We need to leave $auth1 available after the authenticator returns, so
that server_set_id can be evaluated by the caller. We need to do this
whether we succeed or fail, because server_set_id only makes it into
$authenticated_id if we return OK, but is logged regardless.
Updated test config to set server_set_id; updated logs.
Jeremy Harris [Mon, 29 Oct 2012 22:14:16 +0000 (22:14 +0000)]
Track ACL context through ${acl expansions. Bug 1305.
Rather than pass "where" around all the string-expansion calls I've
used a global; and unpleasant mismatch with the existing "where"
tracking done for nested ACL calls.
Phil Pennock [Thu, 25 Oct 2012 03:26:29 +0000 (23:26 -0400)]
SECURITY: DKIM DNS buffer overflow protection
CVE-2012-5671
malloc/heap overflow, with a 60kB window of overwrite.
Requires DNS under control of person sending email, leaves plenty of
evidence, but is very likely exploitable on OSes that have not been
well hardened.
Phil Pennock [Wed, 17 Oct 2012 21:40:38 +0000 (17:40 -0400)]
Example tune for clarity (reverse_ip)
Use a last octet which will highlight the hex nature in the example.
> ${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.127}
f.7.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2
Phil Pennock [Thu, 4 Oct 2012 02:00:13 +0000 (22:00 -0400)]
Releases signed by Phil's key, not Nigel's.
State a more general policy of PGP signing, mention trust paths, cite
the main public keyserver pool, provide a link to a trustpath display
between Nigel's key and Phil's.
Provide Phil's current PGP keyid (noting will change in 2013).
Bounce via a redirector, on Phil's security site, because:
(1) xfpt barfs on &url(..) where the URL contains an ampersand
(2) No ampersands means less debugging across various platforms
(3) The redirector is https: with a public cert, where www.exim.org
does not have a cert (with that name, at this time).
All keys cited in 0xLong form (16 hex characters).
Nits:
(1) URL is given with https:// on one line, the rest on the next
(2) using alt text does not give the URL in the .txt format, despite
the docs, because we build .txt from w3m -dump, so the HTML form is
used.
(3) Ideally, we'll get around to having https://www.exim.org/ exist and
be usable for this redirect.
Side-effects:
(1) My name is in The Spec for the first time. :)
Phil Pennock [Wed, 12 Sep 2012 00:14:42 +0000 (20:14 -0400)]
Minor doc nits re bug 1262.
Update src comment to be clearer about why it's safe for "state of this transport" to affect other deliveries.
Mention change in externally observable state in README.UPDATING.
Reference bugzilla entry in ChangeLog.
Update Paul's credit in ACKNOWLEDGMENTS.
Phil Pennock [Thu, 12 Jul 2012 22:42:08 +0000 (15:42 -0700)]
Doc note re 9999 days & 32bit time (SSL certs)
Thanks to Jay Rouman for highlighting that there can be rollover.
I have chosen *not* to reduce the duration, but to leave it and instead
provoke thought on the part of those deploying systems, if this bites them.
Phil Pennock [Sun, 24 Jun 2012 09:55:29 +0000 (02:55 -0700)]
Add gnutls_enable_pkcs11 option.
GnuTLS 2.12.0 adds PKCS11 support using p11-kit and by default will
autoload modules, which interoperates badly with GNOME keyring
integration, configured via paths in environment variables, and Exim
invoked by the user (eg, mailq) will then try to load the modules, fail
and spew warnings from the module for a library loaded by a library.
http://www.gnu.org/software/gnutls/manual/gnutls.html#Smart-cards-and-HSMs
documents that to prevent this, explicitly init PKCS11 before calling
gnutls_global_init(). So we do so, unless the admin sets the new
option.
Reported by Andreas Metzler, who confirmed that the added calls fixed
the problem for him.
Jeremy Harris [Sun, 29 Apr 2012 20:02:27 +0000 (21:02 +0100)]
Dual-tls - split management of TLS into in- and out-bound connection-handling.
Enables concurrent use from a single process, and thereby use for cutthrough delivery.
As a side-effect EHLO and TLS use for verify callouts introduced.
This was a manual import from elsewhere and is known to fail the test-suite.