summaryrefslogtreecommitdiff
path: root/doc/doc-txt/experimental-spec.txt
AgeCommit message (Collapse)Author
2015-05-04I18N: new ${imapfolder_<sep>:<string>} expansion item. Bug 420Jeremy Harris
2015-04-22UTF8: Cert namechecks always use a-labelJeremy Harris
2015-04-22UTF8: docs update. Bug 1516Jeremy Harris
2015-04-21UTF8: MSA downconversionsJeremy Harris
2015-04-13non-smtp inputJeremy Harris
2015-04-12client heloJeremy Harris
2015-04-12DNS lookups never use UTF-8Jeremy Harris
2015-04-12received_protocolJeremy Harris
2015-04-12smtp inputJeremy Harris
2015-04-12A-label expansion operatorsJeremy Harris
2015-04-12A-label transform functionsJeremy Harris
2015-04-03Feature switchJeremy Harris
2015-03-15SOCKS: as a client, talk SMTP via a socks5 proxy. Bug 1590Jeremy Harris
2015-03-02Correct typos.Alexandru Chirila
Minor typo fixes in DMARC experimental documentation.
2015-01-12Move DSN support to mainlineJeremy Harris
Affects bug 893
2015-01-12Move certificate name checking to mainline, default enabledJeremy Harris
This is an exim client checking a server certificate.
2014-12-24Docs thinkoJeremy Harris
2014-12-04Docs: clarify interaction of DANE and CA-based certificate verification optionsJeremy Harris
2014-11-08Fix smtp transport certificate-verification option matching to use correct hostJeremy Harris
Fix certificate name verification done with tls_try_verify_hosts Affected tls_verify_hosts, tls_try_verify_hosts, tls_verify_cert_hostnames.
2014-11-06EXPERIMENTAL_CERTNAMES: Hostlist for cert name checks should match hostJeremy Harris
connected-to, not be list of acceptable names. The name checked is the host name.
2014-11-05Do not permit multi-component wildcards on certificate names (OpenSSL, ↵Jeremy Harris
EXPERIMENTAL_CERTNAMES)
2014-11-05Do not permit multi-component wildcards on certificate names (OpenSSL)Jeremy Harris
2014-10-25Add event for inbound cert visibilityJeremy Harris
2014-10-25Make transport name available in verify-callouts. Add verify_mode variableJeremy Harris
2014-10-25Rename facility to Event Actions, ifdeffed on EXPERIMENTAL_EVENTJeremy Harris
2014-09-04Enforce TLS under DANE when host has TLSA recordsJeremy Harris
2014-09-02Introduce EXPERIMENTAL_DANE featureJeremy Harris
2014-09-01Warn on OCSP interaction with DANEJeremy Harris
2014-08-27Further TPDA eventsJeremy Harris
msg:complete msg:fail:internal msg:fail:delivery
2014-08-20Merge branch 'master' into daneJeremy Harris
Conflicts: doc/doc-txt/ChangeLog src/src/tls-openssl.c src/src/transports/smtp.c src/src/verify.c
2014-08-20Expanded EXPERIMENTAL_TPDA featureJeremy Harris
Note this introduces incompatible changes; users who are compiling the feature in, and with configuration files using it, will need to change their configurations appropriately. See the experimental-spec.txt file.
2014-08-17Override an unchanged default hosts_request_ocsp when DANE is usedJeremy Harris
2014-08-17Add observability variables and provision for avoiding OCSP conflictsJeremy Harris
2014-08-10Enable OCSPJeremy Harris
2014-08-10Verifiable conn with DANE-EE(3) / SPKI(1) / SHA2-512(2)Jeremy Harris
2014-08-08Test developmentJeremy Harris
2014-08-07General discussion of DANE usageJeremy Harris
2014-08-01Basic DANE entry pointsJeremy Harris
2014-05-23Move OCSP out of EXPERIMENTALJeremy Harris
2014-05-22Bug 1394: Document how to do per host conn limitsTodd Lyons
Since the max connections per host setting is computed and enforced in the master listening process before the fork, there is no easy way to get an accurate connection count once the Proxy Protocol negotiation has been done (i.e. in a child process, after the fork). Rather than try to use a shared mmap file using CAS in the children to manipulate it, we just advise of a crude version of max connections per IP be achieved by using ratelimit per_conn in the connect ACL.
2014-05-21RFC3461 support - MIME DSN messages. Bug 118Wolfgang Breyha
2014-05-20Support optional server certificate name checking. Bug 1479Jeremy Harris
Enable EXPERIMENTAL_CERTNAMES to include.
2014-05-13Bug 1394: PPv2 header modifedTodd Lyons
The HAProxy dev team adjusted the layout of the 16 byte header to allow it to be used for SSL connections. Had to adjust PPv2 handling code and perl proxy emulation script. Added link to this HAProxy commit in the documentation.
2014-05-13Move PRDR out of EXPERIMENTALJeremy Harris
2014-05-06OCSP observability: variables $tls_{in,out}_ocspJeremy Harris
and smtp transport option hosts_request_ocsp
2014-04-24Support OCSP Stapling under GnuTLS. Bug 1459Jeremy Harris
Requires GnuTLS version 3.1.3 or later. Under EXPERIMENTAL_OCSP
2014-04-19Fix Proxy Protocol v2 handlingTodd Lyons
Change recv() to not use MSGPEEK and eliminated flush_input(). Add proxy_target_address/port expansions. Convert ipv6 decoding to memmove(). Use sizeof() for variable sizing. Correct struct member access. Enhance debug output when passed invalid command/family. Add to and enhance documentation. Client script to test Proxy Protocol, interactive on STDIN/STDOUT, so can be chained (ie a swaks pipe), useful for any service, not just Exim and/or smtp.
2014-04-15Add back deprecated SPF error conditionsTodd Lyons
Previous patch introduced a change that could break existing SPF configurations. Add back the two non-standard "err_temp" and "err_perm" result values, with note that it is deprecated and will be removed in a future release.
2014-04-15Add expansion for DMARC policyTodd Lyons
New variable is $dmarc_domain_policy
2014-03-06Change strings of SPF result to conform to RFC 4408Todd Lyons
Introduces a small backwards incompatible change to two results, err_temp to temperror and err_perm to permerror.
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-21 09:20:55 +0000