OCSP interaction with DANE | Jeremy Harris | |
2014-08-27 | Further TPDA events | Jeremy Harris | |
msg:complete msg:fail:internal msg:fail:delivery | |||
2014-08-20 | Merge branch 'master' into dane | Jeremy Harris | |
Conflicts: doc/doc-txt/ChangeLog src/src/tls-openssl.c src/src/transports/smtp.c src/src/verify.c | |||
2014-08-20 | Expanded EXPERIMENTAL_TPDA feature | Jeremy Harris | |
Note this introduces incompatible changes; users who are compiling the feature in, and with configuration files using it, will need to change their configurations appropriately. See the experimental-spec.txt file. | |||
2014-08-17 | Override an unchanged default hosts_request_ocsp when DANE is used | Jeremy Harris | |
2014-08-17 | Add observability variables and provision for avoiding OCSP conflicts | Jeremy Harris | |
2014-08-10 | Enable OCSP | Jeremy Harris | |
2014-08-10 | Verifiable conn with DANE-EE(3) / SPKI(1) / SHA2-512(2) | Jeremy Harris | |
2014-08-08 | Test development | Jeremy Harris | |
2014-08-07 | General discussion of DANE usage | Jeremy Harris | |
2014-08-01 | Basic DANE entry points | Jeremy Harris | |
2014-05-23 | Move OCSP out of EXPERIMENTAL | Jeremy Harris | |
2014-05-22 | Bug 1394: Document how to do per host conn limits | Todd Lyons | |
Since the max connections per host setting is computed and enforced in the master listening process before the fork, there is no easy way to get an accurate connection count once the Proxy Protocol negotiation has been done (i.e. in a child process, after the fork). Rather than try to use a shared mmap file using CAS in the children to manipulate it, we just advise of a crude version of max connections per IP be achieved by using ratelimit per_conn in the connect ACL. | |||
2014-05-21 | RFC3461 support - MIME DSN messages. Bug 118 | Wolfgang Breyha | |
2014-05-20 | Support optional server certificate name checking. Bug 1479 | Jeremy Harris | |
Enable EXPERIMENTAL_CERTNAMES to include. | |||
2014-05-13 | Bug 1394: PPv2 header modifed | Todd Lyons | |
The HAProxy dev team adjusted the layout of the 16 byte header to allow it to be used for SSL connections. Had to adjust PPv2 handling code and perl proxy emulation script. Added link to this HAProxy commit in the documentation. | |||
2014-05-13 | Move PRDR out of EXPERIMENTAL | Jeremy Harris | |
2014-05-06 | OCSP observability: variables $tls_{in,out}_ocsp | Jeremy Harris | |
and smtp transport option hosts_request_ocsp | |||
2014-04-24 | Support OCSP Stapling under GnuTLS. Bug 1459 | Jeremy Harris | |
Requires GnuTLS version 3.1.3 or later. Under EXPERIMENTAL_OCSP | |||
2014-04-19 | Fix Proxy Protocol v2 handling | Todd Lyons | |
Change recv() to not use MSGPEEK and eliminated flush_input(). Add proxy_target_address/port expansions. Convert ipv6 decoding to memmove(). Use sizeof() for variable sizing. Correct struct member access. Enhance debug output when passed invalid command/family. Add to and enhance documentation. Client script to test Proxy Protocol, interactive on STDIN/STDOUT, so can be chained (ie a swaks pipe), useful for any service, not just Exim and/or smtp. | |||
2014-04-15 | Add back deprecated SPF error conditions | Todd Lyons | |
Previous patch introduced a change that could break existing SPF configurations. Add back the two non-standard "err_temp" and "err_perm" result values, with note that it is deprecated and will be removed in a future release. | |||
2014-04-15 | Add expansion for DMARC policy | Todd Lyons | |
New variable is $dmarc_domain_policy | |||
2014-03-06 | Change strings of SPF result to conform to RFC 4408 | Todd Lyons | |
Introduces a small backwards incompatible change to two results, err_temp to temperror and err_perm to permerror. |