| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-04-15 | Enable weak/old stuff in OpenSSL | Phil Pennock | |
| Configure OpenSSL with: enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers Include explanation as to why. | |||
| 2018-04-15 | ARC: add optional x= tag to signing | Jeremy Harris | |
| 2018-04-15 | ARC: add optional t= tags to signing | Jeremy Harris | |
| 2018-04-15 | Avoid doing logging in signal-handlers. Bug 1007 | Jeremy Harris | |
| 2018-04-15 | Docs: clean for next release | Jeremy Harris | |
| 2018-04-14 | Logging: fix syslog logging for syslog_timestamp=no and log_selector +millisec | Jeremy Harris | |
| also syslog_pid=no and log_selector +pid | |||
| 2018-04-14 | Docs: typo | Jeremy Harris | |
| 2018-04-13 | DKIM downgrade example again; this time debugged | Phil Pennock | |
| As well as previous commit's `len_3` -> `length_3`, we were missing braces around the expansion operator, resulting in trying to dereference an unknown variable `$length_3`, and we were missing the outer braces from the `or` expansion condition. We really need a better way to test ACL expansion without a full harness. :( This bug-fixed version is now running on my system. | |||
| 2018-04-13 | Fix length expansion operator in DKIM downgrade example | Phil Pennock | |
| 2018-04-13 | DKIM: add support for the SubjectPublicKeyInfo wrapped form of pubkey | Jeremy Harris | |
| 2018-04-12 | Docs: add known broken-version info for OpenSSL behavior | Jeremy Harris | |
| 2018-04-11 | Mention MTA-STS in DANE context; nit fixes | Phil Pennock | |
| Did an audit of text changed since commit 6aa6fc9c5 to look for issues which stood out, fixed those. Spelling mistakes, markup issues, minor grammatical infelicities. The public/private CA stuff in the DANE text might push people away from public CAs, but the existence of MTA-STS means that one of those is probably the best choice. Mention what exim.org does, to provide slightly firmer guidance without pressure. List the `dkim_hash` values, `sha512` appears to be new since that text was last touched. | |||
| 2018-04-11 | Doc: website updates and so forth | Phil Pennock | |
| I've added <https://downloads.exim.org/> as a new vhost which doesn't reference FTP and loses the `/pub/exim` prefix. Fixed various other outdated claims and documented Jeremy's PGP key as the main key for releases, with mine (Phil's) and Heiko's as fallbacks. Mention the `.xz` files. | |||
| 2018-04-09 | Add `receive_time` to list of log_selector values | Phil Pennock | |
| 2018-04-08 | Added util/renew-opendmarc-tlds.sh script to renew PSL | Phil Pennock | |
| 2018-04-08 | OpenSSL: Revert the disabling of the session-cache. Bug 2255 | Jeremy Harris | |
| Session cacheing is never useful, as we use a new context for every TLS startup. However, removing the support triggers odd behaviour from Outlook Express (only when there is an IMAP server on the same machine as Exim): an initial connect from the OE client fails, the immediate retry works. | |||
| 2018-04-06 | Logging: fix DKIM precis received log line element. | Jeremy Harris | |
| Broken-by: 2c47372fad | |||
| 2018-04-02 | Avast: implement pass_unscanned option | Heiko Schlittermann (HS12-RIPE) | |
| 2018-04-02 | Avast: improve compliance with avast-protocol(5) | Heiko Schlittermann (HS12-RIPE) | |
| Treat scanner errors as malware. Defer on scanner tmpfail only. | |||
| 2018-03-31 | Docs: tidy the ChangeLog file | Jeremy Harris | |
| 2018-03-28 | Implement dane_require_tls_ciphers (theoretically) | Phil Pennock | |
| It compiles with OpenSSL, on Darwin (if restore Darwin OS). It doesn't crash immediately, but more testing is needed from a place where port 25 is not just blocked. | |||
| 2018-03-28 | Document new dane_require_tls_ciphers | Phil Pennock | |
| Haven't written the code yet, but writing the docs first helped me affirm that this makes sense and feels clean. Code in next commit. | |||
