From d85cdeb5e554b59bf4c43c54461409c15c6ee9c5 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 12 Oct 2019 12:48:44 +0100 Subject: Reduce delivery process startup time --- doc/doc-txt/ChangeLog | 8 +++++ src/src/daemon.c | 14 +++++++++ src/src/deliver.c | 43 ++------------------------ src/src/dkim.c | 6 ++++ src/src/exim.c | 43 +++++++++++--------------- src/src/functions.h | 4 ++- src/src/globals.c | 1 + src/src/globals.h | 1 + src/src/readconf.c | 79 ----------------------------------------------- src/src/tls-gnu.c | 36 ++++++++++++++++----- src/src/tls.c | 75 ++++++++++++++++++++++++++++++++++++++++++++ src/src/transports/smtp.c | 45 +++++++++++++++++++++++++++ src/src/verify.c | 4 +++ test/log/2120 | 4 --- 14 files changed, 206 insertions(+), 157 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 93f4a1eb2..9a27e144c 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -5,6 +5,14 @@ affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.next +------------------- + +JH/01 Avoid costly startup code when not strictly needed. This reduces time + for some exim process initialisations. It does mean that the logging + of TLS configuration problems is only done for the daemon startup. + + Exim version 4.93 ----------------- diff --git a/src/src/daemon.c b/src/src/daemon.c index 99fa909d2..3fc73babe 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -1740,6 +1740,20 @@ else (eg: compile regex) */ dns_pattern_init(); +smtp_deliver_init(); /* Used for callouts */ + +#ifndef DISABLE_DKIM + { +# ifdef MEASURE_TIMING + struct timeval t0; + gettimeofday(&t0, NULL); +# endif + dkim_exim_init(); +# ifdef MEASURE_TIMING + report_time_since(&t0, US"dkim_exim_init (delta)"); +# endif + } +#endif #ifdef WITH_CONTENT_SCAN malware_init(); diff --git a/src/src/deliver.c b/src/src/deliver.c index e228a0bfd..5fc748141 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -7146,7 +7146,7 @@ if (addr_remote) /* Precompile some regex that are used to recognize parameters in response to an EHLO command, if they aren't already compiled. */ - deliver_init(); + smtp_deliver_init(); /* Now sort the addresses if required, and do the deliveries. The yield of do_remote_deliveries is FALSE when mua_wrapper is set and all addresses @@ -8484,52 +8484,13 @@ return final_yield; void -deliver_init(void) +tcp_init(void) { #ifdef EXIM_TFO_PROBE tfo_probe(); #else f.tcp_fastopen_ok = TRUE; #endif - - -if (!regex_PIPELINING) regex_PIPELINING = - regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_SIZE) regex_SIZE = - regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_AUTH) regex_AUTH = - regex_must_compile(AUTHS_REGEX, FALSE, TRUE); - -#ifndef DISABLE_TLS -if (!regex_STARTTLS) regex_STARTTLS = - regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); -#endif - -if (!regex_CHUNKING) regex_CHUNKING = - regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)", FALSE, TRUE); - -#ifndef DISABLE_PRDR -if (!regex_PRDR) regex_PRDR = - regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); -#endif - -#ifdef SUPPORT_I18N -if (!regex_UTF8) regex_UTF8 = - regex_must_compile(US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE); -#endif - -if (!regex_DSN) regex_DSN = - regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE); - -if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA = - regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE); - -#ifdef SUPPORT_PIPE_CONNECT -if (!regex_EARLY_PIPE) regex_EARLY_PIPE = - regex_must_compile(US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)", FALSE, TRUE); -#endif } diff --git a/src/src/dkim.c b/src/src/dkim.c index 065170444..5c9d2279e 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -95,6 +95,8 @@ return NULL; /*XXX better error detail? logging? */ void dkim_exim_init(void) { +if (f.dkim_init_done) return; +f.dkim_init_done = TRUE; pdkim_init(); } @@ -103,6 +105,8 @@ pdkim_init(); void dkim_exim_verify_init(BOOL dot_stuffing) { +dkim_exim_init(); + /* There is a store-reset between header & body reception so cannot use the main pool. Any allocs done by Exim memory-handling must use the perm pool. */ @@ -569,6 +573,8 @@ void dkim_exim_sign_init(void) { int old_pool = store_pool; + +dkim_exim_init(); store_pool = POOL_MAIN; pdkim_init_context(&dkim_sign_ctx, FALSE, &dkim_exim_query_dns_txt); store_pool = old_pool; diff --git a/src/src/exim.c b/src/src/exim.c index 2b6297bf5..68734e35c 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -920,7 +920,7 @@ fprintf(fp, "Support for:"); fprintf(fp, " DMARC"); #endif #ifdef TCP_FASTOPEN - deliver_init(); + tcp_init(); if (f.tcp_fastopen_ok) fprintf(fp, " TCP_Fast_Open"); #endif #ifdef EXPERIMENTAL_LMDB @@ -4480,31 +4480,9 @@ if (list_config) } -/* Initialise subsystems as required */ -#ifndef DISABLE_DKIM - { -# ifdef MEASURE_TIMING - struct timeval t0; - gettimeofday(&t0, NULL); -# endif - dkim_exim_init(); -# ifdef MEASURE_TIMING - report_time_since(&t0, US"dkim_exim_init (delta)"); -# endif - } -#endif - - { -#ifdef MEASURE_TIMING - struct timeval t0; - gettimeofday(&t0, NULL); -#endif - deliver_init(); -#ifdef MEASURE_TIMING - report_time_since(&t0, US"deliver_init (delta)"); -#endif - } +/* Initialise subsystems as required. */ +tcp_init(); /* Handle a request to deliver one or more messages that are already on the queue. Values of msg_action other than MSG_DELIVER and MSG_LOAD are dealt with @@ -4699,6 +4677,21 @@ if (f.daemon_listen || f.inetd_wait_mode || queue_interval > 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Daemon cannot be run when " "mua_wrapper is set"); } + + /* This also checks that the library linkage is working and we can call + routines in it, so call even if tls_require_ciphers is unset */ + { +#ifdef MEASURE_TIMING + struct timeval t0, diff; + (void)gettimeofday(&t0, NULL); +#endif + if (!tls_dropprivs_validate_require_cipher(FALSE)) + exit(1); +#ifdef MEASURE_TIMING + report_time_since(&t0, US"validate_ciphers (delta)"); +#endif + } + daemon_go(); } diff --git a/src/src/functions.h b/src/src/functions.h index 37f6b1b6f..488e84c6c 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -54,6 +54,7 @@ extern BOOL tls_client_start(client_conn_ctx *, smtp_connect_args *, extern void tls_close(void *, int); extern BOOL tls_could_read(void); extern void tls_daemon_init(void); +extern BOOL tls_dropprivs_validate_require_cipher(BOOL); extern BOOL tls_export_cert(uschar *, size_t, void *); extern int tls_feof(void); extern int tls_ferror(void); @@ -175,7 +176,6 @@ extern void debug_vprintf(int, const char *, va_list); extern void decode_bits(unsigned int *, size_t, int *, uschar *, bit_table *, int, uschar *, int); extern address_item *deliver_make_addr(uschar *, BOOL); -extern void deliver_init(void); extern void delivery_log(int, address_item *, int, uschar *); extern int deliver_message(uschar *, BOOL, BOOL); extern void deliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2); @@ -445,6 +445,7 @@ extern void smtp_command_timeout_exit(void) NORETURN; extern void smtp_command_sigterm_exit(void) NORETURN; extern void smtp_data_timeout_exit(void) NORETURN; extern void smtp_data_sigint_exit(void) NORETURN; +extern void smtp_deliver_init(void); extern uschar *smtp_cmd_hist(void); extern int smtp_connect(smtp_connect_args *, const blob *); extern int smtp_sock_connect(host_item *, int, int, uschar *, @@ -538,6 +539,7 @@ extern int strcmpic(const uschar *, const uschar *); extern int strncmpic(const uschar *, const uschar *, int); extern uschar *strstric(uschar *, uschar *, BOOL); +extern void tcp_init(void); #ifdef EXIM_TFO_PROBE extern void tfo_probe(void); #endif diff --git a/src/src/globals.c b/src/src/globals.c index 24281f239..302e18eb3 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -238,6 +238,7 @@ struct global_flags f = .disable_logging = FALSE, #ifndef DISABLE_DKIM .dkim_disable_verify = FALSE, + .dkim_init_done = FALSE, #endif #ifdef SUPPORT_DMARC .dmarc_has_been_checked = FALSE, diff --git a/src/src/globals.h b/src/src/globals.h index e4725a719..27a4bd9e0 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -198,6 +198,7 @@ extern struct global_flags { BOOL disable_logging :1; /* Disables log writing when TRUE */ #ifndef DISABLE_DKIM BOOL dkim_disable_verify :1; /* Set via ACL control statement. When set, DKIM verification is disabled for the current message */ + BOOL dkim_init_done :1; /* lazy-init status */ #endif #ifdef SUPPORT_DMARC BOOL dmarc_has_been_checked :1; /* Global variable to check if test has been called yet */ diff --git a/src/src/readconf.c b/src/src/readconf.c index 2f78cd746..daa88d010 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -3074,80 +3074,6 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malformed ratelimit data: %s", s); -/************************************************* -* Drop privs for checking TLS config * -*************************************************/ - -/* We want to validate TLS options during readconf, but do not want to be -root when we call into the TLS library, in case of library linkage errors -which cause segfaults; before this check, those were always done as the Exim -runtime user and it makes sense to continue with that. - -Assumes: tls_require_ciphers has been set, if it will be - exim_user has been set, if it will be - exim_group has been set, if it will be - -Returns: bool for "okay"; false will cause caller to immediately exit. -*/ - -#ifndef DISABLE_TLS -static BOOL -tls_dropprivs_validate_require_cipher(BOOL nowarn) -{ -const uschar *errmsg; -pid_t pid; -int rc, status; -void (*oldsignal)(int); - -/* If TLS will never be used, no point checking ciphers */ - -if ( !tls_advertise_hosts - || !*tls_advertise_hosts - || Ustrcmp(tls_advertise_hosts, ":") == 0 - ) - return TRUE; -else if (!nowarn && !tls_certificate) - log_write(0, LOG_MAIN, - "Warning: No server certificate defined; will use a selfsigned one.\n" - " Suggested action: either install a certificate or change tls_advertise_hosts option"); - -oldsignal = signal(SIGCHLD, SIG_DFL); - -fflush(NULL); -if ((pid = fork()) < 0) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for TLS check"); - -if (pid == 0) - { - /* in some modes, will have dropped privilege already */ - if (!geteuid()) - exim_setugid(exim_uid, exim_gid, FALSE, - US"calling tls_validate_require_cipher"); - - if ((errmsg = tls_validate_require_cipher())) - log_write(0, LOG_PANIC_DIE|LOG_CONFIG, - "tls_require_ciphers invalid: %s", errmsg); - fflush(NULL); - exim_underbar_exit(0); - } - -do { - rc = waitpid(pid, &status, 0); -} while (rc < 0 && errno == EINTR); - -DEBUG(D_tls) - debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n", - (int)pid, status); - -signal(SIGCHLD, oldsignal); - -return status == 0; -} -#endif /*DISABLE_TLS*/ - - - - /************************************************* * Read main configuration options * *************************************************/ @@ -3658,11 +3584,6 @@ if ((tls_verify_hosts || tls_try_verify_hosts) && !tls_verify_certificates) "tls_%sverify_hosts is set, but tls_verify_certificates is not set", tls_verify_hosts ? "" : "try_"); -/* This also checks that the library linkage is working and we can call -routines in it, so call even if tls_require_ciphers is unset */ -if (!tls_dropprivs_validate_require_cipher(nowarn)) - exit(1); - /* Magic number: at time of writing, 1024 has been the long-standing value used by so many clients, and what Exim used to use always, that it makes sense to just min-clamp this max-clamp at that. */ diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index deeb04253..6cd9bf75b 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -2385,9 +2385,20 @@ and sent an SMTP response. */ DEBUG(D_tls) debug_printf("initialising GnuTLS as a server\n"); -if ((rc = tls_init(NULL, tls_certificate, tls_privatekey, - NULL, tls_verify_certificates, tls_crl, - require_ciphers, &state, &tls_in, errstr)) != OK) return rc; + { +#ifdef MEASURE_TIMING + struct timeval t0; + gettimeofday(&t0, NULL); +#endif + + if ((rc = tls_init(NULL, tls_certificate, tls_privatekey, + NULL, tls_verify_certificates, tls_crl, + require_ciphers, &state, &tls_in, errstr)) != OK) return rc; + +#ifdef MEASURE_TIMING + report_time_since(&t0, US"server tls_init (delta)"); +#endif + } #ifdef EXPERIMENTAL_TLS_RESUME tls_server_resume_prehandshake(state); @@ -2821,10 +2832,21 @@ if (conn_args->dane && ob->dane_require_tls_ciphers) if (!cipher_list) cipher_list = ob->tls_require_ciphers; -if (tls_init(host, ob->tls_certificate, ob->tls_privatekey, - ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl, - cipher_list, &state, tlsp, errstr) != OK) - return FALSE; + { +#ifdef MEASURE_TIMING + struct timeval t0; + gettimeofday(&t0, NULL); +#endif + + if (tls_init(host, ob->tls_certificate, ob->tls_privatekey, + ob->tls_sni, ob->tls_verify_certificates, ob->tls_crl, + cipher_list, &state, tlsp, errstr) != OK) + return FALSE; + +#ifdef MEASURE_TIMING + report_time_since(&t0, US"client tls_init (delta)"); +#endif + } { int dh_min_bits = ob->tls_dh_min_bits; diff --git a/src/src/tls.c b/src/src/tls.c index 796bc6d61..531d67950 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -369,6 +369,81 @@ else if ((subjdn = tls_cert_subject(cert, NULL))) } return FALSE; } + + + +/************************************************* +* Drop privs for checking TLS config * +*************************************************/ + +/* We want to validate TLS options during readconf, but do not want to be +root when we call into the TLS library, in case of library linkage errors +which cause segfaults; before this check, those were always done as the Exim +runtime user and it makes sense to continue with that. + +Assumes: tls_require_ciphers has been set, if it will be + exim_user has been set, if it will be + exim_group has been set, if it will be + +Returns: bool for "okay"; false will cause caller to immediately exit. +*/ + +BOOL +tls_dropprivs_validate_require_cipher(BOOL nowarn) +{ +const uschar *errmsg; +pid_t pid; +int rc, status; +void (*oldsignal)(int); + +/* If TLS will never be used, no point checking ciphers */ + +if ( !tls_advertise_hosts + || !*tls_advertise_hosts + || Ustrcmp(tls_advertise_hosts, ":") == 0 + ) + return TRUE; +else if (!nowarn && !tls_certificate) + log_write(0, LOG_MAIN, + "Warning: No server certificate defined; will use a selfsigned one.\n" + " Suggested action: either install a certificate or change tls_advertise_hosts option"); + +oldsignal = signal(SIGCHLD, SIG_DFL); + +fflush(NULL); +if ((pid = fork()) < 0) + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "fork failed for TLS check"); + +if (pid == 0) + { + /* in some modes, will have dropped privilege already */ + if (!geteuid()) + exim_setugid(exim_uid, exim_gid, FALSE, + US"calling tls_validate_require_cipher"); + + if ((errmsg = tls_validate_require_cipher())) + log_write(0, LOG_PANIC_DIE|LOG_CONFIG, + "tls_require_ciphers invalid: %s", errmsg); + fflush(NULL); + exim_underbar_exit(0); + } + +do { + rc = waitpid(pid, &status, 0); +} while (rc < 0 && errno == EINTR); + +DEBUG(D_tls) + debug_printf("tls_validate_require_cipher child %d ended: status=0x%x\n", + (int)pid, status); + +signal(SIGCHLD, oldsignal); + +return status == 0; +} + + + + #endif /*!DISABLE_TLS*/ #endif /*!MACRO_PREDEF*/ diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index c547c87fa..b45da05ad 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -357,6 +357,51 @@ static BOOL pipelining_active; /* current transaction is in pipe mode */ static unsigned ehlo_response(uschar * buf, unsigned checks); +/******************************************************************************/ + +void +smtp_deliver_init(void) +{ +if (!regex_PIPELINING) regex_PIPELINING = + regex_must_compile(US"\\n250[\\s\\-]PIPELINING(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_SIZE) regex_SIZE = + regex_must_compile(US"\\n250[\\s\\-]SIZE(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_AUTH) regex_AUTH = + regex_must_compile(AUTHS_REGEX, FALSE, TRUE); + +#ifndef DISABLE_TLS +if (!regex_STARTTLS) regex_STARTTLS = + regex_must_compile(US"\\n250[\\s\\-]STARTTLS(\\s|\\n|$)", FALSE, TRUE); +#endif + +if (!regex_CHUNKING) regex_CHUNKING = + regex_must_compile(US"\\n250[\\s\\-]CHUNKING(\\s|\\n|$)", FALSE, TRUE); + +#ifndef DISABLE_PRDR +if (!regex_PRDR) regex_PRDR = + regex_must_compile(US"\\n250[\\s\\-]PRDR(\\s|\\n|$)", FALSE, TRUE); +#endif + +#ifdef SUPPORT_I18N +if (!regex_UTF8) regex_UTF8 = + regex_must_compile(US"\\n250[\\s\\-]SMTPUTF8(\\s|\\n|$)", FALSE, TRUE); +#endif + +if (!regex_DSN) regex_DSN = + regex_must_compile(US"\\n250[\\s\\-]DSN(\\s|\\n|$)", FALSE, TRUE); + +if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA = + regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE); + +#ifdef SUPPORT_PIPE_CONNECT +if (!regex_EARLY_PIPE) regex_EARLY_PIPE = + regex_must_compile(US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)", FALSE, TRUE); +#endif +} + + /************************************************* * Setup entry point * *************************************************/ diff --git a/src/src/verify.c b/src/src/verify.c index 384739b2b..1a44de1ea 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -586,6 +586,10 @@ else log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand " "callout_random_local_part: %s", expand_string_message); + /* Compile regex' used by client-side smtp */ + + smtp_deliver_init(); + /* Default the connect and overall callout timeouts if not set, and record the time we are starting so that we can enforce it. */ diff --git a/test/log/2120 b/test/log/2120 index 6c4b0cac8..8057655d7 100644 --- a/test/log/2120 +++ b/test/log/2120 @@ -1,8 +1,4 @@ -1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one. - Suggested action: either install a certificate or change tls_advertise_hosts option 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@thishost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one. - Suggested action: either install a certificate or change tls_advertise_hosts option 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=0 error=self signed certificate cert=/C=UK/O=Exim Developers/CN=thishost.test.ex 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@thishost.test.ex R=abc T=t1 H=thishost.test.ex [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="/C=UK/O=Exim Developers/CN=thishost.test.ex" C="250 OK id=10HmaY-0005vi-00" -- cgit v1.2.3 From fa2a928fc8a0d1031cc93e03d9ec9125ff9751b5 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 12 Oct 2019 19:03:30 +0100 Subject: Dummies for Solaris build --- src/src/exim_dbutil.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/src/exim_dbutil.c b/src/src/exim_dbutil.c index 46219a8db..80f656530 100644 --- a/src/src/exim_dbutil.c +++ b/src/src/exim_dbutil.c @@ -46,6 +46,12 @@ uschar *spool_directory; /******************************************************************************/ /* dummies needed by Solaris build */ +void +millisleep(int msec) +{} +uschar * +readconf_printtime(int t) +{ return NULL; } gstring * string_vformat_trc(gstring * g, const uschar * func, unsigned line, unsigned size_limit, unsigned flags, const char *format, va_list ap) @@ -53,8 +59,11 @@ string_vformat_trc(gstring * g, const uschar * func, unsigned line, uschar * string_sprintf_trc(const char * fmt, const uschar * func, unsigned line, ...) { return NULL; } -BOOL split_spool_directory; -uschar * queue_name; + +struct global_flags f; +unsigned int log_selector[1]; +uschar * queue_name; +BOOL split_spool_directory; /******************************************************************************/ -- cgit v1.2.3 From 7ef88aa0c4c0608ee54ed2ff90b4b34c518d9bb5 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 13 Oct 2019 15:50:46 +0100 Subject: SRS: native implementation. Bug 1649 --- doc/doc-txt/NewStuff | 6 + doc/doc-txt/experimental-spec.txt | 75 ++++++++- src/src/EDITME | 4 + src/src/config.h.defaults | 1 + src/src/exim.c | 2 +- src/src/expand.c | 332 ++++++++++++++++++++++++++++++++------ src/src/globals.c | 3 + src/src/globals.h | 3 + src/src/macro_predef.c | 5 +- test/confs/4620 | 87 ++++++++++ test/log/4620 | 16 ++ test/mail/4620.CALLER | 56 +++++++ test/scripts/4620-SRS/4620 | 16 ++ test/scripts/4620-SRS/REQUIRES | 2 + 14 files changed, 559 insertions(+), 49 deletions(-) create mode 100644 test/confs/4620 create mode 100644 test/log/4620 create mode 100644 test/mail/4620.CALLER create mode 100644 test/scripts/4620-SRS/4620 create mode 100644 test/scripts/4620-SRS/REQUIRES diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index 4caa897e3..fd1ab8b3d 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -6,6 +6,12 @@ Before a formal release, there may be quite a lot of detail so that people can test from the snapshots or the Git before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.next +-------------- + + 1. EXPERIMENTAL_SRS_NATIVE optional build feature. See the experimental.spec + file. + Version 4.93 ------------ diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 373d9dc4c..e9a557aec 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -292,10 +292,11 @@ These four steps are explained in more details below. -SRS (Sender Rewriting Scheme) Support +SRS (Sender Rewriting Scheme) Support (using libsrs_alt) -------------------------------------------------------------- +See also below, for an alternative native support implementation. -Exiscan currently includes SRS support via Miles Wilton's +Exim currently includes SRS support via Miles Wilton's libsrs_alt library. The current version of the supported library is 0.5, there are reports of 1.0 working. @@ -343,6 +344,76 @@ For configuration information see https://github.com/Exim/exim/wiki/SRS . +SRS (Sender Rewriting Scheme) Support (native) +-------------------------------------------------------------- +This is less full-featured than the libsrs_alt version above. + +The Exim build needs to be done with this in Local/Makefile: +EXPERIMENTAL_SRS_NATIVE=yes + +The following are provided: +- an expansion item "srs_encode" + This takes three arguments: + - a site SRS secret + - the return_path + - the pre-forwarding domain + +- an expansion condition "inbound_srs" + This takes two arguments: the local_part to check, and a site SRS secret. + If the secret is zero-length, only the pattern of the local_part is checked. + The $srs_recipient variable is set as a side-effect. + +- an expansion variable $srs_recipient + This gets the original return_path encoded in the SRS'd local_part + +- predefined macros _HAVE_SRS and _HAVE_NATIVE_SRS + +Sample usage: + + #macro + SRS_SECRET = + + #routers + + outbound: + driver = dnslookup + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +my_domains + transport = ${if eq {$local_part@$domain} \ + {$original_local_part@$original_domain} \ + {remote_smtp} {remote_forwarded_smtp}} + + inbound_srs: + driver = redirect + senders = : + domains = +my_domains + # detect inbound bounces which are SRS'd, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + + inbound_srs_failure: + driver = redirect + senders = : + domains = +my_domains + # detect inbound bounces which look SRS'd but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + + #... further routers here + + + # transport; should look like the non-forward outbound + # one, plus the max_rcpt and return_path options + remote_forwarded_smtp: + driver = smtp + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + + + + DCC Support -------------------------------------------------------------- Distributed Checksum Clearinghouse; http://www.rhyolite.com/dcc/ diff --git a/src/src/EDITME b/src/src/EDITME index 45af21063..1d916a559 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -590,6 +590,10 @@ DISABLE_MAL_MKS=yes # CFLAGS += -I/usr/local/include # LDFLAGS += -lsrs_alt +# Uncomment the following lines to add SRS (Sender rewriting scheme) support +# using only native facilities. +# EXPERIMENTAL_SRS_NATIVE=yes + # Uncomment the following line to add DMARC checking capability, implemented # using libopendmarc libraries. You must have SPF and DKIM support enabled also. # SUPPORT_DMARC=yes diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index b94b36866..84837d527 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -204,6 +204,7 @@ Do not put spaces between # and the 'define'. #define EXPERIMENTAL_LMDB #define EXPERIMENTAL_QUEUEFILE #define EXPERIMENTAL_SRS +#define EXPERIMENTAL_SRS_NATIVE #define EXPERIMENTAL_TLS_RESUME diff --git a/src/src/exim.c b/src/src/exim.c index 68734e35c..1bd49a0d4 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -929,7 +929,7 @@ fprintf(fp, "Support for:"); #ifdef EXPERIMENTAL_QUEUEFILE fprintf(fp, " Experimental_QUEUEFILE"); #endif -#ifdef EXPERIMENTAL_SRS +#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE) fprintf(fp, " Experimental_SRS"); #endif #ifdef EXPERIMENTAL_ARC diff --git a/src/src/expand.c b/src/src/expand.c index 8be10c14f..e30756123 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -129,6 +129,9 @@ static uschar *item_table[] = { US"run", US"sg", US"sort", +#ifdef EXPERIMENTAL_SRS_NATIVE + US"srs_encode", +#endif US"substr", US"tr" }; @@ -160,6 +163,9 @@ enum { EITEM_RUN, EITEM_SG, EITEM_SORT, +#ifdef EXPERIMENTAL_SRS_NATIVE + EITEM_SRS_ENCODE, +#endif EITEM_SUBSTR, EITEM_TR }; @@ -323,6 +329,9 @@ static uschar *cond_table[] = { US"gei", US"gt", US"gti", +#ifdef EXPERIMENTAL_SRS_NATIVE + US"inbound_srs", +#endif US"inlist", US"inlisti", US"isip", @@ -373,6 +382,9 @@ enum { ECOND_STR_GEI, ECOND_STR_GT, ECOND_STR_GTI, +#ifdef EXPERIMENTAL_SRS_NATIVE + ECOND_INBOUND_SRS, +#endif ECOND_INLIST, ECOND_INLISTI, ECOND_ISIP, @@ -736,7 +748,11 @@ static var_entry var_table[] = { { "srs_db_key", vtype_stringptr, &srs_db_key }, { "srs_orig_recipient", vtype_stringptr, &srs_orig_recipient }, { "srs_orig_sender", vtype_stringptr, &srs_orig_sender }, +#endif +#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE) { "srs_recipient", vtype_stringptr, &srs_recipient }, +#endif +#ifdef EXPERIMENTAL_SRS { "srs_status", vtype_stringptr, &srs_status }, #endif { "thisaddress", vtype_stringptr, &filter_thisaddress }, @@ -2292,6 +2308,127 @@ return chop_match(name, cond_table, nelem(cond_table)); } +/************************************************* +* Handle MD5 or SHA-1 computation for HMAC * +*************************************************/ + +/* These are some wrapping functions that enable the HMAC code to be a bit +cleaner. A good compiler will spot the tail recursion. + +Arguments: + type HMAC_MD5 or HMAC_SHA1 + remaining are as for the cryptographic hash functions + +Returns: nothing +*/ + +static void +chash_start(int type, void * base) +{ +if (type == HMAC_MD5) + md5_start((md5 *)base); +else + sha1_start((hctx *)base); +} + +static void +chash_mid(int type, void * base, const uschar * string) +{ +if (type == HMAC_MD5) + md5_mid((md5 *)base, string); +else + sha1_mid((hctx *)base, string); +} + +static void +chash_end(int type, void * base, const uschar * string, int length, + uschar * digest) +{ +if (type == HMAC_MD5) + md5_end((md5 *)base, string, length, digest); +else + sha1_end((hctx *)base, string, length, digest); +} + + + + +/* Do an hmac_md5. The result is _not_ nul-terminated, and is sized as +the smaller of a full hmac_md5 result (16 bytes) or the supplied output buffer. + +Arguments: + key encoding key, nul-terminated + src data to be hashed, nul-terminated + buf output buffer + len size of output buffer +*/ + +static void +hmac_md5(const uschar * key, const uschar * src, uschar * buf, unsigned len) +{ +md5 md5_base; +const uschar * keyptr; +uschar * p; +unsigned int keylen; + +#define MD5_HASHLEN 16 +#define MD5_HASHBLOCKLEN 64 + +uschar keyhash[MD5_HASHLEN]; +uschar innerhash[MD5_HASHLEN]; +uschar finalhash[MD5_HASHLEN]; +uschar innerkey[MD5_HASHBLOCKLEN]; +uschar outerkey[MD5_HASHBLOCKLEN]; + +keyptr = key; +keylen = Ustrlen(keyptr); + +/* If the key is longer than the hash block length, then hash the key +first */ + +if (keylen > MD5_HASHBLOCKLEN) + { + chash_start(HMAC_MD5, &md5_base); + chash_end(HMAC_MD5, &md5_base, keyptr, keylen, keyhash); + keyptr = keyhash; + keylen = MD5_HASHLEN; + } + +/* Now make the inner and outer key values */ + +memset(innerkey, 0x36, MD5_HASHBLOCKLEN); +memset(outerkey, 0x5c, MD5_HASHBLOCKLEN); + +for (int i = 0; i < keylen; i++) + { + innerkey[i] ^= keyptr[i]; + outerkey[i] ^= keyptr[i]; + } + +/* Now do the hashes */ + +chash_start(HMAC_MD5, &md5_base); +chash_mid(HMAC_MD5, &md5_base, innerkey); +chash_end(HMAC_MD5, &md5_base, src, Ustrlen(src), innerhash); + +chash_start(HMAC_MD5, &md5_base); +chash_mid(HMAC_MD5, &md5_base, outerkey); +chash_end(HMAC_MD5, &md5_base, innerhash, MD5_HASHLEN, finalhash); + +/* Encode the final hash as a hex string, limited by output buffer size */ + +p = buf; +for (int i = 0, j = len; i < MD5_HASHLEN; i++) + { + if (j-- <= 0) break; + *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4]; + if (j-- <= 0) break; + *p++ = hex_digits[finalhash[i] & 0x0f]; + } +return; +} + + /************************************************* * Read and evaluate a condition * *************************************************/ @@ -3229,6 +3366,100 @@ switch(cond_type = identify_operator(&s, &opname)) return s; } +#ifdef EXPERIMENTAL_SRS_NATIVE + case ECOND_INBOUND_SRS: + /* ${if inbound_srs {local_part}{secret} {yes}{no}} */ + { + uschar * sub[2]; + const pcre * re; + int ovec[3*(4+1)]; + int n; + uschar cksum[4]; + BOOL boolvalue = FALSE; + + switch(read_subs(sub, 2, 2, CUSS &s, yield == NULL, FALSE, US"inbound_srs", resetok)) + { + case 1: expand_string_message = US"too few arguments or bracketing " + "error for inbound_srs"; + case 2: + case 3: return NULL; + } + + /* Match the given local_part against the SRS-encoded pattern */ + + re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)$", + TRUE, FALSE); + if (pcre_exec(re, NULL, CS sub[0], Ustrlen(sub[0]), 0, PCRE_EOPT, + ovec, nelem(ovec)) < 0) + { + DEBUG(D_expand) debug_printf("no match for SRS'd local-part pattern\n"); + goto srs_result; + } + + /* Side-effect: record the decoded recipient */ + + srs_recipient = string_sprintf("%.*S@%.*S", /* lowercased */ + ovec[9]-ovec[8], sub[0] + ovec[8], /* substring 4 */ + ovec[7]-ovec[6], sub[0] + ovec[6]); /* substring 3 */ + + /* If a zero-length secret was given, we're done. Otherwise carry on + and validate the given SRS local_part againt our secret. */ + + if (!*sub[1]) + { + boolvalue = TRUE; + goto srs_result; + } + + /* check the timestamp */ + { + struct timeval now; + uschar * ss = sub[0] + ovec[4]; /* substring 2, the timestamp */ + long d; + + gettimeofday(&now, NULL); + now.tv_sec /= 86400; /* days since epoch */ + + /* Decode substring 2 from base32 to a number */ + + for (d = 0, n = ovec[5]-ovec[4]; n; n--) + { + uschar * t = Ustrchr(base32_chars, *ss++); + d = d * 32 + (t - base32_chars); + } + + if (((now.tv_sec - d) & 0x3ff) > 10) /* days since SRS generated */ + { + DEBUG(D_expand) debug_printf("SRS too old\n"); + goto srs_result; + } + } + + /* check length of substring 1, the offered checksum */ + + if (ovec[3]-ovec[2] != 4) + { + DEBUG(D_expand) debug_printf("SRS checksum wrong size\n"); + goto srs_result; + } + + /* Hash the address with our secret, and compare that computed checksum + with the one extracted from the arg */ + + hmac_md5(sub[1], srs_recipient, cksum, sizeof(cksum)); + if (Ustrncmp(cksum, sub[0] + ovec[2], 4) != 0) + { + DEBUG(D_expand) debug_printf("SRS checksum mismatch\n"); + goto srs_result; + } + boolvalue = TRUE; + +srs_result: + if (yield) *yield = (boolvalue == testfor); + return s; + } +#endif /*EXPERIMENTAL_SRS_NATIVE*/ + /* Unknown condition */ default: @@ -3501,51 +3732,6 @@ FAILED: -/************************************************* -* Handle MD5 or SHA-1 computation for HMAC * -*************************************************/ - -/* These are some wrapping functions that enable the HMAC code to be a bit -cleaner. A good compiler will spot the tail recursion. - -Arguments: - type HMAC_MD5 or HMAC_SHA1 - remaining are as for the cryptographic hash functions - -Returns: nothing -*/ - -static void -chash_start(int type, void *base) -{ -if (type == HMAC_MD5) - md5_start((md5 *)base); -else - sha1_start((hctx *)base); -} - -static void -chash_mid(int type, void *base, uschar *string) -{ -if (type == HMAC_MD5) - md5_mid((md5 *)base, string); -else - sha1_mid((hctx *)base, string); -} - -static void -chash_end(int type, void *base, uschar *string, int length, uschar *digest) -{ -if (type == HMAC_MD5) - md5_end((md5 *)base, string, length, digest); -else - sha1_end((hctx *)base, string, length, digest); -} - - - - - /******************************************************** * prvs: Get last three digits of days since Jan 1, 1970 * ********************************************************/ @@ -6668,6 +6854,62 @@ while (*s != 0) } continue; } + +#ifdef EXPERIMENTAL_SRS_NATIVE + case EITEM_SRS_ENCODE: + /* ${srs_encode {secret} {return_path} {orig_domain}} */ + { + uschar * sub[3]; + uschar cksum[4]; + + switch (read_subs(sub, 3, 3, CUSS &s, skipping, TRUE, name, &resetok)) + { + case 1: goto EXPAND_FAILED_CURLY; + case 2: + case 3: goto EXPAND_FAILED; + } + + yield = string_catn(yield, US"SRS0=", 5); + + /* ${l_4:${hmac{md5}{SRS_SECRET}{${lc:$return_path}}}}= */ + hmac_md5(sub[0], string_copylc(sub[1]), cksum, sizeof(cksum)); + yield = string_catn(yield, cksum, sizeof(cksum)); + yield = string_catn(yield, US"=", 1); + + /* ${base32:${eval:$tod_epoch/86400&0x3ff}}= */ + { + struct timeval now; + unsigned long i; + gstring * g = NULL; + + gettimeofday(&now, NULL); + for (unsigned long i = (now.tv_sec / 86400) & 0x3ff; i; i >>= 5) + g = string_catn(g, &base32_chars[i & 0x1f], 1); + if (g) while (g->ptr > 0) + yield = string_catn(yield, &g->s[--g->ptr], 1); + } + yield = string_catn(yield, US"=", 1); + + /* ${domain:$return_path}=${local_part:$return_path} */ + { + int start, end, domain; + uschar * t = parse_extract_address(sub[1], &expand_string_message, + &start, &end, &domain, FALSE); + if (!t) + goto EXPAND_FAILED; + + if (domain > 0) yield = string_cat(yield, t + domain); + yield = string_catn(yield, US"=", 1); + yield = domain > 0 + ? string_catn(yield, t, domain - 1) : string_cat(yield, t); + } + + /* @$original_domain */ + yield = string_catn(yield, US"@", 1); + yield = string_cat(yield, sub[2]); + continue; + } +#endif /*EXPERIMENTAL_SRS_NATIVE*/ } /* EITEM_* switch */ /* Control reaches here if the name is not recognized as one of the more diff --git a/src/src/globals.c b/src/src/globals.c index 302e18eb3..3540a9eba 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1498,6 +1498,9 @@ uschar *srs_recipient = NULL; uschar *srs_secrets = NULL; uschar *srs_status = NULL; #endif +#ifdef EXPERIMENTAL_SRS_NATIVE +uschar *srs_recipient = NULL; +#endif int string_datestamp_offset= -1; int string_datestamp_length= 0; int string_datestamp_type = -1; diff --git a/src/src/globals.h b/src/src/globals.h index 27a4bd9e0..ffc633f60 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -986,6 +986,9 @@ extern uschar *srs_status; /* SRS staus */ extern BOOL srs_usehash; /* SRS use hash flag */ extern BOOL srs_usetimestamp; /* SRS use timestamp flag */ #endif +#ifdef EXPERIMENTAL_SRS_NATIVE +extern uschar *srs_recipient; /* SRS recipient */ +#endif extern BOOL strict_acl_vars; /* ACL variables have to be set before being used */ extern int string_datestamp_offset;/* After insertion by string_format */ extern int string_datestamp_length;/* After insertion by string_format */ diff --git a/src/src/macro_predef.c b/src/src/macro_predef.c index e96fef938..e20ae89fe 100644 --- a/src/src/macro_predef.c +++ b/src/src/macro_predef.c @@ -182,9 +182,12 @@ due to conflicts with other common macros. */ #ifdef SUPPORT_SPF builtin_macro_create(US"_HAVE_SPF"); #endif -#ifdef EXPERIMENTAL_SRS +#if defined(EXPERIMENTAL_SRS) || defined(EXPERIMENTAL_SRS_NATIVE) builtin_macro_create(US"_HAVE_SRS"); #endif +#if defined(EXPERIMENTAL_SRS_NATIVE) + builtin_macro_create(US"_HAVE_NATIVE_SRS"); /* beware clash with _HAVE_SRS */ +#endif #ifdef EXPERIMENTAL_ARC builtin_macro_create(US"_HAVE_ARC"); #endif diff --git a/test/confs/4620 b/test/confs/4620 new file mode 100644 index 000000000..5b1175a53 --- /dev/null +++ b/test/confs/4620 @@ -0,0 +1,87 @@ +# Exim test configuration 4620 + +.include DIR/aux-var/std_conf_prefix + +SRS_SECRET = mysecret + +# ----- Main settings ----- + +acl_smtp_rcpt = accept + +domainlist local_domains = test.ex +domainlist remotesite_domains = remote.ex + +log_selector = +all_parents +received_recipients +queue_only + +# ----- Routers ----- + +begin routers + +remote_bouncer: + driver = redirect + condition = ${if eq {$sender_host_address}{127.0.0.1}} + data = :fail: account disabled + allow_fail + +external: + driver = manualroute + domains = !+local_domains + route_list = remote.ex 127.0.0.1::PORT_S + self = send + transport = ${if eq {$local_part@$domain} {$original_local_part@$original_domain} \ + {to_external} {forwarded_external}} + +inbound_srs: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which are SRS'd, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + +inbound_srs_failure: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which look SRS'd but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + + +local_redirect: + driver = redirect + local_parts = redirect + data = remote_user@remote.ex + +local: + driver = accept + transport = appendfile + + +# ----- Transports ----- + +begin transports + +to_external: + driver = smtp + +forwarded_external: + driver = smtp + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + + +appendfile: + driver = appendfile + file = DIR/test-mail/$local_part + user = CALLER + +# ----- Retry ----- + +begin retry + +* * F,5d,1d + +# End diff --git a/test/log/4620 b/test/log/4620 new file mode 100644 index 000000000..0a98c2712 --- /dev/null +++ b/test/log/4620 @@ -0,0 +1,16 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss for redirect@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => remote_user@remote.ex R=external T=forwarded_external H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmaY-0005vi-00 ** remote_user@remote.ex R=remote_bouncer: account disabled +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> R=10HmaY-0005vi-00 U=EXIMUSER P=local S=sss for SRS0=12a1=yg=the.local.host.name=CALLER@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER R=local T=appendfile +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:PORT_S +1999-03-02 09:44:33 10HmaY-0005vi-00 <= SRS0=12a1=yg=the.local.host.name=CALLER@test.ex H=localhost (the.local.host.name) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@the.local.host.name for remote_user@remote.ex diff --git a/test/mail/4620.CALLER b/test/mail/4620.CALLER new file mode 100644 index 000000000..b0a1372da --- /dev/null +++ b/test/mail/4620.CALLER @@ -0,0 +1,56 @@ +From MAILER-DAEMON Tue Mar 02 09:44:33 1999 +Received: from EXIMUSER by the.local.host.name with local (Exim x.yz) + id 10HmaZ-0005vi-00 + for SRS0=12a1=yg=the.local.host.name=CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +X-Failed-Recipients: remote_user@remote.ex +Auto-Submitted: auto-replied +From: Mail Delivery System +To: SRS0=12a1=yg=the.local.host.name=CALLER@test.ex +References: +Content-Type: multipart/report; report-type=delivery-status; boundary=NNNNNNNNNN-eximdsn-MMMMMMMMMM +MIME-Version: 1.0 +Subject: Mail delivery failed: returning message to sender +Message-Id: +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM +Content-type: text/plain; charset=us-ascii + +This message was created automatically by mail delivery software. + +A message that you sent could not be delivered to one or more of its +recipients. This is a permanent error. The following address(es) failed: + + remote_user@remote.ex + account disabled + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM +Content-type: message/delivery-status + +Reporting-MTA: dns; the.local.host.name + +Action: failed +Final-Recipient: rfc822;remote_user@remote.ex +Status: 5.0.0 + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM +Content-type: message/rfc822 + +Return-path: +Received: from localhost ([127.0.0.1] helo=the.local.host.name) + by the.local.host.name with esmtp (Exim x.yz) + (envelope-from ) + id 10HmaY-0005vi-00 + for remote_user@remote.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Received: from CALLER by the.local.host.name with local (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00 + for redirect@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +Message-Id: +From: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +Message body + +--NNNNNNNNNN-eximdsn-MMMMMMMMMM-- + diff --git a/test/scripts/4620-SRS/4620 b/test/scripts/4620-SRS/4620 new file mode 100644 index 000000000..4a126b8b9 --- /dev/null +++ b/test/scripts/4620-SRS/4620 @@ -0,0 +1,16 @@ +# SRS native implementation +# +exim -bd -DSERVER=server -oX 127.0.0.1:PORT_S +**** +# Inject a message; will be passed on to remote and queued there +exim -odi redirect@test.ex +Message body +**** +# Run the queue for the remote, will generate bounce which is queued +exim -q +**** +# Run the queue for the remote, will send bounce to origin +exim -q +**** +# +killdaemon diff --git a/test/scripts/4620-SRS/REQUIRES b/test/scripts/4620-SRS/REQUIRES new file mode 100644 index 000000000..7286713d6 --- /dev/null +++ b/test/scripts/4620-SRS/REQUIRES @@ -0,0 +1,2 @@ +support Experimental_SRS +feature _HAVE_NATIVE_SRS -- cgit v1.2.3 From 0d75f94545ea7bf93078f908b77c2b6cf57edc80 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 13 Oct 2019 20:23:07 +0100 Subject: Fix no-ssl build Broken-by: d85cdeb5e5 --- src/src/exim.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/src/exim.c b/src/src/exim.c index 1bd49a0d4..084fa8db2 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -4678,19 +4678,21 @@ if (f.daemon_listen || f.inetd_wait_mode || queue_interval > 0) "mua_wrapper is set"); } +# ifndef DISABLE_TLS /* This also checks that the library linkage is working and we can call routines in it, so call even if tls_require_ciphers is unset */ { -#ifdef MEASURE_TIMING +# ifdef MEASURE_TIMING struct timeval t0, diff; (void)gettimeofday(&t0, NULL); -#endif +# endif if (!tls_dropprivs_validate_require_cipher(FALSE)) exit(1); -#ifdef MEASURE_TIMING +# ifdef MEASURE_TIMING report_time_since(&t0, US"validate_ciphers (delta)"); -#endif +# endif } +#endif daemon_go(); } -- cgit v1.2.3 From fa53280ee478e5bfe652f45cff37fe1ba32a2ad5 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 13 Oct 2019 20:32:38 +0100 Subject: Testsuite: output changes resulting --- test/log/2020 | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/log/2020 b/test/log/2020 index b10c2af18..fbf9039a2 100644 --- a/test/log/2020 +++ b/test/log/2020 @@ -1,8 +1,4 @@ -1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one. - Suggested action: either install a certificate or change tls_advertise_hosts option 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@thishost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one. - Suggested action: either install a certificate or change tls_advertise_hosts option 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@thishost.test.ex R=abc T=t1 H=thishost.test.ex [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no DN="C=UK,O=Exim Developers,CN=thishost.test.ex" C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -- cgit v1.2.3 From 53618a4022d2e80ac72ee0b37b8a23eb2626e319 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 13 Oct 2019 20:41:39 +0100 Subject: Testsuite: munging for SRS testcase --- test/log/4620 | 6 +++--- test/mail/4620.CALLER | 8 ++++---- test/runtest | 5 +++++ 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/test/log/4620 b/test/log/4620 index 0a98c2712..5e4413a3e 100644 --- a/test/log/4620 +++ b/test/log/4620 @@ -3,14 +3,14 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 Start queue run: pid=pppp 1999-03-02 09:44:33 10HmaY-0005vi-00 ** remote_user@remote.ex R=remote_bouncer: account disabled -1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> R=10HmaY-0005vi-00 U=EXIMUSER P=local S=sss for SRS0=12a1=yg=the.local.host.name=CALLER@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= <> R=10HmaY-0005vi-00 U=EXIMUSER P=local S=sss for SRS0=ZZZZ=YY=the.local.host.name=CALLER@test.ex 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp 1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER R=local T=appendfile +1999-03-02 09:44:33 10HmaZ-0005vi-00 => CALLER R=local T=appendfile 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on [127.0.0.1]:PORT_S -1999-03-02 09:44:33 10HmaY-0005vi-00 <= SRS0=12a1=yg=the.local.host.name=CALLER@test.ex H=localhost (the.local.host.name) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@the.local.host.name for remote_user@remote.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 <= SRS0=ZZZZ=YY=the.local.host.name=CALLER@test.ex H=localhost (the.local.host.name) [127.0.0.1] P=esmtp S=sss id=E10HmaX-0005vi-00@the.local.host.name for remote_user@remote.ex diff --git a/test/mail/4620.CALLER b/test/mail/4620.CALLER index b0a1372da..8daaeed5f 100644 --- a/test/mail/4620.CALLER +++ b/test/mail/4620.CALLER @@ -1,11 +1,11 @@ From MAILER-DAEMON Tue Mar 02 09:44:33 1999 Received: from EXIMUSER by the.local.host.name with local (Exim x.yz) id 10HmaZ-0005vi-00 - for SRS0=12a1=yg=the.local.host.name=CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 + for SRS0=ZZZZ=YY=the.local.host.name=CALLER@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 X-Failed-Recipients: remote_user@remote.ex Auto-Submitted: auto-replied From: Mail Delivery System -To: SRS0=12a1=yg=the.local.host.name=CALLER@test.ex +To: SRS0=ZZZZ=YY=the.local.host.name=CALLER@test.ex References: Content-Type: multipart/report; report-type=delivery-status; boundary=NNNNNNNNNN-eximdsn-MMMMMMMMMM MIME-Version: 1.0 @@ -36,10 +36,10 @@ Status: 5.0.0 --NNNNNNNNNN-eximdsn-MMMMMMMMMM Content-type: message/rfc822 -Return-path: +Return-path: Received: from localhost ([127.0.0.1] helo=the.local.host.name) by the.local.host.name with esmtp (Exim x.yz) - (envelope-from ) + (envelope-from ) id 10HmaY-0005vi-00 for remote_user@remote.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from CALLER by the.local.host.name with local (Exim x.yz) diff --git a/test/runtest b/test/runtest index 6319f5b81..49ff84535 100755 --- a/test/runtest +++ b/test/runtest @@ -913,6 +913,11 @@ RESET_AFTER_EXTRA_LINE_READ: last if !defined $_; + # SRS timestamps and signatures vary by hostname and from run to run + + s/SRS0=....=..