summaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2016-12-25Docs: Clean for next releaseJeremy Harris
2016-12-22Doc: clarify CVE-2016-9963Heiko Schlittermann (HS12-RIPE)
2016-12-18Doc: short description of CVE-2016-9963exim-4_88Heiko Schlittermann (HS12-RIPE)
2016-12-18Fix DKIM information leakageJeremy Harris
2016-12-16Docs: typoJeremy Harris
2016-12-13Use long names for the _DRIVER_*, and _OPT_* macrosHeiko Schlittermann (HS12-RIPE)
2016-12-09Doc: fix minor typosHeiko Schlittermann (HS12-RIPE)
2016-12-04OpenSSL: default to tls_eccurve = autoHeiko Schlittermann (HS12-RIPE)
For OpenSSL < 1.0.2: fallback to prime256v1, for newer libraries rely on auto-selection.
2016-11-29Doc: Add hint about spamd and half-closed connectionsHeiko Schlittermann (HS12-RIPE)
2016-11-28Doc: Minor corrections/additionsHeiko Schlittermann (HS12-RIPE)
2016-11-25Update ChangeLogJeremy Harris
2016-11-08Ensure socket is nonblocking before draining. Bug 1914Jeremy Harris
2016-11-04Add syslog_pid option.Heiko Schlittermann (HS12-RIPE)
This option suppresses the PID duplication to syslog. As syslog/systemd add the PID of the logging process automatically.
2016-11-02Fix OCSP proof verification for direct-signed proofs. Bug 1909Jeremy Harris
2016-10-23Update README.UPDATING; fix typos in ChangeLog/NewStuffPhil Pennock
2016-10-23Fix bug with aborted server TLS connection, under GnuTLSJeremy Harris
Longstanding, but exposed by 60d10ce
2016-10-22TCP Fast OpenJeremy Harris
2016-10-18Unbreak build: crypto hdrs not in system includesPhil Pennock
If using pkg-config to get the paths for various packages and the crypto library headers are not in the system headers, then the hash work broke the Exim build by requiring the CFLAGS manipulation for _all_ builds, not just the TLS libraries. Shows up on MacOS where there's a system OpenSSL but not system OpenSSL headers (because only SecureTransport is supported) and using brew-installed OpenSSL. I've also coded the fix for GnuTLS on the same basis, but that's untested. Fixes bug 1906
2016-10-15New: queuefile transport, under EXPERIMENTAL_QUEUEFILEAndrew Colin Kissa
2016-10-12Docs: add warning on SNI-dependent certfile expansion needing a good defaultJeremy Harris
2016-10-09Docs: add section on builtin macrosJeremy Harris
2016-10-08DH parameters update, new values & defaultexim-4_88_RC2Phil Pennock
* Add three new Exim-specific DH parameter constants; state provenance, but no way for others to verify; this is a signed commit, which is about as much as we can do for the truly paranoid: provide an audit trail. * Add the RFC 7919 DH primes + No TLS feature negotiation, per 7919, but the DH primes can be used if folks so choose * Fixed broken format string in util/gen_pkcs3.c * Tried to make gen_pkcs3.c support q values. + Turns out, q doesn't affect the PEM and that's not a mistake in my initialisation; I've checked with a cryptographer, we're losing some server-side optimizations but not any security properties for our scenario. Fixes: 1895
2016-10-08Fix callouts connection fallback from TLS to cleartext. Bug 1897Jeremy Harris
2016-10-05Docs: add another index entry for delay_warningJeremy Harris
2016-10-02Logging: connection_reject log selector should apply also to the connect aclJeremy Harris
2016-09-28Refactor driver feature-macro generation to be driven by existing tablesJeremy Harris
Would like to do lookup drivers too but unsure about dyn-linked variants
2016-09-28Default to filesystem space/inode checking enabledJeremy Harris
2016-09-25Add automatic macros for config-file options. Bug 1819Jeremy Harris
2016-09-25Docs: fix quotesJeremy Harris
2016-09-23Doc: add clarification for DKIM exampleexim-4_88_RC1Jeremy Harris
2016-09-22Defend against symlink attack by another process running as eximJeremy Harris
Reported-by: http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/
2016-09-22Routing: avoid doing the one_time replacement operation when a redirect ↵Jeremy Harris
leaves the address unchanged When done, in combination with a defer the retry would see the address as delivered, hence losing mail.
2016-09-18ACL: merge the tables used for codition/modifier decodeJeremy Harris
2016-09-18 ACL: bsearch for controlsJeremy Harris
2016-09-15Docs: mention Perl manpages for PCRE. Bug 1881Jeremy Harris
2016-09-11Log EHLO response on getting conn-close response for HELO. Bug 1832Jeremy Harris
2016-09-05Cutthrough: option to reflect 4xx errors from target to initiatorJeremy Harris
2016-09-03Docs: prettify code examples. Bug 1284Jeremy Harris
2016-09-03Docs: add note on strict DKIM verificationJeremy Harris
2016-09-01Support "G" multiplier on integer configuration valuesJeremy Harris
2016-08-22Add automatic macros for compile-time feature optionsJeremy Harris
2016-08-18Delivery: fix transmission down an already-open connection, whenJeremy Harris
one of the group of addresses is unsuitable for it. Bug 1874 Broken-by: 3070ceeeed05, fa41615da702.
2016-08-17Delivery: same-host checking for transport runs should include port from ↵Jeremy Harris
address give by routing
2016-08-14DMARC: send forensic reports for reject & quarantine results, and "none" ↵Tony Meyer
policy. Bug 1846
2016-08-14Expansions: new ${escape8bit:<string>} operator. Bug 1863Jeremy Harris
2016-08-14LMDB: introduce as Experimental. Bug 1856Andrew Colin Kissa
2016-08-11ACL: Ensure that acl_smtp_notquit is called for a conndrop between ↵Jasen Betts
data-go-ahead and data-ack. Bug 1872
2016-08-09Docs: more index entries for header linesJeremy Harris
2016-08-08Radius: Fix authentication for Radius libraries that return REJECT_RC. Bug 1850Leonhard Knauff
2016-08-06Routing: in a dnslookup, fix fail_defer_domains to defer on missing MX ↵Jeremy Harris
record. Bug 1867