Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-01-19 | VRFY: advertise in EHLO response, if there is an ACL defined | Jeremy Harris | |
2017-01-19 | VRFY: add docs note on results, and additional test cases | Jeremy Harris | |
2017-01-19 | Docs: add note on round-robin DNS problems vs. authentication | Jeremy Harris | |
2017-01-18 | Bug-fix no_require_dnssec parsing & spelling fixes | Josh Soref | |
Patches from Josh Soref fixing spelling fixed two bugs: * Parsing `no_require_dnssec` configuration option * Setting `_HAVE_TRANSPORT_APPEND_MAILDIR` macro (for config parsing) [ PP pulled these two out into a separate commit to update the ChangeLog accordingly. ] | |||
2017-01-18 | 214 spelling fixes | Josh Soref | |
2017-01-11 | Docs: add note on DKIM ACL triggers | Jeremy Harris | |
2017-01-03 | CHUNKING: fix non-pipelined synch checks. Bug 2004 | Jeremy Harris | |
2017-01-02 | PROXY: fix v2 protocol decode. Bugs 2003, 1747 | Jeremy Harris | |
2017-01-02 | wip: OpenSSL docs on custom install | Phil Pennock | |
To fix before merge: ability to use `$ORIGIN` in linker line via Exim config file. | |||
2017-01-01 | Docs: fix smtp transport TFO option indexing | Jeremy Harris | |
2016-12-31 | Merge remote-tracking branch 'github/pr/50' | Phil Pennock | |
GitHub user @YmrDtnJu "Björn" provided a patch to fix that we called ldap_start_tls_s on ldapi:// connections. This is obviously a correct change, since above we've avoiding initializing the TLS state if using ldapi. Added documentation noting this behaviour. | |||
2016-12-30 | Docs: Add .new/wen marker for relative includes (Bug 1971) | Heiko Schlittermann (HS12-RIPE) | |
2016-12-29 | Docs: typoes | Jeremy Harris | |
2016-12-29 | Allow relative file names in .include lines (Closes 1971) | Heiko Schlittermann (HS12-RIPE) | |
2016-12-29 | Doc: Minor fixes | Heiko Schlittermann (HS12-RIPE) | |
2016-12-29 | Pipe transport: expand the path option | Jeremy Harris | |
2016-12-27 | Docs: clarify headers availability in data-time ACLs | Jeremy Harris | |
2016-12-26 | I18N: support IDNA2008. Bug 1911 | Jeremy Harris | |
2016-12-25 | Docs: Clean for next release | Jeremy Harris | |
2016-12-22 | Doc: clarify CVE-2016-9963 | Heiko Schlittermann (HS12-RIPE) | |
2016-12-18 | Doc: short description of CVE-2016-9963exim-4_88 | Heiko Schlittermann (HS12-RIPE) | |
2016-12-18 | Fix DKIM information leakage | Jeremy Harris | |
2016-12-16 | Docs: typo | Jeremy Harris | |
2016-12-13 | Use long names for the _DRIVER_*, and _OPT_* macros | Heiko Schlittermann (HS12-RIPE) | |
2016-12-09 | Doc: fix minor typos | Heiko Schlittermann (HS12-RIPE) | |
2016-12-04 | OpenSSL: default to tls_eccurve = auto | Heiko Schlittermann (HS12-RIPE) | |
For OpenSSL < 1.0.2: fallback to prime256v1, for newer libraries rely on auto-selection. | |||
2016-11-29 | Doc: Add hint about spamd and half-closed connections | Heiko Schlittermann (HS12-RIPE) | |
2016-11-28 | Doc: Minor corrections/additions | Heiko Schlittermann (HS12-RIPE) | |
2016-11-25 | Update ChangeLog | Jeremy Harris | |
2016-11-08 | Ensure socket is nonblocking before draining. Bug 1914 | Jeremy Harris | |
2016-11-04 | Add syslog_pid option. | Heiko Schlittermann (HS12-RIPE) | |
This option suppresses the PID duplication to syslog. As syslog/systemd add the PID of the logging process automatically. | |||
2016-11-02 | Fix OCSP proof verification for direct-signed proofs. Bug 1909 | Jeremy Harris | |
2016-10-23 | Update README.UPDATING; fix typos in ChangeLog/NewStuff | Phil Pennock | |
2016-10-23 | Fix bug with aborted server TLS connection, under GnuTLS | Jeremy Harris | |
Longstanding, but exposed by 60d10ce | |||
2016-10-22 | TCP Fast Open | Jeremy Harris | |
2016-10-18 | Unbreak build: crypto hdrs not in system includes | Phil Pennock | |
If using pkg-config to get the paths for various packages and the crypto library headers are not in the system headers, then the hash work broke the Exim build by requiring the CFLAGS manipulation for _all_ builds, not just the TLS libraries. Shows up on MacOS where there's a system OpenSSL but not system OpenSSL headers (because only SecureTransport is supported) and using brew-installed OpenSSL. I've also coded the fix for GnuTLS on the same basis, but that's untested. Fixes bug 1906 | |||
2016-10-15 | New: queuefile transport, under EXPERIMENTAL_QUEUEFILE | Andrew Colin Kissa | |
2016-10-12 | Docs: add warning on SNI-dependent certfile expansion needing a good default | Jeremy Harris | |
2016-10-09 | Docs: add section on builtin macros | Jeremy Harris | |
2016-10-08 | DH parameters update, new values & defaultexim-4_88_RC2 | Phil Pennock | |
* Add three new Exim-specific DH parameter constants; state provenance, but no way for others to verify; this is a signed commit, which is about as much as we can do for the truly paranoid: provide an audit trail. * Add the RFC 7919 DH primes + No TLS feature negotiation, per 7919, but the DH primes can be used if folks so choose * Fixed broken format string in util/gen_pkcs3.c * Tried to make gen_pkcs3.c support q values. + Turns out, q doesn't affect the PEM and that's not a mistake in my initialisation; I've checked with a cryptographer, we're losing some server-side optimizations but not any security properties for our scenario. Fixes: 1895 | |||
2016-10-08 | Fix callouts connection fallback from TLS to cleartext. Bug 1897 | Jeremy Harris | |
2016-10-05 | Docs: add another index entry for delay_warning | Jeremy Harris | |
2016-10-02 | Logging: connection_reject log selector should apply also to the connect acl | Jeremy Harris | |
2016-09-28 | Refactor driver feature-macro generation to be driven by existing tables | Jeremy Harris | |
Would like to do lookup drivers too but unsure about dyn-linked variants | |||
2016-09-28 | Default to filesystem space/inode checking enabled | Jeremy Harris | |
2016-09-25 | Add automatic macros for config-file options. Bug 1819 | Jeremy Harris | |
2016-09-25 | Docs: fix quotes | Jeremy Harris | |
2016-09-23 | Doc: add clarification for DKIM exampleexim-4_88_RC1 | Jeremy Harris | |
2016-09-22 | Defend against symlink attack by another process running as exim | Jeremy Harris | |
Reported-by: http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/ | |||
2016-09-22 | Routing: avoid doing the one_time replacement operation when a redirect ↵ | Jeremy Harris | |
leaves the address unchanged When done, in combination with a defer the retry would see the address as delivered, hence losing mail. |