=[^=]+=[^@]+\@test.ex/SRS0=ZZZZ=YY=the.local.host.name=CALLER\@test.ex/; + + # ======== Output from the "fd" program about open descriptors ======== # The statuses seem to be different on different operating systems, but # at least we'll still be checking the number of open fd's. -- cgit v1.2.3 From 0b2719ad1b302f9bfb25d6c29b6541e7d8a392ef Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 19 Oct 2019 19:55:39 +0100 Subject: Fix HAVE_LOCAL_SCAN build. Bug 2457 Broken-by: f3ebb786e4 (cherry picked from commits d48326c00b, 1352e600b8) --- src/src/local_scan.h | 4 +++- src/src/string.c | 4 ++-- test/runtest | 4 ++++ 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/src/local_scan.h b/src/src/local_scan.h index 235812ada..fb878591e 100644 --- a/src/src/local_scan.h +++ b/src/src/local_scan.h @@ -199,10 +199,12 @@ we can use an inlined implementation in the compiles of the main Exim files, with the original name. */ # define string_copy(s) string_copy_function(s) -# define string_copyn(s, n) string_copyn_function(s, n) +# define string_copyn(s, n) string_copyn_function((s), (n)) +# define string_copy_taint(s, t) string_copy_taint_function((s), (t)) extern uschar * string_copy_function(const uschar *); extern uschar * string_copyn_function(const uschar *); +extern uschar * string_copy_taint_function(const uschar *); #endif /* End of local_scan.h */ diff --git a/src/src/string.c b/src/src/string.c index a95439651..ced1ad8c7 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -411,7 +411,7 @@ return ss; -#ifdef HAVE_LOCAL_SCAN +#if defined(HAVE_LOCAL_SCAN) && !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY) /************************************************* * Copy and save string * *************************************************/ @@ -432,7 +432,7 @@ As above, but explicitly specifying the result taint status */ uschar * -string_copy_taint(const uschar * s, BOOL tainted) +string_copy_taint_function(const uschar * s, BOOL tainted) { int len = Ustrlen(s) + 1; uschar *ss = store_get(len, tainted); diff --git a/test/runtest b/test/runtest index 49ff84535..c78cabf4b 100755 --- a/test/runtest +++ b/test/runtest @@ -1280,6 +1280,10 @@ RESET_AFTER_EXTRA_LINE_READ: # TLS resumption is not always supported by the build next if /in tls_resumption_hosts\?/; + # Most builds are without HAVE_LOCAL_SCAN + next if /^calling local_scan(); timeout=300$/; + next if /^local_scan() returned 0 NULL$/; + # Platform differences in errno strings s/ SMTP\(Operation timed out\)< Date: Sun, 20 Oct 2019 00:10:20 +0100 Subject: Build: include early-pipelining unless disabled --- doc/doc-txt/ChangeLog | 2 ++ src/src/config.h.defaults | 2 +- src/src/dbstuff.h | 2 +- src/src/deliver.c | 6 ++-- src/src/exim.c | 2 +- src/src/globals.c | 6 ++-- src/src/globals.h | 6 ++-- src/src/macro_predef.c | 2 +- src/src/readconf.c | 8 +++--- src/src/receive.c | 2 +- src/src/smtp_in.c | 18 ++++++------ src/src/smtp_out.c | 2 +- src/src/structs.h | 2 +- src/src/tls-openssl.c | 4 +-- src/src/transports/smtp.c | 72 +++++++++++++++++++++++------------------------ src/src/transports/smtp.h | 8 +++--- 16 files changed, 73 insertions(+), 71 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 9a27e144c..079b5a1ee 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -12,6 +12,8 @@ JH/01 Avoid costly startup code when not strictly needed. This reduces time for some exim process initialisations. It does mean that the logging of TLS configuration problems is only done for the daemon startup. +JH/02 Early-pipelining support code is now included unless disabled in Makefile. + Exim version 4.93 ----------------- diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index 84837d527..223e2d645 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -50,6 +50,7 @@ Do not put spaces between # and the 'define'. #define DISABLE_DKIM #define DISABLE_EVENT #define DISABLE_OCSP +#define DISABLE_PIPE_CONNECT #define DISABLE_PRDR #define DISABLE_TLS #define DISABLE_D_OPTION @@ -151,7 +152,6 @@ Do not put spaces between # and the 'define'. #define SUPPORT_MAILSTORE #define SUPPORT_MBX #define SUPPORT_MOVE_FROZEN_MESSAGES -#define SUPPORT_PIPE_CONNECT #define SUPPORT_PAM #define SUPPORT_PROXY #define SUPPORT_SOCKS diff --git a/src/src/dbstuff.h b/src/src/dbstuff.h index b7889bd8e..bf5fa3f6e 100644 --- a/src/src/dbstuff.h +++ b/src/src/dbstuff.h @@ -786,7 +786,7 @@ typedef struct { uschar bloom[40]; /* Bloom filter which may be larger than this */ } dbdata_ratelimit_unique; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* This structure records the EHLO responses, cleartext and crypted, for an IP, as bitmasks (cf. OPTION_TLS) */ diff --git a/src/src/deliver.c b/src/src/deliver.c index 5fc748141..b89671c57 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -1221,7 +1221,7 @@ else { if (testflag(addr, af_pipelining)) g = string_catn(g, US" L", 2); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (testflag(addr, af_early_pipe)) g = string_catn(g, US"*", 1); #endif @@ -3533,7 +3533,7 @@ while (!done) case 'L': switch (*subid) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case 2: setflag(addr, af_early_pipe); /*FALLTHROUGH*/ #endif case 1: setflag(addr, af_pipelining); break; @@ -4840,7 +4840,7 @@ all pipes, so I do not see a reason to use non-blocking IO here #endif if (testflag(addr, af_pipelining)) -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (testflag(addr, af_early_pipe)) rmt_dlv_checked_write(fd, 'L', '2', NULL, 0); else diff --git a/src/src/exim.c b/src/src/exim.c index 084fa8db2..d6952ef2e 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -901,7 +901,7 @@ fprintf(fp, "Support for:"); #ifndef DISABLE_OCSP fprintf(fp, " OCSP"); #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fprintf(fp, " PIPE_CONNECT"); #endif #ifndef DISABLE_PRDR diff --git a/src/src/globals.c b/src/src/globals.c index 3540a9eba..87ff2e65f 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -298,7 +298,7 @@ struct global_flags f = .sender_name_forced = FALSE, .sender_set_untrusted = FALSE, .smtp_authenticated = FALSE, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT .smtp_in_early_pipe_advertised = FALSE, .smtp_in_early_pipe_no_auth = FALSE, .smtp_in_early_pipe_used = FALSE, @@ -1168,7 +1168,7 @@ uschar *override_pid_file_path = NULL; uschar *percent_hack_domains = NULL; uschar *pid_file_path = US PID_FILE_PATH "\0<--------------Space to patch pid_file_path->"; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT uschar *pipe_connect_advertise_hosts = US"*"; #endif uschar *pipelining_advertise_hosts = US"*"; @@ -1258,7 +1258,7 @@ const pcre *regex_From = NULL; const pcre *regex_IGNOREQUOTA = NULL; const pcre *regex_PIPELINING = NULL; const pcre *regex_SIZE = NULL; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT const pcre *regex_EARLY_PIPE = NULL; #endif const pcre *regex_ismsgid = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index ffc633f60..ee89fd1f5 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -258,7 +258,7 @@ extern struct global_flags { BOOL sender_name_forced :1; /* Set by -F */ BOOL sender_set_untrusted :1; /* Sender set by untrusted caller */ BOOL smtp_authenticated :1; /* Sending client has authenticated */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL smtp_in_early_pipe_advertised :1; /* server advertised PIPE_CONNECT */ BOOL smtp_in_early_pipe_no_auth :1; /* too many authenticator names */ BOOL smtp_in_early_pipe_used :1; /* client did send early data */ @@ -750,7 +750,7 @@ extern uschar *override_pid_file_path; /* Value of -oP argument */ extern uschar *percent_hack_domains; /* Local domains for which '% operates */ extern uschar *pid_file_path; /* For writing daemon pids */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT extern uschar *pipe_connect_advertise_hosts; /* for banner/EHLO pipelining */ #endif extern uschar *pipelining_advertise_hosts; /* As it says */ @@ -833,7 +833,7 @@ extern const pcre *regex_CHUNKING; /* For recognizing CHUNKING (RFC 3030) */ extern const pcre *regex_IGNOREQUOTA; /* For recognizing IGNOREQUOTA (LMTP) */ extern const pcre *regex_PIPELINING; /* For recognizing PIPELINING */ extern const pcre *regex_SIZE; /* For recognizing SIZE settings */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT extern const pcre *regex_EARLY_PIPE; /* For recognizing PIPE_CONNCT */ #endif extern const pcre *regex_ismsgid; /* Compiled r.e. for message it */ diff --git a/src/src/macro_predef.c b/src/src/macro_predef.c index e20ae89fe..383b0b38c 100644 --- a/src/src/macro_predef.c +++ b/src/src/macro_predef.c @@ -161,7 +161,7 @@ due to conflicts with other common macros. */ #ifndef DISABLE_OCSP builtin_macro_create(US"_HAVE_OCSP"); #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT builtin_macro_create(US"_HAVE_PIPE_CONNECT"); #endif #ifndef DISABLE_PRDR diff --git a/src/src/readconf.c b/src/src/readconf.c index daa88d010..713a1a9ef 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -244,7 +244,7 @@ static optionlist optionlist_config[] = { #endif { "pid_file_path", opt_stringptr, &pid_file_path }, { "pipelining_advertise_hosts", opt_stringptr, &pipelining_advertise_hosts }, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT { "pipelining_connect_advertise_hosts", opt_stringptr, &pipe_connect_advertise_hosts }, #endif @@ -4156,7 +4156,7 @@ Returns: nothing static void auths_init(void) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT int nauths = 0; #endif @@ -4182,11 +4182,11 @@ for (auth_instance * au = auths; au; au = au->next) "(%s and %s) have the same public name (%s)", au->client ? US"client" : US"server", au->name, bu->name, au->public_name); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT nauths++; #endif } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT f.smtp_in_early_pipe_no_auth = nauths > 16; #endif } diff --git a/src/src/receive.c b/src/src/receive.c index 31e3f7cbb..83613092f 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -1343,7 +1343,7 @@ if (received_protocol) if (LOGGING(pipelining) && f.smtp_in_pipelining_advertised) { g = string_catn(g, US" L", 2); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (f.smtp_in_early_pipe_used) g = string_catn(g, US"*", 1); else if (f.smtp_in_early_pipe_advertised) diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 671798641..bd29d2c1f 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -142,7 +142,7 @@ static struct { BOOL helo_verify :1; BOOL helo_seen :1; BOOL helo_accept_junk :1; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL pipe_connect_acceptable :1; #endif BOOL rcpt_smtp_response_same :1; @@ -397,7 +397,7 @@ return TRUE; } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT static BOOL pipeline_connect_sends(void) { @@ -2992,7 +2992,7 @@ while (*p); /* Before we write the banner, check that there is no input pending, unless this synchronisation check is disabled. */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable = sender_host_address && verify_check_host(&pipe_connect_advertise_hosts) == OK; @@ -3019,7 +3019,7 @@ if (!check_sync()) /*XXX the ehlo-resp code does its own tls/nontls bit. Maybe subroutine that? */ smtp_printf("%s", -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable && pipeline_connect_sends(), #else FALSE, @@ -3970,7 +3970,7 @@ while (done <= 0) #endif switch(smtp_read_command( -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT !fl.pipe_connect_acceptable, #else TRUE, @@ -4206,7 +4206,7 @@ while (done <= 0) host_build_sender_fullhost(); /* Rebuild */ break; } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT else if (!fl.pipe_connect_acceptable && !check_sync()) #else else if (!check_sync()) @@ -4339,7 +4339,7 @@ while (done <= 0) sync_cmd_limit = NON_SYNC_CMD_PIPELINING; f.smtp_in_pipelining_advertised = TRUE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (fl.pipe_connect_acceptable) { f.smtp_in_early_pipe_advertised = TRUE; @@ -4457,7 +4457,7 @@ while (done <= 0) #ifndef DISABLE_TLS if (tls_in.active.sock >= 0) (void)tls_write(NULL, g->s, g->ptr, -# ifdef SUPPORT_PIPE_CONNECT +# ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable && pipeline_connect_sends()); # else FALSE); @@ -5235,7 +5235,7 @@ while (done <= 0) f.dot_ends = TRUE; DATA_BDAT: /* Common code for DATA and BDAT */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT fl.pipe_connect_acceptable = FALSE; #endif if (!discarded && recipients_count <= 0) diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c index ece79de10..07cc9b762 100644 --- a/src/src/smtp_out.c +++ b/src/src/smtp_out.c @@ -717,7 +717,7 @@ time_t timelimit = time(NULL) + timeout; errno = 0; /* Ensure errno starts out zero */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->pending_BANNER || sx->pending_EHLO) { int rc; diff --git a/src/src/structs.h b/src/src/structs.h index 338dccbf1..6662e6458 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -625,7 +625,7 @@ typedef struct address_item { BOOL af_tcp_fastopen:1; /* delivery usefully used TCP Fast Open */ BOOL af_tcp_fastopen_data:1; /* delivery sent SMTP commands on TCP Fast Open */ BOOL af_pipelining:1; /* delivery used (traditional) pipelining */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL af_early_pipe:1; /* delivery used connect-time pipelining */ #endif #ifndef DISABLE_PRDR diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 8e1f559af..c5e1abfe9 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -3517,14 +3517,14 @@ a store reset there, so use POOL_PERM. */ if ((more || corked)) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT int save_pool = store_pool; store_pool = POOL_PERM; #endif corked = string_catn(corked, buff, len); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT store_pool = save_pool; #endif diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index b45da05ad..b16b8b110 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -110,7 +110,7 @@ optionlist smtp_transport_options[] = { #endif { "hosts_override", opt_bool, (void *)offsetof(smtp_transport_options_block, hosts_override) }, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT { "hosts_pipe_connect", opt_stringptr, (void *)offsetof(smtp_transport_options_block, hosts_pipe_connect) }, #endif @@ -260,7 +260,7 @@ smtp_transport_options_block smtp_transport_option_defaults = { .hosts_avoid_tls = NULL, .hosts_verify_avoid_tls = NULL, .hosts_avoid_pipelining = NULL, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT .hosts_pipe_connect = NULL, #endif .hosts_avoid_esmtp = NULL, @@ -395,7 +395,7 @@ if (!regex_DSN) regex_DSN = if (!regex_IGNOREQUOTA) regex_IGNOREQUOTA = regex_must_compile(US"\\n250[\\s\\-]IGNOREQUOTA(\\s|\\n|$)", FALSE, TRUE); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!regex_EARLY_PIPE) regex_EARLY_PIPE = regex_must_compile(US"\\n250[\\s\\-]" EARLY_PIPE_FEATURE_NAME "(\\s|\\n|$)", FALSE, TRUE); #endif @@ -868,7 +868,7 @@ return TRUE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT static uschar * ehlo_cache_key(const smtp_context * sx) { @@ -1134,7 +1134,7 @@ address_item * addr = sx->sync_addr; smtp_transport_options_block * ob = sx->conn_args.ob; int yield = 0; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT int rc; if ((rc = smtp_reap_early_pipe(sx, &count)) != OK) return rc == FAIL ? -4 : -5; @@ -1456,7 +1456,7 @@ smtp_auth(smtp_context * sx) host_item * host = sx->conn_args.host; /* host to deliver to */ smtp_transport_options_block * ob = sx->conn_args.ob; /* transport options */ int require_auth = verify_check_given_host(CUSS &ob->hosts_require_auth, host); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT unsigned short authbits = tls_out.active.sock >= 0 ? sx->ehlo_resp.crypted_auths : sx->ehlo_resp.cleartext_auths; #endif @@ -1472,7 +1472,7 @@ if (!regex_AUTH) if ( sx->esmtp && -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active ? authbits : #endif @@ -1482,7 +1482,7 @@ if ( sx->esmtp uschar * names = NULL; expand_nmax = -1; /* reset */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif names = string_copyn(expand_nstring[1], expand_nlength[1]); @@ -1496,7 +1496,7 @@ if ( sx->esmtp DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n"); fail_reason = US"no common mechanisms were found"; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { /* Scan our authenticators (which support use by a client and were offered @@ -1853,7 +1853,7 @@ if ( checks & OPTION_SIZE && pcre_exec(regex_SIZE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) checks &= ~OPTION_SIZE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if ( checks & OPTION_EARLY_PIPE && pcre_exec(regex_EARLY_PIPE, NULL, CS buf, bsize, 0, PCRE_EOPT, NULL, 0) < 0) @@ -1900,7 +1900,7 @@ there may be more writes (like, the chunk data) done soon. */ if (chunk_size > 0) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL new_conn = !!(sx->outblock.conn_args); #endif if((cmd_count = smtp_write_command(sx, @@ -1909,7 +1909,7 @@ if (chunk_size > 0) ) < 0) return ERROR; if (flags & tc_chunk_last) data_command = string_copy(big_buffer); /* Save for later error message */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* That command write could have been the one that made the connection. Copy the fd from the client conn ctx (smtp transport specific) to the generic transport ctx. */ @@ -1942,7 +1942,7 @@ if (flags & tc_reap_prev && prev_cmd_count > 0) case -5: errno = ERRNO_TLSFAILURE; return DEFER; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -4: /* non-2xx for pipelined banner or EHLO */ #endif case -1: /* Timeout on RCPT */ @@ -2035,7 +2035,7 @@ sx->conn_args.dane = FALSE; sx->dane_required = verify_check_given_host(CUSS &ob->hosts_require_dane, sx->conn_args.host) == OK; #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active = sx->early_pipe_ok = FALSE; sx->ehlo_resp.cleartext_features = sx->ehlo_resp.crypted_features = 0; sx->pending_BANNER = sx->pending_EHLO = FALSE; @@ -2164,7 +2164,7 @@ if (!continue_hostname) sx->inblock.cctx = sx->outblock.cctx = &sx->cctx; sx->avoid_option = sx->peer_offered = smtp_peer_options = 0; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if ( verify_check_given_host(CUSS &ob->hosts_pipe_connect, sx->conn_args.host) == OK) @@ -2239,7 +2239,7 @@ will be? Somehow I doubt it. */ if (!sx->smtps) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { sx->pending_BANNER = TRUE; /* sync_responses() must eventually handle */ @@ -2340,7 +2340,7 @@ goto SEND_QUIT; if (sx->esmtp) { if (smtp_write_command(sx, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active ? SCMD_BUFFER : #endif SCMD_FLUSH, @@ -2348,7 +2348,7 @@ goto SEND_QUIT; goto SEND_FAILED; sx->esmtp_sent = TRUE; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { sx->pending_EHLO = TRUE; @@ -2381,7 +2381,7 @@ goto SEND_QUIT; DEBUG(D_transport) debug_printf("not sending EHLO (host matches hosts_avoid_esmtp)\n"); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif if (!sx->esmtp) @@ -2416,13 +2416,13 @@ goto SEND_QUIT; if (sx->esmtp || sx->lmtp) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif { sx->peer_offered = ehlo_response(sx->buffer, OPTION_TLS /* others checked later */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT | (sx->early_pipe_ok ? OPTION_IGNQ | OPTION_CHUNKING | OPTION_PRDR | OPTION_DSN | OPTION_PIPE | OPTION_SIZE @@ -2434,7 +2434,7 @@ goto SEND_QUIT; ) #endif ); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_ok) { sx->ehlo_resp.cleartext_features = sx->peer_offered; @@ -2527,7 +2527,7 @@ if ( smtp_peer_options & OPTION_TLS if (smtp_write_command(sx, SCMD_FLUSH, "STARTTLS\r\n") < 0) goto SEND_FAILED; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* If doing early-pipelining reap the banner and EHLO-response but leave the response for the STARTTLS we just sent alone. */ @@ -2631,7 +2631,7 @@ if (tls_out.active.sock >= 0) goto SEND_QUIT; } -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* For SMTPS there is no cleartext early-pipe; use the crypted permission bit. We're unlikely to get the group sent and delivered before the server sends its banner, but it's still worth sending as a group. @@ -2649,7 +2649,7 @@ if (tls_out.active.sock >= 0) /* For SMTPS we need to wait for the initial OK response. */ if (sx->smtps) -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) { sx->pending_BANNER = TRUE; @@ -2672,14 +2672,14 @@ if (tls_out.active.sock >= 0) } if (smtp_write_command(sx, -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT sx->early_pipe_active ? SCMD_BUFFER : #endif SCMD_FLUSH, "%s %s\r\n", greeting_cmd, sx->helo_data) < 0) goto SEND_FAILED; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx->early_pipe_active) sx->pending_EHLO = TRUE; else @@ -2744,13 +2744,13 @@ if (continue_hostname == NULL { if (sx->esmtp || sx->lmtp) { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (!sx->early_pipe_active) #endif { sx->peer_offered = ehlo_response(sx->buffer, 0 /* no TLS */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT | (sx->lmtp && ob->lmtp_ignore_quota ? OPTION_IGNQ : 0) | OPTION_DSN | OPTION_PIPE | OPTION_SIZE | OPTION_CHUNKING | OPTION_PRDR | OPTION_UTF8 @@ -2771,7 +2771,7 @@ if (continue_hostname == NULL | (ob->size_addition >= 0 ? OPTION_SIZE : 0) #endif ); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (tls_out.active.sock >= 0) sx->ehlo_resp.crypted_features = sx->peer_offered; #endif @@ -2819,7 +2819,7 @@ if (continue_hostname == NULL DEBUG(D_transport) debug_printf("%susing DSN\n", sx->peer_offered & OPTION_DSN ? "" : "not "); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if ( sx->early_pipe_ok && !sx->early_pipe_active && tls_out.active.sock >= 0 @@ -3335,7 +3335,7 @@ for (addr = sx->first_addr, address_count = 0; case -2: return -2; /* non-MAIL read i/o error */ default: return -1; /* any MAIL error */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -4: return -1; /* non-2xx for pipelined banner or EHLO */ case -5: return -1; /* TLS first-read error */ #endif @@ -3669,7 +3669,7 @@ if ( !(sx.peer_offered & OPTION_CHUNKING) case -1: goto END_OFF; /* Timeout on RCPT */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -5: /* TLS first-read error */ case -4: HDEBUG(D_transport) debug_printf("failed reaping pipelined cmd responses\n"); @@ -3824,7 +3824,7 @@ else case -1: goto END_OFF; /* Timeout on RCPT */ -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT case -5: /* TLS first-read error */ case -4: HDEBUG(D_transport) debug_printf("failed reaping pipelined cmd responses\n"); @@ -3976,7 +3976,7 @@ else if (tcp_out_fastopen >= TFO_USED_DATA) setflag(addr, af_tcp_fastopen_data); } if (sx.pipelining_used) setflag(addr, af_pipelining); -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT if (sx.early_pipe_active) setflag(addr, af_early_pipe); #endif #ifndef DISABLE_PRDR @@ -4178,7 +4178,7 @@ if (!sx.ok) else { -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT /* If we were early-pipelinng and the actual EHLO response did not match the cached value we assumed, we could have detected it and passed a custom errno through to here. It would be nice to RSET and retry right diff --git a/src/src/transports/smtp.h b/src/src/transports/smtp.h index ac5620971..8ea844b38 100644 --- a/src/src/transports/smtp.h +++ b/src/src/transports/smtp.h @@ -46,7 +46,7 @@ typedef struct { uschar *hosts_avoid_tls; uschar *hosts_verify_avoid_tls; uschar *hosts_avoid_pipelining; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT uschar *hosts_pipe_connect; #endif uschar *hosts_avoid_esmtp; @@ -121,7 +121,7 @@ typedef struct { BOOL smtps:1; BOOL ok:1; BOOL setting_up:1; -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL early_pipe_ok:1; BOOL early_pipe_active:1; #endif @@ -138,7 +138,7 @@ typedef struct { #if !defined(DISABLE_TLS) && defined(SUPPORT_DANE) BOOL dane_required:1; #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT BOOL pending_BANNER:1; BOOL pending_EHLO:1; #endif @@ -160,7 +160,7 @@ typedef struct { uschar * smtp_greeting; uschar * helo_response; #endif -#ifdef SUPPORT_PIPE_CONNECT +#ifndef DISABLE_PIPE_CONNECT ehlo_resp_precis ehlo_resp; #endif -- cgit v1.2.3 From a43b19ef3a58c547f76f42da0128dd33c7b51a4e Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 22 Oct 2019 13:19:51 +0100 Subject: Testsuite: munge for WITH_LOCAL_SCAN --- test/runtest | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/runtest b/test/runtest index c78cabf4b..df73c4926 100755 --- a/test/runtest +++ b/test/runtest @@ -1281,8 +1281,8 @@ RESET_AFTER_EXTRA_LINE_READ: next if /in tls_resumption_hosts\?/; # Most builds are without HAVE_LOCAL_SCAN - next if /^calling local_scan(); timeout=300$/; - next if /^local_scan() returned 0 NULL$/; + next if /^calling local_scan\(\); timeout=300$/; + next if /^local_scan\(\) returned 0 NULL$/; # Platform differences in errno strings s/ SMTP\(Operation timed out\)< Date: Tue, 22 Oct 2019 13:24:47 +0100 Subject: Testsuite: munge for WITH_LOCAL_SCAN --- test/runtest | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/runtest b/test/runtest index df73c4926..9f6569128 100755 --- a/test/runtest +++ b/test/runtest @@ -758,6 +758,10 @@ RESET_AFTER_EXTRA_LINE_READ: s/waiting for children of \d+/waiting for children of pppp/; s/waiting for (\S+) \(\d+\)/waiting for $1 (pppp)/; + # Most builds are without HAVE_LOCAL_SCAN + next if /^calling local_scan\(\); timeout=300$/; + next if /^local_scan\(\) returned 0 NULL$/; + # ======== Port numbers ======== # Incoming port numbers may vary, but not in daemon startup line. @@ -1280,10 +1284,6 @@ RESET_AFTER_EXTRA_LINE_READ: # TLS resumption is not always supported by the build next if /in tls_resumption_hosts\?/; - # Most builds are without HAVE_LOCAL_SCAN - next if /^calling local_scan\(\); timeout=300$/; - next if /^local_scan\(\) returned 0 NULL$/; - # Platform differences in errno strings s/ SMTP\(Operation timed out\)< Date: Wed, 23 Oct 2019 13:27:06 +0100 Subject: DKIM: disallow default acceptance of sha1 for verify --- doc/doc-docbook/spec.xfpt | 13 +++++++++---- doc/doc-txt/ChangeLog | 4 ++++ src/src/globals.c | 2 +- test/confs/4500 | 1 + test/stderr/4507 | 8 ++++---- 5 files changed, 19 insertions(+), 9 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index bb19e3915..c8b999c9f 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -15113,15 +15113,20 @@ to handle IPv6 literal addresses. .new -.option dkim_verify_hashes main "string list" "sha256 : sha512 : sha1" +.option dkim_verify_hashes main "string list" "sha256 : sha512" .cindex DKIM "selecting signature algorithms" This option gives a list of hash types which are acceptable in signatures, and an order of processing. Signatures with algorithms not in the list will be ignored. -Note that the presence of sha1 violates RFC 8301. -Signatures using the rsa-sha1 are however (as of writing) still common. -The default inclusion of sha1 may be dropped in a future release. +Acceptable values include: +.code +sha1 +sha256 +sha512 +.endd + +Note that the acceptance of sha1 violates RFC 8301. .option dkim_verify_keytypes main "string list" "ed25519 : rsa" This option gives a list of key types which are acceptable in signatures, diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 079b5a1ee..45d126ccd 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -14,6 +14,10 @@ JH/01 Avoid costly startup code when not strictly needed. This reduces time JH/02 Early-pipelining support code is now included unless disabled in Makefile. +JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to + RFC 8301. They can still be enabled, using the dkim_verify_hashes main + option. + Exim version 4.93 ----------------- diff --git a/src/src/globals.c b/src/src/globals.c index 87ff2e65f..b874c4669 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -831,7 +831,7 @@ void *dkim_signatures = NULL; uschar *dkim_signers = NULL; uschar *dkim_signing_domain = NULL; uschar *dkim_signing_selector = NULL; -uschar *dkim_verify_hashes = US"sha256:sha512:sha1"; +uschar *dkim_verify_hashes = US"sha256:sha512"; uschar *dkim_verify_keytypes = US"ed25519:rsa"; BOOL dkim_verify_minimal = FALSE; uschar *dkim_verify_overall = NULL; diff --git a/test/confs/4500 b/test/confs/4500 index 502de4a19..c7335327e 100644 --- a/test/confs/4500 +++ b/test/confs/4500 @@ -13,6 +13,7 @@ acl_smtp_dkim = check_dkim acl_smtp_data = check_data log_selector = +dkim_verbose +dkim_verify_hashes = sha256 : sha512 : sha1 queue_only queue_run_in_order diff --git a/test/stderr/4507 b/test/stderr/4507 index 48d4d9fa9..1c45d0955 100644 --- a/test/stderr/4507 +++ b/test/stderr/4507 @@ -9,22 +9,22 @@ >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) >>> xxx in helo_lookup_domains? no (end of list) ->>> processing "accept" (TESTSUITE/test-config 43) +>>> processing "accept" (TESTSUITE/test-config 44) >>> accept: condition test succeeded in inline ACL >>> end of inline ACL: ACCEPT >>> host in ignore_fromline_hosts? no (option unset) >>> using ACL "check_dkim" ->>> processing "warn" (TESTSUITE/test-config 34) +>>> processing "warn" (TESTSUITE/test-config 35) >>> check logwrite = signer: $dkim_cur_signer bits: $dkim_key_length >>> = signer: test.ex bits: 1024 LOG: 10HmaX-0005vi-00 signer: test.ex bits: 1024 >>> warn: condition test succeeded in ACL "check_dkim" ->>> processing "accept" (TESTSUITE/test-config 37) +>>> processing "accept" (TESTSUITE/test-config 38) >>> accept: condition test succeeded in ACL "check_dkim" >>> end of ACL "check_dkim": ACCEPT LOG: 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=1024 [verification succeeded] >>> using ACL "check_data" ->>> processing "accept" (TESTSUITE/test-config 41) +>>> processing "accept" (TESTSUITE/test-config 42) >>> check logwrite = ${authresults {$primary_hostname}} >>> = Authentication-Results: myhost.test.ex; >>> dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha1 -- cgit v1.2.3 From 179ed8c31eb8c7f767ec0ef5e2856066d366515f Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 5 Nov 2019 21:13:41 +0000 Subject: DKIM/CHUNKING: support CHUNKING when a transport_filter is used, if DKIM signing is being done --- doc/doc-docbook/spec.xfpt | 3 ++ doc/doc-txt/ChangeLog | 4 ++ src/src/transports/smtp.c | 5 ++ test/aux-fixed/4525.mlistfooter | 4 ++ test/confs/4525 | 113 ++++++++++++++++++++++++++++++++++++++++ test/log/4525 | 48 +++++++++++++++++ test/mail/4525.a | 22 ++++++++ test/mail/4525.b | 52 ++++++++++++++++++ test/mail/4525.c | 52 ++++++++++++++++++ test/scripts/4500-DKIM/4525 | 54 +++++++++++++++++++ 10 files changed, 357 insertions(+) create mode 100644 test/aux-fixed/4525.mlistfooter create mode 100644 test/confs/4525 create mode 100644 test/log/4525 create mode 100644 test/mail/4525.a create mode 100644 test/mail/4525.b create mode 100644 test/mail/4525.c create mode 100644 test/scripts/4500-DKIM/4525 diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index c8b999c9f..62109e915 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -24897,6 +24897,9 @@ unauthenticated. See also &%hosts_require_auth%&, and chapter .cindex "RFC 3030" "CHUNKING" This option provides a list of servers to which, provided they announce CHUNKING support, Exim will attempt to use BDAT commands rather than DATA. +.new +Unless DKIM signing is being done, +.wen BDAT will not be used in conjunction with a transport filter. .option hosts_try_dane smtp "host list&!!" * diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 45d126ccd..f9e39d2dc 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -18,6 +18,10 @@ JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to RFC 8301. They can still be enabled, using the dkim_verify_hashes main option. +JH/04 Support CHUNKING from an smtp transport using a transport_filter, when + DKIM signing is being done. Previously a transport_filter would always + disable CHUNKING, falling back to traditional DATA. + Exim version 4.93 ----------------- diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index b16b8b110..383d202b9 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -3571,6 +3571,11 @@ if (tblock->filter_command) && *transport_filter_argv && **transport_filter_argv && sx.peer_offered & OPTION_CHUNKING +#ifndef DISABLE_DKIM + /* When dkim signing, chunking is handled even with a transport-filter */ + && !(ob->dkim.dkim_private_key && ob->dkim.dkim_domain && ob->dkim.dkim_selector) + && !ob->dkim.force_bodyhash +#endif ) { sx.peer_offered &= ~OPTION_CHUNKING; diff --git a/test/aux-fixed/4525.mlistfooter b/test/aux-fixed/4525.mlistfooter new file mode 100644 index 000000000..7c33b8233 --- /dev/null +++ b/test/aux-fixed/4525.mlistfooter @@ -0,0 +1,4 @@ + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- diff --git a/test/confs/4525 b/test/confs/4525 new file mode 100644 index 000000000..3a843b99e --- /dev/null +++ b/test/confs/4525 @@ -0,0 +1,113 @@ +# Exim test configuration 4525 + +SERVER= +OPT= +FAKE = + +keep_environment = PATH:EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK +add_environment = SSLKEYLOGFILE=/home/jgh/git/exim/test/spool/sslkeys +exim_path = EXIM_PATH +host_lookup_order = bydns +spool_directory = /home/jgh/git/exim/test/spool + +.ifdef SERVER +log_file_path = /home/jgh/git/exim/test/spool/log/SERVER%slog +.else +log_file_path = /home/jgh/git/exim/test/spool/log/%slog +.endif + +gecos_pattern = "" +gecos_name = CALLER_NAME +dns_cname_loops = 9 +chunking_advertise_hosts = * + +.ifdef _HAVE_REQTLS +tls_advertise_requiretls = +.endif +.ifdef _HAVE_PIPE_CONNECT +pipelining_connect_advertise_hosts = : +.endif +.ifdef _HAVE_DMARC +dmarc_tld_file = +.endif +tls_advertise_hosts = + +primary_hostname = myhost.test.ex + +# ----- Main settings ----- + +acl_smtp_rcpt = accept logwrite = rcpt acl: macro: _DKIM_SIGN_HEADERS +acl_smtp_dkim = accept logwrite = dkim_acl: signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames +acl_smtp_data = accept logwrite = data acl: dkim status $dkim_verify_status + +dkim_verify_signers = $dkim_signers + +DDIR=DIR/aux-fixed/dkim + +log_selector = +received_recipients + + +# ----- Routers + +begin routers + +server_store: + driver = accept + condition = ${if eq {SERVER}{server}{yes}{no}} + transport = file + +client: + driver = accept + transport = send_to_server + +# ----- Transports + +begin transports + +send_to_server: + driver = smtp + allow_localhost + hosts = HOSTIPV4 + port = PORT_D + +.ifdef FILTER + transport_filter = /bin/cat - DIR/aux-fixed/TESTNUM.mlistfooter +.endif +.ifndef ALLOW + hosts_try_chunking = : +.endif + + dkim_domain = test.ex +.ifdef SELECTOR + dkim_selector = SELECTOR +.else + dkim_selector = sel +.endif + + dkim_private_key = ${extract {${length_3:$dkim_selector}} {\ + ses=dkim512.private \ + sel=dkim.private \ + sed=dkim_ed25519.private \ + }{DDIR/$value}} + +.ifndef HEADERS_MAXSIZE + dkim_sign_headers = OPT +.else + dkim_identity = allheaders@$dkim_domain +.endif +.ifdef VALUE + dkim_hash = VALUE +.endif +.ifdef STRICT + dkim_strict = STRICT +.endif +.ifdef TIMES + dkim_timestamps = TIMES +.endif + +file: + driver = appendfile + file = DIR/test-mail/$local_part + user = CALLER + +# End diff --git a/test/log/4525 b/test/log/4525 new file mode 100644 index 000000000..f4b7496d5 --- /dev/null +++ b/test/log/4525 @@ -0,0 +1,48 @@ +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for a@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for b@test.ex +1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbA-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for c@test.ex +1999-03-02 09:44:33 10HmbB-0005vi-00 => c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] K C="250- 7nn byte chunk, total 7nn\\n250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for b@test.ex +1999-03-02 09:44:33 10HmbD-0005vi-00 => b@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbE-0005vi-00" +1999-03-02 09:44:33 10HmbD-0005vi-00 Completed +1999-03-02 09:44:33 10HmbF-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss for c@test.ex +1999-03-02 09:44:33 10HmbF-0005vi-00 => c@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] K C="250- 7nn byte chunk, total 7nn\\n250 OK id=10HmbG-0005vi-00" +1999-03-02 09:44:33 10HmbF-0005vi-00 Completed + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmaY-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmaY-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss DKIM=test.ex id=E10HmaX-0005vi-00@myhost.test.ex for a@test.ex +1999-03-02 09:44:33 10HmaY-0005vi-00 => a R=server_store T=file +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbA-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbA-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss DKIM=test.ex id=E10HmaZ-0005vi-00@myhost.test.ex for b@test.ex +1999-03-02 09:44:33 10HmbA-0005vi-00 => b R=server_store T=file +1999-03-02 09:44:33 10HmbA-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbC-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbC-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp K S=sss DKIM=test.ex id=E10HmbB-0005vi-00@myhost.test.ex for c@test.ex +1999-03-02 09:44:33 10HmbC-0005vi-00 => c R=server_store T=file +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbE-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbE-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmbE-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss DKIM=test.ex id=E10HmbD-0005vi-00@myhost.test.ex for b@test.ex +1999-03-02 09:44:33 10HmbE-0005vi-00 => b R=server_store T=file +1999-03-02 09:44:33 10HmbE-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbG-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbG-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmbG-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp K S=sss DKIM=test.ex id=E10HmbF-0005vi-00@myhost.test.ex for c@test.ex +1999-03-02 09:44:33 10HmbG-0005vi-00 => c R=server_store T=file +1999-03-02 09:44:33 10HmbG-0005vi-00 Completed diff --git a/test/mail/4525.a b/test/mail/4525.a new file mode 100644 index 000000000..2f78aec6e --- /dev/null +++ b/test/mail/4525.a @@ -0,0 +1,22 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from ) + id 10HmaY-0005vi-00 + for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=/Ab0giHZitYQbDhFszoqQRUkgqueaX9zatJttIU/plc=; b=toy5chxow6W + 7Nn3qMvjZs+i0H00bQfi+6nakV6i36cRrZM/oWziHrc5IfYZuQunWNUA9UHnatK35Nsl7ZJRBU4em + wtzdO60jXnH7ZVyYjKxqTow9uCuuBKCgXdKxt1hpEfY0m7uUKt9OaqA0464NH5wEC4o/pt1aReidE + hvI6IY=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaX-0005vi-00 + for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: +Sender: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + diff --git a/test/mail/4525.b b/test/mail/4525.b new file mode 100644 index 000000000..6cd2538e0 --- /dev/null +++ b/test/mail/4525.b @@ -0,0 +1,52 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from ) + id 10HmbA-0005vi-00 + for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL + wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM + ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL + ygZGjs=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmaZ-0005vi-00 + for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: +Sender: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- + +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from ) + id 10HmbE-0005vi-00 + for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL + wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM + ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL + ygZGjs=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmbD-0005vi-00 + for b@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: +Sender: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- + diff --git a/test/mail/4525.c b/test/mail/4525.c new file mode 100644 index 000000000..1032c0d83 --- /dev/null +++ b/test/mail/4525.c @@ -0,0 +1,52 @@ +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from ) + id 10HmbC-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL + wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM + ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL + ygZGjs=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmbB-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: +Sender: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- + +From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 +Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) + by myhost.test.ex with esmtp (Exim x.yz) + (envelope-from ) + id 10HmbG-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=test.ex; + s=sel; h=From; bh=bzHKix52TV0ojCi2kd18gmIw/tcd5TnhO3QM+89xwyk=; b=LcQAFwKN9DL + wCbK0mcUtjmEoLaNUjwHmVrilQI1nBWJDoDUzpUl96U8YzdS/+Xut+pdS/YZf3m/Qbcw6ohO9pEmM + ncfURg55wr8fftAyRFA/L/svtP8h3Qv/+jv8gJ9nHyjk3z7Zmzzo8S54h9Ct9pJwkv0cpmdeLiDrL + ygZGjs=; +Received: from CALLER by myhost.test.ex with local (Exim x.yz) + (envelope-from ) + id 10HmbF-0005vi-00 + for c@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 +From: nobody@example.com +Message-Id: +Sender: CALLER_NAME +Date: Tue, 2 Mar 1999 09:44:33 +0000 + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- + diff --git a/test/scripts/4500-DKIM/4525 b/test/scripts/4500-DKIM/4525 new file mode 100644 index 000000000..dced4ae46 --- /dev/null +++ b/test/scripts/4500-DKIM/4525 @@ -0,0 +1,54 @@ +# DKIM signing, with transport_filter +# +exim -bd -DSERVER=server -oX PORT_D +**** +# +# baseline (no transport_filter) +exim -DOPT=From -odf a@test.ex +From: nobody@example.com + +content +**** +millisleep 500 +# +# +# with transport_filter +exim -DOPT=From -DFILTER=y -odf b@test.ex +From: nobody@example.com + +content +**** +millisleep 500 +# with transport_filter and CHUNKING +exim -DOPT=From -DFILTER=y -DALLOW=y -odf c@test.ex +From: nobody@example.com + +content +**** +millisleep 500 +# +# for comparison, mails that should get identical sigs, though not using a transport_filter +exim -DOPT=From -odf b@test.ex +From: nobody@example.com + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- +**** +millisleep 500 +exim -DOPT=From -DALLOW=y -odf c@test.ex +From: nobody@example.com + +content + +-- +This is a generic mailinglist footer, using a traditional .sig-separator line +---- +**** +millisleep 500 +# +# +killdaemon +no_msglog_check -- cgit v1.2.3 From f0fe22cbc29ee4f887aa254f2590a9e72401e237 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 8 Nov 2019 22:30:04 +0000 Subject: Regard command-line recipients as tainted --- doc/doc-txt/ChangeLog | 2 ++ src/src/exim.c | 19 ++++++++++--------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f9e39d2dc..f10e45cee 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -22,6 +22,8 @@ JH/04 Support CHUNKING from an smtp transport using a transport_filter, when DKIM signing is being done. Previously a transport_filter would always disable CHUNKING, falling back to traditional DATA. +JH/05 Regard command-line receipients as tainted. + Exim version 4.93 ----------------- diff --git a/src/src/exim.c b/src/src/exim.c index d6952ef2e..a30e35bca 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -4809,8 +4809,9 @@ if (verify_address_mode || f.address_test_mode) { while (recipients_arg < argc) { - uschar *s = argv[recipients_arg++]; - while (*s != 0) + /* Supplied addresses are tainted since they come from a user */ + uschar * s = string_copy_taint(argv[recipients_arg++], TRUE); + while (*s) { BOOL finished = FALSE; uschar *ss = parse_find_address_end(s, FALSE); @@ -4818,16 +4819,16 @@ if (verify_address_mode || f.address_test_mode) test_address(s, flags, &exit_value); s = ss; if (!finished) - while (*(++s) != 0 && (*s == ',' || isspace(*s))); + while (*++s == ',' || isspace(*s)) ; } } } else for (;;) { - uschar *s = get_stdinput(NULL, NULL); - if (s == NULL) break; - test_address(s, flags, &exit_value); + uschar * s = get_stdinput(NULL, NULL); + if (!s) break; + test_address(string_copy_taint(s, TRUE), flags, &exit_value); } route_tidyup(); @@ -5321,13 +5322,13 @@ while (more) raw_sender = string_copy(sender_address); - /* Loop for each argument */ + /* Loop for each argument (supplied by user hence tainted) */ for (int i = 0; i < count; i++) { int start, end, domain; - uschar *errmess; - uschar *s = list[i]; + uschar * errmess; + uschar * s = string_copy_taint(list[i], TRUE); /* Loop for each comma-separated address */ -- cgit v1.2.3 From 218c95cc2e45de929d92c508bc9a95292c3a4ece Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 7 Nov 2019 17:32:49 +0000 Subject: Dsearch: Fix taint-handling in lookup. Bug 2465 (cherry picked from commit 13e70f5530fc3fd376e1397c76e073a339e738aa) --- doc/doc-txt/ChangeLog | 4 ++++ src/src/lookups/dsearch.c | 13 ++++--------- src/src/string.c | 2 +- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f10e45cee..e9a614c0a 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -212,6 +212,10 @@ JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since 3.6.0, DH parameters are negotiated following RFC7919." +JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted + buffer was used for the filename, resulting in a trap when tainted + arguments (eg. $domain) were used. + Exim version 4.92 ----------------- diff --git a/src/src/lookups/dsearch.c b/src/src/lookups/dsearch.c index 9f7dd8da0..c27f5d6e6 100644 --- a/src/src/lookups/dsearch.c +++ b/src/src/lookups/dsearch.c @@ -65,13 +65,13 @@ return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups, scanning the directory, as it is hopefully faster to let the OS do the scanning for us. */ -int -static dsearch_find(void *handle, uschar *dirname, const uschar *keystring, int length, +static int +dsearch_find(void *handle, uschar *dirname, const uschar *keystring, int length, uschar **result, uschar **errmsg, uint *do_cache) { struct stat statbuf; int save_errno; -uschar filename[PATH_MAX]; +uschar * filename; handle = handle; /* Keep picky compilers happy */ length = length; @@ -84,12 +84,7 @@ if (Ustrchr(keystring, '/') != 0) return DEFER; } -if (!string_format(filename, sizeof(filename), "%s/%s", dirname, keystring)) - { - *errmsg = US"path name too long"; - return DEFER; - } - +filename = string_sprintf("%s/%s", dirname, keystring); if (Ulstat(filename, &statbuf) >= 0) { *result = string_copy(keystring); diff --git a/src/src/string.c b/src/src/string.c index ced1ad8c7..007ec877e 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -664,7 +664,7 @@ return yield; *************************************************/ /* The formatting is done by string_vformat, which checks the length of -everything. +everything. Taint is taken from the worst of the arguments. Arguments: format a printf() format - deliberately char * rather than uschar * -- cgit v1.2.3 From 580f325235cd1b9713bfa436719b7ca026fe9a16 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 9 Nov 2019 13:25:46 +0000 Subject: Testsuite: fix testcase use of paths Broken-by: 179ed8c31e --- test/confs/4525 | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/test/confs/4525 b/test/confs/4525 index 3a843b99e..f6a0258a7 100644 --- a/test/confs/4525 +++ b/test/confs/4525 @@ -4,16 +4,15 @@ SERVER= OPT= FAKE = -keep_environment = PATH:EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK -add_environment = SSLKEYLOGFILE=/home/jgh/git/exim/test/spool/sslkeys +keep_environment = PATH exim_path = EXIM_PATH host_lookup_order = bydns -spool_directory = /home/jgh/git/exim/test/spool +spool_directory = DIR/spool .ifdef SERVER -log_file_path = /home/jgh/git/exim/test/spool/log/SERVER%slog +log_file_path = DIR/spool/log/SERVER%slog .else -log_file_path = /home/jgh/git/exim/test/spool/log/%slog +log_file_path = DIR/spool/log/%slog .endif gecos_pattern = "" -- cgit v1.2.3 From 01446a56c76aa5ac3213a86f8992a2371a8301f3 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 9 Nov 2019 16:04:14 +0000 Subject: Remove the daemon pid file when exit is due to SIGTERM. Bug 340 --- doc/doc-docbook/spec.xfpt | 11 +++++ doc/doc-txt/ChangeLog | 2 + src/src/daemon.c | 110 +++++++++++++++++++++++++++++++++++++------ src/src/exim.c | 8 +++- src/src/functions.h | 1 + test/log/0438 | 1 + test/runtest | 1 + test/scripts/0000-Basic/0438 | 13 +++++ test/stderr/0438 | 22 +++++++++ test/stdout/0438 | 3 ++ 10 files changed, 156 insertions(+), 16 deletions(-) create mode 100644 test/stdout/0438 diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 62109e915..19c15c211 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -4367,6 +4367,17 @@ written. When &%-oX%& is used with &%-bd%&, or when &%-q%& with a time is used without &%-bd%&, this is the only way of causing Exim to write a pid file, because in those cases, the normal pid file is not used. +.new +.vitem &%-oPX%& +.oindex "&%-oPX%&" +.cindex "pid (process id)" "of daemon" +.cindex "daemon" "process id (pid)" +This option is not intended for general use. +The daemon uses it when terminating due to a SIGTEM, possibly in +combination with &%-oP%&&~<&'path'&>. +It causes the pid file to be removed. +.wen + .vitem &%-or%&&~<&'time'&> .oindex "&%-or%&" .cindex "timeout" "for non-SMTP input" diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index e9a614c0a..a8cd823b5 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -24,6 +24,8 @@ JH/04 Support CHUNKING from an smtp transport using a transport_filter, when JH/05 Regard command-line receipients as tainted. +JH/06 Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM. + Exim version 4.93 ----------------- diff --git a/src/src/daemon.c b/src/src/daemon.c index 3fc73babe..61371f592 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -31,6 +31,7 @@ static smtp_slot empty_smtp_slot = { .pid = 0, .host_address = NULL }; static SIGNAL_BOOL sigchld_seen; static SIGNAL_BOOL sighup_seen; +static SIGNAL_BOOL sigterm_seen; static int accept_retry_count = 0; static int accept_retry_errno; @@ -87,6 +88,16 @@ sigchld_seen = TRUE; } +/* SIGTERM handler. Try to get the damon pif file removed +before exiting. */ + +static void +main_sigterm_handler(int sig) +{ +sigterm_seen = TRUE; +} + + /************************************************* @@ -430,6 +441,7 @@ if (pid == 0) #else signal(SIGCHLD, SIG_IGN); #endif + signal(SIGTERM, SIG_DFL); /* Attempt to get an id from the sending machine via the RFC 1413 protocol. We do this in the sub-process in order not to hold up the @@ -654,6 +666,7 @@ if (pid == 0) signal(SIGHUP, SIG_DFL); signal(SIGCHLD, SIG_DFL); + signal(SIGTERM, SIG_DFL); if (geteuid() != root_uid && !deliver_drop_privilege) { @@ -888,6 +901,77 @@ while ((pid = waitpid(-1, &status, WNOHANG)) > 0) +static void +set_pid_file_path(void) +{ +if (override_pid_file_path) + pid_file_path = override_pid_file_path; + +if (!