Change recv() to not use MSGPEEK and eliminated flush_input().
Add proxy_target_address/port expansions.
Convert ipv6 decoding to memmove().
Use sizeof() for variable sizing.
Correct struct member access.
Enhance debug output when passed invalid command/family.
Add to and enhance documentation.
Client script to test Proxy Protocol, interactive on STDIN/STDOUT,
so can be chained (ie a swaks pipe), useful for any service, not
just Exim and/or smtp.
Jeremy Harris [Fri, 18 Apr 2014 13:21:59 +0000 (14:21 +0100)]
Fix logging of nomail
When built with TLS support, non-TLS connections not resulting in mail transfer were crashing while
building a log line. Fix by not returning a non-extensible string from the routine added in 67d81c1.
Phil Pennock [Wed, 16 Apr 2014 06:25:45 +0000 (23:25 -0700)]
Bail configuration on missing package
If we're configured to use pkg-config (or pcre-config) and the tool is
not available or does not know about the package we ask for, that should
be a fatal configuration error.
We should not silently ignore the missing package, then try to compile,
and have missing header warnings from the compiler. Eg, if we're told
to support GSASL, we'll try to compile the client code, and without
compiler flags, we'll either fail to compile (missing headers) or fail
to link, which obscures the source of the errors.
This change will only break people who had builds set to have Exim
depend upon non-existent packages, and that _needs_ to break.
Phil Pennock [Wed, 16 Apr 2014 02:43:31 +0000 (19:43 -0700)]
Report OpenSSL build date too.
Adjust `-d -bV` output for OpenSSL to include library build date.
Some OS packagers have backported heartbleed security fixes without
changing anything in the reported version number. The closest we can
get to a reassuring sign for administrators is to report the OpenSSL
library build date, as picked by the library which Exim is using at run
time.
For comparison, the version information for OpenSSL on Ubuntu (where
Exim is by default built with GnuTLS, but this provides for context for
comparison):
```
$ openssl version -v -b
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr 7 20:33:29 UTC 2014
```
GnuTLS: the closest I can find to a runtime value is the call we are
already making; if an OS vendor patches GnuTLS without changing the
version which would be returned by `gnutls_check_version(NULL)` then the
sysadmin is SOL and will have to explore library linkages more
carefully.
Previous patch introduced a change that could break existing SPF
configurations. Add back the two non-standard "err_temp" and
"err_perm" result values, with note that it is deprecated and
will be removed in a future release.
Jeremy Harris [Sun, 13 Apr 2014 16:43:11 +0000 (17:43 +0100)]
Fix build for update on library component.
When, eg, the smtp transport is changed the transports library must be rebuilt.
Fix the main makefile to not assume that the date on the library .a is sufficient,
but always call the library subdir makefiles.
Phil Pennock [Tue, 7 Jan 2014 06:56:40 +0000 (01:56 -0500)]
Copyright year updates:
vi $(git whatchanged --since=2013-01-01 | grep '^:100' | sed 's/^[^M]*M//' | sort -u | fgrep -v test/)
Did 2014 first, since otherwise every file I touched to update to 2013
would show as changed in 2014. Last invocation logged to git was during
2012. Will need to be more careful if auditing next year.
Jeremy Harris [Sun, 5 Jan 2014 17:54:41 +0000 (17:54 +0000)]
Documant the non-support of header manipulation in post-RCPT ACLs in combination with cuttrhough.
Add check and paniclog attempts to do so. Bug 1411 (WONTFIX).
Todd Lyons [Sat, 30 Nov 2013 19:31:21 +0000 (11:31 -0800)]
Proxy Protocol - Server support
Initial conf setting and expansions
Logging setting whether to record proxy host, off by default
Put PROXY processing before connect ACL
Fix incoming address logging
Add Proxy Protocol to ChangeLog
Set window for Proxy Protocol header to be sent
Update docs and EDITME.
Jeremy Harris [Wed, 20 Nov 2013 14:19:37 +0000 (14:19 +0000)]
Fix testsuite build on Solaris
As of s11, Solaris & derivatives need libsocket and libnsl. Ensure they are searched for
by autoconfig. This seems to be successfully ignored on Linux.
Credit to Dave Edmondson (dme@dme.org) for the fix.
Phil Pennock [Thu, 3 Oct 2013 20:13:52 +0000 (16:13 -0400)]
Finish the xfpt fix.
The readers of the version expect no surrounding whitespace; putting the
content in-place requires macro expansion, which requires that .literal
mode be `layout` or `off`, but either of those will escape the XML angle
brackets. The easiest fix is to generate the XML as part of the macro
definition.
Moved local_params rules out of Makefile and into GenLocalParams