| 2018-03-26 | Cutthrough: for an onward finaldot timeout, generate an initator 450 in ↵ | Jeremy Harris | |
| defer=pass mode | |||
| 2018-03-26 | ARC: cutthrough delivery may not be used with ARC signing | Jeremy Harris | |
| 2018-03-26 | Cutthrough: enforce non-use in combination with DKIM signing or transport filter | Jeremy Harris | |
| Broken-by: 02b41d7106 | |||
| 2018-03-26 | Add ARC signing caveats | Phil Pennock | |
| 2018-03-26 | SPF: remove the deprecated "err_temp" and "err_perm" result names | Jeremy Harris | |
| 2018-03-26 | DKIM: document proper Ed25519 key-generation methods; remove helper program | Jeremy Harris | |
| 2018-03-26 | Expand directory opetion for queuefile transport | Jeremy Harris | |
| 2018-03-25 | Add non-mtp source info to ${authres } | Jeremy Harris | |
| 2018-03-25 | DKIM: document generation of RSA keys | Jeremy Harris | |
| 2018-03-25 | DKIM: document Ed25519 private key generation under OpenSSL (1.1.1+) | Jeremy Harris | |
| 2018-03-25 | DKIM: move ed25519_privkey_pem_to_pubkey_raw_b64 to src/util/ and add usage ↵ | Jeremy Harris | |
| notes to docs | |||
| 2018-03-25 | Docs: more on ${authresults } | Jeremy Harris | |
| 2018-03-24 | ARC: give more detail with "bad signing-spec" message | Jeremy Harris | |
| 2018-03-24 | Mark variables that are unused before release of store in the queue-list loop | Jeremy Harris | |
| 2018-03-23 | Address jgh notes re OpenSSL | Phil Pennock | |
| * `/usr/local` is fair, on Linux, but I deliberately picked something specific to OpenSSL to make the context clear and limit bad interactions with other locally-installed software. * `RPATH` and `RUNPATH` are not the same and are deeply twisty in their interactions. <https://blog.qt.io/blog/2011/10/28/rpath-and-runpath/> is a decent summary. | |||
| 2018-03-23 | Docs: typo | Jeremy Harris | |
| 2018-03-23 | Fix spool_wireformat final-dot on LMTP transport. Bug 2258 | Jeremy Harris | |
| Broken-by: 328c5688db | |||
| 2018-03-23 | exiqsumm fix: Check @ARGV exists before testing it | Graeme Fowler | |
| 2018-03-22 | Set a TERM handler to terminate properly if running as PID 1 | Heiko Schlittermann (HS12-RIPE) | |
| 2018-03-22 | SPF: additional variable $spf_result_guessed; tweak authresults string ↵ | Jeremy Harris | |
| indicating guess | |||
| 2018-03-21 | ARC: on the smtp transport option take empty or forced-fail to disable signing | Jeremy Harris | |
| 2018-03-20 | Not all the world is binutils ld | Phil Pennock | |
| 2018-03-20 | Fix pipe transport to not use a socket-only syscall. Bug 2257 | Jeremy Harris | |
| Broken-by: 42055a3385 | |||
| 2018-03-18 | DMARC: if ACL condition not called, do not add anything to authres string | Jeremy Harris | |
| Previously "skipped" was added; that is no only done for an actual call which could not be completed | |||
| 2018-03-18 | DMARC: add results to generic authres string; remove $dmarc_ar_header | Jeremy Harris | |
| 2018-03-17 | DKIM: Ed25519 signatures under OpenSSL (1.1.1 or later) | Jeremy Harris | |
| OpenSSL 1.1.1 is not released yet, but operation has been checked against the current source | |||
| 2018-03-16 | openssl: use += for LDFLAGS, drop env PC docs | Phil Pennock | |
| Using `LDFLAGS=` instead of `LDFLAGS+=` will stomp over an earlier setting of LDFLAGS, and the DMARC support is now further up in `src/EDITME`, thus likely to get stomped upon. Rather than continue to document using `PKG_CONFIG_PATH` via env, the in-Local/Makefile support has been around for a little while now, so go ahead and make that the only way we suggest here. Add a mention of _why_ we use both `USE_OPENSSL_PC` and `LDFLAGS`. | |||
| 2018-03-16 | Fix heavy-pipeline SMTP command input corruption. Bug 2250 | Jeremy Harris | |
 |
index : user/henk/code/exim.git | |
| [no description] | git repository hosting |
| summaryrefslogtreecommitdiff |