*pid_file_path) + pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory); +} + + +/* Remove the daemon's pidfile. Note: runs with root privilege, +as a direct child of the daemon. Does not return. */ + +void +delete_pid_file(void) +{ +uschar * daemon_pid = string_sprintf("%d\n", (int)getppid()); +FILE * f; + +set_pid_file_path(); +if ((f = Ufopen(pid_file_path, "rb"))) + { + if ( fgets(CS big_buffer, big_buffer_size, f) + && Ustrcmp(daemon_pid, big_buffer) == 0 + ) + if (Uunlink(pid_file_path) == 0) + { + DEBUG(D_any) + debug_printf("%s unlink: %s\n", pid_file_path, strerror(errno)); + } + else + DEBUG(D_any) + debug_printf("unlinked %s\n", pid_file_path); + fclose(f); + } +else + DEBUG(D_any) + debug_printf("%s\n", string_open_failed(errno, "pid file %s", + pid_file_path)); +exim_exit(EXIT_SUCCESS, US"pid file remover"); +} + + +/* Called by the daemon; exec a child to get the pid file deleted +since we may require privs for the containing directory */ + +static void +daemon_die(void) +{ +int pid; + +if (f.running_in_test_harness || write_pid) + { + if ((pid = fork()) == 0) + { + if (override_pid_file_path) + (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 3, + "-oP", override_pid_file_path, "-oPX"); + else + (void)child_exec_exim(CEE_EXEC_PANIC, FALSE, NULL, FALSE, 1, "-oPX"); + + /* Control never returns here. */ + } + if (pid > 0) + child_close(pid, 1); + } +exim_exit(EXIT_SUCCESS, US"daemon"); +} + + /************************************************* * Exim Daemon Mainline * *************************************************/ @@ -1068,19 +1152,14 @@ if (f.daemon_listen && !f.inetd_wait_mode) gstring * new_smtp_port = NULL; gstring * new_local_interfaces = NULL; - if (override_pid_file_path == NULL) write_pid = FALSE; + if (!override_pid_file_path) write_pid = FALSE; list = override_local_interfaces; sep = 0; while ((s = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) { uschar joinstr[4]; - gstring ** gp; - - if (Ustrpbrk(s, ".:") == NULL) - gp = &new_smtp_port; - else - gp = &new_local_interfaces; + gstring ** gp = Ustrpbrk(s, ".:") ? &new_local_interfaces : &new_smtp_port; if (!*gp) { @@ -1538,12 +1617,7 @@ if (f.running_in_test_harness || write_pid) { FILE *f; - if (override_pid_file_path) - pid_file_path = override_pid_file_path; - - if (pid_file_path[0] == 0) - pid_file_path = string_sprintf("%s/exim-daemon.pid", spool_directory); - + set_pid_file_path(); if ((f = modefopen(pid_file_path, "wb", 0644))) { (void)fprintf(f, "%d\n", (int)getpid()); @@ -1586,11 +1660,15 @@ if (queue_interval > 0 && local_queue_run_max > 0) for (int i = 0; i < local_queue_run_max; i++) queue_pid_slots[i] = 0; } -/* Set up the handler for termination of child processes. */ +/* Set up the handler for termination of child processes, and the one +telling us to die. */ sigchld_seen = FALSE; os_non_restarting_signal(SIGCHLD, main_sigchld_handler); +sigterm_seen = FALSE; +os_non_restarting_signal(SIGTERM, main_sigterm_handler); + /* If we are to run the queue periodically, pretend the alarm has just gone off. This will cause the first queue-runner to get kicked off straight away. */ @@ -1791,6 +1869,9 @@ for (;;) EXIM_SOCKLEN_T len; pid_t pid; + if (sigterm_seen) + daemon_die(); /* Does not return */ + /* This code is placed first in the loop, so that it gets obeyed at the start, before the first wait, for the queue-runner case, so that the first one can be started immediately. @@ -1868,6 +1949,7 @@ for (;;) signal(SIGHUP, SIG_DFL); signal(SIGCHLD, SIG_DFL); + signal(SIGTERM, SIG_DFL); /* Re-exec if privilege has been given up, unless deliver_drop_ privilege is set. Reset SIGALRM before exec(). */ diff --git a/src/src/exim.c b/src/src/exim.c index a30e35bca..f29435476 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -202,7 +202,7 @@ va_end(ap); static void term_handler(int sig) { - exit(1); +exit(1); } @@ -3067,11 +3067,15 @@ for (i = 1; i < argc; i++) else if (Ustrcmp(argrest, "o") == 0) {} - /* -oP : set pid file path for daemon */ + /* -oP : set pid file path for daemon + -oPX: delete pid file of daemon */ else if (Ustrcmp(argrest, "P") == 0) override_pid_file_path = argv[++i]; + else if (Ustrcmp(argrest, "PX") == 0) + delete_pid_file(); + /* -or : set timeout for non-SMTP acceptance -os : set timeout for SMTP acceptance */ diff --git a/src/src/functions.h b/src/src/functions.h index 488e84c6c..187bdafa6 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -175,6 +175,7 @@ extern void debug_print_tree(tree_node *); extern void debug_vprintf(int, const char *, va_list); extern void decode_bits(unsigned int *, size_t, int *, uschar *, bit_table *, int, uschar *, int); +extern void delete_pid_file(void); extern address_item *deliver_make_addr(uschar *, BOOL); extern void delivery_log(int, address_item *, int, uschar *); extern int deliver_message(uschar *, BOOL, BOOL); diff --git a/test/log/0438 b/test/log/0438 index 574cf9bef..78796810d 100644 --- a/test/log/0438 +++ b/test/log/0438 @@ -2,3 +2,4 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D diff --git a/test/runtest b/test/runtest index 9f6569128..97edbc244 100755 --- a/test/runtest +++ b/test/runtest @@ -1029,6 +1029,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/(?<=^>>>>>>>>>>>>>>>> Exim pid=)\d+(?= terminating)/pppp/; s/^(proxy-proc \w{5}-pid) \d+$/$1 pppp/; + s/^(?:\d+)( exec .* -oPX)$/pppp$1/; # IP address lookups use gethostbyname() when IPv6 is not supported, # and gethostbyname2() or getipnodebyname() when it is. diff --git a/test/scripts/0000-Basic/0438 b/test/scripts/0000-Basic/0438 index 099efba0d..a8287cf9f 100644 --- a/test/scripts/0000-Basic/0438 +++ b/test/scripts/0000-Basic/0438 @@ -8,3 +8,16 @@ killdaemon exim -d -DSERVER=server -bd -oX PORT_D -oP DIR/spool/exim-daemon.anotherpid **** killdaemon +# +# Check for a SIGTERM daemon kill removing the pid file +exim -d -DSERVER=server -bd -oX PORT_D -oP DIR/spool/mypidfile +**** +sleep 1 +ls DIR/spool +sudo perl +open(IN, "<", "DIR/spool/mypidfile"); +while () { kill "TERM", $_; } +**** +sleep 1 +ls DIR/spool +# diff --git a/test/stderr/0438 b/test/stderr/0438 index f44d7bb76..bb6ba3f53 100644 --- a/test/stderr/0438 +++ b/test/stderr/0438 @@ -36,3 +36,25 @@ LOG: MAIN set_process_info: pppp daemon(x.yz): no queue runs, listening for SMTP on port 1225 daemon running with uid=EXIM_UID gid=EXIM_GID euid=EXIM_UID egid=EXIM_GID Listening... +Exim version x.yz .... +changed uid/gid: forcing real = effective + uid=uuuu gid=CALLER_GID pid=pppp +configuration file is TESTSUITE/test-config +admin user +dropping to exim gid; retaining priv uid +originator: uid=CALLER_UID gid=CALLER_GID login=CALLER name=CALLER_NAME +daemon_smtp_port overridden by -oX: + <: 1225 +listening on all interfaces (IPv4) port 1225 +pid written to TESTSUITE/spool/mypidfile +changed uid/gid: running as a daemon + uid=EXIM_UID gid=EXIM_GID pid=pppp +LOG: MAIN + exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +set_process_info: pppp daemon(x.yz): no queue runs, listening for SMTP on port 1225 +daemon running with uid=EXIM_UID gid=EXIM_GID euid=EXIM_UID egid=EXIM_GID +Listening... +OpenSSL: creating STEK +pppp exec TESTSUITE/eximdir/exim -DEXIM_PATH=TESTSUITE/eximdir/exim -DSERVER=server -C TESTSUITE/test-config -d=0xf7795cfd -oP TESTSUITE/spool/mypidfile -oPX +search_tidyup called +>>>>>>>>>>>>>>>> Exim pid=pppp (daemon) terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stdout/0438 b/test/stdout/0438 new file mode 100644 index 000000000..431c133d8 --- /dev/null +++ b/test/stdout/0438 @@ -0,0 +1,3 @@ +log +mypidfile +log -- cgit v1.2.3 From 6471ea33fb1ddc212f1e51904ee09dcd5f64193c Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 9 Nov 2019 23:01:25 +0000 Subject: Testsuite: fix stderr munging Broken-by: 01446a56c7 --- test/runtest | 5 ++++- test/stderr/0438 | 1 - 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/test/runtest b/test/runtest index 97edbc244..6e9255b33 100755 --- a/test/runtest +++ b/test/runtest @@ -1029,7 +1029,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/(?<=^>>>>>>>>>>>>>>>> Exim pid=)\d+(?= terminating)/pppp/; s/^(proxy-proc \w{5}-pid) \d+$/$1 pppp/; - s/^(?:\d+)( exec .* -oPX)$/pppp$1/; + s/^(?:\s*\d+ )(exec .* -oPX)$/pppp $1/; # IP address lookups use gethostbyname() when IPv6 is not supported, # and gethostbyname2() or getipnodebyname() when it is. @@ -1047,6 +1047,9 @@ RESET_AFTER_EXTRA_LINE_READ: next if /OpenSSL compile-time version: OpenSSL \d+[\.\da-z]+/; next if /OpenSSL runtime version: OpenSSL \d+[\.\da-z]+/; + # this is timing-dependent + next if /^OpenSSL: creating STEK$/; + # drop lookups next if /^Lookups \(built-in\):/; next if /^Loading lookup modules from/; diff --git a/test/stderr/0438 b/test/stderr/0438 index bb6ba3f53..bac5bc1a6 100644 --- a/test/stderr/0438 +++ b/test/stderr/0438 @@ -54,7 +54,6 @@ LOG: MAIN set_process_info: pppp daemon(x.yz): no queue runs, listening for SMTP on port 1225 daemon running with uid=EXIM_UID gid=EXIM_GID euid=EXIM_UID egid=EXIM_GID Listening... -OpenSSL: creating STEK pppp exec TESTSUITE/eximdir/exim -DEXIM_PATH=TESTSUITE/eximdir/exim -DSERVER=server -C TESTSUITE/test-config -d=0xf7795cfd -oP TESTSUITE/spool/mypidfile -oPX search_tidyup called >>>>>>>>>>>>>>>> Exim pid=pppp (daemon) terminating with rc=0 >>>>>>>>>>>>>>>> -- cgit v1.2.3 From 5694b9058458fa8bd0a1f28bcb874f5108543ce3 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 10 Nov 2019 16:50:58 +0000 Subject: tidying --- src/src/expand.c | 231 ++++++++++++++++++++++++++----------------------------- 1 file changed, 109 insertions(+), 122 deletions(-) diff --git a/src/src/expand.c b/src/src/expand.c index e30756123..1cd08df89 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -955,18 +955,16 @@ Returns: TRUE if condition is met, FALSE if not BOOL expand_check_condition(uschar *condition, uschar *m1, uschar *m2) { -int rc; -uschar *ss = expand_string(condition); -if (ss == NULL) +uschar * ss = expand_string(condition); +if (!ss) { if (!f.expand_string_forcedfail && !f.search_find_defer) log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand condition \"%s\" " "for %s %s: %s", condition, m1, m2, expand_string_message); return FALSE; } -rc = ss[0] != 0 && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 && +return *ss && Ustrcmp(ss, "0") != 0 && strcmpic(ss, US"no") != 0 && strcmpic(ss, US"false") != 0; -return rc; } @@ -1069,7 +1067,7 @@ static const uschar * read_name(uschar *name, int max, const uschar *s, uschar *extras) { int ptr = 0; -while (*s != 0 && (isalnum(*s) || Ustrchr(extras, *s) != NULL)) +while (*s && (isalnum(*s) || Ustrchr(extras, *s) != NULL)) { if (ptr < max-1) name[ptr++] = *s; s++; @@ -2529,14 +2527,14 @@ switch(cond_type = identify_operator(&s, &opname)) /* first_delivery tests for first delivery attempt */ case ECOND_FIRST_DELIVERY: - if (yield != NULL) *yield = f.deliver_firsttime == testfor; + if (yield) *yield = f.deliver_firsttime == testfor; return s; /* queue_running tests for any process started by a queue runner */ case ECOND_QUEUE_RUNNING: - if (yield != NULL) *yield = (queue_run_pid != (pid_t)0) == testfor; + if (yield) *yield = (queue_run_pid != (pid_t)0) == testfor; return s; @@ -2563,11 +2561,11 @@ switch(cond_type = identify_operator(&s, &opname)) if (*s != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ sub[0] = expand_string_internal(s+1, TRUE, &s, yield == NULL, TRUE, resetok); - if (sub[0] == NULL) return NULL; + if (!sub[0]) return NULL; /* {-for-text-editors */ if (*s++ != '}') goto COND_FAILED_CURLY_END; - if (yield == NULL) return s; /* No need to run the test if skipping */ + if (!yield) return s; /* No need to run the test if skipping */ switch(cond_type) { @@ -2669,7 +2667,7 @@ switch(cond_type = identify_operator(&s, &opname)) case 3: return NULL; } - if (yield != NULL) + if (yield) { int rc; *resetok = FALSE; /* eval_acl() might allocate; do not reclaim */ @@ -2720,8 +2718,8 @@ switch(cond_type = identify_operator(&s, &opname)) case 2: case 3: return NULL; } - if (sub[2] == NULL) sub[3] = NULL; /* realm if no service */ - if (yield != NULL) + if (!sub[2]) sub[3] = NULL; /* realm if no service */ + if (yield) { int rc = auth_call_saslauthd(sub[0], sub[1], sub[2], sub[3], &expand_string_message); @@ -2808,7 +2806,7 @@ switch(cond_type = identify_operator(&s, &opname)) conditions that compare numbers do not start with a letter. This just saves checking for them individually. */ - if (!isalpha(opname[0]) && yield != NULL) + if (!isalpha(opname[0]) && yield) if (sub[i][0] == 0) { num[i] = 0; @@ -2818,13 +2816,13 @@ switch(cond_type = identify_operator(&s, &opname)) else { num[i] = expanded_string_integer(sub[i], FALSE); - if (expand_string_message != NULL) return NULL; + if (expand_string_message) return NULL; } } /* Result not required */ - if (yield == NULL) return s; + if (!yield) return s; /* Do an appropriate comparison */ @@ -2892,9 +2890,8 @@ switch(cond_type = identify_operator(&s, &opname)) break; case ECOND_MATCH: /* Regular expression match */ - re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset, - NULL); - if (re == NULL) + if (!(re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, + &roffset, NULL))) { expand_string_message = string_sprintf("regular expression error in " "\"%s\": %s at offset %d", sub[1], rerror, roffset); @@ -3148,7 +3145,7 @@ switch(cond_type = identify_operator(&s, &opname)) case ECOND_AND: case ECOND_OR: - subcondptr = (yield == NULL)? NULL : &tempcond; + subcondptr = (yield == NULL) ? NULL : &tempcond; combined_cond = (cond_type == ECOND_AND); while (isspace(*s)) s++; @@ -3183,8 +3180,7 @@ switch(cond_type = identify_operator(&s, &opname)) return NULL; } - if (yield != NULL) - { + if (yield) if (cond_type == ECOND_AND) { combined_cond &= tempcond; @@ -3195,10 +3191,9 @@ switch(cond_type = identify_operator(&s, &opname)) combined_cond |= tempcond; if (combined_cond) subcondptr = NULL; /* once true, don't */ } /* evaluate any more */ - } } - if (yield != NULL) *yield = (combined_cond == testfor); + if (yield) *yield = (combined_cond == testfor); return ++s; @@ -3221,8 +3216,8 @@ switch(cond_type = identify_operator(&s, &opname)) while (isspace(*s)) s++; if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ - sub[0] = expand_string_internal(s, TRUE, &s, (yield == NULL), TRUE, resetok); - if (sub[0] == NULL) return NULL; + if (!(sub[0] = expand_string_internal(s, TRUE, &s, yield == NULL, TRUE, resetok))) + return NULL; /* {-for-text-editors */ if (*s++ != '}') goto COND_FAILED_CURLY_END; @@ -3362,7 +3357,7 @@ switch(cond_type = identify_operator(&s, &opname)) } DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", ourname, boolvalue? "true":"false"); - if (yield != NULL) *yield = (boolvalue == testfor); + if (yield) *yield = (boolvalue == testfor); return s; } @@ -3791,7 +3786,7 @@ uschar innerkey[64]; uschar outerkey[64]; uschar *finalhash_hex; -if (key_num == NULL) +if (!key_num) key_num = US"0"; if (Ustrlen(key) > 64) @@ -3999,13 +3994,13 @@ eval_op_mult(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_unary(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '*' || *s == '/' || *s == '%') { int op = *s++; int_eximarith_t y = eval_op_unary(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; /* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give * a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which * is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where @@ -4086,7 +4081,7 @@ eval_op_shift(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_sum(&s, decimal, error); -if (*error == NULL) +if (!*error) { while ((*s == '<' || *s == '>') && s[1] == s[0]) { @@ -4094,7 +4089,7 @@ if (*error == NULL) int op = *s++; s++; y = eval_op_sum(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; if (op == '<') x <<= y; else x >>= y; } } @@ -4108,14 +4103,14 @@ eval_op_and(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_shift(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '&') { int_eximarith_t y; s++; y = eval_op_shift(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; x &= y; } } @@ -4129,14 +4124,14 @@ eval_op_xor(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_and(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '^') { int_eximarith_t y; s++; y = eval_op_and(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; x ^= y; } } @@ -4150,14 +4145,14 @@ eval_op_or(uschar **sptr, BOOL decimal, uschar **error) { uschar *s = *sptr; int_eximarith_t x = eval_op_xor(&s, decimal, error); -if (*error == NULL) +if (!*error) { while (*s == '|') { int_eximarith_t y; s++; y = eval_op_xor(&s, decimal, error); - if (*error != NULL) break; + if (*error) break; x |= y; } } @@ -4418,7 +4413,7 @@ while (*s != 0) if (!value) { - if (Ustrchr(name, '}') != NULL) malformed_header = TRUE; + if (Ustrchr(name, '}')) malformed_header = TRUE; continue; } } @@ -4598,8 +4593,8 @@ while (*s != 0) save_expand_strings(save_expand_nstring, save_expand_nlength); while (isspace(*s)) s++; - next_s = eval_condition(s, &resetok, skipping ? NULL : &cond); - if (next_s == NULL) goto EXPAND_FAILED; /* message already set */ + if (!(next_s = eval_condition(s, &resetok, skipping ? NULL : &cond))) + goto EXPAND_FAILED; /* message already set */ DEBUG(D_expand) DEBUG(D_noutf8) @@ -4658,7 +4653,7 @@ while (*s != 0) case 3: goto EXPAND_FAILED; } - if (sub_arg[1] == NULL) /* One argument */ + if (!sub_arg[1]) /* One argument */ { sub_arg[1] = US"/"; /* default separator */ sub_arg[2] = NULL; @@ -4760,7 +4755,7 @@ while (*s != 0) if (!mac_islookup(stype, lookup_querystyle|lookup_absfilequery)) { - if (key == NULL) + if (!key) { expand_string_message = string_sprintf("missing {key} for single-" "key \"%s\" lookup", name); @@ -4769,7 +4764,7 @@ while (*s != 0) } else { - if (key != NULL) + if (key) { expand_string_message = string_sprintf("a single key was given for " "lookup type \"%s\", which is not a single-key lookup type", name); @@ -4787,8 +4782,8 @@ while (*s != 0) expand_string_message = US"missing '{' for lookup file-or-query arg"; goto EXPAND_FAILED_CURLY; } - filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); - if (filename == NULL) goto EXPAND_FAILED; + if (!(filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; if (*s++ != '}') { expand_string_message = US"missing '}' closing lookup file-or-query arg"; @@ -4839,7 +4834,7 @@ while (*s != 0) else { void *handle = search_open(filename, stype, 0, NULL, NULL); - if (handle == NULL) + if (!handle) { expand_string_message = search_error_message; goto EXPAND_FAILED; @@ -4921,15 +4916,14 @@ while (*s != 0) if (!opt_perl_started) { uschar *initerror; - if (opt_perl_startup == NULL) + if (!opt_perl_startup) { expand_string_message = US"A setting of perl_startup is needed when " "using the Perl interpreter"; goto EXPAND_FAILED; } DEBUG(D_any) debug_printf("Starting Perl interpreter\n"); - initerror = init_perl(opt_perl_startup); - if (initerror != NULL) + if ((initerror = init_perl(opt_perl_startup))) { expand_string_message = string_sprintf("error in perl_startup code: %s\n", initerror); @@ -4948,9 +4942,9 @@ while (*s != 0) NULL, the yield was undef, indicating a forced failure. Otherwise the message will indicate some kind of Perl error. */ - if (new_yield == NULL) + if (!new_yield) { - if (expand_string_message == NULL) + if (!expand_string_message) { expand_string_message = string_sprintf("Perl subroutine \"%s\" returned undef to force " @@ -5456,7 +5450,7 @@ while (*s != 0) if (*s == '{') { - if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok) == NULL) + if (!expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok)) goto EXPAND_FAILED; if (*s++ != '}') { @@ -5515,8 +5509,8 @@ while (*s != 0) expand_string_message = US"missing '{' for command arg of run"; goto EXPAND_FAILED_CURLY; } - arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); - if (arg == NULL) goto EXPAND_FAILED; + if (!(arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; while (isspace(*s)) s++; if (*s++ != '}') { @@ -5629,7 +5623,7 @@ while (*s != 0) if (o2m >= 0) for (; oldptr < yield->ptr; oldptr++) { uschar *m = Ustrrchr(sub[1], yield->s[oldptr]); - if (m != NULL) + if (m) { int o = m - sub[1]; yield->s[oldptr] = sub[2][(o < o2m)? o : o2m]; @@ -5668,7 +5662,7 @@ while (*s != 0) string to the last position and make ${length{n}{str}} equivalent to ${substr{0}{n}{str}}. See the defaults for val[] above. */ - if (sub[2] == NULL) + if (!sub[2]) { sub[2] = sub[1]; sub[1] = NULL; @@ -5691,13 +5685,13 @@ while (*s != 0) } ret = - (item_type == EITEM_HASH)? - compute_hash(sub[2], val[0], val[1], &len) : - (item_type == EITEM_NHASH)? - compute_nhash(sub[2], val[0], val[1], &len) : - extract_substr(sub[2], val[0], val[1], &len); - - if (ret == NULL) goto EXPAND_FAILED; + item_type == EITEM_HASH + ? compute_hash(sub[2], val[0], val[1], &len) + : item_type == EITEM_NHASH + ? compute_nhash(sub[2], val[0], val[1], &len) + : extract_substr(sub[2], val[0], val[1], &len); + if (!ret) + goto EXPAND_FAILED; yield = string_catn(yield, ret, len); continue; } @@ -5837,10 +5831,8 @@ while (*s != 0) /* Compile the regular expression */ - re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, &roffset, - NULL); - - if (re == NULL) + if (!(re = pcre_compile(CS sub[1], PCRE_COPT, (const char **)&rerror, + &roffset, NULL))) { expand_string_message = string_sprintf("regular expression error in " "\"%s\": %s at offset %d", sub[1], rerror, roffset); @@ -5896,8 +5888,8 @@ while (*s != 0) /* Copy the characters before the match, plus the expanded insertion. */ yield = string_catn(yield, subject + moffset, ovector[0] - moffset); - insert = expand_string(sub[2]); - if (insert == NULL) goto EXPAND_FAILED; + if (!(insert = expand_string(sub[2]))) + goto EXPAND_FAILED; yield = string_cat(yield, insert); moffset = ovector[1]; @@ -5991,8 +5983,8 @@ while (*s != 0) while (isspace(*s)) s++; if (*s == '{') /*'}'*/ { - sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok); - if (sub[i] == NULL) goto EXPAND_FAILED; /*'{'*/ + if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; /*'{'*/ if (*s++ != '}') { expand_string_message = string_sprintf( @@ -6367,8 +6359,8 @@ while (*s != 0) goto EXPAND_FAILED_CURLY; } - list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok); - if (list == NULL) goto EXPAND_FAILED; + if (!(list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; if (*s++ != '}') { expand_string_message = @@ -6413,13 +6405,13 @@ while (*s != 0) if (item_type == EITEM_FILTER) { - temp = eval_condition(expr, &resetok, NULL); - if (temp != NULL) s = temp; + if ((temp = eval_condition(expr, &resetok, NULL))) + s = temp; } else temp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok); - if (temp == NULL) + if (!temp) { expand_string_message = string_sprintf("%s inside \"%s\" item", expand_string_message, name); @@ -6457,7 +6449,7 @@ while (*s != 0) if (item_type == EITEM_FILTER) { BOOL condresult; - if (eval_condition(expr, &resetok, &condresult) == NULL) + if (!eval_condition(expr, &resetok, &condresult)) { iterate_item = save_iterate_item; lookup_value = save_lookup_value; @@ -6479,7 +6471,7 @@ while (*s != 0) { uschar * t = expand_string_internal(expr, TRUE, NULL, skipping, TRUE, &resetok); temp = t; - if (temp == NULL) + if (!temp) { iterate_item = save_iterate_item; expand_string_message = string_sprintf("%s inside \"%s\" item", @@ -6767,7 +6759,7 @@ while (*s != 0) if (!(t = tree_search(dlobj_anchor, argv[0]))) { void *handle = dlopen(CS argv[0], RTLD_LAZY); - if (handle == NULL) + if (!handle) { expand_string_message = string_sprintf("dlopen \"%s\" failed: %s", argv[0], dlerror()); @@ -6783,8 +6775,7 @@ while (*s != 0) /* Having obtained the dynamically loaded object handle, look up the function pointer. */ - func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]); - if (func == NULL) + if (!(func = (exim_dlfunc_t *)dlsym(t->data.ptr, CS argv[1]))) { expand_string_message = string_sprintf("dlsym \"%s\" in \"%s\" failed: " "%s", argv[1], argv[0], dlerror()); @@ -6801,20 +6792,21 @@ while (*s != 0) resetok = FALSE; result = NULL; - for (argc = 0; argv[argc] != NULL; argc++); + for (argc = 0; argv[argc]; argc++); status = func(&result, argc - 2, &argv[2]); if(status == OK) { - if (result == NULL) result = US""; + if (!result) result = US""; yield = string_cat(yield, result); continue; } else { - expand_string_message = result == NULL ? US"(no message)" : result; - if(status == FAIL_FORCED) f.expand_string_forcedfail = TRUE; - else if(status != FAIL) - log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s", + expand_string_message = result ? result : US"(no message)"; + if (status == FAIL_FORCED) + f.expand_string_forcedfail = TRUE; + else if (status != FAIL) + log_write(0, LOG_MAIN|LOG_PANIC, "dlfunc{%s}{%s} failed (%d): %s", argv[0], argv[1], status, expand_string_message); goto EXPAND_FAILED; } @@ -6934,11 +6926,11 @@ while (*s != 0) if ((c = chop_match(name, op_table_underscore, nelem(op_table_underscore))) < 0) { - arg = Ustrchr(name, '_'); - if (arg != NULL) *arg = 0; - c = chop_match(name, op_table_main, nelem(op_table_main)); - if (c >= 0) c += nelem(op_table_underscore); - if (arg != NULL) *arg++ = '_'; /* Put back for error messages */ + if ((arg = Ustrchr(name, '_'))) + *arg = 0; + if ((c = chop_match(name, op_table_main, nelem(op_table_main))) >= 0) + c += nelem(op_table_underscore); + if (arg) *arg++ = '_'; /* Put back for error messages */ } /* Deal specially with operators that might take a certificate variable @@ -7013,11 +7005,10 @@ while (*s != 0) { uschar *tt = sub; unsigned long int n = 0; - uschar * s; while (*tt) { uschar * t = Ustrchr(base32_chars, *tt++); - if (t == NULL) + if (!t) { expand_string_message = string_sprintf("argument for base32d " "operator is \"%s\", which is not a base 32 number", sub); @@ -7025,8 +7016,7 @@ while (*s != 0) } n = n * 32 + (t - base32_chars); } - s = string_sprintf("%ld", n); - yield = string_cat(yield, s); + yield = string_fmt_append(yield, "%ld", n); continue; } @@ -7040,8 +7030,7 @@ while (*s != 0) "operator is \"%s\", which is not a decimal number", sub); goto EXPAND_FAILED; } - t = string_base62(n); - yield = string_cat(yield, t); + yield = string_cat(yield, string_base62(n)); continue; } @@ -7054,7 +7043,7 @@ while (*s != 0) while (*tt != 0) { uschar *t = Ustrchr(base62_chars, *tt++); - if (t == NULL) + if (!t) { expand_string_message = string_sprintf("argument for base62d " "operator is \"%s\", which is not a base %d number", sub, @@ -7070,7 +7059,7 @@ while (*s != 0) case EOP_EXPAND: { uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok); - if (expanded == NULL) + if (!expanded) { expand_string_message = string_sprintf("internal expansion of \"%s\" failed: %s", sub, @@ -7269,7 +7258,7 @@ while (*s != 0) int sep = 0; uschar buffer[256]; - while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++; + while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer))) cnt++; yield = string_fmt_append(yield, "%d", cnt); continue; } @@ -7288,7 +7277,7 @@ while (*s != 0) uschar buffer[256]; if (*sub == '+') sub++; - if (arg == NULL) /* no-argument version */ + if (!arg) /* no-argument version */ { if (!(t = tree_search(addresslist_anchor, sub)) && !(t = tree_search(domainlist_anchor, sub)) && @@ -7538,7 +7527,7 @@ while (*s != 0) case EOP_QUOTE: case EOP_QUOTE_LOCAL_PART: - if (arg == NULL) + if (!arg) { BOOL needs_quote = (*sub == 0); /* TRUE for empty string */ uschar *t = sub - 1; @@ -7586,20 +7575,20 @@ while (*s != 0) int n; uschar *opt = Ustrchr(arg, '_'); - if (opt != NULL) *opt++ = 0; + if (opt) *opt++ = 0; - n = search_findtype(arg, Ustrlen(arg)); - if (n < 0) + if ((n = search_findtype(arg, Ustrlen(arg))) < 0) { expand_string_message = search_error_message; goto EXPAND_FAILED; } - if (lookup_list[n]->quote != NULL) + if (lookup_list[n]->quote) sub = (lookup_list[n]->quote)(sub, opt); - else if (opt != NULL) sub = NULL; + else if (opt) + sub = NULL; - if (sub == NULL) + if (!sub) { expand_string_message = string_sprintf( "\"%s\" unrecognized after \"${quote_%s\"", @@ -7646,7 +7635,7 @@ while (*s != 0) uschar *error; uschar *decoded = rfc2047_decode(sub, check_rfc2047_length, headers_charset, '?', &len, &error); - if (error != NULL) + if (error) { expand_string_message = error; goto EXPAND_FAILED; @@ -8008,14 +7997,13 @@ while (*s != 0) /* Perform the required operation */ - ret = - (c == EOP_HASH || c == EOP_H)? - compute_hash(sub, value1, value2, &len) : - (c == EOP_NHASH || c == EOP_NH)? - compute_nhash(sub, value1, value2, &len) : - extract_substr(sub, value1, value2, &len); + ret = c == EOP_HASH || c == EOP_H + ? compute_hash(sub, value1, value2, &len) + : c == EOP_NHASH || c == EOP_NH + ? compute_nhash(sub, value1, value2, &len) + : extract_substr(sub, value1, value2, &len); + if (!ret) goto EXPAND_FAILED; - if (ret == NULL) goto EXPAND_FAILED; yield = string_catn(yield, ret, len); continue; } @@ -8377,7 +8365,7 @@ uschar *endptr; /* If expansion failed, expand_string_message will be set. */ -if (s == NULL) return -1; +if (!s) return -1; /* On an overflow, strtol() returns LONG_MAX or LONG_MIN, and sets errno to ERANGE. When there isn't an overflow, errno is not changed, at least on some @@ -8472,10 +8460,9 @@ exp_bool(address_item *addr, uschar *svalue, BOOL *rvalue) { uschar *expanded; -if (svalue == NULL) { *rvalue = bvalue; return OK; } +if (!svalue) { *rvalue = bvalue; return OK; } -expanded = expand_string(svalue); -if (expanded == NULL) +if (!(expanded = expand_string(svalue))) { if (f.expand_string_forcedfail) { -- cgit v1.2.3 From 5b195d6b9592fcef09b0b3b31390e73226deffc9 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 14 Nov 2019 15:59:42 +0000 Subject: TLS: variables $tls_(in,out)_tlsver --- doc/doc-docbook/spec.xfpt | 13 +++++++++++++ doc/doc-txt/NewStuff | 3 +++ src/src/deliver.c | 8 ++++++-- src/src/expand.c | 2 ++ src/src/globals.h | 1 + src/src/smtp_in.c | 2 +- src/src/spool_in.c | 19 ++++++++++--------- src/src/spool_out.c | 1 + src/src/structs.h | 1 + src/src/tls-gnu.c | 4 ++++ src/src/tls-openssl.c | 28 ++++++++++++++++++++++------ src/src/transports/smtp.c | 3 +++ test/confs/2002 | 3 +++ test/confs/2102 | 3 +++ test/confs/5710 | 2 ++ test/confs/5720 | 2 ++ test/log/2002 | 3 +++ test/log/2102 | 3 +++ test/log/2102.openssl_1_1_1 | 3 +++ test/log/5710 | 8 ++++++++ test/log/5720 | 8 ++++++++ test/runtest | 15 ++++++++++++--- 22 files changed, 114 insertions(+), 21 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 19c15c211..f0b7a626d 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -13513,6 +13513,19 @@ the transport. .vindex &$tls_out_tlsa_usage$& Bitfield of TLSA record types found. See section &<>&. +.new +.vitem &$tls_in_ver$& +.vindex "&$tls_in_ver$&" +When a message is received from a remote host over an encrypted SMTP connection +this variable is set to the protocol version, eg &'TLS1.2'&. + +.vitem &$tls_out_ver$& +.vindex "&$tls_out_ver$&" +When a message is being delivered to a remote host over an encrypted SMTP connection +this variable is set to the protocol version. +.wen + + .vitem &$tod_bsdinbox$& .vindex "&$tod_bsdinbox$&" The time of day and the date, in the format required for BSD-style mailbox diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index fd1ab8b3d..fbd1a5e4e 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -12,6 +12,9 @@ Version 4.next 1. EXPERIMENTAL_SRS_NATIVE optional build feature. See the experimental.spec file. + 2. Variables $tls_in_ver, $tls_out_ver. + + Version 4.93 ------------ diff --git a/src/src/deliver.c b/src/src/deliver.c index b89671c57..58874add4 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -1610,6 +1610,7 @@ if (result == OK) tls_out.peercert = addr->peercert; addr->peercert = NULL; + tls_out.ver = addr->tlsver; tls_out.cipher = addr->cipher; tls_out.peerdn = addr->peerdn; tls_out.ocsp = addr->ocsp; @@ -1623,6 +1624,7 @@ if (result == OK) #ifndef DISABLE_TLS tls_free_cert(&tls_out.ourcert); tls_free_cert(&tls_out.peercert); + tls_out.ver = NULL; tls_out.cipher = NULL; tls_out.peerdn = NULL; tls_out.ocsp = OCSP_NOT_REQ; @@ -3480,11 +3482,13 @@ while (!done) switch (*subid) { case '1': - addr->cipher = NULL; - addr->peerdn = NULL; + addr->tlsver = addr->cipher = addr->peerdn = NULL; if (*ptr) + { addr->cipher = string_copy(ptr); + addr->tlsver = string_copyn(ptr, Ustrchr(ptr, ':') - ptr); + } while (*ptr++); if (*ptr) addr->peerdn = string_copy(ptr); diff --git a/src/src/expand.c b/src/src/expand.c index 1cd08df89..366cd737a 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -776,6 +776,7 @@ static var_entry var_table[] = { #ifndef DISABLE_TLS { "tls_in_sni", vtype_stringptr, &tls_in.sni }, #endif + { "tls_in_ver", vtype_stringptr, &tls_in.ver }, { "tls_out_bits", vtype_int, &tls_out.bits }, { "tls_out_certificate_verified", vtype_int,&tls_out.certificate_verified }, { "tls_out_cipher", vtype_stringptr, &tls_out.cipher }, @@ -796,6 +797,7 @@ static var_entry var_table[] = { #ifdef SUPPORT_DANE { "tls_out_tlsa_usage", vtype_int, &tls_out.tlsa_usage }, #endif + { "tls_out_ver", vtype_stringptr, &tls_out.ver }, { "tls_peerdn", vtype_stringptr, &tls_in.peerdn }, /* mind the alphabetical order! */ #ifndef DISABLE_TLS diff --git a/src/src/globals.h b/src/src/globals.h index ee89fd1f5..1754d3e89 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -89,6 +89,7 @@ typedef struct { #endif uschar *cipher; /* Cipher used */ const uschar *cipher_stdname; /* Cipher used, RFC version */ + const uschar *ver; /* TLS version */ BOOL on_connect; /* For older MTAs that don't STARTTLS */ uschar *on_connect_ports; /* Ports always tls-on-connect */ diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index bd29d2c1f..ddf98ec61 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2466,7 +2466,7 @@ if (!host_checking && !f.sender_host_notsocket) authenticated_by = NULL; #ifndef DISABLE_TLS -tls_in.cipher = tls_in.peerdn = NULL; +tls_in.ver = tls_in.cipher = tls_in.peerdn = NULL; tls_in.ourcert = tls_in.peercert = NULL; tls_in.sni = NULL; tls_in.ocsp = OCSP_NOT_REQ; diff --git a/src/src/spool_in.c b/src/src/spool_in.c index f393d4d3e..cbd2751ac 100644 --- a/src/src/spool_in.c +++ b/src/src/spool_in.c @@ -278,7 +278,7 @@ tls_in.certificate_verified = FALSE; # ifdef SUPPORT_DANE tls_in.dane_verified = FALSE; # endif -tls_in.cipher = NULL; +tls_in.ver = tls_in.cipher = NULL; # ifndef COMPILE_UTILITY /* tls support fns not built in */ tls_free_cert(&tls_in.ourcert); tls_free_cert(&tls_in.peercert); @@ -665,24 +665,25 @@ for (;;) if (Ustrncmp(q, "certificate_verified", 20) == 0) tls_in.certificate_verified = TRUE; else if (Ustrncmp(q, "cipher", 6) == 0) - tls_in.cipher = string_copy_taint(var + 11, tainted); + tls_in.cipher = string_copy_taint(q+7, tainted); # ifndef COMPILE_UTILITY /* tls support fns not built in */ else if (Ustrncmp(q, "ourcert", 7) == 0) - (void) tls_import_cert(var + 12, &tls_in.ourcert); + (void) tls_import_cert(q+8, &tls_in.ourcert); else if (Ustrncmp(q, "peercert", 8) == 0) - (void) tls_import_cert(var + 13, &tls_in.peercert); + (void) tls_import_cert(q+9, &tls_in.peercert); # endif else if (Ustrncmp(q, "peerdn", 6) == 0) - tls_in.peerdn = string_unprinting(string_copy_taint(var + 11, tainted)); + tls_in.peerdn = string_unprinting(string_copy_taint(q+7, tainted)); else if (Ustrncmp(q, "sni", 3) == 0) - tls_in.sni = string_unprinting(string_copy_taint(var + 8, tainted)); + tls_in.sni = string_unprinting(string_copy_taint(q+4, tainted)); else if (Ustrncmp(q, "ocsp", 4) == 0) - tls_in.ocsp = var[9] - '0'; + tls_in.ocsp = q[5] - '0'; # ifdef EXPERIMENTAL_TLS_RESUME else if (Ustrncmp(q, "resumption", 10) == 0) - tls_in.resumption = var[15] - 'A'; + tls_in.resumption = q[11] - 'A'; # endif - + else if (Ustrncmp(q, "ver", 3) == 0) + tls_in.ver = string_copy_taint(q+4, tainted); } break; #endif diff --git a/src/src/spool_out.c b/src/src/spool_out.c index acc6c7b5f..c766b147d 100644 --- a/src/src/spool_out.c +++ b/src/src/spool_out.c @@ -263,6 +263,7 @@ if (tls_in.ocsp) fprintf(fp, "-tls_ocsp %d\n", tls_in.ocsp); # ifdef EXPERIMENTAL_TLS_RESUME fprintf(fp, "-tls_resumption %c\n", 'A' + tls_in.resumption); # endif +if (tls_in.ver) spool_var_write(fp, US"tls_ver", tls_in.ver); #endif #ifdef SUPPORT_I18N diff --git a/src/src/structs.h b/src/src/structs.h index 6662e6458..1d867c5b6 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -570,6 +570,7 @@ typedef struct address_item { uschar *shadow_message; /* info about shadow transporting */ #ifndef DISABLE_TLS + const uschar *tlsver; /* version used for transport */ uschar *cipher; /* Cipher used for transport */ void *ourcert; /* Certificate offered to peer, binary */ void *peercert; /* Certificate from peer, binary */ diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 6cd9bf75b..eaec862aa 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -468,6 +468,7 @@ Sets: tls_bits strength indicator tls_certificate_verified bool indicator tls_channelbinding_b64 for some SASL mechanisms + tls_ver a string tls_cipher a string tls_peercert pointer to library internal tls_peerdn a string @@ -1754,6 +1755,7 @@ old_pool = store_pool; /* debug_printf("peer_status: gnutls_session_get_desc %s\n", s); */ for (s++; (c = *s) && c != ')'; s++) g = string_catn(g, s, 1); + tlsp->ver = string_copyn(g->s, g->ptr); g = string_catn(g, US":", 1); if (*s) s++; /* now on _ between groups */ while ((c = *s)) @@ -1778,6 +1780,8 @@ old_pool = store_pool; releases did return "TLS 1.0"; play it safe, just in case. */ for (uschar * p = state->ciphersuite; *p; p++) if (isspace(*p)) *p = '-'; + tlsp->ver = string_copyn(state->ciphersuite, + Ustrchr(state->ciphersuite, ':') - state->ciphersuite); #endif /* debug_printf("peer_status: ciphersuite %s\n", state->ciphersuite); */ diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index c5e1abfe9..7a82e1d55 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -2212,14 +2212,13 @@ Returns: pointer to allocated string in perm-pool */ static uschar * -construct_cipher_name(SSL * ssl, int * bits) +construct_cipher_name(SSL * ssl, const uschar * ver, int * bits) { int pool = store_pool; /* With OpenSSL 1.0.0a, 'c' needs to be const but the documentation doesn't yet reflect that. It should be a safe change anyway, even 0.9.8 versions have the accessor functions use const in the prototype. */ -const uschar * ver = CUS SSL_get_version(ssl); const SSL_CIPHER * c = (const SSL_CIPHER *) SSL_get_current_cipher(ssl); uschar * s; @@ -2250,6 +2249,21 @@ return cipher_stdname(id >> 8, id & 0xff); } +static const uschar * +tlsver_name(SSL * ssl) +{ +uschar * s, * p; +int pool = store_pool; + +store_pool = POOL_PERM; +s = string_copy(US SSL_get_version(ssl)); +store_pool = pool; +if ((p = Ustrchr(s, 'v'))) /* TLSv1.2 -> TLS1.2 */ + for (;; p++) if (!