summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2014-05-03More debug outputJeremy Harris
2014-05-02Certificate variables and field-extractor expansions. Bug 1358Jeremy Harris
2014-05-01Support dnssec in verify-callout use of smtp transport.Jeremy Harris
Use of dnslookup router support is already present.
2014-05-01Cancel in-progress or reject requeted cutthrough when fakereject. Bug 1475Jeremy Harris
2014-04-29Merge branch 'master' of ssh://git.exim.org/home/git/eximTodd Lyons
2014-04-29Bug 1454: Option -oMm for message referenceHeiko Schlichting
Includes docs and test suite
2014-04-27Add options dnssec_request_domains, dnssec_require_domains to the smtp transportJeremy Harris
Note there are no testsuite cases included. TODO in this area: - dnssec during verify-callouts - dnssec on the forward lookup of a verify=helo and verify=reverse_host_lookup
2014-04-24Support OCSP Stapling under GnuTLS. Bug 1459Jeremy Harris
Requires GnuTLS version 3.1.3 or later. Under EXPERIMENTAL_OCSP
2014-04-24Dnssec observability: add variable $lookup_dnssec_authenticatedJeremy Harris
2014-04-24Bug 609: Add -C option to exiqgrepLars Timmann
Option is a passthrough to the exim process that it spawns that generates the queue list. Fixed Conflicts: doc/doc-txt/ChangeLog
2014-04-24dnssec_strict, _lax, _never modifiers for dnsdb lookupsJeremy Harris
Lacking testsuite coverage
2014-04-23Bug 1453: Add SERVERS ldap server list overrideHeiko Schlichting
2014-04-22exiqgrep: add -a to use all recipients (including delivered)mg
2014-04-21Fix testcase "server missing/empty certificate file"Jeremy Harris
GnuTLS early versions (pre 3.0.0 ?) fail to send a reasonable client-cert request when tls_verify_certificates is an empty file. Since the test is for missing *server* certs (tls_certificate) avoid this by pointing to a real (if non-verifying) cert in tls_verify_certificates.
2014-04-21Fix DISABLE_DNSSEC buildJeremy Harris
Bad syntax possibly only affected some compilers.
2014-04-20Add options dnssec_request_domains, dnssec_require_domains to the dnslookup ↵Jeremy Harris
router Note there are no testsuite cases included. TODO in this area: - dnssec during verify-callouts - dnssec during dnsdb expansions - dnssec on the forward lookup of a verify=helo and verify=reverse_host_lookup - observability of status of requested dnssec
2014-04-20Fix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455Jeremy Harris
The split of these variables into _in and _out sets introduced by d9b231 in 4.82 was incomplete, leaving the deprecated legacy variables nonfunctional during a transport and associated client authenticator. Fix by repointing the legacy set to the outbound connection set at transport startup (and do not clear out the inbound set at this time, either).
2014-04-19Copyright year updates:Todd Lyons
vim $(git whatchanged --since=2014-01-01 | grep '^:100' | sed 's/^[^M]*M//' | sort -u | fgrep -v test/)
2014-04-19Fix Proxy Protocol v2 handlingTodd Lyons
Change recv() to not use MSGPEEK and eliminated flush_input(). Add proxy_target_address/port expansions. Convert ipv6 decoding to memmove(). Use sizeof() for variable sizing. Correct struct member access. Enhance debug output when passed invalid command/family. Add to and enhance documentation. Client script to test Proxy Protocol, interactive on STDIN/STDOUT, so can be chained (ie a swaks pipe), useful for any service, not just Exim and/or smtp.
2014-04-19Fix logging of nomailJeremy Harris
When built with TLS support, non-TLS connections not resulting in mail transfer were crashing while building a log line. Fix by not returning a non-extensible string from the routine added in 67d81c1.
2014-04-15Bail configuration on missing packagePhil Pennock
If we're configured to use pkg-config (or pcre-config) and the tool is not available or does not know about the package we ask for, that should be a fatal configuration error. We should not silently ignore the missing package, then try to compile, and have missing header warnings from the compiler. Eg, if we're told to support GSASL, we'll try to compile the client code, and without compiler flags, we'll either fail to compile (missing headers) or fail to link, which obscures the source of the errors. This change will only break people who had builds set to have Exim depend upon non-existent packages, and that _needs_ to break.
