Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-05-22 | Bug 1394: Document how to do per host conn limits | Todd Lyons | |
Since the max connections per host setting is computed and enforced in the master listening process before the fork, there is no easy way to get an accurate connection count once the Proxy Protocol negotiation has been done (i.e. in a child process, after the fork). Rather than try to use a shared mmap file using CAS in the children to manipulate it, we just advise of a crude version of max connections per IP be achieved by using ratelimit per_conn in the connect ACL. | |||
2014-05-22 | Fix doc for dovecot authenticator. Bugs 1448, 1483 | Jeremy Harris | |
2014-05-21 | RFC3461 support - MIME DSN messages. Bug 118 | Wolfgang Breyha | |
2014-05-20 | Support optional server certificate name checking. Bug 1479 | Jeremy Harris | |
Enable EXPERIMENTAL_CERTNAMES to include. | |||
2014-05-13 | Extractors for certificate time fields support integer output modifier | Jeremy Harris | |
2014-05-13 | Extractor for named RDN element types from a certificate DN field. | Jeremy Harris | |
2014-05-13 | Updated changelog. | Todd Lyons | |
Accidentally included the fix for Bug 1119 in the same commit fixing Proxy Protocol version 2 to match the API change in May 2014. | |||
2014-05-13 | Bug 1394: PPv2 header modifed | Todd Lyons | |
The HAProxy dev team adjusted the layout of the 16 byte header to allow it to be used for SSL connections. Had to adjust PPv2 handling code and perl proxy emulation script. Added link to this HAProxy commit in the documentation. | |||
2014-05-13 | certextract tidying | Jeremy Harris | |
2014-05-13 | Add doc notes on verifying self-signing hosts | Jeremy Harris | |
2014-05-13 | Update docs for suggested Ident and PRDR settings | Jeremy Harris | |
2014-05-13 | Move PRDR out of EXPERIMENTAL | Jeremy Harris | |
2014-05-11 | New expansion operator sha256 for certificates. Bug 1170 | Jeremy Harris | |
2014-05-08 | Enable operator md5 and sha1 use on certificate variables. Bug 1170 | Jeremy Harris | |
2014-05-06 | OCSP observability: variables $tls_{in,out}_ocsp | Jeremy Harris | |
and smtp transport option hosts_request_ocsp | |||
2014-05-05 | Extractors for subject-alternate-name, ocsp-uri, crl-uri return list. Bug 1358 | Jeremy Harris | |
2014-05-02 | Certificate variables and field-extractor expansions. Bug 1358 | Jeremy Harris | |
2014-04-29 | Merge branch 'master' of ssh://git.exim.org/home/git/exim | Todd Lyons | |
2014-04-29 | Bug 1454: Option -oMm for message reference | Heiko Schlichting | |
Includes docs and test suite | |||
2014-04-27 | Add options dnssec_request_domains, dnssec_require_domains to the smtp transport | Jeremy Harris | |
Note there are no testsuite cases included. TODO in this area: - dnssec during verify-callouts - dnssec on the forward lookup of a verify=helo and verify=reverse_host_lookup | |||
2014-04-24 | Support OCSP Stapling under GnuTLS. Bug 1459 | Jeremy Harris | |
Requires GnuTLS version 3.1.3 or later. Under EXPERIMENTAL_OCSP | |||
2014-04-24 | Dnssec observability: add variable $lookup_dnssec_authenticated | Jeremy Harris | |
2014-04-24 | Fix typo in markup. Add .new/.wen. | Todd Lyons | |
2014-04-24 | Bug 609: Add -C option to exiqgrep | Lars Timmann | |
Option is a passthrough to the exim process that it spawns that generates the queue list. Fixed Conflicts: doc/doc-txt/ChangeLog | |||
2014-04-24 | dnssec_strict, _lax, _never modifiers for dnsdb lookups | Jeremy Harris | |
Lacking testsuite coverage | |||
2014-04-23 | Bug 1453: Add SERVERS ldap server list override | Heiko Schlichting | |
