summaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2012-07-01Merge branch 'acl'Jeremy Harris
2012-06-27Acl expansions: tests and documentationJeremy Harris
2012-06-25Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.Phil Pennock
Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler. We just add CFLAGS_DYNAMIC too and some comments. Non-POSIX syntax, but fairly portable; GNU make gained it in 1998, we believe even very old systems should handle it fine.
2012-06-24Add gnutls_enable_pkcs11 option.Phil Pennock
GnuTLS 2.12.0 adds PKCS11 support using p11-kit and by default will autoload modules, which interoperates badly with GNOME keyring integration, configured via paths in environment variables, and Exim invoked by the user (eg, mailq) will then try to load the modules, fail and spew warnings from the module for a library loaded by a library. http://www.gnu.org/software/gnutls/manual/gnutls.html#Smart-cards-and-HSMs documents that to prevent this, explicitly init PKCS11 before calling gnutls_global_init(). So we do so, unless the admin sets the new option. Reported by Andreas Metzler, who confirmed that the added calls fixed the problem for him.
2012-06-12Use custom variables for ACL args, up to nine. Add an arg-count variable.Jeremy Harris
2012-06-12Add ${acl {name}{arg}} expansion item.Jeremy Harris
2012-06-12Merge branch 'lists'Jeremy Harris
2012-06-12Change names to "listnamed" and "listcount".Jeremy Harris
2012-06-10Add ${list:name} and ${nlist:string} expansion operators.Jeremy Harris
2012-06-09Corrections to spec examples - fixes bug 1196Nigel Metheringham
2012-06-09Typo fix in spec - fixes bug 1197Nigel Metheringham
2012-06-06BUGFIX: forced-fail smtp option tls_sni would dereference NULLPhil Pennock
2012-06-05Docs for "G" modifier on numbers in ${if comparisons.Jeremy Harris
2012-06-04Basic documentation for cutthrough.Jeremy Harris
2012-06-04Add $tls_in_* variables; note the old names as deprecated.Jeremy Harris
2012-06-04Add hosts_verify_avoid_tls option to smtp transport.Jeremy Harris
2012-06-04Refactor optional MAIL FROM argsTodd Lyons
2012-06-03Implement -G => "control=suppress_local_fixups"Phil Pennock
fixes bug 1117
2012-06-03Cmdline -L option; also -Ac -Am -X<logfile>Phil Pennock
These are for Sendmail compatibility. bug 1117
2012-06-03ChangeLog: note cyrus plugin use situationPhil Pennock
2012-06-03Cyrus SASL: set host;port properties on auth driverPhil Pennock
2012-06-03DSCP: inbound via control = dscp/<value>Phil Pennock
2012-06-02Docs: pipes in redirect, need for quote cautionPhil Pennock
2012-06-02DSCP: take numeric values too.Phil Pennock
Also fix doc claim that value is unexpanded. Also strip affix whitespace before numeric conversion and fixed string comparison.
2012-06-02DSCP: document; hex print; -bI:dscpPhil Pennock
2012-06-01DNSSEC babystep: dns_use_dnssec & $sender_host_dnssecPhil Pennock
2012-06-01ACKNOWLEDGEMENTS update, covering a few yearsPhil Pennock
2012-06-01tls_dh_min_bits smtp transport optionPhil Pennock
Could not find an API for use with OpenSSL, so GnuTLS only
2012-06-01Make -n combine with -bP to inhibit namesPhil Pennock
2012-06-01Add -bI:help and -bI:sievePhil Pennock
2012-05-31Doc: drop .new/.wen, update previousversion.Phil Pennock
Also, drop fix one place which claimed TLS SNI support was OpenSSL only.
2012-05-30Revert "Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512."exim-4_80Phil Pennock
This reverts commit 83f4c7515f3eb06dc070e78edd2694c1d088e5fd. This was not a new check! The call to gnutls_dh_set_prime_bits() was made with DH_BITS in Exim 4.77, so the only difference is that now an administrator can choose at compile time to change the lower bound. So keeping this at 1024 is not a regression and if we can't talk to them now, we couldn't before, and we shouldn't lower security by default. The reverted commit was only acceptable IF it was still better than what we had in Exim 4.77.
2012-05-30Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512.Phil Pennock
Wolfgang Breyha saw a real-world site using 768 bits.
2012-05-28Merge openssl_disable_ssl2 branchexim-4_80_RC7Phil Pennock
2012-05-27Doc: fix glitchexim-4_80_RC6Phil Pennock
2012-05-27Doc: SECTgnutlsparam referencing tls_dhparamPhil Pennock
2012-05-27For DH, use standard primes from RFCsPhil Pennock
2012-05-27Deal with GnuTLS DH generation overshootPhil Pennock
2012-05-26FAQ for GnuTLSPhil Pennock
2012-05-25Doc: Provide context for bare numbers from CHAP/SECT.Phil Pennock
2012-05-25Cyrus SASL auth: SSF retrieval was incorrect.Phil Pennock
Exim thought protection layer was required, which is not implemented. Patch from Wolfgang Breyha. Fixes bug 1254
2012-05-24Added some more .gitignore entriesNigel Metheringham
Ignore more build side effects
2012-05-23_ISOC99_SOURCE -> _GNU_SOURCEexim-4_80_RC5Phil Pennock
_ISOC99_SOURCE broke build on Linux (Ubuntu 11.10) because it broke <resolv.h>, <arpa/nameser.h>, etc. Their u_char and u_int usage relies upon BSD source being enabled too. So use _GNU_SOURCE.
2012-05-23Define _ISOC99_SOURCE in exim.hPhil Pennock
Done before os.h is pulled in so an OS can override it.
2012-05-23Doc: move -bmalware into alphabetic placePhil Pennock
2012-05-23Doc: s/DNS/domains/ in new textPhil Pennock
2012-05-23Doc: document when dnslookup will declinePhil Pennock
2012-05-23Doc: tls_require_ciphers examplesPhil Pennock
Note how to test strings, provide examples which distinguish port 25 from other ports. Carefully used short examples, but allows two different strings per implementation and demonstrates how the strings are very different.
2012-05-22OCSP description: minor nitsPhil Pennock
2012-05-21.end -> .wenexim-4_80_RC4Phil Pennock
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-13 01:04:36 +0000