summaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2016-11-02Fix OCSP proof verification for direct-signed proofs. Bug 1909Jeremy Harris
2016-10-23Update README.UPDATING; fix typos in ChangeLog/NewStuffPhil Pennock
2016-10-23Fix bug with aborted server TLS connection, under GnuTLSJeremy Harris
Longstanding, but exposed by 60d10ce
2016-10-22TCP Fast OpenJeremy Harris
2016-10-18Unbreak build: crypto hdrs not in system includesPhil Pennock
If using pkg-config to get the paths for various packages and the crypto library headers are not in the system headers, then the hash work broke the Exim build by requiring the CFLAGS manipulation for _all_ builds, not just the TLS libraries. Shows up on MacOS where there's a system OpenSSL but not system OpenSSL headers (because only SecureTransport is supported) and using brew-installed OpenSSL. I've also coded the fix for GnuTLS on the same basis, but that's untested. Fixes bug 1906
2016-10-15New: queuefile transport, under EXPERIMENTAL_QUEUEFILEAndrew Colin Kissa
2016-10-12Docs: add warning on SNI-dependent certfile expansion needing a good defaultJeremy Harris
2016-10-09Docs: add section on builtin macrosJeremy Harris
2016-10-08DH parameters update, new values & defaultexim-4_88_RC2Phil Pennock
* Add three new Exim-specific DH parameter constants; state provenance, but no way for others to verify; this is a signed commit, which is about as much as we can do for the truly paranoid: provide an audit trail. * Add the RFC 7919 DH primes + No TLS feature negotiation, per 7919, but the DH primes can be used if folks so choose * Fixed broken format string in util/gen_pkcs3.c * Tried to make gen_pkcs3.c support q values. + Turns out, q doesn't affect the PEM and that's not a mistake in my initialisation; I've checked with a cryptographer, we're losing some server-side optimizations but not any security properties for our scenario. Fixes: 1895
2016-10-08Fix callouts connection fallback from TLS to cleartext. Bug 1897Jeremy Harris
2016-10-05Docs: add another index entry for delay_warningJeremy Harris
2016-10-02Logging: connection_reject log selector should apply also to the connect aclJeremy Harris
2016-09-28Refactor driver feature-macro generation to be driven by existing tablesJeremy Harris
Would like to do lookup drivers too but unsure about dyn-linked variants
2016-09-28Default to filesystem space/inode checking enabledJeremy Harris
2016-09-25Add automatic macros for config-file options. Bug 1819Jeremy Harris
2016-09-25Docs: fix quotesJeremy Harris
2016-09-23Doc: add clarification for DKIM exampleexim-4_88_RC1Jeremy Harris
2016-09-22Defend against symlink attack by another process running as eximJeremy Harris
Reported-by: http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/
2016-09-22Routing: avoid doing the one_time replacement operation when a redirect ↵Jeremy Harris
leaves the address unchanged When done, in combination with a defer the retry would see the address as delivered, hence losing mail.
2016-09-18ACL: merge the tables used for codition/modifier decodeJeremy Harris
2016-09-18 ACL: bsearch for controlsJeremy Harris
2016-09-15Docs: mention Perl manpages for PCRE. Bug 1881Jeremy Harris
2016-09-11Log EHLO response on getting conn-close response for HELO. Bug 1832Jeremy Harris
2016-09-05Cutthrough: option to reflect 4xx errors from target to initiatorJeremy Harris
2016-09-03Docs: prettify code examples. Bug 1284Jeremy Harris
2016-09-03Docs: add note on strict DKIM verificationJeremy Harris
2016-09-01Support "G" multiplier on integer configuration valuesJeremy Harris
2016-08-22Add automatic macros for compile-time feature optionsJeremy Harris
2016-08-18Delivery: fix transmission down an already-open connection, whenJeremy Harris
one of the group of addresses is unsuitable for it. Bug 1874 Broken-by: 3070ceeeed05, fa41615da702.
2016-08-17Delivery: same-host checking for transport runs should include port from ↵Jeremy Harris
address give by routing
2016-08-14DMARC: send forensic reports for reject & quarantine results, and "none" ↵Tony Meyer
policy. Bug 1846
2016-08-14Expansions: new ${escape8bit:<string>} operator. Bug 1863Jeremy Harris
2016-08-14LMDB: introduce as Experimental. Bug 1856Andrew Colin Kissa
2016-08-11ACL: Ensure that acl_smtp_notquit is called for a conndrop between ↵Jasen Betts
data-go-ahead and data-ack. Bug 1872
2016-08-09Docs: more index entries for header linesJeremy Harris
2016-08-08Radius: Fix authentication for Radius libraries that return REJECT_RC. Bug 1850Leonhard Knauff
2016-08-06Routing: in a dnslookup, fix fail_defer_domains to defer on missing MX ↵Jeremy Harris
record. Bug 1867
2016-08-06Merge branch 'CHUNKING'Jeremy Harris
2016-08-04Docs: add warning on non-ASCII results from SpamAssassin. Bug 1863Jeremy Harris
2016-08-04Merge branch 'fakereject'Jeremy Harris
2016-08-04Logging: visibility of fakerejectJeremy Harris
2016-08-03DANE: treat a TLSA response having only non-TLSA records the same as a ↵Jeremy Harris
no-match response
2016-08-02pass advertised facility to continued-transport processJeremy Harris
2016-08-02receive docsJeremy Harris
2016-08-02receive flow processingJeremy Harris
2016-07-31Fix $body_linecount for empty linesJeremy Harris
2016-07-31Logging: Fix logging of errors under PIPELININGJeremy Harris
2016-07-30Expansions: add operators base32, base32dJeremy Harris
2016-07-27Docs: minor clarificationsJeremy Harris
2016-07-25Docs: add caution on spamd_addressJeremy Harris