(*p = p[1])) break; +return CUS s; +} + + static void peer_cert(SSL * ssl, tls_support * tlsp, uschar * peerdn, unsigned siz) { @@ -2688,12 +2702,13 @@ if (SSL_session_reused(server_ssl)) } #endif -/* TLS has been set up. Adjust the input functions to read via TLS, -and initialize things. */ +/* TLS has been set up. Record data for the connection, +adjust the input functions to read via TLS, and initialize things. */ peer_cert(server_ssl, &tls_in, peerdn, sizeof(peerdn)); -tls_in.cipher = construct_cipher_name(server_ssl, &tls_in.bits); +tls_in.ver = tlsver_name(server_ssl); +tls_in.cipher = construct_cipher_name(server_ssl, tls_in.ver, &tls_in.bits); tls_in.cipher_stdname = cipher_stdname_ssl(server_ssl); DEBUG(D_tls) @@ -3278,7 +3293,8 @@ tls_client_resume_posthandshake(exim_client_ctx, tlsp); peer_cert(exim_client_ctx->ssl, tlsp, peerdn, sizeof(peerdn)); -tlsp->cipher = construct_cipher_name(exim_client_ctx->ssl, &tlsp->bits); +tlsp->ver = tlsver_name(exim_client_ctx->ssl); +tlsp->cipher = construct_cipher_name(exim_client_ctx->ssl, tlsp->ver, &tlsp->bits); tlsp->cipher_stdname = cipher_stdname_ssl(exim_client_ctx->ssl); /* Record the certificate we presented */ diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 383d202b9..dee546ce1 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -2084,6 +2084,7 @@ tls_out.ocsp = OCSP_NOT_REQ; #ifdef EXPERIMENTAL_TLS_RESUME tls_out.resumption = 0; #endif +tls_out.ver = NULL; /* Flip the legacy TLS-related variables over to the outbound set in case they're used in the context of the transport. Don't bother resetting @@ -2604,6 +2605,7 @@ if ( smtp_peer_options & OPTION_TLS addr->peercert = tls_out.peercert; addr->peerdn = tls_out.peerdn; addr->ocsp = tls_out.ocsp; + addr->tlsver = tls_out.ver; } } } @@ -4560,6 +4562,7 @@ for (address_item * addr = addrlist; addr; addr = addr->next) addr->peercert = NULL; addr->peerdn = NULL; addr->ocsp = OCSP_NOT_REQ; + addr->tlsver = NULL; #endif #ifdef EXPERIMENTAL_DSN_INFO addr->smtp_greeting = NULL; diff --git a/test/confs/2002 b/test/confs/2002 index dfeb172b1..6475fb7fb 100644 --- a/test/confs/2002 +++ b/test/confs/2002 @@ -62,6 +62,9 @@ check_recipient: logwrite = sha1 fingerprint ${sha1:$tls_in_peercert} logwrite = sha256 fingerprint ${sha256:$tls_in_peercert} logwrite = der_b64 ${base64:$tls_in_peercert} + logwrite = cipher: $tls_in_cipher + logwrite = cipher_ $tls_in_cipher_std + logwrite = ver: $tls_in_ver # ----- Routers ----- diff --git a/test/confs/2102 b/test/confs/2102 index 99f659fd2..5e156d486 100644 --- a/test/confs/2102 +++ b/test/confs/2102 @@ -72,6 +72,9 @@ check_recipient: logwrite = sha1 fingerprint ${sha1:$tls_in_peercert} logwrite = sha256 fingerprint ${sha256:$tls_in_peercert} logwrite = der_b64 ${base64:$tls_in_peercert} + logwrite = cipher: $tls_in_cipher + logwrite = cipher_ $tls_in_cipher_std + logwrite = ver: $tls_in_ver # ----- Routers ----- diff --git a/test/confs/5710 b/test/confs/5710 index 6ab64f4ec..85293a566 100644 --- a/test/confs/5710 +++ b/test/confs/5710 @@ -71,6 +71,8 @@ logger: message = ${acl {ev_tls}} accept condition = ${if eq {smtp:ehlo}{$event_name}} logwrite = $tls_out_cipher smtp:ehlo $event_data + logwrite = cipher_ $tls_out_cipher_std + logwrite = ver: $tls_out_ver accept # ----- Routers ----- diff --git a/test/confs/5720 b/test/confs/5720 index 030434973..906266290 100644 --- a/test/confs/5720 +++ b/test/confs/5720 @@ -71,6 +71,8 @@ logger: message = ${acl {ev_tls}} accept condition = ${if eq {smtp:ehlo}{$event_name}} logwrite = $tls_out_cipher smtp:ehlo $event_data + logwrite = cipher_ $tls_out_cipher_std + logwrite = ver: $tls_out_ver accept # ----- Routers ----- diff --git a/test/log/2002 b/test/log/2002 index 825c0dfd0..36ea6c173 100644 --- a/test/log/2002 +++ b/test/log/2002 @@ -41,6 +41,9 @@ 1999-03-02 09:44:33 sha1 fingerprint E75D537E478758010505D4F339B00DFD73728088 1999-03-02 09:44:33 sha256 fingerprint E251FA7D0372CB784294CF92B243DCE53FDDABD9F58A1B89226586C07C82CAC6 1999-03-02 09:44:33 der_b64 MIIDuDCCAqCgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwNzEUMBIGA1UEChMLZXhhbXBsZS5jb20xHzAdBgNVBAMTFmNsaWNhIFNpZ25pbmcgQ2VydCByc2EwHhcNMTIxMTAxMTI0MDA0WhcNMzcxMjAxMTI0MDA0WjAeMRwwGgYDVQQDExNzZXJ2ZXIyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52Rfiv2Igy0NiaKN5gc0VPLbEoHngkdJWv3wEORp+iFl6skQRbsCylT8djJ2pvHstFpnzSodF3Wwjj2/EDuj3iKBzN9HeXJOvJz8j9Si1xkgCxJeUjPGgYcvKdxybaZAOpi9l3xwPCCEXN4JBq/WaQQ9+eP1PczeMNfvFtXma+VcHXG743ttPOv7eSMr0JxQl3zjQvYGOhFP/KAw6jh/N6YPqii9kV0cC/ubeVzpqJ5/+hndx5YrmAu39N5qzwWujhDPkFNSgCJUhfkEiMaQiPxFxDTbUzWnQ5jpAQ5El4WJVkGWkqxose1bOjSSNzFPJt59YtxxJC3IWN3UtGODTwIDAQABo4HmMIHjMA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTgYDVR0jBEcwRYANQUFidHdDeGNYZ2IwUaExpC8wLTEUMBIGA1UEChMLZXhhbXBsZS5jb20xFTATBgNVBAMTDGNsaWNhIENBIHJzYYIBQjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vc2NwLmV4YW1wbGUuY29tLzApBgNVHREEIjAgghNzZXJ2ZXIyLmV4YW1wbGUuY29tggkqLnRlc3QuZXgwDQYJKoZIhvcNAQELBQADggEBALHOkZkvHLpNm0QSof09vmmdNFE6/+0TCIoPExeqqSOsy4NsF+Ha46WttjJRSVtbhRxF8jxEU7btPiFgQUaOcJZTwQPDhmQSOPNO8GS46oJ57aQ7U7O+X3M1sVS5Pa2IzE6vrJSh349/CNbTA8WPQdWLlxVJhJXAcZNtaEu6lCsZuDSMTpAsW5I4+snyrm3yvP5t0eD28K5LgCKePX962drkAOP6XGQ51VnbMQ7b1TSdQedtYKIpR3VKUvG5Ky/+0c+Rmwfi2aQ8oXXwekzJyS5jvovdVVsdhO68It+Rz/zursN5Pn+Gj1YuQNUs2nDrGHN+VIIFpgWUjLZO4bcJctY= +1999-03-02 09:44:33 cipher: TLS1.x:ke-RSA-AES256-SHAnnn:xxx +1999-03-02 09:44:33 cipher_ TLS1.x:ke_RSA_WITH_ci_mac +1999-03-02 09:44:33 ver: TLS1.x 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server2.example.com" S=sss 1999-03-02 09:44:33 Our cert SN: 1999-03-02 09:44:33 Peer did not present a cert diff --git a/test/log/2102 b/test/log/2102 index 215bbe243..bddb8e973 100644 --- a/test/log/2102 +++ b/test/log/2102 @@ -39,6 +39,9 @@ 1999-03-02 09:44:33 sha1 fingerprint E75D537E478758010505D4F339B00DFD73728088 1999-03-02 09:44:33 sha256 fingerprint E251FA7D0372CB784294CF92B243DCE53FDDABD9F58A1B89226586C07C82CAC6 1999-03-02 09:44:33 der_b64 MIIDuDCCAqCgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwNzEUMBIGA1UEChMLZXhhbXBsZS5jb20xHzAdBgNVBAMTFmNsaWNhIFNpZ25pbmcgQ2VydCByc2EwHhcNMTIxMTAxMTI0MDA0WhcNMzcxMjAxMTI0MDA0WjAeMRwwGgYDVQQDExNzZXJ2ZXIyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52Rfiv2Igy0NiaKN5gc0VPLbEoHngkdJWv3wEORp+iFl6skQRbsCylT8djJ2pvHstFpnzSodF3Wwjj2/EDuj3iKBzN9HeXJOvJz8j9Si1xkgCxJeUjPGgYcvKdxybaZAOpi9l3xwPCCEXN4JBq/WaQQ9+eP1PczeMNfvFtXma+VcHXG743ttPOv7eSMr0JxQl3zjQvYGOhFP/KAw6jh/N6YPqii9kV0cC/ubeVzpqJ5/+hndx5YrmAu39N5qzwWujhDPkFNSgCJUhfkEiMaQiPxFxDTbUzWnQ5jpAQ5El4WJVkGWkqxose1bOjSSNzFPJt59YtxxJC3IWN3UtGODTwIDAQABo4HmMIHjMA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTgYDVR0jBEcwRYANQUFidHdDeGNYZ2IwUaExpC8wLTEUMBIGA1UEChMLZXhhbXBsZS5jb20xFTATBgNVBAMTDGNsaWNhIENBIHJzYYIBQjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vc2NwLmV4YW1wbGUuY29tLzApBgNVHREEIjAgghNzZXJ2ZXIyLmV4YW1wbGUuY29tggkqLnRlc3QuZXgwDQYJKoZIhvcNAQELBQADggEBALHOkZkvHLpNm0QSof09vmmdNFE6/+0TCIoPExeqqSOsy4NsF+Ha46WttjJRSVtbhRxF8jxEU7btPiFgQUaOcJZTwQPDhmQSOPNO8GS46oJ57aQ7U7O+X3M1sVS5Pa2IzE6vrJSh349/CNbTA8WPQdWLlxVJhJXAcZNtaEu6lCsZuDSMTpAsW5I4+snyrm3yvP5t0eD28K5LgCKePX962drkAOP6XGQ51VnbMQ7b1TSdQedtYKIpR3VKUvG5Ky/+0c+Rmwfi2aQ8oXXwekzJyS5jvovdVVsdhO68It+Rz/zursN5Pn+Gj1YuQNUs2nDrGHN+VIIFpgWUjLZO4bcJctY= +1999-03-02 09:44:33 cipher: TLS1.x:ke-RSA-AES256-SHAnnn:xxx +1999-03-02 09:44:33 cipher_ TLS1.x:ke_RSA_WITH_ci_mac +1999-03-02 09:44:33 ver: TLSv1.x 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server2.example.com" S=sss 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 Our cert SN: diff --git a/test/log/2102.openssl_1_1_1 b/test/log/2102.openssl_1_1_1 index 3e2e65f7a..951caaf1a 100644 --- a/test/log/2102.openssl_1_1_1 +++ b/test/log/2102.openssl_1_1_1 @@ -39,6 +39,9 @@ 1999-03-02 09:44:33 sha1 fingerprint E75D537E478758010505D4F339B00DFD73728088 1999-03-02 09:44:33 sha256 fingerprint E251FA7D0372CB784294CF92B243DCE53FDDABD9F58A1B89226586C07C82CAC6 1999-03-02 09:44:33 der_b64 MIIDuDCCAqCgAwIBAgICAMkwDQYJKoZIhvcNAQELBQAwNzEUMBIGA1UEChMLZXhhbXBsZS5jb20xHzAdBgNVBAMTFmNsaWNhIFNpZ25pbmcgQ2VydCByc2EwHhcNMTIxMTAxMTI0MDA0WhcNMzcxMjAxMTI0MDA0WjAeMRwwGgYDVQQDExNzZXJ2ZXIyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52Rfiv2Igy0NiaKN5gc0VPLbEoHngkdJWv3wEORp+iFl6skQRbsCylT8djJ2pvHstFpnzSodF3Wwjj2/EDuj3iKBzN9HeXJOvJz8j9Si1xkgCxJeUjPGgYcvKdxybaZAOpi9l3xwPCCEXN4JBq/WaQQ9+eP1PczeMNfvFtXma+VcHXG743ttPOv7eSMr0JxQl3zjQvYGOhFP/KAw6jh/N6YPqii9kV0cC/ubeVzpqJ5/+hndx5YrmAu39N5qzwWujhDPkFNSgCJUhfkEiMaQiPxFxDTbUzWnQ5jpAQ5El4WJVkGWkqxose1bOjSSNzFPJt59YtxxJC3IWN3UtGODTwIDAQABo4HmMIHjMA4GA1UdDwEB/wQEAwIE8DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwTgYDVR0jBEcwRYANQUFidHdDeGNYZ2IwUaExpC8wLTEUMBIGA1UEChMLZXhhbXBsZS5jb20xFTATBgNVBAMTDGNsaWNhIENBIHJzYYIBQjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vc2NwLmV4YW1wbGUuY29tLzApBgNVHREEIjAgghNzZXJ2ZXIyLmV4YW1wbGUuY29tggkqLnRlc3QuZXgwDQYJKoZIhvcNAQELBQADggEBALHOkZkvHLpNm0QSof09vmmdNFE6/+0TCIoPExeqqSOsy4NsF+Ha46WttjJRSVtbhRxF8jxEU7btPiFgQUaOcJZTwQPDhmQSOPNO8GS46oJ57aQ7U7O+X3M1sVS5Pa2IzE6vrJSh349/CNbTA8WPQdWLlxVJhJXAcZNtaEu6lCsZuDSMTpAsW5I4+snyrm3yvP5t0eD28K5LgCKePX962drkAOP6XGQ51VnbMQ7b1TSdQedtYKIpR3VKUvG5Ky/+0c+Rmwfi2aQ8oXXwekzJyS5jvovdVVsdhO68It+Rz/zursN5Pn+Gj1YuQNUs2nDrGHN+VIIFpgWUjLZO4bcJctY= +1999-03-02 09:44:33 cipher: TLS1.x:ke-RSA-AES256-SHAnnn:xxx +1999-03-02 09:44:33 cipher_ TLS1.x:ke_RSA_WITH_ci_mac +1999-03-02 09:44:33 ver: TLS1.x 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex H=[ip4.ip4.ip4.ip4] P=smtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server2.example.com" S=sss 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 Our cert SN: diff --git a/test/log/5710 b/test/log/5710 index 72bba14e6..4a3a18095 100644 --- a/test/log/5710 +++ b/test/log/5710 @@ -2,6 +2,8 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP +1999-03-02 09:44:33 10HmaX-0005vi-00 cipher_ +1999-03-02 09:44:33 10HmaX-0005vi-00 ver: 1999-03-02 09:44:33 10HmaX-0005vi-00 tls:cert depth=0 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented @@ -19,14 +21,20 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 CRU 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (certificate verification failed): certificate invalid: delivering unencrypted to H=127.0.0.1 [127.0.0.1] (not in hosts_require_tls) 1999-03-02 09:44:33 10HmaX-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP +1999-03-02 09:44:33 10HmaX-0005vi-00 cipher_ TLS1.x:ke_RSA_WITH_ci_mac +1999-03-02 09:44:33 10HmaX-0005vi-00 ver: 1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented 1999-03-02 09:44:33 10HmaX-0005vi-00 No Peer cert 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP +1999-03-02 09:44:33 10HmaY-0005vi-00 cipher_ +1999-03-02 09:44:33 10HmaY-0005vi-00 ver: 1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=0 1999-03-02 09:44:33 10HmaY-0005vi-00 TLS1.x:ke-RSA-AES256-SHAnnn:xxx smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250 HELP +1999-03-02 09:44:33 10HmaY-0005vi-00 cipher_ TLS1.x:ke_RSA_WITH_ci_mac +1999-03-02 09:44:33 10HmaY-0005vi-00 ver: TLS1.x 1999-03-02 09:44:33 10HmaY-0005vi-00 => good@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 msg:delivery good 1999-03-02 09:44:33 10HmaY-0005vi-00 Our cert SN: CN=server2.example.com diff --git a/test/log/5720 b/test/log/5720 index 066f7fb35..4f6254f62 100644 --- a/test/log/5720 +++ b/test/log/5720 @@ -2,6 +2,8 @@ 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaX-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP +1999-03-02 09:44:33 10HmaX-0005vi-00 cipher_ +1999-03-02 09:44:33 10HmaX-0005vi-00 ver: 1999-03-02 09:44:33 10HmaX-0005vi-00 [127.0.0.1] SSL verify error: depth=2 error=self signed certificate in certificate chain cert=/O=example.com/CN=clica CA rsa 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:host:defer bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented @@ -20,16 +22,22 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 (no CRU) 1999-03-02 09:44:33 10HmaX-0005vi-00 TLS session: (SSL_connect): error: <> 1999-03-02 09:44:33 10HmaX-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP +1999-03-02 09:44:33 10HmaX-0005vi-00 cipher_ +1999-03-02 09:44:33 10HmaX-0005vi-00 ver: 1999-03-02 09:44:33 10HmaX-0005vi-00 => bad@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaZ-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 msg:delivery bad 1999-03-02 09:44:33 10HmaX-0005vi-00 NO CLIENT CERT presented 1999-03-02 09:44:33 10HmaX-0005vi-00 No Peer cert 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250-STARTTLS\n250 HELP +1999-03-02 09:44:33 10HmaY-0005vi-00 cipher_ +1999-03-02 09:44:33 10HmaY-0005vi-00 ver: 1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=2 1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=1 1999-03-02 09:44:33 10HmaY-0005vi-00 tls:cert depth=0 1999-03-02 09:44:33 10HmaY-0005vi-00 TLS1.x:ke-RSA-AES256-SHAnnn:xxx smtp:ehlo 250-myhost.test.ex Hello localhost [127.0.0.1]\n250-SIZE 52428800\n250-8BITMIME\n250-PIPELINING\n250 HELP +1999-03-02 09:44:33 10HmaY-0005vi-00 cipher_ TLS1.x:ke_RSA_WITH_ci_mac +1999-03-02 09:44:33 10HmaY-0005vi-00 ver: TLS1.x 1999-03-02 09:44:33 10HmaY-0005vi-00 => good@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=yes DN="/CN=server1.example.com" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 msg:delivery good 1999-03-02 09:44:33 10HmaY-0005vi-00 Our cert SN: CN=server2.example.com diff --git a/test/runtest b/test/runtest index 6e9255b33..3fd125cc0 100755 --- a/test/runtest +++ b/test/runtest @@ -552,15 +552,19 @@ RESET_AFTER_EXTRA_LINE_READ: # the older (comment) style, keeping only the Auth element # (discarding kex, cipher, mac). For TLS 1.3 there is no kex # element (and no _WITH); insert a spurious "RSA". + # Also in $tls_X_cipher_std reporting. s/^\s+by .+ with .+ \K tls TLS_.*?([^_]+)_WITH.+$/(TLS1.x:ke-$1-AES256-SHAnnn:xxx)/; s/^\s+by .+ with .+ \K tls TLS_.+$/(TLS1.x:ke-RSA-AES256-SHAnnn:xxx)/; + s/ cipher_ TLS_.*?([^_]+)_WITH.+$/ cipher_ TLS1.x:ke_$1_WITH_ci_mac/; + s/ cipher_ TLS_.*$/ cipher_ TLS1.x:ke_RSA_WITH_ci_mac/; + # Test machines might have various different TLS library versions supporting # different protocols; can't rely upon TLS 1.2's AES256-GCM-SHA384, so we # treat the standard algorithms the same. # - # TLSversion : KeyExchange? - Authentication/Signature - C_iph_er - MAC : ??? + # TLSversion : KeyExchange? - Authentication/Signature - C_iph_er - MAC : bits # # So far, have seen: # TLSv1:AES128-GCM-SHA256:128 @@ -578,7 +582,7 @@ RESET_AFTER_EXTRA_LINE_READ: # # Retain the authentication algorith field as we want to test that. - s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1(\.[123])?:/$1TLS1.x:/xg; + s/( (?: (?:\b|\s) [\(=] ) | \s )TLS1(\.[123])?:/$1TLS1.x:/xg; s/(?PSK)_)?((?RSA|ECDSA)_)? (SECP(256|521)R1|X25519))?__?)? # key-exchange ((?RSA|ECDSA)((_PSS_RSAE)?_SHA(512|256))?__?)? # authentication + (?WITH_)? # stdname-with AES_(256|128)_(CBC|GCM) # cipher (__?AEAD)? # pseudo-MAC (__?SHA(1|256|384))? # PRF @@ -644,10 +649,14 @@ RESET_AFTER_EXTRA_LINE_READ: /"TLS1.x:ke-" . (defined($+{psk}) ? $+{psk} : "") . (defined($+{auth}) ? $+{auth} : "") + . (defined($+{with}) ? $+{with} : "") . "-AES256-SHAnnn:xxx"/gex; s/TLS1.2:RSA__CAMELLIA_256_GCM(_SHA384)?:256/TLS1.2:RSA_CAMELLIA_256_GCM-SHAnnn:256/g; s/\b(ECDHE-(RSA|ECDSA)-AES256-SHA|DHE-RSA-AES256-SHA256)\b/ke-$2-AES256-SHAnnn/g; + # Separate reporting of TLS version + s/ver: TLS1(\.[123])?$/ver: TLS1.x/; + # GnuTLS library error message changes s/(No certificate was found|Certificate is required)/The peer did not send any certificate/g; #(dodgy test?) s/\(certificate verification failed\): invalid/\(gnutls_handshake\): The peer did not send any certificate./g; -- cgit v1.2.3 From 9f125d9fab3f3f3dd2244caa28914c256d01c339 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 14 Nov 2019 22:02:59 +0000 Subject: TLS: restore TLS protocol version to default Received: header Broken-by: f1be21cf0b --- doc/doc-docbook/spec.xfpt | 1 + src/src/globals.c | 1 + test/mail/2002.CALLER | 10 +++--- test/mail/2003.userx | 2 +- test/mail/2008.CALLER | 4 +-- test/mail/2008.abcd | 2 +- test/mail/2008.xyz | 2 +- test/mail/2013.usera | 2 +- test/mail/2013.userb | 2 +- test/mail/2013.userc | 2 +- test/mail/2013.userx | 2 +- test/mail/2013.usery | 2 +- test/mail/2013.userz | 2 +- test/mail/2017.userx | 4 +-- test/mail/2019.userx | 4 +-- test/mail/2027.userx | 2 +- test/mail/2038.userx0 | 2 +- test/mail/2038.userx1 | 2 +- test/mail/2038.usery0 | 2 +- test/mail/2038.usery1 | 2 +- test/mail/2038.userz0 | 2 +- test/mail/2038.userz1 | 2 +- test/mail/2102.CALLER | 8 ++--- test/mail/2103.userx | 2 +- test/mail/2108.CALLER | 4 +-- test/mail/2108.abcd | 2 +- test/mail/2108.xyz | 2 +- test/mail/2113.usera | 2 +- test/mail/2113.userb | 2 +- test/mail/2113.userc | 2 +- test/mail/2113.userx | 2 +- test/mail/2113.usery | 2 +- test/mail/2113.userz | 2 +- test/mail/2117.userx | 4 +-- test/mail/2119.userx | 4 +-- test/mail/2127.userx | 2 +- test/mail/2132.CALLER | 6 ++-- test/mail/2138.userx0 | 2 +- test/mail/2138.userx1 | 2 +- test/mail/2138.usery0 | 2 +- test/mail/2138.usery1 | 2 +- test/mail/2138.userz0 | 2 +- test/mail/2138.userz1 | 2 +- test/mail/2149.userx | 2 +- test/mail/3451.userx | 8 ++--- test/mail/3452.userx | 4 +-- test/mail/3461.userx | 8 ++--- test/mail/3462.userx | 4 +-- test/mail/3700.smtps | 2 +- test/mail/3700.x | 2 +- test/rejectlog/2037 | 2 +- test/rejectlog/2137 | 2 +- test/runtest | 1 + test/stderr/0402 | 26 +++++++++++----- test/stderr/0544 | 26 +++++++++++----- test/stderr/5410 | 78 ++++++++++++++++++++++++++++++++--------------- test/stderr/5420 | 78 ++++++++++++++++++++++++++++++++--------------- 57 files changed, 220 insertions(+), 137 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index f0b7a626d..a93f61182 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -16763,6 +16763,7 @@ received_header_text = Received: \ ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\ by $primary_hostname \ ${if def:received_protocol {with $received_protocol }}\ + ${if def:tls_ver { ($tls_ver)}}\ ${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}\ (Exim $version_number)\n\t\ ${if def:sender_address \ diff --git a/src/src/globals.c b/src/src/globals.c index b874c4669..8162de0c4 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1233,6 +1233,7 @@ uschar *received_header_text = US "by $primary_hostname " "${if def:received_protocol {with $received_protocol }}" #ifndef DISABLE_TLS + "${if def:tls_in_ver { ($tls_in_ver)}}" "${if def:tls_in_cipher_std { tls $tls_in_cipher_std\n\t}}" #endif "(Exim $version_number)\n\t" diff --git a/test/mail/2002.CALLER b/test/mail/2002.CALLER index dc634d1e9..d9d0f0b8c 100644 --- a/test/mail/2002.CALLER +++ b/test/mail/2002.CALLER @@ -1,6 +1,6 @@ From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 @@ -12,7 +12,7 @@ This is a test encrypted message. From "name with spaces"@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from <"name with spaces"@test.ex>) id 10HmaY-0005vi-00 @@ -24,7 +24,7 @@ This is a test encrypted message. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -36,7 +36,7 @@ This is a test encrypted message from a verified host. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 @@ -49,7 +49,7 @@ It should be sent under the RSA server cert and with an RSA cipher. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x:ke-ECDSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2003.userx b/test/mail/2003.userx index 66c128b68..6322ccebb 100644 --- a/test/mail/2003.userx +++ b/test/mail/2003.userx @@ -1,6 +1,6 @@ From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=rhu.barb) - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 diff --git a/test/mail/2008.CALLER b/test/mail/2008.CALLER index f7669bdbc..47db7a2a8 100644 --- a/test/mail/2008.CALLER +++ b/test/mail/2008.CALLER @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message. Contains FF: From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/mail/2008.abcd b/test/mail/2008.abcd index 8a6aae2cc..51b951aa3 100644 --- a/test/mail/2008.abcd +++ b/test/mail/2008.abcd @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2008.xyz b/test/mail/2008.xyz index e304d943c..7c88c9c7f 100644 --- a/test/mail/2008.xyz +++ b/test/mail/2008.xyz @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/mail/2013.usera b/test/mail/2013.usera index 8aac112ac..e1d700f11 100644 --- a/test/mail/2013.usera +++ b/test/mail/2013.usera @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbG-0005vi-00 diff --git a/test/mail/2013.userb b/test/mail/2013.userb index 0a98cd802..219c06817 100644 --- a/test/mail/2013.userb +++ b/test/mail/2013.userb @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbI-0005vi-00 diff --git a/test/mail/2013.userc b/test/mail/2013.userc index efb32a668..81fd4e727 100644 --- a/test/mail/2013.userc +++ b/test/mail/2013.userc @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbH-0005vi-00 diff --git a/test/mail/2013.userx b/test/mail/2013.userx index f720f911a..a3e13af42 100644 --- a/test/mail/2013.userx +++ b/test/mail/2013.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2013.usery b/test/mail/2013.usery index 32797e12f..6cbc72e8f 100644 --- a/test/mail/2013.usery +++ b/test/mail/2013.usery @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 diff --git a/test/mail/2013.userz b/test/mail/2013.userz index 919c86d23..aec9bd92f 100644 --- a/test/mail/2013.userz +++ b/test/mail/2013.userz @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2017.userx b/test/mail/2017.userx index 1a86c2aa7..b21e1e382 100644 --- a/test/mail/2017.userx +++ b/test/mail/2017.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2019.userx b/test/mail/2019.userx index 3b38f9a48..366b78801 100644 --- a/test/mail/2019.userx +++ b/test/mail/2019.userx @@ -1,6 +1,6 @@ From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=rhu.barb) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 @@ -11,7 +11,7 @@ This is a test encrypted message. From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] - by myhost.test.ex with smtp (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtp (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaY-0005vi-00 diff --git a/test/mail/2027.userx b/test/mail/2027.userx index 08f034e29..d222887f9 100644 --- a/test/mail/2027.userx +++ b/test/mail/2027.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 diff --git a/test/mail/2038.userx0 b/test/mail/2038.userx0 index 5d80e9866..bcf6d69cf 100644 --- a/test/mail/2038.userx0 +++ b/test/mail/2038.userx0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2038.userx1 b/test/mail/2038.userx1 index 1acf09c8f..d5cf625cc 100644 --- a/test/mail/2038.userx1 +++ b/test/mail/2038.userx1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2038.usery0 b/test/mail/2038.usery0 index 6030779c8..83a8585f9 100644 --- a/test/mail/2038.usery0 +++ b/test/mail/2038.usery0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbE-0005vi-00 diff --git a/test/mail/2038.usery1 b/test/mail/2038.usery1 index e1b08c6ad..cd20363ba 100644 --- a/test/mail/2038.usery1 +++ b/test/mail/2038.usery1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbF-0005vi-00 diff --git a/test/mail/2038.userz0 b/test/mail/2038.userz0 index 9f4558735..d0b5e7931 100644 --- a/test/mail/2038.userz0 +++ b/test/mail/2038.userz0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 diff --git a/test/mail/2038.userz1 b/test/mail/2038.userz1 index 17e3991b0..8187e572b 100644 --- a/test/mail/2038.userz1 +++ b/test/mail/2038.userz1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbD-0005vi-00 diff --git a/test/mail/2102.CALLER b/test/mail/2102.CALLER index 9ca82395f..729308a9f 100644 --- a/test/mail/2102.CALLER +++ b/test/mail/2102.CALLER @@ -1,6 +1,6 @@ From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls TLS_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 @@ -12,7 +12,7 @@ This is a test encrypted message. From "name with spaces"@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls TLS_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from <"name with spaces"@test.ex>) id 10HmaY-0005vi-00 @@ -24,7 +24,7 @@ This is a test encrypted message. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls TLS_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -36,7 +36,7 @@ This is a test encrypted message from a verified host. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x:ke-ECDSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2103.userx b/test/mail/2103.userx index 66c128b68..083a93f85 100644 --- a/test/mail/2103.userx +++ b/test/mail/2103.userx @@ -1,6 +1,6 @@ From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=rhu.barb) - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 diff --git a/test/mail/2108.CALLER b/test/mail/2108.CALLER index f7669bdbc..1fc14a286 100644 --- a/test/mail/2108.CALLER +++ b/test/mail/2108.CALLER @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message. Contains FF: From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/mail/2108.abcd b/test/mail/2108.abcd index 8a6aae2cc..7c560703b 100644 --- a/test/mail/2108.abcd +++ b/test/mail/2108.abcd @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2108.xyz b/test/mail/2108.xyz index e304d943c..cfc558ce8 100644 --- a/test/mail/2108.xyz +++ b/test/mail/2108.xyz @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/mail/2113.usera b/test/mail/2113.usera index 8aac112ac..c9afbe7b3 100644 --- a/test/mail/2113.usera +++ b/test/mail/2113.usera @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbG-0005vi-00 diff --git a/test/mail/2113.userb b/test/mail/2113.userb index 0a98cd802..4a3ed8d89 100644 --- a/test/mail/2113.userb +++ b/test/mail/2113.userb @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbI-0005vi-00 diff --git a/test/mail/2113.userc b/test/mail/2113.userc index efb32a668..c6b53751b 100644 --- a/test/mail/2113.userc +++ b/test/mail/2113.userc @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbH-0005vi-00 diff --git a/test/mail/2113.userx b/test/mail/2113.userx index f720f911a..f0b5558db 100644 --- a/test/mail/2113.userx +++ b/test/mail/2113.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2113.usery b/test/mail/2113.usery index 32797e12f..e3908f2c1 100644 --- a/test/mail/2113.usery +++ b/test/mail/2113.usery @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 diff --git a/test/mail/2113.userz b/test/mail/2113.userz index 919c86d23..8b5c139c0 100644 --- a/test/mail/2113.userz +++ b/test/mail/2113.userz @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2117.userx b/test/mail/2117.userx index 1a86c2aa7..49d95b4dd 100644 --- a/test/mail/2117.userx +++ b/test/mail/2117.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2119.userx b/test/mail/2119.userx index e79ed70b4..c44613fa0 100644 --- a/test/mail/2119.userx +++ b/test/mail/2119.userx @@ -1,6 +1,6 @@ From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=rhu.barb) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 @@ -11,7 +11,7 @@ This is a test encrypted message. From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] - by myhost.test.ex with smtp (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtp (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmaY-0005vi-00 diff --git a/test/mail/2127.userx b/test/mail/2127.userx index 08f034e29..0c0c036e8 100644 --- a/test/mail/2127.userx +++ b/test/mail/2127.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 diff --git a/test/mail/2132.CALLER b/test/mail/2132.CALLER index 1edd49384..42151d143 100644 --- a/test/mail/2132.CALLER +++ b/test/mail/2132.CALLER @@ -1,6 +1,6 @@ From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 @@ -12,7 +12,7 @@ This is a test encrypted message. From "name with spaces"@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from <"name with spaces"@test.ex>) id 10HmaY-0005vi-00 @@ -24,7 +24,7 @@ This is a test encrypted message. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] - by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with smtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 diff --git a/test/mail/2138.userx0 b/test/mail/2138.userx0 index 5d80e9866..e17d93bc7 100644 --- a/test/mail/2138.userx0 +++ b/test/mail/2138.userx0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2138.userx1 b/test/mail/2138.userx1 index 1acf09c8f..0a8675343 100644 --- a/test/mail/2138.userx1 +++ b/test/mail/2138.userx1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2138.usery0 b/test/mail/2138.usery0 index 6030779c8..a752457b3 100644 --- a/test/mail/2138.usery0 +++ b/test/mail/2138.usery0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbE-0005vi-00 diff --git a/test/mail/2138.usery1 b/test/mail/2138.usery1 index e1b08c6ad..d14a0e5ae 100644 --- a/test/mail/2138.usery1 +++ b/test/mail/2138.usery1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbF-0005vi-00 diff --git a/test/mail/2138.userz0 b/test/mail/2138.userz0 index 9f4558735..d6906043a 100644 --- a/test/mail/2138.userz0 +++ b/test/mail/2138.userz0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 diff --git a/test/mail/2138.userz1 b/test/mail/2138.userz1 index 17e3991b0..37b5640f7 100644 --- a/test/mail/2138.userz1 +++ b/test/mail/2138.userz1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbD-0005vi-00 diff --git a/test/mail/2149.userx b/test/mail/2149.userx index 06590b3e7..f11a903ca 100644 --- a/test/mail/2149.userx +++ b/test/mail/2149.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmaY-0005vi-00 diff --git a/test/mail/3451.userx b/test/mail/3451.userx index b9df8e528..ce69f8a19 100644 --- a/test/mail/3451.userx +++ b/test/mail/3451.userx @@ -1,12 +1,12 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -24,13 +24,13 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/3452.userx b/test/mail/3452.userx index 6116a01db..9b579541f 100644 --- a/test/mail/3452.userx +++ b/test/mail/3452.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/3461.userx b/test/mail/3461.userx index b9df8e528..44682d114 100644 --- a/test/mail/3461.userx +++ b/test/mail/3461.userx @@ -1,12 +1,12 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -24,13 +24,13 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/3462.userx b/test/mail/3462.userx index 6116a01db..5eefecefa 100644 --- a/test/mail/3462.userx +++ b/test/mail/3462.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/3700.smtps b/test/mail/3700.smtps index 700d68128..7fae0b273 100644 --- a/test/mail/3700.smtps +++ b/test/mail/3700.smtps @@ -3,7 +3,7 @@ Authentication-Results: myhost.test.ex; iprev=pass (localhost) smtp.remote-ip=127.0.0.1; auth=pass (tls) x509.auth="Phil Pennock" Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS_proto_and_cipher) + by myhost.test.ex with esmtpsa (TLS_proto_and_cipher) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/3700.x b/test/mail/3700.x index 8b589be7a..e77cdbae8 100644 --- a/test/mail/3700.x +++ b/test/mail/3700.x @@ -3,7 +3,7 @@ Authentication-Results: myhost.test.ex; iprev=pass (localhost) smtp.remote-ip=127.0.0.1; auth=pass (tls) x509.auth="Phil Pennock" Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS_proto_and_cipher) + by myhost.test.ex with esmtpsa (TLS_proto_and_cipher) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 diff --git a/test/rejectlog/2037 b/test/rejectlog/2037 index e60a0edd5..c8a5a606b 100644 --- a/test/rejectlog/2037 +++ b/test/rejectlog/2037 @@ -6,7 +6,7 @@ Envelope-from: <> Envelope-to: P Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim x.yz) id 10HmaX-0005vi-00 for data_defer@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/rejectlog/2137 b/test/rejectlog/2137 index e60a0edd5..3024e8fbc 100644 --- a/test/rejectlog/2137 +++ b/test/rejectlog/2137 @@ -6,7 +6,7 @@ Envelope-from: <> Envelope-to: P Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) + by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn (Exim x.yz) id 10HmaX-0005vi-00 for data_defer@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/runtest b/test/runtest index 3fd125cc0..82105abe8 100755 --- a/test/runtest +++ b/test/runtest @@ -656,6 +656,7 @@ RESET_AFTER_EXTRA_LINE_READ: # Separate reporting of TLS version s/ver: TLS1(\.[123])?$/ver: TLS1.x/; + s/ \(TLS1(\.[123])?\) / (TLS1.x) /; # GnuTLS library error message changes s/(No certificate was found|Certificate is required)/The peer did not send any certificate/g; diff --git a/test/stderr/0402 b/test/stderr/0402 index 1d81d845c..314a8ba3a 100644 --- a/test/stderr/0402 +++ b/test/stderr/0402 @@ -41,7 +41,7 @@ Data file written for message 10HmaX-0005vi-00 ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000 ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -50,7 +50,7 @@ Data file written for message 10HmaX-0005vi-00 ├─────result: false ╭───scanning: from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -61,7 +61,7 @@ Data file written for message 10HmaX-0005vi-00 ╰───skipping: result is not used ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -69,13 +69,13 @@ Data file written for message 10HmaX-0005vi-00 ├──condition: def:sender_ident ├─────result: true ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std ╎ }}(Exim $version_number) ╎ ${if def:sender_address {(envelope-from <$sender_address>) ╎ }}id $message_exim_id${if def:received_for { @@ -87,7 +87,7 @@ Data file written for message 10HmaX-0005vi-00 ├──condition: def:sender_helo_name ├─────result: false ╭───scanning: (helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -102,13 +102,23 @@ Data file written for message 10HmaX-0005vi-00 ╰─────result: from CALLER ├──condition: def:received_protocol ├─────result: true - ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╭considering: with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ├──expanding: with $received_protocol ╰─────result: with local + ├──condition: def:tls_in_ver + ├─────result: false + ╭───scanning: ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}(Exim $version_number) + ${if def:sender_address {(envelope-from <$sender_address>) + }}id $message_exim_id${if def:received_for { + for $received_for}} + ├──expanding: ($tls_in_ver) + ├─────result: () + ╰───skipping: result is not used ├──condition: def:tls_in_cipher_std ├─────result: false ╭───scanning: tls $tls_in_cipher_std @@ -141,7 +151,7 @@ Data file written for message 10HmaX-0005vi-00 ╰───skipping: result is not used ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { diff --git a/test/stderr/0544 b/test/stderr/0544 index cce031101..4d05db641 100644 --- a/test/stderr/0544 +++ b/test/stderr/0544 @@ -6,7 +6,7 @@ admin user ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000 ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -15,7 +15,7 @@ admin user ├─────result: false ╭───scanning: from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -26,7 +26,7 @@ admin user ╰───skipping: result is not used ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -34,13 +34,13 @@ admin user ├──condition: def:sender_ident ├─────result: true ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std ╎ }}(Exim $version_number) ╎ ${if def:sender_address {(envelope-from <$sender_address>) ╎ }}id $message_exim_id${if def:received_for { @@ -52,7 +52,7 @@ admin user ├──condition: def:sender_helo_name ├─────result: false ╭───scanning: (helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -67,13 +67,23 @@ admin user ╰─────result: from CALLER ├──condition: def:received_protocol ├─────result: true - ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╭considering: with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ├──expanding: with $received_protocol ╰─────result: with local + ├──condition: def:tls_in_ver + ├─────result: false + ╭───scanning: ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}(Exim $version_number) + ${if def:sender_address {(envelope-from <$sender_address>) + }}id $message_exim_id${if def:received_for { + for $received_for}} + ├──expanding: ($tls_in_ver) + ├─────result: () + ╰───skipping: result is not used ├──condition: def:tls_in_cipher_std ├─────result: false ╭───scanning: tls $tls_in_cipher_std @@ -106,7 +116,7 @@ admin user ╰───skipping: result is not used ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { diff --git a/test/stderr/5410 b/test/stderr/5410 index a554fd953..5fc3c82ea 100644 --- a/test/stderr/5410 +++ b/test/stderr/5410 @@ -140,7 +140,7 @@ end of inline ACL: ACCEPT ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000 ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -149,7 +149,7 @@ end of inline ACL: ACCEPT ├─────result: false ╭───scanning: from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -160,7 +160,7 @@ end of inline ACL: ACCEPT ╰───skipping: result is not used ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -168,13 +168,13 @@ end of inline ACL: ACCEPT ├──condition: def:sender_ident ├─────result: true ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std ╎ }}(Exim $version_number) ╎ ${if def:sender_address {(envelope-from <$sender_address>) ╎ }}id $message_exim_id${if def:received_for { @@ -186,7 +186,7 @@ end of inline ACL: ACCEPT ├──condition: def:sender_helo_name ├─────result: true ╭considering: (helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -203,13 +203,23 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──condition: def:received_protocol ├─────result: true - ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╭considering: with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ├──expanding: with $received_protocol ╰─────result: with local-esmtp + ├──condition: def:tls_in_ver + ├─────result: false + ╭───scanning: ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}(Exim $version_number) + ${if def:sender_address {(envelope-from <$sender_address>) + }}id $message_exim_id${if def:received_for { + for $received_for}} + ├──expanding: ($tls_in_ver) + ├─────result: () + ╰───skipping: result is not used ├──condition: def:tls_in_cipher_std ├─────result: false ╭───scanning: tls $tls_in_cipher_std @@ -242,7 +252,7 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -383,7 +393,7 @@ end of inline ACL: ACCEPT ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000 ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -392,7 +402,7 @@ end of inline ACL: ACCEPT ├─────result: false ╭───scanning: from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -403,7 +413,7 @@ end of inline ACL: ACCEPT ╰───skipping: result is not used ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -411,13 +421,13 @@ end of inline ACL: ACCEPT ├──condition: def:sender_ident ├─────result: true ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std ╎ }}(Exim $version_number) ╎ ${if def:sender_address {(envelope-from <$sender_address>) ╎ }}id $message_exim_id${if def:received_for { @@ -429,7 +439,7 @@ end of inline ACL: ACCEPT ├──condition: def:sender_helo_name ├─────result: true ╭considering: (helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -446,13 +456,23 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──condition: def:received_protocol ├─────result: true - ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╭considering: with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ├──expanding: with $received_protocol ╰─────result: with local-esmtp + ├──condition: def:tls_in_ver + ├─────result: false + ╭───scanning: ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}(Exim $version_number) + ${if def:sender_address {(envelope-from <$sender_address>) + }}id $message_exim_id${if def:received_for { + for $received_for}} + ├──expanding: ($tls_in_ver) + ├─────result: () + ╰───skipping: result is not used ├──condition: def:tls_in_cipher_std ├─────result: false ╭───scanning: tls $tls_in_cipher_std @@ -485,7 +505,7 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -626,7 +646,7 @@ end of inline ACL: ACCEPT ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000 ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -635,7 +655,7 @@ end of inline ACL: ACCEPT ├─────result: false ╭───scanning: from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -646,7 +666,7 @@ end of inline ACL: ACCEPT ╰───skipping: result is not used ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -654,13 +674,13 @@ end of inline ACL: ACCEPT ├──condition: def:sender_ident ├─────result: true ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std ╎ }}(Exim $version_number) ╎ ${if def:sender_address {(envelope-from <$sender_address>) ╎ }}id $message_exim_id${if def:received_for { @@ -672,7 +692,7 @@ end of inline ACL: ACCEPT ├──condition: def:sender_helo_name ├─────result: true ╭considering: (helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -689,13 +709,23 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──condition: def:received_protocol ├─────result: true - ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╭considering: with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ├──expanding: with $received_protocol ╰─────result: with local-esmtp + ├──condition: def:tls_in_ver + ├─────result: false + ╭───scanning: ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}(Exim $version_number) + ${if def:sender_address {(envelope-from <$sender_address>) + }}id $message_exim_id${if def:received_for { + for $received_for}} + ├──expanding: ($tls_in_ver) + ├─────result: () + ╰───skipping: result is not used ├──condition: def:tls_in_cipher_std ├─────result: false ╭───scanning: tls $tls_in_cipher_std @@ -728,7 +758,7 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { diff --git a/test/stderr/5420 b/test/stderr/5420 index 9aefc2431..e8ea2bcf4 100644 --- a/test/stderr/5420 +++ b/test/stderr/5420 @@ -141,7 +141,7 @@ end of inline ACL: ACCEPT ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000 ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -150,7 +150,7 @@ end of inline ACL: ACCEPT ├─────result: false ╭───scanning: from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -161,7 +161,7 @@ end of inline ACL: ACCEPT ╰───skipping: result is not used ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -169,13 +169,13 @@ end of inline ACL: ACCEPT ├──condition: def:sender_ident ├─────result: true ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std ╎ }}(Exim $version_number) ╎ ${if def:sender_address {(envelope-from <$sender_address>) ╎ }}id $message_exim_id${if def:received_for { @@ -187,7 +187,7 @@ end of inline ACL: ACCEPT ├──condition: def:sender_helo_name ├─────result: true ╭considering: (helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -204,13 +204,23 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──condition: def:received_protocol ├─────result: true - ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╭considering: with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ├──expanding: with $received_protocol ╰─────result: with local-esmtp + ├──condition: def:tls_in_ver + ├─────result: false + ╭───scanning: ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}(Exim $version_number) + ${if def:sender_address {(envelope-from <$sender_address>) + }}id $message_exim_id${if def:received_for { + for $received_for}} + ├──expanding: ($tls_in_ver) + ├─────result: () + ╰───skipping: result is not used ├──condition: def:tls_in_cipher_std ├─────result: false ╭───scanning: tls $tls_in_cipher_std @@ -243,7 +253,7 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -384,7 +394,7 @@ end of inline ACL: ACCEPT ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000 ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -393,7 +403,7 @@ end of inline ACL: ACCEPT ├─────result: false ╭───scanning: from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -404,7 +414,7 @@ end of inline ACL: ACCEPT ╰───skipping: result is not used ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -412,13 +422,13 @@ end of inline ACL: ACCEPT ├──condition: def:sender_ident ├─────result: true ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std ╎ }}(Exim $version_number) ╎ ${if def:sender_address {(envelope-from <$sender_address>) ╎ }}id $message_exim_id${if def:received_for { @@ -430,7 +440,7 @@ end of inline ACL: ACCEPT ├──condition: def:sender_helo_name ├─────result: true ╭considering: (helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -447,13 +457,23 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──condition: def:received_protocol ├─────result: true - ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╭considering: with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ├──expanding: with $received_protocol ╰─────result: with local-esmtp + ├──condition: def:tls_in_ver + ├─────result: false + ╭───scanning: ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}(Exim $version_number) + ${if def:sender_address {(envelope-from <$sender_address>) + }}id $message_exim_id${if def:received_for { + for $received_for}} + ├──expanding: ($tls_in_ver) + ├─────result: () + ╰───skipping: result is not used ├──condition: def:tls_in_cipher_std ├─────result: false ╭───scanning: tls $tls_in_cipher_std @@ -486,7 +506,7 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -627,7 +647,7 @@ end of inline ACL: ACCEPT ╰─────result: Tue, 2 Mar 1999 09:44:33 +0000 ╭considering: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -636,7 +656,7 @@ end of inline ACL: ACCEPT ├─────result: false ╭───scanning: from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -647,7 +667,7 @@ end of inline ACL: ACCEPT ╰───skipping: result is not used ╭considering: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -655,13 +675,13 @@ end of inline ACL: ACCEPT ├──condition: def:sender_ident ├─────result: true ╭considering: from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ╎╭considering: $sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╎ }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std ╎ }}(Exim $version_number) ╎ ${if def:sender_address {(envelope-from <$sender_address>) ╎ }}id $message_exim_id${if def:received_for { @@ -673,7 +693,7 @@ end of inline ACL: ACCEPT ├──condition: def:sender_helo_name ├─────result: true ╭considering: (helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { @@ -690,13 +710,23 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──condition: def:received_protocol ├─────result: true - ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + ╭considering: with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { for $received_for}} ├──expanding: with $received_protocol ╰─────result: with local-esmtp + ├──condition: def:tls_in_ver + ├─────result: false + ╭───scanning: ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}(Exim $version_number) + ${if def:sender_address {(envelope-from <$sender_address>) + }}id $message_exim_id${if def:received_for { + for $received_for}} + ├──expanding: ($tls_in_ver) + ├─────result: () + ╰───skipping: result is not used ├──condition: def:tls_in_cipher_std ├─────result: false ╭───scanning: tls $tls_in_cipher_std @@ -729,7 +759,7 @@ end of inline ACL: ACCEPT ╰──(tainted) ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost }{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name) - }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std + }}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_ver { ($tls_in_ver)}}${if def:tls_in_cipher_std { tls $tls_in_cipher_std }}(Exim $version_number) ${if def:sender_address {(envelope-from <$sender_address>) }}id $message_exim_id${if def:received_for { -- cgit v1.2.3 From e4307860d847c4679adb4735698a31065a392752 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 15 Nov 2019 11:18:07 +0000 Subject: GnuTLS: fix $tls_X_ver generation --- src/src/tls-gnu.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index eaec862aa..7d7f61dd8 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -1755,12 +1755,17 @@ old_pool = store_pool; /* debug_printf("peer_status: gnutls_session_get_desc %s\n", s); */ for (s++; (c = *s) && c != ')'; s++) g = string_catn(g, s, 1); + tlsp->ver = string_copyn(g->s, g->ptr); + for (uschar * p = US tlsp->ver; *p; p++) + if (*p == '-') { *p = '\0'; break; } /* TLS1.0-PKIX -> TLS1.0 */ + g = string_catn(g, US":", 1); if (*s) s++; /* now on _ between groups */ while ((c = *s)) { - for (*++s && ++s; (c = *s) && c != ')'; s++) g = string_catn(g, c == '-' ? US"_" : s, 1); + for (*++s && ++s; (c = *s) && c != ')'; s++) + g = string_catn(g, c == '-' ? US"_" : s, 1); /* now on ) closing group */ if ((c = *s) && *++s == '-') g = string_catn(g, US"__", 2); /* now on _ between groups */ -- cgit v1.2.3 From ed1c2748fe762dead160d6c951493808b53934d2 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 15 Nov 2019 11:19:05 +0000 Subject: Testsuite: fix Recieved: header munging for TLS info --- test/mail/2002.CALLER | 10 +++++----- test/mail/2003.userx | 2 +- test/mail/2008.CALLER | 4 ++-- test/mail/2008.abcd | 2 +- test/mail/2008.xyz | 2 +- test/mail/2013.usera | 2 +- test/mail/2013.userb | 2 +- test/mail/2013.userc | 2 +- test/mail/2013.userx | 2 +- test/mail/2013.usery | 2 +- test/mail/2013.userz | 2 +- test/mail/2017.userx | 4 ++-- test/mail/2019.userx | 4 ++-- test/mail/2027.userx | 2 +- test/mail/2038.userx0 | 2 +- test/mail/2038.userx1 | 2 +- test/mail/2038.usery0 | 2 +- test/mail/2038.usery1 | 2 +- test/mail/2038.userz0 | 2 +- test/mail/2038.userz1 | 2 +- test/mail/2102.CALLER | 8 ++++---- test/mail/2103.userx | 2 +- test/mail/2108.CALLER | 4 ++-- test/mail/2108.abcd | 2 +- test/mail/2108.xyz | 2 +- test/mail/2113.usera | 2 +- test/mail/2113.userb | 2 +- test/mail/2113.userc | 2 +- test/mail/2113.userx | 2 +- test/mail/2113.usery | 2 +- test/mail/2113.userz | 2 +- test/mail/2117.userx | 4 ++-- test/mail/2119.userx | 4 ++-- test/mail/2127.userx | 2 +- test/mail/2132.CALLER | 6 +++--- test/mail/2138.userx0 | 2 +- test/mail/2138.userx1 | 2 +- test/mail/2138.usery0 | 2 +- test/mail/2138.usery1 | 2 +- test/mail/2138.userz0 | 2 +- test/mail/2138.userz1 | 2 +- test/mail/2149.userx | 2 +- test/mail/3451.userx | 8 ++++---- test/mail/3452.userx | 4 ++-- test/mail/3461.userx | 8 ++++---- test/mail/3462.userx | 4 ++-- test/mail/3700.smtps | 2 +- test/mail/3700.x | 2 +- test/rejectlog/2037 | 2 +- test/rejectlog/2137 | 2 +- test/runtest | 11 ++++------- 51 files changed, 77 insertions(+), 80 deletions(-) diff --git a/test/mail/2002.CALLER b/test/mail/2002.CALLER index d9d0f0b8c..dc634d1e9 100644 --- a/test/mail/2002.CALLER +++ b/test/mail/2002.CALLER @@ -1,6 +1,6 @@ From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 @@ -12,7 +12,7 @@ This is a test encrypted message. From "name with spaces"@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from <"name with spaces"@test.ex>) id 10HmaY-0005vi-00 @@ -24,7 +24,7 @@ This is a test encrypted message. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] - by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -36,7 +36,7 @@ This is a test encrypted message from a verified host. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 @@ -49,7 +49,7 @@ It should be sent under the RSA server cert and with an RSA cipher. