summaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2010-12-26LDAP Authetication documentation example syntax fixNigel Metheringham
Fixes: bug #999
2010-12-26Reword BSMTP ACL documentationNigel Metheringham
Fixes: bug #974
2010-12-26drop unwanted paragraph break.Andreas Metzler
Fixes: bug #1052 Signed-off-by: Nigel Metheringham <nigel@exim.org>
2010-12-26fix grammar error: s/this/that/Andreas Metzler
Fixes: bug #1051 Signed-off-by: Nigel Metheringham <nigel@exim.org>
2010-12-23Merge branch 'master' of ssh://git.exim.org/home/git/eximNigel Metheringham
2010-12-21Do not refer to TRUSTED_CONFIG_PREFIX_FILE.Andreas Metzler
Refer to TRUSTED_CONFIG_LIST instead of TRUSTED_CONFIG_PREFIX_FILE in documentation and comments.
2010-12-19Inserted change notifications into the documentation sourceNigel Metheringham
2010-12-18Make the documentation cleared that TRUSTED_CONFIG_LIST is pathname one per lineDavid Woodhouse
2010-12-18Updated version numbers of code and documentationNigel Metheringham
2010-12-17Merge branch 'master' of ssh://git.exim.org/home/git/eximDavid Woodhouse
2010-12-17Stripped old HTML doc generation - will add new HTML gen soonNigel Metheringham
2010-12-16Turn TRUSTED_CONFIG_PREFIX_LIST into TRUSTED_CONFIG_LIST. No prefix or regexesDavid Woodhouse
2010-12-15Allow only Exim or CONFIGURE_OWNER to use whitelisted configs with -CDavid Woodhouse
We only added TRUSTED_CONFIG_PREFIX_FILE to compensate for the enforcing of ALT_CONFIG_ROOT_ONLY. Let's not open it up any further than we need to; other users don't get to make use of it.
2010-12-15Kil va_copy(). It isn't present on some ancient systems.David Woodhouse
2010-12-15Implement -D whitelist invoking user restriction.Phil Pennock
Document WHITELIST_D_MACROS.
2010-12-14doc-txt updates for the security changesPhil Pennock
2010-12-14Document the change to system_filter_user's default.Phil Pennock
2010-12-14Change the default for system_filter_user.Phil Pennock
If the system filter needs to be run as root, let that be explicitly configured. The default is now the Exim run-time user. Document this, and a couple of other points, in IncompatibleChanges.
2010-12-12Set FD_CLOEXEC on SMTP sockets after forking to handle the connection.David Woodhouse
2010-12-12Add TRUSTED_CONFIG_PREFIX_FILE optionDavid Woodhouse
(Bug 1044, CVE-2010-4345)
2010-12-12Remove ALT_CONFIG_ROOT_ONLY build option, effectively making it always true.David Woodhouse
We *never* want the Exim user to be able to specify arbitrary configuration files. Don't let them build it that way. (Bug 1044, CVE-2010-4345)
2010-12-11Check configure file permissions even for non-default files if still privilegedDavid Woodhouse
(Bug 1044, CVE-2010-4345)
2010-12-11Don't allow a configure file which is writeable by the Exim user or groupDavid Woodhouse
(Bug 1044, CVE-2010-4345)
2010-12-11Add Valgrind hooks for memory poolsDavid Woodhouse
It's useful to tell Valgrind when memory is undefined because it's been freed by store_reset(), and when it's not supposed to be accessed because although it's been allocated for the store it hasn't actually been given out by store_get() yet.
2010-09-05OpenSSL and XSL changes documented.Phil Pennock
Plus typo fixed.
2010-09-05Document the ClamAV ExtendedDetectionInfo response handling.Phil Pennock
2010-09-05Use public http: URLs for XSL includes.Phil Pennock
Adjust OS-Fixups, document how this works in HowItWorks.txt
2010-07-04Fix malware regression for cmdline scanner introduced in PP/08.Phil Pennock
Notification from Dr Andrew Aitchison. (Also: make the PP/08 description more complete)
2010-06-14Clarify that the ACL framework is not invoked for -bmalware, so that usingPhil Pennock
ACL variables in av_scanner blindly will not work.
2010-06-12Add tcp_wrappers_daemon_name (closes: bug #278)John Jetmore
(I honestly have no memory of writing this patch...)
2010-06-09Minor doc updates:Phil Pennock
* -bmalware, note that not running as invoking user and emphasize that it's for debugging Exim, not for general scanning. * permit_codedump ? coRedump. * Anon SSL lacking cert has been confirmed, fix works, remove the "(I believe)" (which also might have been inferred to mean I did the diagnosis; I didn't, I just convinced myself that Martin's analysis was correct).
2010-06-07Both bool{} and bool_lax{} should ignore trailing whitespace.Phil Pennock
2010-06-07Added bool_lax{} expansion operator, which uses Router condition logic toPhil Pennock
determine whether or not a string is true. Switch the multiple-condition logic to use bool_lax{}. Add note where we combine multiple conditions regarding the memory leak.
2010-06-07Allow Routers to have multiple conditions, IF each one yields a strict bool.Phil Pennock
Fixes: #816
2010-06-06Build without WITH_CONTENT_SCAN.Phil Pennock
Broken by -bmalware option added while reworking ClamAV to new API. Path from Andreas Metzler (adjusted slightly).
2010-06-06No longer permit the exim user to be root. Fixes: #752Phil Pennock
2010-06-06Implement --version. Fixes: #973Phil Pennock
2010-06-06Light documentation dusting from patch provided by John Horne.Phil Pennock
Fixes: #922
2010-06-06Implement "control = debug" ACL control. Fixes: #937Phil Pennock
2010-06-05New expansion operator: reverse_ipPhil Pennock
2010-06-05Update OptionLists. (Claim for 4.72 because 4.73 not yet complete and don'tPhil Pennock
want to claim have *more* than we do, but okay to make a lesser claim). Typo fix in RFC reference in spec.xfpt.
2010-06-05ClamAV INSTREAM scanning by default, unless built with WITH_OLD_CLAMAV_STREAM.Phil Pennock
New command-line option, -bmalware (restricted to admin_user). Fixes: #926
2010-06-05Deal with anonymous SSL giving us no peer certificate.Phil Pennock
2010-06-05Handle SASL Initial Response.Phil Pennock
See discussion at: http://lists.exim.org/lurker/message/20090125.014515.3746c882.en.html and the code is "correct by inspection", for whatever that's worth.
2010-06-05Add permit_coredump pipe transport option. Fixes: #834Phil Pennock
2010-06-05Add an openssl_options main configuration option, to allow administrators toPhil Pennock
shoot themselves in each foot in turn. The default value is chosen to avoid a change in behaviour, but since it is disabling a security countermeasure, I'd like to change the default to be "no options". Fixes: #994
2010-06-03Added DISABLE_DKIM option to EDITME, leaving some breadcrumbs about it being ↵John Jetmore
turned on by default
2010-06-03Include check_rfc2047_length in configure.default to raise the visibilityPhil Pennock
because we're seeing more Russian administrators get bitten by this. Idealism says this option is set correctly by default. Pragmatism says not. There's a good argument for the idealism but if we see the problems escalate then the idealism will have lost and we should, IMO, switch.
2010-06-03Document Date/Message-Id/Resent-* as first 4.73 patch.Phil Pennock
2010-06-01My understanding of the new dnsdb txt lookup syntax was flawed.Phil Pennock
Fixed the description and the last example.