summaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2021-05-27SECURITY: fix Qualys CVE-2020-PFPSNPhil Pennock
(cherry picked from commit 93b6044e1636404f3463f3e1113098742e295542) (cherry picked from commit 4e59a5d5c448e1fcdcbead268ffe6561adf0224d)
2021-05-27SECURITY: fix Qualys CVE-2020-SLCWDPhil Pennock
(cherry picked from commit bf5f9d56fadf9be8d947f141d31f7e0e8fa63762) (cherry picked from commit 6d2cfb575c95c1b81597d6b9eb2904cd695d7e4a)
2021-05-27SECURITY: length limits on many cmdline optionsPhil Pennock
We'll also now abort upon, rather than silently truncate, a driver name (router, transport, ACL, etc) encountered in the config which is longer than the 64-char limit. (cherry picked from commit ff8bef9ae2370db4a7873fe2ce573a607fe6999f) (cherry picked from commit a8bd24b96c2027fd839f95a9e6b3282453ae288e)
2021-05-27Re-ran the conversion of all DH parametersPhil Pennock
I get different results now to those I got before. Now, using gen_pkcs3 linked against OpenSSL 1.1.1f-1ubuntu2 on Focal Fossa, I get the results below. The ffdhe2048 value now matches that at <https://ssl-config.mozilla.org/ffdhe2048.txt>. I ran the same code yesterday for just the ffdhe2048 item and got code which seemed to me then to match what was already in the C file. Something hinky is going on, perhaps with my sanity. (the commit IDs changee because of heavy rebasing (heiko)) (cherry picked from commit 76ed8115182e2daaadb437ec9655df8000796ec5) (cherry picked from commit 0aafa26a5d3d528e79476c91537c28936154fe04)
2021-05-27Default config: reject on too many bad RCPTPhil Pennock
An example exploit failed against my system, because I had this sanity guard in place; it's not a real security fix since a careful attacker could find enough valid recipients to hit that problem, but it highlights that this is a useful enough pattern that we should encourage its wider use. (cherry picked from commit 2a636a39fff29b7c3da1798767a510dfed982a62) (cherry picked from commit 346f96bad326893f9c1fa772a5b8ac35b1f8f7bd)
2021-05-27Handle SIGINT as we do with SIGTERMHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit cdc5c672e1c309294626cd5ed90acdccb05baaa1) (cherry picked from commit f9c8211fb0ad0dd362f471978a5e0abc5dfa71b4)
2021-05-27Enforce pid_file_path start at "/"Heiko Schlittermann (HS12-RIPE)
(cherry picked from commit 60f2a8e797d9ebaea1e3eac4ad28ff64e11bab40) (cherry picked from commit 6b3d553c733475a1033c8b7a241e6506d7ed73b1)
2021-05-18Docs: assorted fixesu34
Closes 2752 Closes 2753 Closes 2658 Closes 2659 Closes 2712 Closes 2720 Closes 2721 Closes 2722 Closes 2746 Closes 2748 Closes 2749
2021-05-18Docs: typoHeiko Schlittermann (HS12-RIPE)
2021-05-12Named Queues: fix immediate-delivery. Bug 2743Jeremy Harris
2021-05-04Fix ${ipv6norm:}Jeremy Harris
2021-04-27Docs: typo. Closes 2713Heiko Schlittermann (HS12-RIPE)
2021-04-25Taint: enforce untainted ACL text lineJeremy Harris
2021-04-18Docs: note caching of auto-generated server certificateJeremy Harris
2021-04-18Experimental: ESMTP LIMITS extensionJeremy Harris
2021-04-16Log queue_time and queue_time_overall exclusive of receive time. Bug 2672Jeremy Harris
2021-04-14 taint: allow appendfile create_file option to specify a de-tainting safe ↵Jeremy Harris
path
2021-04-07Pass proxy addresses/ports to continued trasnports. Bug 2710Jeremy Harris
2021-04-07Docs: add warning note on ${listnamed:} operatorJeremy Harris
2021-04-05Docs: mention *_environment in "Misc" section"Heiko Schlittermann (HS12-RIPE)
2021-04-05Docs: add example for DKIM dual-signingJeremy Harris
2021-04-03Make smtp_accept_max_per_connection expandedJeremy Harris
2021-04-02Docs: clarify list-separator requirementsJeremy Harris
2021-03-27GnuTLS: use a less bogus-looking temporary filename for DH-parametersJeremy Harris
2021-03-21DNS: explicit alloc/free of workspaceJeremy Harris
2021-03-20Memory handling: exponentially-increasing alloc sizeJeremy Harris
2021-03-20DKIM: verify using separate pool-pair, reset per messageJeremy Harris
2021-03-15Doc: more explicit hinting on tls_try_verify_hosts.Jeremy Harris
2021-03-07wipJeremy Harris
2021-03-07Revert "Docs: typos"Jeremy Harris
This reverts commit 1ad20e19a669731c19852c865facabe4816ae4f9. These are not typos; "provably" is a real word and accurate in context.
2021-03-07Docs: typosJim Pazarena
2021-02-27Docs: fix description of hosts_try_dane. Bug 2704Jeremy Harris
2021-02-22Fix list-expansion for various domainlists, having included sublist ↵Jeremy Harris
elements. Bug 2701
2021-02-19Fix weight calculation for socks_proxy. Bug 2694Heiko Schlichting
2021-02-19Fix weight calculation for spamd_address. Bug 2694Heiko Schlichting
2021-02-18Docs: yet more on $domain_dataJeremy Harris
2021-02-18Docs: typoJim Pazarena
2021-02-13wipJeremy Harris
2021-02-13Docs: more notes on dnslistsJeremy Harris
2021-02-06Docs: fix bug referenceJeremy Harris
2021-02-06Fix handling of server which follows a RCPT 452 with a 250. Bug 26092Jeremy Harris
2021-02-06Fix daemon-SIGHUP on FreeBSDJeremy Harris
2021-01-31gsasl authenticator: support client salted-password cachingJeremy Harris
2021-01-29tidyingJeremy Harris
2021-01-29Lookups: fix $local_part_data for a match on a filename list element. Bug 2691Jeremy Harris
2021-01-25AUTH: avoid logging creds on ACL denialJeremy Harris
2021-01-16docs infrastructure notesJeremy Harris
2021-01-16Docs: indexingJeremy Harris
2021-01-15Hints DB: harden against corrupt files by ignoring unexpected size recordsJeremy Harris
2021-01-12Auths: in plaintext authenticator, fix parsing of consecutive circuflex. ↵Jeremy Harris
Bug 2687
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-11 06:25:32 +0000