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with smtps (TLS1.x:ke-ECDSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2003.userx b/test/mail/2003.userx index 6322ccebb..66c128b68 100644 --- a/test/mail/2003.userx +++ b/test/mail/2003.userx @@ -1,6 +1,6 @@ From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=rhu.barb) - by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 diff --git a/test/mail/2008.CALLER b/test/mail/2008.CALLER index 47db7a2a8..f7669bdbc 100644 --- a/test/mail/2008.CALLER +++ b/test/mail/2008.CALLER @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message. Contains FF: From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/mail/2008.abcd b/test/mail/2008.abcd index 51b951aa3..8a6aae2cc 100644 --- a/test/mail/2008.abcd +++ b/test/mail/2008.abcd @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2008.xyz b/test/mail/2008.xyz index 7c88c9c7f..e304d943c 100644 --- a/test/mail/2008.xyz +++ b/test/mail/2008.xyz @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/mail/2013.usera b/test/mail/2013.usera index e1d700f11..8aac112ac 100644 --- a/test/mail/2013.usera +++ b/test/mail/2013.usera @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbG-0005vi-00 diff --git a/test/mail/2013.userb b/test/mail/2013.userb index 219c06817..0a98cd802 100644 --- a/test/mail/2013.userb +++ b/test/mail/2013.userb @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbI-0005vi-00 diff --git a/test/mail/2013.userc b/test/mail/2013.userc index 81fd4e727..efb32a668 100644 --- a/test/mail/2013.userc +++ b/test/mail/2013.userc @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbH-0005vi-00 diff --git a/test/mail/2013.userx b/test/mail/2013.userx index a3e13af42..f720f911a 100644 --- a/test/mail/2013.userx +++ b/test/mail/2013.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2013.usery b/test/mail/2013.usery index 6cbc72e8f..32797e12f 100644 --- a/test/mail/2013.usery +++ b/test/mail/2013.usery @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 diff --git a/test/mail/2013.userz b/test/mail/2013.userz index aec9bd92f..919c86d23 100644 --- a/test/mail/2013.userz +++ b/test/mail/2013.userz @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2017.userx b/test/mail/2017.userx index b21e1e382..1a86c2aa7 100644 --- a/test/mail/2017.userx +++ b/test/mail/2017.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2019.userx b/test/mail/2019.userx index 366b78801..3b38f9a48 100644 --- a/test/mail/2019.userx +++ b/test/mail/2019.userx @@ -1,6 +1,6 @@ From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=rhu.barb) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 @@ -11,7 +11,7 @@ This is a test encrypted message. From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] - by myhost.test.ex with smtp (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with smtp (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaY-0005vi-00 diff --git a/test/mail/2027.userx b/test/mail/2027.userx index d222887f9..08f034e29 100644 --- a/test/mail/2027.userx +++ b/test/mail/2027.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 diff --git a/test/mail/2038.userx0 b/test/mail/2038.userx0 index bcf6d69cf..5d80e9866 100644 --- a/test/mail/2038.userx0 +++ b/test/mail/2038.userx0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2038.userx1 b/test/mail/2038.userx1 index d5cf625cc..1acf09c8f 100644 --- a/test/mail/2038.userx1 +++ b/test/mail/2038.userx1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2038.usery0 b/test/mail/2038.usery0 index 83a8585f9..6030779c8 100644 --- a/test/mail/2038.usery0 +++ b/test/mail/2038.usery0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbE-0005vi-00 diff --git a/test/mail/2038.usery1 b/test/mail/2038.usery1 index cd20363ba..e1b08c6ad 100644 --- a/test/mail/2038.usery1 +++ b/test/mail/2038.usery1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbF-0005vi-00 diff --git a/test/mail/2038.userz0 b/test/mail/2038.userz0 index d0b5e7931..9f4558735 100644 --- a/test/mail/2038.userz0 +++ b/test/mail/2038.userz0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 diff --git a/test/mail/2038.userz1 b/test/mail/2038.userz1 index 8187e572b..17e3991b0 100644 --- a/test/mail/2038.userz1 +++ b/test/mail/2038.userz1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbD-0005vi-00 diff --git a/test/mail/2102.CALLER b/test/mail/2102.CALLER index 729308a9f..9ca82395f 100644 --- a/test/mail/2102.CALLER +++ b/test/mail/2102.CALLER @@ -1,6 +1,6 @@ From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x) tls TLS_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 @@ -12,7 +12,7 @@ This is a test encrypted message. From "name with spaces"@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x) tls TLS_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from <"name with spaces"@test.ex>) id 10HmaY-0005vi-00 @@ -24,7 +24,7 @@ This is a test encrypted message. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] - by myhost.test.ex with smtps (TLS1.x) tls TLS_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -36,7 +36,7 @@ This is a test encrypted message from a verified host. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x) tls TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with smtps (TLS1.x:ke-ECDSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2103.userx b/test/mail/2103.userx index 083a93f85..66c128b68 100644 --- a/test/mail/2103.userx +++ b/test/mail/2103.userx @@ -1,6 +1,6 @@ From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=rhu.barb) - by myhost.test.ex with smtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 diff --git a/test/mail/2108.CALLER b/test/mail/2108.CALLER index 1fc14a286..f7669bdbc 100644 --- a/test/mail/2108.CALLER +++ b/test/mail/2108.CALLER @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message. Contains FF: From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/mail/2108.abcd b/test/mail/2108.abcd index 7c560703b..8a6aae2cc 100644 --- a/test/mail/2108.abcd +++ b/test/mail/2108.abcd @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2108.xyz b/test/mail/2108.xyz index cfc558ce8..e304d943c 100644 --- a/test/mail/2108.xyz +++ b/test/mail/2108.xyz @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=helo.data.changed) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/mail/2113.usera b/test/mail/2113.usera index c9afbe7b3..8aac112ac 100644 --- a/test/mail/2113.usera +++ b/test/mail/2113.usera @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbG-0005vi-00 diff --git a/test/mail/2113.userb b/test/mail/2113.userb index 4a3ed8d89..0a98cd802 100644 --- a/test/mail/2113.userb +++ b/test/mail/2113.userb @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbI-0005vi-00 diff --git a/test/mail/2113.userc b/test/mail/2113.userc index c6b53751b..efb32a668 100644 --- a/test/mail/2113.userc +++ b/test/mail/2113.userc @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbH-0005vi-00 diff --git a/test/mail/2113.userx b/test/mail/2113.userx index f0b5558db..f720f911a 100644 --- a/test/mail/2113.userx +++ b/test/mail/2113.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2113.usery b/test/mail/2113.usery index e3908f2c1..32797e12f 100644 --- a/test/mail/2113.usery +++ b/test/mail/2113.usery @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 diff --git a/test/mail/2113.userz b/test/mail/2113.userz index 8b5c139c0..919c86d23 100644 --- a/test/mail/2113.userz +++ b/test/mail/2113.userz @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2117.userx b/test/mail/2117.userx index 49d95b4dd..1a86c2aa7 100644 --- a/test/mail/2117.userx +++ b/test/mail/2117.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2119.userx b/test/mail/2119.userx index c44613fa0..e79ed70b4 100644 --- a/test/mail/2119.userx +++ b/test/mail/2119.userx @@ -1,6 +1,6 @@ From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] (helo=rhu.barb) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 @@ -11,7 +11,7 @@ This is a test encrypted message. From userx@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] - by myhost.test.ex with smtp (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with smtp (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaY-0005vi-00 diff --git a/test/mail/2127.userx b/test/mail/2127.userx index 0c0c036e8..08f034e29 100644 --- a/test/mail/2127.userx +++ b/test/mail/2127.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 diff --git a/test/mail/2132.CALLER b/test/mail/2132.CALLER index 42151d143..1edd49384 100644 --- a/test/mail/2132.CALLER +++ b/test/mail/2132.CALLER @@ -1,6 +1,6 @@ From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaX-0005vi-00 @@ -12,7 +12,7 @@ This is a test encrypted message. From "name with spaces"@test.ex Tue Mar 02 09:44:33 1999 Received: from [127.0.0.1] - by myhost.test.ex with smtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from <"name with spaces"@test.ex>) id 10HmaY-0005vi-00 @@ -24,7 +24,7 @@ This is a test encrypted message. From CALLER@test.ex Tue Mar 02 09:44:33 1999 Received: from [ip4.ip4.ip4.ip4] - by myhost.test.ex with smtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with smtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 diff --git a/test/mail/2138.userx0 b/test/mail/2138.userx0 index e17d93bc7..5d80e9866 100644 --- a/test/mail/2138.userx0 +++ b/test/mail/2138.userx0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/2138.userx1 b/test/mail/2138.userx1 index 0a8675343..1acf09c8f 100644 --- a/test/mail/2138.userx1 +++ b/test/mail/2138.userx1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 diff --git a/test/mail/2138.usery0 b/test/mail/2138.usery0 index a752457b3..6030779c8 100644 --- a/test/mail/2138.usery0 +++ b/test/mail/2138.usery0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbE-0005vi-00 diff --git a/test/mail/2138.usery1 b/test/mail/2138.usery1 index d14a0e5ae..e1b08c6ad 100644 --- a/test/mail/2138.usery1 +++ b/test/mail/2138.usery1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1112 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbF-0005vi-00 diff --git a/test/mail/2138.userz0 b/test/mail/2138.userz0 index d6906043a..9f4558735 100644 --- a/test/mail/2138.userz0 +++ b/test/mail/2138.userz0 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 diff --git a/test/mail/2138.userz1 b/test/mail/2138.userz1 index 37b5640f7..17e3991b0 100644 --- a/test/mail/2138.userz1 +++ b/test/mail/2138.userz1 @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1]:1111 helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbD-0005vi-00 diff --git a/test/mail/2149.userx b/test/mail/2149.userx index f11a903ca..06590b3e7 100644 --- a/test/mail/2149.userx +++ b/test/mail/2149.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaY-0005vi-00 diff --git a/test/mail/3451.userx b/test/mail/3451.userx index ce69f8a19..b9df8e528 100644 --- a/test/mail/3451.userx +++ b/test/mail/3451.userx @@ -1,12 +1,12 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -24,13 +24,13 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/3452.userx b/test/mail/3452.userx index 9b579541f..6116a01db 100644 --- a/test/mail/3452.userx +++ b/test/mail/3452.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/3461.userx b/test/mail/3461.userx index 44682d114..b9df8e528 100644 --- a/test/mail/3461.userx +++ b/test/mail/3461.userx @@ -1,12 +1,12 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbB-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -24,13 +24,13 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbC-0005vi-00 for userx@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/3462.userx b/test/mail/3462.userx index 5eefecefa..6116a01db 100644 --- a/test/mail/3462.userx +++ b/test/mail/3462.userx @@ -1,6 +1,6 @@ From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 @@ -18,7 +18,7 @@ Test message 1 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/3700.smtps b/test/mail/3700.smtps index 7fae0b273..66d2afe48 100644 --- a/test/mail/3700.smtps +++ b/test/mail/3700.smtps @@ -3,7 +3,7 @@ Authentication-Results: myhost.test.ex; iprev=pass (localhost) smtp.remote-ip=127.0.0.1; auth=pass (tls) x509.auth="Phil Pennock" Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS_proto_and_cipher) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmbA-0005vi-00 diff --git a/test/mail/3700.x b/test/mail/3700.x index e77cdbae8..d520cfe15 100644 --- a/test/mail/3700.x +++ b/test/mail/3700.x @@ -3,7 +3,7 @@ Authentication-Results: myhost.test.ex; iprev=pass (localhost) smtp.remote-ip=127.0.0.1; auth=pass (tls) x509.auth="Phil Pennock" Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtpsa (TLS_proto_and_cipher) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtpsa (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) (envelope-from ) id 10HmaZ-0005vi-00 diff --git a/test/rejectlog/2037 b/test/rejectlog/2037 index c8a5a606b..e60a0edd5 100644 --- a/test/rejectlog/2037 +++ b/test/rejectlog/2037 @@ -6,7 +6,7 @@ Envelope-from: <> Envelope-to: P Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) id 10HmaX-0005vi-00 for data_defer@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/rejectlog/2137 b/test/rejectlog/2137 index 3024e8fbc..e60a0edd5 100644 --- a/test/rejectlog/2137 +++ b/test/rejectlog/2137 @@ -6,7 +6,7 @@ Envelope-from: <> Envelope-to: P Received: from localhost ([127.0.0.1] helo=myhost.test.ex) - by myhost.test.ex with esmtps (TLS1.x) tls ke-RSA-AES256-SHAnnn + by myhost.test.ex with esmtps (TLS1.x:ke-RSA-AES256-SHAnnn:xxx) (Exim x.yz) id 10HmaX-0005vi-00 for data_defer@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 diff --git a/test/runtest b/test/runtest index 82105abe8..1215e6165 100755 --- a/test/runtest +++ b/test/runtest @@ -554,8 +554,8 @@ RESET_AFTER_EXTRA_LINE_READ: # element (and no _WITH); insert a spurious "RSA". # Also in $tls_X_cipher_std reporting. - s/^\s+by .+ with .+ \K tls TLS_.*?([^_]+)_WITH.+$/(TLS1.x:ke-$1-AES256-SHAnnn:xxx)/; - s/^\s+by .+ with .+ \K tls TLS_.+$/(TLS1.x:ke-RSA-AES256-SHAnnn:xxx)/; + s/^\s+by \S+ with .+ \K \(TLS1(?:\.[0-3])?\) tls TLS_.*?([^_]+)_WITH.+$/(TLS1.x:ke-$1-AES256-SHAnnn:xxx)/; + s/^\s+by \S+ with .+ \K \(TLS1(?:\.[0-3])?\) tls TLS_.+$/(TLS1.x:ke-RSA-AES256-SHAnnn:xxx)/; s/ cipher_ TLS_.*?([^_]+)_WITH.+$/ cipher_ TLS1.x:ke_$1_WITH_ci_mac/; s/ cipher_ TLS_.*$/ cipher_ TLS1.x:ke_RSA_WITH_ci_mac/; @@ -655,8 +655,8 @@ RESET_AFTER_EXTRA_LINE_READ: s/\b(ECDHE-(RSA|ECDSA)-AES256-SHA|DHE-RSA-AES256-SHA256)\b/ke-$2-AES256-SHAnnn/g; # Separate reporting of TLS version - s/ver: TLS1(\.[123])?$/ver: TLS1.x/; - s/ \(TLS1(\.[123])?\) / (TLS1.x) /; + s/ver: TLS1(\.[0-3])?$/ver: TLS1.x/; + s/ \(TLS1(\.[0-3])?\) / (TLS1.x) /; # GnuTLS library error message changes s/(No certificate was found|Certificate is required)/The peer did not send any certificate/g; @@ -1769,9 +1769,6 @@ $munges = s! DN="[^,"]*\K,!/!; ', 'rejectlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /', - 'mail' => 's/^\s+by .+ with .+ \K tls TLS_.+$/(TLS_proto_and_cipher)/; - s/ \(TLS[^)]*\)/ (TLS_proto_and_cipher)/; - ', }, 'debug_pid' => -- cgit v1.2.3 From 6a2c32cb705e73820c29e965394333f2874ba770 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 17 Nov 2019 16:32:06 +0000 Subject: tidying --- src/src/auths/cyrus_sasl.c | 94 ++++++++++++++++++------------------------ src/src/auths/gsasl_exim.c | 100 +++++++++++++++++++++++---------------------- 2 files changed, 90 insertions(+), 104 deletions(-) diff --git a/src/src/auths/cyrus_sasl.c b/src/src/auths/cyrus_sasl.c index 480010bab..4b4f45b94 100644 --- a/src/src/auths/cyrus_sasl.c +++ b/src/src/auths/cyrus_sasl.c @@ -89,16 +89,13 @@ to be set up. */ /* Auxiliary function, passed in data to sasl_server_init(). */ static int -mysasl_config(void *context, - const char *plugin_name, - const char *option, - const char **result, - unsigned int *len) +mysasl_config(void *context, const char *plugin_name, const char *option, + const char **result, unsigned int *len) { if (context && !strcmp(option, "mech_list")) { *result = context; - if (len != NULL) *len = strlen(*result); + if (len) *len = strlen(*result); return SASL_OK; } return SASL_FAIL; @@ -124,41 +121,37 @@ sasl_callback_t cbs[] = { {SASL_CB_LIST_END, NULL, NULL}}; /* default the mechanism to our "public name" */ -if (ob->server_mech == NULL) - ob->server_mech = string_copy(ablock->public_name); -expanded_hostname = expand_string(ob->server_hostname); -if (expanded_hostname == NULL) +if (!ob->server_mech) ob->server_mech = string_copy(ablock->public_name); + +if (!(expanded_hostname = expand_string(ob->server_hostname))) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't expand server_hostname [%s]: %s", ablock->name, ob->server_hostname, expand_string_message); realm_expanded = NULL; -if (ob->server_realm != NULL) { - realm_expanded = CS expand_string(ob->server_realm); - if (realm_expanded == NULL) - log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " - "couldn't expand server_realm [%s]: %s", - ablock->name, ob->server_realm, expand_string_message); -} +if ( ob->server_realm + && !(realm_expanded = CS expand_string(ob->server_realm))) + log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " + "couldn't expand server_realm [%s]: %s", + ablock->name, ob->server_realm, expand_string_message); /* we're going to initialise the library to check that there is an - * authenticator of type whatever mechanism we're using - */ +authenticator of type whatever mechanism we're using */ cbs[0].proc = (int(*)(void)) &mysasl_config; cbs[0].context = ob->server_mech; -if ((rc = sasl_server_init(cbs, "exim")) != SASL_OK ) +if ((rc = sasl_server_init(cbs, "exim")) != SASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't initialise Cyrus SASL library.", ablock->name); if ((rc = sasl_server_new(CS ob->server_service, CS expanded_hostname, - realm_expanded, NULL, NULL, NULL, 0, &conn)) != SASL_OK ) + realm_expanded, NULL, NULL, NULL, 0, &conn)) != SASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't initialise Cyrus SASL server connection.", ablock->name); -if ((rc = sasl_listmech(conn, NULL, "", ":", "", (const char **)&list, &len, &i)) != SASL_OK ) +if ((rc = sasl_listmech(conn, NULL, "", ":", "", (const char **)&list, &len, &i)) != SASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't get Cyrus SASL mechanism list.", ablock->name); @@ -173,16 +166,16 @@ HDEBUG(D_auth) } /* the store_get / store_reset mechanism is hierarchical - * the hierarchy is stored for us behind our back. This point - * creates a hierarchy point for this function. - */ + the hierarchy is stored for us behind our back. This point + creates a hierarchy point for this function. */ + rs_point = store_mark(); /* loop until either we get to the end of the list, or we match the - * public name of this authenticator - */ -while ( ( buffer = string_nextinlist(&listptr, &i, NULL, 0) ) && - strcmpic(buffer,ob->server_mech) ); +public name of this authenticator */ + +while ( (buffer = string_nextinlist(&listptr, &i, NULL, 0)) + && strcmpic(buffer,ob->server_mech) ); if (!buffer) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " @@ -206,8 +199,7 @@ sasl_done(); /* For interface, see auths/README */ /* note, we don't care too much about memory allocation in this, because this is entirely - * within a shortlived child - */ +within a shortlived child */ int auth_cyrus_sasl_server(auth_instance *ablock, uschar *data) @@ -276,6 +268,9 @@ if (tls_in.cipher) } else HDEBUG(D_auth) debug_printf("Cyrus SASL set EXTERNAL SSF to %d\n", tls_in.bits); + + /*XXX Set channel-binding here with sasl_channel_binding_t / SASL_CHANNEL_BINDING + Unclear what the "name" element does though, ditto the "critical" flag. */ } else HDEBUG(D_auth) debug_printf("Cyrus SASL: no TLS, no EXTERNAL SSF set\n"); @@ -291,45 +286,34 @@ So the docs are too strict and we shouldn't worry about :: contractions. */ /* Set properties for remote and local host-ip;port */ for (int i = 0; i < 2; ++i) { - struct sockaddr_storage ss; - int (*query)(int, struct sockaddr *, socklen_t *); - int propnum, port; - const uschar *label; - uschar *address, *address_port; + int propnum; + const uschar * label; + uschar * address_port; const char *s_err; socklen_t sslen; if (i) { - query = &getpeername; propnum = SASL_IPREMOTEPORT; label = CUS"peer"; + address_port = string_sprintf("%s;%d", + sender_host_address, sender_host_port); } else { - query = &getsockname; propnum = SASL_IPLOCALPORT; label = CUS"local"; + address_port = string_sprintf("%s;%d", interface_address, interface_port); } - sslen = sizeof(ss); - if ((rc = query(fileno(smtp_in), (struct sockaddr *) &ss, &sslen)) < 0) - { - HDEBUG(D_auth) - debug_printf("Failed to get %s address information: %s\n", - label, strerror(errno)); - break; - } - - address = host_ntoa(-1, &ss, NULL, &port); - address_port = string_sprintf("%s;%d", address, port); - if ((rc = sasl_setprop(conn, propnum, address_port)) != SASL_OK) { - s_err = sasl_errdetail(conn); HDEBUG(D_auth) + { + s_err = sasl_errdetail(conn); debug_printf("Failed to set %s SASL property: [%d] %s\n", label, rc, s_err ? s_err : ""); + } break; } HDEBUG(D_auth) debug_printf("Cyrus SASL set %s hostport to: %s\n", @@ -353,7 +337,7 @@ for (rc = SASL_CONTINUE; rc == SASL_CONTINUE; ) if ((rc = auth_get_data(&input, out2, outlen)) != OK) { /* we couldn't get the data, so free up the library before - * returning whatever error we get */ + returning whatever error we get */ sasl_dispose(&conn); sasl_done(); return rc; @@ -422,9 +406,9 @@ for (rc = SASL_CONTINUE; rc == SASL_CONTINUE; ) case SASL_NOMECH: /* this is a temporary failure, because the mechanism is not - * available for this user. If it wasn't available at all, we - * shouldn't have got here in the first place... - */ + available for this user. If it wasn't available at all, we + shouldn't have got here in the first place... */ + HDEBUG(D_auth) debug_printf("Cyrus SASL temporary failure %d (%s)\n", rc, sasl_errstring(rc, NULL, NULL)); auth_defer_msg = diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c index faf30bb8a..06c91ea3f 100644 --- a/src/src/auths/gsasl_exim.c +++ b/src/src/auths/gsasl_exim.c @@ -134,27 +134,29 @@ auth_gsasl_options_block *ob = the default for the mechanism name; we don't handle multiple mechanisms in one authenticator, but the same driver can be used multiple times. */ -if (ob->server_mech == NULL) +if (!ob->server_mech) ob->server_mech = string_copy(ablock->public_name); /* Can get multiple session contexts from one library context, so just initialise the once. */ -if (gsasl_ctx == NULL) { - rc = gsasl_init(&gsasl_ctx); - if (rc != GSASL_OK) { + +if (!gsasl_ctx) + { + if ((rc = gsasl_init(&gsasl_ctx)) != GSASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "couldn't initialise GNU SASL library: %s (%s)", ablock->name, gsasl_strerror_name(rc), gsasl_strerror(rc)); - } + gsasl_callback_set(gsasl_ctx, main_callback); -} + } /* We don't need this except to log it for debugging. */ -rc = gsasl_server_mechlist(gsasl_ctx, &p); -if (rc != GSASL_OK) + +if ((rc = gsasl_server_mechlist(gsasl_ctx, &p)) != GSASL_OK) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "failed to retrieve list of mechanisms: %s (%s)", ablock->name, gsasl_strerror_name(rc), gsasl_strerror(rc)); + HDEBUG(D_auth) debug_printf("GNU SASL supports: %s\n", p); supported = gsasl_client_support_p(gsasl_ctx, CCS ob->server_mech); @@ -163,19 +165,21 @@ if (!supported) "GNU SASL does not support mechanism \"%s\"", ablock->name, ob->server_mech); -if ((ablock->server_condition == NULL) && - (streqic(ob->server_mech, US"EXTERNAL") || - streqic(ob->server_mech, US"ANONYMOUS") || - streqic(ob->server_mech, US"PLAIN") || - streqic(ob->server_mech, US"LOGIN"))) +if ( !ablock->server_condition + && ( streqic(ob->server_mech, US"EXTERNAL") + || streqic(ob->server_mech, US"ANONYMOUS") + || streqic(ob->server_mech, US"PLAIN") + || streqic(ob->server_mech, US"LOGIN") + ) ) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "Need server_condition for %s mechanism", ablock->name, ob->server_mech); /* This does *not* scale to new SASL mechanisms. Need a better way to ask which properties will be needed. */ -if ((ob->server_realm == NULL) && - streqic(ob->server_mech, US"DIGEST-MD5")) + +if ( !ob->server_realm + && streqic(ob->server_mech, US"DIGEST-MD5")) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " "Need server_realm for %s mechanism", ablock->name, ob->server_mech); @@ -187,7 +191,8 @@ etc) it clearly is critical. So don't activate without server_condition, this might be relaxed in the future. */ -if (ablock->server_condition != NULL) ablock->server = TRUE; + +if (ablock->server_condition) ablock->server = TRUE; ablock->client = FALSE; } @@ -206,7 +211,7 @@ HDEBUG(D_auth) debug_printf("GNU SASL Callback entered, prop=%d (loop prop=%d)\n", prop, callback_loop); -if (cb_state == NULL) +if (!cb_state) { HDEBUG(D_auth) debug_printf(" not from our server/client processing.\n"); return GSASL_NO_CALLBACK; @@ -259,8 +264,7 @@ HDEBUG(D_auth) debug_printf("GNU SASL: initialising session for %s, mechanism %s.\n", ablock->name, ob->server_mech); -rc = gsasl_server_start(gsasl_ctx, CCS ob->server_mech, &sctx); -if (rc != GSASL_OK) +if ((rc = gsasl_server_start(gsasl_ctx, CCS ob->server_mech, &sctx)) != GSASL_OK) { auth_defer_msg = string_sprintf("GNU SASL: session start failure: %s (%s)", gsasl_strerror_name(rc), gsasl_strerror(rc)); @@ -286,6 +290,7 @@ if (ob->server_realm) } /* We don't support protection layers. */ gsasl_property_set(sctx, GSASL_QOPS, "qop-auth"); + #ifndef DISABLE_TLS if (tls_channelbinding_b64) { @@ -315,11 +320,9 @@ if (tls_channelbinding_b64) CCS tls_channelbinding_b64); } else - { HDEBUG(D_auth) debug_printf("Auth %s: Not enabling channel-binding (data available)\n", ablock->name); - } } else HDEBUG(D_auth) @@ -334,9 +337,7 @@ to_send = NULL; exim_error = exim_error_override = OK; do { - rc = gsasl_step64(sctx, received, &to_send); - - switch (rc) + switch (rc = gsasl_step64(sctx, received, &to_send)) { case GSASL_OK: if (!to_send) @@ -373,10 +374,8 @@ do { goto STOP_INTERACTION; } - if ((rc == GSASL_NEEDS_MORE) || - (to_send && *to_send)) - exim_error = - auth_get_no64_data((uschar **)&received, US to_send); + if ((rc == GSASL_NEEDS_MORE) || (to_send && *to_send)) + exim_error = auth_get_no64_data((uschar **)&received, US to_send); if (to_send) { @@ -419,29 +418,25 @@ return checked_server_condition ? OK : auth_check_serv_cond(ablock); static int condition_check(auth_instance *ablock, uschar *label, uschar *condition_string) { -int exim_rc; - -exim_rc = auth_check_some_cond(ablock, label, condition_string, FAIL); - -if (exim_rc == OK) - return GSASL_OK; -else if (exim_rc == DEFER) +int exim_rc = auth_check_some_cond(ablock, label, condition_string, FAIL); +switch (exim_rc) { - sasl_error_should_defer = TRUE; - return GSASL_AUTHENTICATION_ERROR; + case OK: return GSASL_OK; + case DEFER: sasl_error_should_defer = TRUE; + return GSASL_AUTHENTICATION_ERROR; + case FAIL: return GSASL_AUTHENTICATION_ERROR; + default: log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " + "Unhandled return from checking %s: %d", + ablock->name, label, exim_rc); } -else if (exim_rc == FAIL) - return GSASL_AUTHENTICATION_ERROR; -log_write(0, LOG_PANIC_DIE|LOG_CONFIG_FOR, "%s authenticator: " - "Unhandled return from checking %s: %d", - ablock->name, label, exim_rc); /* NOTREACHED */ return GSASL_AUTHENTICATION_ERROR; } static int -server_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop, auth_instance *ablock) +server_callback(Gsasl *ctx, Gsasl_session *sctx, Gsasl_property prop, + auth_instance *ablock) { char *tmps; uschar *propval; @@ -475,13 +470,14 @@ switch (prop) break; case GSASL_VALIDATE_EXTERNAL: - if (ablock->server_condition == NULL) + if (!ablock->server_condition) { HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate EXTERNAL.\n"); cbrc = GSASL_AUTHENTICATION_ERROR; break; } propval = US gsasl_property_fast(sctx, GSASL_AUTHZID); + /* We always set $auth1, even if only to empty string. */ auth_vars[0] = expand_nstring[1] = propval ? propval : US""; expand_nlength[1] = Ustrlen(expand_nstring[1]); @@ -493,14 +489,16 @@ switch (prop) break; case GSASL_VALIDATE_ANONYMOUS: - if (ablock->server_condition == NULL) + if (!ablock->server_condition) { HDEBUG(D_auth) debug_printf("No server_condition supplied, to validate ANONYMOUS.\n"); cbrc = GSASL_AUTHENTICATION_ERROR; break; } propval = US gsasl_property_fast(sctx, GSASL_ANONYMOUS_TOKEN); + /* We always set $auth1, even if only to empty string. */ + auth_vars[0] = expand_nstring[1] = propval ? propval : US""; expand_nlength[1] = Ustrlen(expand_nstring[1]); expand_nmax = 1; @@ -516,10 +514,10 @@ switch (prop) by the SASL integration after authentication; protected against tampering (if the SASL mechanism supports that, which Kerberos does) but is unverified, same as normal for other mechanisms. - - First coding, we had these values swapped, but for consistency and prior + First coding, we had these values swapped, but for consistency and prior to the first release of Exim with this authenticator, they've been switched to match the ordering of GSASL_VALIDATE_SIMPLE. */ + propval = US gsasl_property_fast(sctx, GSASL_GSSAPI_DISPLAY_NAME); auth_vars[0] = expand_nstring[1] = propval ? propval : US""; propval = US gsasl_property_fast(sctx, GSASL_AUTHZID); @@ -530,6 +528,7 @@ switch (prop) /* In this one case, it perhaps makes sense to default back open? But for consistency, let's just mandate server_condition here too. */ + cbrc = condition_check(ablock, US"server_condition (GSSAPI family)", ablock->server_condition); checked_server_condition = TRUE; @@ -551,12 +550,14 @@ switch (prop) tmps = CS expand_string(ob->server_scram_salt); gsasl_property_set(sctx, GSASL_SCRAM_SALT, tmps); } + /* Asking for GSASL_AUTHZID calls back into us if we use gsasl_property_get(), thus the use of gsasl_property_fast(). Do we really want to hardcode limits per mechanism? What happens when a new mechanism is added to the library. It *shouldn't* result in us needing to add more glue, since avoiding that is a large part of the point of SASL. */ + propval = US gsasl_property_fast(sctx, GSASL_AUTHID); auth_vars[0] = expand_nstring[1] = propval ? propval : US""; propval = US gsasl_property_fast(sctx, GSASL_AUTHZID); @@ -567,8 +568,7 @@ switch (prop) for (int i = 1; i <= 3; ++i) expand_nlength[i] = Ustrlen(expand_nstring[i]); - tmps = CS expand_string(ob->server_password); - if (tmps == NULL) + if (!(tmps = CS expand_string(ob->server_password))) { sasl_error_should_defer = f.expand_string_forcedfail ? FALSE : TRUE; HDEBUG(D_auth) debug_printf("server_password expansion failed, so " @@ -576,9 +576,11 @@ switch (prop) return GSASL_AUTHENTICATION_ERROR; } gsasl_property_set(sctx, GSASL_PASSWORD, tmps); + /* This is inadequate; don't think Exim's store stacks are geared for memory wiping, so expanding strings will leave stuff laying around. But no need to compound the problem, so get rid of the one we can. */ + memset(tmps, '\0', strlen(tmps)); cbrc = GSASL_OK; break; -- cgit v1.2.3 From b1a32a3ce673130f4b2f49a341b11c3567081637 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 17 Nov 2019 19:30:42 +0000 Subject: OpenSSL: support authenticator channel-binding. Bug 2467 --- doc/doc-txt/NewStuff | 3 +++ src/src/auths/gsasl_exim.c | 4 ++-- src/src/base64.c | 10 ++++++++-- src/src/functions.h | 1 + src/src/globals.h | 2 +- src/src/tls-gnu.c | 18 +++++++++++------- src/src/tls-openssl.c | 28 ++++++++++++++++++++++++++++ src/src/tls.c | 2 -- 8 files changed, 54 insertions(+), 14 deletions(-) diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index fbd1a5e4e..18c3d3024 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -14,6 +14,9 @@ Version 4.next 2. Variables $tls_in_ver, $tls_out_ver. + 3. Channel-binding for authenticators is now supported under OpenSSL. + Previously it was GnuTLS-only. + Version 4.93 ------------ diff --git a/src/src/auths/gsasl_exim.c b/src/src/auths/gsasl_exim.c index 06c91ea3f..78a63cd0e 100644 --- a/src/src/auths/gsasl_exim.c +++ b/src/src/auths/gsasl_exim.c @@ -292,7 +292,7 @@ if (ob->server_realm) gsasl_property_set(sctx, GSASL_QOPS, "qop-auth"); #ifndef DISABLE_TLS -if (tls_channelbinding_b64) +if (tls_in.channelbinding) { /* Some auth mechanisms can ensure that both sides are talking withing the same security context; for TLS, this means that even if a bad certificate @@ -317,7 +317,7 @@ if (tls_channelbinding_b64) HDEBUG(D_auth) debug_printf("Auth %s: Enabling channel-binding\n", ablock->name); gsasl_property_set(sctx, GSASL_CB_TLS_UNIQUE, - CCS tls_channelbinding_b64); + CCS tls_in.channelbinding); } else HDEBUG(D_auth) diff --git a/src/src/base64.c b/src/src/base64.c index 6c8191462..aa46c2b32 100644 --- a/src/src/base64.c +++ b/src/src/base64.c @@ -242,9 +242,9 @@ static uschar *enc64table = US"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; uschar * -b64encode(const uschar * clear, int len) +b64encode_taint(const uschar * clear, int len, BOOL tainted) { -uschar *code = store_get(4*((len+2)/3) + 1, is_tainted(clear)); +uschar *code = store_get(4*((len+2)/3) + 1, tainted); uschar *p = code; while (len-- >0) @@ -283,6 +283,12 @@ while (len-- >0) return code; } +uschar * +b64encode(const uschar * clear, int len) +{ +return b64encode_taint(clear, len, is_tainted(clear)); +} + /* End of base64.c */ /* vi: sw ai sw=2 diff --git a/src/src/functions.h b/src/src/functions.h index 187bdafa6..da21b8779 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -136,6 +136,7 @@ extern gstring *authres_spf(gstring *); #endif extern uschar *b64encode(const uschar *, int); +extern uschar *b64encode_taint(const uschar *, int, BOOL); extern int b64decode(const uschar *, uschar **); extern int bdat_getc(unsigned); extern uschar *bdat_getbuf(unsigned *); diff --git a/src/src/globals.h b/src/src/globals.h index 1754d3e89..8a3d4c56f 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -97,6 +97,7 @@ typedef struct { void *peercert; /* Certificate of peer, binary */ uschar *peerdn; /* DN from peer */ uschar *sni; /* Server Name Indication */ + uschar *channelbinding; /* b64'd data identifying channel, for authenticators */ enum { OCSP_NOT_REQ=0, /* not requested */ OCSP_NOT_RESP, /* no response to request */ @@ -120,7 +121,6 @@ extern BOOL gnutls_allow_auto_pkcs11; /* Let GnuTLS autoload PKCS11 modules * extern uschar *openssl_options; /* OpenSSL compatibility options */ extern const pcre *regex_STARTTLS; /* For recognizing STARTTLS settings */ extern uschar *tls_certificate; /* Certificate file */ -extern uschar *tls_channelbinding_b64; /* string of base64 channel binding */ extern uschar *tls_crl; /* CRL File */ extern int tls_dh_max_bits; /* don't accept higher lib suggestions */ extern uschar *tls_dhparam; /* DH param file */ diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 7d7f61dd8..f3c3835fe 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -155,7 +155,7 @@ Some of these correspond to variables in globals.c; those variables will be set to point to content in one of these instances, as appropriate for the stage of the process lifetime. -Not handled here: global tls_channelbinding_b64. +Not handled here: global tlsp->tls_channelbinding. */ typedef struct exim_gnutls_state { @@ -467,7 +467,7 @@ Sets: tls_active fd tls_bits strength indicator tls_certificate_verified bool indicator - tls_channelbinding_b64 for some SASL mechanisms + tls_channelbinding for some SASL mechanisms tls_ver a string tls_cipher a string tls_peercert pointer to library internal @@ -499,10 +499,10 @@ tlsp->certificate_verified = state->peer_cert_verified; tlsp->dane_verified = state->peer_dane_verified; #endif -/* note that tls_channelbinding_b64 is not saved to the spool file, since it's +/* note that tls_channelbinding is not saved to the spool file, since it's only available for use for authenticators while this TLS session is running. */ -tls_channelbinding_b64 = NULL; +tlsp->channelbinding = NULL; #ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING channel.data = NULL; channel.size = 0; @@ -510,11 +510,15 @@ if ((rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, & { DEBUG(D_tls) debug_printf("Channel binding error: %s\n", gnutls_strerror(rc)); } else { + /* Declare the taintedness of the binding info. On server, untainted; on + client, tainted - being the Finish msg from the server. */ + old_pool = store_pool; store_pool = POOL_PERM; - tls_channelbinding_b64 = b64encode(CUS channel.data, (int)channel.size); + tlsp->channelbinding = b64encode_taint(CUS channel.data, (int)channel.size, + !!state->host); store_pool = old_pool; - DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage.\n"); + DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n"); } #endif @@ -3093,7 +3097,7 @@ gnutls_certificate_free_credentials(state->x509_cred); tlsp->active.sock = -1; tlsp->active.tls_ctx = NULL; /* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */ -tls_channelbinding_b64 = NULL; +tlsp->channelbinding = NULL; if (state->xfer_buffer) store_free(state->xfer_buffer); diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 7a82e1d55..5ea4d964e 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -2741,6 +2741,20 @@ DEBUG(D_tls) tls_in.ourcert = crt ? X509_dup(crt) : NULL; } +/* Channel-binding info for authenticators +See description in https://paquier.xyz/postgresql-2/channel-binding-openssl/ */ + { + uschar c, * s; + size_t len = SSL_get_peer_finished(server_ssl, &c, 0); + int old_pool = store_pool; + + SSL_get_peer_finished(server_ssl, s = store_get((int)len, FALSE), len); + store_pool = POOL_PERM; + tls_in.channelbinding = b64encode_taint(CUS s, (int)len, FALSE); + store_pool = old_pool; + DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n"); + } + /* Only used by the server-side tls (tls_in), including tls_getc. Client-side (tls_out) reads (seem to?) go via smtp_read_response()/ip_recv(). @@ -3303,6 +3317,20 @@ tlsp->cipher_stdname = cipher_stdname_ssl(exim_client_ctx->ssl); tlsp->ourcert = crt ? X509_dup(crt) : NULL; } +/*XXX will this work with continued-TLS? */ +/* Channel-binding info for authenticators */ + { + uschar c, * s; + size_t len = SSL_get_finished(exim_client_ctx->ssl, &c, 0); + int old_pool = store_pool; + + SSL_get_finished(exim_client_ctx->ssl, s = store_get((int)len, TRUE), len); + store_pool = POOL_PERM; + tlsp->channelbinding = b64encode_taint(CUS s, (int)len, TRUE); + store_pool = old_pool; + DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage\n"); + } + tlsp->active.sock = cctx->sock; tlsp->active.tls_ctx = exim_client_ctx; cctx->tls_ctx = exim_client_ctx; diff --git a/src/src/tls.c b/src/src/tls.c index 531d67950..d47156cdc 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -61,8 +61,6 @@ static int ssl_xfer_eof = FALSE; static BOOL ssl_xfer_error = FALSE; #endif -uschar *tls_channelbinding_b64 = NULL; - /************************************************* * Expand string; give error on failure * -- cgit v1.2.3 From a3df157980b463b89d71a3f12d88abe5bad857dc Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 21 Nov 2019 21:19:32 +0000 Subject: tidying --- src/src/smtp_in.c | 80 +++++++++++++++++++++++++++---------------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index ddf98ec61..301f3c52c 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -3714,60 +3714,60 @@ if (rc != OK) switch(rc) { case OK: - if (!au->set_id || set_id) /* Complete success */ - { - if (set_id) authenticated_id = string_copy_perm(set_id, TRUE); - sender_host_authenticated = au->name; - sender_host_auth_pubname = au->public_name; - authentication_failed = FALSE; - authenticated_fail_id = NULL; /* Impossible to already be set? */ - - received_protocol = - (sender_host_address ? protocols : protocols_local) - [pextend + pauthed + (tls_in.active.sock >= 0 ? pcrpted:0)]; - *s = *ss = US"235 Authentication succeeded"; - authenticated_by = au; - break; - } + if (!au->set_id || set_id) /* Complete success */ + { + if (set_id) authenticated_id = string_copy_perm(set_id, TRUE); + sender_host_authenticated = au->name; + sender_host_auth_pubname = au->public_name; + authentication_failed = FALSE; + authenticated_fail_id = NULL; /* Impossible to already be set? */ - /* Authentication succeeded, but we failed to expand the set_id string. - Treat this as a temporary error. */ + received_protocol = + (sender_host_address ? protocols : protocols_local) + [pextend + pauthed + (tls_in.active.sock >= 0 ? pcrpted:0)]; + *s = *ss = US"235 Authentication succeeded"; + authenticated_by = au; + break; + } - auth_defer_msg = expand_string_message; - /* Fall through */ + /* Authentication succeeded, but we failed to expand the set_id string. + Treat this as a temporary error. */ + + auth_defer_msg = expand_string_message; + /* Fall through */ case DEFER: - if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); - *s = string_sprintf("435 Unable to authenticate at present%s", - auth_defer_user_msg); - *ss = string_sprintf("435 Unable to authenticate at present%s: %s", - set_id, auth_defer_msg); - break; + if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); + *s = string_sprintf("435 Unable to authenticate at present%s", + auth_defer_user_msg); + *ss = string_sprintf("435 Unable to authenticate at present%s: %s", + set_id, auth_defer_msg); + break; case BAD64: - *s = *ss = US"501 Invalid base64 data"; - break; + *s = *ss = US"501 Invalid base64 data"; + break; case CANCELLED: - *s = *ss = US"501 Authentication cancelled"; - break; + *s = *ss = US"501 Authentication cancelled"; + break; case UNEXPECTED: - *s = *ss = US"553 Initial data not expected"; - break; + *s = *ss = US"553 Initial data not expected"; + break; case FAIL: - if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); - *s = US"535 Incorrect authentication data"; - *ss = string_sprintf("535 Incorrect authentication data%s", set_id); - break; + if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); + *s = US"535 Incorrect authentication data"; + *ss = string_sprintf("535 Incorrect authentication data%s", set_id); + break; default: - if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); - *s = US"435 Internal error"; - *ss = string_sprintf("435 Internal error%s: return %d from authentication " - "check", set_id, rc); - break; + if (set_id) authenticated_fail_id = string_copy_perm(set_id, TRUE); + *s = US"435 Internal error"; + *ss = string_sprintf("435 Internal error%s: return %d from authentication " + "check", set_id, rc); + break; } return rc; -- cgit v1.2.3 From bda253e55534a96a3c1fd9747121c46e6507ed32 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 23 Nov 2019 22:21:00 +0000 Subject: Docs: gsasl auth channel-binding now also usable under OpenSSL --- doc/doc-docbook/spec.xfpt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index a93f61182..0e7d7655c 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -27460,9 +27460,11 @@ This should have meant that certificate identity and verification becomes a non-issue, as a man-in-the-middle attack will cause the correct client and server to see different identifiers and authentication will fail. -This is currently only supported when using the GnuTLS library. This is +.new +This is only usable by mechanisms which support "channel binding"; at time of writing, that's the SCRAM family. +.wen This defaults off to ensure smooth upgrade across Exim releases, in case this option causes some clients to start failing. Some future release -- cgit v1.2.3 From 52236390cb37864f3a17bc922ee358138655df44 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 24 Nov 2019 19:02:57 +0000 Subject: Testsuite: better non-TFO-system debug handling --- test/runtest | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/runtest b/test/runtest index 1215e6165..d9cb51da4 100755 --- a/test/runtest +++ b/test/runtest @@ -1247,9 +1247,10 @@ RESET_AFTER_EXTRA_LINE_READ: # Not all platforms support TCP Fast Open, and the compile omits the check if (s/\S+ in hosts_try_fastopen\? (no \(option unset\)|yes \(matched "\*"\))\n$//) { + chomp; $_ .= ; s/ \.\.\. >>> / ... /; - if (s/ non-TFO mode connection attempt to 224.0.0.0, 0 data\b$//) { $_ .= ; } + if (s/ non-TFO mode connection attempt to 224.0.0.0, 0 data\b$//) { chomp; $_ .= ; } s/Address family not supported by protocol family/Network Error/; s/Network is unreachable/Network Error/; } -- cgit v1.2.3 From 30398c0651d976f7ca2713ba9441c117eb37ed1e Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 25 Nov 2019 16:18:15 +0000 Subject: Make smtp_flush() work for TLS channel --- src/src/smtp_in.c | 25 +++++++++++++++---------- src/src/tls-gnu.c | 3 +++ src/src/tls-openssl.c | 17 ++++++++++------- 3 files changed, 28 insertions(+), 17 deletions(-) diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 301f3c52c..b88fde1b5 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -947,16 +947,13 @@ if (fl.rcpt_in_progress) /* Now write the string */ +if ( #ifndef DISABLE_TLS -if (tls_in.active.sock >= 0) - { - if (tls_write(NULL, gs.s, gs.ptr, more) < 0) - smtp_write_error = -1; - } -else + tls_in.active.sock >= 0 ? (tls_write(NULL, gs.s, gs.ptr, more) < 0) : #endif - -if (fprintf(smtp_out, "%s", gs.s) < 0) smtp_write_error = -1; + (fwrite(gs.s, gs.ptr, 1, smtp_out) == 0) + ) + smtp_write_error = -1; } @@ -967,8 +964,7 @@ if (fprintf(smtp_out, "%s", gs.s) < 0) smtp_write_error = -1; /* This function isn't currently used within Exim (it detects errors when it tries to read the next SMTP input), but is available for use in local_scan(). -For non-TLS connections, it flushes the output and checks for errors. For -TLS-connections, it checks for a previously-detected TLS write error. +It flushes the output and checks for errors. Arguments: none Returns: 0 for no error; -1 after an error @@ -978,6 +974,15 @@ int smtp_fflush(void) { if (tls_in.active.sock < 0 && fflush(smtp_out) != 0) smtp_write_error = -1; + +if ( +#ifndef DISABLE_TLS + tls_in.active.sock >= 0 ? (tls_write(NULL, NULL, 0, FALSE) < 0) : +#endif + (fflush(smtp_out) != 0) + ) + smtp_write_error = -1; + return smtp_write_error; } diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index f3c3835fe..7b0f2f6ad 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -3311,6 +3311,9 @@ Arguments: len number of bytes more more data expected soon +Calling with len zero and more unset will flush buffered writes. The buff +argument can be null for that case. + Returns: the number of bytes after a successful write, -1 after a failed write */ diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 5ea4d964e..7e3cc3f78 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -3531,11 +3531,12 @@ Arguments: Returns: the number of bytes after a successful write, -1 after a failed write -Used by both server-side and client-side TLS. +Used by both server-side and client-side TLS. Calling with len zero and more unset +will flush buffered writes; buff can be null for this case. */ int -tls_write(void * ct_ctx, const uschar *buff, size_t len, BOOL more) +tls_write(void * ct_ctx, const uschar * buff, size_t len, BOOL more) { size_t olen = len; int outbytes, error; @@ -3561,6 +3562,8 @@ a store reset there, so use POOL_PERM. */ if ((more || corked)) { + if (!len) buff = US &error; /* dummy just so that string_catn is ok */ + #ifndef DISABLE_PIPE_CONNECT int save_pool = store_pool; store_pool = POOL_PERM; @@ -3590,16 +3593,16 @@ for (int left = len; left > 0;) DEBUG(D_tls) debug_printf("outbytes=%d error=%d\n", outbytes, error); switch (error) { + case SSL_ERROR_NONE: /* the usual case */ + left -= outbytes; + buff += outbytes; + break; + case SSL_ERROR_SSL: ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring)); log_write(0, LOG_MAIN, "TLS error (SSL_write): %s", ssl_errstring); return -1; - case SSL_ERROR_NONE: - left -= outbytes; - buff += outbytes; - break; - case SSL_ERROR_ZERO_RETURN: log_write(0, LOG_MAIN, "SSL channel closed on write"); return -1; -- cgit v1.2.3 From 1477005f2e352b6c4a25fd4706b7dc808d0bb70b Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 1 Dec 2019 14:49:26 +0000 Subject: Testsuite: Fix use-of-undef --- test/runtest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/runtest b/test/runtest index d9cb51da4..25f9b9571 100755 --- a/test/runtest +++ b/test/runtest @@ -1537,7 +1537,7 @@ if (! -e $sf_current) log_failure($log_failed_filename, $testno, $rf); log_test($log_summary_filename, $testno, 'F') if ($force_continue); } - return 1 if /^c$/i && $rf !