2014-04-15Report OpenSSL build date too.Phil Pennock
Adjust `-d -bV` output for OpenSSL to include library build date. Some OS packagers have backported heartbleed security fixes without changing anything in the reported version number. The closest we can get to a reassuring sign for administrators is to report the OpenSSL library build date, as picked by the library which Exim is using at run time. ``` Library version: OpenSSL: Compile: OpenSSL 1.0.1g 7 Apr 2014 Runtime: OpenSSL 1.0.1g 7 Apr 2014 : built on: Mon Apr 7 15:08:30 PDT 2014 ``` For comparison, the version information for OpenSSL on Ubuntu (where Exim is by default built with GnuTLS, but this provides for context for comparison): ``` $ openssl version -v -b OpenSSL 1.0.1 14 Mar 2012 built on: Mon Apr 7 20:33:29 UTC 2014 ``` GnuTLS: the closest I can find to a runtime value is the call we are already making; if an OS vendor patches GnuTLS without changing the version which would be returned by `gnutls_check_version(NULL)` then the sysadmin is SOL and will have to explore library linkages more carefully.
2014-04-15Make dmarc code c89 compliantTodd Lyons
2014-04-15Add back deprecated SPF error conditionsTodd Lyons
Previous patch introduced a change that could break existing SPF configurations. Add back the two non-standard "err_temp" and "err_perm" result values, with note that it is deprecated and will be removed in a future release.
2014-04-15Add expansion for DMARC policyTodd Lyons
New variable is $dmarc_domain_policy
2014-04-14Update ${utf8clean }. Bug 1401Axel Rau
2014-04-13Fix build for update on library component.Jeremy Harris
When, eg, the smtp transport is changed the transports library must be rebuilt. Fix the main makefile to not assume that the date on the library .a is sufficient, but always call the library subdir makefiles.
2014-04-09More care with headers add/remove lists. Bug 1452Jeremy Harris
As a side-effect, playing games with newlines no longer gives an altered message body/ Testcase 0324 is questionable (though passing)
2014-04-09dnsdb tlsa lookupTodd Lyons
2014-03-26Print support for Experimental Proxy with -bVTodd Lyons
2014-03-23Fix string_unprinting()Jeremy Harris
2014-03-20Future-proof OpenSSL version string. Bug 1421Jeremy Harris
2014-03-19Add tls_verify_hosts and tls_try_verify_hosts to smtp transport, GnuTLS.Wolfgang Breyha
2014-03-18Fix ACL "condition =" for negative number values. Bug 1005Jeremy Harris
Fix conditional "bool{<string>}" for negative number values, to match.
2014-03-16Enforce that only smtp transports can be used for verify callouts. Bug 1445Heiko Schlittermann
2014-03-16Support transport-added headers under cutthrough delivery. Bug 1431Jeremy Harris
2014-03-15Add tls_verify_hosts and tls_try_verify_hosts to smtp transport. Bug 1371Wolfgang Breyha
Code by Wolfgang Breyha, docs and testsuite by Jeremy Harris
2014-03-11Fix DISABLE_DKIM buildJeremy Harris
Reported-by: heiko.schlichting@fu-berlin.de Broken-in: 6e62c454 - jgh146exb@wizmail.org
2014-03-09Refactor malware.c and introduce new scanner type "sock". Bugs 1418 and 1396Jeremy Harris
2014-03-09Log port and TLS details for a failed deliveryJeremy Harris
2014-03-09Log incoming-TLS details on rejects. Bug 305Jeremy Harris
2014-03-08${utf8clean:string} expansion operator. Bug 1401Axel Rau
2014-03-06Change strings of SPF result to conform to RFC 4408Todd Lyons
Introduces a small backwards incompatible change to two results, err_temp to temperror and err_perm to permerror.
2014-03-06Code for verify=header_names_asciiMichael Fischer v. Mollard
Documentation and test included. Fixed Conflicts: doc/doc-txt/ChangeLog
2014-03-05Support log_selector smtp_confirmation for the lmtp transport. Bug 1157Wolfgang Breyha
2014-03-01Fix parallel make. Bug 1446Jeremy Harris
from work by Heiko Schlittermann
2014-02-26Add tls_verify_hosts and tls_try_verify_hosts to smtp transportWolfgang Breyha
Patch version 2
2014-02-09Fix build on systems having ipv6 but lacking an IPV6_TCLASS define (GNU ↵Jeremy Harris
Hurd). Bug 1441 By Samuel Thibault
2014-01-26Fix tls_verify_certificates in gnutls use. Bug 1413.Jeremy Harris
Patch by W.Breyha, tested by H.Schlittermann
2014-01-14Bugzilla 1433: Fix DMARC SEGVWolfgang Breyha
Properly escape value passed to expand_string(). Check for NULL return from expand_string().