summaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2021-05-27SECURITY: refuse too small store allocationsPhil Pennock
Negative sizes are definitely bad. Optimistically, I'm saying that zero is bad too. But perhaps we have something doing that, expecting to be able to grow. In which case we'll have to amend this. (cherry picked from commit 1c9afcec0043e2fb72607b2addb0613763705549) (cherry picked from commit 6f5d7e5af8eff688c36f81334e4f063689561963)
2021-05-27SECURITY: fix Qualys CVE-2020-PFPZAPhil Pennock
(cherry picked from commit 29d7a8c25f182c91d5d30f124f9e296dce5c018e) (cherry picked from commit 0a6a7a3fd8464bae9ce0cf889e8eeb0bf0bab756)
2021-05-27SECURITY: fix Qualys CVE-2020-PFPSNPhil Pennock
(cherry picked from commit 93b6044e1636404f3463f3e1113098742e295542) (cherry picked from commit 4e59a5d5c448e1fcdcbead268ffe6561adf0224d)
2021-05-27SECURITY: fix Qualys CVE-2020-SLCWDPhil Pennock
(cherry picked from commit bf5f9d56fadf9be8d947f141d31f7e0e8fa63762) (cherry picked from commit 6d2cfb575c95c1b81597d6b9eb2904cd695d7e4a)
2021-05-27SECURITY: length limits on many cmdline optionsPhil Pennock
We'll also now abort upon, rather than silently truncate, a driver name (router, transport, ACL, etc) encountered in the config which is longer than the 64-char limit. (cherry picked from commit ff8bef9ae2370db4a7873fe2ce573a607fe6999f) (cherry picked from commit a8bd24b96c2027fd839f95a9e6b3282453ae288e)
2021-05-27Re-ran the conversion of all DH parametersPhil Pennock
I get different results now to those I got before. Now, using gen_pkcs3 linked against OpenSSL 1.1.1f-1ubuntu2 on Focal Fossa, I get the results below. The ffdhe2048 value now matches that at <https://ssl-config.mozilla.org/ffdhe2048.txt>. I ran the same code yesterday for just the ffdhe2048 item and got code which seemed to me then to match what was already in the C file. Something hinky is going on, perhaps with my sanity. (the commit IDs changee because of heavy rebasing (heiko)) (cherry picked from commit 76ed8115182e2daaadb437ec9655df8000796ec5) (cherry picked from commit 0aafa26a5d3d528e79476c91537c28936154fe04)
2021-05-27Default config: reject on too many bad RCPTPhil Pennock
An example exploit failed against my system, because I had this sanity guard in place; it's not a real security fix since a careful attacker could find enough valid recipients to hit that problem, but it highlights that this is a useful enough pattern that we should encourage its wider use. (cherry picked from commit 2a636a39fff29b7c3da1798767a510dfed982a62) (cherry picked from commit 346f96bad326893f9c1fa772a5b8ac35b1f8f7bd)
2021-05-27Handle SIGINT as we do with SIGTERMHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit cdc5c672e1c309294626cd5ed90acdccb05baaa1) (cherry picked from commit f9c8211fb0ad0dd362f471978a5e0abc5dfa71b4)
2021-05-27Enforce pid_file_path start at "/"Heiko Schlittermann (HS12-RIPE)
(cherry picked from commit 60f2a8e797d9ebaea1e3eac4ad28ff64e11bab40) (cherry picked from commit 6b3d553c733475a1033c8b7a241e6506d7ed73b1)
2021-05-18Docs: assorted fixesu34
Closes 2752 Closes 2753 Closes 2658 Closes 2659 Closes 2712 Closes 2720 Closes 2721 Closes 2722 Closes 2746 Closes 2748 Closes 2749
2021-05-18Docs: typoHeiko Schlittermann (HS12-RIPE)
2021-05-12Named Queues: fix immediate-delivery. Bug 2743Jeremy Harris
2021-05-04Fix ${ipv6norm:}Jeremy Harris
2021-04-27Docs: typo. Closes 2713Heiko Schlittermann (HS12-RIPE)
2021-04-25Taint: enforce untainted ACL text lineJeremy Harris
2021-04-18Docs: note caching of auto-generated server certificateJeremy Harris
2021-04-18Experimental: ESMTP LIMITS extensionJeremy Harris
2021-04-16Log queue_time and queue_time_overall exclusive of receive time. Bug 2672Jeremy Harris
2021-04-14 taint: allow appendfile create_file option to specify a de-tainting safe ↵Jeremy Harris
path
2021-04-07Pass proxy addresses/ports to continued trasnports. Bug 2710Jeremy Harris
2021-04-07Docs: add warning note on ${listnamed:} operatorJeremy Harris
2021-04-05Docs: mention *_environment in "Misc" section"Heiko Schlittermann (HS12-RIPE)
2021-04-05Docs: add example for DKIM dual-signingJeremy Harris
2021-04-03Make smtp_accept_max_per_connection expandedJeremy Harris
2021-04-02Docs: clarify list-separator requirementsJeremy Harris
2021-03-27GnuTLS: use a less bogus-looking temporary filename for DH-parametersJeremy Harris
2021-03-21DNS: explicit alloc/free of workspaceJeremy Harris
2021-03-20Memory handling: exponentially-increasing alloc sizeJeremy Harris
2021-03-20DKIM: verify using separate pool-pair, reset per messageJeremy Harris
2021-03-15Doc: more explicit hinting on tls_try_verify_hosts.Jeremy Harris
2021-03-07wipJeremy Harris
2021-03-07Revert "Docs: typos"Jeremy Harris
This reverts commit 1ad20e19a669731c19852c865facabe4816ae4f9. These are not typos; "provably" is a real word and accurate in context.
2021-03-07Docs: typosJim Pazarena
2021-02-27Docs: fix description of hosts_try_dane. Bug 2704Jeremy Harris
2021-02-22Fix list-expansion for various domainlists, having included sublist ↵Jeremy Harris
elements. Bug 2701
2021-02-19Fix weight calculation for socks_proxy. Bug 2694Heiko Schlichting
2021-02-19Fix weight calculation for spamd_address. Bug 2694Heiko Schlichting
2021-02-18Docs: yet more on $domain_dataJeremy Harris
2021-02-18Docs: typoJim Pazarena
2021-02-13wipJeremy Harris
2021-02-13Docs: more notes on dnslistsJeremy Harris
2021-02-06Docs: fix bug referenceJeremy Harris
2021-02-06Fix handling of server which follows a RCPT 452 with a 250. Bug 26092Jeremy Harris
2021-02-06Fix daemon-SIGHUP on FreeBSDJeremy Harris
2021-01-31gsasl authenticator: support client salted-password cachingJeremy Harris
2021-01-29tidyingJeremy Harris
2021-01-29Lookups: fix $local_part_data for a match on a filename list element. Bug 2691Jeremy Harris
2021-01-25AUTH: avoid logging creds on ACL denialJeremy Harris
2021-01-16docs infrastructure notesJeremy Harris
2021-01-16Docs: indexingJeremy Harris
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-08 15:10:00 +0000