~ /paniclog/ && $rsf !~ /paniclog/; + return 1 if /^c$/i && $rf !~ /paniclog/ && (!defined $rsf || $rsf !~ /paniclog/); last if (/^[sc]$/); } -- cgit v1.2.3 From 54ebae896d299e5b366e859b8874c7ccd7e501ec Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 1 Dec 2019 17:01:45 +0000 Subject: Testsuite: document testcase issue on FreeBSD --- test/scripts/3300-crypteq/3300 | 31 ++++++++++++++++++++----------- test/stdout/3300 | 31 ++++++++++++++++++++----------- 2 files changed, 40 insertions(+), 22 deletions(-) diff --git a/test/scripts/3300-crypteq/3300 b/test/scripts/3300-crypteq/3300 index 2ca0fdd12..fb3a617ab 100644 --- a/test/scripts/3300-crypteq/3300 +++ b/test/scripts/3300-crypteq/3300 @@ -2,6 +2,11 @@ exim -be badCrypt: ${if crypteq{MySecret}{}{yes}{no}} + +# Defined-routine, and default, crypt mehods. These fail on FreeBSD because +# the crypt() call does something different to that on Linux. The output +# is therefore different, and the compare fails. + mySecret: ${if crypteq{MySecret}{azrazPWCQJhyg}{yes}{no}} mySecret: ${if crypteq{MySecret}{aarazPWCQJhyg}{yes}{no}} mySecret: ${if crypteq{MySecret}{\{crypt\}azrazPWCQJhyg}{yes}{no}} @@ -12,19 +17,23 @@ crypt16: ${if crypteq{MySecretRhubarb}{\{crypt\}azrazPWCQJhyg}{yes}{no}} crypt16: ${if crypteq{MySecretRhubarb}{\{crypt16\}azrazPWCQJhyg}{yes}{no}} crypt16: ${if crypteq{MySecretRhubarb}{\{CRYPT16\}azrazPWCQJhygdJWzb77lQMA}{yes}{no}} -test: ${if crypteq{test}{\{md5\}CY9rzUYh03PK3k6DJie09g==}{yes}{no}} -test: ${if crypteq{test}{\{MD5\}CY9rzUYh03PK3k6DJie09g==}{yes}{no}} -test: ${if crypteq{test}{\{md5\}AY9rzUYh03PK3k6DJie09g==}{yes}{no}} -test: ${if crypteq{test}{\{md5\}098f6bcd4621d373cade4e832627b4f6}{yes}{no}} -test: ${if crypteq{test}{\{md5\}198f6bcd4621d373cade4e832627b4f6}{yes}{no}} -test: ${if crypteq{test}{\{md5\}098f6bcd4621d373cade4e832627b4f}{yes}{no}} -abc: ${if crypteq{abc}{\{sha1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} -abc: ${if crypteq{abc}{\{SHA1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} -abc: ${if crypteq{abc}{\{sha1\}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=}{yes}{no}} -abd: ${if crypteq{abd}{\{sha1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} +# Defined-algo methods. + +md5: ${if crypteq{test}{\{md5\}CY9rzUYh03PK3k6DJie09g==}{yes}{no}} +md5: ${if crypteq{test}{\{MD5\}CY9rzUYh03PK3k6DJie09g==}{yes}{no}} +md5: ${if crypteq{test}{\{md5\}AY9rzUYh03PK3k6DJie09g==}{yes}{no}} +md5: ${if crypteq{test}{\{md5\}098f6bcd4621d373cade4e832627b4f6}{yes}{no}} +md5: ${if crypteq{test}{\{md5\}198f6bcd4621d373cade4e832627b4f6}{yes}{no}} +md5: ${if crypteq{test}{\{md5\}098f6bcd4621d373cade4e832627b4f}{yes}{no}} + +sha1: ${if crypteq{abc}{\{sha1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} +sha1: ${if crypteq{abc}{\{SHA1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} +sha1: ${if crypteq{abc}{\{sha1\}qZk+NkcGgWq6PiVxeFDCbJzQ2J0=}{yes}{no}} +sha1: ${if crypteq{abd}{\{sha1\}A9993E364706816ABA3E25717850C26C9CD0D89D}{yes}{no}} + -# Combinations +# Combinations. These fail on FreeBSD as above. y: ${if and {{crypteq{MySecret}{azrazPWCQJhyg}}{exists{/etc/passwd}}}{Y}{N}} y: ${if or {{crypteq{MySecret}{azrazQWCQJhyg}}{exists{/etc/passwd}}}{Y}{N}} diff --git a/test/stdout/3300 b/test/stdout/3300 index e12e7c319..e1fbc0a9a 100644 --- a/test/stdout/3300 +++ b/test/stdout/3300 @@ -1,4 +1,9 @@ > badCrypt: no +> +> # Defined-routine, and default, crypt mehods. These fail on FreeBSD because +> # the crypt() call does something different to that on Linux. The output +> # is therefore different, and the compare fails. +> > mySecret: yes > mySecret: no > mySecret: yes @@ -9,19 +14,23 @@ > crypt16: no > crypt16: yes > -> test: yes -> test: yes -> test: no -> test: yes -> test: no -> test: no > -> abc: yes -> abc: yes -> abc: yes -> abd: no +> # Defined-algo methods. +> +> md5: yes +> md5: yes +> md5: no +> md5: yes +> md5: no +> md5: no +> +> sha1: yes +> sha1: yes +> sha1: yes +> sha1: no +> > -> # Combinations +> # Combinations. These fail on FreddBSD as above. > > y: Y > y: Y -- cgit v1.2.3 From 59bc484ca1aab0d4f26f3078530b8058c53ccee7 Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Fri, 18 Oct 2019 15:15:47 +0200 Subject: Make makefile: Handle DISABLE_TLS (option changed from SUPPORT_TLS) (cherry picked from commit 13032a329bb8133a2f56e8527c29f17c8fdfdbd0) --- src/scripts/Configure-Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile index 7e0bf38db..ecd2083a7 100755 --- a/src/scripts/Configure-Makefile +++ b/src/scripts/Configure-Makefile @@ -165,7 +165,7 @@ then eval "pc_value=\"\$$var\"" need_this='' need_core='' - if [ ".$SUPPORT_TLS" = "." ]; then + if [ ".$DISABLE_TLS" = .yes ]; then # no TLS, not referencing true elif [ ".$var" = ".USE_GNUTLS_PC" ] && [ ".$USE_GNUTLS" != "." ]; then -- cgit v1.2.3 From b30930a554edd087932dbff2d4d32f340de28ed1 Mon Sep 17 00:00:00 2001 From: "Heiko Schlittermann (HS12-RIPE)" Date: Tue, 3 Dec 2019 07:23:25 +0100 Subject: Build: Enable *GNU (Hurd) Bug 2476 --- src/OS/Makefile-Base | 2 ++ src/OS/Makefile-GNU | 29 ++++++++++++++++++++++ src/OS/os.c-GNU | 55 +++++++++++++++++++++++++++++++++++++++++ src/OS/os.h-GNU | 23 +++++++++++++++++ src/OS/unsupported/Makefile-GNU | 29 ---------------------- src/OS/unsupported/os.c-GNU | 55 ----------------------------------------- src/OS/unsupported/os.h-GNU | 23 ----------------- 7 files changed, 109 insertions(+), 107 deletions(-) create mode 100644 src/OS/Makefile-GNU create mode 100644 src/OS/os.c-GNU create mode 100644 src/OS/os.h-GNU delete mode 100644 src/OS/unsupported/Makefile-GNU delete mode 100644 src/OS/unsupported/os.c-GNU delete mode 100644 src/OS/unsupported/os.h-GNU diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base index f8c6ebb53..9ecde1d3e 100644 --- a/src/OS/Makefile-Base +++ b/src/OS/Makefile-Base @@ -97,6 +97,7 @@ Makefile: ../OS/Makefile-Base ../OS/Makefile-Default \ os.h: $(SCRIPTS)/Configure-os.h \ $(O)/os.h-FreeBSD \ + $(O)/os.h-GNU \ $(O)/os.h-Linux \ $(O)/os.h-OpenBSD \ $(O)/os.h-SunOS5 @@ -113,6 +114,7 @@ os.h: $(SCRIPTS)/Configure-os.h \ os.c: ../src/os.c \ $(SCRIPTS)/Configure-os.c \ + $(O)/os.c-GNU \ $(O)/os.c-Linux $(SHELL) $(SCRIPTS)/Configure-os.c diff --git a/src/OS/Makefile-GNU b/src/OS/Makefile-GNU new file mode 100644 index 000000000..e46434187 --- /dev/null +++ b/src/OS/Makefile-GNU @@ -0,0 +1,29 @@ +# Exim: OS-specific make file for GNU and variants. + +HAVE_ICONV=yes + +BASENAME_COMMAND=look_for_it +CHOWN_COMMAND=look_for_it +CHGRP_COMMAND=look_for_it +CHMOD_COMMAND=look_for_it + +CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE + +DBMLIB = -ldb +USE_DB = yes + +LIBS = -lnsl -lcrypt -lm +LIBRESOLV = -lresolv + +X11=/usr/X11R6 +XINCLUDE=-I$(X11)/include +XLFLAGS=-L$(X11)/lib +X11_LD_LIB=$(X11)/lib + +EXIWHAT_PS_ARG=ax +EXIWHAT_EGREP_ARG='/exim( |$$)' +EXIWHAT_MULTIKILL_CMD=killall +EXIWHAT_MULTIKILL_ARG=exim +EXIWHAT_KILL_SIGNAL=-USR1 + +# End diff --git a/src/OS/os.c-GNU b/src/OS/os.c-GNU new file mode 100644 index 000000000..e5d6ff66c --- /dev/null +++ b/src/OS/os.c-GNU @@ -0,0 +1,55 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* See the file NOTICE for conditions of use and distribution. */ + +/* GNU-specific code. This is concatenated onto the generic src/os.c file. +GNU/Hurd has approximately the same way to determine the load average as NeXT, +so a variant of this could also be in the generic os.c file. See the GNU EMacs +getloadavg.c file, from which this snippet was derived. getloadavg.c from Emacs +is copyrighted by the FSF under the terms of the GPLv2 or any later version. +Changes are hereby placed under the same license, as requested by the GPL. */ + +#ifndef OS_LOAD_AVERAGE +#define OS_LOAD_AVERAGE + +#include + +static processor_set_t default_set; +static int getloadavg_initialized; + +int +os_getloadavg (void) +{ +host_t host; +struct processor_set_basic_info info; +unsigned info_count; + +if (!getloadavg_initialized) + { + if (processor_set_default (mach_host_self(), &default_set) == KERN_SUCCESS) + getloadavg_initialized = 1; + } + +if (getloadavg_initialized) + { + info_count = PROCESSOR_SET_BASIC_INFO_COUNT; + if (processor_set_info(default_set, PROCESSOR_SET_BASIC_INFO, &host, + (processor_set_info_t)&info, &info_count) != KERN_SUCCESS) + getloadavg_initialized = 0; + else + { + #if LOAD_SCALE == 1000 + return info.load_average; + #else + return (int) (((double) info.load_average * 1000) / LOAD_SCALE)); + #endif + } + } + +return -1; +} +#endif /* OS_LOAD_AVERAGE */ + +/* End of os.c-GNU */ diff --git a/src/OS/os.h-GNU b/src/OS/os.h-GNU new file mode 100644 index 000000000..44993163d --- /dev/null +++ b/src/OS/os.h-GNU @@ -0,0 +1,23 @@ +/* Exim: OS-specific C header file for GNU/Hurd */ + +#define CRYPT_H +#define GLIBC_IP_OPTIONS +#define HAVE_BSD_GETLOADAVG +#define HAVE_MMAP +#define HAVE_SYS_VFS_H +#define NO_IP_VAR_H +#define SIG_IGN_WORKS +#define SIOCGIFCONF_GIVES_ADDR + +#define F_FREESP O_TRUNC +typedef struct flock flock_t; + +#define os_strsignal strsignal +#define OS_STRSIGNAL + +/* Hurd-specific bits below */ + +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + +/* End */ diff --git a/src/OS/unsupported/Makefile-GNU b/src/OS/unsupported/Makefile-GNU deleted file mode 100644 index e46434187..000000000 --- a/src/OS/unsupported/Makefile-GNU +++ /dev/null @@ -1,29 +0,0 @@ -# Exim: OS-specific make file for GNU and variants. - -HAVE_ICONV=yes - -BASENAME_COMMAND=look_for_it -CHOWN_COMMAND=look_for_it -CHGRP_COMMAND=look_for_it -CHMOD_COMMAND=look_for_it - -CFLAGS ?= -O -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE - -DBMLIB = -ldb -USE_DB = yes - -LIBS = -lnsl -lcrypt -lm -LIBRESOLV = -lresolv - -X11=/usr/X11R6 -XINCLUDE=-I$(X11)/include -XLFLAGS=-L$(X11)/lib -X11_LD_LIB=$(X11)/lib - -EXIWHAT_PS_ARG=ax -EXIWHAT_EGREP_ARG='/exim( |$$)' -EXIWHAT_MULTIKILL_CMD=killall -EXIWHAT_MULTIKILL_ARG=exim -EXIWHAT_KILL_SIGNAL=-USR1 - -# End diff --git a/src/OS/unsupported/os.c-GNU b/src/OS/unsupported/os.c-GNU deleted file mode 100644 index e5d6ff66c..000000000 --- a/src/OS/unsupported/os.c-GNU +++ /dev/null @@ -1,55 +0,0 @@ -/************************************************* -* Exim - an Internet mail transport agent * -*************************************************/ - -/* See the file NOTICE for conditions of use and distribution. */ - -/* GNU-specific code. This is concatenated onto the generic src/os.c file. -GNU/Hurd has approximately the same way to determine the load average as NeXT, -so a variant of this could also be in the generic os.c file. See the GNU EMacs -getloadavg.c file, from which this snippet was derived. getloadavg.c from Emacs -is copyrighted by the FSF under the terms of the GPLv2 or any later version. -Changes are hereby placed under the same license, as requested by the GPL. */ - -#ifndef OS_LOAD_AVERAGE -#define OS_LOAD_AVERAGE - -#include - -static processor_set_t default_set; -static int getloadavg_initialized; - -int -os_getloadavg (void) -{ -host_t host; -struct processor_set_basic_info info; -unsigned info_count; - -if (!getloadavg_initialized) - { - if (processor_set_default (mach_host_self(), &default_set) == KERN_SUCCESS) - getloadavg_initialized = 1; - } - -if (getloadavg_initialized) - { - info_count = PROCESSOR_SET_BASIC_INFO_COUNT; - if (processor_set_info(default_set, PROCESSOR_SET_BASIC_INFO, &host, - (processor_set_info_t)&info, &info_count) != KERN_SUCCESS) - getloadavg_initialized = 0; - else - { - #if LOAD_SCALE == 1000 - return info.load_average; - #else - return (int) (((double) info.load_average * 1000) / LOAD_SCALE)); - #endif - } - } - -return -1; -} -#endif /* OS_LOAD_AVERAGE */ - -/* End of os.c-GNU */ diff --git a/src/OS/unsupported/os.h-GNU b/src/OS/unsupported/os.h-GNU deleted file mode 100644 index 44993163d..000000000 --- a/src/OS/unsupported/os.h-GNU +++ /dev/null @@ -1,23 +0,0 @@ -/* Exim: OS-specific C header file for GNU/Hurd */ - -#define CRYPT_H -#define GLIBC_IP_OPTIONS -#define HAVE_BSD_GETLOADAVG -#define HAVE_MMAP -#define HAVE_SYS_VFS_H -#define NO_IP_VAR_H -#define SIG_IGN_WORKS -#define SIOCGIFCONF_GIVES_ADDR - -#define F_FREESP O_TRUNC -typedef struct flock flock_t; - -#define os_strsignal strsignal -#define OS_STRSIGNAL - -/* Hurd-specific bits below */ - -/* default is non-const */ -#define ICONV_ARG2_TYPE const char ** - -/* End */ -- cgit v1.2.3 From 52503083b9eded01c25e1c73f4510963c3cee799 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 3 Dec 2019 20:41:20 +0000 Subject: TFO: disable for FreeBSD --- src/src/ip.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/src/ip.c b/src/src/ip.c index 19be51a03..70e3e2064 100644 --- a/src/src/ip.c +++ b/src/src/ip.c @@ -245,7 +245,7 @@ callout_address = string_sprintf("[%s]:%d", address, port); sigalrm_seen = FALSE; if (timeout > 0) ALARM(timeout); -#ifdef TCP_FASTOPEN +#if defined(TCP_FASTOPEN) && (defined(MSG_FASTOPEN) || defined(EXIM_TFO_CONNECTX)) /* TCP Fast Open, if the system has a cookie from a previous call to this peer, can send data in the SYN packet. The peer can send data before it gets our ACK of its SYN,ACK - the latter is useful for @@ -255,8 +255,8 @@ possibly use the data-on-syn, so support that too. */ if (fastopen_blob && f.tcp_fastopen_ok) { # ifdef MSG_FASTOPEN - /* This is a Linux implementation. It might be useable on FreeBSD; I have - not checked. */ + /* This is a Linux implementation. FreeBSD does not seem to have MSG_FASTOPEN so + how to get TFO is unknown. */ if ((rc = sendto(sock, fastopen_blob->data, fastopen_blob->len, MSG_FASTOPEN | MSG_DONTWAIT, s_ptr, s_len)) >= 0) -- cgit v1.2.3 From 157609cd6700dff90203c8e05f6f60c705536129 Mon Sep 17 00:00:00 2001 From: Samuel Thibault Date: Tue, 3 Dec 2019 21:13:06 +0000 Subject: Testsuite: support platforms using ifconfig from inetutils. Bug 2485 --- test/runtest | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/runtest b/test/runtest index 25f9b9571..a8858b1cb 100755 --- a/test/runtest +++ b/test/runtest @@ -3429,7 +3429,7 @@ while (not ($parm_ipv4 and $parm_ipv6) and defined($_ = )) { if (/^(?:[0-9]+: )?([a-z0-9]+): /) { $ifname = $1; } - if (not $parm_ipv4 and /^\s*inet(?:\saddr)?:?\s?(\d+\.\d+\.\d+\.\d+)(?:\/\d+)?\s/i) + if (not $parm_ipv4 and /^\s*inet(?:\saddr(?:ess))?:?\s*(\d+\.\d+\.\d+\.\d+)(?:\/\d+)?\s/i) { # It would ne nice to be able to vary the /16 used for manyhome; we could take # an option to runtest used here - but we'd also have to pass it on to fakens. @@ -3438,7 +3438,7 @@ while (not ($parm_ipv4 and $parm_ipv6) and defined($_ = )) $parm_ipv4 = $1; } - if (not $parm_ipv6 and /^\s*inet6(?:\saddr)?:?\s?([abcdef\d:]+)(?:%[^ \/]+)?(?:\/\d+)?/i) + if (not $parm_ipv6 and /^\s*inet6(?:\saddr(?:ess))?:?\s*([abcdef\d:]+)(?:%[^ \/]+)?(?:\/\d+)?/i) { next if $1 eq '::' or $1 eq '::1' or $1 =~ /^ff00/i or $1 =~ /^fe80::1/i; $parm_ipv6 = $1; -- cgit v1.2.3 From 377da0430697e6bcb8c48744eb5af4272a8f8075 Mon Sep 17 00:00:00 2001 From: Samuel Thibault Date: Wed, 4 Dec 2019 21:30:01 +0000 Subject: Hurd: errno really uses more than a short-sized value. Bug 2476 --- src/src/structs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/src/structs.h b/src/src/structs.h index 1d867c5b6..9927bc527 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -648,11 +648,11 @@ typedef struct address_item { unsigned int domain_cache[(MAX_NAMED_LIST * 2)/32]; unsigned int localpart_cache[(MAX_NAMED_LIST * 2)/32]; int mode; /* mode for local transporting to a file */ + int basic_errno; /* status after failure */ int more_errno; /* additional error information */ /* (may need to hold a timestamp) */ unsigned int delivery_usec; /* subsecond part of delivery time */ - short int basic_errno; /* status after failure */ unsigned short child_count; /* number of child addresses */ short int return_file; /* fileno of return data file */ short int special_action; /* ( used when when deferred or failed */ -- cgit v1.2.3 From 6e0fddef0de4966abad739bed65d49e097651853 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 5 Dec 2019 14:18:07 +0000 Subject: Transports: explicit errno values in returns --- src/src/exim_dbutil.c | 2 +- src/src/macros.h | 7 ++----- src/src/transports/autoreply.c | 21 ++++++++++----------- src/src/transports/pipe.c | 4 ++-- src/src/transports/smtp.c | 2 +- test/log/0228 | 2 +- 6 files changed, 17 insertions(+), 21 deletions(-) diff --git a/src/src/exim_dbutil.c b/src/src/exim_dbutil.c index 80f656530..7b13859cd 100644 --- a/src/src/exim_dbutil.c +++ b/src/src/exim_dbutil.c @@ -332,7 +332,7 @@ if (asprintf(CSS &filename, "%s/%s", dirname, name) < 0) return NULL; #else filename = string_sprintf("%s/%s", dirname, name); #endif -EXIM_DBOPEN(filename, dirname, flags, 0, &(dbblock->dbptr)); +EXIM_DBOPEN(filename, dirname, flags, 0, &dbblock->dbptr); if (!dbblock->dbptr) { diff --git a/src/src/macros.h b/src/src/macros.h index e36c09c47..a9653f45b 100644 --- a/src/src/macros.h +++ b/src/src/macros.h @@ -550,11 +550,8 @@ table exim_errstrings[] in log.c */ #define ERRNO_DATA4XX (-46) /* DATA gave 4xx error */ #define ERRNO_PROXYFAIL (-47) /* Negotiation failed for proxy configured host */ #define ERRNO_AUTHPROB (-48) /* Authenticator "other" failure */ - -#ifdef SUPPORT_I18N -# define ERRNO_UTF8_FWD (-49) /* target not supporting SMTPUTF8 */ -#endif - /* -50 free for re-use */ +#define ERRNO_UTF8_FWD (-49) /* target not supporting SMTPUTF8 */ +#define ERRNO_HOST_IS_LOCAL (-50) /* Transport refuses to talk to localhost */ /* These must be last, so all retry deferments can easily be identified */ diff --git a/src/src/transports/autoreply.c b/src/src/transports/autoreply.c index 1aef02aaf..68f8d1f58 100644 --- a/src/src/transports/autoreply.c +++ b/src/src/transports/autoreply.c @@ -433,10 +433,10 @@ if (oncelog && *oncelog != 0 && to) if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0) { addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to %s \"once\" file %s when " "sending message from %s transport: %s", - (cache_fd < 0)? "open" : "stat", oncelog, tblock->name, - strerror(errno)); + cache_fd < 0 ? "open" : "stat", oncelog, tblock->name, strerror(errno)); goto END_OFF; } @@ -489,6 +489,7 @@ if (oncelog && *oncelog != 0 && to) if (!dbm_file) { addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to open %s file %s when sending " "message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name, strerror(errno)); @@ -544,16 +545,13 @@ if (oncelog && *oncelog != 0 && to) /* We are going to send a message. Ensure any requested file is available. */ -if (file) +if (file && !(ff = Ufopen(file, "rb")) && !ob->file_optional) { - ff = Ufopen(file, "rb"); - if (!ff && !ob->file_optional) - { - addr->transport_return = DEFER; - addr->message = string_sprintf("Failed to open file %s when sending " - "message from %s transport: %s", file, tblock->name, strerror(errno)); - return FALSE; - } + addr->transport_return = DEFER; + addr->basic_errno = errno; + addr->message = string_sprintf("Failed to open file %s when sending " + "message from %s transport: %s", file, tblock->name, strerror(errno)); + return FALSE; } /* Make a subprocess to send the message */ @@ -565,6 +563,7 @@ pid = child_open_exim(&fd); if (pid < 0) { addr->transport_return = DEFER; + addr->basic_errno = errno; addr->message = string_sprintf("Failed to create child process to send " "message from %s transport: %s", tblock->name, strerror(errno)); DEBUG(D_transport) debug_printf("%s\n", addr->message); diff --git a/src/src/transports/pipe.c b/src/src/transports/pipe.c index 4386a9ae6..a16a197a4 100644 --- a/src/src/transports/pipe.c +++ b/src/src/transports/pipe.c @@ -686,8 +686,7 @@ else if (timezone_string != NULL && timezone_string[0] != 0) if (envlist) { - envlist = expand_cstring(envlist); - if (envlist == NULL) + if (!(envlist = expand_cstring(envlist))) { addr->transport_return = DEFER; addr->message = string_sprintf("failed to expand string \"%s\" " @@ -702,6 +701,7 @@ while ((ss = string_nextinlist(&envlist, &envsep, big_buffer, big_buffer_size))) if (envcount > nelem(envp) - 2) { addr->transport_return = DEFER; + addr->basic_errno = E2BIG; addr->message = string_sprintf("too many environment settings for " "%s transport", tblock->name); return FALSE; diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index dee546ce1..7ea079fac 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -4925,7 +4925,7 @@ retry_non_continued: { for (address_item * addr = addrlist; addr; addr = addr->next) { - addr->basic_errno = 0; + addr->basic_errno = ERRNO_HOST_IS_LOCAL; addr->message = string_sprintf("%s transport found host %s to be " "local", tblock->name, host->name); } diff --git a/test/log/0228 b/test/log/0228 index 646034c58..7ae197dd5 100644 --- a/test/log/0228 +++ b/test/log/0228 @@ -1,3 +1,3 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaX-0005vi-00 H=127.0.0.1 [127.0.0.1] Connection refused -1999-03-02 09:44:33 10HmaX-0005vi-00 == abcd@x.y.z R=all T=smtp defer (0): smtp transport found host ip4.ip4.ip4.ip4 to be local +1999-03-02 09:44:33 10HmaX-0005vi-00 == abcd@x.y.z R=all T=smtp defer (-50): smtp transport found host ip4.ip4.ip4.ip4 to be local -- cgit v1.2.3 From adf703b6582dcb89a2592b3519fd2e5ed30682f3 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 5 Dec 2019 14:19:06 +0000 Subject: Testsuite: munge for platform errno value variances (Hurd) --- test/log/0076 | 2 +- test/log/0107 | 2 +- test/log/0128 | 2 +- test/log/0132 | 2 +- test/log/0158 | 4 ++-- test/log/0224 | 4 ++-- test/log/0260 | 4 ++-- test/log/0262 | 2 +- test/log/0318 | 2 +- test/log/4520 | 2 +- test/log/5900 | 2 +- test/msglog/0076.10HmaX-0005vi-00 | 2 +- test/msglog/0107.10HmaX-0005vi-00 | 2 +- test/msglog/0128.10HmaX-0005vi-00 | 2 +- test/msglog/0132.10HmaX-0005vi-00 | 2 +- test/paniclog/5900 | 2 +- test/runtest | 6 ++++++ test/stderr/0084 | 2 +- test/stderr/0370 | 2 +- test/stdout/3300 | 2 +- 20 files changed, 28 insertions(+), 22 deletions(-) diff --git a/test/log/0076 b/test/log/0076 index 309897cc4..7167206fc 100644 --- a/test/log/0076 +++ b/test/log/0076 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=localuser T=local_delivery defer (2): No such file or directory: creating lock file hitching post TESTSUITE/test-mail/subdir/userx.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=localuser T=local_delivery defer (EEE): No such file or directory: creating lock file hitching post TESTSUITE/test-mail/subdir/userx.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) diff --git a/test/log/0107 b/test/log/0107 index 6ff8b61e4..8e9b58607 100644 --- a/test/log/0107 +++ b/test/log/0107 @@ -3,5 +3,5 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 == usery@test.ex R=mboxuser T=appendfile defer (-34): mailbox TESTSUITE/test-mail/../test-empty/usery does not exist, but creation outside the home directory is not permitted 1999-03-02 09:44:33 10HmaX-0005vi-00 => userz R=mboxuser T=appendfile 1999-03-02 09:44:33 10HmaX-0005vi-00 => sub1 R=mboxuser T=appendfile -1999-03-02 09:44:33 10HmaX-0005vi-00 == sub2@test.ex R=mboxuser T=appendfile defer (2): No such file or directory: creating lock file hitching post TESTSUITE/test-empty/s/sub2.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) +1999-03-02 09:44:33 10HmaX-0005vi-00 == sub2@test.ex R=mboxuser T=appendfile defer (EEE): No such file or directory: creating lock file hitching post TESTSUITE/test-empty/s/sub2.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) 1999-03-02 09:44:33 10HmaX-0005vi-00 == sub3@test.ex R=mboxuser T=appendfile defer (-34): mailbox TESTSUITE/test-mail/link/sub3 does not exist, but creation outside the home directory is not permitted diff --git a/test/log/0128 b/test/log/0128 index f4abae8f1..cd115ce45 100644 --- a/test/log/0128 +++ b/test/log/0128 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=reply T=reply defer (0): Failed to open DBM file TESTSUITE/spool when sending message from reply transport: Is a directory +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=reply T=reply defer (EEE): Is a directory: Failed to open DBM file TESTSUITE/spool when sending message from reply transport: Is a directory diff --git a/test/log/0132 b/test/log/0132 index 1b6a61bca..751fdbc52 100644 --- a/test/log/0132 +++ b/test/log/0132 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=local T=appendfile defer (6): Error: while opening named pipe TESTSUITE/test-fifo (could mean no process is reading it) +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=local T=appendfile defer (EEE): Error: while opening named pipe TESTSUITE/test-fifo (could mean no process is reading it) diff --git a/test/log/0158 b/test/log/0158 index def23697d..33cf16a9e 100644 --- a/test/log/0158 +++ b/test/log/0158 @@ -5,6 +5,6 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 == CALLER@test.ex R=caller T=local_delivery defer (-1) 1999-03-02 09:44:33 10HmaX-0005vi-00 Frozen 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 == EXIMUSER@test.ex R=caller T=local_delivery defer (13): Permission denied: creating lock file hitching post TESTSUITE/test-mail/EXIMUSER.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) +1999-03-02 09:44:33 10HmaY-0005vi-00 == EXIMUSER@test.ex R=caller T=local_delivery defer (EEE): Permission denied: creating lock file hitching post TESTSUITE/test-mail/EXIMUSER.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaZ-0005vi-00 == EXIMUSER@test.ex R=caller T=local_delivery defer (13): Permission denied: creating lock file hitching post TESTSUITE/test-mail/EXIMUSER.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) +1999-03-02 09:44:33 10HmaZ-0005vi-00 == EXIMUSER@test.ex R=caller T=local_delivery defer (EEE): Permission denied: creating lock file hitching post TESTSUITE/test-mail/EXIMUSER.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) diff --git a/test/log/0224 b/test/log/0224 index 515a1f9d5..a03b4cd9b 100644 --- a/test/log/0224 +++ b/test/log/0224 @@ -8,11 +8,11 @@ 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss 1999-03-02 09:44:33 10HmaZ-0005vi-00 == hdefer@test.ex R=halias defer (-1): not just yet 1999-03-02 09:44:33 10HmaZ-0005vi-00 == defer@test.ex R=alias defer (-1): not just yet -1999-03-02 09:44:33 10HmaZ-0005vi-00 == /no/such/file R=alias T=address_file defer (13): Permission denied: failed to create directories for /no/such: Permission denied +1999-03-02 09:44:33 10HmaZ-0005vi-00 == /no/such/file R=alias T=address_file defer (EEE): Permission denied: failed to create directories for /no/such: Permission denied 1999-03-02 09:44:33 Start queue run: pid=pppp -qf 1999-03-02 09:44:33 10HmaZ-0005vi-00 == hdefer@test.ex R=halias defer (-1): not just yet 1999-03-02 09:44:33 10HmaZ-0005vi-00 == defer@test.ex R=alias defer (-1): not just yet -1999-03-02 09:44:33 10HmaZ-0005vi-00 == /no/such/file R=alias T=address_file defer (13): Permission denied: failed to create directories for /no/such: Permission denied +1999-03-02 09:44:33 10HmaZ-0005vi-00 == /no/such/file R=alias T=address_file defer (EEE): Permission denied: failed to create directories for /no/such: Permission denied 1999-03-02 09:44:33 10HmbA-0005vi-00 <= <> R=10HmaZ-0005vi-00 U=EXIMUSER P=local S=sss 1999-03-02 09:44:33 10HmbA-0005vi-00 => CALLER R=localuser T=local_delivery 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed diff --git a/test/log/0260 b/test/log/0260 index 108b9e2ac..bbde3046d 100644 --- a/test/log/0260 +++ b/test/log/0260 @@ -2,7 +2,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return@test.ex R=bad_return T=bad_return defer (-27): Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return2@test.ex R=bad_return T=bad_return defer (-27): Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" -1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.uid@test.ex R=bad_uid T=bad_uid defer (13): Permission denied: creating lock file hitching post TESTSUITE/test-mail/bad_uid.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) +1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.uid@test.ex R=bad_uid T=bad_uid defer (EEE): Permission denied: creating lock file hitching post TESTSUITE/test-mail/bad_uid.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) 1999-03-02 09:44:33 10HmaX-0005vi-00 home directory "${if rhubarb" failed to expand for exp_fail transport: unknown condition "rhubarb" 1999-03-02 09:44:33 10HmaX-0005vi-00 == exp.fail@test.ex R=exp_fail T=exp_fail defer (-27): home directory "${if rhubarb" failed to expand for exp_fail transport: unknown condition "rhubarb" 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx R=good T=local_delivery @@ -10,7 +10,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return@test.ex R=bad_return T=bad_return defer (-27): Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" 1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.return2@test.ex R=bad_return T=bad_return defer (-27): Failed to expand return path "${if" in bad_return transport: condition name expected, but found "" -1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.uid@test.ex R=bad_uid T=bad_uid defer (13): Permission denied: creating lock file hitching post TESTSUITE/test-mail/bad_uid.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) +1999-03-02 09:44:33 10HmaX-0005vi-00 == bad.uid@test.ex R=bad_uid T=bad_uid defer (EEE): Permission denied: creating lock file hitching post TESTSUITE/test-mail/bad_uid.lock.test.ex.dddddddd.pppppppp (euid=EXIM_UID egid=EXIM_GID) 1999-03-02 09:44:33 10HmaX-0005vi-00 home directory "${if rhubarb" failed to expand for exp_fail transport: unknown condition "rhubarb" 1999-03-02 09:44:33 10HmaX-0005vi-00 == exp.fail@test.ex R=exp_fail T=exp_fail defer (-27): home directory "${if rhubarb" failed to expand for exp_fail transport: unknown condition "rhubarb" 1999-03-02 09:44:33 End queue run: pid=pppp -qf diff --git a/test/log/0262 b/test/log/0262 index f918f5b8b..00f4f1894 100644 --- a/test/log/0262 +++ b/test/log/0262 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=good T=pipe defer (0): too many environment settings for pipe transport +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=good T=pipe defer (EEE): Argument list too long: too many environment settings for pipe transport diff --git a/test/log/0318 b/test/log/0318 index e85b9c343..df62c6c9f 100644 --- a/test/log/0318 +++ b/test/log/0318 @@ -2,4 +2,4 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx R=all T=local_delivery 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaY-0005vi-00 == userx@test.ex R=all T=local_delivery defer (17): File exists: while renaming TESTSUITE/test-mail/temp.pppp.the.local.host.name as TESTSUITE/test-mail/userx +1999-03-02 09:44:33 10HmaY-0005vi-00 == userx@test.ex R=all T=local_delivery defer (EEE): File exists: while renaming TESTSUITE/test-mail/temp.pppp.the.local.host.name as TESTSUITE/test-mail/userx diff --git a/test/log/4520 b/test/log/4520 index ecb7432c7..610738e21 100644 --- a/test/log/4520 +++ b/test/log/4520 @@ -23,7 +23,7 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 failed to expand dkim_timestamps: unknown variable in "${bogus}" 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: message could not be signed, and dkim_strict is set. Deferring message delivery. 1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: send() to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] failed: failed to expand dkim_timestamps: unknown variable in "${bogus}": No such file or directory -1999-03-02 09:44:33 10HmaX-0005vi-00 == e0@test.ex R=client T=send_to_server defer (2): No such file or directory H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: send() to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] failed: failed to expand dkim_timestamps: unknown variable in "${bogus}" +1999-03-02 09:44:33 10HmaX-0005vi-00 == e0@test.ex R=client T=send_to_server defer (EEE): No such file or directory H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: send() to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] failed: failed to expand dkim_timestamps: unknown variable in "${bogus}" 1999-03-02 09:44:33 10HmaX-0005vi-00 ** e0@test.ex: retry timeout exceeded 1999-03-02 09:44:33 10HmaX-0005vi-00 e0@test.ex: error ignored 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed diff --git a/test/log/5900 b/test/log/5900 index 8b273b8a9..cb074258c 100644 --- a/test/log/5900 +++ b/test/log/5900 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=scan T=scan defer (2): No such file or directory: scan transport accessing directory: TESTSUITE/test-mail/subdir failed with error: No such file or directory +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=scan T=scan defer (EEE): No such file or directory: scan transport accessing directory: TESTSUITE/test-mail/subdir failed with error: No such file or directory diff --git a/test/msglog/0076.10HmaX-0005vi-00 b/test/msglog/0076.10HmaX-0005vi-00 index 74759feaf..bb191544e 100644 --- a/test/msglog/0076.10HmaX-0005vi-00 +++ b/test/msglog/0076.10HmaX-0005vi-00 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 Received from CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 userx@test.ex R=localuser T=local_delivery defer (2): No such file or directory: creating lock file hitching post TESTSUITE/test-mail/subdir/userx.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) +1999-03-02 09:44:33 userx@test.ex R=localuser T=local_delivery defer (EEE): No such file or directory: creating lock file hitching post TESTSUITE/test-mail/subdir/userx.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) diff --git a/test/msglog/0107.10HmaX-0005vi-00 b/test/msglog/0107.10HmaX-0005vi-00 index 70d900d58..b9feb505a 100644 --- a/test/msglog/0107.10HmaX-0005vi-00 +++ b/test/msglog/0107.10HmaX-0005vi-00 @@ -3,5 +3,5 @@ 1999-03-02 09:44:33 usery@test.ex R=mboxuser T=appendfile defer (-34): mailbox TESTSUITE/test-mail/../test-empty/usery does not exist, but creation outside the home directory is not permitted 1999-03-02 09:44:33 userz@test.ex: appendfile transport succeeded 1999-03-02 09:44:33 sub1@test.ex: appendfile transport succeeded -1999-03-02 09:44:33 sub2@test.ex R=mboxuser T=appendfile defer (2): No such file or directory: creating lock file hitching post TESTSUITE/test-empty/s/sub2.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) +1999-03-02 09:44:33 sub2@test.ex R=mboxuser T=appendfile defer (EEE): No such file or directory: creating lock file hitching post TESTSUITE/test-empty/s/sub2.lock.test.ex.dddddddd.pppppppp (euid=CALLER_UID egid=CALLER_GID) 1999-03-02 09:44:33 sub3@test.ex R=mboxuser T=appendfile defer (-34): mailbox TESTSUITE/test-mail/link/sub3 does not exist, but creation outside the home directory is not permitted diff --git a/test/msglog/0128.10HmaX-0005vi-00 b/test/msglog/0128.10HmaX-0005vi-00 index 8493cf790..930261ebb 100644 --- a/test/msglog/0128.10HmaX-0005vi-00 +++ b/test/msglog/0128.10HmaX-0005vi-00 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 Received from CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 userx@test.ex R=reply T=reply defer (0): Failed to open DBM file TESTSUITE/spool when sending message from reply transport: Is a directory +1999-03-02 09:44:33 userx@test.ex R=reply T=reply defer (EEE): Is a directory: Failed to open DBM file TESTSUITE/spool when sending message from reply transport: Is a directory diff --git a/test/msglog/0132.10HmaX-0005vi-00 b/test/msglog/0132.10HmaX-0005vi-00 index bd92670e0..da30e099b 100644 --- a/test/msglog/0132.10HmaX-0005vi-00 +++ b/test/msglog/0132.10HmaX-0005vi-00 @@ -1,2 +1,2 @@ 1999-03-02 09:44:33 Received from CALLER@test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 userx@test.ex R=local T=appendfile defer (6): Error: while opening named pipe TESTSUITE/test-fifo (could mean no process is reading it) +1999-03-02 09:44:33 userx@test.ex R=local T=appendfile defer (EEE): Error: while opening named pipe TESTSUITE/test-fifo (could mean no process is reading it) diff --git a/test/paniclog/5900 b/test/paniclog/5900 index 70058d78e..80190a952 100644 --- a/test/paniclog/5900 +++ b/test/paniclog/5900 @@ -1 +1 @@ -1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=scan T=scan defer (2): No such file or directory: scan transport accessing directory: TESTSUITE/test-mail/subdir failed with error: No such file or directory +1999-03-02 09:44:33 10HmaX-0005vi-00 == userx@test.ex R=scan T=scan defer (EEE): No such file or directory: scan transport accessing directory: TESTSUITE/test-mail/subdir failed with error: No such file or directory diff --git a/test/runtest b/test/runtest index a8858b1cb..c6fd5ce54 100755 --- a/test/runtest +++ b/test/runtest @@ -1302,6 +1302,10 @@ RESET_AFTER_EXTRA_LINE_READ: # Platform differences in errno strings s/ SMTP\(Operation timed out\)< sha1: no > > -> # Combinations. These fail on FreddBSD as above. +> # Combinations. These fail on FreeBSD as above. > > y: Y > y: Y -- cgit v1.2.3 From ab6b4fdbded98ca6d185409e3c419ab1bfb26422 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 7 Dec 2019 22:07:02 +0000 Subject: FreeBSD: fix sendfile shim --- doc/doc-txt/ChangeLog | 4 ++++ src/OS/Makefile-Base | 28 ++++------------------------ src/OS/os.c-FreeBSD | 12 +++++++----- 3 files changed, 15 insertions(+), 29 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index a8cd823b5..9f18a2073 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -218,6 +218,10 @@ JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted buffer was used for the filename, resulting in a trap when tainted arguments (eg. $domain) were used. +JH/46 FreeBSD: fix use of the sendfile() syscall. The shim was not updating + the file-offset (which the Linux syscall does, and exim expects); this + resulted in an indefinite loop. + Exim version 4.92 ----------------- diff --git a/src/OS/Makefile-Base b/src/OS/Makefile-Base index 9ecde1d3e..36af8308d 100644 --- a/src/OS/Makefile-Base +++ b/src/OS/Makefile-Base @@ -79,23 +79,8 @@ Makefile: ../OS/Makefile-Base ../OS/Makefile-Default \ # Build (link) the os.h file -#os.h: $(SCRIPTS)/Configure-os.h \ -# $(O)/os.h-AIX $(O)/os.h-BSDI $(O)/os.h-cygwin \ -# $(O)/os.h-Darwin $(O)/os.h-DGUX $(O)/os.h-DragonFly \ -# $(O)/os.h-FreeBSD $(O)/os.h-GNU $(O)/os.h-GNUkFreeBSD \ -# $(O)/os.h-GNUkNetBSD $(O)/os.h-HI-OSF \ -# $(O)/os.h-HI-UX $(O)/os.h-HP-UX $(O)/os.h-HP-UX-9 \ -# $(O)/os.h-IRIX $(O)/os.h-IRIX6 $(O)/os.h-IRIX632 \ -# $(O)/os.h-IRIX65 $(O)/os.h-Linux $(O)/os.h-mips \ -# $(O)/os.h-NetBSD $(O)/os.h-NetBSD-a.out \ -# $(O)/os.h-OpenBSD $(O)/os.h-OpenUNIX $(O)/os.h-OSF1 \ -# $(O)/os.h-QNX $(O)/os.h-SCO $(O)/os.h-SCO_SV \ -# $(O)/os.h-SunOS4 $(O)/os.h-SunOS5 $(O)/os.h-SunOS5-hal \ -# $(O)/os.h-ULTRIX $(O)/os.h-UNIX_SV \ -# $(O)/os.h-Unixware7 $(O)/os.h-USG -# $(SHELL) $(SCRIPTS)/Configure-os.h - os.h: $(SCRIPTS)/Configure-os.h \ + $(O)/os.h-Darwin \ $(O)/os.h-FreeBSD \ $(O)/os.h-GNU \ $(O)/os.h-Linux \ @@ -105,17 +90,12 @@ os.h: $(SCRIPTS)/Configure-os.h \ # Build the os.c file -#os.c: ../src/os.c \ -# $(SCRIPTS)/Configure-os.c \ -# $(O)/os.c-cygwin $(O)/os.c-GNU $(O)/os.c-HI-OSF \ -# $(O)/os.c-IRIX $(O)/os.c-IRIX6 $(O)/os.c-IRIX632 \ -# $(O)/os.c-IRIX65 $(O)/os.c-Linux $(O)/os.c-OSF1 -# $(SHELL) $(SCRIPTS)/Configure-os.c - os.c: ../src/os.c \ $(SCRIPTS)/Configure-os.c \ + $(O)/os.c-FreeBSD \ $(O)/os.c-GNU \ - $(O)/os.c-Linux + $(O)/os.c-Linux \ + $(O)/os.c-SunOS5 $(SHELL) $(SCRIPTS)/Configure-os.c # Build the config.h file. diff --git a/src/OS/os.c-FreeBSD b/src/OS/os.c-FreeBSD index 1261b8557..4cc46c752 100644 --- a/src/OS/os.c-FreeBSD +++ b/src/OS/os.c-FreeBSD @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Jeremy Harris 1995 - 2018 */ +/* Copyright (c) Jeremy Harris 1995 - 2019 */ /* See the file NOTICE for conditions of use and distribution. */ /* FreeBSD-specific code. This is concatenated onto the generic @@ -14,11 +14,13 @@ src/os.c file. */ *************/ ssize_t -os_sendfile(int out, int in, off_t * off, size_t cnt) +os_sendfile(int out, int in, off_t * offp, size_t cnt) { -off_t written; -return sendfile(in, out, *off, cnt, NULL, &written, 0) < 0 - ? (ssize_t) -1 : (ssize_t) written; +off_t loff = *offp, written; + +if (sendfile(in, out, loff, cnt, NULL, &written, 0) < 0) return (ssize_t)-1; +*offp = loff + written; +return (ssize_t)written; } /* End of os.c-Linux */ -- cgit v1.2.3 From 73a10da9bbc6aadd03c3aff7a12307252e617a71 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 3 Dec 2019 22:12:09 +0000 Subject: FreeBSD: better support for TFO --- src/OS/os.c-FreeBSD | 23 +++++++++- src/OS/os.h-FreeBSD | 8 +--- src/src/ip.c | 57 ++++++++++++------------ src/src/smtp_in.c | 25 ++++++++--- src/src/smtp_out.c | 26 +++++++++-- src/src/transport.c | 85 ++++++++++++++++++++---------------- test/scripts/1990-TCP-Fast-Open/1990 | 10 ++--- 7 files changed, 148 insertions(+), 86 deletions(-) diff --git a/src/OS/os.c-FreeBSD b/src/OS/os.c-FreeBSD index 4cc46c752..c0fd48df8 100644 --- a/src/OS/os.c-FreeBSD +++ b/src/OS/os.c-FreeBSD @@ -10,7 +10,7 @@ src/os.c file. */ /************* -* Sendfile * +Sendfile shim *************/ ssize_t @@ -23,4 +23,25 @@ if (sendfile(in, out, loff, cnt, NULL, &written, 0) < 0) return (ssize_t)-1; return (ssize_t)written; } +/************************************************* +TCP Fast Open: check that the ioctl is accepted +*************************************************/ + +#ifndef COMPILE_UTILITY +void +tfo_probe(void) +{ +# ifdef TCP_FASTOPEN +int sock; + +if ( (sock = socket(AF_INET, SOCK_STREAM, 0)) >= 0 + && setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &on, sizeof(on) >= 0) + ) + f.tcp_fastopen_ok = TRUE; +close(sock); +# endif +} +#endif + + /* End of os.c-Linux */ diff --git a/src/OS/os.h-FreeBSD b/src/OS/os.h-FreeBSD index 4f1c616f0..a15d47508 100644 --- a/src/OS/os.h-FreeBSD +++ b/src/OS/os.h-FreeBSD @@ -57,15 +57,9 @@ extern ssize_t os_sendfile(int, int, off_t *, size_t); /*******************/ -/* TCP_FASTOPEN support. There does not seems to be a -MSG_FASTOPEN defined yet... */ #define EXIM_TFO_PROBE +#define EXIM_TFO_FREEBSD -#include /* for TCP_FASTOPEN */ -#include /* for MSG_FASTOPEN */ -#if defined(TCP_FASTOPEN) && !defined(MSG_FASTOPEN) -# define MSG_FASTOPEN 0x20000000 -#endif /* for TCP state-variable values, for TFO logging */ #include diff --git a/src/src/ip.c b/src/src/ip.c index 70e3e2064..108c21d92 100644 --- a/src/src/ip.c +++ b/src/src/ip.c @@ -14,6 +14,12 @@ different places in the code where sockets are used. */ #include "exim.h" +#if defined(TCP_FASTOPEN) +# if defined(MSG_FASTOPEN) || defined(EXIM_TFO_CONNECTX) || defined(EXIM_TFO_FREEBSD) +# define EXIM_SUPPORT_TFO +# endif +#endif + /************************************************* * Create a socket * *************************************************/ @@ -160,26 +166,6 @@ return bind(sock, (struct sockaddr *)&sin, s_len); -/************************************************* -*************************************************/ - -#ifdef EXIM_TFO_PROBE -void -tfo_probe(void) -{ -# ifdef TCP_FASTOPEN -int sock, backlog = 5; - -if ( (sock = socket(SOCK_STREAM, AF_INET, 0)) < 0 - && setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &backlog, sizeof(backlog)) - ) - f.tcp_fastopen_ok = TRUE; -close(sock); -# endif -} -#endif - - /************************************************* * Connect socket to remote host * *************************************************/ @@ -245,7 +231,7 @@ callout_address = string_sprintf("[%s]:%d", address, port); sigalrm_seen = FALSE; if (timeout > 0) ALARM(timeout); -#if defined(TCP_FASTOPEN) && (defined(MSG_FASTOPEN) || defined(EXIM_TFO_CONNECTX)) +#ifdef EXIM_SUPPORT_TFO /* TCP Fast Open, if the system has a cookie from a previous call to this peer, can send data in the SYN packet. The peer can send data before it gets our ACK of its SYN,ACK - the latter is useful for @@ -255,8 +241,7 @@ possibly use the data-on-syn, so support that too. */ if (fastopen_blob && f.tcp_fastopen_ok) { # ifdef MSG_FASTOPEN - /* This is a Linux implementation. FreeBSD does not seem to have MSG_FASTOPEN so - how to get TFO is unknown. */ + /* This is a Linux implementation. */ if ((rc = sendto(sock, fastopen_blob->data, fastopen_blob->len, MSG_FASTOPEN | MSG_DONTWAIT, s_ptr, s_len)) >= 0) @@ -292,8 +277,26 @@ if (fastopen_blob && f.tcp_fastopen_ok) debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); goto legacy_connect; } -# endif -# ifdef EXIM_TFO_CONNECTX + +# elif defined(EXIM_TFO_FREEBSD) + /* Re: https://people.freebsd.org/~pkelsey/tfo-tools/tfo-client.c */ + + if (setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &on, sizeof(on)) < 0) + { + DEBUG(D_transport) + debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); + goto legacy_connect; + } + if ((rc = sendto(sock, fastopen_blob->data, fastopen_blob->len, 0, + s_ptr, s_len)) >= 0) + { + DEBUG(D_transport|D_v) + debug_printf(" TFO mode connection attempt to %s, %lu data\n", + address, (unsigned long)fastopen_blob->len); + tcp_out_fastopen = fastopen_blob->len > 0 ? TFO_ATTEMPTED_DATA : TFO_ATTEMPTED_NODATA; + } + +# elif defined(EXIM_TFO_CONNECTX) /* MacOS */ sa_endpoints_t ends = { .sae_srcif = 0, .sae_srcaddr = NULL, .sae_srcaddrlen = 0, @@ -329,9 +332,9 @@ if (fastopen_blob && f.tcp_fastopen_ok) # endif } else -#endif /*TCP_FASTOPEN*/ +#endif /*EXIM_SUPPORT_TFO*/ { -#if defined(TCP_FASTOPEN) && defined(MSG_FASTOPEN) +#if defined(EXIM_SUPPORT_TFO) && !defined(EXIM_TFO_CONNECTX) legacy_connect: #endif diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index b88fde1b5..c2e234ab5 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2405,20 +2405,35 @@ struct tcp_info tinfo; socklen_t len = sizeof(tinfo); if (getsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0) -#ifdef TCPI_OPT_SYN_DATA /* FreeBSD 11 does not seem to have this yet */ +# ifdef TCPI_OPT_SYN_DATA /* FreeBSD 11,12 do not seem to have this yet */ if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA) { - DEBUG(D_receive) debug_printf("TCP_FASTOPEN mode connection (ACKd data-on-SYN)\n"); + DEBUG(D_receive) + debug_printf("TCP_FASTOPEN mode connection (ACKd data-on-SYN)\n"); f.tcp_in_fastopen_data = f.tcp_in_fastopen = TRUE; } else -#endif - if (tinfo.tcpi_state == TCP_SYN_RECV) +# endif + if (tinfo.tcpi_state == TCP_SYN_RECV) /* Not seen on FreeBSD 12.1 */ + { + DEBUG(D_receive) + debug_printf("TCP_FASTOPEN mode connection (state TCP_SYN_RECV)\n"); + f.tcp_in_fastopen = TRUE; + } +# ifdef __FreeBSD__ + else if (tinfo.tcpi_options & TCPOPT_FAST_OPEN) { - DEBUG(D_receive) debug_printf("TCP_FASTOPEN mode connection (state TCP_SYN_RECV)\n"); + /* This only tells us that some combination of the TCP options was used. It + can be a TFO-R received (as of 12.1). However, pretend it shows real usage + (that an acceptable TFO-C was received and acted on). Ignore the possibility + of data-on-SYN for now. */ + DEBUG(D_receive) debug_printf("TCP_FASTOPEN mode connection (TFO option used)\n"); f.tcp_in_fastopen = TRUE; } +# endif # endif +else DEBUG(D_receive) + debug_printf("TCP_INFO getsockopt: %s\n", strerror(errno)); } #endif diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c index 07cc9b762..3dc3a13fb 100644 --- a/src/src/smtp_out.c +++ b/src/src/smtp_out.c @@ -155,9 +155,28 @@ return TRUE; static void tfo_out_check(int sock) { -# if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED) struct tcp_info tinfo; -socklen_t len = sizeof(tinfo); +int val; +socklen_t len = sizeof(val); + +# ifdef __FreeBSD__ +/* The observability as of 12.1 is not useful as a client, only telling us that +a TFO option was used on SYN. It could have been a TFO-R, or ignored by the +server. */ + +/* +if (tcp_out_fastopen == TFO_ATTEMPTED_NODATA || tcp_out_fastopen == TFO_ATTEMPTED_DATA) + if (getsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &val, &len) == 0 && val != 0) {} +*/ +switch (tcp_out_fastopen) + { + case TFO_ATTEMPTED_NODATA: tcp_out_fastopen = TFO_USED_NODATA; break; + case TFO_ATTEMPTED_DATA: tcp_out_fastopen = TFO_USED_DATA; break; + default: break; /* compiler quietening */ + } + +# else /* Linux & Apple */ +# if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED) switch (tcp_out_fastopen) { @@ -205,7 +224,8 @@ switch (tcp_out_fastopen) default: break; /* compiler quietening */ } -# endif +# endif +# endif /* Linux & Apple */ } #endif diff --git a/src/src/transport.c b/src/src/transport.c index df7fd1628..14bd91cdb 100644 --- a/src/src/transport.c +++ b/src/src/transport.c @@ -172,6 +172,20 @@ for (transport_instance * t = transports; t; t = t->next) * Write block of data * *************************************************/ +static int +tpt_write(int fd, uschar * block, int len, BOOL more, int options) +{ +return +#ifndef DISABLE_TLS + tls_out.active.sock == fd + ? tls_write(tls_out.active.tls_ctx, block, len, more) : +#endif +#ifdef MSG_MORE + more && !