summaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2018-06-25Expansions: A tls option on ${readsocket }. Bug 2282Jeremy Harris
2018-06-25ARC: Fix verification to do AS checks in reverse orderJeremy Harris
Broken from the original introduction (617d39327e)
2018-06-24TLS: rework client-side use with an explicit context rather than a globalJeremy Harris
2018-06-21DKIM: Fix signing for body lines starting with a pair of dots. Bug 2284Jeremy Harris
Broken-by: 42055a3385
2018-06-21Docs: spellingKirill Miazine
2018-06-20OpenSSL: TLSv1.3 notesJeremy Harris
2018-06-14OpenSSL: enable use of TLS 1.3 (with OpenSSL 1.1.0 and later)Jeremy Harris
2018-06-14Add client-ip info to non-pass iprev ${authres } linesJeremy Harris
2018-06-12Clarify the socket address family (UNIX) for server_socket (dovecot)Heiko Schlittermann (HS12-RIPE)
Wishlist item (#2280) is created for INET connections. See https://bugs.exim.org/show_bug.cgi?id=2280
2018-06-09DKIM: support timestamp and expiry tags in signing. Bug 2260Jeremy Harris
2018-06-07Follow CNAME chains only one step. Bug 2264Jeremy Harris
2018-06-07ARC: Fix signing for case when DKIM signing failedJeremy Harris
2018-06-06Change-logJeremy Harris
2018-05-24Use serial number 1 for self-generated selfsigned certificateJeremy Harris
Broken-by: 23bb69826c
2018-05-19Docs: add note on DKIM signing-limit securityJeremy Harris
2018-05-16Callouts: record succeeding random local-part tests. Bug 177Jeremy Harris
2018-05-16Content scanning: Fix locking on message spool files. Bug 2275Jeremy Harris
2018-05-15Don't open spool data-files which are symlinksPhil Pennock
2018-05-07tidyingJeremy Harris
2018-05-05Cutthrough: fix race resulting in duplicate-delivery. Bug 2273Jeremy Harris
2018-05-01Expansions: new ${lheader:<name>}. Bug 2272Jeremy Harris
2018-04-28Docs: minor fixesJeremy Harris
2018-04-25ARC: add $arc_oldest_pass variable, for verifyJeremy Harris
2018-04-25ARC: support $arc_domains also for verify failsJeremy Harris
2018-04-24ARC: add $arc_domains variable, for verify passJeremy Harris
2018-04-23DKIM: enforce limit of 20 on received DKIM-Signature: headers. Bug 2269Jeremy Harris
2018-04-21Docs: clarify DKIM verificationJeremy Harris
2018-04-18Docs: rewrite description of 'leaky' ratelimit. Bug 1298Jeremy Harris
2018-04-18Fix specHeiko Schlittermann (HS12-RIPE)
Thanks to Mike Brudenell
2018-04-15Enable weak/old stuff in OpenSSLPhil Pennock
Configure OpenSSL with: enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers Include explanation as to why.
2018-04-15ARC: add optional x= tag to signingJeremy Harris
2018-04-15ARC: add optional t= tags to signingJeremy Harris
2018-04-15Avoid doing logging in signal-handlers. Bug 1007Jeremy Harris
2018-04-15Docs: clean for next releaseJeremy Harris
2018-04-14Logging: fix syslog logging for syslog_timestamp=no and log_selector +millisecJeremy Harris
also syslog_pid=no and log_selector +pid
2018-04-14Docs: typoJeremy Harris
2018-04-13DKIM downgrade example again; this time debuggedPhil Pennock
As well as previous commit's `len_3` -> `length_3`, we were missing braces around the expansion operator, resulting in trying to dereference an unknown variable `$length_3`, and we were missing the outer braces from the `or` expansion condition. We really need a better way to test ACL expansion without a full harness. :( This bug-fixed version is now running on my system.
2018-04-13Fix length expansion operator in DKIM downgrade examplePhil Pennock
2018-04-13DKIM: add support for the SubjectPublicKeyInfo wrapped form of pubkeyJeremy Harris
2018-04-12Docs: add known broken-version info for OpenSSL behaviorJeremy Harris
2018-04-11Mention MTA-STS in DANE context; nit fixesPhil Pennock
Did an audit of text changed since commit 6aa6fc9c5 to look for issues which stood out, fixed those. Spelling mistakes, markup issues, minor grammatical infelicities. The public/private CA stuff in the DANE text might push people away from public CAs, but the existence of MTA-STS means that one of those is probably the best choice. Mention what exim.org does, to provide slightly firmer guidance without pressure. List the `dkim_hash` values, `sha512` appears to be new since that text was last touched.
2018-04-11Doc: website updates and so forthPhil Pennock
I've added <https://downloads.exim.org/> as a new vhost which doesn't reference FTP and loses the `/pub/exim` prefix. Fixed various other outdated claims and documented Jeremy's PGP key as the main key for releases, with mine (Phil's) and Heiko's as fallbacks. Mention the `.xz` files.
2018-04-09Add `receive_time` to list of log_selector valuesPhil Pennock
2018-04-08Added util/renew-opendmarc-tlds.sh script to renew PSLPhil Pennock
2018-04-08OpenSSL: Revert the disabling of the session-cache. Bug 2255Jeremy Harris
Session cacheing is never useful, as we use a new context for every TLS startup. However, removing the support triggers odd behaviour from Outlook Express (only when there is an IMAP server on the same machine as Exim): an initial connect from the OE client fails, the immediate retry works.
2018-04-06Logging: fix DKIM precis received log line element.Jeremy Harris
Broken-by: 2c47372fad
2018-04-02Avast: implement pass_unscanned optionHeiko Schlittermann (HS12-RIPE)
2018-04-02Avast: improve compliance with avast-protocol(5)Heiko Schlittermann (HS12-RIPE)
Treat scanner errors as malware. Defer on scanner tmpfail only.
2018-03-31Docs: tidy the ChangeLog fileJeremy Harris
2018-03-28Implement dane_require_tls_ciphers (theoretically)Phil Pennock
It compiles with OpenSSL, on Darwin (if restore Darwin OS). It doesn't crash immediately, but more testing is needed from a place where port 25 is not just blocked.
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-07 10:33:45 +0000