2014-04-22 | exiqgrep: add -a to use all recipients (including delivered) | mg | |
2014-04-20 | Add options dnssec_request_domains, dnssec_require_domains to the dnslookup ↵ | Jeremy Harris | |
router Note there are no testsuite cases included. TODO in this area: - dnssec during verify-callouts - dnssec during dnsdb expansions - dnssec on the forward lookup of a verify=helo and verify=reverse_host_lookup - observability of status of requested dnssec | |||
2014-04-20 | Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455 | Jeremy Harris | |
The split of these variables into _in and _out sets introduced by d9b231 in 4.82 was incomplete, leaving the deprecated legacy variables nonfunctional during a transport and associated client authenticator. Fix by repointing the legacy set to the outbound connection set at transport startup (and do not clear out the inbound set at this time, either). | |||
2014-04-19 | Copyright year updates: | Todd Lyons | |
vim $(git whatchanged --since=2014-01-01 | grep '^:100' | sed 's/^[^M]*M//' | sort -u | fgrep -v test/) | |||
2014-04-19 | Fix Proxy Protocol v2 handling | Todd Lyons | |
Change recv() to not use MSGPEEK and eliminated flush_input(). Add proxy_target_address/port expansions. Convert ipv6 decoding to memmove(). Use sizeof() for variable sizing. Correct struct member access. Enhance debug output when passed invalid command/family. Add to and enhance documentation. Client script to test Proxy Protocol, interactive on STDIN/STDOUT, so can be chained (ie a swaks pipe), useful for any service, not just Exim and/or smtp. | |||
2014-04-15 | Add back deprecated SPF error conditions | Todd Lyons | |
Previous patch introduced a change that could break existing SPF configurations. Add back the two non-standard "err_temp" and "err_perm" result values, with note that it is deprecated and will be removed in a future release. | |||
2014-04-15 | Add expansion for DMARC policy | Todd Lyons | |
New variable is $dmarc_domain_policy | |||
2014-04-15 | Merge branch 'master' of ssh://git.exim.org/home/git/exim | Todd Lyons | |
Fixed Conflicts: doc/doc-txt/ChangeLog | |||
2014-04-15 | De-duplicate two documentation sections | Todd Lyons | |
2014-04-09 | More care with headers add/remove lists. Bug 1452 | Jeremy Harris | |
As a side-effect, playing games with newlines no longer gives an altered message body/ Testcase 0324 is questionable (though passing) | |||
2014-04-09 | dnsdb tlsa lookup | Todd Lyons | |
2014-03-19 | Docs for transport tls_verify_hosts &c. | Jeremy Harris | |
2014-03-18 | Fix ACL "condition =" for negative number values. Bug 1005 | Jeremy Harris | |
Fix conditional "bool{<string>}" for negative number values, to match. | |||
2014-03-16 | Enforce that only smtp transports can be used for verify callouts. Bug 1445 | Heiko Schlittermann | |
2014-03-16 | Support transport-added headers under cutthrough delivery. Bug 1431 | Jeremy Harris | |
2014-03-15 | Add tls_verify_hosts and tls_try_verify_hosts to smtp transport. Bug 1371 | Wolfgang Breyha | |
Code by Wolfgang Breyha, docs and testsuite by Jeremy Harris | |||
2014-03-15 | Testcases | Jeremy Harris | |
2014-03-15 | Add documentation | Jeremy Harris | |
2014-03-09 | Refactor malware.c and introduce new scanner type "sock". Bugs 1418 and 1396 | Jeremy Harris | |
2014-03-09 | Log port and TLS details for a failed delivery | Jeremy Harris | |
2014-03-09 | Log incoming-TLS details on rejects. Bug 305 | Jeremy Harris | |
2014-03-09 | Fix docs for utf8clean | Jeremy Harris | |
2014-03-08 | ${utf8clean:string} expansion operator. Bug 1401 | Axel Rau | |
2014-03-08 | Expand documentation on use of dnslists in an IPv6 environment. Bug 1369 | Jeremy Harris | |