(options & topt_not_socket) ? send(fd, block, len, MSG_MORE) : +#endif + write(fd, block, len); +} + /* Subroutine called by write_chunk() and at the end of the message actually to write a data block. Also called directly by some transports to write additional data to the file descriptor (e.g. prefix, suffix). @@ -215,10 +229,11 @@ Returns: TRUE on success, FALSE on failure (with errno preserved); */ static BOOL -transport_write_block_fd(transport_ctx * tctx, uschar *block, int len, BOOL more) +transport_write_block_fd(transport_ctx * tctx, uschar * block, int len, BOOL more) { int rc, save_errno; int local_timeout = transport_write_timeout; +int connretry = 1; int fd = tctx->u.fd; /* This loop is for handling incomplete writes and other retries. In most @@ -230,48 +245,42 @@ for (int i = 0; i < 100; i++) debug_printf("writing data block fd=%d size=%d timeout=%d%s\n", fd, len, local_timeout, more ? " (more expected)" : ""); - /* This code makes use of alarm() in order to implement the timeout. This - isn't a very tidy way of doing things. Using non-blocking I/O with select() - provides a neater approach. However, I don't know how to do this when TLS is - in use. */ - - if (transport_write_timeout <= 0) /* No timeout wanted */ - { - rc = -#ifndef DISABLE_TLS - tls_out.active.sock == fd ? tls_write(tls_out.active.tls_ctx, block, len, more) : -#endif -#ifdef MSG_MORE - more && !(tctx->options & topt_not_socket) - ? send(fd, block, len, MSG_MORE) : -#endif - write(fd, block, len); - save_errno = errno; - } + /* When doing TCP Fast Open we may get this far before the 3-way handshake + is complete, and write returns ENOTCONN. Detect that, wait for the socket + to become writable, and retry once only. */ - /* Timeout wanted. */ - - else + for(;;) { - ALARM(local_timeout); + fd_set fds; + /* This code makes use of alarm() in order to implement the timeout. This + isn't a very tidy way of doing things. Using non-blocking I/O with select() + provides a neater approach. However, I don't know how to do this when TLS is + in use. */ - rc = -#ifndef DISABLE_TLS - tls_out.active.sock == fd ? tls_write(tls_out.active.tls_ctx, block, len, more) : -#endif -#ifdef MSG_MORE - more && !(tctx->options & topt_not_socket) - ? send(fd, block, len, MSG_MORE) : -#endif - write(fd, block, len); - - save_errno = errno; - local_timeout = ALARM_CLR(0); - if (sigalrm_seen) + if (transport_write_timeout <= 0) /* No timeout wanted */ { - errno = ETIMEDOUT; - return FALSE; + rc = tpt_write(fd, block, len, more, tctx->options); + save_errno = errno; } + else /* Timeout wanted. */ + { + ALARM(local_timeout); + rc = tpt_write(fd, block, len, more, tctx->options); + save_errno = errno; + local_timeout = ALARM_CLR(0); + if (sigalrm_seen) + { + errno = ETIMEDOUT; + return FALSE; + } + } + + if (rc >= 0 || errno != ENOTCONN || connretry <= 0) + break; + + FD_ZERO(&fds); FD_SET(fd, &fds); + select(fd+1, NULL, &fds, NULL, NULL); /* could set timout? */ + connretry--; } /* Hopefully, the most common case is success, so test that first. */ diff --git a/test/scripts/1990-TCP-Fast-Open/1990 b/test/scripts/1990-TCP-Fast-Open/1990 index 1fc4682aa..80059e685 100644 --- a/test/scripts/1990-TCP-Fast-Open/1990 +++ b/test/scripts/1990-TCP-Fast-Open/1990 @@ -22,6 +22,11 @@ # which might do the job. But how to manipulate it? # # +# FreeBSD: it looks like you have to compile a custom kernel, with +# 'options TCP_RFC7413' in the config. Also set +# 'net.inet.tcp.fastopen.server_enable=1' in /etc/sysctl.conf +# Seems to always claim TFO used by transport, if tried. +# sudo perl system ("tc qdisc add dev lo root netem delay 50ms"); **** @@ -50,11 +55,6 @@ system ("ip tcp_metrics delete 127.0.0.1"); # # # -# FreeBSD: it looks like you have to compile a custom kernel, with -# 'options TCP_RFC7413' in the config. Also set -# 'net.inet.tcp.fastopen.enabled=1' in /etc/sysctl.conf -# Untested. -# exim -DSERVER=server -bd -oX PORT_D **** # -- cgit v1.2.3 From 8cb1a4f75c3d1acaed66495ccbd7820694ee20b0 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 8 Dec 2019 13:13:24 +0000 Subject: Fix macOS build Broken-by: 73a10da9bb --- src/src/smtp_in.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index c2e234ab5..9a31247be 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2431,9 +2431,9 @@ if (getsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0) f.tcp_in_fastopen = TRUE; } # endif -# endif else DEBUG(D_receive) debug_printf("TCP_INFO getsockopt: %s\n", strerror(errno)); +# endif } #endif -- cgit v1.2.3 From 53c7b3a70978c2748f46d1d99211530750b1de22 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 8 Dec 2019 19:26:15 +0000 Subject: Fix macOS build --- src/src/smtp_in.c | 38 +++++++++++++++++++++++--------------- src/src/smtp_out.c | 4 +++- 2 files changed, 26 insertions(+), 16 deletions(-) diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 9a31247be..580fe9f91 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2400,7 +2400,26 @@ return FALSE; static void tfo_in_check(void) { -# ifdef TCP_INFO +# ifdef __FreeBSD__ +int is_fastopen; +socklen_t len = sizeof(is_fastopen); + +/* The tinfo TCPOPT_FAST_OPEN bit seems unreliable, and we don't see state +TCP_SYN_RCV (as of 12.1) so no idea about data-use. */ + +if (getsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_FASTOPEN, &is_fastopen, &len) == 0) + { + if (is_fastopen) + { + DEBUG(D_receive) + debug_printf("TFO mode connection (TCP_FASTOPEN getsockopt)\n"); + f.tcp_in_fastopen = TRUE; + } + } +else DEBUG(D_receive) + debug_printf("TCP_INFO getsockopt: %s\n", strerror(errno)); + +# elif defined(TCP_INFO) struct tcp_info tinfo; socklen_t len = sizeof(tinfo); @@ -2409,7 +2428,7 @@ if (getsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0) if (tinfo.tcpi_options & TCPI_OPT_SYN_DATA) { DEBUG(D_receive) - debug_printf("TCP_FASTOPEN mode connection (ACKd data-on-SYN)\n"); + debug_printf("TFO mode connection (ACKd data-on-SYN)\n"); f.tcp_in_fastopen_data = f.tcp_in_fastopen = TRUE; } else @@ -2417,20 +2436,9 @@ if (getsockopt(fileno(smtp_out), IPPROTO_TCP, TCP_INFO, &tinfo, &len) == 0) if (tinfo.tcpi_state == TCP_SYN_RECV) /* Not seen on FreeBSD 12.1 */ { DEBUG(D_receive) - debug_printf("TCP_FASTOPEN mode connection (state TCP_SYN_RECV)\n"); + debug_printf("TFO mode connection (state TCP_SYN_RECV)\n"); f.tcp_in_fastopen = TRUE; } -# ifdef __FreeBSD__ - else if (tinfo.tcpi_options & TCPOPT_FAST_OPEN) - { - /* This only tells us that some combination of the TCP options was used. It - can be a TFO-R received (as of 12.1). However, pretend it shows real usage - (that an acceptable TFO-C was received and acted on). Ignore the possibility - of data-on-SYN for now. */ - DEBUG(D_receive) debug_printf("TCP_FASTOPEN mode connection (TFO option used)\n"); - f.tcp_in_fastopen = TRUE; - } -# endif else DEBUG(D_receive) debug_printf("TCP_INFO getsockopt: %s\n", strerror(errno)); # endif @@ -3050,7 +3058,7 @@ smtp_printf("%s", handshake arrived. If so we must have managed a TFO. */ #ifdef TCP_FASTOPEN -tfo_in_check(); +if (sender_host_address && !f.sender_host_notsocket) tfo_in_check(); #endif return TRUE; diff --git a/src/src/smtp_out.c b/src/src/smtp_out.c index 3dc3a13fb..96ee15282 100644 --- a/src/src/smtp_out.c +++ b/src/src/smtp_out.c @@ -155,11 +155,11 @@ return TRUE; static void tfo_out_check(int sock) { +# ifdef __FreeBSD__ struct tcp_info tinfo; int val; socklen_t len = sizeof(val); -# ifdef __FreeBSD__ /* The observability as of 12.1 is not useful as a client, only telling us that a TFO option was used on SYN. It could have been a TFO-R, or ignored by the server. */ @@ -177,6 +177,8 @@ switch (tcp_out_fastopen) # else /* Linux & Apple */ # if defined(TCP_INFO) && defined(EXIM_HAVE_TCPI_UNACKED) +struct tcp_info tinfo; +socklen_t len = sizeof(tinfo); switch (tcp_out_fastopen) { -- cgit v1.2.3 From 277b99794bf90e4a64b4adee88c08bed417bc5ee Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 8 Dec 2019 21:15:17 +0000 Subject: Testsuite: explicitly disable TFO in transports --- test/confs/0015 | 1 + test/confs/0032 | 1 + test/confs/0033 | 1 + test/confs/0036 | 1 + test/confs/0039 | 1 + test/confs/0045 | 1 + test/confs/0047 | 1 + test/confs/0054 | 1 + test/confs/0055 | 1 + test/confs/0078 | 1 + test/confs/0089 | 1 + test/confs/0098 | 2 ++ test/confs/0099 | 1 + test/confs/0100 | 2 ++ test/confs/0101 | 1 + test/confs/0106 | 1 + test/confs/0108 | 1 + test/confs/0109 | 1 + test/confs/0130 | 1 + test/confs/0135 | 1 + test/confs/0143 | 1 + test/confs/0144 | 1 + test/confs/0145 | 1 + test/confs/0146 | 1 + test/confs/0147 | 1 + test/confs/0160 | 1 + test/confs/0161 | 1 + test/confs/0163 | 1 + test/confs/0175 | 1 + test/confs/0177 | 1 + test/confs/0179 | 1 + test/confs/0183 | 1 + test/confs/0185 | 1 + test/confs/0186 | 1 + test/confs/0187 | 1 + test/confs/0190 | 3 +++ test/confs/0191 | 1 + test/confs/0197 | 1 + test/confs/0198 | 1 + test/confs/0200 | 1 + test/confs/0201 | 1 + test/confs/0203 | 1 + test/confs/0208 | 1 + test/confs/0209 | 1 + test/confs/0210 | 1 + test/confs/0211 | 1 + test/confs/0213 | 1 + test/confs/0215 | 1 + test/confs/0216 | 1 + test/confs/0217 | 1 + test/confs/0218 | 1 + test/confs/0225 | 1 + test/confs/0227 | 1 + test/confs/0228 | 1 + test/confs/0229 | 1 + test/confs/0230 | 1 + test/confs/0231 | 1 + test/confs/0238 | 1 + test/confs/0239 | 1 + test/confs/0242 | 1 + test/confs/0253 | 1 + test/confs/0257 | 1 + test/confs/0259 | 1 + test/confs/0261 | 2 ++ test/confs/0263 | 1 + test/confs/0273 | 1 + test/confs/0276 | 1 + test/confs/0285 | 1 + test/confs/0286 | 1 + test/confs/0288 | 1 + test/confs/0292 | 1 + test/confs/0299 | 1 + test/confs/0315 | 1 + test/confs/0322 | 1 + test/confs/0332 | 1 + test/confs/0333 | 1 + test/confs/0334 | 1 + test/confs/0341 | 1 + test/confs/0342 | 1 + test/confs/0343 | 1 + test/confs/0344 | 4 ++++ test/confs/0350 | 1 + test/confs/0357 | 1 + test/confs/0358 | 1 + test/confs/0360 | 1 + test/confs/0361 | 1 + test/confs/0362 | 1 + test/confs/0363 | 1 + test/confs/0364 | 1 + test/confs/0365 | 1 + test/confs/0366 | 1 + test/confs/0367 | 1 + test/confs/0368 | 1 + test/confs/0374 | 1 + test/confs/0375 | 3 +++ test/confs/0376 | 1 + test/confs/0388 | 1 + test/confs/0392 | 2 ++ test/confs/0398 | 1 + test/confs/0405 | 1 + test/confs/0413 | 2 ++ test/confs/0417 | 1 + test/confs/0419 | 1 + test/confs/0425 | 1 + test/confs/0426 | 1 + test/confs/0429 | 1 + test/confs/0430 | 1 + test/confs/0431 | 1 + test/confs/0432 | 1 + test/confs/0434 | 1 + test/confs/0440 | 1 + test/confs/0447 | 1 + test/confs/0450 | 1 + test/confs/0455 | 1 + test/confs/0461 | 1 + test/confs/0462 | 1 + test/confs/0463 | 1 + test/confs/0464 | 1 + test/confs/0466 | 1 + test/confs/0467 | 1 + test/confs/0469 | 1 + test/confs/0473 | 1 + test/confs/0474 | 1 + test/confs/0476 | 1 + test/confs/0477 | 1 + test/confs/0478 | 1 + test/confs/0479 | 1 + test/confs/0492 | 1 + test/confs/0495 | 3 +++ test/confs/0497 | 1 + test/confs/0498 | 1 + test/confs/0499 | 1 + test/confs/0504 | 1 + test/confs/0511 | 1 + test/confs/0512 | 1 + test/confs/0518 | 2 ++ test/confs/0519 | 1 + test/confs/0525 | 1 + test/confs/0528 | 1 + test/confs/0531 | 1 + test/confs/0538 | 1 + test/confs/0540 | 1 + test/confs/0543 | 1 + test/confs/0544 | 1 + test/confs/0545 | 1 + test/confs/0548 | 1 + test/confs/0550 | 1 + test/confs/0552 | 1 + test/confs/0553 | 1 + test/confs/0554 | 1 + test/confs/0557 | 1 + test/confs/0561 | 1 + test/confs/0565 | 2 ++ test/confs/0570 | 1 + test/confs/0572 | 1 + test/confs/0580 | 1 + test/confs/0603 | 1 + test/confs/0604 | 1 + test/confs/0607 | 1 + test/confs/0610 | 2 ++ test/confs/0611 | 1 + test/confs/0613 | 1 + test/confs/0616 | 1 + test/confs/0617 | 1 + test/confs/0618 | 1 + test/confs/0900 | 2 ++ test/confs/0901 | 2 ++ test/confs/0906 | 2 ++ test/confs/1003 | 6 ++++++ test/confs/1005 | 1 + test/confs/1006 | 1 + test/confs/1008 | 1 + test/confs/1009 | 1 + test/confs/2000 | 1 + test/confs/2001 | 1 + test/confs/2007 | 2 ++ test/confs/2008 | 2 ++ test/confs/2009 | 3 ++- test/confs/2010 | 3 ++- test/confs/2012 | 12 +++++++++--- test/confs/2013 | 3 ++- test/confs/2016 | 1 + test/confs/2017 | 3 ++- test/confs/2021 | 1 + test/confs/2025 | 1 + test/confs/2026 | 1 + test/confs/2030 | 2 ++ test/confs/2031 | 2 ++ test/confs/2033 | 13 ++++++++++--- test/confs/2100 | 1 + test/confs/2101 | 1 + test/confs/2107 | 2 ++ test/confs/2108 | 2 ++ test/confs/2109 | 3 ++- test/confs/2110 | 3 ++- test/confs/2111 | 3 ++- test/confs/2112 | 12 +++++++++--- test/confs/2113 | 3 ++- test/confs/2116 | 3 ++- test/confs/2117 | 3 ++- test/confs/2120 | 1 + test/confs/2121 | 1 + test/confs/2125 | 3 ++- test/confs/2126 | 1 + test/confs/2127 | 1 + test/confs/2130 | 2 ++ test/confs/2131 | 2 ++ test/confs/2133 | 13 ++++++++++--- test/confs/2135 | 1 + test/confs/2138 | 3 ++- test/confs/2149 | 1 + test/confs/2151 | 1 + test/confs/2152 | 2 ++ test/confs/2201 | 1 + test/confs/3207 | 1 + test/confs/3209 | 1 + test/confs/3401 | 6 ++++-- test/confs/3404 | 3 ++- test/confs/3405 | 3 ++- test/confs/3412 | 1 + test/confs/3416 | 2 ++ test/confs/3451 | 3 ++- test/confs/3452 | 3 ++- test/confs/3455 | 1 + test/confs/3461 | 3 ++- test/confs/3462 | 3 ++- test/confs/3465 | 1 + test/confs/3501 | 6 ++++-- test/confs/3600 | 1 + test/confs/3700 | 2 ++ test/confs/3720 | 1 + test/confs/4028 | 1 + test/confs/4029 | 1 + test/confs/4201 | 1 + test/confs/4211 | 1 + test/confs/4221 | 1 + test/confs/4520 | 1 + test/confs/4525 | 1 + test/confs/4550 | 1 + test/confs/4700 | 1 + test/confs/4800 | 1 + test/confs/4801 | 1 + test/confs/4802 | 1 + test/confs/4803 | 1 + test/confs/4804 | 1 + test/confs/4950 | 1 + test/confs/5204 | 2 ++ test/confs/5205 | 1 + test/confs/5206 | 1 + test/confs/5208 | 1 + test/confs/5300 | 1 + test/confs/5301 | 1 + test/confs/5400 | 2 ++ test/confs/5401 | 1 + test/confs/5402 | 1 + test/confs/5403 | 2 ++ test/confs/5410 | 1 + test/confs/5420 | 1 + test/confs/5510 | 1 + test/confs/5601 | 4 ++++ test/confs/5611 | 4 ++++ test/confs/5651 | 4 ++++ test/confs/5652 | 1 + test/confs/5700 | 1 + test/confs/5702 | 1 + test/confs/5703 | 1 + test/confs/5710 | 1 + test/confs/5720 | 1 + test/confs/5730 | 4 ++++ test/confs/5740 | 4 ++++ test/confs/5820 | 1 + test/confs/5840 | 1 + test/confs/5860 | 1 + test/confs/5861 | 1 + test/confs/5880 | 1 + test/confs/5890 | 1 + test/confs/5891 | 1 + test/confs/9900 | 1 + test/confs/9901 | 1 + test/confs/9903 | 1 + test/runtest | 2 +- test/stderr/5204 | 2 +- test/stderr/5410 | 6 +++--- test/stderr/5420 | 6 +++--- test/stderr/5820 | 2 +- test/stderr/5840 | 2 +- test/stdout/0572 | 4 +++- 287 files changed, 405 insertions(+), 45 deletions(-) diff --git a/test/confs/0015 b/test/confs/0015 index c6fccd316..dbbdfd059 100644 --- a/test/confs/0015 +++ b/test/confs/0015 @@ -100,6 +100,7 @@ delivery_s: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost address_reply: diff --git a/test/confs/0032 b/test/confs/0032 index 961cefadd..caf5edb28 100644 --- a/test/confs/0032 +++ b/test/confs/0032 @@ -38,6 +38,7 @@ local_delivery: smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0033 b/test/confs/0033 index ca06da772..c6bf4d32e 100644 --- a/test/confs/0033 +++ b/test/confs/0033 @@ -38,5 +38,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0036 b/test/confs/0036 index 48479c787..ded64879f 100644 --- a/test/confs/0036 +++ b/test/confs/0036 @@ -43,5 +43,6 @@ local_delivery: send_to_server: driver = smtp port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/0039 b/test/confs/0039 index 8ca8b1eec..f718997e9 100644 --- a/test/confs/0039 +++ b/test/confs/0039 @@ -37,5 +37,6 @@ begin transports t1: driver = smtp hosts = V4NET.0.0.0 + hosts_try_fastopen = : # End diff --git a/test/confs/0045 b/test/confs/0045 index a59c8e2c1..2a9efb565 100644 --- a/test/confs/0045 +++ b/test/confs/0045 @@ -21,6 +21,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0047 b/test/confs/0047 index 187f855ef..f9d77bdc2 100644 --- a/test/confs/0047 +++ b/test/confs/0047 @@ -25,5 +25,6 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0054 b/test/confs/0054 index 3ad875157..1af7c0d51 100644 --- a/test/confs/0054 +++ b/test/confs/0054 @@ -25,6 +25,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0055 b/test/confs/0055 index 72a2be740..6cc9b7c18 100644 --- a/test/confs/0055 +++ b/test/confs/0055 @@ -52,6 +52,7 @@ local_delivery: smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0078 b/test/confs/0078 index aa1e445f3..fe325bc39 100644 --- a/test/confs/0078 +++ b/test/confs/0078 @@ -44,6 +44,7 @@ begin transports remote_smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0089 b/test/confs/0089 index b8bd142db..4a2a65828 100644 --- a/test/confs/0089 +++ b/test/confs/0089 @@ -68,6 +68,7 @@ begin transports dummy: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0098 b/test/confs/0098 index 719971c9c..cce115f12 100644 --- a/test/confs/0098 +++ b/test/confs/0098 @@ -92,10 +92,12 @@ smtp: driver = smtp connect_timeout = 1s port = PORT_D + hosts_try_fastopen = : smtp_connect_refused: driver = smtp port = PORT_N + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0099 b/test/confs/0099 index 63a918a0f..6a59d5994 100644 --- a/test/confs/0099 +++ b/test/confs/0099 @@ -41,6 +41,7 @@ begin transports smtp: driver = smtp port = PORT_N + hosts_try_fastopen = : RETRY diff --git a/test/confs/0100 b/test/confs/0100 index c404d5a73..143ff4cfe 100644 --- a/test/confs/0100 +++ b/test/confs/0100 @@ -72,10 +72,12 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : filtered_smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : transport_filter = /bin/sh -c "echo 'X-Filtered: just checking'; cat" local_delivery: diff --git a/test/confs/0101 b/test/confs/0101 index 377eae705..cf89fa83a 100644 --- a/test/confs/0101 +++ b/test/confs/0101 @@ -50,6 +50,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : local_delivery: driver = pipe diff --git a/test/confs/0106 b/test/confs/0106 index ef91e8b10..84294a676 100644 --- a/test/confs/0106 +++ b/test/confs/0106 @@ -29,6 +29,7 @@ smtp: command_timeout = 1s final_timeout = 1s port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0108 b/test/confs/0108 index a4ee442e2..bc694ff3e 100644 --- a/test/confs/0108 +++ b/test/confs/0108 @@ -32,6 +32,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0109 b/test/confs/0109 index 59957b96b..ce49c0e08 100644 --- a/test/confs/0109 +++ b/test/confs/0109 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp port = PORT_N + hosts_try_fastopen = : allow_localhost diff --git a/test/confs/0130 b/test/confs/0130 index 02a095358..fbfd2ec78 100644 --- a/test/confs/0130 +++ b/test/confs/0130 @@ -43,6 +43,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0135 b/test/confs/0135 index 636294461..7fd5bdaa5 100644 --- a/test/confs/0135 +++ b/test/confs/0135 @@ -44,6 +44,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : connect_timeout = 1s local_delivery: diff --git a/test/confs/0143 b/test/confs/0143 index 5a6ee34a9..8f0300aa0 100644 --- a/test/confs/0143 +++ b/test/confs/0143 @@ -31,6 +31,7 @@ my_smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : debug_print = transport_name <$transport_name> diff --git a/test/confs/0144 b/test/confs/0144 index 34b38230f..0b950b854 100644 --- a/test/confs/0144 +++ b/test/confs/0144 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0145 b/test/confs/0145 index 16b02a858..c7d8c8612 100644 --- a/test/confs/0145 +++ b/test/confs/0145 @@ -35,6 +35,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0146 b/test/confs/0146 index d8b6067e7..8039ebdfa 100644 --- a/test/confs/0146 +++ b/test/confs/0146 @@ -27,6 +27,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0147 b/test/confs/0147 index 996d064be..fae99a94a 100644 --- a/test/confs/0147 +++ b/test/confs/0147 @@ -60,6 +60,7 @@ begin transports T1: driver = smtp + hosts_try_fastopen = : #----- ACL ----- diff --git a/test/confs/0160 b/test/confs/0160 index f64883729..ea2003a92 100644 --- a/test/confs/0160 +++ b/test/confs/0160 @@ -31,6 +31,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0161 b/test/confs/0161 index 8b91ea053..88845f325 100644 --- a/test/confs/0161 +++ b/test/confs/0161 @@ -62,6 +62,7 @@ begin transports remote_smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0163 b/test/confs/0163 index 7b19d9f16..806c4b9e2 100644 --- a/test/confs/0163 +++ b/test/confs/0163 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0175 b/test/confs/0175 index b20e4fe1a..461c265ba 100644 --- a/test/confs/0175 +++ b/test/confs/0175 @@ -58,6 +58,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : appendfile: driver = appendfile diff --git a/test/confs/0177 b/test/confs/0177 index 7921a8b55..0b78d4e0c 100644 --- a/test/confs/0177 +++ b/test/confs/0177 @@ -75,6 +75,7 @@ autoreply: smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0179 b/test/confs/0179 index 381b41caf..f18ab32e5 100644 --- a/test/confs/0179 +++ b/test/confs/0179 @@ -30,6 +30,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0183 b/test/confs/0183 index 8cd4c82d4..d55e5799f 100644 --- a/test/confs/0183 +++ b/test/confs/0183 @@ -57,6 +57,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0185 b/test/confs/0185 index d6e9fe020..d9d20fc93 100644 --- a/test/confs/0185 +++ b/test/confs/0185 @@ -72,6 +72,7 @@ autoreply: smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0186 b/test/confs/0186 index 21b31060c..5dffb3dd7 100644 --- a/test/confs/0186 +++ b/test/confs/0186 @@ -34,6 +34,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0187 b/test/confs/0187 index bca41b5f7..e2cd27ed5 100644 --- a/test/confs/0187 +++ b/test/confs/0187 @@ -45,6 +45,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0190 b/test/confs/0190 index 03ded9ce2..cdddae5f8 100644 --- a/test/confs/0190 +++ b/test/confs/0190 @@ -85,10 +85,12 @@ smtp: max_rcpt = 1 connection_max_messages = 1 port = PORT_S + hosts_try_fastopen = : smtp2: driver = smtp port = PORT_S + hosts_try_fastopen = : smtp3: driver = smtp @@ -96,6 +98,7 @@ smtp3: max_rcpt = 2 connection_max_messages = 1 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0191 b/test/confs/0191 index 9dba8c35d..13d98bff9 100644 --- a/test/confs/0191 +++ b/test/confs/0191 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : transport_filter = \ /bin/sh -c \ "cat >/dev/null; printf Line-without-end || /bin/echo -n Line-without-end" diff --git a/test/confs/0197 b/test/confs/0197 index b3f25c4c0..c2e4a10e8 100644 --- a/test/confs/0197 +++ b/test/confs/0197 @@ -95,6 +95,7 @@ makecopy: pass_on: driver = smtp + hosts_try_fastopen = : connect_timeout = 1s diff --git a/test/confs/0198 b/test/confs/0198 index f754a3187..5de770163 100644 --- a/test/confs/0198 +++ b/test/confs/0198 @@ -55,6 +55,7 @@ begin transports pass_on: driver = smtp + hosts_try_fastopen = : connect_timeout = 1s gethostbyname hosts = NEXTHOST diff --git a/test/confs/0200 b/test/confs/0200 index ab50f36df..03e628828 100644 --- a/test/confs/0200 +++ b/test/confs/0200 @@ -35,6 +35,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0201 b/test/confs/0201 index 5385baa9a..b4ad0d8d8 100644 --- a/test/confs/0201 +++ b/test/confs/0201 @@ -26,6 +26,7 @@ t1: hosts = 127.0.0.1 allow_localhost port = PORT_S + hosts_try_fastopen = : transport_filter = /bin/sh -c 'cat; exit 99' diff --git a/test/confs/0203 b/test/confs/0203 index 38e879010..1c197e720 100644 --- a/test/confs/0203 +++ b/test/confs/0203 @@ -29,6 +29,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0208 b/test/confs/0208 index 5a0b9f153..f1e9fea5d 100644 --- a/test/confs/0208 +++ b/test/confs/0208 @@ -59,6 +59,7 @@ fail: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0209 b/test/confs/0209 index 82046c7bc..b9d23b058 100644 --- a/test/confs/0209 +++ b/test/confs/0209 @@ -39,6 +39,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0210 b/test/confs/0210 index b1db52218..298ad7279 100644 --- a/test/confs/0210 +++ b/test/confs/0210 @@ -62,6 +62,7 @@ bsmtp_smtp: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0211 b/test/confs/0211 index 7856481df..b1dae707c 100644 --- a/test/confs/0211 +++ b/test/confs/0211 @@ -52,6 +52,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : command_timeout = 1s local_delivery: diff --git a/test/confs/0213 b/test/confs/0213 index ba0b9e403..388f693cc 100644 --- a/test/confs/0213 +++ b/test/confs/0213 @@ -29,6 +29,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0215 b/test/confs/0215 index ad40d6338..2758b07c9 100644 --- a/test/confs/0215 +++ b/test/confs/0215 @@ -40,6 +40,7 @@ lmtp: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : protocol = LMTP lmtp_ignore_quota = IGNORE_QUOTA AUTHS diff --git a/test/confs/0216 b/test/confs/0216 index 69af54347..962a64c28 100644 --- a/test/confs/0216 +++ b/test/confs/0216 @@ -36,6 +36,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : max_rcpt = 0 HAP diff --git a/test/confs/0217 b/test/confs/0217 index fa797265a..a225df5fe 100644 --- a/test/confs/0217 +++ b/test/confs/0217 @@ -41,6 +41,7 @@ send_to_server: command_timeout = 1s hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : HAP max_rcpt = 1000 diff --git a/test/confs/0218 b/test/confs/0218 index fa97f9c67..250bc92e6 100644 --- a/test/confs/0218 +++ b/test/confs/0218 @@ -52,6 +52,7 @@ send_to_server: command_timeout = 1s hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : debug_print = T: $transport_name (${acl {expand_check}}) diff --git a/test/confs/0225 b/test/confs/0225 index 3139eea5b..0ed97b4ef 100644 --- a/test/confs/0225 +++ b/test/confs/0225 @@ -40,6 +40,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : local_delivery: driver = appendfile diff --git a/test/confs/0227 b/test/confs/0227 index fea66e16f..36050fa7d 100644 --- a/test/confs/0227 +++ b/test/confs/0227 @@ -81,6 +81,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : lmtp: driver = smtp diff --git a/test/confs/0228 b/test/confs/0228 index 19f6cb7cd..d8fb762af 100644 --- a/test/confs/0228 +++ b/test/confs/0228 @@ -31,6 +31,7 @@ smtp: driver = smtp fallback_hosts = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0229 b/test/confs/0229 index 5389f97bc..c8c048dbc 100644 --- a/test/confs/0229 +++ b/test/confs/0229 @@ -32,6 +32,7 @@ smtp: 127.0.0.1 : 127.0.0.1 : HOSTIPV4 : \ 127.0.0.1 : 127.0.0.1 : HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0230 b/test/confs/0230 index c26b45758..f77f52f69 100644 --- a/test/confs/0230 +++ b/test/confs/0230 @@ -64,6 +64,7 @@ local_delivery: remote: driver = smtp port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0231 b/test/confs/0231 index d0adf3907..1eabae91a 100644 --- a/test/confs/0231 +++ b/test/confs/0231 @@ -65,6 +65,7 @@ smtp_rewrite: headers_rewrite = *@domain1 $1-rewrite@domain2 f :\ *@domain1 $1-other@domain2 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0238 b/test/confs/0238 index 15aa22052..4d92cdde7 100644 --- a/test/confs/0238 +++ b/test/confs/0238 @@ -33,6 +33,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0239 b/test/confs/0239 index f4b1a68ba..e7e26517a 100644 --- a/test/confs/0239 +++ b/test/confs/0239 @@ -39,6 +39,7 @@ local: smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0242 b/test/confs/0242 index fc2dd70ba..63265a6dc 100644 --- a/test/confs/0242 +++ b/test/confs/0242 @@ -30,6 +30,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0253 b/test/confs/0253 index cd2c777de..40ede04ea 100644 --- a/test/confs/0253 +++ b/test/confs/0253 @@ -64,6 +64,7 @@ t3: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : max_rcpt = 1 allow_localhost return_path = pqr=$local_part+$domain@verp.domain diff --git a/test/confs/0257 b/test/confs/0257 index f61689380..056b54f04 100644 --- a/test/confs/0257 +++ b/test/confs/0257 @@ -30,6 +30,7 @@ smtp: connect_timeout = 1s fallback_hosts = ten-2.test.ex port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0259 b/test/confs/0259 index 6b9bc29ab..f6ae742d4 100644 --- a/test/confs/0259 +++ b/test/confs/0259 @@ -26,6 +26,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : begin retry diff --git a/test/confs/0261 b/test/confs/0261 index 30ec087fd..7b2b7a1a6 100644 --- a/test/confs/0261 +++ b/test/confs/0261 @@ -16,10 +16,12 @@ begin transports remote_delivery: driver = smtp hosts = V4NET.0.0.1 + hosts_try_fastopen = : bad_return: driver = smtp hosts = V4NET.0.0.0 + hosts_try_fastopen = : return_path = ${if no_hosts: diff --git a/test/confs/0263 b/test/confs/0263 index 53b0064e7..f215cdb32 100644 --- a/test/confs/0263 +++ b/test/confs/0263 @@ -14,6 +14,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Routers ----- diff --git a/test/confs/0273 b/test/confs/0273 index 0a12a6762..4acc0a935 100644 --- a/test/confs/0273 +++ b/test/confs/0273 @@ -16,6 +16,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Routers ----- diff --git a/test/confs/0276 b/test/confs/0276 index 257cf4593..94e7a130f 100644 --- a/test/confs/0276 +++ b/test/confs/0276 @@ -16,6 +16,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost # ----- Routers ----- diff --git a/test/confs/0285 b/test/confs/0285 index f0871a565..8b0ada1f1 100644 --- a/test/confs/0285 +++ b/test/confs/0285 @@ -33,6 +33,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : max_rcpt = 2 connection_max_messages = 3 diff --git a/test/confs/0286 b/test/confs/0286 index 8ec70bfbb..c6f5daab3 100644 --- a/test/confs/0286 +++ b/test/confs/0286 @@ -34,6 +34,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : max_rcpt = 2 connection_max_messages = 3 diff --git a/test/confs/0288 b/test/confs/0288 index 12c308baf..ac7369b63 100644 --- a/test/confs/0288 +++ b/test/confs/0288 @@ -30,6 +30,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : max_rcpt = 1 connection_max_messages = 1 serialize_hosts = 127.0.0.1 diff --git a/test/confs/0292 b/test/confs/0292 index 6e70a7925..d3ea4f342 100644 --- a/test/confs/0292 +++ b/test/confs/0292 @@ -38,6 +38,7 @@ t1: t2: driver = smtp + hosts_try_fastopen = : debug_print = \$host=$host \$host_address=$host_address # End diff --git a/test/confs/0299 b/test/confs/0299 index 5d648b85d..d7dc87314 100644 --- a/test/confs/0299 +++ b/test/confs/0299 @@ -38,6 +38,7 @@ t2: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost max_rcpt = 2 diff --git a/test/confs/0315 b/test/confs/0315 index fed3ceca1..ae86fdc2a 100644 --- a/test/confs/0315 +++ b/test/confs/0315 @@ -28,5 +28,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0322 b/test/confs/0322 index 396b0c653..f78739673 100644 --- a/test/confs/0322 +++ b/test/confs/0322 @@ -29,6 +29,7 @@ smtp: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0332 b/test/confs/0332 index 4fe3b3fd4..a309e8e62 100644 --- a/test/confs/0332 +++ b/test/confs/0332 @@ -34,6 +34,7 @@ t1: hosts = 127.0.0.1 hosts_override port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0333 b/test/confs/0333 index 419229285..c14c07165 100644 --- a/test/confs/0333 +++ b/test/confs/0333 @@ -33,6 +33,7 @@ t1: hosts = 127.0.0.1 hosts_override port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0334 b/test/confs/0334 index 553763b0a..dc4e8a07b 100644 --- a/test/confs/0334 +++ b/test/confs/0334 @@ -25,6 +25,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0341 b/test/confs/0341 index 726793390..dcc4dec3a 100644 --- a/test/confs/0341 +++ b/test/confs/0341 @@ -47,6 +47,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/0342 b/test/confs/0342 index dba9020f4..b6bc47eda 100644 --- a/test/confs/0342 +++ b/test/confs/0342 @@ -35,6 +35,7 @@ begin transports remote_smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0343 b/test/confs/0343 index c613da449..a5741eade 100644 --- a/test/confs/0343 +++ b/test/confs/0343 @@ -25,6 +25,7 @@ remote_smtp: hosts = 127.0.0.1 allow_localhost port = PORT_N + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0344 b/test/confs/0344 index 0b29b0629..794e85eb3 100644 --- a/test/confs/0344 +++ b/test/confs/0344 @@ -32,15 +32,19 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = smtp + hosts_try_fastopen = : t3: driver = smtp + hosts_try_fastopen = : t4: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0350 b/test/confs/0350 index 09bd635db..927bdb7f7 100644 --- a/test/confs/0350 +++ b/test/confs/0350 @@ -25,5 +25,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0357 b/test/confs/0357 index 3f11016f5..f6f210235 100644 --- a/test/confs/0357 +++ b/test/confs/0357 @@ -26,6 +26,7 @@ t1: hosts = 127.0.0.1 allow_localhost port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0358 b/test/confs/0358 index 311687026..e451c84b5 100644 --- a/test/confs/0358 +++ b/test/confs/0358 @@ -26,6 +26,7 @@ t1: hosts = 127.0.0.1 allow_localhost port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0360 b/test/confs/0360 index d226449a8..f2f87c26f 100644 --- a/test/confs/0360 +++ b/test/confs/0360 @@ -36,6 +36,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0361 b/test/confs/0361 index f9007ec0c..909d7f397 100644 --- a/test/confs/0361 +++ b/test/confs/0361 @@ -39,6 +39,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = appendfile diff --git a/test/confs/0362 b/test/confs/0362 index 6588f609f..cdfe7d532 100644 --- a/test/confs/0362 +++ b/test/confs/0362 @@ -48,6 +48,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = appendfile diff --git a/test/confs/0363 b/test/confs/0363 index c43040876..872024893 100644 --- a/test/confs/0363 +++ b/test/confs/0363 @@ -26,6 +26,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost diff --git a/test/confs/0364 b/test/confs/0364 index e15bc9127..0ae251b36 100644 --- a/test/confs/0364 +++ b/test/confs/0364 @@ -49,6 +49,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = appendfile diff --git a/test/confs/0365 b/test/confs/0365 index 0bd6cc161..c5d8a0b53 100644 --- a/test/confs/0365 +++ b/test/confs/0365 @@ -81,5 +81,6 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0366 b/test/confs/0366 index 97d2e62a1..12e47cd5b 100644 --- a/test/confs/0366 +++ b/test/confs/0366 @@ -29,6 +29,7 @@ smtp: connect_timeout = 1s hosts_max_try = HOSTS_MAX_TRY port = PORT_N + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0367 b/test/confs/0367 index 2d69a07ab..911c3dd1c 100644 --- a/test/confs/0367 +++ b/test/confs/0367 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0368 b/test/confs/0368 index fee202781..41756dff9 100644 --- a/test/confs/0368 +++ b/test/confs/0368 @@ -30,6 +30,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0374 b/test/confs/0374 index 652a5062b..284344276 100644 --- a/test/confs/0374 +++ b/test/confs/0374 @@ -75,6 +75,7 @@ ut3: ut4: driver = smtp hosts = 127.0.0.1 + hosts_try_fastopen = : port = PORT_S allow_localhost max_rcpt = 1 diff --git a/test/confs/0375 b/test/confs/0375 index 06b16f383..164f32788 100644 --- a/test/confs/0375 +++ b/test/confs/0375 @@ -114,6 +114,7 @@ ut4: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost max_rcpt = 1 disable_logging @@ -124,6 +125,7 @@ ut5: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost max_rcpt = 1 disable_logging @@ -135,6 +137,7 @@ ut6: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost max_rcpt = 1 disable_logging diff --git a/test/confs/0376 b/test/confs/0376 index e3a158f7e..7679a649f 100644 --- a/test/confs/0376 +++ b/test/confs/0376 @@ -70,6 +70,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0388 b/test/confs/0388 index 9a7be305d..03a8bd853 100644 --- a/test/confs/0388 +++ b/test/confs/0388 @@ -31,6 +31,7 @@ smtp: driver = smtp hosts_max_try = 1 port = PORT_S + hosts_try_fastopen = : connect_timeout = 2s address_retry_include_sender = false diff --git a/test/confs/0392 b/test/confs/0392 index e76c86772..95feb39bd 100644 --- a/test/confs/0392 +++ b/test/confs/0392 @@ -28,9 +28,11 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0398 b/test/confs/0398 index 9fbe1b8da..e71a01c2d 100644 --- a/test/confs/0398 +++ b/test/confs/0398 @@ -60,6 +60,7 @@ t1: t2: driver = smtp port = PORT_S + hosts_try_fastopen = : allow_localhost diff --git a/test/confs/0405 b/test/confs/0405 index edf720c48..7d8a3cea9 100644 --- a/test/confs/0405 +++ b/test/confs/0405 @@ -29,6 +29,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0413 b/test/confs/0413 index 118dbcfe9..44b0da01f 100644 --- a/test/confs/0413 +++ b/test/confs/0413 @@ -51,6 +51,7 @@ t1: hosts = 127.0.0.1 allow_localhost port = PORT_S + hosts_try_fastopen = : t2: driver = smtp @@ -58,6 +59,7 @@ t2: hosts_override allow_localhost port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0417 b/test/confs/0417 index 41c5ed975..2f3ed5df4 100644 --- a/test/confs/0417 +++ b/test/confs/0417 @@ -37,5 +37,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0419 b/test/confs/0419 index 39f634c63..a00621430 100644 --- a/test/confs/0419 +++ b/test/confs/0419 @@ -27,6 +27,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0425 b/test/confs/0425 index 6c9383a41..1ade85072 100644 --- a/test/confs/0425 +++ b/test/confs/0425 @@ -38,6 +38,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0426 b/test/confs/0426 index fbac9ecfd..c5b773fae 100644 --- a/test/confs/0426 +++ b/test/confs/0426 @@ -29,6 +29,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0429 b/test/confs/0429 index 49df93001..c70a9386b 100644 --- a/test/confs/0429 +++ b/test/confs/0429 @@ -24,6 +24,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost hosts_avoid_esmtp = 127.0.0.1 diff --git a/test/confs/0430 b/test/confs/0430 index 552b0d010..cca101c48 100644 --- a/test/confs/0430 +++ b/test/confs/0430 @@ -37,5 +37,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0431 b/test/confs/0431 index 7590fa9d4..4af033ca9 100644 --- a/test/confs/0431 +++ b/test/confs/0431 @@ -42,6 +42,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost AFFIX diff --git a/test/confs/0432 b/test/confs/0432 index e8e6e3552..aab1de468 100644 --- a/test/confs/0432 +++ b/test/confs/0432 @@ -37,6 +37,7 @@ t1: driver = smtp hosts = <; 127.0.0.1 ; port = PORT_S + hosts_try_fastopen = : allow_localhost # End diff --git a/test/confs/0434 b/test/confs/0434 index 0d77fa095..7b6ec65ad 100644 --- a/test/confs/0434 +++ b/test/confs/0434 @@ -27,6 +27,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : diff --git a/test/confs/0440 b/test/confs/0440 index 2bef8c961..fe2cef997 100644 --- a/test/confs/0440 +++ b/test/confs/0440 @@ -28,6 +28,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : transport_filter = /bin/cat diff --git a/test/confs/0447 b/test/confs/0447 index 57b992d1b..86618fbd3 100644 --- a/test/confs/0447 +++ b/test/confs/0447 @@ -36,6 +36,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost connect_timeout = 999999s diff --git a/test/confs/0450 b/test/confs/0450 index 2dff861a1..7324af64f 100644 --- a/test/confs/0450 +++ b/test/confs/0450 @@ -28,6 +28,7 @@ begin transports t1: driver = smtp hosts = 127.0.0.1 + hosts_try_fastopen = : allow_localhost port = ${if queue_running{PORT_D2}{PORT_D}}EXTRA diff --git a/test/confs/0455 b/test/confs/0455 index 390c28a95..becac26f7 100644 --- a/test/confs/0455 +++ b/test/confs/0455 @@ -39,6 +39,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : connect_timeout = 1s hosts_max_try = HOSTS_MAX_TRY diff --git a/test/confs/0461 b/test/confs/0461 index 30abd50a9..4aca116e5 100644 --- a/test/confs/0461 +++ b/test/confs/0461 @@ -37,6 +37,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : connect_timeout = 1s allow_localhost diff --git a/test/confs/0462 b/test/confs/0462 index 36d18412d..951420f11 100644 --- a/test/confs/0462 +++ b/test/confs/0462 @@ -44,6 +44,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0463 b/test/confs/0463 index 8be1d95c1..686e180e3 100644 --- a/test/confs/0463 +++ b/test/confs/0463 @@ -27,5 +27,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0464 b/test/confs/0464 index 21e41cb08..eb538e7ed 100644 --- a/test/confs/0464 +++ b/test/confs/0464 @@ -46,5 +46,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0466 b/test/confs/0466 index 880a41e33..58057269e 100644 --- a/test/confs/0466 +++ b/test/confs/0466 @@ -50,5 +50,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0467 b/test/confs/0467 index 147aca64e..0104face2 100644 --- a/test/confs/0467 +++ b/test/confs/0467 @@ -27,5 +27,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0469 b/test/confs/0469 index a008dde00..378254b5c 100644 --- a/test/confs/0469 +++ b/test/confs/0469 @@ -25,5 +25,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0473 b/test/confs/0473 index 6dd6b8898..8e7985302 100644 --- a/test/confs/0473 +++ b/test/confs/0473 @@ -42,5 +42,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0474 b/test/confs/0474 index 35b4805e5..bc07dc66c 100644 --- a/test/confs/0474 +++ b/test/confs/0474 @@ -24,6 +24,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0476 b/test/confs/0476 index fd6106b16..1db78e796 100644 --- a/test/confs/0476 +++ b/test/confs/0476 @@ -26,6 +26,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0477 b/test/confs/0477 index 04d836591..6dc192ecc 100644 --- a/test/confs/0477 +++ b/test/confs/0477 @@ -27,6 +27,7 @@ t1: driver = smtp port = PORT_S interface = 99.99.99.99 + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0478 b/test/confs/0478 index cfb9a17b1..786f6c547 100644 --- a/test/confs/0478 +++ b/test/confs/0478 @@ -27,6 +27,7 @@ begin transports t1: driver = smtp port = PORT_D + hosts_try_fastopen = : hosts = ${if !eq {$sender_host_address}{} {V4NET.0.0.2} \ {${if eq {127.0.0.1}{$local_part} {127.0.0.1} \ {${if eq {V4NET.0.0.1}{$local_part} {V4NET.0.0.1}}}}}} diff --git a/test/confs/0479 b/test/confs/0479 index bfb9b8613..d8ea0465b 100644 --- a/test/confs/0479 +++ b/test/confs/0479 @@ -35,6 +35,7 @@ t1: driver = smtp port = PORT_S hosts = 127.0.0.1 + hosts_try_fastopen = : allow_localhost connect_timeout = 1s diff --git a/test/confs/0492 b/test/confs/0492 index a939fe125..855ea31de 100644 --- a/test/confs/0492 +++ b/test/confs/0492 @@ -32,6 +32,7 @@ begin transports t1: driver = smtp hosts = 127.0.0.1 + hosts_try_fastopen = : allow_localhost t2: diff --git a/test/confs/0495 b/test/confs/0495 index 5bfec709f..dc1a394b0 100644 --- a/test/confs/0495 +++ b/test/confs/0495 @@ -64,6 +64,7 @@ t1: driver = smtp hosts = 127.0.0.1 : HOSTIPV4 port = PORT_S + hosts_try_fastopen = : allow_localhost command_timeout = 1s @@ -71,6 +72,7 @@ t2: driver = smtp hosts = V4NET.9.8.7 port = PORT_S + hosts_try_fastopen = : t3: driver = appendfile @@ -81,5 +83,6 @@ t4: driver = smtp hosts = V4NET.10.10.10 port = nonexistent + hosts_try_fastopen = : # End diff --git a/test/confs/0497 b/test/confs/0497 index 2154c3c2c..c1c866e27 100644 --- a/test/confs/0497 +++ b/test/confs/0497 @@ -30,6 +30,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost diff --git a/test/confs/0498 b/test/confs/0498 index c26f43a8a..8b84a4d05 100644 --- a/test/confs/0498 +++ b/test/confs/0498 @@ -30,6 +30,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost final_timeout = 1s diff --git a/test/confs/0499 b/test/confs/0499 index b7a0b7980..32975f45f 100644 --- a/test/confs/0499 +++ b/test/confs/0499 @@ -27,6 +27,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0504 b/test/confs/0504 index c7b0131c0..981ed16c3 100644 --- a/test/confs/0504 +++ b/test/confs/0504 @@ -35,6 +35,7 @@ t3: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost transport_filter = /non/existent/file diff --git a/test/confs/0511 b/test/confs/0511 index 1ecc19998..230971cd5 100644 --- a/test/confs/0511 +++ b/test/confs/0511 @@ -24,6 +24,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost # End diff --git a/test/confs/0512 b/test/confs/0512 index 15e424a51..7f31b9765 100644 --- a/test/confs/0512 +++ b/test/confs/0512 @@ -31,6 +31,7 @@ t1: driver = smtp hosts = 127.0.0.1 : 127.0.0.1 : 127.0.0.1 : 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost hosts_max_try = 1 HARDLIMIT diff --git a/test/confs/0518 b/test/confs/0518 index c413faa95..1e6dd2277 100644 --- a/test/confs/0518 +++ b/test/confs/0518 @@ -40,6 +40,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost rcpt_include_affixes @@ -47,6 +48,7 @@ t2: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost # End diff --git a/test/confs/0519 b/test/confs/0519 index e6dbb0090..98d55a2b3 100644 --- a/test/confs/0519 +++ b/test/confs/0519 @@ -25,6 +25,7 @@ t1: driver = smtp hosts = 127.0.0.1 : non-exist.test.ex port = PORT_S + hosts_try_fastopen = : allow_localhost # End diff --git a/test/confs/0525 b/test/confs/0525 index a6e429172..f4c35adc5 100644 --- a/test/confs/0525 +++ b/test/confs/0525 @@ -32,6 +32,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost data_timeout = 1s diff --git a/test/confs/0528 b/test/confs/0528 index e7313a5ca..1e9bafa27 100644 --- a/test/confs/0528 +++ b/test/confs/0528 @@ -32,6 +32,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : hosts_max_try = 20 allow_localhost diff --git a/test/confs/0531 b/test/confs/0531 index 2f72810cf..0af86b968 100644 --- a/test/confs/0531 +++ b/test/confs/0531 @@ -39,6 +39,7 @@ lmtp: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : protocol = LMTP diff --git a/test/confs/0538 b/test/confs/0538 index 9081aa572..d6342bf4a 100644 --- a/test/confs/0538 +++ b/test/confs/0538 @@ -40,6 +40,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0540 b/test/confs/0540 index 7ebbdd2b4..05329af89 100644 --- a/test/confs/0540 +++ b/test/confs/0540 @@ -36,6 +36,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost helo_data = ${if eq{$domain}{yes1}{localhost}{aname}} diff --git a/test/confs/0543 b/test/confs/0543 index 88e74e58f..108119c6e 100644 --- a/test/confs/0543 +++ b/test/confs/0543 @@ -28,6 +28,7 @@ smtp: hosts_max_try = 1 allow_localhost port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0544 b/test/confs/0544 index 09949a3fa..bccfad9db 100644 --- a/test/confs/0544 +++ b/test/confs/0544 @@ -52,6 +52,7 @@ smtp: hosts = 127.0.0.1 allow_localhost port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0545 b/test/confs/0545 index a78236a4a..a78361bc4 100644 --- a/test/confs/0545 +++ b/test/confs/0545 @@ -23,6 +23,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0548 b/test/confs/0548 index a450f45c3..112952e9a 100644 --- a/test/confs/0548 +++ b/test/confs/0548 @@ -44,6 +44,7 @@ smtp: hosts = HOSTIPV4 : thishost.test.ex allow_localhost port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0550 b/test/confs/0550 index caf3ceda7..16699b3ac 100644 --- a/test/confs/0550 +++ b/test/confs/0550 @@ -24,6 +24,7 @@ t1: driver = smtp hosts = 127.0.0.1 : HOSTIPV4 port = PORT_S + hosts_try_fastopen = : allow_localhost helo_data = \ ${if eq{$sending_ip_address}{127.0.0.1}{Tweedledum}{Tweedledee}} \ diff --git a/test/confs/0552 b/test/confs/0552 index c4c2f5e98..153185561 100644 --- a/test/confs/0552 +++ b/test/confs/0552 @@ -46,6 +46,7 @@ begin transports t1: driver = smtp port = PORT_D + hosts_try_fastopen = : hosts = 127.0.0.1 allow_localhost command_timeout = 2s diff --git a/test/confs/0553 b/test/confs/0553 index c9ceaa59e..92fcc0a6f 100644 --- a/test/confs/0553 +++ b/test/confs/0553 @@ -45,6 +45,7 @@ begin transports smtp: driver = smtp port = PORT_D + hosts_try_fastopen = : command_timeout = 2s diff --git a/test/confs/0554 b/test/confs/0554 index c4f240c39..e519d076d 100644 --- a/test/confs/0554 +++ b/test/confs/0554 @@ -25,6 +25,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0557 b/test/confs/0557 index 9b7dec2e6..41a614f10 100644 --- a/test/confs/0557 +++ b/test/confs/0557 @@ -36,6 +36,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : t2: driver = appendfile diff --git a/test/confs/0561 b/test/confs/0561 index 5ccf4dcc3..7095eb2e6 100644 --- a/test/confs/0561 +++ b/test/confs/0561 @@ -33,5 +33,6 @@ begin transports t1: driver = smtp port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/0565 b/test/confs/0565 index 0d053a080..f7accd8d0 100644 --- a/test/confs/0565 +++ b/test/confs/0565 @@ -34,11 +34,13 @@ begin transports remote_smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : allow_localhost remote_smtp_hdrs: driver = smtp port = PORT_S + hosts_try_fastopen = : allow_localhost headers_only diff --git a/test/confs/0570 b/test/confs/0570 index 962e76bb0..efaf3bccb 100644 --- a/test/confs/0570 +++ b/test/confs/0570 @@ -35,6 +35,7 @@ begin transports smtp: driver = smtp port = PORT_D + hosts_try_fastopen = : OPTION max_parallel = 1 diff --git a/test/confs/0572 b/test/confs/0572 index 23da35a09..ce621bb31 100644 --- a/test/confs/0572 +++ b/test/confs/0572 @@ -35,6 +35,7 @@ my_smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : debug_print = transport_name <$transport_name> diff --git a/test/confs/0580 b/test/confs/0580 index 54ef7ae70..6dbc06d64 100644 --- a/test/confs/0580 +++ b/test/confs/0580 @@ -37,6 +37,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0603 b/test/confs/0603 index baa3ea08c..eaf6a6b90 100644 --- a/test/confs/0603 +++ b/test/confs/0603 @@ -43,6 +43,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : # assumes that HOSTIPV4 can send to 127.0.0.1 interface = ${if eq {$sender_address_domain}{dustybelt.tld} {127.0.0.1}{HOSTIPV4}} diff --git a/test/confs/0604 b/test/confs/0604 index ec5195511..46fc8cf9c 100644 --- a/test/confs/0604 +++ b/test/confs/0604 @@ -42,6 +42,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : # assumes that HOSTIPV4 can sent to 127.0.0.1 interface = ${if eq {$sender_address_domain}{dustybelt.tld} {127.0.0.1}{HOSTIPV4}} diff --git a/test/confs/0607 b/test/confs/0607 index 03c052316..c074ce4e8 100644 --- a/test/confs/0607 +++ b/test/confs/0607 @@ -31,6 +31,7 @@ begin transports out: driver = smtp port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/0610 b/test/confs/0610 index 49778352f..5ce2723ae 100644 --- a/test/confs/0610 +++ b/test/confs/0610 @@ -48,6 +48,7 @@ t1: hosts = 127.0.0.1 port = PORT_D interface = 127.0.0.1 + hosts_try_fastopen = : t2: driver = smtp @@ -55,6 +56,7 @@ t2: hosts = 127.0.0.1 port = PORT_D interface = HOSTIPV4 + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/0611 b/test/confs/0611 index d3e0a47b2..84be24f05 100644 --- a/test/confs/0611 +++ b/test/confs/0611 @@ -55,6 +55,7 @@ begin transports smtp: driver = smtp port = PORT_D + hosts_try_fastopen = : max_rcpt = 1 connection_max_messages = 1 max_parallel = 2 diff --git a/test/confs/0613 b/test/confs/0613 index 5094759eb..617c65663 100644 --- a/test/confs/0613 +++ b/test/confs/0613 @@ -27,5 +27,6 @@ begin transports remote_smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/0616 b/test/confs/0616 index e710a4bc5..6fb08b395 100644 --- a/test/confs/0616 +++ b/test/confs/0616 @@ -36,5 +36,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0617 b/test/confs/0617 index cf5251774..625c7e372 100644 --- a/test/confs/0617 +++ b/test/confs/0617 @@ -36,5 +36,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/0618 b/test/confs/0618 index db4bd3002..7359e1633 100644 --- a/test/confs/0618 +++ b/test/confs/0618 @@ -75,6 +75,7 @@ begin transports smtp: driver = smtp event_action = ${acl {ev_log}} + hosts_try_fastopen = : bad_tpt: driver = smtp diff --git a/test/confs/0900 b/test/confs/0900 index ce6f2c379..4c824c4b4 100644 --- a/test/confs/0900 +++ b/test/confs/0900 @@ -106,6 +106,7 @@ remote_smtp: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost command_timeout = 2s final_timeout = 2s @@ -114,6 +115,7 @@ remote_smtp_dkim: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost command_timeout = 2s final_timeout = 2s diff --git a/test/confs/0901 b/test/confs/0901 index 67b73cd19..2e299c7dd 100644 --- a/test/confs/0901 +++ b/test/confs/0901 @@ -97,6 +97,7 @@ remote_smtp: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost command_timeout = 2s final_timeout = 2s @@ -105,6 +106,7 @@ remote_smtp_dkim: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost command_timeout = 2s final_timeout = 2s diff --git a/test/confs/0906 b/test/confs/0906 index 6df517e53..c320b2569 100644 --- a/test/confs/0906 +++ b/test/confs/0906 @@ -85,12 +85,14 @@ remote_smtp: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : allow_localhost remote_smtp_dkim: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : allow_localhost .ifdef OPT diff --git a/test/confs/1003 b/test/confs/1003 index d15a892fb..df1e48891 100644 --- a/test/confs/1003 +++ b/test/confs/1003 @@ -46,6 +46,7 @@ send_to_server1: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = <; ::1 ; HOSTIPV4 send_to_server2: @@ -53,6 +54,7 @@ send_to_server2: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = <; HOSTIPV6 ; HOSTIPV4 send_to_server3: @@ -60,6 +62,7 @@ send_to_server3: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = <; ${if eq{0}{1}{HOSTIPV6}fail} send_to_server4: @@ -67,6 +70,7 @@ send_to_server4: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = <; ${if eq{0}{1}{HOSTIPV6}{ }} send_to_server5: @@ -74,6 +78,7 @@ send_to_server5: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = <; ${if send_to_server: @@ -81,6 +86,7 @@ send_to_server: allow_localhost hosts = ${if eq {$local_part}{user4} {127.0.0.1} {<; ::1}} port = PORT_D + hosts_try_fastopen = : interface = ${expand:$h_interface:} diff --git a/test/confs/1005 b/test/confs/1005 index 35767932d..1b01dc468 100644 --- a/test/confs/1005 +++ b/test/confs/1005 @@ -25,6 +25,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/1006 b/test/confs/1006 index f46fba932..5f5dfd5f3 100644 --- a/test/confs/1006 +++ b/test/confs/1006 @@ -37,6 +37,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/1008 b/test/confs/1008 index e3307044f..44c7153ff 100644 --- a/test/confs/1008 +++ b/test/confs/1008 @@ -26,6 +26,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/1009 b/test/confs/1009 index fbfa7f0c1..c8184a64e 100644 --- a/test/confs/1009 +++ b/test/confs/1009 @@ -38,6 +38,7 @@ begin transports t1: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2000 b/test/confs/2000 index 9ca325f2a..11104b09d 100644 --- a/test/confs/2000 +++ b/test/confs/2000 @@ -48,6 +48,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_certificate = DIR/aux-fixed/cert2 tls_privatekey = DIR/aux-fixed/cert2 tls_verify_certificates = DIR/aux-fixed/cert2 diff --git a/test/confs/2001 b/test/confs/2001 index 715da4bf6..d6525cae5 100644 --- a/test/confs/2001 +++ b/test/confs/2001 @@ -49,6 +49,7 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 + hosts_try_fastopen = : OPTION port = PORT_D tls_certificate = DIR/aux-fixed/cert2 diff --git a/test/confs/2007 b/test/confs/2007 index a16b9a57e..d666f6ac2 100644 --- a/test/confs/2007 +++ b/test/confs/2007 @@ -55,11 +55,13 @@ send_to_server1: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : send_to_server2: driver = smtp allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/2008 b/test/confs/2008 index 83b30502a..1f12493c5 100644 --- a/test/confs/2008 +++ b/test/confs/2008 @@ -64,6 +64,7 @@ send_to_server1: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed send_to_server2: @@ -71,6 +72,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2009 b/test/confs/2009 index 59139f27e..21f9f2673 100644 --- a/test/confs/2009 +++ b/test/confs/2009 @@ -54,7 +54,8 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_avoid_tls = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : + hosts_avoid_tls = 127.0.0.1 # End diff --git a/test/confs/2010 b/test/confs/2010 index 2cedb89cf..dae45a08c 100644 --- a/test/confs/2010 +++ b/test/confs/2010 @@ -44,8 +44,9 @@ send_to_server: driver = smtp allow_localhost hosts = HOSTS - hosts_require_tls = * port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = * # ----- Retry ----- diff --git a/test/confs/2012 b/test/confs/2012 index 8fbc55595..f59b91a0c 100644 --- a/test/confs/2012 +++ b/test/confs/2012 @@ -93,8 +93,9 @@ send_to_server_failcert: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -107,8 +108,9 @@ send_to_server_retry: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -122,8 +124,9 @@ send_to_server_crypt: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -137,6 +140,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -150,6 +154,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -163,6 +168,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 diff --git a/test/confs/2013 b/test/confs/2013 index 4c9fcd3e8..1a23887b3 100644 --- a/test/confs/2013 +++ b/test/confs/2013 @@ -66,8 +66,9 @@ send_to_server: allow_localhost hosts_override hosts = 127.0.0.1 - hosts_noproxy_tls = PEX port = PORT_D + hosts_try_fastopen = : + hosts_noproxy_tls = PEX tls_try_verify_hosts = : # End diff --git a/test/confs/2016 b/test/confs/2016 index b14e1f300..ead3a903b 100644 --- a/test/confs/2016 +++ b/test/confs/2016 @@ -29,6 +29,7 @@ smtp: command_timeout = 1s hosts_require_tls = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2017 b/test/confs/2017 index a699f2d78..98fdc07ca 100644 --- a/test/confs/2017 +++ b/test/confs/2017 @@ -53,8 +53,9 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_nopass_tls = * port = PORT_D + hosts_try_fastopen = : + hosts_nopass_tls = * # ----- Retry ----- diff --git a/test/confs/2021 b/test/confs/2021 index ccd201719..a7e89f8da 100644 --- a/test/confs/2021 +++ b/test/confs/2021 @@ -28,6 +28,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : REQUIRE TRYCLEAR diff --git a/test/confs/2025 b/test/confs/2025 index fdf1e0405..8c08abebe 100644 --- a/test/confs/2025 +++ b/test/confs/2025 @@ -45,6 +45,7 @@ send_to_server: allow_localhost hosts = HOSTIPV4 : 127.0.0.1 port = PORT_D + hosts_try_fastopen = : hosts_require_tls = HOSTIPV4 tls_require_ciphers = NORMAL:-VERS-ALL:+VERS-TLS1.2:-MAC-ALL:+SHA\ ${if eq{$host}{HOSTIPV4} {384} {256} } diff --git a/test/confs/2026 b/test/confs/2026 index c678219db..270a0682c 100644 --- a/test/confs/2026 +++ b/test/confs/2026 @@ -63,6 +63,7 @@ t1: driver = smtp hosts = 127.0.0.1 : HOSTIPV4 port = PORT_D + hosts_try_fastopen = : allow_localhost t2: diff --git a/test/confs/2030 b/test/confs/2030 index e2ee0e223..490b35f60 100644 --- a/test/confs/2030 +++ b/test/confs/2030 @@ -53,6 +53,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = fred send_to_server2: @@ -60,6 +61,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2031 b/test/confs/2031 index 0d9bba640..af27b2ffd 100644 --- a/test/confs/2031 +++ b/test/confs/2031 @@ -65,6 +65,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = fred send_to_server2: @@ -72,6 +73,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = bill diff --git a/test/confs/2033 b/test/confs/2033 index 73dcde61e..15e632a57 100644 --- a/test/confs/2033 +++ b/test/confs/2033 @@ -100,8 +100,9 @@ send_to_server_failcert: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -112,8 +113,9 @@ send_to_server_retry: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -125,8 +127,9 @@ send_to_server_crypt: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -140,6 +143,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -153,6 +157,7 @@ send_to_server_req_failname: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -167,6 +172,7 @@ send_to_server_req_passname: allow_localhost hosts = server1.example.com port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -181,6 +187,7 @@ send_to_server_req_failcarryon: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 diff --git a/test/confs/2100 b/test/confs/2100 index bce339b19..827d93811 100644 --- a/test/confs/2100 +++ b/test/confs/2100 @@ -49,6 +49,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_certificate = DIR/aux-fixed/cert2 tls_privatekey = DIR/aux-fixed/cert2 tls_verify_certificates = DIR/aux-fixed/cert2 diff --git a/test/confs/2101 b/test/confs/2101 index a0e1fe46f..32c309677 100644 --- a/test/confs/2101 +++ b/test/confs/2101 @@ -46,6 +46,7 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 + hosts_try_fastopen = : OPTION port = PORT_D tls_certificate = DIR/aux-fixed/cert2 diff --git a/test/confs/2107 b/test/confs/2107 index 9487445cc..5cf1dc373 100644 --- a/test/confs/2107 +++ b/test/confs/2107 @@ -54,11 +54,13 @@ send_to_server1: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : send_to_server2: driver = smtp allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/2108 b/test/confs/2108 index 9b926bf6e..5db771d13 100644 --- a/test/confs/2108 +++ b/test/confs/2108 @@ -62,6 +62,7 @@ send_to_server1: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed send_to_server2: @@ -69,6 +70,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2109 b/test/confs/2109 index 8703d1967..3f1465fa2 100644 --- a/test/confs/2109 +++ b/test/confs/2109 @@ -54,7 +54,8 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_avoid_tls = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : + hosts_avoid_tls = 127.0.0.1 # End diff --git a/test/confs/2110 b/test/confs/2110 index 72754a6d9..cc4a7f032 100644 --- a/test/confs/2110 +++ b/test/confs/2110 @@ -43,8 +43,9 @@ send_to_server: driver = smtp allow_localhost hosts = HOSTS - hosts_require_tls = * port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = * # ----- Retry ----- diff --git a/test/confs/2111 b/test/confs/2111 index b54c9490d..42458efba 100644 --- a/test/confs/2111 +++ b/test/confs/2111 @@ -46,8 +46,9 @@ send_to_server: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = DIR/aux-fixed/cert2 tls_privatekey = DIR/aux-fixed/cert2 tls_require_ciphers = IDEA-CBC-MD5:\ diff --git a/test/confs/2112 b/test/confs/2112 index 005925e11..2b3f33ed3 100644 --- a/test/confs/2112 +++ b/test/confs/2112 @@ -93,8 +93,9 @@ send_to_server_failcert: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -107,8 +108,9 @@ send_to_server_retry: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -122,8 +124,9 @@ send_to_server_crypt: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -137,6 +140,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -150,6 +154,7 @@ send_to_server_req_failname: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -163,6 +168,7 @@ send_to_server_req_passname: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 diff --git a/test/confs/2113 b/test/confs/2113 index f48e618d3..eb9d2b487 100644 --- a/test/confs/2113 +++ b/test/confs/2113 @@ -66,8 +66,9 @@ send_to_server: allow_localhost hosts_override hosts = 127.0.0.1 - hosts_noproxy_tls = PEX port = PORT_D + hosts_try_fastopen = : + hosts_noproxy_tls = PEX tls_try_verify_hosts = : # End diff --git a/test/confs/2116 b/test/confs/2116 index d57d3a112..77a671261 100644 --- a/test/confs/2116 +++ b/test/confs/2116 @@ -27,8 +27,9 @@ begin transports smtp: driver = smtp command_timeout = 1s - hosts_require_tls = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : + hosts_require_tls = 127.0.0.1 # ----- Retry ----- diff --git a/test/confs/2117 b/test/confs/2117 index b6a557667..cdec8306b 100644 --- a/test/confs/2117 +++ b/test/confs/2117 @@ -53,9 +53,10 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_nopass_tls = * port = PORT_D + hosts_try_fastopen = : tls_try_verify_hosts = : + hosts_nopass_tls = * # ----- Retry ----- diff --git a/test/confs/2120 b/test/confs/2120 index 1288d7f12..9469cb738 100644 --- a/test/confs/2120 +++ b/test/confs/2120 @@ -36,6 +36,7 @@ t1: hosts = thishost.test.ex allow_localhost port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/2121 b/test/confs/2121 index 573ea379a..6dcaa0577 100644 --- a/test/confs/2121 +++ b/test/confs/2121 @@ -28,6 +28,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : REQUIRE TRYCLEAR diff --git a/test/confs/2125 b/test/confs/2125 index 589879133..3591c8653 100644 --- a/test/confs/2125 +++ b/test/confs/2125 @@ -48,9 +48,10 @@ send_to_server: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 + port = PORT_D hosts_require_tls = HOSTIPV4 tls_require_ciphers = AES128-SHA - port = PORT_D + hosts_try_fastopen = : tls_try_verify_hosts = : diff --git a/test/confs/2126 b/test/confs/2126 index 9f0af7cf6..cb448134f 100644 --- a/test/confs/2126 +++ b/test/confs/2126 @@ -51,6 +51,7 @@ t1: driver = smtp hosts = 127.0.0.1 : HOSTIPV4 port = PORT_D + hosts_try_fastopen = : allow_localhost tls_try_verify_hosts = : diff --git a/test/confs/2127 b/test/confs/2127 index 9807ccf11..65e1901f6 100644 --- a/test/confs/2127 +++ b/test/confs/2127 @@ -55,6 +55,7 @@ send_to_server: allow_localhost hosts = ${if eq{$local_part}{userx}{127.0.0.1}{HOSTIPV4}} port = PORT_D + hosts_try_fastopen = : tls_try_verify_hosts = : # End diff --git a/test/confs/2130 b/test/confs/2130 index 379d2c98a..4afded1cf 100644 --- a/test/confs/2130 +++ b/test/confs/2130 @@ -53,6 +53,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = fred tls_try_verify_hosts = : @@ -61,6 +62,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_try_verify_hosts = : diff --git a/test/confs/2131 b/test/confs/2131 index 43db2ac1c..243fc092c 100644 --- a/test/confs/2131 +++ b/test/confs/2131 @@ -65,6 +65,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = fred hosts_require_tls = * tls_try_verify_hosts = : @@ -74,6 +75,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_sni = bill hosts_require_tls = * tls_try_verify_hosts = : diff --git a/test/confs/2133 b/test/confs/2133 index e58a0c65c..463e614ca 100644 --- a/test/confs/2133 +++ b/test/confs/2133 @@ -101,8 +101,9 @@ send_to_server_failcert: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -113,8 +114,9 @@ send_to_server_retry: driver = smtp allow_localhost hosts = HOSTIPV4 : 127.0.0.1 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -126,8 +128,9 @@ send_to_server_crypt: driver = smtp allow_localhost hosts = HOSTIPV4 - hosts_require_tls = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : + hosts_require_tls = HOSTIPV4 tls_certificate = CERT2 tls_privatekey = CERT2 @@ -141,6 +144,7 @@ send_to_server_req_fail: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -154,6 +158,7 @@ send_to_server_req_failname: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -168,6 +173,7 @@ send_to_server_req_passname: allow_localhost hosts = server1.example.com port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 @@ -180,6 +186,7 @@ send_to_server_req_failcarryon: allow_localhost hosts = HOSTNAME port = PORT_D + hosts_try_fastopen = : tls_certificate = CERT2 tls_privatekey = CERT2 diff --git a/test/confs/2135 b/test/confs/2135 index f7f225746..4625f759d 100644 --- a/test/confs/2135 +++ b/test/confs/2135 @@ -67,6 +67,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = : diff --git a/test/confs/2138 b/test/confs/2138 index 7fec82541..d5dba1b3f 100644 --- a/test/confs/2138 +++ b/test/confs/2138 @@ -57,8 +57,9 @@ local_delivery: send_to_server: driver = smtp allow_localhost - hosts_noproxy_tls = : port = PORT_D + hosts_try_fastopen = : + hosts_noproxy_tls = : tls_try_verify_hosts = : max_rcpt = 1 diff --git a/test/confs/2149 b/test/confs/2149 index 072e8e438..ee48a51b3 100644 --- a/test/confs/2149 +++ b/test/confs/2149 @@ -50,6 +50,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_try_verify_hosts = : # End diff --git a/test/confs/2151 b/test/confs/2151 index f64cdd50e..1e40a83ae 100644 --- a/test/confs/2151 +++ b/test/confs/2151 @@ -39,5 +39,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/2152 b/test/confs/2152 index f783192bd..a5acff047 100644 --- a/test/confs/2152 +++ b/test/confs/2152 @@ -53,6 +53,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/cert1 tls_verify_cert_hostnames = : @@ -61,6 +62,7 @@ send_to_server_v: allow_localhost hosts = 127.0.0.1 port = PORT_D2 + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/cert1 tls_verify_cert_hostnames = : diff --git a/test/confs/2201 b/test/confs/2201 index dce78ed7a..4ce79253d 100644 --- a/test/confs/2201 +++ b/test/confs/2201 @@ -75,6 +75,7 @@ remote_delivery: hosts = 127.0.0.1 allow_localhost port = PORT_D + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/3207 b/test/confs/3207 index 6880dcf90..bf8d1d4c5 100644 --- a/test/confs/3207 +++ b/test/confs/3207 @@ -82,6 +82,7 @@ local_delivery: smtp: driver = smtp + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/3209 b/test/confs/3209 index d5a442ddb..fff1f374f 100644 --- a/test/confs/3209 +++ b/test/confs/3209 @@ -28,6 +28,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : connect_timeout = 1s diff --git a/test/confs/3401 b/test/confs/3401 index afcd48251..401d5cfa5 100644 --- a/test/confs/3401 +++ b/test/confs/3401 @@ -55,14 +55,16 @@ begin transports smtp_try: driver = smtp - hosts_try_auth = * port = PORT_S + hosts_try_fastopen = : + hosts_try_auth = * authenticated_sender = ${if eq{$local_part}{forcesender}{force@x.y.z}fail} smtp_force: driver = smtp - hosts_require_auth = * port = PORT_S + hosts_try_fastopen = : + hosts_require_auth = * # ----- Retry ----- diff --git a/test/confs/3404 b/test/confs/3404 index a76581de2..73cb524b0 100644 --- a/test/confs/3404 +++ b/test/confs/3404 @@ -43,8 +43,9 @@ begin transports smtp: driver = smtp - hosts_try_auth = * port = PORT_S + hosts_try_fastopen = : + hosts_try_auth = * # ----- Retry ----- diff --git a/test/confs/3405 b/test/confs/3405 index e9c7b7ea3..9f37f016b 100644 --- a/test/confs/3405 +++ b/test/confs/3405 @@ -37,8 +37,9 @@ begin transports smtp: driver = smtp + port = PORT_S + hosts_try_fastopen = : headers_add = X-TAID: >$authenticated_id< hosts_try_auth = * - port = PORT_S # End diff --git a/test/confs/3412 b/test/confs/3412 index c0a1c5509..528494356 100644 --- a/test/confs/3412 +++ b/test/confs/3412 @@ -44,6 +44,7 @@ smtp: allow_localhost hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : hosts_try_auth = * # End diff --git a/test/confs/3416 b/test/confs/3416 index 930a2240f..eebb132f3 100644 --- a/test/confs/3416 +++ b/test/confs/3416 @@ -51,6 +51,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost hosts_try_auth = * @@ -58,6 +59,7 @@ t2: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost hosts_try_auth = * authenticated_sender= brian diff --git a/test/confs/3451 b/test/confs/3451 index c3f07b948..160f9e086 100644 --- a/test/confs/3451 +++ b/test/confs/3451 @@ -69,8 +69,9 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 + port = PORT_D + hosts_try_fastopen = : hosts_try_auth = * hosts_noproxy_tls = PEX - port = PORT_D # End diff --git a/test/confs/3452 b/test/confs/3452 index 5971c0804..108d93edc 100644 --- a/test/confs/3452 +++ b/test/confs/3452 @@ -67,8 +67,9 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_try_auth = * port = PORT_D + hosts_try_fastopen = : + hosts_try_auth = * # ----- Retry ----- diff --git a/test/confs/3455 b/test/confs/3455 index bfa30b445..591d5de37 100644 --- a/test/confs/3455 +++ b/test/confs/3455 @@ -61,6 +61,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : hosts_avoid_tls = HOSTS_AVOID_TLS hosts_require_auth = * allow_localhost diff --git a/test/confs/3461 b/test/confs/3461 index a01a8b20e..35c2a17b2 100644 --- a/test/confs/3461 +++ b/test/confs/3461 @@ -69,9 +69,10 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 + port = PORT_D + hosts_try_fastopen = : hosts_try_auth = * hosts_noproxy_tls = PEX - port = PORT_D tls_try_verify_hosts = : # End diff --git a/test/confs/3462 b/test/confs/3462 index 33fabbc04..3f8c401de 100644 --- a/test/confs/3462 +++ b/test/confs/3462 @@ -67,8 +67,9 @@ send_to_server: driver = smtp allow_localhost hosts = 127.0.0.1 - hosts_try_auth = * port = PORT_D + hosts_try_fastopen = : + hosts_try_auth = * tls_try_verify_hosts = : diff --git a/test/confs/3465 b/test/confs/3465 index dfe6b9921..0d97a3a7f 100644 --- a/test/confs/3465 +++ b/test/confs/3465 @@ -61,6 +61,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : hosts_avoid_tls = HOSTS_AVOID_TLS tls_try_verify_hosts = : hosts_require_auth = * diff --git a/test/confs/3501 b/test/confs/3501 index c63e76739..b283a2d0d 100644 --- a/test/confs/3501 +++ b/test/confs/3501 @@ -43,14 +43,16 @@ begin transports smtp_try: driver = smtp - hosts_try_auth = * port = PORT_S + hosts_try_fastopen = : + hosts_try_auth = * authenticated_sender = ${if eq{$local_part}{forcesender}{force@x.y.z}fail} smtp_force: driver = smtp - hosts_require_auth = * port = PORT_S + hosts_try_fastopen = : + hosts_require_auth = * # ----- Retry ----- diff --git a/test/confs/3600 b/test/confs/3600 index f6d4f8605..e95567637 100644 --- a/test/confs/3600 +++ b/test/confs/3600 @@ -63,6 +63,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : allow_localhost hosts_require_auth = * diff --git a/test/confs/3700 b/test/confs/3700 index 6578ecb2d..39e3bcece 100644 --- a/test/confs/3700 +++ b/test/confs/3700 @@ -76,6 +76,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : allow_localhost tls_certificate = DIR/aux-fixed/cert2 tls_verify_certificates = DIR/aux-fixed/cert1 @@ -85,6 +86,7 @@ t2: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : protocol = smtps allow_localhost tls_certificate = DIR/aux-fixed/cert2 diff --git a/test/confs/3720 b/test/confs/3720 index 6d8c46730..53a68d31e 100644 --- a/test/confs/3720 +++ b/test/confs/3720 @@ -79,6 +79,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : allow_localhost tls_certificate = DIR/aux-fixed/cert2 tls_verify_certificates = DIR/aux-fixed/cert1 diff --git a/test/confs/4028 b/test/confs/4028 index 4a1f682a9..16f464cd5 100644 --- a/test/confs/4028 +++ b/test/confs/4028 @@ -48,6 +48,7 @@ begin transports my_smtp: driver = smtp port = PORT_D + hosts_try_fastopen = : socks_proxy = 127.0.0.1 port=1080 OPT tls_certificate = DIR/aux-fixed/cert2 tls_privatekey = DIR/aux-fixed/cert2 diff --git a/test/confs/4029 b/test/confs/4029 index 467d74d8d..119f8ce55 100644 --- a/test/confs/4029 +++ b/test/confs/4029 @@ -48,6 +48,7 @@ begin transports my_smtp: driver = smtp port = PORT_D + hosts_try_fastopen = : socks_proxy = 127.0.0.1 port=1080 OPT tls_certificate = DIR/aux-fixed/cert2 tls_privatekey = DIR/aux-fixed/cert2 diff --git a/test/confs/4201 b/test/confs/4201 index 17afe9f78..8ded6c27c 100644 --- a/test/confs/4201 +++ b/test/confs/4201 @@ -124,6 +124,7 @@ local_delivery: rmt_smtp: driver = smtp + hosts_try_fastopen = : .ifdef STRICT utf8_downconvert = STRICT .endif diff --git a/test/confs/4211 b/test/confs/4211 index bcd5a4fd1..e68111eb7 100644 --- a/test/confs/4211 +++ b/test/confs/4211 @@ -115,6 +115,7 @@ local_delivery: rmt_smtp: driver = smtp + hosts_try_fastopen = : hosts_require_tls = * tls_try_verify_hosts = : diff --git a/test/confs/4221 b/test/confs/4221 index bcd5a4fd1..e68111eb7 100644 --- a/test/confs/4221 +++ b/test/confs/4221 @@ -115,6 +115,7 @@ local_delivery: rmt_smtp: driver = smtp + hosts_try_fastopen = : hosts_require_tls = * tls_try_verify_hosts = : diff --git a/test/confs/4520 b/test/confs/4520 index 1f3162342..3f49ca996 100644 --- a/test/confs/4520 +++ b/test/confs/4520 @@ -45,6 +45,7 @@ send_to_server: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : dkim_domain = test.ex .ifdef SELECTOR diff --git a/test/confs/4525 b/test/confs/4525 index f6a0258a7..e11456cd2 100644 --- a/test/confs/4525 +++ b/test/confs/4525 @@ -68,6 +68,7 @@ send_to_server: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : .ifdef FILTER transport_filter = /bin/cat - DIR/aux-fixed/TESTNUM.mlistfooter diff --git a/test/confs/4550 b/test/confs/4550 index 15178f363..4b596f300 100644 --- a/test/confs/4550 +++ b/test/confs/4550 @@ -49,6 +49,7 @@ send_to_server: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : dkim_domain = ${if def:sender_address_local_part {test.ex}} dkim_selector = sel diff --git a/test/confs/4700 b/test/confs/4700 index 96f3beac1..86d8b6d8d 100644 --- a/test/confs/4700 +++ b/test/confs/4700 @@ -48,6 +48,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : local_delivery: driver = appendfile diff --git a/test/confs/4800 b/test/confs/4800 index 876e81d94..f342f2822 100644 --- a/test/confs/4800 +++ b/test/confs/4800 @@ -12,3 +12,4 @@ begin routers begin transports smtp: driver = smtp + hosts_try_fastopen = : diff --git a/test/confs/4801 b/test/confs/4801 index 9a09b0289..5241ad3fa 100644 --- a/test/confs/4801 +++ b/test/confs/4801 @@ -12,3 +12,4 @@ begin routers begin transports smtp: driver = smtp + hosts_try_fastopen = : diff --git a/test/confs/4802 b/test/confs/4802 index b37eba738..47e2e6e5e 100644 --- a/test/confs/4802 +++ b/test/confs/4802 @@ -12,3 +12,4 @@ begin routers begin transports smtp: driver = smtp + hosts_try_fastopen = : diff --git a/test/confs/4803 b/test/confs/4803 index bb2afffad..41381a47f 100644 --- a/test/confs/4803 +++ b/test/confs/4803 @@ -13,3 +13,4 @@ begin routers begin transports smtp: driver = smtp + hosts_try_fastopen = : diff --git a/test/confs/4804 b/test/confs/4804 index a891d14dc..1513d4688 100644 --- a/test/confs/4804 +++ b/test/confs/4804 @@ -40,5 +40,6 @@ begin transports send_to_server: driver = smtp port = PORT_D + hosts_try_fastopen = : # End diff --git a/test/confs/4950 b/test/confs/4950 index 6ddee035e..c4395b514 100644 --- a/test/confs/4950 +++ b/test/confs/4950 @@ -32,6 +32,7 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/5204 b/test/confs/5204 index 5f379b8f1..e81c58e98 100644 --- a/test/confs/5204 +++ b/test/confs/5204 @@ -51,9 +51,11 @@ begin transports smtp: driver = smtp + hosts_try_fastopen = : other_smtp: driver = smtp + hosts_try_fastopen = : null: driver = appendfile diff --git a/test/confs/5205 b/test/confs/5205 index efa2de121..4eeee7000 100644 --- a/test/confs/5205 +++ b/test/confs/5205 @@ -27,5 +27,6 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/5206 b/test/confs/5206 index 37e89e65f..27aff6eba 100644 --- a/test/confs/5206 +++ b/test/confs/5206 @@ -29,6 +29,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/5208 b/test/confs/5208 index e32dcfc94..988183b36 100644 --- a/test/confs/5208 +++ b/test/confs/5208 @@ -28,5 +28,6 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # End diff --git a/test/confs/5300 b/test/confs/5300 index 1ba89388b..165e0ea08 100644 --- a/test/confs/5300 +++ b/test/confs/5300 @@ -19,6 +19,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Routers ----- diff --git a/test/confs/5301 b/test/confs/5301 index f727ebca0..7bc161d61 100644 --- a/test/confs/5301 +++ b/test/confs/5301 @@ -20,6 +20,7 @@ begin transports t1: driver = smtp + hosts_try_fastopen = : # ----- Routers ----- diff --git a/test/confs/5400 b/test/confs/5400 index 980e02a48..9693818b1 100644 --- a/test/confs/5400 +++ b/test/confs/5400 @@ -65,12 +65,14 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : headers_add = ${if def:h_X-hdr-rtr {X-hdr-tpt-new: new} {}} smtp2: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/5401 b/test/confs/5401 index 0d93fe5bc..2b1a4c43e 100644 --- a/test/confs/5401 +++ b/test/confs/5401 @@ -40,6 +40,7 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/5402 b/test/confs/5402 index 0984e0cc9..92c563230 100644 --- a/test/confs/5402 +++ b/test/confs/5402 @@ -42,6 +42,7 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/5403 b/test/confs/5403 index a4576a5aa..a95334bc5 100644 --- a/test/confs/5403 +++ b/test/confs/5403 @@ -53,12 +53,14 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : headers_add = ${if def:h_X-hdr-rtr {X-hdr-tpt-new: new} {}} smtp2: driver = smtp interface = HOSTIPV4 port = PORT_S + hosts_try_fastopen = : # End diff --git a/test/confs/5410 b/test/confs/5410 index 96ec87496..e00234363 100644 --- a/test/confs/5410 +++ b/test/confs/5410 @@ -47,6 +47,7 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}} hosts_verify_avoid_tls = ${if eq {$address_data}{userz}{*}{:}} tls_try_verify_hosts = : diff --git a/test/confs/5420 b/test/confs/5420 index 44a1fdee4..488000e7a 100644 --- a/test/confs/5420 +++ b/test/confs/5420 @@ -47,6 +47,7 @@ smtp: driver = smtp interface = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : hosts_avoid_tls = ${if eq {$address_data}{usery}{*}{:}} hosts_verify_avoid_tls = ${if eq {$address_data}{userz}{*}{:}} diff --git a/test/confs/5510 b/test/confs/5510 index ab42b242e..9c01e63a7 100644 --- a/test/confs/5510 +++ b/test/confs/5510 @@ -37,6 +37,7 @@ t1: driver = smtp hosts = 127.0.0.1 port = PORT_S + hosts_try_fastopen = : allow_localhost hosts_try_prdr = * diff --git a/test/confs/5601 b/test/confs/5601 index 9b33101b3..fdd3d80df 100644 --- a/test/confs/5601 +++ b/test/confs/5601 @@ -94,6 +94,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -107,6 +108,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -120,6 +122,7 @@ send_to_server3: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = @@ -134,6 +137,7 @@ send_to_server4: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = diff --git a/test/confs/5611 b/test/confs/5611 index 0b2be46a1..9ba6350cc 100644 --- a/test/confs/5611 +++ b/test/confs/5611 @@ -94,6 +94,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -107,6 +108,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -120,6 +122,7 @@ send_to_server3: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = @@ -134,6 +137,7 @@ send_to_server4: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = diff --git a/test/confs/5651 b/test/confs/5651 index 01fa45524..1e3ed5a1e 100644 --- a/test/confs/5651 +++ b/test/confs/5651 @@ -92,6 +92,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -105,6 +106,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -118,6 +120,7 @@ send_to_server3: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem @@ -134,6 +137,7 @@ send_to_server4: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem diff --git a/test/confs/5652 b/test/confs/5652 index da6e5197a..673ec6656 100644 --- a/test/confs/5652 +++ b/test/confs/5652 @@ -74,6 +74,7 @@ begin transports remote_delivery: driver = smtp port = PORT_D + hosts_try_fastopen = : hosts_require_tls = * .ifdef _HAVE_GNUTLS tls_require_ciphers = NONE:\ diff --git a/test/confs/5700 b/test/confs/5700 index 774e76605..758d7d16a 100644 --- a/test/confs/5700 +++ b/test/confs/5700 @@ -43,6 +43,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : command_timeout = 1s final_timeout = 1s event_action = ${acl {logger}} diff --git a/test/confs/5702 b/test/confs/5702 index dfc063fa7..e796406c8 100644 --- a/test/confs/5702 +++ b/test/confs/5702 @@ -38,6 +38,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : event_action = ${acl {logger}} # End diff --git a/test/confs/5703 b/test/confs/5703 index 267f5fc8d..becd0050c 100644 --- a/test/confs/5703 +++ b/test/confs/5703 @@ -38,6 +38,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : event_action = ${acl {logger}} # End diff --git a/test/confs/5710 b/test/confs/5710 index 85293a566..f6b97945f 100644 --- a/test/confs/5710 +++ b/test/confs/5710 @@ -95,6 +95,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key diff --git a/test/confs/5720 b/test/confs/5720 index 906266290..2c0e327ce 100644 --- a/test/confs/5720 +++ b/test/confs/5720 @@ -95,6 +95,7 @@ send_to_server: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : tls_certificate = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.pem tls_privatekey = DIR/aux-fixed/exim-ca/example.com/server2.example.com/server2.example.com.unlocked.key diff --git a/test/confs/5730 b/test/confs/5730 index 2b32008d4..c7d07bf3c 100644 --- a/test/confs/5730 +++ b/test/confs/5730 @@ -100,6 +100,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -114,6 +115,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -128,6 +130,7 @@ send_to_server3: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem @@ -145,6 +148,7 @@ send_to_server4: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed #tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/server1.example.com/ca_chain.pem tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem diff --git a/test/confs/5740 b/test/confs/5740 index 53302c507..60c175b53 100644 --- a/test/confs/5740 +++ b/test/confs/5740 @@ -102,6 +102,7 @@ send_to_server1: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -115,6 +116,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = hosts_require_tls = * @@ -128,6 +130,7 @@ send_to_server3: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = @@ -142,6 +145,7 @@ send_to_server4: allow_localhost hosts = 127.0.0.1 port = PORT_D + hosts_try_fastopen = : helo_data = helo.data.changed tls_verify_certificates = DIR/aux-fixed/exim-ca/example.com/CA/CA.pem tls_verify_cert_hostnames = diff --git a/test/confs/5820 b/test/confs/5820 index b038558de..76dc75efe 100644 --- a/test/confs/5820 +++ b/test/confs/5820 @@ -66,6 +66,7 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : hosts_try_dane = CONTROL hosts_require_dane = HOSTIPV4 diff --git a/test/confs/5840 b/test/confs/5840 index bda328a97..5852ef2c0 100644 --- a/test/confs/5840 +++ b/test/confs/5840 @@ -71,6 +71,7 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : hosts_try_dane = CONTROL hosts_require_dane = HOSTIPV4 diff --git a/test/confs/5860 b/test/confs/5860 index df9115129..bef70dd18 100644 --- a/test/confs/5860 +++ b/test/confs/5860 @@ -61,6 +61,7 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : # hosts_try_dane = * hosts_require_dane = * diff --git a/test/confs/5861 b/test/confs/5861 index 93e2bb715..68c790ef6 100644 --- a/test/confs/5861 +++ b/test/confs/5861 @@ -75,6 +75,7 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : hosts_try_dane = * hosts_require_dane = HOSTIPV4 diff --git a/test/confs/5880 b/test/confs/5880 index 4becdd423..ef7c59445 100644 --- a/test/confs/5880 +++ b/test/confs/5880 @@ -61,6 +61,7 @@ send_to_server: driver = smtp allow_localhost port = PORT_D + hosts_try_fastopen = : # hosts_try_dane = * hosts_require_dane = * diff --git a/test/confs/5890 b/test/confs/5890 index f1aa9a2ae..5b154e5db 100644 --- a/test/confs/5890 +++ b/test/confs/5890 @@ -100,6 +100,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = CDIR/CA/CA.pem tls_verify_cert_hostnames = : event_action = ${acl {log_resumption}} diff --git a/test/confs/5891 b/test/confs/5891 index 190ce2537..e0f824357 100644 --- a/test/confs/5891 +++ b/test/confs/5891 @@ -100,6 +100,7 @@ send_to_server2: allow_localhost hosts = HOSTIPV4 port = PORT_D + hosts_try_fastopen = : tls_verify_certificates = CDIR/CA/CA.pem tls_verify_cert_hostnames = : event_action = ${acl {log_resumption}} diff --git a/test/confs/9900 b/test/confs/9900 index c042cd39a..0f25f2918 100644 --- a/test/confs/9900 +++ b/test/confs/9900 @@ -26,6 +26,7 @@ begin transports smtp: driver = smtp port = PORT_S + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/confs/9901 b/test/confs/9901 index 23ea43fef..a33223b05 100644 --- a/test/confs/9901 +++ b/test/confs/9901 @@ -47,6 +47,7 @@ t1: hosts = 127.0.0.1 hosts_override port = PORT_D + hosts_try_fastopen = : t2: driver = appendfile diff --git a/test/confs/9903 b/test/confs/9903 index 7ef2c620a..6f79e360e 100644 --- a/test/confs/9903 +++ b/test/confs/9903 @@ -26,6 +26,7 @@ smtp: port = PORT_S hosts = 127.0.0.1 allow_localhost + hosts_try_fastopen = : # ----- Retry ----- diff --git a/test/runtest b/test/runtest index c6fd5ce54..30315044f 100755 --- a/test/runtest +++ b/test/runtest @@ -1245,7 +1245,7 @@ RESET_AFTER_EXTRA_LINE_READ: next if /^DKIM \[[^[]+\] (Header hash|b) computed:/; # Not all platforms support TCP Fast Open, and the compile omits the check - if (s/\S+ in hosts_try_fastopen\? (no \(option unset\)|yes \(matched "\*"\))\n$//) + if (s/\S+ in hosts_try_fastopen\? (no \(option unset\)|no \(end of list\)|yes \(matched "\*"\))\n$//) { chomp; $_ .= ; diff --git a/test/stderr/5204 b/test/stderr/5204 index 1f927a485..f84acadd8 100644 --- a/test/stderr/5204 +++ b/test/stderr/5204 @@ -242,7 +242,7 @@ some.name in helo_lookup_domains? no (end of list) host in dsn_advertise_hosts? no (option unset) host in pipelining_advertise_hosts? yes (matched "*") host in chunking_advertise_hosts? no (end of list) -processing "accept" (TESTSUITE/test-config 76) +processing "accept" (TESTSUITE/test-config 78) check verify = recipient >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> routing "FAIL cannot route this one (FAIL)"@some.host diff --git a/test/stderr/5410 b/test/stderr/5410 index 5fc3c82ea..9953eee7c 100644 --- a/test/stderr/5410 +++ b/test/stderr/5410 @@ -130,7 +130,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 55) +processing "accept" (TESTSUITE/test-config 56) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA @@ -383,7 +383,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 55) +processing "accept" (TESTSUITE/test-config 56) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA @@ -636,7 +636,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 55) +processing "accept" (TESTSUITE/test-config 56) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA diff --git a/test/stderr/5420 b/test/stderr/5420 index e8ea2bcf4..d83254307 100644 --- a/test/stderr/5420 +++ b/test/stderr/5420 @@ -131,7 +131,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 54) +processing "accept" (TESTSUITE/test-config 55) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA @@ -384,7 +384,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 54) +processing "accept" (TESTSUITE/test-config 55) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA @@ -637,7 +637,7 @@ sync_responses expect rcpt SMTP<< 250 Accepted holding verify callout open for cutthrough delivery ----------- end cutthrough setup ------------ -processing "accept" (TESTSUITE/test-config 54) +processing "accept" (TESTSUITE/test-config 55) accept: condition test succeeded in inline ACL end of inline ACL: ACCEPT SMTP>> DATA diff --git a/test/stderr/5820 b/test/stderr/5820 index 21d5127ff..032f2b9f3 100644 --- a/test/stderr/5820 +++ b/test/stderr/5820 @@ -9,7 +9,7 @@ >>> host in helo_verify_hosts? no (option unset) >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) ->>> processing "accept" (TESTSUITE/test-config 86) +>>> processing "accept" (TESTSUITE/test-config 87) >>> check verify = recipient/callout >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing rcptuser@dane256ee.test.ex diff --git a/test/stderr/5840 b/test/stderr/5840 index bc9b18c84..dbd4d235c 100644 --- a/test/stderr/5840 +++ b/test/stderr/5840 @@ -9,7 +9,7 @@ >>> host in helo_verify_hosts? no (option unset) >>> host in helo_try_verify_hosts? no (option unset) >>> host in helo_accept_junk_hosts? no (option unset) ->>> processing "accept" (TESTSUITE/test-config 91) +>>> processing "accept" (TESTSUITE/test-config 92) >>> check verify = recipient/callout >>> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> routing rcptuser@dane256ee.test.ex diff --git a/test/stdout/0572 b/test/stdout/0572 index 44ced8ce3..06cc972a1 100644 --- a/test/stdout/0572 +++ b/test/stdout/0572 @@ -58,7 +58,7 @@ no_hosts_randomize hosts_require_auth = hosts_try_auth = hosts_try_chunking = * -hosts_try_fastopen = * +hosts_try_fastopen = : hosts_try_prdr = * interface = ip4.ip4.ip4.ip4 keepalive @@ -110,6 +110,7 @@ begin transports driver = smtp interface = ip4.ip4.ip4.ip4 port = 1224 + hosts_try_fastopen = : debug_print = transport_name <$transport_name> # Exim Configuration (X) # 1 "TESTSUITE/test-config" @@ -146,4 +147,5 @@ my_smtp: driver = smtp interface = ip4.ip4.ip4.ip4 port = 1224 +hosts_try_fastopen = : debug_print = transport_name <$transport_name> -- cgit v1.2.3